Notice2024-03763
Dual Use Foundation Artificial Intelligence Models With Widely Available Model Weights
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
February 26, 2024
Issuing agencies
Commerce DepartmentNational Telecommunications and Information Administration
Abstract
On October 30, 2023, President Biden issued an Executive order on "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence," which directed the Secretary of Commerce, acting through the Assistant Secretary of Commerce for Communications and Information, and in consultation with the Secretary of State, to conduct a public consultation process and issue a report on the potential risks, benefits, other implications, and appropriate policy and regulatory approaches to dual-use foundation models for which the model weights are widely available. Pursuant to that Executive order, the National Telecommunications and Information Administration (NTIA) hereby issues this Request for Comment on these issues. Responses received will be used to submit a report to the President on the potential benefits, risks, and implications of dual-use foundation models for which the model weights are widely available, as well as policy and regulatory recommendations pertaining to those models.
Full Text
<html>
<head>
<title>Federal Register, Volume 89 Issue 38 (Monday, February 26, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 38 (Monday, February 26, 2024)]
[Notices]
[Pages 14059-14063]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-03763]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration
[Docket No. 240216-0052]
RIN 0660-XC060
Dual Use Foundation Artificial Intelligence Models With Widely
Available Model Weights
AGENCY: National Telecommunications and Information Administration,
Department of Commerce.
ACTION: Notice; request for comment.
-----------------------------------------------------------------------
SUMMARY: On October 30, 2023, President Biden issued an Executive order
on ``Safe, Secure, and Trustworthy Development and Use of Artificial
Intelligence,'' which directed the Secretary of Commerce, acting
through the Assistant Secretary of Commerce for Communications and
Information, and in consultation with the Secretary of State, to
conduct a public consultation process and issue a report on the
potential risks, benefits, other implications, and appropriate policy
and regulatory approaches to dual-use foundation models for which the
model weights are widely available. Pursuant to that Executive order,
the National Telecommunications and Information Administration (NTIA)
hereby issues this Request for Comment on these issues. Responses
received will be used to submit a report to the President on the
potential benefits, risks, and implications of dual-use foundation
[[Page 14060]]
models for which the model weights are widely available, as well as
policy and regulatory recommendations pertaining to those models.
DATES: Written comments must be received on or before March 27, 2024.
ADDRESSES: All electronic public comments on this action, identified by
<a href="http://Regulations.gov">Regulations.gov</a> docket number NTIA-2023-0009, may be submitted through
the Federal e-Rulemaking Portal at <a href="https://www.regulations.gov">https://www.regulations.gov</a>. The
docket established for this request for comment can be found at
<a href="http://www.Regulations.gov">www.Regulations.gov</a>, NTIA-2023-0009. To make a submission, click the
``Comment Now!'' icon, complete the required fields, and enter or
attach your comments. Additional instructions can be found in the
``Instructions'' section below, after SUPPLEMENTARY INFORMATION.
FOR FURTHER INFORMATION CONTACT: Please direct questions regarding this
Request for Comment to Travis Hall at <a href="/cdn-cgi/l/email-protection#681c0009040428061c0109460f071e"><span class="__cf_email__" data-cfemail="33475b525f5f735d475a521d545c45">[email protected]</span></a> with ``Openness in
AI Request for Comment'' in the subject line. If submitting comments by
U.S. mail, please address questions to Bertram Lee, National
Telecommunications and Information Administration, U.S. Department of
Commerce, 1401 Constitution Avenue NW, Washington, DC 20230. Questions
submitted via telephone should be directed to (202) 482-3522. Please
direct media inquiries to NTIA's Office of Public Affairs, telephone:
(202) 482-7002; email: <a href="/cdn-cgi/l/email-protection#deaeacbbadad9eb0aab7bff0b9b1a8"><span class="__cf_email__" data-cfemail="fb8b899e8888bb958f929ad59c948d">[email protected]</span></a>.
SUPPLEMENTARY INFORMATION:
Background and Authority
Artificial intelligence (AI) \1\ has had, and will have, a
significant effect on society, the economy, and scientific progress.
