There's no effective way of enforcing export controls on local software like PGP etc. Whatever they say someone will leak it.
It is possible to shutdown access to hosted services, as happened with Fable, but it can't really be done selectively. The US government wanted to allow it for US nationals only but Anthropic couldn't do that and so shut it down for everyone. Even if they did tie Claude accounts to nationality some people would set up "proxy servers" to allow access (either for montetary gain or because they don't agree with the restrictions)
They can restrict it to US citizens only: just do KYC and enforce it. Any citizen exporting ITAR capabilities would be committing a felony.
I think it is inevitable that more capable models will require export controls, KYC, background checks, verification of credentials, etc. Even if you don’t buy Anthropic’s marketing of their current models, there is a future where models are capable of developing chemical weapons, biological weapons, cyber weapons, etc. which are genuine security threats governments will care about controlling and preventing. Maybe this prevents big commercial labs from developing more capable models until they figure out appropriate safeguards, but this is a good thing, a world where you can ask an LLM for an airborne rabies genome and it will simply produce it for you is not a world we should want to live in.
If a model is really capable of that type of stuff (creating biological weapons etc) the problem isn't solved by export controls - I'm sure there are plenty of home grown US terrorist organisations that would like that capablility and wouldn't be subject to such controls.
Yes governments can, and probably should, restrict some things completely to all those outside of official government institutions but once something is public in one country it is effectively, even if not legally, public in all countries.
But for "physical" things like biological, chemical or nuclear weapons the know how / information part, that AI can "help" with is far from the complete picture. Articles have already been published on how to make a nuclear bomb. The knowledge isn't really the blocker that's more access to the required materiels and equipment. However in the cyber space then yes AI could indeed give the "bad guys" much more capability.
Identity theft is a thing. And if you gate a desirable commodity behind an identity it will become even more of a thing. There are 100's of millions of identities to steal.
You could quite effectively set up access to Fable with know-your-customer, attested clients/workstations, and then inspection of what the session is actually used for to detect out-of-country use. It's not impossible.
If they had said only governemnt and a few other approved institutions can use it then yes that could work.
But they didn't say that. They said "only US citizens". Once something is available to hundreds of millions of people there will be leaks like it or not. Some accidental and some voluntary.
And even if it could be done it wouldn't solve the purported security issue anyway. Does anyone believe there are no criminals or terrorists with US nationality?
Yes, and that will be the future.
Except for xAI/Grok. Government officials in charge have deep connections there and will never apply such rules to them.