If You Care About Privacy, TISA Is the Latest Thing That Should Concern You

Last week, Wikileaks released a draft text from the negotiations of the Trade in Services Agreement (TISA), a 50-country trade deal currently under secret negotiation by Canadian authorities.

The leaked chapter deals specifically with trade in financial services. If it were passed as-is with US positions adopted, it would generally deregulate the financial sector worldwide, making it easier for large US and European players to expand into new markets while loosening restrictions on their activities. For some reason, negotiators seem to believe the world is still hungry for more of the credit default swaps and shit-tier repackaged mortgage securities that got us into such a big mess in 2008.

As if that's not distressing enough, the TISA could also undermine personal privacy. Tucked into the chapter is a section on cross-border data flows. As large banks and financial firms expand into country after country, private financial data is increasingly being aggregated into the cloud—most of which is actually located on servers in the US and Europe.

The US position on this issue, to nobody's surprise, argues for no restrictions on data flows.

"[US: Each Party shall allow a financial service supplier of another Party to transfer information in electronic or other form, into and out of its territory, for data processing where such processing is required in the financial service supplier's ordinary course of business.]"

This essentially means that it would be more affordable for US financial services to set up shop abroad, since they can avoid having to relocate servers and personnel if they don't want to. But it also has the secondary effect of discouraging states from passing their own data privacy laws, as Brazil recently attempted. Essentially, the US proposal is unconcerned with a country's right to try to protect its citizens' private data.

Why does this provision have privacy advocates worried? One reason is that the US is arguing for an unfettered right for financial firms to send data wherever they wish, overriding any privacy laws in countries where they operate.

In privacy terms, the practical effect of this rule would be kind of like throwing a bleating lamb into a crocodile habitat. No doubt, having all of this data head back to the Homeland would be attractive for the NSA. Although they likely have no part in driving negotiations, the results of this data provision would do plenty to carry on their creepy legacy of "total information awareness" and could expose even more of our personal information to their unreasonable surveillance.

Article X.18, proposed by the US and the EU, would seem to have us covered on this front:

"[Nothing in this Agreement shall be construed to require a Party to disclose information relating to the affairs and accounts of individual consumers or any confidential or proprietary information in the possession of public entities.]"

However, as with a lot of the text, this section is bracketed, which means it's still under negotiation. Also, as Wikileaks' analysis also points out, "the provision is negatively worded…[and] does not affect states' ability to require disclosure of information, presumably to the government, about individuals. It is not concerned with protecting personal privacy or preventing those who hold the personal data from abusing it for commercial or political purposes."

Moreover, we have yet to see the NSA or its Five Eyes partners like CSEC and GCHQ really operate with any care about normal rules or privacy considerations—if there is information moving from one point to another and they can intercept it, they very often will. This includes things like GCHQ's recent declaration that because social networking communications are hosted in the US and not the UK, they can be swept up and monitored without a warrant.

Even though it is unrealistic for countries to prevent all personal data from crossing borders in the name of protecting privacy, it's quite clear that providing carte blanche to increase data flows can't result in much more than an erosion of privacy and an increase in warrantless surveillance powers.

Canadians already have very little knowledge of what information is being collected about them by both public and private organizations, how long it's stored, and who it's shared with. But the more we learn, the less we're pleased with how things are going: a new poll, for example, showed that a full 73 percent of Canadians are opposed to the government's widely-condemned "cyberbullying" bill C-13, which would greatly expand warrantless disclosure of private information.

When three quarters of the country's population is now against the continuing erosion of our privacy rights, it's easy to wonder why the leaked text reveals no Canadian opposition to the provisions discussed above. Then again, the government is showing no signs of listening to that outcry, so perhaps we shouldn't be too surprised.

Both C-13 and TISA are alarming examples of the intersection of two trends: the privacy deficit and the democratic deficit. International trade agreements have always required some discretion in order to make deals, but the latest batch of them (TPP, TTIP, TISA) are much more opaque than their predecessors. As governments clamor to gobble up more data about citizens, they're simultaneously restricting access to decision-making processes that affect us all. While this inverse transparency may deliver some results in the short term, it's bound to hurt our democracy over time. "Trust us, this will be good for you," just isn't good enough when it comes to our basic civil liberties.

Chris Malmo is a donor relations coordinator at OpenMedia.

@chrismalmo