Many of the most prominent models, including the model that powers
ChatGPT, are ``fully closed'' or ``highly restricted,'' with limited or
no public access to their inner workings. The recent introduction of
large, publicly-available models, such as those from Google, Meta,
Stability AI, Mistral, the Allen Institute for AI, and EleutherAI,
however, has fostered an ecosystem of increasingly ``open'' advanced AI
models, allowing developers and others to fine-tune models using widely
available computing.\2\
---------------------------------------------------------------------------
\1\ Artificial Intelligence (AI) ``has the meaning set forth in
15 U.S.C. 9401(3): a machine-based system that can, for a given set
of human-defined objectives, make predictions, recommendations, or
decisions influencing real or virtual environments. Artificial
intelligence systems use machine- and human-based inputs to perceive
real and virtual environments; abstract such perceptions into models
through analysis in an automated manner; and use model inference to
formulate options for information or action.'' see Executive Office
of the President, Safe, Secure, and Trustworthy Development and Use
of Artificial Intelligence, 88 FR 75191 (November 1, 2023) <a href="https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence">https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence</a>. ``AI
Model'' means ``a component of an information system that implements
AI technology and uses computational, statistical, or machine-
learning techniques to produce outputs from a given set of inputs.''
see Id.
\2\ See e.g., Zoe Brammer, How Does Access Impact Risk?
Assessing AI Foundation Model Risk Along a Gradient of Access, The
Institute for Security and Technology (December 2023) <a href="https://securityandtechnology.org/wp-content/uploads/2023/12/How-Does-Access-Impact-Risk-Assessing-AI-Foundation-Model-Risk-Along-A-Gradient-of-Access-Dec-2023.pdf">https://securityandtechnology.org/wp-content/uploads/2023/12/How-Does-Access-Impact-Risk-Assessing-AI-Foundation-Model-Risk-Along-A-Gradient-of-Access-Dec-2023.pdf</a>; Irene Solaiman, The Gradient of
Generative AI Release: Methods and Considerations,
arXiv:2302.04844v1 (February 5, 2023); <a href="https://arxiv.org/pdf/2302.04844.pdf">https://arxiv.org/pdf/2302.04844.pdf</a>.
---------------------------------------------------------------------------
Dual use foundation models with widely available weights (referred
to here as open foundation models) could play a key role in fostering
growth among less resourced actors, helping to widely share access to
AI's benefits.\3\ Small businesses, academic institutions, underfunded
entrepreneurs, and even legacy businesses have used these models to
further innovate, advance scientific knowledge, and gain potential
competitive advantages in the marketplace. The concentration of access
to foundation models into a small subset of organizations poses the
risk of hindering such innovation and advancements, a concern that
could be lessened by availability of open foundation models. Open
foundation models can be readily adapted and fine-tuned to specific
tasks and possibly make it easier for system developers to scrutinize
the role foundation models play in larger AI systems, which is
important for rights- and safety-impacting AI systems (e.g. healthcare,
education, housing, criminal justice, online platforms etc.).\4\ These
open foundation models have the potential to help scientists make new
medical discoveries or even make mundane, time-consuming activities
more efficient.\5\
---------------------------------------------------------------------------
\3\ See e.g., Elizabeth Seger et al., Open-Sourcing Highly
Capable Foundation Models, Centre for the Governance of AI (2023)
<a href="https://cdn.governance.ai/Open-Sourcing_Highly_Capable_Foundation_Models_2023_GovAI.pdf">https://cdn.governance.ai/Open-Sourcing_Highly_Capable_Foundation_Models_2023_GovAI.pdf</a>.
