Many AI Safety Orgs Have Tried to Criminalize Currently-Existing Open-Source AI
<p>I've seen a few conversations where someone says something like this:</p>
<blockquote>
<p>I've been using an open-source LLM lately -- I'm a huge fan of not depending on OpenAI, Anthropic, or Google. But I'm really sad that the AI safety groups are trying to ban the kind of open-source LLM that I'm using.</p>
</blockquote>
<p>Someone then responds:</p>
<blockquote>
<p>What! Almost no one <em>actually</em> wants to ban open source AI of the kind that you're using! That's just a recklessly-spread myth! AI Safety orgs just want to ban a tiny handful of future models -- no one has tried to pass laws that would have banned current open-sourced models!</p>
</blockquote>
<p>This second claim is false.</p>
<p>Many AI "safety" organizations or people have in the past advocated bans that would have criminalized the open-sourcing of models <em>currently extant</em> as of now, January 2024. Even more organizations have pushed for bans that would cap open source AI capabilities at more or less exactly their current limits.</p>
<p>(I use open-sourcing broadly to refer to making weights generally available, not always to specific open-source compliant licensing.)</p>
<p>At least a handful of the organizations that have pushed for such bans are well-funded and becoming increasingly well-connected to policy makers.</p>
<p>Note that I think it's <em>entirely understandable</em> that someone would not realize such bans have been the goal of some AI safety orgs!</p>
<p>For comprehensible reasons -- i.e., how many people judge such policies to be a horrible idea, including many people interested in AI safety -- such AI safety organizations have often directed the documents explaining their proposed policies to bureaucrats, legislative staffers, and so on, and not been proactive in communicating their goals to the public.</p>
<p>Note also that <strong>not all</strong> AI safety organizations or AI-safety concerned people are trying to do this -- although, to be honest, a disturbing number are.</p>
<p>At least a handful of people in some organizations believe -- as do I -- that open source has been increasingly <a href="https://www.beren.io/2023-11-05-Open-source-AI-has-been-vital-for-alignment/">vital for AI safety work</a>. Given how <em>past</em> ban proposals would have been harmful, I think many future such proposals are therefore likely to be harmful as well, especially given that the arguments for them look pretty much identical.</p>
<p>Anyhow, a partial list:</p>
<h2><strong>1: Center for AI Safety</strong></h2>
<p>The Center for AI Safety is a well-funded (i.e., with > <a href="https://www.openphilanthropy.org/grants/?organization-name=center-for-ai-safety">9 million USD</a>) 501c3 that focuses mostly on AI safety research and on outreach. You've probably heard of them because they gathered signatures for their <a href="https://www.safe.ai/statement-on-ai-risk">sentence</a> about AI safety.</p>
<p>Nevertheless, they are also involved in policy. In response to the National Telecommunications and Information Administration's (NTIA) request for comment they <a href="https://www.regulations.gov/comment/NTIA-2023-0005-1416">sent</a> proposed regulatory rules to them.</p>
<p>These rules propose defining "powerful AI systems" as any systems that meet or exceed certain measures for any of the following:</p>
<blockquote>
<p><strong>Computational resources used to train the system</strong> (e.g., 10^23 floating-point operations or “training FLOP”; this is approximately the amount of FLOP required to train GPT-3. Note that this threshold would be updated over time in order to account for algorithmic improvements.) [Note from 1a3orn; this means updated downwards]</p>
<p><strong>Large parameter count</strong> (e.g., 80B parameters)</p>
<p><strong>Benchmark performance</strong> (e.g., > 70% performance on the Multi-task Language Understanding benchmark (MMLU))</p>
</blockquote>
<p>Systems meeting any of these requirements, according to the proposal, are subject to a number of requirements that would effectively ban open-sourcing them.</p>
