I. INTRODUCTION

II. THE INTERDEPENDENCE OF COMPLIANCE AND THE
PROTECTION OF CONFIDENTIAL INFORMATION

III. STRATEGIES TO PROTECT CONFIDENTIAL INFORMATION

--General Strategies

--The CWC Regime to Protect Confidential Information

IV. NATURE OF THE RULES PROTECTING CONFIDENTIAL INFORMATION IN THE ROLLING TEXT

--Article III--Compliance Measures and Annex D --Investigations

--Article IV--Confidentiality Provisions and Annex E--Confidentiality Provisions

V. ANALYSIS OF THE PROVISIONS ON PROTECTION OF CONFIDENTIAL INFORMATION IN THE ROLLING TEXT AND SUGGESTIONS FOR IMPROVEMENT

--A. Prevention Rules

--B. Post-Breach Rules

VI. CONCLUSION

I. INTRODUCTION

1. The protection of private confidential information will be an important issue in the negotiation of a binding Protocol to the Convention on the Prohibition of the Development, Production, and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction ("BWC"). The Ad Hoc Group of States Parties to the BWC ("Ad Hoc Group") is drafting the BWC Protocol to strengthen the BWC by, inter alia, creating a compliance regime. The experience of the negotiators in negotiating the verification regime in the Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and Their Destruction ("CWC") suggests that the protection of confidential information will be a critical issue in the BWC Protocol negotiations.
2. For a compliance regime to work, inspectors must have access to private enterprises with dual-use capabilities that are in the business of making or working with biological agents. Private enterprises subject to compliance inspections are rightly concerned about the protection of their proprietary information and trade secrets. The BWC Protocol must strike an appropriate balance between the needs of the Protocol's compliance regime and the concerns of private enterprises about their confidential information.
3. The Federation of American Scientists Working Group on Biological Weapons Verification ("FAS Working Group") submits this Working Paper for the Ad Hoc Group to consider during the January 1998 negotiating session. Given that negotiations on provisions for the protection of confidential information have not advanced far to date, as indicated by the latest Rolling Text of the BWC Protocol,⁽²⁾ this Working Paper undertakes only a general analysis of the legal problems of protecting confidential information in the BWC Protocol. The FAS Working Group hopes, however, that this general analysis can help delegations think about how confidential information should be protected in the BWC Protocol.

II. THE INTERDEPENDENCE OF COMPLIANCE AND THE PROTECTION OF CONFIDENTIAL INFORMATION

1. In the chemical and biological weapons contexts, the need to inspect private facilities as part of a compliance system creates the requirement to deal with the protection of confidential information.⁽³⁾ To ensure the public good of preventing the development of weapons of mass destruction, access to private property and information is necessary. Cooperation of private industry becomes critical to the compliance endeavor. As a result, a compliance system in the BWC Protocol must include rules and procedures through which confidential information can be protected.
2. The interdependence between compliance and protection of confidential information is more complicated than the previous paragraph suggests. Because of the concerns of private enterprises about the protection of their confidential information, it will not be possible to agree on a rigorous and thorough compliance regime unless strong rules and procedures for protecting confidential information are also adopted. The nature of the compliance regime will, therefore, depend on the protections that can be developed for confidential information in the international instrument.
3. The substantive framework for the compliance regime for the BWC Protocol is not yet clear. The Rolling Text includes references to various kinds of visits and investigations,⁽⁴⁾ but the proliferation of square brackets indicates that little about the compliance regime has been agreed. What the BWC Protocol compliance system will include remains uncertain.
4. For example, some delegations support non-challenge visits as part of an effective BWC Protocol,⁽⁵⁾ while other delegations opposing non-challenge visits have expressed the view that "Non-Challenge Visits would increase the risk of revealing confidential scientific, technological and commercial information and would unduly hinder the industrial enterprises' activities."⁽⁶⁾Importantly, this position tracks the stance taken by the Pharmaceutical Research and Manufacturers of America ("PhRMA") that "on-site inspections must be limited to challenge inspections."⁽⁷⁾ PhRMA is concerned about the potential loss of confidential information in non-challenge visits.⁽⁸⁾
5. The Rolling Text contains many provisions that acknowledge the importance of protecting confidential information. In the sections on both visits and investigations, the Rolling Text mentions application of managed access to protect confidential information.⁽⁹⁾ Sensitivity to the protection of confidential information also appears in sections on the drafting of initial and final reports after investigations.⁽¹⁰⁾ And the Rolling Text contains Article IV, which deals directly with the protection of confidential information, and which includes references to a Confidentiality Annex and a Commission for the Settlement of Disputes Related to Confidentiality.⁽¹¹⁾
6. The protection of confidential information already has a high profile both in the diplomacy surrounding the negotiations and in the Rolling Text, all of which reinforces the interdependence of the compliance regime and the rules and procedures to protect confidential information.
7. As the negotiations continue, the crafting of an effective compliance regime must not be compromised by fears about the loss of confidential information. Likewise, compliance procedures must contain adequate measures to prevent and deter the misuse of confidential information by the proposed Organization for the Prohibition of Bacteriological (Biological) and Toxin Weapons ("OPBTW") and its officials and staff.
8. The next part of this Working Paper outlines general strategies for striking an appropriate balance between compliance measures and the protection of confidential information.

