Last week, the U.S. Chamber of Commerce released a report entitled, Preventing Deglobalization: An Economic and Security Argument for Free Trade and Investment in ICT. Given the Brexit vote earlier this year, the G-20 Summit earlier this week, and both major U.S. Presidential candidates’ vocal disapproval of trade deals, this report comes at an excellent time to counteract the public’s declining faith in globalization.
Concerns stemming from the results of a globalized ICT economy are not unjustified. Some countries have adopted protectionist policies in an attempt to foster their own competitive economies in the global marketplace, and others have done it with national security in mind to ensure that globalized products do not contain malware inserted by a foreign country or company to conduct cyber theft or espionage. These are both fair reasons for wanting to adjust policy to remedy these concerns. However, as the Chamber’s report mentions, the measures these countries are taking are often antiquated and do not account for the needs or realities of the current digital marketplace. As countries adopt more protectionist policies, their own economies and the global ICT economy will certainly feel dramatically negative effects.
Exacerbated by the Snowden Revelations regarding foreign and domestic surveillance, the adoption of product bans and localization requirements, which the Chamber refers to as “20th Century policy tools to respond to rapidly evolving 21st Century problems,” has increased by both U.S. allies and adversaries. Often times, these countries use the rationale that these measures are to protect their own national security so that unfriendly actors (foreign countries or companies) cannot spy on them or steal their information. Ironically, many of these policies grant states greater access and control over the information of their own citizenries and anyone else who may reside in that particular country.
Take China for example. China has drafted and enacted a number of cybersecurity, secure & controllable, counterterrorism, and other policies on the ICT sector with the goal of enhancing national security. But in fact these policies promote indigenous innovation. These policies have been met with dissatisfaction by many companies and governments as such measures grant the Chinese government greater access to their sensitive information and intellectual property and tighter control over the internet and data flows. These measures are not only costly, but also insecure as they lead to the potential for products to be reverse engineered and sold and to the misuse of sensitive information which could include financial data.
In today’s global threat environment, other countries, including the U.S., are enacting more of these restrictive measures upon the ICT industry. Compliance with such policies often comes at a significant cost for both companies and state economies. Using the example of China again, the Chamber’s modeling estimates that if China removes foreign ICT product and service providers from the market, its GDP would be roughly $3 trillion less by the year 2025 than it would be with more open policies. While the Chamber’s report asserts that countries may indeed be invoking national security as an excuse to give their own companies a competitive edge in the global marketplace, it is a wonder that these measures are even considered given these significant negative economic effects. Furthermore, the measures are counterproductive because lower GDP will also equate to having to spend less on national security infrastructure than a country would otherwise desire.
The question remains: what, then, can be done to alleviate these concerns? The Chamber provides seven practical policy guidelines for states seeking to balance their economic needs and national security concerns. These guidelines are as follows:
1) Security measures should be developed in a fully transparent manner and in partnership with the private sector.
2) The governmental authority promulgating the security measure should demonstrate that it is not more trade-restrictive than necessary to fulfill any legitimate security objective(s).
3) The security measure should be consistent with the global trade requirements enshrined in the WTO agreements, including most-favored nation and national treatment principles.
4) The security measure should be fully consistent with existing globally recognized, voluntary consensus security standards, best practices, assurance programs, and conformity assessment schemes.
5) Security requirements should be technology-neutral.
6) Security requirements should not require forced technology transfer of IP such as source code.
7) Any prescriptive security requirements should be limited to those areas of the economy that are highly sensitive, such as government intelligence and military networks.
These principles are fairly balanced and take into consideration national security needs while not being unnecessarily trade restrictive. Governments around the world should take these principles into consideration when continuing to formulate security policy.