The past years have been turbulent for trade and the digital economy. While protectionist agendas are affecting trade generally, the problem is compounded when national cyber security concerns are linked to trade in digital products and services. This has led to the rise of a phenomenon known as tech nationalism. Tech nationalism is a turn away from the globalized supply chains and trading system put in place in the 1990s, and a move toward suspicion of globalized supply chains and foreign producers of software, equipment and services.
On November 26, 2019, the IGP organized a workshop at the fourteenth annual meeting of the United Nations Internet Governance Forum (IGF) to discuss the impact of tech nationalism on Internet governance and the digital economy. This year’s IGF was held in Berlin and hosted by the government of Germany. The workshop on Tech Nationalism: 5G, Cybersecurity and Trade was jointly organized by IGP and William Drake, International Fellow and Lecturer in the Media Change & Innovation Division of the Department of Communication and Media Research at the University of Zurich.
Panelists included Milton Mueller of Georgia Tech/IGP, Tobias Feakin, Cyber Ambassador for Australia, Donald Morrissey, a representative of Huawei based in Washington, D.C., Jan-Peter Kleinhans from the German think-tank Stiftung Neue Verantwortung and Jyoti Panday with the Idea-IIMA Telecom Centre of Excellence at the Indian Institute of Management in Ahmedabad, India. The leading topics of discussion were the increasing securitization of software and telecom equipment, the industrial policy competition over 5G, and the battle for “strategic” control over data. Reflecting intense interest in the topic, the room capacity of 125 was quickly exceeded and conference organizers had to turn away many prospective attendees. This blog covers the workshop proceedings and its outcome.
Understanding Tech Nationalism
The workshop began with panelists unpacking what constitutes tech nationalism.
Bill Drake reminded us that tech nationalism has been around as long as states have existed. While the concept is not new, the expansion of tech nationalism beyond the realm of hardware into areas like services, application, cloud and data suggests the evolution of tech nationalism from being a defensive policy posture into an expansionist measure tied to international politics and geo-economics. According to Bill, there are a number of common elements that unite policies rooted in tech nationalism. The tech-nationalist imaginary is intimately bound up with notions of national sovereignty. Usually, the threat of foreign actors that can dominate or endanger national security is used to gain support for protectionist measures. In countries pursuing a tech-nationalist agenda, a few politically connected domestic companies end up becoming the primary beneficiaries of regulation.
Milton Mueller put forward a political economy definition of tech nationalism. He underlined the perception of technology as an instrument of national competition and argued that the ascendance of tech nationalism has to be linked to the resurgence of other forms of nationalism, manifested in everything from the restrictions on immigration in Europe and the US to trade protectionism and the use of tariffs. In his view, the growing assertions of tech nationalism is an extension of the nationalistic logic to the technology sphere.
Ambassador Feakin emphasized that given the impact of technology on national security, the economy and the future of societies, cyberspace and strategic policy have become intertwined. He clarified that tech nationalism Australia is driven by the need of the government to ensure the environment in which these technologies being developed and absorbed by societies reflects the country’s values and principles.
Jan-Peter Kleinhans pointed out that in an increasingly software defined world, national security and tech nationalism have become intertwined. In his view, tech nationalism is about countries and not companies. The national origin of technology matters, because the regulatory environment in which the technology was developed plays a very important role in establishing its trustworthiness.
Jyoti Panday highlighted that tech nationalism in India is visible across a wide-range of policy areas, and manifested through protectionist policies supporting large private companies, building them up as the carriers of national power. She identified the shrinking consensus in the global international order, and the growing competition over emerging technologies and the rising influence of domestic lobby groups as factors that have contributed to the rise of tech nationalism.
For Donald Morrissey, tech nationalism is a result of countries striking a balance between their strategic objectives for international security, cyber security, innovation trade and a third category which he loosely defined as innovation trade and industrial competition. He added that achieving a balance between these objectives is not easy, and can lead countries to introduce restrictive measures such as export controls, bans on technologies, ownership limitations, data localization mandates, stringent requirements for technical and security reviews. While there are many reasons why states enact one or more of these measures often at the same time, usually such policies rooted are reactions to certain market conditions.
An audience member who works for German security affairs hinted at the emergence of two competing spheres of influence, where tech nationalism allows states to secure domestic interests and also shapes their engagement on global trade and internet governance.
The Rise of ‘Data Nationalism’
The second part of the workshop focused on a subcategory of tech-nationalism, what many observers have described as ‘data nationalism’. Proponents of data nationalism argue that data is the collective property of the people, a ‘national resource,’ and it is the appropriate function of the state to protect data by asserting its authority over it. Ambassador Feakin outlined the dangers of ‘data nationalism’ based on economic interests instead of searching for broader solutions for long-standing issues around the governance of data. In his view, the claim that “if data is stored in the territory of a country it is much safer” is often misleading since countries are rarely able to meet the security standards of global service providers. Although Ambassador Feakin questioned the use of security of data as a rationale to justify restricting data flows, he clarified that the Australian government mandates localization of certain types of data derived from an “incredibly, highly classified environment” for security reasons.
Jan-Peter agreed that the argument that data is more secure in a particular location is a fallacy, but pointed out that measures to restrict data were not so much about the security of data as about jurisdiction over the server where the data is physically located. He argued that policies like the General Data Protection Regulation (GDPR) demonstrates that although free flow of data is important, control over data matters for governments even more. Reinforcing the distinction between the security of data and data protection, Jan-Peter called for a clear separation between measures aimed at data protection and those needed to ensure the safety and security of data.