III. STRATEGIES TO PROTECT CONFIDENTIAL INFORMATION

A. General Strategies

B. The CWC Regime to Protect Confidential InformationOverview

1. An analysis of the CWC rules on the protection of confidential information illustrates the need to concentrate on prevention. In the text of the CWC, Article VIII.5 provides, for example, that the OPCW "shall take every precaution to protect the confidentiality of information on civil and military activities and facilities coming to its knowledge in the implementation of this Convention".⁽¹²⁾
2. The Annex on the Protection of Confidential Information ("CWC Confidentiality Annex") sets out (1) general principles for the handling of confidential information in the OPCW, (2) rules for employment and conduct of personnel in the technical secretariat, (3) measures to protect sensitive installations and prevent disclosure of confidential information in the course of on-site compliance activities, and (4) procedures in case of breaches or alleged breaches of confidentiality.⁽¹³⁾

1. At the first conference of the States Parties to the CWC, the States Parties adopted the OPCW Policy on Confidentiality, which "sets out the basis of the Organisation's policy for protecting confidentiality throughout activities related to the implementation of the Convention, for classifying and handling confidential information, and for dealing with breaches of confidentiality".⁽¹⁴⁾

Prevention Focus

1. Two major features of the CWC confidentiality regime stand out. First, it focuses on preventing confidential information from being released without proper authorization. Although the CWC regime has provisions for dealing with breaches of its rules, the emphasis is on making every effort to ensure that breaches do not occur. Second, the CWC regime attempts to be comprehensive in applying duties to protect confidential information at every level. The prevention-oriented strategy is applied to employees of the OPCW, inspectors carrying out on-site procedures, the OPCW generally, and States Parties to the CWC. The CWC regime on protecting confidential information is very detailed and elaborate. Experts have noted that "[t]he CWC's procedures for C[onfidential] B[usiness] I[nformation] protection are more extensive than most domestic statutes dealing with the government's handling of confidential information."⁽¹⁵⁾

1. Employees, staff, and inspectors of the OPCW are subject to disciplinary action and termination of employment for breaches of confidentiality.⁽¹⁶⁾ The diplomatic immunity enjoyed by inspectors and staff may be waived by the Director-General of the OPCW for serious breaches of confidentiality.⁽¹⁷⁾ The OPCW itself is immune from liability.⁽¹⁸⁾ If a breach of confidentiality involves a State Party and the OPCW, then the dispute goes before the Commission for the Settlement of Disputes Relating to Confidentiality, a subsidiary organ of the Conference of the CWC States Parties ("OPCW Confidentiality Commission"), which attempts to resolve the dispute amicably.⁽¹⁹⁾ If no mutually agreeable resolution is reached, the OPCW Confidentiality Commission prepares a report, which is not binding on the parties to the dispute, recommending actions that might be taken to resolve the dispute.⁽²⁰⁾
2. While the prevention-oriented strategy is comprehensive, these provisions for dealing with breaches are not as strong. Companies are unlikely to be able to sue individuals who breach the confidentiality rules because of (1) diplomatic immunity, or (2) if immunity is waived, (a) lack of jurisdiction over the person and his or her assets,⁽²¹⁾ and (b) lack of sufficient personal assets to provide adequate compensations for losses that might run into millions of dollars.⁽²²⁾ The OPCW itself is immune from liability. If a State Party is responsible for a breach, the OPCW Confidentiality Commission has no powers to reach a binding decision and force the guilty State Party to pay compensation. In addition, under rules of international law,⁽²³⁾ a State Party enjoys sovereign immunity in the courts of other countries if the company attempted to file a private lawsuit against it. A company might be able to impute theft or misuse of its confidential information by OPCW staff to its own government by arguing that the government has expropriated private property for a public purpose (i.e., compliance with the BWC Protocol) and must pay compensation for such expropriation. The prospects of recovering under such a theory are, however, dependent on the nature of that country's constitutional or statutory law.⁽²⁴⁾
3. Experts on the CWC regime have argued that "[t]he inability of a wronged State Party to seek effective redress from the OPCW raises serious concerns. . . . For all their innovation, the elaborate preventive measures in the CWC may be inadequate without an effective remedy for a wronged State Party."⁽²⁵⁾ It is important to stress that the weakness of the CWC post-breach rules derives from the realization that more effective remedies are not legally possible. In other words, structural or systemic obstacles prevented the States Parties to the CWC from adopting stronger post-breach rules.

