BRSL Weekly Brief
Your weekly brief on current events from the Berkeley Risk and Security Lab.
BRSL Weekly Brief
Super Micro: the alleged chip smuggling scheme that violated export laws
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
This week on your BRSL Weekly Brief, Professor Andrew Reddie answers questions about Super Micro and the alleged scheme by three employees, including the company’s co-founder, to send NVIDIA microchips to China in violation of U.S. export laws.
Welcome to the Berkeley Risk and Security Lab's new podcast, The BRSL Weekly Brief where we bring you the latest information on current events from our lab experts. Today, we're talking about Super Micro and the alleged scheme by three employees, including the company's co founder, to send NVIDIA microchips to China in violation of U.S. export laws. I'm the lab's communications manager, Vivian Bossieux-Skinner, and I'm here with BRSL faculty director, Professor Andrew Reddie. So can you start by giving listeners some background on this?
Professor Andrew Reddie:Sure Vivian, hope you're doing well this morning. Yes, this is a really interesting story, and speaks to kind of one of the lab's equities on research security. But really what's happening here is three employees here in California have been accused of siphoning NVIDIA chips to China amidst the AI boom, where we're by. You know, a lot of Chinese firms on the back of us, export control rules can't get their hands on the kind of the latest and greatest chips that are coming from, from U.S. manufacturers. And I think what's interesting in this case is that you've got somebody so high up the company engaging in in this type of, effectively, semiconductor smuggling. And so, you know, it really does demonstrate the degree to which this potentially might pay in terms of being worth the risk of actually undertaking this operation.
Vivian Bossieux-Skinner:Yeah. I mean, how long had this been going on? And how long do we know about and how long do you expect that it had been going on?
Professor Andrew Reddie:Yeah. So the media reporting, which I think is based primarily on the indictment, suggests that had been going on since early 2024 and so I think one of the things that's kind of important to note is that the U.S. export control architecture looks very different today. And you know, in what, are we still in March, March of 2026, compared to when this type of behavior started? So the U.S. export control rules for the AI stack used to be incredibly strict. Really focused on making sure that the latest and greatest us technology didn't make its way to China amidst a fear about a return to great power, competition, etc. And so certainly, when this behavior began, or reportedly began, right, it would have been very lucrative, and perhaps lucrative Yeah, and you talked in ways that it no longer is just given. How the U.S. has put control, posture has shifted. And I'm sure we'll talk about that. Talk about that as well. Of course, just because that's what's included here doesn't necessarily mean that it wasn't going on before. Certainly going all the way back to the first Trump administration, you had this effort to throttle the supply of American chips, or chips from American manufacturers into China itself. And this doesn't actually only impact us firms. It also impacts multinationals as well as they're encouraged not to actually provide either the chips themselves or the ancillary technologies, so things like ASML photo lithography equipment to the Yeah, so I mean, like, as like, I mentioned, going all the way Chinese market. So, so, yeah, 2024, ish, but of course, we'll find out whether there's not some wiggle in that, in those numbers. back to the first Trump administration, and even before, I mean, I don't want to give you a history lesson on export control, going back to COCOM in the Cold War, but ultimately, there's various different efforts to attempt to control technology, either because you worry about kind of the competitive dynamic and the potential for another country to kind of leapfrog your own technology stack, or if you're worried about the kind of particular a particular type of technology, right? So we often have had controls around nuclear technology for obvious reasons. You don't want that technology spreading to places that you know we worry about non state actors, terrorist groups, etc. So that would be things like the Nuclear Suppliers Group and so right you we created to create these regimes to control technology, and like I mentioned in the first round of the Trump administration, we kind of had created a mechanism to start thinking about how to create industrial policy and export control to make sure