Congress Cybersecurity & Tech

What the U.S. Competition and Innovation Act Gets Right About Standards

Mark Montgomery, Natalie Thompson
Friday, August 13, 2021, 8:01 AM

Technical standards set the foundation for billions of devices and systems used daily. Congress has focused on international standards bodies in several provisions of the Senate-passed United States Competition and Innovation Act.

The U.S. Chamber of Commerce in Washington, D.C., which opposed the expansion of the International Telecommunications Union's standards work. (Tim Wang, https://flic.kr/p/7ywARd; CC BY-SA 2.0, https://creativecommons.org/licenses/by-sa/2.0/)

Published by The Lawfare Institute
in Cooperation With
Brookings

International technical standards set the foundation for the billions of digital devices that people worldwide rely on. The standards ensure that mobile devices produced in China can connect to Swedish telecommunications networks and run apps developed in Brazil. Concerns from members of Congress, independent commissions, and observers about China’s influence in the bodies that propose, debate, and adopt technical standards have elevated these venues from wonky, technical arenas that received little public attention to fora deserving of international attention. Think tanks, State Department leaders, and even the Group of 7 are turning their attention to technical standards as crucial elements of geopolitical competition and technology engagement abroad.

As staff of the U.S. Cyberspace Solarium Commission, we investigated the issue of international standards engagement and included in our March 2020 report to Congress a recommendation that the United States should “engage actively and effectively in forums setting international information and communications technology standards.” In a June 2021 report, we highlighted concrete actions the United States can take in support of this recommendation.

Congress has taken its own interest in U.S. leadership in technical standards, which are the subject of several provisions of the Senate-passed U.S. Innovation and Competition Act (USICA). Six of these provisions are the focus of this post. Alongside a variety of other measures focused on investments in research and development and domestic manufacturing, these provisions tackle American technology leadership by aiming to bolster U.S. engagement in international standards-setting bodies (SSBs), encouraging the participation of the U.S. private sector in these bodies, and better understanding China’s growing influence in international organizations of all types. These are crucial proposals that Congress should pass to help protect U.S. economic and national security.

The Value of Standards

Technical standards have strategic importance for the United States as they provide economic benefits that foster innovation and, indirectly, help consolidate U.S. national power. Standards benefit individual firms that are able to successfully have their proposed specifications adopted. Their effective advocacy, and the firm-level benefits of standardization generally, translates into aggregate benefits for the respective economies in which the firms are incorporated.

The economics of standards-setting are especially important given the linkages between economic and national security. These linkages to security go beyond the ability for wealthy countries to translate their economic might into military assets. Economic power also creates strategic advantages insofar as it enables states to leverage their access to and control over certain economic nodes for strategic gain. The Trump administration encapsulated this idea in the assertion that “economic security is national security.”

Standards generate economic value, but they also implicate political values. Though often portrayed as purely technical in nature, they are fundamentally value-laden as they help determine what kinds of features concerning privacy and security will become the norm. China’s efforts in SSBs, for example, have focused on standards related to facial recognition and surveillance technology. Given the country’s use of such technologies to repress ethnic minorities and political dissidents, these actions should generate significant concerns among Western countries committed to protecting liberal values.

The Current State of Play in Standards Bodies

Though the United States has historically been a leader in SSBs, China has invested heavily in growing the country’s presence in these bodies and threatens to challenge U.S. leadership.

The three largest international SSBs are the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC) and the International Telecommunication Union (ITU). Other SSBs such as the 3rd Generation Partnership Project (3GPP) or the Internet Engineering Task Force (IETF) are smaller organizations that propose technical specifications or oversee standards development for specific areas, like, in this case, 5G telecommunications and the internet, respectively. The ITU is a multilateral SSB (composed of states), while the ISO, IEC, 3GPP, and IETF are multistakeholder SSBs (composed of government representatives, companies, subject matter experts, civil society participants and the like). Each body has its unique structure, but SSBs and their technical committees, subcommittees, and working groups are generally led by secretariats, chairs, and vice chairs. In general, standards bodies are driven by consensus, and international standards are voluntary in nature. However, the World Trade Organization’s Agreement on Technical Barriers to Trade, which stresses the importance of using internationally adopted standards wherever possible, and accompanying guiding principles for their development, lends additional importance to international technical standards.

China has invested heavily in standards-setting in recent years, offering financial incentives to companies that propose standards or that obtain leadership roles in SSBs. These incentives encourage quantity over quality, sometimes flooding SSBs with technically inferior standards proposals. At the same time, China has coerced its companies to vote as a bloc in industry-led bodies. Both of these actions undermine what ought to be consensus-driven processes that favor the most technically sound proposals.

