nueva página del texto (beta)
Inglés (pdf)
Artículo en XML
Referencias del artículo
Traducción automática
Enviar artículo por email
Citado por SciELO 
Similares en
SciELO 
Permalink
Table of contents
I. Introduction…………………………………………………..4
II.Electronic commerce in the global digital economy………..9
1.The Digitization of Everything and the Increasing Amount of Information Available………………………………………..12
2.Artificial Intelligence (AI)………………………………….13
3.Big Data…………………………………………………….13
4.Internet of Things (IoT)…………………………………….14
5.Cloud Computing…………………………………………...14
6.Materials Based on “Bio-ˮ or “Nano-ˮ Technology………..15
III.From cyberspace to cybersecurity ………………………...16
1.Cyberspace………………………………………………….16
2.Cybersecurity………………………………………………..17
IV.Cybersecurity in free trade agreements……………………19
1.Association of Southeast Asian Nations (ASEAN)…………20
2.From TPP to CPTPP………………………………………...21
3.The North American Free Trade Agreement (NAFTA)……....27
V.Final considerations………………………………………...28
Introduction
“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology”.1
We are facing a digital age characterized by constant flows of goods and services, financial assets, people, information and communication. This global flow is not new; what is new is its exponential growth in recent years, as a result of economic progress, particularly with the massive spread of Information and Communication Technologies (ICTs), specifically the Internet and the accessibility of connected mobile devices (such as smartphones).
The ability to link the physical world with each human activity, through sensors and networks, to obtain knowledge through advanced analysis is - and will undoubtedly continue- transforming our daily lives, as well as the economy and society. The digitalization of things constitutes one of the great phenomena of recent years. Translating everything (documents, music, images, maps, ourselves) into bits transforms the way we understand and interact with the world.2
The global economy is increasingly connected, and digitization has spread to such an extent that today’s global economy is a digital one. This is nourished to a large extent by the massification of cloud computing, as well as Big Data and advances in the Internet of Things (IoT) and Artificial Intelligence (AI).
Consider the following information: for The Internet in Real Time, the amount of data uploaded to the Internet in one second is 24,000 gigabytes (GB).3 Cisco4 has estimated that annual global IP traffic will reach 3.3 ZB5 (1000 Exabytes) by 2021. In 2016, global IP traffic was 1.2 ZB per year or 96 EB6 (billion GB) per month. By 2021, global IP traffic will reach 3.3 ZB per year, or 278 EB per month. In its Visual Networking Index: Forecast and Methodology, 2016-2021 report, the Cisco predicts the volume of devices connected to IP networks to be three times greater than the world population. According to their estimates, there will be a 3.5-device-per-capita network by 2021, com- pared to 2.3 devices per capita in 2016. Accelerated in part by the increase and capabilities of the devices, IP traffic per capita will reach 35 GB in 2021, compared to 13 GB in 2016.
With lower costs and greater connectivity, ICT platforms have allowed goods and services to flow through electronic commerce (e-commerce). The commercial transactions that are reflected in the use of information circulate through this “meta-space that is cyberspace”,7 without having to physically reside in any specific place, as seen in the relocation of the space erected by telecommunications. This has allowed commercial immediacy, which encourages e-commerce.
In 2017, world production of ICT goods and services represented around 6.5% of the world’s Gross Domestic Product (GDP).8 In 2015, worldwide e-commerce sales reached an estimated $25.3 billion US dollars (USD),9 a figure that continues to increase daily. It is estimated that worldwide e-commerce retail trade for 2017 reached US$2.290 billion,10 thus representing one tenth of total retail sales worldwide.
According to a study by the Association of Internet.mx, it is estimated that the value of the Mexican e-commerce market for 2017 was USD 396.04 billion, which constitutes a 20.1% increase over the previous year.11 In this sense, international e-commerce purchases that take place in Mexico constitutes 75% of its total users.12 With the digitization of everything, ICTs are leading up to an exponential increase in the available volume and types of data, creating countless possibilities to transform society and therefore countries. However, as individuals, governments, companies and societies in general, we are still at a stage of experimentation, innovation and adaptation to this new world of digital interactions, a world where at every moment the data contain greater volume, speed, variety than ever.
The dynamic economic sphere of cyberspace is experiencing great turmoil due to global forces of competition, cooperation and threats to cyberspace. These changes create confusion and uncertainty and can lead to the creation of strategies and policies that become barriers to electronic commerce and the digital economy.
Threats and incidents of digital security have increased in recent years and have had important economic and social consequences for public and private organizations, as well as for people. Some examples include interrupted operations (for example, by DDoS13 or sabotage), direct financial loss, lawsuits, damage to reputation, and diminished competitiveness (as in the case of theft of trade secret), as well as loss of customer trust.
The threats found in cyberspace are different since they do not come only from states, but from people and non-state actors who use it to promote their interests through malicious actions and behaviors.14 Unlike other domains such as water, land and sea, the purpose of carrying out attacks in cyberspace is not to have a domain over it, but so that, through it, use it to damage people, states and business.
To face risks and threats in cyberspace, most nations have contemplated an international commitment or obligation to cooperate with others and contribute to global cybersecurity. More and more in speeches from all over the world we hear that cooperation is vital to maintaining a secure cyberspace that promotes national security and stability for all users in general. An example of this is found in the Convention on Cybercrime, also known as the Budapest Convention, of the Council of Europe.15 This document clearly explains the importance of having appropriate legislative measures and international cooperation in the field of cybercrime.
Efforts to address issues related to security have also been carried out by intergovernmental organizations, such as the OAS16 -Organization of American States-, and the UN-United Nations-.17 This last one has issued several recommendations emphasizing that “the dissemination and use of information technologies and means affect the interests of the entire international community”,18 recognizing that “technologies can also be used for purposes that are inconsistent with the objectives of maintaining international stability and security”.
In the same way, we find international institutions that have established formal standards, such as the International Telecommunications Union (ITU), the Internet Corporation for Assigned Names and Numbers (ICANN),19 the International Organization for Standardization (ISO), and the National Institute of Standards and Technology (NIST), among others.
Along the same strain, military, political and economic organizations such as the North Atlantic Treaty Organization (NATO),20 the European Union,21 the Organization for Economic Co-operation and Development (OECD),22 the Association of Southeast Asian Nations (ASEAN) and the Asia-Pacific Economic Cooperation (APEC), the World Economic Forum (WEF), have also addressed issues of cybersecurity.
Derived from the importance of the global digital economy and market, instead of being treated as technical problems that require technical solutions, the risks in cyberspace must be addressed as economic risks. This is why this article analyzes the importance of cybersecurity for the promotion of e- commerce within the framework of free trade agreements. Though cybersecurity policies should be sought in the promotion of e-commerce, cyberspace protection measures and their infrastructures must be analyzed to determine that they do not constitute an obstacle to e-commerce. Therefore, we will first analyze the development of e-commerce as a driving force of the digital economy, mentioning the enablers and technologies that have fostered its development. Later, we will examine cyberspace in the cybersecurity environment to know the efforts that have been carried out for its protection. Through the knowledge of cyberspace and cybersecurity, a framework of cybersecurity will be built up by the countries that make up the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), as it will be within the framework of the renegotiations of the North American free trade agreement. Lastly, a series of final considerations will be given.
II.Electronic commerce in the global digital economy
The new economy is global, but also digital; it evolves in real time and with- out borders. The economy is immersed in a global conversation, or digital interaction. It seems that the world is now united in a single electronic market, just a click away. The basis of commerce that develops in cyberspace is connectivity. The Internet, by its very nature, has knocked down the geopolitical boundaries that traditional commerce could not.
For the World Trade Organization (WTO), e-commerce constitutes: “the production, distribution, marketing, sale or delivery of goods and services by electronic means”.23 While for the OECD this type of commerce constitutes “the sale or purchase of goods or services, performed by computer networks by methods specifically designed for the purpose of receiving or placing of place orders”.24
In 1996, fulfilling its work of establishing friendly international economic relations, the United Nations Commission on International Trade Law (UNCITRAL) published its Model Law on Electronic Commerce, with Guide to Enactment. With this instrument, UNCITRAL sought to provide legal certainty and unify criteria in transactions that were developed via data messages,25 with the aim to progressively standardize and unify international commercial law. In its preamble, the UNCITRAL Model Law26 refers to “transactions in international trade are carried out by means of electronic data interchange and other means of communication”, which “involve the use of alternatives to paper-based methods of communication and storage of information”.27
In addition to highlighting the importance of e-commerce, the above definitions cover all kinds of commercial electronic transactions, including electronic funds transfers and credit card payments. However, such broad definitions are somehow obsolete as they do not recognize new forms of e- commerce, such as those done through the Internet (open networks) and limited to electronic transactions themselves, without referring to the spirit of this kind of business (cyberspace and virtual market, among others). There- fore, we consider the following, broader definition:
Electronic commerce includes the set of commercial transactions carried out by electronic or digital means of communication, either through open or closed networks, which is deployed within a global system, using computer and telecommunications networks (mainly the Internet), which create virtual markets of all kinds of products, goods and services in cyberspace.28
The economy that takes place in cyberspace groups companies into large networks of interdependent relationships in which these companies share activities and interests.29 Industrial companies have given their place to technical-scientific companies and to transnational network companies that base their services on software. And in some cases, they have become real-time companies, continuously and immediately adapting to the changing conditions of a new digital or hybrid environment, conditioned by the immediacy of information. An example of this is found in the new models of LegalTech,30 RegTech31 and FinTech,32 all of which are companies that rely on new tech- nologies like cloud computing, big data, artificial intelligence or blockchain, to create innovative solutions in providing services in their sector, bringing, in turn, more options for their users/customers.
In this way, the business organization has been restructured to adapt and get the most out of ICT. While the proper use of the Internet in companies previously meant a source of competitiveness and productivity, a digital strategy is now a fundamental part of the business plan. Electronic commerce not only benefits business-to-consumer (B2C) or business-to-business (B2B) commerce but has also strengthened consumer-to-consumer (C2C) trade. Platforms like eBay, Mercado Libre, and Amazon, among many others, have allowed small entrepreneurs and basically anyone to participate in international trade.
Another characteristic of this digital economy is the change of “traditional” roles of producers and consumers. By changing from a consumer Internet to a consumer and production Internet, we have become “prosumers”.33 By becoming part of the production process with our knowledge, information and ideas, requesting or designing customized articles, or even uploading content to the network, the gap between consumers and producers is blurred. If the previous decade had brought us an internet of information, we are now witnessing the emergence of the Internet of value, which provides us with tools to achieve more active participation in the processes of services and products.
The rapidity with which this digital economy has developed is the result of the technologies and innovations that drive the Fourth Industrial Revolution. Multiple organizations have classified the technologies that are behind this new Industrial Revolution. However, if we consider that all these new technologies and developments share the key feature of harnessing the power generated by the digitalization of all things and ICT, we should have long ago questioned their safety and resilience. To learn about the challenges on its protection, we will briefly analyze the technologies that we consider are the key in the development of the digital economy.34
1.The Digitization of Everything and the Increasing Amount of Information Available
The data and information that emerge from the digitalization of things have become the raw material for businesses and companies, a vital asset capable of creating a new form of economic value.35 The implementation of the DIKW36 model for knowledge management and the extraction of data value -material premium data- can only be optimized in a coherent data ecosystem that includes software companies, SMEs, data sectors (private and public), researchers, academic institutions and capital providers. This data ecosystem will support the intensification of cooperation among the various groups of stakeholders to work towards achieving mutually reinforcing objectives.
Data economics37 measures the overall impact of the data market; that is, the market in which digital data are exchanged as products or services derived from raw data, in the economy as a whole. For the European Union, this data economy involves the generation, collection, storage, processing, distribution, analysis, processing, delivery and exploitation of the data that make digital technologies possible.38
2.Artificial Intelligence (AI)
This is characterized by automatic learning based on data and automated decision-making. In broad terms, AI is a collective term to identify “computer systems that can sense their environment, think, learn and act in response to what they perceive and their objectives”.39 According to the study prepared by PWC,4040 in 2030 the global GDP will be 14% higher as a result of artificial intelligence, which is equivalent to 15 7000 million USD.
3.Big Data
If we consider that every day more than 2.5 exabytes (equivalent to 1,000,000 terabytes)41 are generated in the world, we must consider that, as a result of the digitization of everything, we live in a world of enormous amounts of data. The amount does not define Big Data as it is only an exponential of the amount of information that is generated daily. From a technological point of view, we can understand Big Data as the information or group of data that cannot be stored or visualized with traditional tools due to its high volume, diversity and complexity.42 Big Data43 has become a new frontier for innovation, competitiveness and productivity. However, we must consider that data by itself is not valid if it is not converted into information, translated into knowledge and generated into wisdom.44 Data should lead to the development of actions, processes or even public policies. Big Data is presented as a challenge, but also it provides new opportunities for companies.
4.Internet of Things (IoT)
With a market value estimated to exceed one billion euros by 2020, the European Commission45 identifies the IoT as the next step in the digitalization of society and economy in which people and objects will be interconnected through communication networks that inform on their status and environment. The IoT is made up of a set of sensors46 that capture information about what happens in their environment. Due to the ubiquitous nature of the objects connected to IoT, it is estimated that by 2020 about 26 billion devices will connect to the Internet. These devices are a source of data collection that grows exponentially and, consequently, can be processed by Big Data systems.
5.Cloud Computing
The “cloud”, as it is called, is a model that allows ubiquitous access conveniently and on demand network to a set of configurable computing resources, which can be provided quickly with minimal management or interaction with the service provider. This model promotes availability with five essential characteristics, three service models and four implementation models.47 It is a model of ICT services in an ecosystem of technological resources that offers scalable, shared and on demand services in different modalities to different users through the Internet.
6.Materials Based on “Bio-ˮ or “Nano-ˮ Technology
Biotechnology and nanotechnology are both enabling technologies that have led to innovations in many industrial sectors, helping to determine broad ranges of economic and social impact. In accordance with ISO / TS 80004-1: 2015,48 nanotechnology is the application of scientific knowledge to manipulate and control matter at nanoscale, “as well as to make use of size - and structure- dependent properties and phenomena, as distinct from those associated with an individual atoms or molecules or with bulk materials”. Meanwhile, biotechnology constitutes the “manipulation49 of living organisms or their components to produce useful, usually commercial, products”.50
All these technologies constitute platforms of innovation that permeate all economic sectors. They are possible since they are cultivated and improved through the digitalization of everything. However, the Internet did not succeed because its infrastructure became more secure, but in spite of its inherent insecurity. For the OECD, the nature of the technical vulnerabilities of the information systems interconnected through the Internet have not fundamentally changed. What has changed is that “society and the economy now depend on this fundamentally insecure environment”.51
As data driven technologies, the issues surrounding privacy, personal data protection, information availability and the security of all of them are some of the main concerns in their being adopted by organizations and companies. With the digitalization of everything enormous volumes of data are generated to constantly feed Big Data, which is stored in the cloud.52 Hence, this is a potential gold mine for cyberattacks and cybercriminals. In addition to cybersecurity risks of attacks, companies, governments and institutions must be aware of the vulnerabilities associated with ignorance due to breaches of security policies or lawsuits related to data breaches. If you do not have adequate processes, training and technological innovation in cybersecurity in the company, country or institution, you can be plunged in several problems, in addition to the loss of information, financial losses, damage to the brand and reputation, non-compliance with the law (along with fines), as well as the loss of competitive edge and trust.
III.From cyberspace to cybersecurity
1.Cyberspace
Cyberspace is a space of flows, a virtual space that grows daily with the inter- actions that are made through ICT. Called the fifth domain with the earth, sea, air and space, cyberspace is a virtual environment in which we carry out most of our daily activities. But unlike the other four domains, it needs permanent attention and human collaboration for it to operate.
Cyberspace is an electronic world, a global common space where people unite to exchange ideas, services and even friendship.53 It is a kind of nervous system that controls countries and the critical infrastructure that sustains them. Its proper functioning is essential for the economy and national security.54 It is a worldwide digital environment consisting of computer networks and telecommunications by which people communicate, interact, and are allowed to exercise their rights and freedoms in the same way they do in the physical world.55 Technically, ISO points out, cyberspace is “a complex environment resulting from the interaction of people, software and services on the Internet through technological devices and networks connected to it, which does not exist in any physical form”. The definition of cyberspace is very important to understand what is to be protected. Therefore, there is still no approved concept for it.
Regardless of its definition, cyberspace is the basis by which e-commerce is carried out, as well as the foundation of the digital economy. Consider the daily increase in the creation of services and products, in addition to the technologies that are developed in this space. Nowadays we add information of all kinds that we manage through this virtual flow and the services already connected to it (including critical infrastructure). This results in an increasing dependence on ICT. And to the extent that our dependence on new technologies increases, we become more vulnerable to them,56 for example we have smart devices, even clothes, and maybe we are not so much.