<p>Llama 2 was trained with > 10^23 FLOPs, and thus would have been banned beneath this rule. Fine-tunes of Llama 2 also obtain <a href="https://www.reddit.com/r/LocalLLaMA/comments/159l9ll/llama270bguanacoqlora_becomes_the_first_model_on/">greater than 70%</a>on the MMLU and thus <em>also</em> would have been banned beneath this rule.</p>
<p>Note that -- despite how this would have prevented the release of Llama 2, and thus thousands of fine-tunes, and enormous quantities of <a href="https://www.beren.io/2023-11-05-Open-source-AI-has-been-vital-for-alignment/">safety research</a> -- the document boasts that its proposals "only regulate a small fraction of the overall AI development ecosystem."</p>
<h2><strong>2: Center for AI Policy</strong></h2>
<p>The Center for AI Policy -- different from the Center for AI Safety! -- is a DC-based lobbying organization. The announcement they <a href="https://www.lesswrong.com/posts/unwRBRQivd2LYRfuP/introducing-the-center-for-ai-policy-and-we-re-hiring">made</a> about their existence made some waves -- because the rules that they initially proposed would have required the <em>already-released</em> Llama-2 to be regulated by a new agency.</p>
<p>However, in a recent interview they <a href="https://www.thebayesianconspiracy.com/2023/12/202-the-center-for-ai-policy-talks-government-regulation/">say</a> that they're "trying to use the lightest touch we can -- we're trying to use a scalpel." Does this mean that they have changed their views?</p>
<p>Well, they haven't made any legislation they're proposing visible yet. But in the same interview they say that models trained with more than 3x10^24 FLOPs or getting > 85 on the MMLU would be in their "high risk" category, which according to the interview explicitly means they would be banned from being open sourced.</p>
<p>This would have outlawed the <a href="https://huggingface.co/blog/falcon-180b">Falcon 180b</a> by its FLOP measure, although -- to be fair -- the Falcon 180b was open-sourced by an organization in the United Arab Emirates, so it's not certain that it would matter.</p>
<p>As far as the MMLU measure, no open source model at this level has <em>yet</em> been released, but GPT-4 scores ~90% on the MMLU. Thus, this amounts to a law attempting to permanently crimp open source models beneath GPT-4 levels, an event I otherwise think is reasonably likely in 2024.</p>
<p>(I do not understand why AI safety orgs think that MMLU scores are a good way to measure danger.)</p>
<h2><strong>3: Palisade Research</strong></h2>
<p>This non-profit, headed by Jeffrey Ladish, has as its stated goal to "create concrete demonstrations of dangerous capabilities to advise policy makers and the public on AI risks." That is, they try to make LLMs do dangerous or scary things so politicians will do particular things for them.</p>
<p>Unsurprisingly, Ladish himself literally <a href="https://twitter.com/JeffLadish/status/1654319741501333504">called for government to stop the release of Llama 2, saying "we can prevent the release of a LLaMA 2! We need government action on this asap."</a></p>
<p>(He also said that he thought it would potentially cause millions of dollars of damage, and was <a href="https://twitter.com/JeffLadish/status/1666653302355009537">more likely</a> to cause <strong>more</strong> than a billion dollars of damage than to cause less than a million.)</p>
<h2><strong>4. The Future Society</strong></h2>
<p><a href="https://thefuturesociety.org/">The Future Society</a> is a think tank whose <a href="https://thefuturesociety.org/about-us/">goal</a> is to "align artificial intelligence through better governance." They boast 60 partners such as UNESCO and the Future of Life Institute, and claim to have spoke to over 8,000 "senior decision makers" and taught 4,000 students. They aim to provide guidance to both the EU and the US.</p>
<p>In one of their premier policy documents, <a href="https://thefuturesociety.org/wp-content/uploads/2023/09/heavy-is-the-head-that-wears-the-crown.pdf">"Heavy is the head that wears the crown"</a>, they define "Type 2" General Purpose AI (GPAI) as a kind trained with > 10^23 FLOPs (but less than 10^26) or scoring > 68% (but less than 88%) on the MMLU. Llama-2, again, falls into this category on both counts.</p>
