Why the WTO is not an Appropriate Venue for Addressing Economic Cyber EspionagePosted: February 11, 2013 Filed under: Cyber 3 Comments
Using the WTO to Respond to Economic Cyber Espionage?
US policy concerns about cyber espionage continue to grow, especially traditional and economic espionage allegedly conducted by China against the US and US companies through cyber technologies. Today (February 11), the Washington Post reported on a new National Intelligence Estimate focused on a “massive cyber-espionage campaign” directed at the US private sector by China. Concerns about economic cyber espionage include deepening frustration because the options available to the US to address cyber espionage are few, and the use of the limited options, such as criminalizing economic espionage in national law, have not proved much of a deterrent before or after spies began exploiting the Internet.
In the debate about how to counteract economic cyber espionage, cybersecurity heavyweights are encouraging the US to use the World Trade Organization (WTO) and its rules on intellectual property in the Agreement on Trade-Related Intellectual Property Rights (TRIPS) to address economic cyber espionage. On February 7, 2013, Richard Clarke argued in an op-ed that “victims of Chinese economic espionage should seek to establish clear guidelines and penalties within the World Trade Organization system[.]” In a Center for Strategic and International Studies (CSIS) report released on February 8, 2013, James Lewis argued that the US should use the WTO in its strategy against Chinese economic cyber espionage (see pages 49-51 of the report).
The recent appearance of these WTO arguments by Clarke and Lewis suggests that these influential experts perceive policy traction with these proposals is possible. Indeed, the Washington Post reported in its February 11 story that the Obama administration is considering, among other options, making “complaints to the World Trade Organization.” However, the idea that the WTO can prove useful to the US in addressing economic cyber espionage is not convincing legally or politically. The US should not view the WTO and TRIPS as appropriate venues for confronting the problem of economic cyber espionage.
Force Majeure or Breach as the Legal Claim?
Lewis frames his proposal around a legal argument: “A state always has the right to exercise ‘force majeure,’ to go to a body and say that it agreed to procedures and concession on the grounds that other parties would similarly honor their commitments, and since they are not, the agreement no longer holds” (p. 49). From a lawyer’s perspective, Lewis is not using the force majeure concept correctly. Usually, a government in a treaty context or a private party to a contract appeals to force majeure to excuse performance of an obligation because of an event it cannot reasonably have anticipated or controlled. For example, the International Law Commission described customary international law on force majeure as follows: “The wrongfulness of an act of a State not in conformity with an international obligation of that State is precluded if the act is due to force majeure, that is the occurrence of an irresistible force or of an unforeseen event, beyond the control of the State, making it materially impossible in the circumstances to perform the obligation” (Draft Principles of the Responsibility of States for Internationally Wrongful Acts, 2001, Article 23(1)).
Leaving aside my lawyerly difficulties with Lewis’ use of force majeure, he is making a legal argument–that the US can assert that China is violating WTO rules by engaging in economic cyber espionage and, thus, the US can take lawful countermeasures to address the violation. So, we need to undertake legal analysis to evaluate if Lewis is correct in his main claim (which will give us a window into whether, more generally, the US can file complaints against China in the WTO for violating WTO rules).
Characterizing the Economic Cyber Espionage of Greatest Concern to the US
Allegations against Chinese economic cyber espionage predominantly target Chinese efforts to use the global reach of the Internet to access commercially valuable information (often protected by intellectual property (IP) rights) held outside China by private companies. In other words, the US is most concerned about China’s extraterritorial theft of IP-protected information not Chinese behavior vis-a-vis such information within its own jurisdiction.
In addition, as the Washington Post reported, “Much of China’s cyber-espionage is thought to be directed at commercial targets linked to military technology.” If true, this description confirms that the US is most concerned about Chinese spying on companies located and operating outside China. The interest in military technologies makes this aspect of Chinese economic cyber espionage look more like traditional espionage aimed at gaining information from an adversary for national security and military purposes.
Economic Espionage and International Trade Law
As a general matter of law, IP rights are granted and protected on a territorial basis by national governments. Further, WTO rules operate on a territorial basis, meaning that only in unusual circumstances do the rules recognize the legitimacy of the extraterritorial application of a WTO member’s domestic law in trade contexts. All of which means that the obligations the WTO imposes regarding IP rights through TRIPS focus on a WTO member’s behavior within its own territory towards nationals of other WTO members doing business in that territory.