that the U.S. was a leader in semiconductors moving forward and with kind of allies and partners. So Taiwan, with TSMC, South Korea with SK Hynix and others, right how you could make sure that the Chinese firms that kind of overtake the lead that it was happening in, The, you know, scare quotes, in the west, under the Biden administration, those became, you know, increase increasingly strict. So you had a series of executive orders and a diffusion rule that really tried to identify those particular chips that were deemed to be at the very cutting edge, primarily GPUs used inside of the AI stack from companies like NVIDIA, and that basically said, right? These particular types of chips say, h1, 100, h2, hundreds, they cannot be sold, sold to China. Now that doesn't necessarily mean that none of them made their way to China, and we, I'm sure we'll talk about right as for control evasion here, here in a little bit, but certainly that was the rule for companies like NVIDIA. You cannot sell particular types of chips to China. As I mentioned, the export control regime has shifted a little bit in the second Trump administration here, as effectively they've been relaxed. And so the theory of victory for the Trump administration or those inside of it appears to be that if you loosen the export control regime and you allow NVIDIA to sell their latest and greatest chipsets to China, you might get them beholden to your own technology stack and create effectively, a forever customer that's been ASML argument going back four or five years, as well. ASML had made the argument that actually one of the reasons that you might want to make sure to sell your goods to the Chinese is such that you actually understand where they are on the technology stack. Of course, on the flip side, if you're China, and you're looking at a party that has export control regimes that oscillate one way or the other, they are going to feel the need to prepare for that potential reality down the road. And so they're rapidly trying to seek indigenization of that capability on their own part too. And so actually, one of the interesting things that happened with the relaxation of the Export Control rule around h2 hundreds is that you'd expect NVIDIA to get a really significant order book. To some extent they did. But then the Chinese government said to their companies in China, hey, actually, we would much rather that you buy from from Chinese companies rather than from a U.S. firm, regardless of how much better that they actually might perform. And so those are kind of like the ins and outs, or the ways, if you will, of kind of the export control regime. And I have to say that even inside of the Biden administration, it wasn't as if you had policymakers thinking that you were creating an impermeable barrier to the Chinese getting their hands on the latest and greatest chips, it was just about making it difficult to do so and increasing the resource spend to get your hands on them.
Vivian Bossieux-Skinner:Yeah, how do you think that U.S. export controls will change now? Or what effect will this have on export controls?
Professor Andrew Reddie:Yeah, I mean, I think that, you know, not in terms of either either hardening them once again, ultimately, they're not going to impact Chinese behavior in any significant way. From my perspective, I think at this point, you've got Chinese firms that are seeking to lead in the sector, and a Chinese government that's interested in them leading in the sector in perpetuity. And so even if you were to, you know, flood the market with the latest and greatest from NVIDIA, AMD, or other chip manufacturers, it's not necessarily going to arrest this movement in China to indigenize the technology in the same way that they've indigenized all sorts of other technologies. Look at electric vehicles, battery technology, etc. That said, if the Democrats were to come back into office during the next election cycle, I can see in or I can see, you know, arguments for another round of export controls in terms of what their real impact would be. You know, it's an open question, and I know at some point we're going to want to talk about the evasion of export control rules. But you know, semiconductors not necessarily the easiest thing to control. They're very different than nuclear technology or even missile technology. So the MTCR, Missile Technology Control Regime. You know, those are potentially technologies that are much easier to kind of wrap your hands around and say, Okay, I can actually detect where these are moving. But semiconductors are much, much more difficult to actually control.
Vivian Bossieux-Skinner:Why is that? Is that just because of the nature of them, or..?
