The conflict in Ukraine is reinforcing an industry-friendly argument for how the government should regulate cybersecurity.
As Russia uses technology to advance its invasion of Ukraine, the goal of aligning U.S. and European policy approaches has taken on new urgency but remains—as ever—beyond reach.
“I'm arguing with Europeans these days on whether cloud services providers in Europe should not only have to localize data, but [also] be 61% European-owned, right when this whole idea of an open and universal and interoperable internet is really under pressure on many fronts,” said Peter Harrell, senior director for international economics and competitiveness at the White House. “I think it's important we have this conversation today … the kind of crisis in Russia really crystallizes what's actually a broader and longer, longer-term challenge.”
Harrell spoke at the annual State of the Net conference Monday during a discussion of ‘internet governance in an increasingly authoritarian world.’ His comments—and those of other participants at the conference, including a key member of Congress—dovetailed with arguments big tech companies recently made in opposition to a Commerce Department proposal for securing the supply chain of information and communications technology from foreign influence.
The Commerce proposal, which started under President Donald Trump and was relaunched for public comment by President Joe Biden in June 2021, suggested there might be a need for third-party reviews of ICT equipment sold in the U.S., including “connected software applications,” to require inspections of their source-code, logs and data.
In response, the Information Technology Industry Council, which represents major cloud services providers like Microsoft and AWS, said such a policy would set a dangerous precedent for authoritarian regimes to ask the same of U.S. companies operating in those markets.
That concern has resonated more deeply with policymakers and other stakeholders in light of Russia’s invasion of Ukraine and the threat of authoritarianism.
Also speaking at the conference, Rep. Mike McCaul, R-Texas, a co-chair of the Congressional Internet Caucus and ranking member of the House Foreign Affairs Committee, noted a bipartisan letter he and other lawmakers sent to President Biden last week voicing concerns about the Digital Markets Act. McCaul said the European Union’s proposed DMA would essentially “localize the cloud to only the EU. You couldn't have this free flow of information.”
“That’s the danger,” he said. “We don’t want countries starting to have their own cloud that has no internet connectivity to the international world.”
Last fall, the Biden administration announced the formation of the U.S.-EU Trade and Technology Council. The TTC is the most recent iteration of a forum for the allied governments to get on the same page about their regulatory approach so they could, in part, provide a unified front in the face of adversaries. ITI took credit for playing a key role in creating the TTC, but other industry representatives at Monday’s conference were not optimistic about the council’s outlook.
“There may be conversations we can have on cooperation, vis-a-vis, China, cybersecurity, some of the other agenda items, but on the core regulatory issues that are going to govern data governance and the digital economy, Europe has decided the path they want to pursue, and I don't think it is interested in listening to the United States or discussing where the United States has views,” said Sean Heather, senior vice president for regulatory affairs at the U.S. Chamber of Commerce. “And, unless Europe is going to sit down and have conversations like that, I think the TTC is going to have a rocky agenda.”