So, China must accord IP owned by nationals of other WTO members registered or otherwise protected in China certain minimum standards of treatment, such as national treatment (TRIPS, Article 3). If the Chinese government disclosed IP used in China by a company from another WTO member to a competing Chinese enterprise, then China would violate TRIPS by failing to accord national treatment to those foreign-owned IP rights within its territory.
But, as noted above, the most serious worries about Chinese economic cyber espionage do not fit within this territorial-centric scenario and focus on espionage conducted outside China. Clarke, Lewis, and others concerned about economic cyber espionage are not, by and large, complaining about theft by the Chinese government of IP owned by US nationals that is already present in Chinese territory. Cybersecurity experts are worried about a more geographically expansive problem.
Nothing in the WTO generally or TRIPS specifically mandates that China (or any other WTO member) protect commercially valuable information found in the territories of other countries. TRIPS does not require WTO members to prohibit their nationals or companies from engaging in corporate espionage inside foreign nations, nor does TRIPS regulate government-led economic espionage within other countries. Thus, the US cannot claim that China is violating TRIPS with respect to Chinese economic cyber espionage the US fears is most damaging to US economic and commercial interests. Or, put another way, China has not made commitments under the WTO regarding espionage it conducts outside its territory, meaning the US cannot claim breach of legal obligations that justifies countermeasures involving trade restrictions against China.
International law more generally confirms this analysis. International law does not prohibit espionage by treaty or customary international law, and, as far as I am aware, states have not adopted treaties that prohibit economic espionage, despite the long-standing awareness of this problem. In light of this international legal background, why would we think that the WTO prohibits or regulates economic cyber espionage?
Dispute Settlement in the WTO
The lack of a legal claim against China under WTO rules means that the US would have a difficult time justifying retaliatory action for China’s economic cyber espionage. Under the WTO, the US would have to obtain a ruling from the WTO Dispute Settlement Body that China was not complying with its WTO obligations in order to implement retaliatory trade sanctions for such a breach. WTO law frowns on WTO members unilaterally deciding that violations have occurred and imposing trade sanctions. The WTO requires the US to run its allegations through the WTO’s dispute settlement process, which can, if a violation is found and not remedied, authorize trade sanctions. The lack of a legal claim under TRIPS renders the WTO legally unavailable to the US for pursuing the Chinese economic cyber espionage of greatest concern to American interests.
Even assuming that the US could make a case that China was violating TRIPS, the US government would bear a burden of proof in WTO dispute settlement that would create problems. The US would need to disclose sufficient evidence to pin responsibility for the the alleged theft of IP rights on the Chinese government–a requirement made difficult because of (1) attribution problems in the cyber context, and (2) thresholds for establishing state responsibility for unlawful acts in international law. Further, the US might want to avoid meeting its burden of proof because doing so would require disclosing counter-intelligence means and methods. Allegations not backed with adequate empirical evidence of state responsibility will not satisfy the burden of proof the US would have in pursuing legal complaints in the WTO.
The US could seek support within the WTO for amending TRIPS to cover extraterritorial economic espionage (e.g., extending the national treatment principle to cover extraterritorial government actions affecting IP rights protected in other WTO members), but opposition to such a proposal would come from more WTO members than just China, making it nearly impossible for such an amendment to become reality.
Using the National Security Exception in WTO Law
Another WTO option discussed by Lewis involves the US imposing trade sanctions against China (or threatening to do so) for its economic cyber espionage by invoking national security exceptions found in WTO agreements. Under WTO law, the US could invoke these exceptions without establishing any Chinese violation of WTO rules.
For example, under Article XXI of the General Agreement on Tariffs and Trade (GATT), the US could justify trade restrictions against Chinese products by claiming that it is taking actions it considers necessary to protect its essential security interests in the context of an “emergency in international relations” caused by Chinese economic cyber espionage. (TRIPS has a similar national security exception (Article 73)). Many WTO experts believe that the WTO Dispute Settlement Body cannot strike down an invocation of GATT Article XXI given the discretion the provision leaves WTO members to define their essential security interests.
However, historically, states in the pre-WTO era and the WTO period have utilized the national security exception in GATT sparingly. As Lewis acknowledges, for the US to invoke the national security exception in order to restrict trade with China over economic cyber espionage would constitute a dramatic departure from long-standing practice and a potentially destabilizing step.
