Can you trust other countries to store your data? You might have to.
President Obama is trying to win “fast track” authority from Congress to negotiate enormous trade deals. Fast track means that whatever deal Obama cuts with the world’s nations, Congress must approve it or reject it on an up-or-down vote, without amendments. This “Trade Promotion Authority” has passed the Senate and will be taken up by the House later this month. The deal farthest along involves 11 countries in the Pacific Rim, called the Trans-Pacific Partnership, or TPP. Another trade agreement, with Europe, called TTIP, is also under negotiation and being considered for fast track, and isn’t nearly as complete. But there is one deal that is greater than all these.
This week, Wikileaks leaked 17 secret documents about a third trade deal, close to being agreed upon, called the Trade in Services Agreement, or TISA. As it sounds, it’s not about trading goods between countries, but rather services, which constitute an ever-greater share of the commerce between the U.S. and 50 trading partners in the EU and Asia. It’s a big deal, covering about 70% of the entire global services economy. The global services economy itself constitutes about 75% of America’s economic engine.
The problem with TISA, as it’s currently being negotiated, is that under its terms, America (and any other signatory nation) would be prohibited from controlling which nation stores your personal data. Let’s say you keep your medical records stored in the cloud with a Google application. Right now, your medical data has to be stored within the United States, with all its privacy protections. But under TISA, it won’t have to be. Google could outsource its data storage to, say, Pakistan, and you would have to rely on the government of Pakistan to protect your privacy. That ought to concern you.
The key language in TISA is this: “No Party may require a service supplier, as a condition for supplying a service or investing in its territory, to: (a) use computing facilities located in the Party’s territory.”
Your data, in other words, could be stored anywhere, and subject to any level of protection the host country believes it should have.
As Maira Sutton of the Electronic Frontier Foundation has previously noted:
Negotiators should be working to reconcile this tension between powerful private and public actors who may have conflicting stances on major human rights issues such as privacy and free expression.
That in turn, will require open public participation from a variety of stakeholders. By contrast, TISA’s language reflects the concerns of the internet industry, and not necessarily the interests of internet users as a whole.
But it’s not just medical data. It’s financial data, and any other kind of data. Perhaps you use the Quicken program to store all your family’s monetary information in the cloud. If the Intuit Corporation wants to store your data in Turkey, the Turkish government of President Tayyip Erdoğan will have the ultimate control over your banking, mortgage and tax information, and not the nation accountable to you.
But you weren’t to know this. This was all supposed to be secret, and upon completion, presented to the Congress on a fast-tracked up-or-down vote. We’ve entered the age where our data are inseparable from ourselves. Now, it seems, we might become inseparable from, perhaps, Pakistan.
Christopher S. Carson, a lawyer, is formerly with the American Enterprise Institute.