For eighty years, export control was a checkpoint problem. You drew a line on a map, you decided what could cross it, and you inspected the things that tried. The control lived at the border. Once a controlled item cleared customs, it was gone — into a warehouse, a lab, a country you no longer had eyes in. Enforcement was a story about the moment of crossing.
The Chip Security Act ends that story. And almost nobody is describing the thing it actually does.
What the bill requires
H.R. 3447 — sponsored by Reps. Bill Huizenga (R-MI) and Bill Foster (D-IL), with a Senate companion (S. 1705) led by Sen. Tom Cotton — cleared the House Foreign Affairs Committee on March 26. The trigger is concrete: after the Select Committee on the CCP concluded that DeepSeek had trained a frontier model on Nvidia Blackwell chips that were never supposed to reach China, "smuggling" stopped being a hypothetical line item and became a number with a model attached to it.
The fix sounds modest. Within 180 days of enactment, the Secretary of Commerce must require that any covered chip carry a "chip security mechanism" implementing location verification before it can be exported. Implemented in software, firmware, or hardware — the vendor's choice. The chip, periodically, confirms where it physically sits.
Read that again, because the modesty is the trick.
The control no longer lives at the border. It lives in the device, for the life of the device, wherever the device goes.
The pretext and the architecture
A location-verification chip is not a smarter customs stamp. It is a permanent, addressable channel between a piece of silicon in someone else's building and an authority that wants to know things about it. Today the thing it wants to know is "are you in an approved country." That is the use. The architecture is general.
This is the distinction the debate keeps collapsing. The bill's defenders — the CAIS Action Fund among them — correctly note that the text explicitly forbids "any chip security mechanism that may hinder the capability or functionality" of the chip: no kill switch, no geofencing, no backdoor. That's real, and it matters. But a prohibition in statute governs use, not capability. Once every advanced chip ships with a hardware path that lets an external party query its state on a schedule, the distance between "verify location" and "modify functionality" is a future Commerce memo and a firmware push — not a new fab, not a new chip, not an act of Congress. The ban on kill switches exists precisely because everyone in the room can see that the mechanism is one.
The Center for Cybersecurity Policy made the unglamorous version of this point: a verification channel is an attack surface. The same path that lets Washington confirm a chip's location lets an adversary who compromises it read the location — and the floor plan — of "our most sensitive government, military, business, and critical infrastructure systems." We have run this experiment. In 1993 the government mandated the Clipper chip, an encryption part with a built-in law-enforcement key. By 1994 a researcher had shown the key escrow could be defeated. The lesson was not that the goal was bad. It was that you cannot build a door that only the good guys walk through.
And it probably doesn't even work
Here is the part that should bother hawks and skeptics equally. The geolocation methods on the table are weak. Ping-based location verification — timing how long a signal takes to bounce — resolves to something like a fifty-mile radius and assumes the chip is reporting honestly. Asset-reported and topology-based methods can be spoofed. A smuggling operation with the resources to move restricted Blackwell silicon across a border is, definitionally, a smuggling operation with the resources to spoof a ping.
So the bill plausibly stops the casual diverter and fails against exactly the state-backed adversary it was written for — while installing a standing remote-attestation channel in every data center that buys American. That is the worst trade in security: a control that doesn't bind the threat it names but does create a liability for everyone who complies.
None of this means do nothing. DeepSeek-on-Blackwell is a real intelligence failure and Congress is right to be furious about it. But "track every chip forever" is being sold as a logistics upgrade when it is a constitutional change in what a sold chip is. We are deciding, quietly, inside a committee markup, that an advanced processor never fully leaves the seller's reach — that ownership now comes with a permanent tether home.
That is a defensible policy. It might even be the right one. But it deserves to be argued as what it is, not waved through as a serial number that happens to phone home. The border didn't get smarter. It moved inside the package, and it isn't coming back out.