\4\ See e.g., Executive Office of the President: Office of
Management and Budget, Proposed Memorandum For the Heads of
Executive Departments and Agencies (November 3, 2023) <a href="https://www.whitehouse.gov/wp-content/uploads/2023/11/AI-in-Government-Memo-draft-for-public-review.pdf">https://www.whitehouse.gov/wp-content/uploads/2023/11/AI-in-Government-Memo-draft-for-public-review.pdf</a>; Cui Beilei et al., Surgical-DINO:
Adapter Learning of Foundation Model for Depth Estimation in
Endoscopic Surgery, arXiv:2401.06013v1 (January 11, 2024) <a href="https://arxiv.org/pdf/2401.06013.pdf">https://arxiv.org/pdf/2401.06013.pdf</a> (Using low-ranked adaptation, or LoRA,
in a foundation model to help with surgical depth estimation for
endoscopic surgeries).
\5\ See e.g., Shaoting Zhang, On the Challenges and Perspectives
of Foundation Models for Medical Image Analysis, arXiv:2306.05705v2
(November 23, 2023), <a href="https://arxiv.org/pdf/2306.05705.pdf">https://arxiv.org/pdf/2306.05705.pdf</a>.
---------------------------------------------------------------------------
Open foundation models have the potential to transform research,
both within computer science \6\ and through supporting other
disciplines such as medicine, pharmaceutical, and scientific
research.\7\ Historically, widely available programming libraries have
given researchers the ability to simultaneously run and understand
algorithms created by other programmers. Researchers and journals have
supported the movement towards open science,\8\ which includes sharing
research artifacts like the data and code required to reproduce
results.
---------------------------------------------------------------------------
\6\ See e.g., David Noever, Can Large Language Models Find And
Fix Vulnerable Software?, arxiv 2308.10345 (August 20, 2023) <a href="https://arxiv.org/abs/2308.10345">https://arxiv.org/abs/2308.10345</a>; \6\ Andreas St[ouml]ckl, Evaluating a
Synthetic Image Dataset Generated with Stable Diffusion, Proceedings
of Eighth International Congress on Information and Communication
Technology Vol. 693 (July 25, 2023) <a href="https://link.springer.com/chapter/10.1007/978-981-99-3243-6_64">https://link.springer.com/chapter/10.1007/978-981-99-3243-6_64</a>.
\7\ See e.g., Kun-Hsing Yu et al., Artificial intelligence in
healthcare, Nature Biomedical Engineering Vol. 2 719-731 (October
10, 2018) <a href="https://www.nature.com/articles/s41551-018-0305-z#citeas">https://www.nature.com/articles/s41551-018-0305-z#citeas</a>;
Kevin Maik Jablonka et al., 14 examples of how LLMs can transform
materials science and chemistry: a reflection on a large language
model hackathon, Digital Discovery 2 (August 8, 2023) <a href="https://pubs.rsc.org/en/content/articlehtml/2023/dd/d3dd00113j">https://pubs.rsc.org/en/content/articlehtml/2023/dd/d3dd00113j</a>.
\8\ See e.g., Harvey V. Fineberg et al., Consensus Study Report:
Reproducibility and Replicability in Science, National Academies of
Sciences (May 2019) <a href="https://nap.nationalacademies.org/resource/25303/R&R.pdf">https://nap.nationalacademies.org/resource/25303/R&R.pdf</a>; Nature, Reporting standards and availability of data,
materials, code and protocols, <a href="https://www.nature.com/nature-portfolio/editorial-policies/reporting-standards">https://www.nature.com/nature-portfolio/editorial-policies/reporting-standards</a>; Science, Science
Journals: Editorial Policies, <a href="https://www.science.org/content/page/science-journals-editorial-policies#data-and-code-deposition">https://www.science.org/content/page/science-journals-editorial-policies#data-and-code-deposition</a>; Edward
Miguel, Evidence on Research Transparency in Economics, Journal of
Economic Perspectives Vol. 35 No. 3 (2021) <a href="https://www.aeaweb.org/articles?id=10.1257/jep.35.3.193">https://www.aeaweb.org/articles?id=10.1257/jep.35.3.193</a>.
---------------------------------------------------------------------------
Open foundation models can allow for more transparency and enable
broader access to allow greater oversight by technical experts,
researchers, academics, and those from the security community.\9\
Foundation models with widely available model weights could also
promote competition in downstream markets for which AI models are a
critical input, allowing smaller players to add value by adjusting
models originally produced by the large developers.\10\ The
accessibility
[[Page 14061]]
of open foundation models also provides tools for individuals and civil
society groups to resist authoritarian regimes, furthering democratic
values and U.S. foreign policy goals.
