Link to original article
Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: One implementation of regulatory GPU restrictions, published by porby on June 4, 2023 on LessWrong.
Some observations:
ML-relevant hardware supply is bottlenecked at several points.
One company, NVIDIA, is currently responsible for most purchasable hardware.
NVIDIA already implements driver licensing to force data center customers to buy into the more expensive product line.
NVIDIA would likely not oppose even onerous regulation on the use of its ML hardware if it gives them more of a competitive moat.
Where can you stick a regulatory lever to prevent improper use of GPUs at scale?
Here's one option!
Align greed with oversight
Buff up driver licensing with some form of hardware authentication so that only appropriately signed drivers can run. (NVIDIA may do this already; it would make sense!)
Modify ML-focused products to brick themselves if they do not receive a periodic green light signal from a regulatory source with proper authentication.
Require chain of custody for ML-focused products. If an auditable chain of custody cannot be produced for a particular piece of hardware, stop sending a green light.
Use both targeted and randomized audits to confirm that hardware is being used for the stated purpose. Audits are not primarily automatic: regulators should have on-demand access to the physical hardware and verifiable detailed information on how the system is being used.
If audits are blocked or refused by a product owner, stop sending a green light.
While not a primary form of security, the hardware/driver could self-report on some kinds of usage patterns. It does not seem realistic to collect invasive data, but the combination of chain of custody and high-level samples of hardware utilization over time could help corroborate client claims or flag installations for audits.
I imagine NVIDIA would be happy to offer Certified ML-MOAT-2023-B Compliant hardware and drivers. Given the opportunity, they may even push regulators to implement progressively more difficult forms of verification to make it more expensive for smaller hardware providers to break into the market.
Between the cost of the hardware involved and the chain of custody information, it is unlikely that many small businesses would suffer excessive burdens as a result of the regulation. A company with 16 H100's is far less of a risk than a company with 140,000 H100's; you can probably skip the audit unless you have some reason to suspect the ostensibly small installations are attempting to exploit a loophole.
Clouds
GPU cloud service providers (CSPs) obscure chain of custody and complicate audits. Getting sufficient regulatory oversight here will likely have the most consumer-visible impacts.
One option would be to require any compute requests above a certain threshold (either in terms of simultaneous compute or integrated compute over time) to meet KYC-style requirements.
Regulators could lean on the CSP to extract information from large-scale customers, and those large-scale customers could be directly required to report or submit to audits as if they owned the hardware.
Given the profit margins for GPU CSPs, I suspect most major AI labs to prefer building out their own infrastructure or making special deals (like OpenAI and Microsoft). The main value of having requirements on CSPs would be to plug an obvious loophole that bad actors might otherwise try to abuse because it's still cheaper than their other options for getting access to tons of compute.
It is unlikely that any small research group would ever actually encounter the regulatory system. That helps keep regulatory overheads low and focuses the effort on the more dangerous massive deployments.
Threat model exclusions
This doesn't do anything against an extremely capable hostile actor in the limit. The hardware and software are in the hands of t...
view more