740 15th St NW, Fifth Floor

Washington, D.C. 20005

10 January 2019

The following comments are submitted on behalf of Mapbox, a leading provider of map and
location services, in response to the Bureau of Industry and Security’s advance notice of
proposed rulemaking “Review of Controls for Certain Emerging Technologies” (FR Doc.
2018–25221).

We recognize the importance of the Bureau’s mission to preserving the security and
technological competitiveness of the United States. We offer the following comments in the
hope that they will prove useful to the work associated with implementation of the Export Control
Reform Act of 2018 (ECRA).

A reasonable definition of “emerging” must be developed

The ANPRM notes that although a number of federal bodies administer longstanding export
control mechanisms,

Certain technologies, however, may not yet be listed on the [Commerce Control List] or
controlled multilaterally because they are emerging technologies. As such, they have not
yet been evaluated for their national security impacts.

Although the ECRA does not define the term “emerging,” we infer from the above passage that
this status relates to technologies’ newness, and that the rationale for applying an additional
system of scrutiny is based upon our existing export control systems’ inability to promptly
evaluate such technologies. Indeed, the ECRA’s statement of policy notes that “[an] export
control system must ensure that it is transparent, predictable, and ​timely​” (emphasis added).

Defining the specific criteria under which a technology may be classified as “emerging” is a
necessary step if this new system is to avoid duplication, satisfy its mandate to be transparent
and predictable, and, crucially, avoid exceeding its statutory authority.

We understand that the list of technologies specified in the ANPRM are intended only as
“representative categories” of possible emerging technologies and not final determinations of
such. Still, this list includes a large number of technologies that cannot be considered to be
“emerging” under any reasonable definition of the term.
Consider category 9, “Additive manufacturing (e.g., 3D printing)”. Although 3D printing has
recently generated a considerable amount of investment, excitement and press coverage, the
ongoing industry boom is primarily attributable not to the development of new technologies but
rather to the expiration of patents that had constrained the size of the industry1. An example is
US patent 4,575,330, which concerns resin printing and which was filed in 1986. The existence
of a patent means that the techniques associated with this technology have been made public;
indeed, under existing policy2, this would explicitly exclude the technology from export control.
And although we do not have access to sales records from 3D Systems, the company that
initially commercialized the technology in question, their “How To Buy 3D Printers” web page3
currently directs purchasers to “an extensive global partner network,” suggesting that the
principles behind this technology have been publicly disclosed and working commercial
implementations exported for over three decades. A similar situation applies to other
technologies listed in the ANPRM, including voiceprint surveillance4, System-on-Chip (SoC)
integrated circuits5, and in all likelihood other categories.

Naturally, this does not preclude the possibility of new developments in one or more fields of
technology that merit scrutiny from a national security perspective. However, given the
decades-long history and mature status of many of the listed technologies, it is reasonable to
expect that the capabilities and likely progression of such fields is already generally understood,
and that a higher justificatory burden should be met before subjecting them to ECRA scrutiny.

Machine Learning as emerging technology

Although machine learning (ML) has recently reached a new threshold of commercial salience
as a variety of new applications have been developed, its academic foundations have been
widely known for decades. It is therefore questionable to consider machine learning to be an
“emerging” technology.

However, even if such a determination were made, we believe ML is an inappropriate candidate

for export control, and that a discussion of the reasons why will serve to illuminate
considerations that the Bureau may wish to keep in mind.

Mapbox makes extensive use of machine learning technology. We use it to detect vandalism in
crowdsourced mapping data; to extract geometry describing the built environment from aerial

https://techcrunch.com/2016/05/15/how-expiring-patents-are-ushering-in-the-next-generation-of-3d-printin
g/
2
15 CFR 734.3(b)(3)(iv). Although existing EAR may be amended or superseded by ECRA, the new law
clearly makes continuity and predictability a goal and explicitly extends the existing EAR (Sec. 1768
Transition Provisions). We believe that the Bureau should therefore assign considerable weight to the
principles embodied by the existing EAR when making ECRA implementation decisions.
3
https://www.3dsystems.com/how-to-buy/3d-printers
4
https://patents.google.com/patent/US4752958/en
5
https://www.computerhistory.org/siliconengine/digital-watch-is-first-system-on-chip-integrated-circuit/
imagery; to detect and classify street-level signage from video captured by our Vision SDK; and
for a variety of other purposes.