---------------------------------------------------------------------------
\9\ See e.g., Rishi Bommasani et al., Considerations for
Governing Open Foundation Models, Stanford University Human-Centered
Artificial Intelligence (December 2023) <a href="https://hai.stanford.edu/sites/default/files/2023-12/Governing-Open-Foundation-Models.pdf">https://hai.stanford.edu/sites/default/files/2023-12/Governing-Open-Foundation-Models.pdf</a>.
\10\ See, e.g., Jai Vipra and Anton Korinek, Market
concentration implications of foundation models: The Invisible Hand
of ChatGPT, Brookings Inst. (2023) <a href="https://www.brookings.edu/articles/market-concentration-implications-of-foundation-models-the-invisible-hand-of-chatgpt/">https://www.brookings.edu/articles/market-concentration-implications-of-foundation-models-the-invisible-hand-of-chatgpt/</a>.
---------------------------------------------------------------------------
While open foundation models potentially offer significant
benefits, they may pose risks as well. Foundation models with widely-
available model weights could engender substantial harms, such as risks
to security, equity, civil rights, or other harms due to, for
instance,\11\ affirmative misuse, failures of effective oversight, or
lack of clear accountability mechanisms.\12\ Others argue that these
open foundation models enable development of attacks against
proprietary models due to similarities in the data sets used to train
them.\13\ The wide availability of dual use foundation models with
widely available model weights and the continually shrinking amount of
compute necessary to fine-tune these models together create
opportunities for malicious actors to use such models to engage in
harm.\14\ The lack of monitoring of open foundation models may worsen
existing challenges, for example, by easing creation of synthetic non-
consensual intimate images or enabling mass disinformation
campaigns.\15\
---------------------------------------------------------------------------
\11\ Id.
\12\ Id.
\13\ For example, researchers have found ways to get both black
box large language models as well as more open models to produce
objectionable content through adversarial attacks. See e.g., Andy
Zou et al., Universal and Transferable Adversarial Attacks on
Aligned Language Models, arXiv:2307.15043 (July 27, 2023). <a href="https://arxiv.org/abs/2307.15043">https://arxiv.org/abs/2307.15043</a> (``Surprisingly, we find that the
adversarial prompts generated by our approach are quite
transferable, including to black-box, publicly released LLMs . . .
When doing so, the resulting attack suffix is able to induce
objectionable content in the public interfaces to ChatGPT, Bard, and
Claude, as well as open source LLMs such as LLaMA-2-Chat, Pythia,
Falcon, and others.'').
\14\ See e.g., Zoe Brammer, How Does Access Impact Risk?
Assessing AI Foundation Model Risk Along a Gradient of Access, The
Institute for Security and Technology (December 2023) <a href="https://securityandtechnology.org/wp-content/uploads/2023/12/How-Does-Access-Impact-Risk-Assessing-AI-Foundation-Model-Risk-Along-A-Gradient-of-Access-Dec-2023.pdf">https://securityandtechnology.org/wp-content/uploads/2023/12/How-Does-Access-Impact-Risk-Assessing-AI-Foundation-Model-Risk-Along-A-Gradient-of-Access-Dec-2023.pdf</a>.
\15\ Id and see e.g. Pranshu Verma, The rise of AI fake news is
creating a `misinformation superspreader', Washington Post (December
17, 2023) <a href="https://www.washingtonpost.com/technology/2023/12/17/ai-fake-news-misinformation/">https://www.washingtonpost.com/technology/2023/12/17/ai-fake-news-misinformation/</a>.