China is unlikely to “turn the other cheek” and could respond in ways that damage US trade and commercial interests. China might respond by arguing that US government efforts under its “Internet freedom” agenda and/or the intense level of cyber espionage the US government conducts against China constitute threats to its essential security interests, justifying Chinese actions against US exports under WTO rules.
A high-profile deterioration in trade relations would negatively affect other aspects of Sino-American diplomacy, making this geopolitically important relationship even more adversarial. In this context, espionage of all kinds would likely increase rather than decrease. The potential for trade relations to deteriorate into something more dangerous helps explain why states have never considered international trade law and institutions as appropriate instruments for addressing national security threats posed by any form of espionage.
Politics Rather than Legalistic Reasoning?
Proposals favoring US use of the WTO against Chinese economic cyber espionage sometimes contain more political than legal flavor–that is, raising the issue in the WTO will put the Chinese under increasing diplomatic scrutiny, leading to a curtailment of Chinese economic cyber espionage. In other words, the purpose of taking the issue to the WTO is not to win a legal argument but to put political pressure on China through this high-profile diplomatic forum.
However, this strategy could generate “blowback” against the US from China, which could itself attempt to use the WTO to turn the tables on the US by criticizing American political, military, and intelligence community behavior in cyberspace (e.g., intervening in the domestic affairs of other states under the “Internet freedom” agenda, launching Stuxnet against Iran, and engaging in extensive cyber espionage against many countries). Not wanting to be forced to take sides, other WTO members would want this unproductive standoff to go away and stop jeopardizing what the WTO does well, which does not include resolving spats about espionage practices.
Lewis is aware of these potential pitfalls but still advocates for US action in the international trade realm against Chinese economic cyber espionage because he believes that “the United States is probably less vulnerable to Chinese pressure . . . than China is to U.S. pressure on market access” (p. 50). I am not convinced his calculation is correct, but I also worry about China’s ability to make political trouble for the US on cyber issues if the US raised economic cyber espionage in the WTO. After all, China and its allies succeeded, according to Richard Clarke in his op-ed, in “dominating” the World Conference on International Telecommunications in Dubai in December 2012–a meeting that, if nothing else, demonstrated a growing willingness by China, Russia, and other countries to confront US perspectives and policies on the Internet and cyberspace. China has made it clear it is willing to pick fights with the US on cyber issues in diplomatic forums, and I doubt whether an American attempt to enlist the WTO will bring a more cooperative Chinese diplomatic response.
Let me be clear: The US and other countries face a serious problem with traditional and economic espionage conducted through cyber technologies. I have written on how dangerous cyber espionage is (see David P. Fidler, “Tinker, Tailor, Soldier, Duqu: Why Cyberespionage is More Dangerous than You Think,” International Journal of Critical Infrastructure Protection (March 2012), pp. 28-29). However, the WTO is not an appropriate venue for the US to use in addressing the threat posed by economic cyber espionage. Cold calculation of American interests suggests this idea should be put aside.
[…] Why the WTO is not an Appropriate Venue for Addressing Economic Cyber Espionage – Arms Control Blog […]
I agree with your point of view of this post. This is a good post. Very timely given us so much useful information. Thank you!
Very useful article.
My view is rather laissez faire – I view economic espionage as “leveling the playing field” between actors.
As a computer security expert, I view the issue more radically than most. I have a meme which I apply to the concept of “computer security” (and it actually applies to “security” in general), which goes as follows:
“You can haz better security or you can haz worse security. But you cannot haz ‘security’. There is no security. Deal.”
Computer crime and espionage are a “growth industry” and will continue to grow until they become ubiquitous, forcing the computer and telecommunications industries to start building more robust systems. This isn’t going to happen for at least another decade, if not two, because the development processes industry wide in both industries will have to radically change – and people just don’t do that until they’re forced up against a wall of loss.
There is no such thing as “preventing” threats. “Security” is best defined as “the ability to HANDLE threats when they occur without incurring significant loss.” If you can do that, you have as much “security” as it is possible to achieve in the real world.
Starting a trade war, still less a shooting war, over cyberespionage and cybercrime is simply a road to the bottom. The real solution is to change industry development practices and corporate business practices to deal with the threat as much as realistically possible and accept the losses that inevitably will remain to some degree as a “cost of doing business.”