On the Biden first full day of administration, three Chinese state-owned telecommunications companies asked to be listed on the New York Stock Exchange. The companies had been the subject of controversy after a last-minute executive order from the Trump administration removed their; yet each has also been the matter of meticulous examination from the US government for reasons of national security.
These companies – embroiled in both trade and national security issues, especially given Trump’s penchant for acting on the former under cover of the latter – tell a much bigger story. The drafting questions of internet regulation, at a time when commerce and security are increasingly entangled in the digital sphere, are hardly confined to Washington. Many governments around the world are grappling with internet regulation, both trying to understand the relationship between commerce and online security and often confusing digital commerce and security concerns in the process. Threading these needles into regulation will be a defining technology policy challenge in the decades to come.
While trade and security issues could ever be clearly separated, this is an increasingly difficult, if not downright impossible, proposition vis-à-vis the Internet. The same communications infrastructure that supports global commerce and scientific research is one through which governments communicate electronically with spies and over which malicious actors can peddle disinformation. Military secrets and corporate documents flow through the same networks day after day: a TikTok video uploaded one second, immediately followed by a request from an energy company on a cloud server. Moreover, much of this hardware and software is built and operated by the private sector, and yet it is the (mostly democratic) governments that are typically left cleaning up the mess of corporate profit seeking. sector.
Governments in Washington, Berlin, Canberra and elsewhere have long criticized the Chinese government for imposing trade barriers on foreign companies. A 1997 US trade report, for example, city Beijing’s “local content requirements, technology transfers, investment needs, [and] counter-trade or other concessions ”targeting only companies incorporated outside China. Today, national security is frequently cited by many authoritarian governments as a reason to crack down on the digital sphere (think of the term “cyber-sovereignty”), but democracies are also more grappling with the relationship between commerce. digital and security. Where the internet presents new challenges in drawing lines between commerce and security, nations are forced to grapple with assessing the complex effects that regulation will have on both.
Take for example the increasingly common data localization requirements – the required storage of data in a given geographic area. Russia instituted such requirements in 2015, forcing companies to store data on Russian citizens in Russia. Chinese Personal Information Protection Bill prioritize localization of data. The Vietnamese Cyber Security Law of 2019 (which follows in the footsteps of Beijing) only reinforced local laws for storing data on books. Brazil is weighing a 2020 bill that would integrate data localization rules into its general data protection law. Indonesia, Nigeria, Kenya: The list of countries exploring or applying these measures is long.
Trade and security motivate these demands. Data localization proposals in India’s draft privacy framework aim in part to push back the hegemony of Silicon Valley. When Indonesia relaxed its requirements in 2019, it exempted public entities operating in banking and financial services. The limits of cross-border data flow in China are bound with considerations of foreign trade and investment. Reserve Bank of India and Central Bank of Nigeria both to have data localization requirements on financial information. When New Delhi afterwards asked Reserve Bank of India to address concerns about its data localization rules, which were also driven by private sector concerns over trade and costs.