The Silicon Shell Game
Fake labels, hair dryers, and a $2.5 billion scheme to smuggle AI chips into China. Why are export controls failing? And could private markets offer a solution?
In August 2025, a team of compliance professionals visited a seemingly unremarkable warehouse in Southeast Asia. Everything looked normal. There was row upon row of perfectly positioned boxes, each with a label indicating that they contained computer servers equipped with Nvidia’s B200 AI microchips.1 Chips so powerful that the U.S. has prohibited their export to China, a move designed to maintain America’s edge in the global race for technological supremacy.2
But it was all a ruse. According to a recent indictment by the Department of Justice, the boxes were filled with ‘dummy’ servers, masking that the underlying Nvidia B200 chips had been secretly rerouted to Chinese customers.3 Pulling off this trick was no small thing. It apparently involved 100 people, forklifts, catering, and regular shuttle services to the warehouse, not to mention blow dryers used to remove labels and reaffix fake alternatives with new serial numbers.4
This wasn’t just a rogue customer. Instead, the conspiracy was allegedly orchestrated by individuals associated with the manufacturer: Supermicro.5 Based in Silicon Valley, Supermicro is a leading producer of computer servers. The Nasdaq-listed company is not named as a defendant itself. Rather, the DOJ claims that certain staff — including Supermicro’s co-founder — used dummy servers to trick the manufacturer’s own internal audit team.6
This Substack would never endorse violating export controls. But you have to admire the audacity. It’s a decoy straight out of Ocean’s Eleven. Though Danny Ocean’s crew probably wouldn’t have been so careless as to text, “Bro I can’t reach [Individual-2]. I need 854 [fake] b200 labels cut out this month.”7 And there is something satisfying about its simplicity. Criminals are using the world’s most rudimentary technology — the lowly plastic red hair dryer — to smuggle the most advanced semiconductors ever created for artificial intelligence applications.
The implications are, however, serious. The indictment alleges that the defendants and their co-conspirators facilitated the sale of $2.5 billion worth of Nvidia-powered computer servers to the Southeast Asian front company, most of which were rerouted to China.8 It is the latest example of high-stakes chip smuggling, something we have discussed here before. And it demonstrates how the private sector conditions the effectiveness of economic statecraft. Sanctions, export controls, and other tools of economic warfare do not magically self-enforce. They must be carried out by private firms, most of whom have little interest in playing foot soldier.
That’s not to say the private sector can’t help. Because the root of these compliance failures is not about public versus private solutions, per se. It is, more precisely, about misaligned incentives. And in a fascinating new report published by the Institute for AI Policy and Strategy (IAPS), Onni Aarne and Erich Grunewald have outlined a potential market-based solution for fixing those incentives, one that revolves around a system of for-profit auditors deputized by the U.S. government. Could it work? And would it have prevented the Supermicro scheme?
The Detection Trilemma
This is a subject close to my heart. Regular readers will know that I recently published an article advocating for financial crime bounty hunters. And it speaks to a central set of questions that motivates my research. Before academia, I worked on financial crime prevention in the private sector. And once I had an opportunity to see the complex set of actors involved in surveillance, I was hooked.
The basic problem is that we often want to detect things. Things like smuggling, fraud, money laundering, pathogens, etc. But it isn’t immediately clear who should be doing the detecting. Should the state perform surveillance? Or should they outsource that task to other actors like private firms? The answer has enormous implications for how well we catch crime or enforce sanctions. Moreover, it determines who possesses the power of the panopticon.9 The organization of surveillance conditions, in other words, which actors — whether regulators, private firms, or international agencies — can strategically exploit their monitoring capabilities.
My current book project, preliminarily titled Surveillance Games, is all about trying to understand how political forces drive these variations. And while my proposal takes final shape, I’ve outlined one way of thinking about the underlying policy problem in a separate paper. I call it the Detection Trilemma:
Trilemmas are all about trade-offs. In a perfect world, we would want our detection systems to feature all three policy attributes in bold. Specifically, we would want the detection agents to possess the necessary data and positive incentives to identify suspicious activity. And, for privacy purposes, we would want a system that protects customers from direct state surveillance.10 But no existing detection system (italicized) can deliver all three elements simultaneously. Rather, each features the adjoining attributes in Figure 1 while lacking the one opposite.
Export controls fit most accurately in the gatekeeper surveillance category. The U.S. Bureau of Industry and Security (BIS) operates a licensing system for controlled goods that gives them some insight into where products are going. But it is ultimately up to private firms to ensure, through Know-Your-Customer (KYC) practices, that shipments are not being redirected to prohibited customers.11 Exporters like Supermicro are, in other words, private gatekeepers of controlled products.
The problem is that exporters like Supermicro are also private firms with an interest in making money. Relying on them to police their own customers delivers two desirable policy attributes: data access and privacy protection. But, crucially, it is a system that lacks positive incentives. Exporters face an obvious temptation to cut corners or look the other way to maximize profitability. The Supermicro case is an even more extreme scenario of an inside job. One where the co-founder of a Nasdaq-listed company (!) allegedly conspired with others to circumvent the rules.
My proposed solution to this trilemma is to create a new class of private firms called Licensed Detection Agents. These LDAs would be granted access to transactional data and compensated for reporting suspicious activity to regulators. LDAs could help spot smuggling through trade finance data. And, indeed, G7 countries have asked banks to be on the lookout for suspicious trade finance patterns.12 But the IAPS report focuses on a different stage of the smuggling supply chain. Their proposal is not so much to follow the money but, rather, follow the products.
Export Auditors
The Aarne-Grunewald system revolves around auditing. Importers of controlled goods would be required to hire “export auditors” approved by the BIS. Those independent firms would subsequently conduct random onsite inspections:
For example, when looking for AI chip diversion, an inspection could mean walking around the data center or warehouse where the AI chips are supposed to be, superficially checking that the number of servers in the racks (or boxes on warehouse shelves) matches the number of servers the owner is expected to have, and then randomly selecting a small number of these servers for closer inspection to check that the server is real, has the expected serial number, and that the AI chips are still in the server as expected.
Export auditors would, in other words, conduct the same type of checks undertaken by Supermicro’s internal compliance team. But unlike that internal team, they would have commercial incentives to perform effective audits.
The probability of those audits would be order-weighted. In other words, the bigger the purchase, the more likely it is to be subject to an onsite inspection. This creates an obvious workaround: structuring. Criminals could import chips and other controlled goods in multiple small batches to reduce the probability of inspections. The authors have thought about this. And they contend that the weighted system would still likely result in at least one of those structured orders being detected:
So how would this system fare against the constraints of the Detection Trilemma? It clearly features data access. Export auditors would have direct access to the relevant data, which in this case is the physically delivered products. The system also features privacy protection. It prevents the state from possessing what I term in my own paper “direct, unconditional access to customer data.” Instead, export auditors would act as a buffer between the state and private customers, only sharing the latter’s data with the former where appropriate.
Does it deliver positive incentives? This is trickier. The authors acknowledge that requiring importers to pay export auditors creates a conflict of interest, or what they call a “paying the referee problem.”13 It’s the same issue we see again and again in traditional auditing services. If one auditor gives you a hard time, you can simply find an alternative firm more willing to play ball.
This is where the LDA and Export Auditor systems diverge. My paper calls on the state to provide LDAs with a share of any penalties, recoveries, or disgorgements obtained as a result of their reporting. This is certainly not perfect, and my proposal features its own types of risks. But it does sidestep the “paying the referee problem.” Could export auditors benefit from a similar payment structure? I think so. Export auditors could, for example, be entitled to an uncapped percentage of any penalties obtained by the U.S. government as a result of their onsite inspections.
Regardless, export auditors are precisely the type of innovative thinking we need. As the world leans more heavily on economic statecraft, cracks in the enforcement layer are becoming painfully obvious. Private markets are the platform through which most international conflict now takes place. And, like all markets, we cannot naively assume they are passive vessels of state coercion. Private firms are living, breathing things with their own incentives. If those incentives are misaligned, policymakers may find themselves in a quagmire of non-compliance. One where all it takes is a plastic hair dryer and some superglue to forever alter the balance of power.
Per the Indictment. Everything in this post is based on allegations made by the U.S. Department of Justice. The individuals involved are innocent until proven guilty.
Per the Indictment.
Per the Indictment.
Note that the indictment does not explicitly refer to Supermicro, referring instead to an anonymized manufacturer. Substantial reporting corroborates that Supermicro is indeed the manufacturer referred to here, see US charges 3 tied to Super Micro Computer with helping smuggle billions of dollars of AI chips to China.
Allegedly.
Per the Indictment.
Per the Indictment, “The U.S. Manufacturer profited significantly from the sale of servers to CompanyI. Since in or about 2024, the defendants and their co-conspirators caused the sale of at least approximately $2.5 billion worth of the U.S. Manufacturer’s servers to Company-1 , the payments for which transited through financial institutions in the Southern District of New York. A substantial portion of that revenue came from the sale to Company-1 of the U.S. Manufacturer’s servers that were assembled in the United States and subsequently diverted to China. By way of example, as a result of the defendants’ scheme, between late April 2025 and mid-May 2025 alone, over approximately $510 million worth of the U.S. Manufacturer’ s servers assembled in the United States with Nvidia GPUs-and subject to U.S. export controls-were sold to Company-1 and then diverted to China.”
See Jeremy Bentham, Michel Foucault, and, more recently, the “panopticon effect” theorized by Henry Farrell and Abraham L. Newman in Weaponized Interdependence: How Global Economic Networks Shape State Coercion.
I have much more to say about this particular conception of privacy in the paper. I leave it out here to avoid getting sidetracked.
Aarne, Onni, and Erich Grunewald. "Export Auditors as Market-Powered Export Enforcement." Institute for AI Policy and Strategy. March 20, 2026. https://www.iaps.ai/research/export-auditors-as-market-powered-export-enforcement.
This is exactly the type of engagement we hoped to get when publishing the working paper, so thanks!
I basically agree with all of this. In particular, I agree that the most challenging bit is likely to ensure the auditors do a good job of auditing, i.e., that their incentives are properly aligned with the government's. I think the most important element here is having the government vet the auditors' plans, having the government periodically and randomly audit the auditors, and penalizing auditors who underperform. But there are definitely ways that this can be badly implemented.
> Export auditors could, for example, be entitled to an uncapped percentage of any penalties obtained by the U.S. government as a result of their onsite inspections.
Hmm, that's also an interesting idea. It might require changing the law, but I'm not sure about that. This is similar, by the way, to the Stop Stealing Our Chips Act: https://www.the-substrate.net/p/the-case-for-paying-whistleblowers