Professor Andrew Reddie:Yeah, I mean, so the good news, they're not software. So software is almost impossible to create a control regime around, but they're relatively small and they are easy to package in a variety of different ways. In fact, there's been past cases of semi. After smuggling, where people were using hair dryers to remove serial numbers and stickers from one batch of products and move them onto another one. And really, there's no way to kind of tell right the the relative advancedness right of a particular chip set when it's in transit. And so it's not, it's not a simple thing to kind of to control from that perspective. The other side of it is that you've got legitimate consumers relatively close to the Chinese market, where you also have a large number of Chinese nationals and entities that are quite happy to move things across borders for you. So there's been past examples of nuclear smuggling in Malaysia, in Singapore, in Indonesia, and so that's where you know, in the case of Singapore, you've got a country that works very closely with the U.S. government, particularly on defense issues, but you also have a large number of Chinese nationals and Chinese firms that were absconding From Hong Kong that have now set up offices in Singapore and then subsequently engage in transshipment. It also is worth pointing out that even even amongst those companies that might be beholden to us, export control regimes, so companies like SK Hynix in South Korea and TSMC in Taiwan, they want to sell to the Chinese market, and actually even Nvidia, right here in the U.S., like they are one of the they have been lobbying for access, and be making the argument that ultimately the Trump administration has come around to which is that actually you want to allow, you know, relatively unfettered access for Our products on the Chinese market such that we benefit from being able to sell to it. You know, in terms of, like the great power competition piece, like I said, you know, I think at this point it's fairly baked. You know, the Chinese are not necessarily going to believe that the relaxation of U.S. export control rules are forever, and subsequently, would be silly not to be indigenizing capability at the same time. Of course, at the margin, you know, you can, you can get your hands on us advanced chips, and that's all to the good, but, but, yeah, it's kind of a relatively well worn path of technology development, if you will, in China.
Vivian Bossieux-Skinner:So it sounds like this has happened before, with Super Micro in 2006 and it seems like you're saying that it's really difficult to track kind of how this happens and prevent it from happening again. Do you see that this happening again, and is there a way to fix that? Is a way to regulate around it, or make controls more difficult to bypass?
Professor Andrew Reddie:Yeah, it's a good question. I mean, ultimately, crime pays, right? And so you're always going to get, like, a demand, right, particularly early here, where, you know, in 2024 these were, by far and away, right, the best chips on the market. And so, right? You're going to be rewarded for this type of bad behavior in a significant way in the black market. And so there's always going to be, like, this kind of this kind of pull factor, if you will, that drives it in terms of what can be done. Again, there's two ways to kind of attack it. One is the government entities that are set up to actually enforce the rule. I mean, rules are worth nothing on paper, right? They're worth something insofar as you enforce them. And so for us, for control rules, this would be BIS instead of the Department of Commerce. And so that's where you would look to staff and increase the number of resources for individuals actually engage in this work. Arguably, you'd actually want this work to be, you know, you know, unfortunately for that department, it has to happen outside of Washington. And so outside of Washington. And so you actually are required to have officers in places like you're in the Bay Area, right? Places like Tucson, Arizona, where TSMC have their plant, other technology hubs like Austin, Texas, et cetera, and so, right? That's kind of one piece of it. The other piece of it is having private sector actors appreciate the risks. So that's some of the work that we do here at the lab, right? So, you know, we've had other examples of recent cases of research in security. So we had the ding case out of Google, where Google's designs for their data centers was pilfered by an employee and pilfered in two directions, in one direction, to a company that this individual has set up in China to effectively copy Google's data center design and then also was provided to the Chinese government, presumably for them to kind of use the design to subsequently build their own, their own examples on Top of and so, you know, I think companies becoming wise and creating policy to try to address research security concerns is something that you know, hopefully they get better at, such that the bad examples you know become increasingly rare, but ultimately, like I said, you're always going to have that demand side. And so it's not as if any particular policy or resource investment is going to make the problem go away entirely, because really, what you're doing is you're creating kind of an artificial, artificial pricing mechanism that makes the actual good far more expensive than it would otherwise be. And so, you know, there's things that we can do on the margin, but there's things that, like I said, you've got other classes of technology where we, you know, we spend, we spend a lot of money making sure that, like the nuclear material, nuclear technology, doesn't travel across borders inappropriately. And so there's also a variety of different regimes. I think one of the things that's been interesting about semiconductors and kind of the new forms of export control is it really does expand the aperture of the types of technology that we used to kind of attempt to control, particularly in this kind of dual use space, where you've got kind of defense and civilian applications of the technology. Previously, it was primarily focused on military tech itself, like like the CO comma example that I gave earlier, which was really focused on, kind of, the Western technology stack, and making sure that none of it made its way into the Soviet Union that then subsequently, you know, became Nuclear Suppliers Group. We got the Australia group focused on chem, bio. And, you know, the an example of the kind of the difficult export control regime is things like the Wassenaar Arrangement, where you've actually got all of these dual use, starting to think about software technology like that's, that's kind of the hard, the hard piece, if you will.