<p>The document mandates that anyone creating a Type 2 GPAI must -- well, must do many things -- but must provide for "Absolute Trustworthiness," which seems to mean that the model must be incapable of doing anything bad whatsoever, and more to the point means that the provider of the model must be able to "retract already deployed models (roll-back & shutdowns)." Open source models would be unable to meet this requirement, obviously.</p>
<p>Similarly, they say that providers would be "required to <strong>continuously monitor the model’s capabilities and behaviour</strong>, detecting any anomalies and escalating cases of concern to relevant decision makers," which is again impossible to do with an open source model.</p>
<p>Note that in accord with their policy recommendations, this group specifically calls out Meta's actions, dubbing the open-sourcing of Llama a "particularly egregious case of misuse." They also seem to believe that Apache licensing is unacceptable, explicitly calling the "no guarantee of fitness of purpose" clause in such a license "abusive."</p>
<p>Don't worry, though! The Future Society says that they <a href="https://thefuturesociety.org/about-us/">believe</a> that "legitimate and sustainable governance requires bringing to the table many different perspectives."</p>
<p>(My guess is that this is one of the major teams responsible trying to get the EU's rules to ban open source AI, but the institutional process by which the EU works is completely opaque to me and so I am only left guessing.)</p>
<hr>
<p>Note that the above is just a partial list of organizations or people who have made their policies or goals extremely explicit.</p>
<p>There are other organizations or people out there whose policies are less legible, but ultimately are equally opposed to open sourcing. Consider, for instance, <a href="https://www.safer-ai.org/">SaferAI</a> , whose CEO says he's fine <a href="https://x.com/Simeon_Cps/status/1710062142559285560?s=20">"with developing and deploying open source up to somewhere around Llama-1"</a>; or the <a href="https://pauseai.info/proposal">PauseAI</a> people, who think we should need approvals for training runs <a href="https://pauseai.info/proposal">"above a certain size (e.g. 1 billion parameters)"</a> and who accused <a href="https://metaprotest.org/">Meta of reckless irresponsibility</a> for releasing Llama-2.</p>
<p>Or there is the extremely questionable <a href="https://www.stop.ai/proposals">StopAI</a> group advised by Conjecture, which wishes to eliminate not merely all open source but all AI trained with > 10^23 FLOPs.</p>
<p>Or there are surprisingly numerous people who want to completely change liability law, so that you cannot open-source a model without becoming liable for damage that it causes.</p>
<p>These and similar statements from them either outright imply or would be <em>hard to separate</em> from policies that would have effectively banned currently-extant open-source.</p>
<p>So, again -- it's <strong>just false</strong> to say that if AI safety groups haven't tried to ban models that already exist. They <em>already</em> would have banned models that are actively being used, if they had had their way in the past. They would have substantially contributed to a corporate monopoly on LLMs.</p>
<p>If you are like me, and think the proposed policies mentioned above are pretty bad -- the stupidity of a law in no way prevents it from being passed! The above groups have not dissolved in the last 6 months. They still hope to pass something like these measures. They are still operating on the same questionable epistemology.</p>
<p>The open-source AI movement is in general is <em>far behind</em> these groups and needs to get its legislative act together if the better organized "anti-open source" movement is not to obliterate it.</p>
<p>And I think it is better to call it the "anti-open source" movement than the AI safety movement.</p>
<p>The "environmentalist" movement helped get nuclear power plants effectively banned, thereby crippling a safe and low-carbon source of energy, causing immense harm to the environment and to humanity by doing so. They thought they were helping the environment. They were not.</p>
<p>I think that some sectors of the "AI safety" movement are likely on their way to doing a similar thing, by preventing human use of, and research into, an easily-steerable and deeply non-rebellious form of intelligence.</p>
GripNews
清华大学国际人工智能治理研究院