These strategies have led China to increase its leadership by 58 percent at the ISO between 2012 and 2020 (from 45 secretariats, including twinned secretariats, to 71) and doubled its leadership at the IEC during the same period (from 6 to 12). China also far outranks the United States in terms of technical committee participation at the ISO: China is a participating member of 729 technical committees, while the United States is a participating member of 562 technical committees. According to a 2018 review, China chaired twice as many of the ITU standards focus groups as the United States did.

The trend in U.S. leadership engagement at SSBs is also mixed. While U.S. leadership at the ISO and IEC remains strong (in 2018, the United States held 14 percent of the ISO and IEC secretariats, second only to Germany), U.S. efforts at the ITU have been lackluster. The U.S.-China Economic and Security Review Commission raised concerns about (lack of) U.S. engagement at the ITU in the previously mentioned 2018 report, noting “the absence of many U.S. stakeholders in important standards groups” and “lower U.S. enthusiasm for the ITU as a standards-setting venue.”

China’s encouragement for Chinese companies to participate in SSBs and promotion of Chinese-developed standards should prompt U.S. policymakers to examine how the United States can reinvigorate its participation and retain leadership in these bodies. USICA provides an opportunity to do just that.

USICA Standards Provisions

The Senate-passed, bipartisan USICA aims to tackle U.S. engagement and leadership in international SSBs in at least four ways.

Understanding the Lay of the Land

The bill seeks to establish a better understanding of China’s growing role and influence in international organizations and current barriers to U.S. engagement. While much has been made of the subsidies the Chinese government provides to firms that successfully obtain leadership roles in SSBs or introduce technical standards proposals, the success of these measures has yet to be studied comprehensively. Moreover, it is unclear how China’s growing role in SSBs fits into the Chinese government’s broader strategy of gaining influence in international organizations more generally. Section 3207 of USICA requires the secretary of state, in coordination with the director of national intelligence, to submit a report on expanded Chinese influence in international organizations and the tactics, purposes and goals of achieving such influence. The report must also pay special attention to the impact of China’s efforts as they relate to SSBs.

In addition, Section 2517 of USICA requires the assistant secretary of commerce for communications and information to submit a report on existing barriers to U.S. participation in the standardization activities at the ITU and recommendations for addressing those barriers. Given the previously mentioned U.S.-China Economic and Security Review Commission report’s concerns about U.S. engagement at the ITU, this provision is especially important for encouraging greater enthusiasm regarding multilateral SSBs. Having this baseline understanding of China’s efforts and existing barriers to U.S. participation is crucial to implementing effective policies to increase such participation and counter China’s influence.

As the United States seeks to improve its engagement in the ITU’s standards work, it should be mindful of private-sector stakeholder and advocacy group concerns about mission creep in the ITU’s standardization activities. In comments submitted to the National Telecommunications and Information Administration, groups such as the Center for Democracy and Technology and Mozilla, the Information Technology Industry Council, and the U.S. Chamber of Commerce cautioned against the expansion of the ITU’s standards work, especially as it relates to the push for a “New IP,” arguing that other multi-stakeholder standards bodies are better fora for developing standards proposals. While the United States must maintain a seat at the table and participate actively and effectively in the ITU’s standardization activities, government leaders should pay attention to the concerns of private-sector stakeholders about which standards venues are appropriate for which activities, and the report required by Section 2517 should reflect the feedback of private-sector entities.

Ensuring Interagency Coordination

Another USICA provision (Section 3210) focuses on increasing U.S. representation and leadership in SSBs through the creation of an interagency working group. While this goal is admirable, it fails to acknowledge that such an interagency working group already exists. The National Institute of Standards and Technology (NIST) runs the Interagency Committee on Standards Policy (ICSP), which focuses in part on “foster[ing] cooperation participation by the Federal government and U.S. industry and other private organizations in standards activities.” NIST has decades of experience leading federal work on standards issues and serving as a trusted partner to private-sector entities in this endeavor. A separate provision of USICA (2306) recognizes this, stating that NIST “is in a unique position to strengthen United States leadership in standards development.” Rather than create a new interagency committee, Congress should mandate that the ICSP receive the attention, support and funding it deserves.

Key federal agencies, such as the Federal Communications Commission, National Science Foundation, Office of the Director of National Intelligence, and U.S. International Trade Commission, have yet to appoint an employee to serve as the agency’s representative to the ICSP. As we found in researching our recently published paper on how the U.S. can strengthen its engagement in international SSBs, of the 36 federal entities listed as ICSP members, eight do not have a standards executive, and seven have no representation listed at all. Congress should mandate that all federal departments and agencies that are members of the ICSP immediately name someone to serve as an ICSP representative, and it should also mandate that the newly created Office of the National Cyber Director be added to the list of participants.

