Electronic Frontier Foundation | 5 November 2015
Release of the full TPP text after five years of secrecy confirms threats to users’ rights
By Jeremy Malcolm and Maira Sutton
Trade offices involved in negotiating the Trans-Pacific Partnership (TPP) agreement have finally released all 30 chapters of the trade deal today, a month after announcing the conclusion of the deal in Atlanta. Some of the more dangerous threats to the public’s rights to free expression, access to knowledge, and privacy online are contained in the copyright provisions in the Intellectual Property (IP) chapter, which we analyzed based on the final version leaked by Wikileaks two weeks ago and which are unchanged in the final release. Now that the entire agreement is published, we can see how other chapters of the agreement contain further harmful rules that undermine our rights online and over our digital devices and content.
The most shocking revelation from today’s release is how the TPP’s Investment chapter defines "intellectual property" as an asset that can be subject to the investor-state dispute settlement (ISDS) process. What this means is that companies could sue any of the TPP nations for introducing rules that they allege harm their right to exploit their copyright interests—such as new rights to use copyrighted works for some public interest purpose. A good example of this might be a country wishing to limit civil penalties for copyright infringement of orphan works, which are works whose authors are deceased or are nowhere to be found.
While it was earlier rumored that IP disputes may have been excluded from the ISDS process, or at least that there might be some safeguards included, the Investment chapter reinforces our fear that new, democratically-decided user protections within copyright can be attacked by an ISDS challenge. This is far from just a hypothetical threat. A good example of just how far companies might go in enforcing their claimed rights using ISDS is the claim brought by Philip Morris against Australia under a similar free trade agreement, alleging that its trademark rights were infringed by the country’s cigarette plain packaging laws. This ISDS mechanism can be characterized as a tool for private industry to directly undermine democracy and any public interest rule.
Electronic Commerce Chapter
Second to the IP chapter and sweeping menace that is the Investment chapter, the E-Commerce chapter has the next most serious ramifications for users, and it mirrors the same chapter of the Trade in Services Agreement (TISA) in many ways.
The supposed benefit of this chapter most touted by big tech companies is that it restricts the use of data localization laws, which are laws that require companies to host servers within a country’s borders, or prohibit them from transferring certain data overseas (in Articles 14.11 and 14.13). Although we generally agree that data localization is an ineffective approach to the protection of personal data, a trade agreement is the wrong place for a sweeping prohibition of such practices. For particularly sensitive user data, regulating cross-border transfer of that data or its storage on vulnerable overseas servers may be a valid policy option. The E-Commerce chapter does not prohibit recourse to this option altogether, but imposes a strict test that such measures must not amount to “arbitrary or unjustifiable discrimination or a disguised restriction on trade”—a test that would be applied by an investment court, not by a data protection authority or human rights tribunal.
This prioritization of trade interests over privacy rights pervades the rest of the chapter also. For example, Article 14.8 on Personal Information Protection contains a footnote providing that "a Party may comply with the obligation in this paragraph by ... laws that provide for the enforcement of voluntary undertakings by enterprises relating to privacy." In other words, it is perfectly okay for countries to allow online advertising networks and data brokers to write their own rules for personal data protection, provided that the law holds them to these weak and self-serving standards. To characterize this as establishing any standard of data protection at all for the TPP countries is laughable; on the contrary, it legitimizes the lack of effective protection and fails to raise the bar even an inch.
Worse than that, paragraph 5 of Article 14.8 goes further by encouraging the parties to develop mechanisms to promote compatibility between their various privacy and data protection regimes. What this means is that parties with comprehensive personal data protection laws are encouraged to treat the weak, voluntary arrangements of other parties as in some way equivalent to their own, in order to streamline the exchange of data by these parties across borders. This is the same approach that was embodied in the EU-US Safe Harbor Agreement, that was thrown out by the European Court of Justice this month.
Similarly, the provision on net neutrality in Article 14.10 is so weak as to be meaningless. Rather than establishing any sort of enforceable obligation, the parties merely "recognise the benefits" of the access and use of services and applications of a consumer’s choice, the connection of end-user devices of the consumer’s choice, and the availability of information on network management practices. To the extent that the TPP countries can falsely point to this provision as "addressing" net neutrality, it may actually impede the development of stronger, more meaningful global standards.
The provision on spam control in Article 14.14 is similarly empty. It requires "measures regarding unsolicited commercial electronic messages" to be taken, but offers the weakest possible guidance on what these should be. The measures may include requirements on suppliers to allow users to opt out from receipt of messages, or require opt-in consent, or… "otherwise provide for the minimisation" of such messages. In sum, then, by backing away from a meaningful commitment to do anything, it requires nothing substantive at all. If anything, this is a signal that trade agreements are really not a useful venue for addressing the spam problem.
Article 14.17 prohibits countries from requiring the disclosure of source code of mass-market software or products containing such software. This cuts off one possible avenue that, to take one example, has recently been proposed to the U.S. Federal Communications Commission for addressing the dire state of security in consumer-level routers by a panel of 260 cybersecurity experts. This could also inhibit countries from addressing other software security incidents for which access to the source code of the software is required.
Reminiscent of the E-Commerce chapter, Article 13.4 of the Telecommunications Chapter effectively establishes a hierarchy of interests between unfettered trade in telecommunications services (which is prioritized first, in paragraph 3) and measures to protect the security and confidentiality of messages and to protect the privacy of personal data of end-users (which is placed second, in paragraph 4). The subordination of security and privacy interests of users to the commercial interests of business is established by the fact that the former are only allowed to be taken into account if it can be established that they are not "a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade in services."
This is completely backward. There is no value in having telecommunications services if they do not protect the privacy and security of end users; in fact, such services can be positively harmful, causing serious human rights infringements of users. In any other context, human rights would trump commercial considerations—in fact, this would go entirely without saying—but in the topsy-turvy world of trade negotiations, it’s the other way around.
The timing of this official release of the text feels somewhat fishy. The White House seems to be complying with the text disclosure requirements in the Fast Track trade bill that passed this summer, which obliges them to release the entire agreement online 30 days after submitting to Congress the President’s intent to sign the deal. Only after 60 days from the release (so a full 90 days from submitting the deal for signature) can Obama sign the deal, to then put the agreement before Congress for ratification.
So far no one has indicated that the White House has declared their intent to sign. If they truly haven’t, it means that there’s still at least three months before Obama can officially sign the agreement. But given how underhanded this administration has been about the TPP all of these years, we have reason to be suspicious, and we fear that they could be surreptitiously moving ahead with the Fast Track trade approval process.
Now that we finally have the final text of this agreement, we’ll be digging deeper into the implications of this sprawling agreement in the days and weeks to come. However, if there’s one thing we can take away from this, it’s that the TPP’s secretive, lobbyist-controlled policymaking process has led to a deal that upholds corporate rights and interests at the direct expense of all of our digital rights. We’re going to do all we can to ensure this agreement never gets ratified by the United States Congress or any other country that is a party to this deal. To do so, government officials need to hear from us loud and clear that we won’t stand by and let them trade away our rights to powerful multinational corporations.
If you’re in the Washington DC area, please join us to protest against the TPP and other secret trade deals in the Capitol on November 16 and 17.