2.Cybersecurity
In May 2017, the WannaCry ransomware hit 150 countries and hundreds of thousands of systems, paralyzing healthcare, production facilities and tele- communications. In 2018, new hardware weaknesses were exposed, and massive data breaches were found: in India’s Aadhaar.57 Considered the world’s largest biometric identification system, it suffered breaches that compromised the data of 1,100 million registered citizens. Later that same year, in September, Facebook58 notified its users of the largest massive data breach it had ever suffered, which came to affect more than 50 million people. And we began 2019 with the “worst attack of computer hacking” Germany has experienced of documents, personal messages, mobile phone numbers, credit card information, addresses, and emails (among others), in this große Datenleck. Some of the victims are the German Chancellor and German President Frank-Walter Steinmeier, as well as political parties, journalists and celebrities, among others. Putting this into perspective, one might ask, why worry about the security of cyberspace? Why is it necessary to incorporate it into free trade agreements? In relation to the first question, if the digital economy, like electronic commerce and multiple activities of our daily lives, are currently based on the flow of data and information, we must consider the security of all the infra- structure that contains it. Our critical infrastructure is increasingly connected to the networks that make up said cyberspace. Our daily activities, from communication to accessing information, work, health and education, are carried out at every moment in that cyberspace. In this way, the Internet and ICTs have become a critical resource in the development of electronic commerce and the digital economy, which has consequences for cybersecurity policies, one of the main ones of which is the adoption of strategies that address the issue of cybersecurity.
And what is cybersecurity? Cybersecurity will strive to deal with the security of this cyberspace. We can interpret the term according to the concepts given by the technical community and those established in national cybersecurity documents. However, we believe that the ITU’s definition59 issued in Recommendation ITU-T X.1209 (12/2019) adequately explains the concept: “3.1.1 Cybersecurity [b-ITU-T X.1205]: Collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment60 and organization and user’s assets”.
Identifying as “assets” the “connected computing devices, the users, the services/applications, the communication systems, the multimedia communications, as well as all the information transmitted and/or stored in the cyber- environment”. ITU recognizes that cybersecurity ensures that the security properties of the organization’s assets and users are achieved and maintained against the corresponding security risks in the cyber-environment. And refers to the following information properties: availability; integrity, which may include authenticity and non-repudiation; and confidentiality.
Due to its rapid growth in number and sophistication, cyber-attacks61 are positioned as a critical threat to national security and one of the greatest risk’s nations face today. In its “Global Risks Report 2019”, the WEF has recognized fraud or massive theft of data and cyber-attacks as two of the five main global risks that countries perceive.62 While in North America, the risk of cyber-attacks has surpassed terrorist attacks as the number one risk of greatest concern in doing business.63
As a consequence, governments in many countries have begun to develop strategies or laws and national cybersecurity policies to protect themselves against cyber threats, with a risk management vision that allows them to identify their vulnerabilities while trying to promote the benefits of a hyperconnected and cyber-enabled world. The development of national cybersecurity strategies has become a national policy priority in several countries.64 The NATO Cooperative Cyber Defense Center of Excellence has identified more than 50 countries that have published a cybersecurity strategy or national cybersecurity strategy where they define “what security means for their future national and economic security initiatives”.65
Cybersecurity strategies or national cybersecurity strategies (NCSS) involve action plans to facilitate the attainment of a national competitive advantage regarding cybersecurity. They constitute action plans designed to improve the security and resilience of national infrastructures and services. These documents articulate an approach to cybersecurity adapted to a specific national or legal context. In this sense, the implementation of the strategies must be accompanied by planning technological development, as well as generating skills and human capital to work for it.
Just as there is no single definition for cyberspace and cybersecurity, there is no single strategy that can be followed given the characteristics of each country. However, we can identify common themes, which in the end does not make us so different. These include cooperation (international and national), the protection of users’ human rights and risk management.
IV.Cybersecurity in free trade agreements
Concerns about national security and trade policies are not new. However, given the electronic nature of international and national commercial transactions, the theme has acquired a new and urgent prominence, especially in more developed countries due to an increasingly growing link and dependence on ICT, its services and its infrastructure. Turning now to the specific context and considering the fact that most developed and developing economies have laws and regulations that restrict foreign direct investment (FDI) based on concerns related to national security or the loss of countries’ natural resources, what would be the equivalent for protection in cyberspace? Economic security deals with trade, production and finance.66 Although developed and developing countries67 have different points of view regarding economic security threats associated with cybersecurity, as mentioned above, there are common and global problems.
As technologies are being rapidly adopted by governments, individuals and organizations, ICTs are gaining importance in the national security equation. Allegations related to cybersecurity have given rise to various barriers to international trade and investment. Obstacles related to cybersecurity cover at least the following categories of concerns: political68 and economic69 espionage and information security of countries70 and citizens.71
In relation to e-commerce, a cybersecurity strategy should ensure that it does not become an obstacle or barrier to these electronic transactions. That is, just as there are trade barriers, which constitute restrictions imposed on the free flow of trade and investment, a cybersecurity-related barrier for international trade and investment is defined as “any problem related to real and perceived security risks in the cybernetic environment that directly or indirectly hinders the growth of international trade and investment”.72
1.Association of Southeast Asian Nations (ASEAN)
In the case of the Association of Southeast Asian Nations,73 Chapter 1 of its Charter74 establishes that one of its purposes is to “enhance peace, security and stability and further strengthen peace-oriented values of the region”, through mutual cooperation. In 2013, ASEAN and Japan signed the “Joint Ministerial Declaration of the ASEAN and Japan Ministerial Policy Meeting on cooperation in cybersecurity”,75 where in addition to recognizing the importance of a secure cyberspace as one of the “major drivers” of innovation, it is also essential in “promoting social and economic activities and strengthening ASEAN connectivity”.76
2.From TPP to CPTPP
The Trans-Pacific Economic Cooperation Agreement, better known by its acronym TPP (Trans-Pacific Partnership),77 covered different aspects aimed at making trade more agile and simple, reducing costs and times for doing business, always under the protection of clear and precise rules for everyone. For Sigmond, the TPP incorporated commitments that did not exist in the previous Free Trade Agreements. For example, the author says, “the parties commit- ted to have protection for consumers and stop unsolicited commercial messages. They also promoted the commitment to help small and medium-sized businesses”.78
In January 2017, the U.S. Government decided to withdraw permanently as a signatory from the TPP negotiations in search of better conditions for its country. In response to this and in an effort to give effect to the treaty, on November 11, 2017, the trade representatives of the 11 remaining countries79 agreed on the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). On January 23, 2018, the 11 countries participating in the CPTPP reached an agreement in Tokyo, Japan. This agreement incorporates some provisions contained in the TPP, while others were suspended.80
The TPP contains a section on electronic commerce (Chapter 14), where, in addition to recognizing it as a driver for economic growth and opportunities, it recognizes the importance of frameworks that promote consumer confidence, as well as the need to avoid obstacles for its use and development (Article 14.2.1).81 This section was incorporated into the CPTPP.
Within its definitions, the Agreement identifies computer programs, texts, “image, sound recording or other product that is digitally encoded, produced for commercial sale or distribution and that can be transmitted electronically” as digital products.82 This definition, in accordance with the text of the Agreement, should not be understood to “reflect a Party’s view on whether trade in digital products through electronic transmission should be categorized as trade in services or trade in goods”.83
The Parties to the Agreement recognize the economic and social benefits derived from the protection of personal information84 of e-commerce users, which also improves consumer confidence (Article 14.8.1). To guarantee this protection, each Party undertakes to adopt or maintain a legal frame- work that encourages the protection of users’ personal information, based on the principles and guidelines of the relevant organizations (Article 14.8.2). The purpose is to promote a secure framework that allows the cross-border transfer of information (including personal information) by electronic means when the business is carried out by a “covered person” (Article 14.11.2). It also refers to protection against unsolicited commercial electronic messages.
In addition the treaty establishes the duty of the Parties to maintain a legal framework that governs electronic transactions consistent with the principles of the Model Law of Electronic Commerce of UNCITRAL or with the United Nations Convention for the use of Electronic Communications in International Contracts (Article 14.5.1.).
Regarding the barriers to electronic commerce, the parties agreed to strive to: “a) avoid any unnecessary regulatory burden on electronic transactions; b) facilitate input by interested persons in the development of its legal frame- work for electronic transactions” (Article 14.5.2). The foregoing implies, on the one hand, not applying unnecessary barriers, and on the other, cooperation among the multiple stakeholders in shaping the legal framework, which is in line with the multistakeholder model of Internet Governance.
Chapter 14 of the aforementioned CPTPP highlights a section on Cybersecurity, which is aimed at promoting cooperation between the contracting parties. In addition, the instrument refers to committing to the development of capacities of the national entities responsible for responding to computer security incidents, as well as to employ collaborative mechanisms for the identification and mitigation of malicious intrusions or the dissemination of malicious codes that affect the electronic networks of the Parties (Article 14.16).
Although it does not make a single reference to the concept of cybersecurity, the framework around the countries that make up this treaty is as follows.