---------------------------------------------------------------------------
On October 30, 2023, President Biden signed the Executive order on
``Safe, Secure, and Trustworthy Development and Use of Artificial
Intelligence.'' \16\ Noting the importance of maximizing the benefits
of open foundation models while managing and mitigating the attendant
risks, section 4.6 the Executive order tasked the Secretary of
Commerce, acting through NTIA and in consultation with the Secretary of
State, with soliciting feedback ``from the private sector, academia,
civil society, and other stakeholders through a public consultation
process on the potential risks, benefits, other implications, and
appropriate policy and regulatory approaches related to dual-use
foundation models for which the model weights are widely available.''
\17\ As required by the Executive order, the Secretary of Commerce,
through NTIA, and in consultation with the Secretary of State, will
author a report to the President on the ``potential benefits, risks,
and implications of dual-use foundation models for which the model
weights are widely available, as well as policy and regulatory
recommendations pertaining to those models.'' \18\
---------------------------------------------------------------------------
\16\ E.O. 14110, 88 FR 75191 (November 1, 2023).
\17\ Id.
\18\ Id.
---------------------------------------------------------------------------
In particular, the Executive order asks NTIA to consider risks and
benefits of dual-use foundation models with weights that are ``widely
available.'' \19\ Likewise, ``openness'' or ``wide availability'' of
model weights are also terms without clear definition or consensus.
There are gradients of ``openness,'' ranging from fully ``closed'' to
fully ``open.'' \20\ There is also more information needed to detail
the relationship between openness and the wide availability of both
model weights and open foundation models more generally. This could
include, for example, information about what types of licenses and
distribution methods are available or could be available for open
foundation models, and how such licenses and distribution methods fit
within an understanding of openness and wide availability.\21\
---------------------------------------------------------------------------
\19\ E.O. 14110, 88 FR 75191 (November 1, 2023).
\20\ See, e.g., Irene Solaiman, The Gradient of Generative AI
Release: Methods and Considerations, arXiv:2302.04844v1 (February 5,
2023) <a href="https://arxiv.org/pdf/2302.04844.pdf">https://arxiv.org/pdf/2302.04844.pdf</a>; Bommasani et al., supra
note 9.
\21\ See, e.g., Carlos Munoz Ferrandis, OpenRAIL: Towards open
and responsible AI licensing frameworks, Hugging Face Blog (August
31, 2022) <a href="https://huggingface.co/blog/open_rail">https://huggingface.co/blog/open_rail</a>; Danish Contractor
et al., Behavioral Use Licensing for Responsible AI,
arXiv:2011.03116v2 (October 20, 2022) <a href="https://arxiv.org/pdf/2011.03116.pdf">https://arxiv.org/pdf/2011.03116.pdf</a>.
---------------------------------------------------------------------------
NTIA also requests input on any potential regulatory models, either
voluntary or mandatory, that could maintain and potentially increase
the benefits and/or mitigate the risks of dual use foundation models
with widely available model weights. We seek input as to different
kinds of regulatory structures that could deal with not only the large
scale of these foundation models, but also the declining level of
computing resources needed to fine-tune and retrain them.
Definitions
This Request for Comment uses the terms defined in sec. 3 of the
Executive order. In addition, we use broader terms interchangeably for
both ease of understanding and clarity, as set forth below.
``Artificial intelligence'' or ``AI'' refer to a machine-based system
that can, for a given set of human-defined objectives, make
predictions, recommendations, or decisions, influencing real or virtual
environments.\22\ Artificial intelligence systems use machine- and
human-based inputs to perceive real and virtual environments, abstract
such perceptions into models through analysis in an automated manner,
and use model inference to formulate options for information or action.
---------------------------------------------------------------------------
\22\ E.O. 14110, 88 FR 75191 (November 1, 2023).
