Nvidia has reiterated that its chips do not have back doors or kill switches, days after being summoned by Chinese authorities over alleged security issues.
“There are no back doors in Nvidia chips. No kill switches. No spyware,” the semiconductor design giant said in a lengthy blog post late on Aug. 5. “That’s not how trustworthy systems are built—and never will be.”
China’s cybersecurity regulator last week summoned Nvidia to explain alleged “security risks linked to back doors” in the company’s H20 graphic processing units (GPUs) sold in the country and asked it to submit supporting materials. Nvidia responded at that time by saying that its chips do not have any mechanism that would allow remote access or control.
In the Aug. 5 post, written by Nvidia Chief Security Officer David Reber Jr., the company once again defended the hardware integrity of its processors, emphasizing that including back doors or kill switches is fundamentally against the design principles it has been following for the past 30 years.
“There is no such thing as a ‘good’ secret backdoor—only dangerous vulnerabilities that need to be eliminated,” Reber wrote, adding that Nvidia chips are designed to leave no single-point vulnerability that can be exploited to shut down a system. “This is no time to depart from that winning formula.”
Nvidia announced in mid-July that it had been assured by the U.S. government that it would obtain the license needed to resume selling H20s to China. These chips are less powerful than the company’s flagship GPUs and were specifically developed to comply with U.S. export controls aimed at curbing the Chinese military’s artificial intelligence (AI) development and preserving U.S. leadership in this critical sector.
According to Nvidia, the company was ordered to halt H20 sales in April, when Washington and Beijing were engaging in an intense exchange of tariffs and trade restrictions. The two sides have since reached a preliminary agreement, allowing the United States to permit the resumption of Nvidia chip exports and China to restart rare-earth magnet shipments.
However, on July 31, the Cyberspace Administration of China summoned Nvidia to address security concerns. The agency did not cite any specific evidence of back doors in the H20 chips, but instead referred to recent U.S. legislative proposals calling for advanced chips to include location-tracking features that could help prevent smuggling.
One such bipartisan proposal, spearheaded by Sen. Tom Cotton (R-Ark.), would require high-performance AI chips subject to export controls to include a “location verification mechanism” in a bid to limit unauthorized usage by foreign adversaries such as the Chinese communist regime. An identical bill was introduced by Rep. Bill Huizenga (R-Mich.) in the lower chamber, also with bipartisan support.
Under the proposal, chips would need to incorporate a “software-, firmware-, or hardware-based mechanism” that allows the U.S. secretary of commerce to verify their physical location. Exporters would also be responsible for keeping track of their products.
In its Aug. 5 post, Nvidia did not directly mention those bills, but clarified that tracking where the chip is via software—especially when the user can turn off this feature—is different from hardwiring a kill switch into the chip.
“Optional software features, controlled by the user, are not hardware backdoors,” Reber wrote.
Still, Nvidia warned against any policy that could mandate the inclusion of kill switches, arguing that such measures would not only ruin the company’s credibility but also undermine the U.S. tech industry as a whole.
“It’s like buying a car where the dealership keeps a remote control for the parking brake—just in case they decide you shouldn’t be driving,” Reber wrote. “That’s not sound policy. It’s an overreaction that would irreparably harm America’s economic and national security interests.”
To illustrate his point, Reber cited the Clinton administration’s “Clipper Chip” initiative, a short-lived attempt by the National Security Agency in the 1990s to create a hardwire-based secure encryption system for telephones that could be decrypted by law enforcement with proper authorization.
The system relied on a microchip containing an 80-bit encryption key hardwired during fabrication, with a copy of the key held in escrow for government use. The program, lasting from 1993 to 1996, was called off amid public opposition and, more importantly, after experts exposed its inherent technical flaws.
“Governments have many tools to protect nations, consumers and the economy. Deliberately weakening critical infrastructure should never be one of them,” Reber stated.
Friends Read Free
Copy
Facebook
Tweet