b. The Structural Nature of the Problems Facing Post-Breach Rules

1. The FAS Working Group believes that attempts to strengthen CWC-type post-breach rules as part of the protection of confidential information in the BWC Protocol would be generally misguided. The problems confronting post-breach rules in the CWC also exist in the biological weapons context because the problems are structural or systemic rather than unique to particular types of weapons. Whatever differences there may be between biological and chemical weapons, those differences do not change the inherent problems confronting post-breach rules in the protection of confidential information in an international compliance regime.
2. First, not granting diplomatic immunity for officials and staff of the OPBTW is an unrealistic option because such immunity is necessary for the successful functioning of the compliance regime. Weakening diplomatic protection for OPBTW staff would undermine the staff's willingness to pursue compliance vigorously, which would in the long run defeat the purpose of the BWC Protocol. OPBTW staff require an environment in which they are encouraged and protected in fulfilling the compliance mission, and the OPBTW needs to prevent a lax or chilled "compliance culture" developing as a by-product of weakened diplomatic immunity.
3. Second, making the OPBTW liable for breaches of its confidentiality rules is politically unrealistic because BWC States Parties will never impose such liability on themselves.
4. Third, increasing the civil or criminal liability of individual OPBTW staff members does not overcome the lack of jurisdiction problem or the lack of adequate personal resources to provide adequate compensation even if jurisdiction could be legitimately exercised.
5. Fourth, sovereign immunity will still prevent suits by companies in domestic courts against States Parties that might be involved in misusing confidential information.
6. Fifth, claims under expropriation arguments are a matter ultimately of constitutional or national law. The BWC Protocol could require, or at least encourage, States Parties to include in implementing legislation a right to recover against the government in the event confidential information is misused within the OPBTW. Independent of any treaty commitment, national governments may wish to provide for compensation procedures in the event that confidential information from their companies is misused by OPBTW staff. Such remedies against the government could help create industry support for the BWC Protocol. In the proposed American implementing legislation for the CWC, Congress facilitates a cause of action against the United States for takings of property by reason of action by any member of the OPCW.⁽²⁶⁾Presumably, the United States would make such a remedy available to American pharmaceutical and biotechnology companies in the event of Senate advice and consent to the ratification of the BWC Protocol. Other governments could facilitate the availability of similar remedies for their companies, which might help garner industry support for the BWC Protocol.

1. In summary, while post-breach rules are needed, going beyond those that exist in the CWC will not prove fruitful in the BWC Protocol negotiations. The FAS Working Group believes that the rules and procedures to protect confidential information in the BWC Protocol should emphasize prevention rather than post-breach punishment.

IV. NATURE OF THE RULES PROTECTING CONFIDENTIAL INFORMATION IN THE ROLLING TEXT

1. The FAS Working Group recognizes that the Ad Hoc Group has not yet focused intensely on drafting the rules to protect confidential information and that nothing has been definitively agreed by the delegations in connection with compliance or protection of confidential information. Nevertheless, the Rolling Text contains some provisions on protecting confidential information that are worthwhile analyzing even at this early stage of negotiations.⁽²⁷⁾

A. Article III--Compliance Measures and Annex D--Investigations

Prevention Rules

1. As mentioned earlier, the provisions suggesting language for compliance investigations contain various means for preventing confidential information from being divulged unnecessarily. The most important provision in this regard is "managed access", which is formulated in detail in the Rolling Text in connection with investigations in Annex D.⁽²⁸⁾ Managed access refers to a set of techniques to prevent investigators from seeing items or areas that contain confidential information that is unrelated to the prohibitions of the BWC or the mandate of the investigation or visit. Managed access was used in the CWC as a confidential information protection device in cases of, for example, challenge inspections.⁽²⁹⁾ Provisions in Annex D of the Rolling Text also stress the investigation team's duty to collect only that information that is necessary to addressing the alleged non-compliance,⁽³⁰⁾ the so-called "need-to-know" principle.

Post-Breach Rules

1. Annex D also contains some provisions on post-breach rules. It contains language that allows the Director-General to waive the immunity accorded to any member of the OPBTW "in any case where, in his opinion, the immunity would impede the course of justice and can be waived without prejudice to [the purposes for which the immunity is accorded][the implementation of the provisions of the Protocol]."⁽³¹⁾ The Executive Council is given the right to waive the immunity of the Director-General.⁽³²⁾ In addition, Annex D contains language that provides that the Director-General can waive the immunity to jurisdiction of the OPBTW "in any case where, in its [sic] opinion, the immunity would impede the course of justice and can be waived without prejudice to [the purposes for which the immunity is accorded][the interests of the Organization]."⁽³³⁾ The power to waive the immunity of OPBTW from the execution of a judgment is vested with the Conference of BWC Protocol States Parties.⁽³⁴⁾
2. In addition, Annex D provides that, in making waiver of immunity decisions in connection with alleged breaches of rules of confidentiality, the Director-General, Executive Council, or Conference of the States Parties shall request and pay "[utmost respect to the opinion][due regard to the views] of the Commission for the Settlement of Disputes Related to Confidentiality" ("BW Confidentiality Commission").⁽³⁵⁾
3. Finally, Annex D contains a provision under which: "[Investigators shall, in accordance with the relevant rules laid down in international law, be liable to physical or juridical persons for any intentional or accidental damage resulting from unlawful actions on their part, including the leaking of confidential information that becomes known to them in the course of investigation work.]"⁽³⁶⁾

