The US wants to decide where your data is stored

The US wants to decide where your data is stored

In recent times we’ve had some wins for internet freedom and electronic privacy. The NSA had its surveillance powers curtailed significantly, Apple and Google enabled encryption by default and large companies have moved to block out surveillance by encrypting data center traffic.

That may all be undone, soon, if the US has its way with the secret ‘Trade in Services Agreement” (TISA) which is currently being negotiated. The agreement involves many countries. As well as the US, the European Union, Canada, Australia and 21 other nations are part of the process.

Wikileaks has revealed a tranche of documents related to TTIP, with drafts and additional notes on a wide ranging of issues including air traffic control, telecommunications and more. But the possibly the most concerning is the one related to e-commerce.

A section containing proposals from the US includes these two tidbits:

2.1: No Party may prevent a service supplier of another Party from transferring, accessing, processing or storing information, including personal information, within or outside the Party’s territory, where such activity is carried out in connection with the conduct of the service supplier’s.

9.1: No Party may require a service supplier, as a condition for supplying a service or investing in its territory, to: (a) use computing facilities located in the Party’s territory.

In short, these rules would disallow countries to set rules on where businesses must store data or host their services as well as removing the ability to control the flow of that user data.

Currently, the EU has fairly strict controls on what companies can do with citizens’ data and there are plans to require information to be stored on servers within Europe. Under the US proposal, those safeguards would be undone.

Giving businesses the freedom to choose where their servers are hosted isn’t necessarily bad, particularly when powerful entities such as the NSA are actively spying on services hosted in the US. Unfortunately, a total lack of restrictions could result in businesses loosely guarding your data against such adversaries.

Some countries, including Germany, are considering moves to require that business host data centers within their borders, and the EU as a whole has looked at measures to make transferring data off shore harder. That would be prevented by TTIP.

The EU had considered suspending its ‘safe harbour’ rules that allows European businesses to move and store data within the US in light of revelations on NSA spying, but again, such a move would also be disallowed if the TTIP were signed.

This idea, buried in a proposal that was meant to remain secret, is yet another example of the US attempting to exert control over how other countries regulate our data.

I hope other countries refuse to sign this restrictive agreement and look to provide data protections that keep their citizens safe from spying by the US and others. If they concede, they are signing away all their power to do that.

Image credit: Shutterstock

WikiLeaks releases secret TISA docs: The more evil sibling of TTIP and TPP on Ars Technica

Read next: The offensive Tweet