The Strait of Hormuz is closed, geopolitics is spiking everyone's cortisol, and Washington is once again reaching for its favorite blunt instrument: export controls. Lorenzo Franceschi-Bicchierai's TechCrunch piece traces thirty years of failed cyber export policy, from PGP to spyware to now Anthropic's Mythos AI model. The conclusion is identical each time. Restriction creates a market. The market fills itself.
The Deontic Governance Problem Nobody Is Solving
What's actually missing isn't a border crossing checkpoint for software. It's runtime governance inside the systems themselves. A 2026 paper in arXiv by Joshi, Finin, Joshi, and Kagal proposes deontic policy frameworks, essentially permission architectures baked into agentic AI at the logic layer, as a more credible path to controlling what autonomous systems actually do. The distinction matters enormously: controlling where software goes is a geography problem, and software has no geography. Controlling what it is allowed to do is a structural problem, and structural problems are at least solvable in theory.
Open Source as Permanent Counterargument
Jean-Baptiste Kempf, the French engineer who built VLC into the world's most-used free video player, is now applying the same philosophy to robot infrastructure with Kyber. His entire career is a lived counterargument to export control logic: open, distributed, borderless systems cannot be contained by national policy. The same dynamic that made VLC unkillable will make AI model restrictions equally porous. Policymakers keep designing for a world where software has a passport. It doesn't, and it never did. Brewster Kahle's argument for public AI runs parallel here: the solution to dangerous centralized AI is not export gates, but open, civically accountable infrastructure.