To focus greater attention on the issue of international standards engagement, Congress should ask the ICSP to convene a working group that focuses specifically on international standards engagement. There’s no need to reinvent the wheel: There already exists an interagency body that can—and should—devote its attention to encouraging U.S. representation and leadership in SSBs. Congress should leverage the work of this existing body to make that happen.

Encouraging Private-Sector Support

Other provisions of the bill are focused on encouraging private-sector participation in SSBs. This is essential because the United States has historically had a decentralized, industry-driven approach to standards-setting. Unlike in many countries (including the United States’ European allies), standards engagement in the U.S. is led by a private organization—the American National Standards Institute (ANSI)—that represents U.S. interests at the ISO and IEC and is composed of companies, industry associations and other smaller SSBs. ANSI does crucial work to engage the private sector and ensure that relevant stakeholders are apprised of opportunities for standards participation and to educate the public on the importance of standards. In light of the industry-driven nature of U.S. standards engagement, Section 3210 stresses the importance of private-sector engagement in requiring the proposed interagency committee to provide a briefing on engagement with private-sector efforts to propose and develop secure 5G standards. Another provision, Section 2520, authorizes the Commerce Department to provide grants to private-sector entities to participate in standards bodies. Finally, Section 2306 directs NIST and the secretary of energy to build capacity for leadership in standards bodies and partner with the private sector in developing standards for “digital economy technologies.” These provisions are welcome and align with the recommendations contained within our newly released report, which recommends the creation of a formal venue for regular dialogue between U.S. government and private-sector representatives on the geopolitical and economic importance of standards and strategies for standards engagement.

Financial incentives are especially important because standards-setting is costly. One report suggests, based on interviews with private-sector representatives, that it can cost a company $300,000 to participate in 3GPP for a single year. Membership fees and travel costs alone can cost thousands of dollars per standards body. The head of Qualcomm’s standards group estimates that his engineers participate in 200 global standards and industry organizations, meaning these costs add up. In light of this, a separate piece of legislation, introduced by Sens. Rob Portman and Michael Bennet, aims to establish a program specifically focused on encouraging and funding the participation of small businesses in SSBs focused on artificial intelligence standards. In addition, the recently introduced NIST for the Future Act contains a provision on international standards development that would direct NIST to create capacity-building resources and establish a pilot program to fund small business and academic participation in standards activities. These additional bills signal that Congress’s interest in technical standards extends beyond USICA.

Working With Allies and Partners

The United States alone cannot meet the challenge posed by China’s increasing leadership in standards bodies. The United Kingdom, France, Germany and Japan have historically wielded enormous influence in standards bodies, making them important and powerful partners moving forward. Owing to the globalized nature of information and communication technology (ICT) supply chains, the United States relies heavily on foreign countries and their companies for product development, manufacturing and packaging. To the extent that standards affect the competitiveness of European and Japanese technology firms, they impact the United States’ ability to purchase secure goods from trustworthy partners. And like-minded countries can help advocate for standards that align with values such as privacy and transparency.

The United States must also engage with developing countries, which will be key actors in the standards space. China has focused part of its standards efforts on building coalitions with developing countries, and through the Belt and Road Initiative it has acquired asymmetric influence over these actors. Through bilateral agreements on “mutual standards recognition” and its market position in developing countries, China has pushed its standards through a bottom-up process that complements its top-down efforts within international standards bodies. One paper offering a European perspective on standards policy also warns that China’s standards engagement with developing countries might lead such countries to study and emulate the Chinese approach, thereby undermining the market-driven nature of the current international standards order.

One think tank report has dubbed developing countries the “digital deciders” as a result of the impact that their choices will have on the balance between countries that favor sovereign control of technology and those that favor an open and interoperable ICT ecosystem. Especially as China’s engagement threatens to influence how developing countries pursue standards-setting, U.S. engagement should provide an alternative vision for the processes and outcomes of standards-setting.

ANSI is again a crucial partner to the federal government in this area. As the United States’ representative at the ISO and IEC, ANSI regularly engages with its counterpart organizations across the globe to further mutual understanding of standardization systems and build capacity for engagement. These efforts have included a long-running dialogue with key partners in Europe, as well as programming in China, India and the Indo-Pacific. ANSI also runs, in partnership with the U.S. Agency for International Development, the Standards Alliance, which provides capacity-building assistance to developing countries.