B. Article IV--Confidentiality Provisions and Annex E--Confidentiality Provisions

Prevention Rules

1. These two parts of the Rolling Text directly address the protection of confidential information. Many of the provisions in Article IV and Annex E deal with prevention. More specifically, Article IV: (1) requires the OPBTW to operate under the "need-to-know" principle;⁽³⁷⁾ (2) requires BWC Protocol State Parties to treat information and data received from the OPBTW as confidential;⁽³⁸⁾ (3) gives each State Party to the BWC Protocol the right to protect confidential information;⁽³⁹⁾ and (4) places the responsibility on the Director-General to protect confidential information that comes into the possession of the OPBTW and to "establish and maintain a stringent regime" for the protection of confidential information.⁽⁴⁰⁾

Post-Breach Rules

1. Article IV also contains provisions that address alleged breaches of the confidentiality rules. First, Article IV.5 imposes liability on the OPBTW, the Director-General, investigators, and other OPBTW staff members for damages caused to natural or legal persons through the unauthorized disclosure of confidential information. The imposition of liability is curiously "[w]ithout prejudice to the privileges and immunities to be accorded pursuant to this Protocol".⁽⁴¹⁾
2. Second, any State Party to the BWC Protocol that considers that it has been affected by a breach of rules on confidentiality, or that its private enterprises have suffered damage because of such a breach, may seek to settle the dispute through Article XII (the general dispute settlement provision for the BWC Protocol) or the BW Confidentiality Commission.⁽⁴²⁾

V. ANALYSIS OF THE PROVISIONS ON PROTECTING CONFIDENTIAL INFORMATION IN THE ROLLING TEXT AND SUGGESTIONS FOR IMPROVEMENT

1. When compared to the CWC confidentiality regime, two things about the Rolling Text stand out: (1) the less developed nature of the rules on preventing misuse of confidential information, and (2) the efforts to go beyond the CWC confidentiality regime in connection with alleged breaches of the confidentiality rules.

A. Prevention RulesCWC Confidentiality Regime as Precedent

1. A focus of future negotiations on rules to protect confidential information needs to be on developing the rules on preventing the unnecessary access to and misuse of confidential information by the OPBTW staff. The CWC confidentiality regime provides a detailed, comprehensive, and negotiated precedent from which drafting prevention rules for the BWC Protocol could continue.
2. The CWC confidentiality regime might need altering in some respects to account for differences between the biological and chemical contexts. PhRMA has, for example, strongly argued that "[t]here is a fundamental difference between the development, manufacture and storage of chemical and biological warfare agents."⁽⁴³⁾ PhRMA believes that the very nature of biological warfare agents makes them extremely difficult to confirm in on-site inspections.⁽⁴⁴⁾Because of PhRMA's concern about protecting confidential information, it opposes non-challenge inspections. Whatever inspection regime is ultimately crafted, prevention rules sensitive to the peculiarities of biological weapons agents will need to be in place.
3. The FAS Working Group has focused on the need for creative approaches to prevent the loss of confidential information. The chief difference between the biological and chemical industries, with respect to confidential information, lies in the use by some pharmaceutical and biotechnology companies of proprietary microorganisms in production processes. Several FAS Working Group Papers have proposed procedures for protecting proprietary microorganisms during on-site investigations and visits.⁽⁴⁵⁾ For example, robing and showering on entry and exit of a site could be required of inspectors so that traces of microorganisms could not be carried out on their clothing or person. Analysis of samples could be carried out on site, except in extraordinary circumstances such as when confirmation of unusual on-site analytical results is considered necessary by the inspectors or the host state party.⁽⁴⁶⁾ Staff members of the host facility could employ sampling procedures to destroy confidential aspects of microorganisms before giving samples to inspectors for analysis. Procedures are available for this purpose that would not prevent analysis of the microorganism properties that are of interest under the compliance regime. The FAS Working Group's Industry Subgroup will continue its consultations with industry representatives in order to devise additional means for protecting confidential information that are compatible with effective compliance measures.

Proposals for New Prevention Measures

1. The Ad Hoc Group might also create some new prevention measures that would help ensure that confidentiality rules are not breached. Although by no means exhaustive, listed below are some possible proposals for new prevention measures or procedures:

1. Establish a formal process between the OPBTW and OPCW to review the functioning of the respective organizations' rules on confidentiality to create cross-fertilization between the two regimes. Private industry representatives could also be included in this cross-fertilization process.
2. Incorporate into the OPBTW a precautionary principle for dealing with confidential information, such that in any case where it is uncertain whether information is confidential, the OPBTW and States Parties to the BWC Protocol treat it as confidential information.
3. Allow facilities subject to inspections or visits to file formal reports on the compliance of inspection teams with the OPBTW's rules on confidentiality.

