As the Trump administration prepares a series of trade actions and investment restrictionsagainst China, Beijing has signaled its intention to respond. Besides reports of coming Chinese counter tariffs, with no clear timeline, possibly on U.S. agriculture exports or aircraft, there is much uncertainty about what form Chinese retaliation could take. There are credible rumors of Beijing drawing up lists of U.S. companies with strong domestic counterparts that it would block from the Chinese market (however, there is no publicly available information on this). Chinese media is awash with nationalist calls for a tougher stance against the United States. One user posted: “The US had already declared a war. Why we were only making slogans?”
Both sides are engaged in negotiation that could result in a deal. There is a strong case to be made that the Chinese government will not change behavior absent external pressure. After all, it was the threat of sanctions against Chinese companies ahead of President Xi Jinping’s state visit to Washington in September 2015 that paved the way for the agreement on cyber-enabled industrial espionage. (Although the deal does not appear to be holding up.)
Yet, if negotiations break down, and we enter a period of extended hostility, retaliation from Beijing will go beyond counter tariffs. The Chinese government has other more opaque and unwritten channels to employ against U.S. firms with significant assets in China’s market. Specifically, China’s cybersecurity law can be used as a form of “backdoor” trade retaliation by opening up a number of informal tools to hurt U.S. firms in China.
Indeed, the very existence of these informal tools lies at the heart of the systemic problems that the Trump administration is seeking to address, from security audits that put intellectual property at risk to using cybersecurity to advance industrial policies. The Trump administration is correct to address these issues. But in doing so, it also must have a clear understanding about the consequences of its style of confrontation and where, specifically, there will be additional costs beyond U.S. or Chinese tariffs.
Backdoor Retaliation via China’s Cybersecurity Legal Regime
Below are just three “backdoor” retaliation tools that are receiving less attention, where the tech sector will bear the brunt of a protracted U.S.-China trade war:
Black box cybersecurity reviews. In the information communications technology (ICT) sector, U.S. companies with domestic Chinese counterparts may see licenses canceled or denied under various cybersecurity reviews and certifications. There are at least six different cybersecurity reviews that the government could use to delay or block market access. The reviews are essentially a “black box,” because we do not know what they entail and what is required to pass them. Reviews are conducted at multiple levels of the bureaucracy without visibility into criteria, which allows Beijing to wreak havoc on U.S. company operations in a way that seems not directly confronting U.S. trade actions.
For a detailed discussion of each of these security audits and their practical implications, please see the recent CSIS report, Meeting the China Challenge. To minimize loss in trade conflicts, the World Trade Organization set up the principle that trade retaliation should be proportionate and public. China’s possible use of black box reviews as a political tool will further complicate efforts to reach an agreement in negotiation.
Hardline interpretation of ambiguous rules in China’s cybersecurity law. Some of the more concerning provisions in China’s cybersecurity law (e.g., data localization, more onerous rules for critical information infrastructure) are written broadly, leaving space for interpretation when it comes to how they will be implemented. To be sure, many U.S. companies already are preparing for conservative readings of these provisions in their operations in China and have found the Chinese side less than responsive in channels for engagement on these topics. That said, the benefit of ambiguity is that it allows space for maneuver, which would swiftly close in a cycle of retaliation. Undefined terms in the cybersecurity law such as “important data” and “critical information infrastructure” could become tools to hold up licenses and approvals.
Meanwhile, there are a number of ongoing track 1.5 and 2 dialogues that have become important channels for exchange and could come to a halt. There are examples in which Chinese domestic industry has been an important ally to U.S. companies on pending regulatory issues, despite being competitors. These local champions could become less helpful to U.S. partners as trade tensions spill over to affect the broader bilateral relationship, particularly if these Chinese companies are blocked from the United States under the banner of reciprocity.
Encryption requirements. Beijing has a draft encryption law in the legislative process. If enacted and enforced, the law could be interpreted to require only preapproved domestic encryption products—a redline for many foreign companies in China. This has been a regulatory gray zone for years, and the Chinese government recognizes that enforcement would come at too high a cost for the foreign firms it needs to stay in the market. An exemption in the current regulation allows companies to apply for approval to use foreign-produced commercial encryption products. But in a trade war, all bets are off
Concerning requirements under the draft law include decryption demands when national security is involved, on-site inspections to access data and seize equipment, and a national security review for certain kinds of encryption products and services. There has not been much reporting about the law, and it is not mentioned in the March 22 report from the Office of the U.S. Trade Representative (USTR). But a recent article in China’s official press stated that authorities are accelerating the legislative process. The law would significantly strengthen enforcement powers of China’s State Cryptography Administration through expanded government supervision and access under China’s first-ever uniform encryption regime. Since the rules for this new regime are still being written, they can easily become another “backdoor” tool.
Why the Approach to Confrontation Matters
It is telling that the USTR report paid far less attention to China’s cybersecurity law than it did to older policies: “Made in China 2025” had over 100 mentions while the cybersecurity law had just 16. Since so much of the law is still pending clarification from Chinese authorities, it is understandable that the report did not go into much detail about its practical effects. Yet, the cursory treatment of the cybersecurity law and its broader framework in the report underscores how the Trump administration’s approach is not calibrated to solve these challenges and likely will only make them worse. While a quick deal with Beijing will reduce escalation risks, it is more likely that the outcome of negotiation would be a symbolic win for the Trump administration without addressing these deeper challenges impacting all ICT and the digital trade.
Samm Sacks is a senior fellow with the Technology Policy Program at the Center for Strategic and International Studies in Washington, D.C
No comments:
Post a Comment