---------------------------------------------------------------------------
Foundation models are typically defined as, ``powerful models that
can be fine-tuned and used for multiple purposes.'' \23\ Under the
Executive order, a ``dual-use foundation model'' is ``an AI model that
is trained on broad data; generally uses self-supervision, contains at
least tens of billions of parameters; is applicable across a wide range
of contexts; and that exhibits, or could be easily modified to exhibit,
high levels of performance at tasks that pose a serious risk to
security, national economic security, national public health or safety,
or any combination of those matters . . . .'' \24\ Both definitions of
``foundation model'' and of ``dual-use foundation model''--highlight
the key trait of these models, that they can be used in a number of
ways.\25\
---------------------------------------------------------------------------
\23\ See, e.g., ``A foundation model is any model that is
trained on broad data (generally using self-supervision at scale)
that can be adapted (e.g., fine-tuned) to a wide range of downstream
tasks[.]'' Rishi Bommasani et al., On the Opportunities and Risks of
Foundation Models, arXiv:2108.07258v3 (July 12, 2022). <a href="https://arxiv.org/pdf/2108.07258.pdf">https://arxiv.org/pdf/2108.07258.pdf</a>.
\24\ E.O. 14110, 88 FR 75191 (November 1, 2023).
\25\ Id.
---------------------------------------------------------------------------
``Generative AI can be understood as a form of AI model
specifically intended to produce new digital material as an output
(including text, images, audio, video, software code), including when
such AI models are used in applications and their user interfaces.''
\26\ The term ``generative AI'' refers to a class of AI models built on
foundation models
[[Page 14062]]
``that emulate the structure and characteristics of input data in order
to generate derived synthetic content.'' \27\ Chatbots like ChatGPT,
large language models like BLOOM, and image generators like Midjourney
are all examples of generative AI.
---------------------------------------------------------------------------
\26\ G7 Hiroshima Process on Generative Artificial Intelligence
(AI) Towards a G7 Common Understanding on Generative AI,
Organisation for Economic Co-operation and Development (OECD)
(September 7, 2023) <a href="https://www.oecd-ilibrary.org/docserver/bf3c0c60-en.pdf?expires=1705032283&id=id&accname=guest&checksum=85A1D78C60AC6D8BBFBF2514CB7F2A5D">https://www.oecd-ilibrary.org/docserver/bf3c0c60-en.pdf?expires=1705032283&id=id&accname=guest&checksum=85A1D78C60AC6D8BBFBF2514CB7F2A5D</a>.
\27\ E.O. 14110, 88 FR 75191 (November 1, 2023).
---------------------------------------------------------------------------
This Request for Comment is particularly focused on the wide
availability, such as being publicly posted online, of foundation model
weights. ``Model weights'' are ``numerical parameter[s] within an AI
model that help [. . .] determine the model's output in response to
inputs.'' \28\ In addition to model weights, there are other
``components'' of an AI model, including training data, code, or other
elements, which are involved in its development or use, and may or may
not be made widely available.
---------------------------------------------------------------------------
\28\ Id.
---------------------------------------------------------------------------
The Executive order directs NTIA to focus on dual-use foundation
models that were trained on broad data; generally use self-supervision;
contain at least tens of billions of parameters; are applicable across
a wide range of contexts; and exhibit, or could be easily modified to
exhibit, high levels of performance at tasks that pose a serious risk
to security, national economic security, national public health or
safety, or any combination of those matter.\29\ NTIA also remains
interested in the discussion of models that fall outside of the scope
of this Request for Comments in order to better understand the current
landscape and potential impact of regulatory or policy actions.
---------------------------------------------------------------------------
\29\ Id.
---------------------------------------------------------------------------
Instructions for Commenters
Through this Request for Comment, we hope to gather information on
the following questions. These are not exhaustive, and commenters are
invited to provide input on relevant questions not asked below.
Commenters are not required to respond to all questions. When
responding to one or more of the questions below, please note in the
text of your response the number of the question to which you are
responding. Commenters should include a page number on each page of
their submissions. Commenters are welcome to provide specific
actionable proposals, rationales, and relevant facts.
Please do not include in your comments information of a
confidential nature, such as sensitive personal information or
proprietary information. All comments received are a part of the public
record and will generally be posted to <a href="http://Regulations.gov">Regulations.gov</a> without change.
All personal identifying information (e.g., name, address) voluntarily
submitted by the commenter may be publicly accessible.