1. Create in the BWC Protocol a Committee of Private Industry Experts to review periodically the confidentiality rules and procedures of the OPBTW and to make recommendations to the Conference of States Parties for their improvement.
2. Establish in the OPBTW, and in national governments, programs to educate private enterprises about the BWC Protocol's compliance regime and to prepare them to protect confidential information while complying with the BWC Protocol's obligations, as is being done within the CWC regime.
3. Develop, and attach to the BWC Protocol, an instrument among private enterprises in which companies with facilities potentially subject to OPBTW inspections agree (1) not directly or indirectly to seek OPBTW confidential information from any person, entity, or government, (2) to report immediately to their governments and the OPBTW any person or country that offers them OPBTW confidential information without authorization, and (3) to cooperate with other companies in implementing corporate systems for protecting confidential information while complying with the BWC Protocol's compliance regime.⁽⁴⁷⁾
4. Most of these proposals attempt to create the framework for more private industry support and participation in the BWC Protocol's confidentiality regime. The need to analyze and handle private information in order to create a public good--the reduced likelihood of the use or development of biological weapons--strongly suggests the need to craft on-going confidence-building measures between the private and public spheres. The recognition of this need in the BWC Protocol context parallels the growing recognition of the importance of non-state actors in the development, implementation, and enforcement of contemporary international law.

B. Post-Breach Rules

1. A number of the provisions in the Rolling Text move the BWC Protocol's post-breach rules beyond the CWC confidentiality regime. These provisions introduced two kinds of new post-breach approaches: (1) the imposition of liability on the OPBTW and its staff for unauthorized disclosures of confidential information without requiring a prior waiver of immunity, and (2) restricting the discretion of the persons or bodies that make decisions whether to waive immunity accorded to the OPBTW and its staff.

Imposition of Liability

1. The imposition of liability appears in provisions in Annex D⁽⁴⁸⁾ and Article IV.5⁽⁴⁹⁾ of the Rolling Text. The first question that arises from these liability provisions is how they square with the granting of immunity to the OPBTW and its staff accorded elsewhere in the BWC Protocol.⁽⁵⁰⁾ The immunity provisions of the BWC Protocol require that immunity to jurisdiction and immunity to execution of judgment be waived before an individual would be subject to full liability for a breach of confidentiality rules. Liability in national legal systems cannot attach to the OPBTW or any member of its staff for alleged violations of confidentiality rules without express waivers of immunity. If the immunity protections did not exist, there would be no need to impose liability on entities or individuals in the BWC Protocol because such liability would attach by operation of general international law.⁽⁵¹⁾ Thus, the language imposing liability in Annex D is fundamentally inconsistent with the according of immunity earlier in Annex D. Article IV.5 tries to finesse the inconsistency by declaring the imposition of liability is "without prejudice to the privileges and immunities to be accorded to this Protocol", but it is hard to see how an unconditional imposition of liability can do anything but prejudice the granting of immunity.
2. Annex D and Article IV.5 also differ from the CWC confidentiality regime in trying to impose liability on the OPBTW. In the CWC, the OPCW is not subject to liability in any circumstances because the CWC does not give any entity or person the authority to waive the OPCW's immunity. In the Rolling Text, the Director-General can waive the immunity to jurisdiction of the OPBTW, and the Conference of BWC Protocol States Parties can waive the OPBTW's immunity to execution of a judgment. The FAS Working Group believes that any attempt to impose liability on the OPBTW in any way is politically unrealistic because it would be tantamount to States Parties imposing liability on themselves. Thus, we believe that imposing liability on the OPBTW will find no diplomatic support in the negotiations and should be dropped out of the Rolling Text in all its manifestations.

