16 April 2020

The US Is Waging War on Digital Trade Barriers


AS DIGITAL TRADE barriers rise throughout the world, so do swings at knocking them down. In the past two months, the US Trade Representative released two reports on China and Russia’s World Trade Organization compliance. Just last week, the European Union opened its landmark General Data Protection Regulation to public comments, many of which will surely attack perceived trade barriers.

“Barriers to digital trade,” reads a recent USTR fact sheet, “threaten the ability of all firms—including small businesses—to benefit from the advantages of the digital economy.” Everything from source code inspections to data localization can fall into this bucket.

Justin Sherman (@jshermcyber) is an op-ed contributor at WIRED and a fellow at the Atlantic Council’s Cyber Statecraft Initiative.

But as Washington maintains its distaste for digital trade barriers abroad, it must also recognize other states’ unrelenting conviction in “cyber sovereignty”—and grapple with certain data-protection measures increasingly cropping up in democracies.


The USTR report on Russia locks onto the Trump administration’s issues with current Moscow trade practices, many of them digital. “Russia maintains a cumbersome and opaque import licensing regime on products with cryptographic capabilities,” one complaint reads. “It has begun to introduce a ‘track and trace’ regime that will require an encrypted label on every product.”

Other issues raised range from inadequacy of Russian patent protections to the mandated installation of Russian software on certain smartphones, computers, and other consumer electronics (a law adopted last winter). The US is right to call these out; Vladimir Putin and his Kremlin circles are putting more work into stifling the influence of foreign technology within Russian borders. Paranoia drives much of this thinking.

Yet that’s precisely why US diplomats and trade officials should expect continued roadblocks—for Moscow’s conviction in expanding “cyber sovereignty” and raising digital barriers is unlikely to let up anytime soon. Russian courts continue to fine American social media companies for not storing their data locally, for example, and the fines keep increasing even though many firms have kept complaining and continued to ignore the rules. Engagement on modifying digital trade barriers, therefore, will be beyond challenging, if not impossible.

The 192-page report on China, over three times longer than the jeremiad on Russia, notes that the People’s Republic “has continued to embrace a state-led, mercantilist approach to the economy and trade, despite WTO members’ expectations.” The report’s litany of trade impediments includes state industrial policy, source code inspections, and inadequate intellectual property protections. The report’s stance certainly reflects Beijing’s increasing digital protectionism—but also the Trump administration’s increasingly hard (and frequently zero-sum) line on China.

Many of the digital complaints center on the WTO’s General Agreement on Trade in Services, or GATS. For years now, countries have argued on whether policies like data localization requirements, privacy rules, and source code inspections (as Beijing implements) violate GATS, which require WTO members to, well, limit limitations that affect trade and investment in services. The US is not alone here; Japan, for example, has criticized China’s limits on data flows under GATS obligations.

The US Trade Representative’s document on China takes a similar stance. Going forward, though, rapidly deteriorating US-China relations (especially disastrous amidst the Covid-19 pandemic) will prove a barricade for the Trump administration to push its digital trade agenda. Beijing’s conviction in “cyber sovereignty” will similarly be part of that challenge, as the government continues to spread and deepen state control of cyberspace within the country.

While not designated its own report, a third country has been a frequent pit-stop in America's anti-digital trade barrier tour: India. Lately, the US has zeroed in on the subcontinent's questionable data localization policies.

Data localization requirements already on the books—like mandated local storage of Indian citizen payment data—had previously received blowback from industries uninterested in the compliance costs. Mastercard, American Express, Visa, and other companies, for instance, campaigned against the Reserve Bank of India’s requirement. It was, though, to no avail.

This ramped up in the past year when India put forward a personal data protection bill, whose initial version contained several requirements for local storage of data on Indian citizens. Lobbying from not just US industry but also the US government quickly ensued.

In September 2018, the US Ambassador to India spoke in Mumbai about how countries looking to promote technological innovation should “avoid overreaching on policies such as data localization.” At last year’s G20 in Osaka, Japan, President Trump said that “the United States opposes data localization and policies, which have been used to restrict digital trade flows and violate privacy and intellectual property protections.” Secretary of the Treasury Steve Mnuchin, despite some clear wishes in India for data localization requirements, commented after a November meeting with India’s finance minister that “both sides look forward to the ongoing discussion on issues related to data localization.”

Likely in reaction to both government- and industry-led pushback, the Indian parliament relaxed some of these requirements in the bill’s latest draft. For instance, some data would now only have to be mirrored—aka, have a copy stored locally—with restrictions no longer placed on sending other copies out-of-country. So, in this way, the US had some success.

Yet Indian diplomats have recently come back at Washington, according to an American official, pointing fingers at bills such as a US data localization proposal by Senator Josh Hawley, asking how Americans deride Indian data localization rules as protectionist and barrier-raising while simultaneously proposing their own.

It’s not just whataboutism—though holding one representative’s bill as US government policy is a stretch.

More democracies are shifting and reconsidering their stances around “cyber sovereignty,” questioning if even democratic governments can’t exert more control over the internet in their borders. Not only are these countries looking for better ways to mitigate online harm, but they’re also worried about data security. Hence what is certainly a perception in some other countries of contradictory US messaging.

Several countries, not just Russia and China but also the US, are also clamping down on foreign investments in the technology sector—everything from semiconductors to machine learning applications. Much of the scrutiny and investment-blocking focuses on the protection of citizen and consumer data as well.

All the while, several other nations not mentioned above push forward with digital trade barriers also concerning to American trade officials: data localization requirements in Indonesia, Nigeria, and Kenya; restrictions on internet advertising in Vietnam; limits on cross-border data flows in South Korea.

The US and other democratic states don’t engage in many of the Chinese or Russian activities that so worry policymakers in Washington, like intellectual property theft. Clearly, these behaviors directly contradict what many countries deem to be fair trade practices. But some issues, like data localization mandates and data security regulations, are bound to receive more domestic focus from the US and its democratic allies and partners. How American policymakers reconcile these facts when addressing perceived digital trade barriers elsewhere—all the while combatting false equivalencies—is crucial for digital diplomacy and trade going forward.

No comments: