We already ran this experiment. It was called the Crypto Wars.

In the 1990s, the U.S. government classified strong encryption as a munition. Not metaphorically, literally, on the same export control list as fighter jets and missiles. If you wanted to ship software with real cryptography overseas, you needed an arms export license.

It got absurd fast. Activists printed the RSA algorithm, a few lines of code, on T-shirts. Wearing that shirt through an airport was, technically, exporting a weapon. Phil Zimmermann, who wrote PGP, spent three years under criminal investigation because his email encryption software leaked onto the global internet.

The government’s logic was reasonable on paper: strong crypto in the wrong hands helps criminals, terrorists, and hostile states. So lock it down.

The security community’s response was blunt: you’re not locking anything down. The math is public. Any determined adversary builds or buys strong crypto anyway. All you’re actually doing is handicapping your own companies and handing foreign competitors a head start. The only people who obey the rule are the people who least need to be stopped.

The security community was right. The controls collapsed. Strong encryption became the default. It’s the reason you can bank, shop, and message on the internet today. We don’t argue about this anymore. Openness won so completely that the whole fight is now a footnote.

Netscape Navigator 1.1 Macintosh install disk

I bring it up because we just watched the trailer for the sequel.

Last month, the Commerce Department put export controls on Anthropic’s Fable 5 and Mythos 5, its most capable models, citing national security. Access was cut for every foreign national on the planet, including Anthropic’s own non-citizen employees. Three weeks later, after the entirely predictable outcry that this mostly gifted time to Chinese open-source labs racing to catch up, the controls were lifted. Fable is back for everyone. Mythos is back for roughly a hundred vetted U.S. organizations.

Same movie. Same argument. “This capability is too dangerous to be widely available” runs straight into “the capability diffuses anyway, and your restriction binds the law-abiding first.”

Now, I’ll be honest about where the analogy strains, because I hate posts that won’t. A model isn’t public math. It’s a served product with a real chokepoint, so a restriction is genuinely more enforceable than it ever was for crypto. And a jailbroken frontier model handing an attacker real new capability isn’t a fantasy. That concern is not nothing.

But here’s the part I keep landing on: The attackers were never going to be the ones filing for the export license.

Restrictions like these fall hardest on the defenders working in the open: the security teams, the researchers, the startups publishing what they find. The adversaries route around. They always have.

We ran this experiment thirty years ago. We know how it ends. The only open question is how much time we burn re-learning it.

Images sourced from Wikimedia Commons and vendored locally for this post.