On the Biden administration’s first full day in office, three Chinese state-owned telecommunications firms asked to be relisted on the New York Stock Exchange. The firms had been the subject of controversy after a Trump administration last-minute executive order delisted them; yet each has also been the subject of scrutiny from the US government for national security reasons.
These companies—entangled at once with trade and national security issues, especially given Trump’s penchant for acting on the former under the guise of the latter—tell a much bigger story. Questions of how to write internet regulation, in a time where trade and security are increasingly entangled in the digital sphere, are hardly confined to Washington. Many governments worldwide are grappling with internet regulation, both trying to understand the relationship between trade and security online and often blurring together digital trade and security issues in the process. Threading those needles in regulation will be a defining tech policy challenge in the coming decades.
If trade and security issues could ever be cleanly separated, that is an increasingly difficult, if not outright impossible, proposition vis-à-vis the internet. The same communications infrastructure that supports global commerce and scientific research is the one through which governments electronically communicate with spies and on which malicious actors can peddle disinformation. Military secrets and corporate documents traverse the same networks day in and day out: a TikTok video uploaded one second, followed immediately by an energy company’s request to a cloud server. Further, much of this hardware and software is built and operated by the private sector, and yet it is governments (most often democratic) who are typically left cleaning up the messes of the sector’s drive for profit.
Governments in Washington, Berlin, Canberra, and elsewhere have long criticized the Chinese government for imposing trade barriers on foreign companies. A 1997 US trade report, for instance, cited Beijing’s “local content requirements, technology transfers, investment requirements, [and] counter-trade or other concessions” targeted only at firms incorporated outside China. Today, national security is frequently cited by many authoritarian governments as a reason for cracking down on the digital sphere (think of the term “cyber sovereignty”), but democracies are grappling more with the relationship between digital trade and security, too. Where the internet presents new challenges in drawing lines between trade and security, nations are forced to grapple with assessing the complex effects that regulation will have on both.
Take increasingly common data localization requirements—the required storage of data within a specified geography—as an example. Russia instituted such requirements in 2015, forcing companies to store data on Russian citizens within Russia. China’s draft Personal Information Protection Law prioritizes data localization. Vietnam’s 2019 cybersecurity law (which follows in Beijing’s footsteps) only bolstered the local data storage laws on the books. Brazil is weighing a 2020 bill that would make data localization rules part of its General Data Protection Law. Indonesia, Nigeria, Kenya: The list of countries exploring or enforcing these measures goes on.
Both trade and security motivate these requirements. The data localization proposals in India’s draft privacy framework are partly aimed at pushing back against Silicon Valley’s hegemony. When Indonesia relaxed its requirements in 2019, it exempted public entities operating in banking and financial services. Cross-border data flow limits in China are tied with foreign trade and investment considerations. The Reserve Bank of India and the Central Bank of Nigeria both have data localization requirements on financial information. When New Delhi subsequently asked the Reserve Bank of India to examine concerns about its data localization rules, that too was driven by the private sector’s trade and cost concerns.