Electronic Frontier Fondation | 27 August 2015
TISA and tech’s double standards on secret government Internet deals
The stash of previously-secret correspondence about the Trade In Services Agreement (TISA) that EFF obtained and published this week speaks volumes about the extent to which technology companies such as IBM and Google, and trade lobby groups such as the Computer and Communications Industry Association (CCIA) and Internet Digital Economy Alliance (IDEA), have bought into the dangerous idea that trade agreements should be used to govern the Internet.
In the 124 pages of documents that we obtained under the Freedom of Information Act (FOIA), industry groups assert that trade agreements can “maximise the economic potential of data in the networked economy and support the Internet as the world’s trading platform”, and “significantly boost the growth prospects for this vital sector of the global economy.” Sadly missing, however, are demands for improved transparency or for the exclusion of Internet-related issues that have little to do with "trade" such as net neutrality and personal data protection.
Perhaps we should not be surprised by the complicity of some tech companies in the ongoing mission-creep of trade negotiations, given their earlier support for Fast Track Authority, which cleared the way not only for TISA but also for other agreements that threaten user rights, such as the Trans-Pacific Partnership (TPP) and the Trans-Atlantic Trade and Investment Partnership (TTIP).
Comparing TISA with WCIT
But in fact we are surprised. These companies seem to to be taking a remarkably relaxed attitude towards a closed-door process in which governments could rewrite the rules for information flows on the global Internet. It also marks a stark contrast with their attitude towards another process that could have been described in almost identical terms—the 2012 World Conference of International Telecommunication (WCIT) of the International Telecommunications Union (ITU). As you may recall, tech companies joined EFF and thousand of other organizations from around the world in a massive uprising against the secretive WCIT negotiations over revisions to an ITU treaty called the International Telecommunication Regulations (ITRs). Google was amongst the tech companies leading this charge, launching its own campaign that warned of the dire consequences of allowing governments to make decisions that would affect the Internet:
Not only companies, but politicians too were up in arms at the prospect of ITU rulemaking for the Internet. The European Parliament decried “the lack of transparency and inclusiveness surrounding the negotiations”, and the U.S. Congress, in a joint resolution of the Senate and House in 2012, declared that it is “the consistent and unequivocal policy of the United States to promote a global Internet free from government control and to preserve and advance the successful multistakeholder model that governs the Internet today.”
And yet, as unrepresentative and opaque as the ITU/WCIT deliberations were, they still possess features that trade agreements like TISA lack. Input documents were visible; negotiating sessions were public and webcast, and documents were available without draconian non-disclosure obligations.
In the ITU debate, an alliance of governments, companies and public interest groups united to express our distrust of a closed process for deciding the future of the Internet. With TISA and trade agreement in general, by contrast, it appears that some of those same parties have traded away concerns over process for a seat at the table.
Rules on Cross-Border Information Flows
TISA contains many provisions in its Telecommunications and Electronic Commerce chapters that could significantly impact the Internet. The two major provisions for which tech companies are angling are rules that would prohibit countries from adopting mandates for sensitive data to be hosted locally, and rules prohibiting countries from placing limits on cross-border information flows—including flows of personal data.
An example of the former is the proposal that Germany announced last week for the creation of a local cloud or "Bundescloud" for federal government data, that would secure data against foreign disclosure orders or wiretapping authorities, such as the National Security Letters that could issue if it were hosted in the United States.
Local hosting mandates are an ineffective kludge for ensuring the security of sensitive data, and strong, end-to-end encryption and distributed, decentralized solutions provide a better defence. However, a flat-out prohibition of local hosting mandates is a radical measure that could quash the cases in which such measures may be justified—perhaps, say, for electoral systems or official ID records.
The same is true for rules on cross-border information flows. America’s largely self-regulatory regime for privacy and data protection is notoriously weak compared to those of some of its trading partners, particularly the European Union. Rules that would require countries with strong data protection regimes to export user data to countries with weak regimes without adequate safeguards in place to maintain the security of that data, are a recipe for a privacy meltdown. TISA does allow some privacy safeguards to be maintained, but opens the door for argument about whether these are “arbitrary or unjustifiable”.
These are not the only Internet-related provisions that we believe to be in TISA. Based on the most recent leaked text published this July, there are also provisions (as covered in our previous analyses):
Adopting a “lowest common denominator” on net neutrality, including an undefined exception allowing discrimination for “reasonable network management”.
Requiring telecommunications operators to provide access to fibre-optic cables or landing facilities to all comers, including foreign intelligence agencies.
Controls and international standards for anti-spam legislation, based on flawed national models.
Prohibiting countries from making obligations on the availability or licensing of source code (except in critical infrastructure), even if this is intended as a security measure, or to improve government transparency and accountability.
Oh, When We Said Governments, We Meant Other Governments
Whatever happened to “the consistent and unequivocal policy of the United States to promote a global Internet free from government control”? How do secretly-negotiated global rules on net neutrality square with the European Parliament’s edict that no “centralised international institution [should] assert regulatory authority over … internet governance or internet traffic flows”? Where is Google’s campaign over the fact that “engineers, companies, and people that build and use the web have no vote” on TISA?
The answer, we fear, is that lobbyists and political power brokers feel comfortable that they have the TISA negotiations under their control. As IBM puts it a communication found in the document stash that EFF released this week, “the US and the EU ... are in the best position to define the rules of the road necessary to protect the world’s vital governmental, environmental and societal interests”.
This paternalistic observation, coming from a company that facilitated the South African apartheitregime while the U.S. government looked on, offers little comfort. When it comes to crafting Internet rules that protect users, the representatives from the United States and the European Union are not so trustworthy that we should entrust them with setting the rules of the road for the Internet, without transparency, oversight and other democratic checks and balances.
Nor do these states seem as interested in loosening their control over these processes as other nations. Amongst the countries excluded from TISA, Brazil crafted its Marco Civil da Internet in an open, multi-stakeholder process, Similarly the Philippines crowdsourced the drafting of a Magna Carta for the Internet that included some powerful principles.
These are the kinds of processes, and the kinds of documents resulting from them, that at least nod to the openness we need for a legitimate debate about the future of the Internet. It’s notable that it is the world’s developing countries, rather than the U.S. and EU trade ministries who are at the forefront of innovating such processes. These initiatives at least point the way towards alternatives to trade negotiations in answer to pressures for global coordination of the development of Internet rules and policies.
In contrast, closed-door, secretive intergovernmental trade negotiations — the kind we are seeing in TISA — are no way to craft rules for the Internet, no matter how well-intentioned the trade negotiators and their privileged business advisors may be. There are simply too many valid interests, perspectives and critiques that are unavailable to them in such an opaque and captured process, inevitably resulting in a flawed and one-sided document. Far from being the kind of open governance innovation that the Internet deserves, TISA is a remnant of an outmoded approach. Tech companies should refuse to validate and encourage the expansion of these secretive processes to cover key Internet issues.