Questions
1. How should NTIA define ``open'' or ``widely available'' when
thinking about foundation models and model weights?
a. Is there evidence or historical examples suggesting that weights
of models similar to currently-closed AI systems will, or will not,
likely become widely available? If so, what are they?
b. Is it possible to generally estimate the timeframe between the
deployment of a closed model and the deployment of an open foundation
model of similar performance on relevant tasks? How do you expect that
timeframe to change? Based on what variables? How do you expect those
variables to change in the coming months and years?
c. Should ``wide availability'' of model weights be defined by
level of distribution? If so, at what level of distribution (e.g.,
10,000 entities; 1 million entities; open publication; etc.) should
model weights be presumed to be ``widely available''? If not, how
should NTIA define ``wide availability?''
d. Do certain forms of access to an open foundation model (web
applications, Application Programming Interfaces (API), local hosting,
edge deployment) provide more or less benefit or more or less risk than
others? Are these risks dependent on other details of the system or
application enabling access?
i. Are there promising prospective forms or modes of access that
could strike a more favorable benefit-risk balance? If so, what are
they?
2. How do the risks associated with making model weights widely
available compare to the risks associated with non-public model
weights?
a. What, if any, are the risks associated with widely available
model weights? How do these risks change, if at all, when the training
data or source code associated with fine tuning, pretraining, or
deploying a model is simultaneously widely available?
b. Could open foundation models reduce equity in rights and safety-
impacting AI systems (e.g., healthcare, education, criminal justice,
housing, online platforms, etc.)?
c. What, if any, risks related to privacy could result from the
wide availability of model weights?
d. Are there novel ways that state or non-state actors could use
widely available model weights to create or exacerbate security risks,
including but not limited to threats to infrastructure, public health,
human and civil rights, democracy, defense, and the economy?
i. How do these risks compare to those associated with closed
models?
ii. How do these risks compare to those associated with other types
of software systems and information resources?
e. What, if any, risks could result from differences in access to
widely available models across different jurisdictions?
f. Which are the most severe, and which the most likely risks
described in answering the questions above? How do these set of risks
relate to each other, if at all?
3. What are the benefits of foundation models with model weights
that are widely available as compared to fully closed models?
a. What benefits do open model weights offer for competition and
innovation, both in the AI marketplace and in other areas of the
economy? In what ways can open dual-use foundation models enable or
enhance scientific research, as well as education/training in computer
science and related fields?
b. How can making model weights widely available improve the
safety, security, and trustworthiness of AI and the robustness of
public preparedness against potential AI risks?
c. Could open model weights, and in particular the ability to
retrain models, help advance equity in rights and safety-impacting AI
systems (e.g., healthcare, education, criminal justice, housing, online
platforms etc.)?
d. How can the diffusion of AI models with widely available weights
support the United States' national security interests? How could it
interfere with, or further the enjoyment and protection of human rights
within and outside of the United States?
e. How do these benefits change, if at all, when the training data
or the associated source code of the model is simultaneously widely
available?
4. Are there other relevant components of open foundation models
that, if simultaneously widely available, would change the risks or
benefits presented by widely available model weights? If so, please
list them and explain their impact.
5. What are the safety-related or broader technical issues involved
in managing risks and amplifying benefits of dual-use foundation models
with widely available model weights?
a. What model evaluations, if any, can help determine the risks or
benefits associated with making weights of a foundation model widely
available?
b. Are there effective ways to create safeguards around foundation
models,
[[Page 14063]]
either to ensure that model weights do not become available, or to
protect system integrity or human well-being (including privacy) and
reduce security risks in those cases where weights are widely
available?
c. What are the prospects for developing effective safeguards in
the future?
d. Are there ways to regain control over and/or restrict access to
and/or limit use of weights of an open foundation model that, either
inadvertently or purposely, have already become widely available? What
are the approximate costs of these methods today? How reliable are
they?
e. What if any secure storage techniques or practices could be
considered necessary to prevent unintentional distribution of model
weights?
f. Which components of a foundation model need to be available, and
to whom, in order to analyze, evaluate, certify, or red-team the model?
