Cybersecurity at the WTO

by Roger Alford

Stewart Baker over at Volokh has a couple of interesting posts here and here on the new cybersecurity legislation that bars federal government purchases of IT equipment “produced, manufactured or assembled” by entities “owned, directed, or subsidized by the People’s Republic of China” unless the head of the purchasing agency consults with the FBI and determines that the purchase is “in the national interest of the United States. Here’s the key language:

Sec. 516. (a) None of the funds appropriated or otherwise made available under this Act may be used by the Departments of Commerce and Justice, the National Aeronautics and Space Administration, or the National Science Foundation to acquire an information technology system unless the head of the entity involved, in consultation with the Federal Bureau of Investigation or other appropriate Federal entity, has made an assessment of any associated risk of cyber-espionage or sabotage associated with the acquisition of such system, including any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.

(b) None of the funds appropriated or otherwise made available under this Act may be used to acquire an information technology system described in an assessment required by subsection (a) and produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China unless the head of the assessing entity described in subsection (a) determines, and reports that determination to the Committees on Appropriations of the House of Representatives and the Senate, that the acquisition of such system is in the national interest of the United States.

Baker raises the issue of whether such legislation would fall under the security exception in the WTO procurement agreement. Baker expressed concern that “the US Trade Representative’s office had negotiated a strikingly weak security exemption for the WTO procurement code…. The US can make a good case that attacks on the Commerce Department or the Justice Department information systems threaten national security, but it’s hard to argue that the IT systems those departments buy are themselves indispensable for national security.” But he ignores the critical point of the security exception, which is that the provision is self-judging. It doesn’t matter if, objectively speaking, the IT systems are indispensable for security. What matters is whether the United States considers such restrictions to be necessary for its essential security interests.

I have written extensively about the WTO security exception, and the bottom line is that despite numerous security crises that have come before the GATT/WTO–the Marshall Plan, the Falkland War, the Reagan Doctrine, the War in Yugoslavia, the secondary boycott against Cuba, the Arab League Boycott against Israel–there has never been a case actually adjudicating the security exception. The reason is that Member States’s recognize that national security questions are self-judging. Each Member State decides for itself whether action is necessary for its essential security interests.

Article XXI of GATT 1947 and Article XXIII of the Government Procurement Agreement both have such language. Baker focuses on the language in Article XXIII requiring that the procurement be “indispensable for national security or for national defence purposes.” But the operative language is that “[n]othing in this Agreement shall be construed to prevent any Party from taking any action … which it considers necessary for the protection of its essential security interests relating to … procurement indispensable for national security or for national defence purposes.” Unlike the general exceptions, the security exceptions in GATT 1947 and the Procurement Agreement are self-judging, analogous to the political question doctrine in U.S. constitutional law. If the United States makes a determination that Section 516 is necessary for its essential security interests, at least with respect to WTO compliance, that is the end of the matter.

Of course, it may seem counterintuitive that a self-judging exception could be embedded into the WTO agreements, a subject that I discuss in some detail in the article. Wouldn’t such a self-judging exception swallow the rule? For a variety of reasons, the answer is a resounding no. International trade law, viewed by many as the most intrusive branch of international law, has preserved one enclave of complete national sovereignty without undermining the efficacy of the WTO.

http://opiniojuris.org/2013/03/27/cybersecurity-at-the-wto/

Comments are closed.