Vivian Bossieux-Skinner:Yeah. So you were touching on this a little bit, but what are the major security risks of something like this? And what does that look like, kind of on a government level and then on a society level?
Professor Andrew Reddie:Yeah, so, I mean, so in this, in this case in particular, is about the provision of advanced AI chips right into the Chinese market at a scale that matters and so that will have downstream consequences for the quality and type of AI model is generated by Chinese firms, particularly those that have closer ties with the government. All else equals. So your 10 cents and Alibabas rather than your deep seeks that are still, you know, relatively separate from from the government in China. Indeed, the relationships between the state and the firms in China is a little bit more heterogeneous than some might might think here, here in the U.S. And so that's the that's the consequence, right? Like in a place where, you know, here in the U.S., we've got anthropic, open, AI, Microsoft, Google, meta, right, all competing to build, right, the latest and greatest model that's going to be used for the widest variety of use cases. That's the type of technology that's enabled by by these chips. And so there's that piece of it. There's also the piece of just the fact that, you know, you've got relative scarcity of these high end chips in general. You know, manufacturing hasn't caught up to demand. And so, you know, you also have to think about like the distributional effects of particular types of actors having their hands on these while others do not. So for example, in university settings, for example, we don't have our hands on right, many of the latest and greatest chips, just by virtue of their cost. And so there is, there are those distributional effects as well. So that's kind of what you worry about in this context. And then, and then, the other piece of it is that, right? Once you get your hands on these chips, you worry about reverse engineering, etc. Some of that is discounted a little bit by them not having access to some of the types of lithography equipment that I mentioned earlier, that comes from places like ASML. So even if you were to entirely be able to rip apart the technology, it's not as if you could create your own version. That said at the margin is probably helpful, right, to see the type of architectures that are being used by the likes of NVIDIA as you try to indigenize the capability of your of your own.
Vivian Bossieux-Skinner:Yeah, that all sounds... definitely does sound a little scary.
Professor Andrew Reddie:It's the world, the world we live in!
Vivian Bossieux-Skinner:Yeah. Is there anything else that you wanted to mention on this?
Professor Andrew Reddie:No, I think the one thing that I don't note is that, you know, there's been a significant uptick in research and engagement on research security issues that has been quite staggering over the last kind of 10 years or so. And I think that one of the major challenges that we have sitting here in a university setting is, of course, that, you know, universities and broader basic science developments happen on the basis of open source, right? So I build a model, and then that colleague, right comes along and says, you know, Andrew, You're a dummy. You should have done it this way, right? And improves on the method or the tool that I deployed. That's how science progresses and but on the flip side, right, if you want those advances to stay in situ or in country, you're going to have to put a control on it. And those two goals are in opposition with each other. And so. Figuring out how to kind of create the Goldilocks condition for research security at the margin is a really, really hard policy challenge, and one that we probably don't spend enough time talking about. So that's probably like the thesis that I would leave you with is like, this is a really important area that generally doesn't get a lot of attention. Stories like this bring it to the public consciousness. And so that's why, right when you said, hey, I want to talk about this, I said, Great, let's talk about it, because it's not something that we get to speak about terribly often.
Vivian Bossieux-Skinner:Yeah, I feel like I learned a lot in this conversation. So thank you for kind of shedding light on all these, these aspects of this that I feel like has been in the news a lot, but kind of is just the similar sort of stories about it, so I'm glad we got to chat about this today.
Professor Andrew Reddie:Cool. Cheers Vivian.
Vivian Bossieux-Skinner:Thanks for listening and see you all next week.