The US–Australia Cyber Dialogue: Advancing a Secure Digital Economy

November 8, 2016

Liam Nevill - Analyst, ASPI International Cyber Policy Centre

This post originally appeared on The Stratigist, a blog by the Australian Strategic Policy Institute.

Digital communications have bridged the enormous physical distance between the US and Australia, enabling people on both sides of the Pacific to take advantage of innovative technologies and services. The growing opportunities for trans-Pacific digital trade prompted the recent Australia–US Cyber Security dialogue to consider how best to securely expand the digital economy. McKinsey estimated transnational data flows to be worth US$2.8 trillion in 2014, highlighting the increasingly important role of digital trade in the economies of both Australia and the US, as well as the broader Asia–Pacific region. The Dialogue discussion traversed the connection between cybersecurity and consumer confidence in digital commerce, corporate understanding of the threats and risks of cyberspace and the effects of government regulation and free trade agreements on the digital economy.

Public trust in cybersecurity measures that protect personal and financial information underpins the stability and growth of digital commerce. Companies have to protect their customer’s personal information from cyber threats. Discussions at the dialogue indicated that threat awareness is greater and deeper in the US than in Australia. Here only the top group of the large ASX-listed firms seem to have a good grasp of the issue, with a significant drop-off below that. The new Australian Cyber Security Strategy includes several measures designed to address the issue, including education and awareness raising for senior executives.

But raising awareness of the C-Suite is only one part of the solution. Cybersecurity product vendors need to reflect upon the limited success of their messaging, which has only penetrated a limited number of corporate entities in Australia. The onus is on the cybersecurity industry to not only translate their products in a relatable way, but to also ensure they’re scaled to meet the needs of small-medium enterprises, not just the top end of town.

Australian and American business concerns about inconsistent or contradictory trade regulations in the Asia–Pacific were also a key point of discussion at the dialogue. Trade agreements are one way to encourage regional countries to enact common policy and regulatory frameworks. The WTO agreement laid the foundation for digital trade as it exists now, but it didn’t consider complex issues like data storage. Building on the WTO arrangement, the Trans-Pacific Partnership’s ‘Digital Two Dozen’ rules seek to support the expansion of digital trade. They include measures to address the balkanisation of the internet by limiting data localisation, and provisions on government cooperation on cybersecurity.

The emergence of data-localisation regulations that require foreign companies to store citizens’ data within a country’s borders is a worrying indicator that security concerns are overshadowing the economic benefits and efficiencies of the current distributed network model. There are legitimate reasons for governments to access data, and there should be a reasonable way for them to access data that’s stored remotely when required. But cross border complexities in providing such access highlights the difficulties of operating in multiple regulatory regimes across the region and the world. So the rationale for regulatory harmonisation isn’t only to reduce compliance costs for business. There’s also the need to give governments confidence that they can access data they require for security and law enforcement purposes. That must be balanced against concerns about privacy and the protection of human rights.

There are privacy and security reasons to worry that foreign governments may inappropriately access and use data stored in their country. But there are ways for states to protect the privacy and security of their citizens, while guaranteeing access to data that they require without inhibiting trade. For example, the recent European Union-US Privacy Shield Agreement recognises that transatlantic data flows are an important part of the relationship and necessary for digital economic activity. The agreement was made to resolve the uncertainty brought about by the European Court of Justice’s overturning of the previous agreement due to concerns about US surveillance of EU citizen information stored in the US. The new Privacy Shield agreement provides clarity for businesses in the US and the EU, and assures the EU that European personal information still benefits from a high level of privacy protection if it’s transferred to the US.

There are significant opportunities to deepen digital trade between the US and Australia, and to enable the continued economic growth of the Asia–Pacific. Cooperation to harmonise trade regulations in the region through initiatives such as the TPP, and investment in cybersecurity as an enabler of the digital economy will be key to unlocking the future potential of digital trade. Short-term bilateral actions can be taken to remove unnecessary impediments to the growth of digital trade between Australia and the US, with other regional partners to follow later. Identifying the policy and regulatory changes our respective governments can take now to enable this growth will be a key task for the Australia–US Cyber Security dialogue before the next meeting in 2017.