Over at Opinio Juris, Roger Alford talks about some new U.S. cybersecurity legislation that bars federal government purchases of IT equipment “produced, manufactured or assembled” by entities “owned, directed, or subsidized by the People’s Republic of China” unless the head of the purchasing agency consults with the FBI and determines that the purchase is “in the national interest of the United States." Here's the relevant text:
Sec. 516. (a) None of the funds appropriated or otherwise made available under this Act may be used by the Departments of Commerce and Justice, the National Aeronautics and Space Administration, or the National Science Foundation to acquire an information technology system unless the head of the entity involved, in consultation with the Federal Bureau of Investigation or other appropriate Federal entity, has made an assessment of any associated risk of cyber-espionage or sabotage associated with the acquisition of such system, including any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.
(b) None of the funds appropriated or otherwise made available under this Act may be used to acquire an information technology system described in an assessment required by subsection (a) and produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China unless the head of the assessing entity described in subsection (a) determines, and reports that determination to the Committees on Appropriations of the House of Representatives and the Senate, that the acquisition of such system is in the national interest of the United States.
Roger's post is a response to Stewart Baker at the Volokh Consiracy, who seemed to suggest this provision would violate WTO rules and would not be justified by the security exception. But as Roger points out:
the [security exception] provision is self-judging. It doesn’t matter if, objectively speaking, the IT systems are indispensable for security. What matters is whether the United States considers such restrictions to be necessary for its essential security interests.
Roger is correct as far as I can see. Here's what I wonder, though. While the law is clear, how will this play out in terms of international relations? That is, what will China's response be? Will it adopt a mirror image provision, with heightened scrutiny of certain U.S. products?