Constraining Discretion on Waiving Immunity

1. The second difference between the Rolling Text and the CWC confidentiality regime is the attempt in the Rolling Text to constrain the discretion of the entity or individual making decisions whether to waive immunity. In the CWC, the Director-General has the authority to waive the immunity of individual staff members. In the Rolling Text, the Director-General has similar authority, but other provisions constrain his discretionary waiver powers. Annex D has language that provides that the BW Confidentiality Commission shall make waiver recommendations, to which respect or due regard must be given.⁽⁵²⁾
2. In addition, Article IV.6 contains language under which any BWC Protocol State Party may seek to settle a dispute over an alleged breach of confidentiality through the BW Confidentiality Commission.⁽⁵³⁾ No such provisions exist in the CWC confidentiality regime. The relevant provision in the CWC Confidentiality Annex provides that the OPCW Confidentiality Commission shall consider breaches involving both a State Party and the OPCW.⁽⁵⁴⁾ Breaches by OPCW staff are handled by the Director-General without the involvement of the OPCW Confidentiality Commission. Two types of cases seem to fall within the purview of the OPCW Confidentiality Commission: (1) where a State Party violates OPCW confidentiality rules to the detriment of the OPCW, or (2) where the OPCW violates its confidentiality rules as a matter of policy (rather than through the breach by an individual acting on his or her own accord) to the detriment of a State Party or its natural or legal persons.
3. The language of the Rolling Text seems to allow any State Party to take any dispute involving breaches of confidentiality to the BW Confidentiality Commission.⁽⁵⁵⁾Breaches by individual OPBTW staff members could, thus, be handled in two places: by the Director-General and by the BW Confidentiality Commission. This interpretation is consistent with the Rolling Text provision (discussed earlier at paragraph 30) that the BW Confidentiality Commission render opinions on waiver of immunity cases.
4. These provisions seem to advocate involving more than the Director-General (or the Executive Council or Conference of States Parties) in making decisions whether to waive immunity. Perhaps the idea is to increase the likelihood that immunity would be waived if the BW Confidentiality Commission is involved in making recommendations in waiver cases. Such a motive presupposes that leaving the decision in the hands of the Director-General is not sufficient as a post-breach procedure. It is not clear that involving the BW Confidentiality Commission in all allegations of breaches of confidentiality rules would serve a useful purpose. If comprehensive prevention rules are put in place, as in the CWC, then waiver decisions might be adequately left in the hands of the Director-General without the need or expense of involving the BW Confidentiality Commission.
5. Perhaps the idea of involving the BW Confidentiality Commission in waiver decisions is to create another level of public scrutiny of alleged wrongdoing that will in itself create extra deterrence vis-á-vis OPBTW staff members in connection with confidentiality rules. If a comprehensive set of prevention rules were in place in the BWC Protocol, with clear penalties for violations (as in the CWC confidentiality regime), then complicating the procedure through which such penalties will be exacted does not necessarily involve any added deterrence to the regime. The provisions that make the BW Confidentiality Commission part of the waiver decision-making process do nothing to increase the ultimate penalties that may be applied to a person breaching the confidentiality rules of the BWC Protocol. A recommendation in favor of waiving immunity handed down from the BW Confidentiality Commission does not remove the barriers a private enterprise would face in pursuing compensation against the violator because jurisdiction obstacles and the violator's probable lack of adequate personal finances to remedy the damage done through the breach would remain.
6. If deterrence (even in a marginal sense) is the goal, then perhaps this objective could be achieved more efficiently by using the BW Confidentiality Commission again as a "court of appeal" rather than a "court of first instance" for decisions of the Director-General on waivers of immunity. The FAS Working Group proposes that the BW Confidentiality Commission, made up of independent experts selected by the OPBTW and confirmed by the Conference of States Parties, should serve as a court of appeal for decisions of the Director-General on waivers of immunity.
7. This Working Paper earlier discussed addressing the compensation problem through national measures that would provide private enterprises with remedies against their own governments (see paragraph 25). A different way to approach the compensation problem is through insurance either at the national or international level. For example, the BWC Protocol could establish a fund into which States Parties would have to contribute and which would be used to compensate private enterprises that have been damaged by unauthorized disclosure of confidential information by OPBTW staff. However, in addition to questions about the political feasibility of such an idea, the multilateral insurance fund concept faces difficult questions about evidentiary standards that would determine the success or failure of insurance claims.

VI. CONCLUSION

1. The FAS Working Group recognizes the interdependency between the protection of confidential information and the establishment of a compliance regime for biological weapons. The FAS Working Group believes that the best way for the Ad Hoc Group to address the serious concern of protecting confidential information is to emphasize prevention rules. The CWC confidentiality regime provides an excellent precedent from which to draft a confidentiality regime for the BWC Protocol. In addition, the Ad Hoc Group and representatives from private industry should begin close collaboration on altering the CWC precedent to fit the biological weapons context better as well as on creating new prevention mechanisms for the BWC Protocol. Important in crafting new prevention measures will be solidifying a role for private industry in the BWC confidentiality regime.
2. The benefits to be gained by trying, as do certain provisions in the Rolling Text, to strengthen post-breach rules beyond those that appear in the CWC are marginal at best and may not add any value to the compliance system. The structural or systemic impediments to effective imposition of liability on individuals, States Parties, or the OPBTW for breaches of confidentiality rules cannot be overcome by ignoring the need for granting OPBTW staff immunity or complicating the process through which waiver of immunity decisions are made.

1. The FAS Working Group stands ready to work with industry on mechanisms for the protection of confidential information and provide whatever assistance the Ad Hoc Group thinks necessary or appropriate to help build an effective and feasible confidentiality regime for the BWC Protocol.

1. A useful role for the proposed BWC Confidentiality Commission could be created in having this Commission serve as a court of appeal for waiver decisions made by the Director-General and/or the Executive Board. To serve this role properly, the Commission would need to be composed of independent experts nominated by the OPBTW and appointed by the Conference of States Parties.

2. See Rolling Text of a Protocol to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction, found in Annex I of the Procedural Report of the Ad Hoc Group of the States Parties to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction, BWC/AD HOC GROUP 38 (October 6, 1997), covering the eighth negotiating session of September 15 through October 3, 1997.

