Cybersecurity is looming ever larger as a concern of governments and businesses, not to mention individuals. The recent revelations regarding worm attacks on industrial installations, including perhaps Iranian nuclear processing plants, have heightened concern. Today's New York Times has a story about India's requirements imposed on foreign telecoms suppliers to reveal the source code embedded in their equipment. These requirements worry the telecoms suppliers, because the source code is proprietary. But the governments want it to make sure that there is no Trojan Horse contained in the source code. India seems especially worried about Chinese government action. But U.S. and other companies are worried about market access in India and elsewhere. From a trade law standpoint, this controversy could raise issues of national treatment, MFN treatment, the TBT Agreement, and the national security exception in GATT. In particular, while the TBT Agreement has a number of provisions relating to national security, none of these provisions provide the kind of broad exception available in Article XXI of GATT. As to Article XXI(b), I suppose any of the subheadings could apply in certain circumstances, or none:
(i) relating to fissionable materials or the materials from which they are derived;(ii) relating to the traffic in arms, ammunition and implements of war and to such traffic in other goods and materials as is carried on directly or indirectly for the purpose of supplying a military establishment;
(iii) taken in time of war or other emergency in international relations;