In Jyoti’s view, the growing recognition of the value of data has added to the contestations around control over data in both industrialized nations and developing countries. Over the years digital data become increasingly interwoven with all aspects of the world economy, and global shifts in economic power from advanced economies to emerging economies. She pointed out that although digital technologies have led to the creation of enormous wealth, this wealth is highly concentrated in a small number of countries, companies and individuals.
Donald reminded us that as a private company that operates in different markets, Huawei is acutely aware of jurisdictional tensions around data governance. He believes that in the future, data holders should come under the same kind of scrutiny as vendors like Huawei, with third party evaluation of data management practices.
The Battle Over 5G
The final session of the workshop focused on questions of supply chain security, which affects a number of Internet-related industries and tends to encourage what some have called “alignment” of Internet products and services with national jurisdictions. Around the world, governments have used national security concerns to ban foreign antivirus products, restrict outgoing information flows or block market access for foreign telecommunication equipment and cloud providers.
Milton kicked off the discussions by drawing attention to the ongoing cyber conflict between China and the United States. Critical of US attempts to block Huawei from US markets, he argued that the introduction of complex and software-driven systems like 5G creates vulnerabilities that can be exploited no matter where the vendor is based. Unsurprisingly, Donald refuted claims that a 5G network built with a Chinese vendor is less secure. While panelists were largely in agreement with this view, Jan-Peter took a different stance, arguing that keeping out Chinese equipment from 5G deployment minimizes the ability of the Chinese state to coerce a particular vendor to compromise the security of networks that use this equipment. On the issue of cybersecurity risks, Donald pointed out that as companies source components from all over the world there is no difference between Huawei and its competitors. He added that the opportunity to compromise the hardware or software of companies integrated in the global 5G supply chain exists regardless of the country of origin of the vendor.
Another important theme that emerged during discussions was the issue of trust. Donald cautioned against equating trust in vendors with trust in the country of origin as it diminishes the collaboration between a variety of countries and companies that goes into the development of 5G technology. However, Jan-Peter disagreed with this framing, arguing that companies are not equal because the regulatory and political environments from which they emerge impacts their perceived trustworthiness. In his view, countries make decisions to include or exclude particular vendors or equipment manufacturers based on shared values. He believes as long as states continue to compete over security and technology development, shared values and trustworthiness will continue to play an important role.
Jyoti highlighted that the Indian government has been sending out mixed signals on the participation of Huawei or other Chinese firms in 5G development. She attributed India’s reluctance to take a clear stand to the fact that developing countries like India need to balance privacy and security concerns with market conditions that create bottlenecks in network rollout; for example, base price of spectrum and the overhaul of network base stations. While Indian policymakers continue to emphasize the idea of ‘technological sovereignty’, the reality is that Indian telecom operators and customers continue to be reliant on Chinese companies to provide products and services at low prices.
The low price-points offered by Chinese firms led to an interesting discussion with panelists weighing in claims that companies like Huawei are “cost-effective” and are able to offer competitive rates for their network gear because the Chinese state is subsidizing them. Donald denied these claims, reminding us that there was no evidence to prove that Huawei has ever been a beneficiary of state subsidies. Ambassador Feakin added that costs associated with vendors was discussed at length when Australia was thinking through its 5G roadmap. However, when the costs of mitigation strategies are considered and the financial investment needed to provide assurance and security, the choice of allowing low cost vendors for deployment became null and void.
Jan-Peter explained that for countries worried about cybersecurity the price point of a particular vendor is not the main concern. He was concerned that different dimensions of 5G development tend to get mixed up in policy discussions and public debates. He pointed to the US as an example where national security concerns like Chinese espionage have been conflated with economic concerns about Huawei’s global market dominance. In his opinion, distinguishing between cybersecurity, national security, privacy, and economic risks raised by 5G technology call for different policy responses.
Milton wondered if the increment of mistrust added by the national origin of the vendor is enough for countries to lock them out of the market completely. He argued the Australian position on 5G suggests the broader issue of technology development and competition is being subordinated to a military agenda by countries. In his view the conflict between nations has turned into a cold war in which technological development is the perceived battleground and the civilian economy and users are hostages. He argued that a refusal to trust or accept products and services from foreign producers divides the Internet along national borders, limiting global connectivity, and simultaneously undermines the growth of the digital economy.
The workshop ended with agreement among participants that tech nationalism is a growing and highly problematic thing in a world of global value chains and integrated, interconnected, and interdependent ICT systems. A tech-nationalist agenda is not compatible with an open and interoperable Internet. A few panelists weighed in on the question of how to escape the logic of bordered national systems. According to Ambassador Feakin the answer lies in improving trust between countries and vendors. Jan-Peter believes that countries should focus on reducing technological dependency and developing a better supply chain security strategy for key technologies and critical sectors. Bill made the case for bringing in different perspectives for finding productive solutions through multi-stakeholder mechanisms and consultative dialogue with industry.
The IGP workshop on tech nationalism proved to be very successful in creating a discussion among various stakeholder groups on how national protectionism based on cybersecurity concerns impacts Internet governance, global value chains and international trade. The workshop attracted intense interest, with standing room only crowd and a lively engaged audience. The insights from this workshop will be useful in guiding IGP’s positions on 5G development and going forward we hope to create more opportunities for dialogue on this issue.