3. Compliance regimes also need access to public facilities, which also raises issues of confidential information. This Working Paper is, however, focused on private confidential business information.

4. See Rolling Text, art. III(F)(I) and (II).

5. Id., art. III(F), ftn. 28.

6. Id., ftn. 27.

7. PhRMA, Reducing the Threat of Biological Weapons--A PhRMA Perspective, November 25, 1996.

8. Id. See also Rolling Text, art. III(F), ftn. 27.

9. See, e.g., Rolling Text, art. III(F)(I), para. 27 ("The Visited State Party [shall have the right to negotiate the access requested by the Visit Team][may apply managed access techniques . . . where necessary] to protect sensitive information"); and art. III(F)(III), para. 55 ("The investigated State Party shall have the right [under managed access] to take such measures [as are][it deems] necessary to protect . . . commercial proprietary information . . .").

10. Id., paras. 65 and 70.

11. Id., art. IV, paras. 1 and 7.

12. Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on Their Destruction [hereinafter CWC], Article VIII.5.

13. CWC, Annex on the Protection of Confidential Information.

14. OPCW Policy on Confidentiality, OPCW Doc. No. C-I/Dec. 13 (May 16, 1997), at I.1.

15. Barry Kellman, David S. Gualtieri, and Edward A. Tanzman, Disarmament and Disclosure: How Arms Control Verification Can Proceed Without Threatening Confidential Business Information, 36 Harvard International Law Journal 71, 95 (1995).

16. CWC, Annex on the Protection of Confidential Information, at D.20 ("The Director-General shall impose appropriate punitive and disciplinary measures on staff members who have violated their obligations to protect confidential information.").

17. Id. ("In cases of serious breaches, the immunity from jurisdiction may be waived by the Director-General.").

18. Id., at D.22 ("The Organization shall not be held liable for any breach of confidentiality committed by members of the Technical Secretariat.").

19. Id., at D.23, and OPCW Policy on Confidentiality, Part IX.2, at 3.2-3.4. The OPCW Confidentiality Commission "as a whole will be made up of persons appointed in a personal capacity from a list of nominees put forward by States Parties to the Convention. . . . This list of nominees will be submitted to the Conference and 20 persons shall be appointed from it to serve on the Confidentiality Commission for an initial two-year term." Id., at 1.1.

20. OPCW Policy on Confidentiality, Part IX.2, at 3.5. If two disputing States Parties agree, the OPCW Confidentiality Commission may "decide on an arbitrated resolution to the dispute which is binding on the disputing parties." Id., at 3.6.

21. Barry Kellman and Edward Tanzman, Implementing the Chemical Weapons Convention: Legal Issues (Lawyers Alliance for World Security Committee for National Security, July 1994), at 3 ("This waiver of immunity will have little practical effect, however, unless the accused individual is in the custody of a government with both the power and the political will to prosecute.").

22. Kellman, Gualtieri, and Tanzman, Disarmament and Disclosure: How Arms Control Verification Can Proceed Without Threatening Confidential Business Information, supra note 14, at 101 ("The ability to sue the individual employee, if immunity is waived, will be of little benefit when the lost confidential information is worth millions of dollars.").

23. See Ian Brownlie, Principles of Public International Law (Oxford: Clarendon Press, 4^th ed., 1990) at 323-336 for discussion of international law on sovereign immunity.

24. See Kellman, Gualtieri, and Tanzman, Disarmament and Disclosure: How Arms Control Verification Can Proceed Without Threatening Confidential Business Information, supra note 14, at 121-124 for discussion of "takings" argument under U.S. constitutional law. In the proposed U.S. CWC implementing legislation, the U.S. Congress facilitates a claim against the United States by American companies that suffer damages from misuse of confidential information by the OPCW. See Working Paper's later discussion of this implementing legislation at paragraph 25.

25. Id., at 101.

26. Senate Bill S610, An Act to Implement the Obligations of the United States under the Chemical Weapons Convention, 103(a)(1)(A) ("The United States Court of Federal Claims shall . . . have jurisdiction of any civil action or claim against the United States for any taking of property without just compensation that occurs by reason of the action of any officer or employee of the Organization for the Prohibition of Chemical Weapons, including any member of an inspection team of the Technical Secretariat . . ."). The CWC does not obligate the United States to facilitate this cause of action.

27. This analysis is not, and is not intended to be, an exhaustive study of all provisions in the Rolling Text that may relate to the protection of confidential information. Such an exhaustive analysis, at this early stage of the negotiations on this matter, would be premature.

28. Rolling Text, Annex D, Investigations, Sections II.D., paras. 19-23 (Field Investigations); II.D, paras. 19-23 (Investigations of Alleged Use of BW); III.D, paras. 20-42 (Facility Investigations); III.D, paras. 20-35 (Investigations of Any Other Alleged Breach of Obligations Under the Provisions of the Convention).

