Take the case of Apple’s muted decision in 2017 to comply with a sweeping new Chinese data security regulation. The regulation required any company holding data on Chinese citizens to localize a data center in China in partnership with a Chinese technology firm and be subject to security reviews by the local authorities. The rule was clearly a violation of Chinese citizens' autonomy, and yet the powerful creator of iPhones, MacBooks and iPads complied quickly — presumably because Apple has a tremendously large share of the local consumer market and a massive manufacturing base in China.
Apple is not alone, however, in making policy determinations driven largely by considerations involving foreign actors. Consider, for example, the U.S. government’s continued concern about the ability of terrorists like ISIS to recruit and radicalize via social media. One step that would make those platforms less hospitable for terrorists would be to prohibit use via virtual private networks (VPNs). VPNs mask a user’s computer and thus provide anonymity to users who want to cover their tracks.
It’s hard to imagine U.S.-based users of, say Twitter, really suffering if they couldn’t post on Twitter via VPNs, even if some might bemoan the loss of additional privacy. But social media companies are not merely concerned with the experience for U.S.-based users; Companies want users living abroad, including dissidents living under authoritarian regimes, to be able to Tweet, message and upload freely as well. These users argue that they need VPNs, making anonymity possible for terrorists, too. Some think that’s the right balance and some don’t, but either way it represents a policy call with repercussions for national security that is being based in significant part on non-American considerations.
Will companies be able to produce U.S. jobs and boost U.S. economic growth, even as they respond to the economic and development demands of their increasingly foreign user base?
The broader theme here is the powerful tension that exists between commercial and other interests of Silicon Valley’s leading firms — all of which are in pursuit of greater global reach, both for profit and for sheer ambition — and the protection of U.S. security.
We can’t cover all of the potential threats to U.S. national security in this piece, but it’s worth noting a few others. One is intelligence collection: Will companies be able to provide communications that U.S. law enforcement and the intelligence officials need to keep Americans safe? This is a complex question that implicates encryption (a passion of many foreign-based users of WhatsApp and similar services), data localization and a host of related issues.
A second, at times countervailing consideration is privacy: Will companies respect the privacy interests of users abroad when foreign governments expect a level of intrusion that would never fly with American users?
A third aspect involves long-term American economic security: Will companies be able to produce U.S. jobs and boost U.S. economic growth, even as they respond to the economic and development demands of their increasingly foreign user base?
Comparing the U.S. government’s approach to Silicon Valley with the approach of foreign governments reveals that those foreign governments are often, in key respects, more directly engaged than Washington is.
Comparing the U.S. government’s approach to Silicon Valley with the approach of foreign governments reveals that those foreign governments are often, in key respects, more directly engaged than Washington is. Foreign governments are more attentive to the negative externalities the firms leading this industry have generated, as well as their implications for public policy.
That doesn’t mean, of course, that their approach to handling new technologies is superior; cases like France’s Minitel demonstrate that a heavy-handed approach to industrial policy can fail quite dramatically. But the fact that other governments are more deliberate and more coordinated in their strategies for mass democratization of the internet — often through multinational entities such as the European Union — seems to call for increased attention by Washington to protect American national security interests.
Ultimately, this means we need better U.S. global leadership — something which we fear President Donald Trump's administration is abdicating. Europe, not the United States, has at least tried to take a significant step toward tackling key technology-related challenges through the Global Data Protection Regulation (GDPR) that went into effect in May.
So far, Facebook seems committed to applying voluntarily at least certain GDPR principles in the United States — because the U.S. government has been unable to figure out what it wants. That's a good step, presumably. But, without better leadership broadly, Silicon Valley will drift away and the United States will suffer.
Joshua A. Geltzer is the executive director of Georgetown University’s Institute for Constitutional Advocacy and Protection. He was the senior director for counterterrorism at the National Security Council from 2015 to 2017.