As the U.S. races toward global AI dominance, a new bill aimed at preventing diversion of innovative U.S. semiconductors to China could inadvertently make those very same chips less secure.

The Chip Security Act (S. 1705 | H.R. 3447) would require American-made advanced chips to come equipped with location-verification capabilities creating new cybersecurity vulnerabilities that could compromise the systems they power. This could have a cascading impact, threatening not only America’s national and economic security but also that of allied countries that rely on U.S. technology.

What is the Chip Security Act? 

Introduced by Sen. Tom Cotton (R-Ark.) and Rep. Bill Huizenga (R-Mich.), the bipartisan proposal is Congress’ latest effort to address concerns regarding China’s rapid AI development. The bill follows reports that Chinese firm Deepseek developed its R1 model using Nvidia semiconductors allegedly obtained in violation of U.S. export controls. It also comes as the Department of Commerce’s Bureau of Industry Security (BIS) announced the withdrawal of the Biden Administration’s controversial AI Diffusion Rule, which sought to strengthen export controls for both advanced semiconductors and AI model weights.

The legislation would require U.S. manufacturers to equip advanced semiconductors and systems -- i.e., ECCN 3A090, 3A001.z and 4A090, 4A003.z -- with “chip security mechanisms” that can track and verify the physical location of the chip anywhere in the world. Then, entities authorized to export, reexport, or in-country transfer these chips would be required to notify BIS if they obtain “credible information” that a chip is in an unauthorized location or has been tampered with to disable, spoof, or otherwise circumvent the security mechanism.

To complement these requirements, the bill would also direct the Department of Commerce – and the Department of Defense in the Senate version – to assess whether additional chip security mechanisms are needed. These would verify a chip’s workload or modify its functionality, either through performance degradation or a kill switch. 

“Chip Security Mechanism” Could Create New Cybersecurity Vulnerabilities

While it could create more visibility to the dangers of chip diversion, the chip security mechanism could be dangerous in practice. Since the same semiconductors would also be sold in the U.S. and allied countries, adversarial cyber threat actors that learn to exploit a vulnerability in the security mechanism could potentially access location data from chips used in our most sensitive government, military, business, and critical infrastructure systems. 

Even worse, the chip security mechanism could serve as the entry point for an attack that disrupts or disables those semiconductors entirely. Under section 4(b) of the Senate bill, the Departments of Commerce and Defense are required to examine the feasibility of “methods to modify the functionality of covered integrated circuit products that have been illicitly acquired.”

In effect, U.S. semiconductor manufacturers would install a kill switch on products they sell. If the chips were used for safety products, health care, or critical infrastructure, there could be a risk to human life if proper shutdown or failover capabilities are not present in the underlying systems.

It is very possible that U.S. policymakers could choose to require such kill switches given recent advocacy for the idea. A January 2024 report from Rand proposes installing “hardware-enabled governance mechanisms” (HEMs) on chips. According to their proposal, manufacturers could install an offline licensing HEM that limits the amount of processing a chip could perform on a particular license, requiring users to renew the license periodically.

Manufacturers could also install fixed-set HEMs, which would limit the amount or type of other chips with which a particular chip is able to communicate. Similarly, a January 2024 report from the Center for New American Security (CNAS) calls for the creation of “on-chip governance mechanisms,” which are similar to the HEMs proposed by RAND, but would also require users to report processing data to manufacturers.

These solutions, if implemented, could effectively create a backdoor that could be exploited by malicious actors. Those actors could render all U.S. manufactured semiconductors useless, but also shut down the broader systems. 

Moreover, assuming the legislation or export controls it references are periodically updated to reflect technological advancements, older chips could still retain the same vulnerabilities. This would increase the burden of cybersecurity teams at both U.S. manufacturers and U.S. and allied organizations, which already struggle to manage vulnerabilities in end-of-life products.

Historical precedent makes clear that policymakers should think twice before mandating intentional vulnerabilities in technology to support law enforcement. However well-intentioned, such measures expose systems to exploitation and put individuals at risk.

A notable example is the Clipper chip, developed by the National Security Agency (NSA) in 1993. Designed to encrypt voice and data communications, the Clipper chip included a built-in backdoor – known as the “Law Enforcement Access Field” – to allow government access. Despite repeated assurances that Clipper was secure, in 1994, a researcher at AT&T revealed a major design flaw that allowed unauthorized access through this very backdoor.

Ultimately, the Clipper chip was never widely adopted – only one commercial phone ever included it – and policymaker support within the Clinton Administration and Congress evaporated due to the potential dangers of deliberately weakening cybersecurity in pursuit of other objectives. The Center for Cybersecurity Policy & Law has long expressed our opposition to encryption backdoors, including most recently in our comments regarding the United Kingdom’s Investigatory Powers Act.

Location Verification for Chips Unreliable, Ineffective at Scale

Cybersecurity risks aside, there is no guarantee that the chip security mechanism would even achieve Congress’s intended goal. Adversaries using U.S. semiconductors could evade deception since geolocation technologies can be brittle and untested at scale. Asset-reported and topology-based geolocation methods can be easily spoofed, while delay-based techniques are complex and often unreliable for pinpointing precise locations. 

Even if BIS obtains accurate location data, it may not be able to meaningfully interpret it without additional context. Chips are typically embedded within devices, which are then installed in servers housed in multilayered and globally distributed environments. A chip located in a Singapore-based server could be part of a regional cloud infrastructure operated by Google or Microsoft, or it could be controlled by a Chinese shell company training an AI model. Unfortunately, the vast infrastructure and international coordination required to reliably implement Congress’ proposed framework simply does not exist. 

Requiring “Chip Security Mechanisms” Could Hinder U.S. AI Development

Finally, the bill risks slowing the U.S.’ progress on AI and giving adversaries an opportunity to close the gap. To implement chip security mechanisms, advanced semiconductors would require additional components, increased power consumption, and added processing overhead. While these changes might seem minor in isolation, even slightly degraded performance can have a significant impact at scale, slowing the development of frontier AI models. 

These performance trade-offs, combined with the cybersecurity, data sovereignty, national security, and privacy concerns raised by the chip security mechanism, could make U.S. chips less appealing on the global market. As a result, countries may begin turning to alternative suppliers, including Chinese firms. Over time, this could lead to a loss of market share for U.S. semiconductor manufacturers. Further, the bill requires U.S. manufacturers continuously monitor the location of their chips diverting critical resources away from research and development, the very work that ensures American semiconductors remain best in class. 

If Congress wants to win the race for global AI dominance and secure U.S. and allied IT infrastructure, it must keep cybersecurity front of mind. Any effort to restrict China’s access to advanced U.S. semiconductors should not come at the cost of creating new risks and vulnerabilities that those same adversaries could exploit. 

‍