Digital rights advocates are mobilizing against a sweeping Asia-Pacific trade deal.
The White House says the pact will be a valuable tool to combat cyber theft, but critics say it could actually hamper cybersecurity and erode critical privacy protections worldwide.
After weeks of anticipation, the Obama administration on Thursday finally released the full text of the Trans-Pacific Partnership (TPP), a free-trade agreement between 12 Pacific Rim nations.
{mosads}The deal, which would encompass 40 percent of the global economy, is widely viewed as a foundation for future international rules to protect corporate secrets and secure customers’ personal data.
Notably, it could also put economic pressure on China to rein in its alleged massive commercial digital espionage campaign, as Beijing shows interest in someday joining the TPP.
Numerous security researchers and digital privacy groups warn, though, that the trade pact’s rules, if adopted globally, could actually make consumer data more vulnerable to hackers and government spies.
They worry that widely touted provisions encouraging the TPP countries to allow the free flow of data between borders may allow them to skirt privacy safeguards needed to secure that information.
“We don’t want to see the Internet become balkanized,” said Maira Sutton, a global policy analyst at the Electronic Frontier Foundation, a digital rights advocate.
“But having these discussions decided in a trade agreement is exactly the wrong place to do it. There’s been no security researchers at the table, no public interest groups that have been following this for a long time,” she added.
“Trade agreements are not the place to decide digital policy.”
The disagreement centers on several specific chapters in the deal, including one on intellectual property (IP) and another on e-commerce.
TPP supporters are citing provisions in the IP chapter that they say give countries the legal means to crack down on commercial espionage. The deal would require TPP countries to put serious laws on the books to punish cyber thieves, they say.
By various estimates, corporate hacking is costing U.S. businesses hundreds of millions of dollars each year, making it one of the biggest threats to global economic competitiveness.
“Insofar as the twelve members of the TPP are concerned, [the deal] will provide mechanisms that will encourage better security and better protection for corporate data,” said Christopher Swift, a former official with the Treasury Department Office of Foreign Assets Control and current national security professor at Georgetown University.
“The protections are broad and significant and will have some real commercial value,” he added.
The e-commerce chapter also includes provisions to battle the cyber crime that has ravaged companies in all corners of the economy.
In the last two years, hackers have infiltrated major retailers, banks, health insurers, telecom companies and broadband providers, exposing sensitive data on hundreds of millions of Americans.
The e-commerce language “encourages cooperation on policies regarding personal information protection,” the White House said in a summary, “especially given the rise of cyber-attacks and the global diffusion of malware.”
Hours after the deal was released, Sen. Ron Wyden (D-Ore.) latched onto “a number of positive steps for the digital marketplace” in the e-commerce chapter.
As the top Democrat on the Senate Finance Committee and a leading Capitol Hill voice on tech and digital privacy issues, Wyden will play a major role in the debate over the trade deal in the coming months. Congress has at least 90 days to review the TPP before voting on it.
Wyden pointed to sections that require TPP adherents to shuttle data freely across borders. Another section combats “forced localization of data,” he said
Allowing data to move globally “has been hugely important, as you know, to the tech sector, because so many of the countries that we have dealt with have said, ‘Well what you’re going to have to do is put your servers in our country,’” Wyden told reporters.
“This gives us more tools to deal with that,” he added.
But EFF’s Sutton warned these tools could have a detrimental effect on digital privacy and security. The TPP language could push countries to prioritize the free-flow of information at the expense of privacy mechanisms when considering new regulations or legislation.
“Those [privacy] considerations may get trumped by the overarching argument that the free flow of information is more important,” she said.
Some also question the extent to which the deal will actually cut down on the cyber theft companies face.
Supporters of the deal believe expanding the number of countries with a baseline level of IP protection will help create a global norm that other countries will have to follow to conduct trade.
In particular, some policy experts say, the deal could build on a recent U.S.-China agreement to halt hacks on private companies.
Even though China is not a part of the TPP, it will “have to live in a TPP world, where its neighbors are offering … stronger intellectual property rights protections, protections against trade secret theft, disciplines on state-owned enterprises, free and open internet,” U.S. Trade Representative Michael Froman in an October conference call.
“That means that China is going to have to up its game and raise its bar in order to compete in that world.”
For others, this is wishful thinking.
“If [TPP] has effects in terms of what China does in terms of cybersecurity, they’re going to be indirect and ancillary,” Swift told The Hill.
Swift is more cautious about the agreement’s ability to curb malicious cyber theft, noting that much of the threat originates outside of the 12-nation bloc that makes up the proposed pact.
Those threats, he said, “come from China, Russia and Iran, in that order.”
The deal, Swift said, will help boost digital protections in the 11 other countries it does cover — Australia, Canada, Japan, Malaysia, Mexico, Peru, Vietnam, Brunei, Chile, New Zealand and Singapore — but those countries are already toeing the line.
“I’m not worried about Brunei hacking into Lockheed Martin,” he said.