29. CWC, Verification Annex, pt. X.C, paras. 46-52.

30. Rolling Text, Annex D.I., paras. 51-52.

31. Id., para. 21.

32. Id.

33. Id., para. 23.

34. Id. ("The authority to waive the immunity of the Organization from the execution of judgement shall be vested with the Conference.").

35. Id., para. 25.

36. Id., para. 53. The phrase "in accordance with the relevant rules laid down in international law" is ambiguous because it is not clear whether it refers to rules laid down in the BWC Protocol, other applicable treaties, or customary international law.

37. Id., art. IV, para. 1. Annex E also contains the "need-to-know" principle. See id., Annex E, para. 1.

38. Id., art. IV, para. 2.

39. Id., para. 3.

40. Id., para. 4. Annex E is intended to lay out principles for the OPBTW confidentiality regime because it contains provisions on the confidentiality regime (paras. 2-4), the establishment of a classification system (paras. 5-6), criteria for confidentiality (para. 7), obligations for handling confidential information (paras. 8-10), obligations for intended release of confidential information (paras. 11-12), and handling of sensitive information on the premises of States Parties (para. 13).

41. Id., art. IV, para. 5.

42. Id., para. 6. Article IV.7 requires the Conference of the States Parties to set up the BW Confidentiality Commission at its first session. Id., para. 7.

43. PhRMA, supra note 6.

44. Id.

45. See Confidentiality Can Be Protected During Sampling and Analysis in a BWC Compliance Regime, FAS Working Group, September 1997; Sampling and Analysis of Proprietary Microorganisms while Protecting Confidential Proprietary Information, FAS Working Group, December 1995. See alsoLynn C. Klotz, Countermeasures for Possible Evasion Scenarios in Sampling and Analysis under a BWC Compliance Regime and other papers in The Utility of Sampling and Analysis for Compliance Monitoring of the BWC (J.B. Tucker ed., Proceedings of a Workshop held in Washington, D.C., Oct. 7-8, 1996) (Lawrence Livermore National Laboratory, University of California, 1997), and J.B. Tucker, Introduction, in Inspection Procedures for BWC Compliance Monitoring (J.B. Tucker ed., Proceedings of a Workshop held in Livermore, California, May 29-30, 1997 sponsored by the Monterey Institute for International Studies and the Lawrence Livermore National Laboratory)( in press) .

46. Portable analytical equipment of appropriate types and some of the necessary reagents have been developed; other reagents could be developed readily. In five years or so, still more rapid and convenient analytical methods will be available for on-site use.

47. This instrument would not have legal status or effect in either national or international law. The idea is to have private enterprises publicly declare that they will support the BWC Protocol in their day-to-day operations. For the OPBTW confidentiality rules to work effectively, not only governments but also private enterprises have to behave appropriately. An instrument between private enterprises would be a powerful step to creating the appropriate private sector environment that opposes companies actively encouraging, or attempting to profit from, unauthorized disclosures of confidential information.

48. "[Investigators shall, in accordance with the relevant rules laid down in international law, be liable to physical or juridical persons for any intentional or accidental damage resulting from unlawful actions on their part, including the leaking of confidential information that becomes known to them in the course of investigation work.]" Rolling Text, Annex D.I.E, para. 53.

49. "[5. Without prejudice to the privileges and immunities to be accorded pursuant to this Protocol, the Organization, the Director-General of [the Technical Secretariat], investigators and investigation assistants or other staff members of [the Technical Secretariat] shall, in accordance with the applicable laws specified in the private international law of the State of the forum, be liable to the natural or legal persons for any damages caused by the Director-General of [the Technical Secretariat], the investigators and investigation assistants or other staff members of [the Technical Secretariat] through unauthorized disclosure of confidential information coming to their knowledge in connection with the implementation of the Protocol."] Id., art. IV, para. 5.

50. Id., Annex D.I.C, paras. 18-24.

51. A state in which an organization or individual stole or otherwise misappropriated confidential information from a private enterprise while within the territory of that state would be subject to that state's jurisdiction to prescribe, adjudicate, and enforce laws protecting confidential information under customary international law. See Restatement (Third) of the Foreign Relations Law of the United States, 402(1)(a) (jurisdiction to prescribe); 421(2)(j) (jurisdiction to adjudicate); and 431 (jurisdiction to enforce). If the misappropriation occurred outside the territory of the state in which the private enterprise was resident, then the state would still have jurisdiction to prescribe, adjudicate, and enforce laws protecting confidential information under the "effects doctrine" in customary international law, which holds that a state can take jurisdiction over activities taking place outside its territory if such activities have or are intended to have substantial effect with its territory. See id. 402(1)(c); 421(2)(j); and 431(1) and (3).

52. Rolling Text, Annex D.I.C, para. 25.

53. Id., art. IV, para. 6.

54. CWC, Confidentiality Annex, D.23.

55. Article XII of the Rolling Text--the other option in the proposed language--involves only disputes between two or more States Parties, or between one or more States Parties and the BWO. Rolling Text, art. XII.2. Article XII of the Rolling Text is similar to an analogous provision in the CWC. CWC, art. XIV.