To the extent possible, please identify specific evaluations or types
of evaluations and the component(s) that need to be available for each.
g. Are there means by which to test or verify model weights? What
methodology or methodologies exist to audit model weights and/or
foundation models?
6. What are the legal or business issues or effects related to open
foundation models?
a. In which ways is open-source software policy analogous (or not)
to the availability of model weights? Are there lessons we can learn
from the history and ecosystem of open-source software, open data, and
other ``open'' initiatives for open foundation models, particularly the
availability of model weights?
b. How, if at all, does the wide availability of model weights
change the competition dynamics in the broader economy, specifically
looking at industries such as but not limited to healthcare, marketing,
and education?
c. How, if at all, do intellectual property-related issues--such as
the license terms under which foundation model weights are made
publicly available--influence competition, benefits, and risks? Which
licenses are most prominent in the context of making model weights
widely available? What are the tradeoffs associated with each of these
licenses?
d. Are there concerns about potential barriers to interoperability
stemming from different incompatible ``open'' licenses, e.g., licenses
with conflicting requirements, applied to AI components? Would
standardizing license terms specifically for foundation model weights
be beneficial? Are there particular examples in existence that could be
useful?
7. What are current or potential voluntary, domestic regulatory,
and international mechanisms to manage the risks and maximize the
benefits of foundation models with widely available weights? What kind
of entities should take a leadership role across which features of
governance?
a. What security, legal, or other measures can reasonably be
employed to reliably prevent wide availability of access to a
foundation model's weights, or limit their end use?
b. How might the wide availability of open foundation model weights
facilitate, or else frustrate, government action in AI regulation?
c. When, if ever, should entities deploying AI disclose to users or
the general public that they are using open foundation models either
with or without widely available weights?
d. What role, if any, should the U.S. government take in setting
metrics for risk, creating standards for best practices, and/or
supporting or restricting the availability of foundation model weights?
i. Should other government or non-government bodies, currently
existing or not, support the government in this role? Should this vary
by sector?
e. What should the role of model hosting services (e.g.,
HuggingFace, GitHub, etc.) be in making dual-use models with open
weights more or less available? Should hosting services host models
that do not meet certain safety standards? By whom should those
standards be prescribed?
f. Should there be different standards for government as opposed to
private industry when it comes to sharing model weights of open
foundation models or contracting with companies who use them?
g. What should the U.S. prioritize in working with other countries
on this topic, and which countries are most important to work with?
h. What insights from other countries or other societal systems are
most useful to consider?
i. Are there effective mechanisms or procedures that can be used by
the government or companies to make decisions regarding an appropriate
degree of availability of model weights in a dual-use foundation model
or the dual-use foundation model ecosystem? Are there methods for
making effective decisions about open AI deployment that balance both
benefits and risks? This may include responsible capability scaling
policies, preparedness frameworks, et cetera.
j. Are there particular individuals/entities who should or should
not have access to open-weight foundation models? If so, why and under
what circumstances?
8. In the face of continually changing technology, and given
unforeseen risks and benefits, how can governments, companies, and
individuals make decisions or plans today about open foundation models
that will be useful in the future?
a. How should these potentially competing interests of innovation,
competition, and security be addressed or balanced?
b. Noting that E.O. 14110 grants the Secretary of Commerce the
capacity to adapt the threshold, is the amount of computational
resources required to build a model, such as the cutoff of 10\26\
integer or floating-point operations used in the Executive order, a
useful metric for thresholds to mitigate risk in the long-term,
particularly for risks associated with wide availability of model
weights?
c. Are there more robust risk metrics for foundation models with
widely available weights that will stand the test of time? Should we
look at models that fall outside of the dual-use foundation model
definition?
9. What other issues, topics, or adjacent technological
advancements should we consider when analyzing risks and benefits of
dual-use foundation models with widely available model weights?
Dated: February 20, 2024.
Stephanie Weiner,
Chief Counsel, National Telecommunications and Information
Administration.
[FR Doc. 2024-03763 Filed 2-23-24; 8:45 am]
BILLING CODE 3510-60-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on February 26, 2024.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.