In practice, a machine learning application consists of a variety of components including:

- A ​software framework​, which embodies the mathematical principles at the heart of a

machine learning technique and which codifies and simplifies some aspects of their
implementation. Frameworks are typically designed to be flexible and may be used to
train a wide variety of models, each of which is tailored to a specific use case.
- Training data​, often consisting of labeled text, images or video, which is used during a
formative phase by which the model gains the ability to make useful determinations.
- The ​trained model​, usually consisting of a compact representation of the end state of
training, which may be distributed to end users in order to make useful determinations.
- Computing hardware​, typically consisting of highly parallelized computing architectures
such as graphics processing units (GPUs) or purpose-built chips.

Placing restrictions on any of these components would present challenges.

Restricting the distribution of software frameworks suffers from practical and legal problems.
The frameworks themselves are expressions of mathematical discoveries that have been
developed in an international academic context defined by norms of openness. The current
proliferation of frameworks speaks to the relative ease of this task once the underlying
knowledge is obtained. Software is by its nature difficult to secure, and the most popular
machine learning frameworks exist as open source code that is already distributed among
millions of developers worldwide. This includes the frameworks developed by software
companies like Google and Microsoft: the norm surrounding openness is pervasive within this
part of the machine learning discipline, extending even to firms that develop and sell proprietary,
closed-source software. Aside from the practical difficulty of securing such resources, various
court decisions6 have held that software enjoys First Amendment protections that complicate
restrictions on its dissemination. Additionally, we note that under 15 CFR 734.7 these
frameworks would currently qualify as published software and therefore not be subject to export
control. Finally, we note that such restrictions have proven unworkable in the past: attempts in
the 1990s to control the export of open source cryptographic software, notably including Phil
Zimmermann’s Pretty Good Privacy, ended in failure.

Restrictions on hardware are also likely to be unworkable. Although some companies like
Google, Apple and Tesla have designed application-specific integrated circuits (ASICs) or
subsystems for ML use cases, most ML practitioners use the graphics processing units (GPUs)
available on mass market 3D video cards traditionally used for playing video games. Such
hardware is already widely available outside the United States, as are the expertise and
facilities necessary to develop ASICs. As the ECRA notes, “[e]xport controls applied unilaterally

6
e.g. Bernstein v. United States; Junger v. Daley
to items widely available from foreign sources generally are less effective in preventing
end-users from acquiring those items.” It is not plausible that export restrictions on hardware
used for ML would significantly inhibit the techniques’ use outside the United States.

Training data is typically nothing more than labeled video, audio, text or images. It is inert from a
security perspective, easily created by minimally trained workers, and may enjoy speech
protections.

Trained models, by contrast, are specialized to the task for which they were trained. In many
cases the application in question may be unambiguously free from any concern that might
motivate an export restriction. In the language of the ECRA, these models have no “military,
terrorism, weapons of mass destruction, or law-enforcement-related applications.” An example
is Mapbox’s vandalism-detection models, which are applicable only to the publicly-available
OpenStreetMap project and only for the purposes of identifying malicious or incorrect geodata
submissions from the public. These models are very unlikely to make useful determinations in
any other context, nor could they be adapted for other purposes. Such a model has no dual-use
applications and should not be subject to export controls--applying such controls would clearly
exceed the ECRA’s requirement that export controls be used “only to the extent necessary”.
This example demonstrates the necessity of applying scrutiny at the level of specific
applications, rather than underlying technology, when determining the appropriateness of ECRA
restrictions to machine learning.

Is there is an advantage to maintain?

Implicit in any export restriction is the idea that limiting the dissemination of a technology from
the U.S. will preserve our nation’s superiority in that technological domain or inhibit destructive
developments related to that technology. In the case of machine learning, it is implausible that
this outcome is attainable. The field’s breakthroughs occur in open academic discourse and are
distributed to practitioners as open source software created by contributors of various
nationalities. Its hardware is widely commercially available and the knowledge and facilities
necessary to create it are not confined to the U.S. ML training datasets are sometimes closely
held, but can be independently created by straightforward investments in relatively unskilled
labor. And its trained models, while specialized and potentially controllable, are simply the
outputs of the above ingredients. It is not only plausible but likely that an imposition of controls
on this technology would do vastly more to retard the technology’s domestic development and
the United States’ leadership in the discipline than it would do to inhibit problematic foreign use.

In closing
We welcome the Bureau’s attention to this matter and thank you for your consideration of these
comments. We look forward to working with the Bureau as it implements the ECRA.

Thomas Lee
Policy Lead, Mapbox
tlee@mapbox.com