Professional Documents
Culture Documents
Mapbox - ECRA Emerging Technology Comments
Mapbox - ECRA Emerging Technology Comments
10 January 2019
The following comments are submitted on behalf of Mapbox, a leading provider of map and
location services, in response to the Bureau of Industry and Security’s advance notice of
proposed rulemaking “Review of Controls for Certain Emerging Technologies” (FR Doc.
2018–25221).
We recognize the importance of the Bureau’s mission to preserving the security and
technological competitiveness of the United States. We offer the following comments in the
hope that they will prove useful to the work associated with implementation of the Export Control
Reform Act of 2018 (ECRA).
Certain technologies, however, may not yet be listed on the [Commerce Control List] or
controlled multilaterally because they are emerging technologies. As such, they have not
yet been evaluated for their national security impacts.
Although the ECRA does not define the term “emerging,” we infer from the above passage that
this status relates to technologies’ newness, and that the rationale for applying an additional
system of scrutiny is based upon our existing export control systems’ inability to promptly
evaluate such technologies. Indeed, the ECRA’s statement of policy notes that “[an] export
control system must ensure that it is transparent, predictable, and timely” (emphasis added).
Defining the specific criteria under which a technology may be classified as “emerging” is a
necessary step if this new system is to avoid duplication, satisfy its mandate to be transparent
and predictable, and, crucially, avoid exceeding its statutory authority.
We understand that the list of technologies specified in the ANPRM are intended only as
“representative categories” of possible emerging technologies and not final determinations of
such. Still, this list includes a large number of technologies that cannot be considered to be
“emerging” under any reasonable definition of the term.
Consider category 9, “Additive manufacturing (e.g., 3D printing)”. Although 3D printing has
recently generated a considerable amount of investment, excitement and press coverage, the
ongoing industry boom is primarily attributable not to the development of new technologies but
rather to the expiration of patents that had constrained the size of the industry1. An example is
US patent 4,575,330, which concerns resin printing and which was filed in 1986. The existence
of a patent means that the techniques associated with this technology have been made public;
indeed, under existing policy2, this would explicitly exclude the technology from export control.
And although we do not have access to sales records from 3D Systems, the company that
initially commercialized the technology in question, their “How To Buy 3D Printers” web page3
currently directs purchasers to “an extensive global partner network,” suggesting that the
principles behind this technology have been publicly disclosed and working commercial
implementations exported for over three decades. A similar situation applies to other
technologies listed in the ANPRM, including voiceprint surveillance4, System-on-Chip (SoC)
integrated circuits5, and in all likelihood other categories.
Naturally, this does not preclude the possibility of new developments in one or more fields of
technology that merit scrutiny from a national security perspective. However, given the
decades-long history and mature status of many of the listed technologies, it is reasonable to
expect that the capabilities and likely progression of such fields is already generally understood,
and that a higher justificatory burden should be met before subjecting them to ECRA scrutiny.
Mapbox makes extensive use of machine learning technology. We use it to detect vandalism in
crowdsourced mapping data; to extract geometry describing the built environment from aerial
https://techcrunch.com/2016/05/15/how-expiring-patents-are-ushering-in-the-next-generation-of-3d-printin
g/
2
15 CFR 734.3(b)(3)(iv). Although existing EAR may be amended or superseded by ECRA, the new law
clearly makes continuity and predictability a goal and explicitly extends the existing EAR (Sec. 1768
Transition Provisions). We believe that the Bureau should therefore assign considerable weight to the
principles embodied by the existing EAR when making ECRA implementation decisions.
3
https://www.3dsystems.com/how-to-buy/3d-printers
4
https://patents.google.com/patent/US4752958/en
5
https://www.computerhistory.org/siliconengine/digital-watch-is-first-system-on-chip-integrated-circuit/
imagery; to detect and classify street-level signage from video captured by our Vision SDK; and
for a variety of other purposes.
Restricting the distribution of software frameworks suffers from practical and legal problems.
The frameworks themselves are expressions of mathematical discoveries that have been
developed in an international academic context defined by norms of openness. The current
proliferation of frameworks speaks to the relative ease of this task once the underlying
knowledge is obtained. Software is by its nature difficult to secure, and the most popular
machine learning frameworks exist as open source code that is already distributed among
millions of developers worldwide. This includes the frameworks developed by software
companies like Google and Microsoft: the norm surrounding openness is pervasive within this
part of the machine learning discipline, extending even to firms that develop and sell proprietary,
closed-source software. Aside from the practical difficulty of securing such resources, various
court decisions6 have held that software enjoys First Amendment protections that complicate
restrictions on its dissemination. Additionally, we note that under 15 CFR 734.7 these
frameworks would currently qualify as published software and therefore not be subject to export
control. Finally, we note that such restrictions have proven unworkable in the past: attempts in
the 1990s to control the export of open source cryptographic software, notably including Phil
Zimmermann’s Pretty Good Privacy, ended in failure.
Restrictions on hardware are also likely to be unworkable. Although some companies like
Google, Apple and Tesla have designed application-specific integrated circuits (ASICs) or
subsystems for ML use cases, most ML practitioners use the graphics processing units (GPUs)
available on mass market 3D video cards traditionally used for playing video games. Such
hardware is already widely available outside the United States, as are the expertise and
facilities necessary to develop ASICs. As the ECRA notes, “[e]xport controls applied unilaterally
6
e.g. Bernstein v. United States; Junger v. Daley
to items widely available from foreign sources generally are less effective in preventing
end-users from acquiring those items.” It is not plausible that export restrictions on hardware
used for ML would significantly inhibit the techniques’ use outside the United States.
Training data is typically nothing more than labeled video, audio, text or images. It is inert from a
security perspective, easily created by minimally trained workers, and may enjoy speech
protections.
Trained models, by contrast, are specialized to the task for which they were trained. In many
cases the application in question may be unambiguously free from any concern that might
motivate an export restriction. In the language of the ECRA, these models have no “military,
terrorism, weapons of mass destruction, or law-enforcement-related applications.” An example
is Mapbox’s vandalism-detection models, which are applicable only to the publicly-available
OpenStreetMap project and only for the purposes of identifying malicious or incorrect geodata
submissions from the public. These models are very unlikely to make useful determinations in
any other context, nor could they be adapted for other purposes. Such a model has no dual-use
applications and should not be subject to export controls--applying such controls would clearly
exceed the ECRA’s requirement that export controls be used “only to the extent necessary”.
This example demonstrates the necessity of applying scrutiny at the level of specific
applications, rather than underlying technology, when determining the appropriateness of ECRA
restrictions to machine learning.
In closing
We welcome the Bureau’s attention to this matter and thank you for your consideration of these
comments. We look forward to working with the Bureau as it implements the ECRA.
Thomas Lee
Policy Lead, Mapbox
tlee@mapbox.com