“If you put the federal government in charge of the Sahara Desert, in five years there'd be a shortage of sand.”
“If you put the federal government in charge of the Sahara Desert, in five years there'd be a shortage of sand.”
Government regulation in software doesn’t work. It’s been tried before. During the 1990s, the United States Munitions List of the International Trafficking in Arms Regulation (ITAR) regulated the sale and distribution of encryption products and restricted the publication of source code unless it was extremely weak.
This resulted in the landmark legal decision Berstein v. the U.S. Department of State__. The short version is that the law was ruled unconstitutional, and encryption source code is an expression of free speech protected under the First Amendment.
The linkage to governmental interest in regulating AI is clear. This time, however, it appears the approach is not to regulate the code itself—AI—but the outcomes produced by the code. The proposed European Union AI Act incorporates a risk-based assessment: minimal, limited, high, and unacceptable.
The approach seems objective, with specific references to specific use cases. However, the devil is always in the details. There are twenty-seven countries in the EU with twenty-seven different ideas about what is best for their own country. This creates a development and compliance headache, as well as potentially stalling entry into the EU markets by the US and other countries that don’t want multiple frameworks and regulatory schemes to deal with.
‘Progress’ comes with a cost. That cost is the price not being paid by nation-state adversaries like Russia, China, North Korea, and Iran. There are no such guiding principles and frameworks limiting the development of AI technologies, especially with respect to weapons of war.
According to an article from the Center for a New American Security, “AI is a high-level priority within China’s national agenda for military-civil fusion, and this strategic approach could enable the PLA to take full advantage of private sector progress in AI to enhance its military capabilities.”
Report after report, article after article, analysis after analysis makes it clear China will use commercially developed A.I. for military purposes. There are indications that China has begun incorporating “AI technologies into its next-generation conventional missiles and missile defense intelligence, surveillance, and reconnaissance systems to enhance their precision and (sic) legality [lethality].”
But a recent Brookings Institution survey discovered something a little different.
“Thirty percent of adult internet users believe AI technologies should be developed for warfare, 39 percent do not, and 32 percent are unsure, according to a survey undertaken by researchers at the Brookings Institution. However, if adversaries already are developing such weapons, 45 percent believe the United States should do so, 25 percent do not, and 30 percent don’t know.”
Placing onerous restrictions on AI will only result in bad actors having the advantage as we remain mired in bureaucracy. Over-rotating on regulation ensures that market forces will be mitigated in developing advanced AI technologies, and government regulation will be the primary driver. This is, in my opinion, the wrong order.
There are three distinct phases to ending up with a law. First, there is litigation. Market forces determine what is acceptable and what the public is willing to pay for and tolerate. If that doesn’t achieve the desired governmental interest, then the second phase is regulation. Enacting rules on covered entities (e.g., publicly traded companies, pharma, financial institutions, etc.) to compel compliance. If the first two steps are not adequate, then it is the proper role of government to bring clarity to the market by passing legislation.
The poster child in the U.S. was the passage of the Sarbanes-Oxley Act in response to corporate malfeasance and cooking of the books. Massive failures and fraud were first litigated. Then the Securities and Exchange Commission (SEC) passed additional regulations to improve transparency, oversight, and financial controls. When that didn’t achieve the desired outcome, the Sarbanes-Oxley Act was passed in 2002—423 to 3 in the House and 99-0 in the Senate.
We’re not to the legislative phase yet. Jumping over the natural progression will only stifle the valuable development in AI, hamstring companies looking to break out with new technologies, and embolden our adversaries.
Morgan Wright is an internationally recognized expert on cybersecurity strategy, cyberterrorism, national security, and intelligence. He currently serves as a Senior Fellow at The Center for Digital Government, Chief Security Advisor for SentinelOne, and the chief technology analyst for Fox News and Fox Business.
This piece was written by an outside contributor. Guest contributors are not employees or staff of TechEchelon, and their views do not necessarily reflect those of the publication. The contributor's full bio appears in italics at the foot of the article.
More from guest contributors →A shortage of high-bandwidth memory chips is squeezing the four major hyperscalers — Amazon, Alphabet, Microsoft, and Meta — driving up AI infrastructure costs while memory and storage stocks surge 41% over the past month.
Apple's iOS 27 distributes artificial intelligence across eight features built into existing apps, including a bill-splitting tool in Apple Cash, automated password updates, and natural-language Shortcuts — with a public release expected this fall.
Apple's iOS 27 will bring a range of AI-powered features to iPhone this fall, including receipt-based bill splitting in Apple Cash, autonomous password updates, and smart notification grouping in the Home app — all running through Apple Intelligence.
Written for readers who already know the basics — markets, AI, and the policy decisions that shape both.