Table 1 Applicable legislation on cybersecurity By CPTPP member countries
| CPTPP countries with strategies or cybersecurity documents | GCI Ranking (global ranking/ score) | ||
| Country | Instruments | Cybersecurity Concept | |
| Australia |
-National security and defense strategy. Strong and Secure: A Strategy for Australia’s National Security (2013) 86 -2016 Defense White Paper. |
Measures relating to the confidentiality, availability and integrity of information that is processed stored and communicated by electronic or similar means. 87 | 10/0.890 |
| Brunei Darussalam | Computer Misuse Act (2007) 88 | **89 | 64/0.624 |
| Canada |
-Canada’s Cyber Security Strategy: For a Stronger and More Prosperous Canada (2010) 90 -Action Plan 2010-2015 for Canada’s Cyber Security Strategy (2013) -Action Plan for Critical Infrastructure 2014-2017 (2014) |
Cyberspace is the electronic world created by interconnected networks of information technology and the information on those networks. It is a global common where more than 1.7 billion people are linked together to exchange ideas, services and friendship91 | 9/0.892 |
| Chile | Política Nacional de Ciberseguridad (2017) 92 | Cybersecurity is a condition characterized by a minimum amount of risks to cyberspace, understood as the set of physical, logical infrastructures and human interactions that occur there. 93 | 88/0.438 |
| Japan |
National security and defense strategies: -Defense White Paper Japan (2015) -Cybersecurity Strategy- Towards a World- Leading, Resilient and Vigorous Cyberspace (2013) -International Strategy on Cybersecurity-j-Initiative for Cybersecurity (2013) -Cyber Security Strategy (2015) 94 |
Japan aims to construct a “world-leading”, “resilient” and “vigorous” cyberspace, and incorporate this cyberspace as a social system to realize a “cybersecurity nation” as a society that is strong against cyber-attacks, full of innovations and of which its people will be proud. 95 | 14/0.880 |
| Malaysia | The National Cyber- Security Policy (NCSP, 2006) 96 | Vision: Malaysia’s Critical National Information Infrastructures will be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social wellbeing and wealth creation. | 8/0.893 |
| Mexico | Estrategia Nacional de Ciberseguridad (2017) | Set of policies, controls, procedures, risk management methods and standards associated with the protection of society, government, economy and national security in cyberspace and public telecommunication networks. 97 | 63/0.629 |
| New Zealand |
National security and defense strategies: -NewZealand’s National Security System (2011) -Defense White Paper (2010) -New Zealand’s Cyber Security Strategy99 (2015) -New Zealands Cyber Security Strategy Action Plan (2015) -National Plan to Address Cybercrime (2015) |
The practice of making the networks that constitute cyber space as secure as possible against intrusions, maintaining confidentiality, availability and integrity of information, detecting intrusions and incidents that do occur, and responding to and recovering from them. 100 | 36/0.789 |
| Peru |
-Política de Seguridad y Defensa Nacional (2017) 102 -Decreto Supremo N° 066-2011-PCM. -Agenda Digital Peruana 2.0 -Decreto Legislativo 1141, Decreto de Fortalecimiento y modernización del Sistema-de Inteligencia Nacional -SINA y de la Dirección Nacional de Inteligencia -DINI |
Digital Security at the national sphere is the level of confidence in the digital environment resulting from managing and implementing a set of proactive and reactive measures against risks that affect the security of individuals, economic and social prosperity, national security and national objectives in that environment. It is based on collaboration with actors from the public sector, the private sector and others who support the implementation of controls, actions and measures. 103 | 95/0.401 |
| Singapore |
-National Cyber Security Masterplan 2018 (2013) -Factsheet on National Cyber Security Master- plan 2018 •Cyber security strategy (2016) 104 •Cybersecurity Act (2017) |
…the security of a computer or computer system against unauthorized access or attack, to preserve the availability and integrity of the computer or computer system, or the confidentiality of information stored or processed therein. | 6/0.898106 |
| Socialist Republic of Vietnam | Law on Network Information Security (2016) 107 | Network information security means the protection of network information and information systems against any illegal access, use, disclosure, interruption, amendment or sabotage in order to ensure the integrity, confidentiality and availability of information.108 | 50/0.693 |
Source: Developed by the author.
