In the current negotiations of the Trans Pacific Partnership (TPP) Agreement involving Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, United States and Vietnam, the USA has made proposals in the Electronic Commerce chapter. The next round of TPP negotiations where this is likely to be discussed starts on 12 May, 2014 in Vietnam. Since the negotiations are secret, we only have news reports of what the USA has proposed. These include free flow of information across borders and no local server requirement.[1]
Countries may have a number of reasons why they want to keep sensitive data locally where it can be protected under their domestic privacy laws. This could be citizens’ taxation data,[2] healthcare records,[3] financial information, etc.
A number of countries already have rules to ensure that this information is kept in the country when it is stored by governments. For example Canadian provinces British Columbia and Nova Scotia require personal information in the custody of a public body to be stored and accessed only in Canada unless one of a few limited exceptions applies.[4]
The Australian government is worried that these U.S. proposals for free flow of information across borders and a ban on local server requirements could hamper its ability to uphold its national privacy laws and regulations for off-shored personal data.[5]
The USA is insisting on these proposals, despite the revelations by Edward Snowden of the extent of spying by the U.S. government.
NSA spying
Snowden’s leaked documents have shown that the U.S. government’s National Security Agency (NSA) has among other activities:
• Sent an agent to a technology company’s headquarters where they installed U.S. government software on to the company server and downloaded data from there for several weeks.[6] This would be facilitated if the servers are in the United States because other TPP countries cannot require them to be in their own countries – as the U.S. is seeking in the TPP.
• The PRISM program allows the intelligence services direct access to the servers of companies like Microsoft, Yahoo, Google, Facebook, Apple etc. to collect the content of communications including emails, files, stored data etc. of non-Americans.[7]
• Tapped into the links between the data centres of technology companies such as Microsoft, Google and Yahoo.[8] Another practice that is presumably facilitated by free flow of information and no local server requirements.
• Many other methods of spying.[9]
Use of personal data by private companies (big data)
There are also significant privacy concerns about the ways in which private companies use the personal data of TPP citizens. ‘Telephone companies involved with the NSA’s “bulk” data-collection program are expanding their own data gathering on the Internet and mobile devices as well. This information is used to create dossiers—online targeting profiles—on individuals. These personal digital records can reveal details on our financial status, health concerns, ethnicity/race, political interests, buying habits, and the technology we use.’[10]
See http://www.centerfordigitaldemocracy.org/sites/default/files/NSATTIPHandout1217.pdf for more examples.
Exceptions to the free flow of information requirement
Based on past U.S. free trade agreements, any exceptions the U.S. government will agree to are likely to be difficult to use and insufficient to protect the policies, laws and regulations that national or sub national governments may currently have or want to use in future.
CAP views that in the TPP, Malaysia should not agree to a requirement to have free flow of information across borders or a ban on requirements to have local servers. This is not because we are against freedom of information, which is something the public wants. On the contrary, it is because of our concern that in the guise of ‘free flow of information’, it facilitates any US government access to Malaysian citizens’ confidential data, thus violating our privacy. We urge the Malaysian government to seriously consider our concerns on the impingement of our privacy and other concerns raised earlier and hence withdraw from the TPP negotiations.
We believe that if Malaysia signs the TPPA it will lead to many negative effects that can be disastrous to the social and economic fabric of our country. Thus CAP calls on the Malaysian government to not sign the TPPA.
Press Release – 9 May 2014
[1] For example http://www.ustr.gov/about-us/press-office/blog/2013/march/tpp-21st-century-issues and Inside U.S. Trade – 08/23/2013.
[2] ‘Internet service companies would have to follow Brazilian privacy laws and the government may also decide to store sensitive data such as tax information within the country to protect it from foreign spies’ Brazil’s Internet Policy Secretary Virgilio Almeida told reporters, http://www.bloomberg.com/news/2013-09-17/facebook-google-face-brazil-storage-mandate-on-snowden-leak-1-.html.
[3] Eg http://www.theguardian.com/society/2014/jan/19/nhs-patient-data-available-companies-buy
[4] Something the U.S. government has complained about: http://www.ustr.gov/sites/default/files/2014%20NTE%20Report%20on%20FTB.pdf.
[5] Inside U.S. Trade – 08/23/2013.
[7] http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data
[8] http://www.theregister.co.uk/Print/2013/11/27/microsoft_encryption_nsa_spying/, http://www.theregister.co.uk/2013/10/31/nsa_and_uk_hacked_yahoo_and_google_data_center_interconnects_report
[9] For example http://arstechnica.com/information-technology/2013/12/inside-the-nsas-leaked-catalog-of-surveillance-magic/, http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
[10] http://www.centerfordigitaldemocracy.org/sites/default/files/NSATTIPHandout1217.pdf