With both highly industrialized countries and developing countries, U.S. diplomatic engagement should continue to focus on raising awareness of the importance of standards, building capacity for robust engagement, and identifying opportunities to collaborate on developing and promoting standards that respect the vision of a free, open, and interoperable ICT ecosystem. It could also involve identifying candidates for leadership roles at SSBs and coordinating support for such candidates. All of this should be built on consistent and coherent communication between U.S. diplomats and technical experts to ensure a harmonized approach in U.S. international standards engagement.

Section 3208 of USICA aims to deal with some of these challenges by establishing regular dialogues between the United States and partner and allied nations on regulatory matters, including international standards setting. The exchanges would focus, in part, on “build[ing] consensus around industry and technical standards in emerging sectors that will drive future global economic growth and commerce.” The provision highlights the European Union, Asia-Pacific Economic Cooperation, Association of Southeast Asian Nations, Organization for Economic Cooperation and Development, and multilateral development banks as important venues for engaging in this work and includes opportunities for private-sector participation in the regulatory exchanges. These are crucial steps in the right direction of ensuring that U.S. partners and allies are on the same page when it comes to the importance of setting international standards.

The proposed Bureau of International Cyberspace Policy in the Cyber Diplomacy Act could be an ideal venue in which this diplomatic engagement can take place. The text of the bill, which the House recently passed, charges the head of the proposed bureau with encouraging the development and adoption of internationally recognized standards by foreign countries. Congress should continue to move the ball forward on the Cyber Diplomacy Act and consider incorporating into USICA authorities for the new bureau to build foreign capacity for standards engagement and support the ongoing work of ANSI and USAID in this area.

Resourcing for the Challenge

In addition to creating new authorities, programs, and reports through USICA, Congress must also ensure that NIST is sufficiently funded to conduct its essential work. The president’s budget request for fiscal year 2022 includes a significant increase in overall NIST funding (45 percent) but only a modest increase of $2.35 million (2.8 percent) in base funding for standards coordination and special programs. This increase is intended to enable NIST to “expand its standards coordination, participation, and information services for advanced communications” and “enhance U.S. influence in appropriate international standards development organizations such as ISO and 3GPP.” The budget also provides $500,000 specifically for work on advanced communications research and standards and another $3 million for NIST’s work on strengthening the diversity of the standards workforce. All of this is a step in the right direction, but as appropriators establish agency funding levels, they must ensure that NIST is fully resourced to continue its crucial efforts.

Appropriators should also pay attention to the uniquely public-private nature of standards development when allocating funding to boost U.S. engagement. Outside stakeholders such as ANSI, SSBs, and institutions of higher education play a big role in outreach, education, and capacity building. Ensuring that NIST or other federal departments and agencies can support the work of these stakeholders through grants and cooperative agreements is another necessary aspect of bolstering U.S. engagement. NIST, for example, runs the Standards Curricula Development Program to award funding for cooperative agreements to develop curricula that will “educate students about the impact, nature, and value of standards and standardization.” And the previously mentioned Standards Alliance is funded jointly by ANSI and USAID. Boosting funding for these kinds of initiatives is a key way to ensure that public-private engagement in standards development remains strong.

A Key Step Forward for Standards

Having multiple separate provisions of USICA focus squarely on standards setting is a testament to Congress’s recognition of the problem and commitment to finding a solution to waning U.S. influence in SSBs. All in all, the USICA provisions that relate to standards setting are commendable. They represent tangible progress on the Cyberspace Solarium Commission’s recommendation to better engage in international SSBs. As the legislation moves forward, Congress will inevitably engage in horse-trading that renders the final version of the bill different from the one recently passed by Senate leaders. As they negotiate, legislators would be wise to retain the provisions on standards.


RADM (ret) Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies and an FDD senior fellow. He also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director and as senior advisor to the co-chairs. Previously, he served as Policy Director for the Senate Armed Services Committee under the leadership of Senator John S. McCain. Mark served for 32 years in the U.S. Navy as a nuclear trained surface warfare officer, retiring as a Rear Admiral in 2017. He was selected as a White House Fellow and assigned to the National Security Council, serving as Director for Transnational Threats from 1998-2000. Mark graduated from the University of Pennsylvania with bachelor’s and master’s degrees in history. He subsequently earned a master’s degree in history from Oxford University and completed the U.S. Navy’s nuclear power training program.
Natalie Thompson is a Research Analyst with the U.S. Cyberspace Solarium Commission. Prior to the Commission, she was a research assistant and James C. Gaither Junior Fellow at the Carnegie Endowment for International Peace, where she worked with the Technology and International Affairs Program on projects related to influence operations and cybersecurity. Natalie holds a bachelor's degree in political science and mathematics from Kalamazoo College.

Subscribe to Lawfare