3.The North American Free Trade Agreement (NAFTA)
For the purpose of establishing the basis for strong economic growth and greater prosperity for the countries that integrate it, in 1994 the North American Free Trade Agreement (NAFTA) entered into force between Canada, the United States109 and Mexico. In this way, one of the largest free trade zones in the world was created. On August 13, 2017, the rounds of NAFTA renegotiations began. Beyond the statements of the U.S. Government regarding the treaty, the 3 countries agreed that the treaty needed to be modernized.
The original NAFTA did not contain provisions on electronic commerce or cybersecurity. So, we are witnessing a new chapter in the commercial flow among the three nations, as well as new agreements about security, but this time, to safeguard cyberspace, which is common as well as global.
The USMCA has incorporated (among other provisions) Chapter 19 on Digital Trade, where several issues are addressed, including the principles on access and use of the Internet for digital commerce (Article 19.10), as well as the protection of personal data and the cross-border flow of information by electronic means (Article 19.11).
Regarding cybersecurity, which is addressed in the same chapter, the agreement focuses on international cooperation and capacity development among the 3 countries.
Table 2 Comparison on cybersecurity: CPTPP vs. Nafta
| Cybersecurity in Free Trade Agreements | |
| CPTPP | US-Mexico-Canada Agreement |
|
•It highlights a section on Cybersecurity aimed at promoting cooperation between the contracting parties. •In addition to committing to the development of capacities of the national entities responsible for responding to computer security incidents, as well as to employ collaborative mechanisms for the Identification and mitigation of malicious intrusions or the dissemination of malicious code that affect the electronic networks of the Parties (Article 14.16). |
•Cybersecurity (Article 19.15). The Parties shall endeavor to: a)build the capacities of their national entities responsible for cybersecurity incident response; and, b)strengthen existing collaboration mechanisms for cooperating to identify and mitigate malicious intrusions or dissemination of malicious code that affect electronic networks, and use those mechanisms to swiftly address cybersecurity incidents, as well as for the sharing of information for awareness and best practices. |
Source: Developed by the author
V.Final considerations
Although some countries, like Mexico, have not adhered to or ratified international conventions on specific cybersecurity or cybercrime issues, like the Budapest Convention, it is through free trade agreements that cooperation, collaboration and international protection for the flow of information, products and services that circulate daily in cyberspace is being generated.
The threats and risks in cyberspace arise in a global common space. Networks are so interconnected110 that it can be difficult to limit the effects of an attack on a single part of the system without damaging others or interrupting it altogether. Our information assets flow together in cyberspace. Nowadays, sharing and safeguarding are critical to protecting public and private interests in the area of security, growth, human rights protection and economy.
In the physical world, there is no system that is 100% secure, and this also applies in cyberspace. We must consider that individuals, organizations, companies, governments and societies depend more on ICT every day. And although creating and implementing strategies or policies regarding cybersecurity has an economic cost, the cost of inaction may be higher. In this sense, it pays to be prepared and resilient.
Regardless of its definition, cybersecurity must be implemented holistically, covering economic, social, educational, legal, police, technical, diplomatic, military and intelligence aspects. It must be based on risk management that respects human rights and is managed through a multistakeholder approach.
Concerns related to cybersecurity should strive not to give rise to barriers to electronic commerce and foreign investment. Although e-commerce requires a regulatory framework that guarantees legal certainty while protecting security of people who choose to use electronic means instead of conventional ones. These frameworks cannot impose barriers that prevent the development and economic growth that this kind of trade brings. For the OECD, national cybersecurity strategies must have two objectives: to promote economic and social prosperity, and to protect societies that depend on cyberspace against cyber threats. This must be done while preserving the openness of the Internet as a platform for innovation and new sources of growth.
The way in which cybersecurity is linked to national economic security has new forms and contexts. With the development of technologies that enable digital economy and encourage electronic commerce, the economic security associated with high technology is being recognized as a substantial source of national security.
Countries are increasingly dependent on the Internet to maintain their services, infrastructure and economies in cyberspace. Therefore, they should be the most concerned in keeping it safe. Thus, those responsible for drafting public policies face an immense task to follow the rapid pace of technological change in the midst of great uncertainty about what the future holes.111 In addition to considering issues like education and building digital skills, the labor market, science and innovation, competition, the development of technology, and commercial and industrial policy systems, countries should be responsible for the protection of their infrastructure (critic and strategic), which largely depends on national policies and priorities. But it must also be carried out with the cooperation of the various stakeholders, considering that most of the service providers are private companies. These issues are also of public interest since threats to cyberspace can affect countries and entire societies.
