Slashdot Mirror
Leaked TISA Documents Reveal Privacy Threat
schwit1 writes with some Wikileaks-enabled news at Forbes about the Trade in Services Agreement, a treaty currently under negotiation between the U.S., the European Union and nearly two dozen other parties. Wikileaks' release of 17 documents from the negotiating countries puts some bad light on some of the provisions being considered: From the Forbes report: Under the draft provisions of the latest trade deal to be leaked by Wikileaks, countries could be barred from trying to control where their citizens' personal data is held or whether it's accessible from outside the country. ... These negotiating texts are supposed to remain secret for five years after TISA is finalized and brought into force. Like TTIP and TPP, TISA could be sped through Congress using Trade Promotion Authority (TPA), also known as fast-track authority, which has been passed by the US Senate and may be taken up in the House this month. Under TPA, Congress is barred from making amendments to the trade deals, and most simply give yes-or-no approval.
"countries could be barred from trying to control where their citizens' personal data is held or whether it's accessible from outside the country"
The businesses pushing for this are the same businesses that are going to throw a fit when this affects them.
I don't have any trust in those agreements. What can I do about it in my "democracy"?
Is anyone the least bit surprised that these so-called trade deals have nothing to do with business? Hell, I bet there's something in there making transfer pricing explicitly legal for all time too.
On principle alone, Congress should never cede power to the Executive or Judicial Branches.
And this bullshit just shows the practical pitfalls of abdicating your responsibilities to someone else.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
For the 'most transparent administration in history.' Mr. Obama wants to bring the US down and he is doing a damn good job of that.
Come on guys, Obama is the son of god. He can do no harm! Sure, he keeps this secret from the public (like so many other policies). Sure, the mainstream press ignores it and totes his lines as they're told. He's god, he's allowed to do this!
I imagine this comment alone will be attacked by his brown shirt wearing supporters here and rated down. I should have known better than to insult the anointed one of millennials and mooks alike.
How much do you want this is at the request of America so that a) their security spying can access everything, and b) so that companies like Microsoft can't be told what they can do.
I'm so sick and tired of government officials signing away our rights under the table.
It should be a criminal offense to have secret treaties which impact our rights.
This is to benefit US spying interests, and corporations. Neither of which is a sensible reason to sign away our fucking rights.
Lost at C:>. Found at C.
Whatever the content of the treaty the fact that TPA is just standard procedure. You can't hammer out an agreement between multiple different countries only for a national legislature to take issue with a single concession that was won by another country and agreed to by the delegates. The negotiators are there to get the best possible deal for their country. Congress then gets to decide whether or not the deal is good enough, they can't unilaterally renegotiate it.
This actually prevents countries from spying on their own citizens. Countries try to keep the data local so they can control it. Yes, it can open the door wider to external surveillance, but it puts the data under the user's control, not the government.
Mostly this all to prevent Kim DotComs popping up all over the place. From the DMCA onwards, all trade agreements have been heavy on IP and copyright
protections and including provision to help circumvent silly local laws (ie. sensible non-draconian laws).
Piracy is the turnip from which they hope to squeeze more blood.
And yes, the Dems have been heavy into this. Thanks Obama! But that's mainly because Democrats are known for diplomacy where as Republicans are known for war mongering,
Sorry GOPS, if you want to change that, try not to go to war every time you get in office. Because it's hard to find someone to sign a trade agreement while you carpet bomb them.
There are several countries that mandate personal information be stored within that country. Russia's recent rules for 2016 come to mind. These countries as a rule do not make up a list of the most liberal or free countries in the world. Mandating the servers be stored locally in that country ensures that governments access to them if they want. While I am a staunch libertarian and republican and I probably wouldn't be in favor of this rule I don't know that it is fair to paint the Obama administration as the villain because of this. Now, the entire secrecy thing and the fact that this isn't going to congress yeah they definitely in the wrong there.
Dear Rest of World,
You will allow American technology companies to do whatever the hell they want with your data and make billions, oh, and fuck you too.
Kindest Regards,
TISA.
This allows companies and private citizens in partner countries to utilize data services in other countries. This prevents what the EU is currently doing, which requires that all personal data of EU citizens be stored within the EU.
How is that bad?
Every single political science should have this subject in their curriculum. It just makes me wonder of the remaining, confidential arsenal most democratic states use to fight democracy in such efficient ways. Humanity really has a tendency for hypocrisy.
I am a European, and I'd like to keep my data within the EU, thank you very much.
US companies have proved, time and again, they cannot be trusted with such simple concepts as "personal privacy".
hey dumbass
"Special precautions need to be taken when personal data is transferred to countries outside the EEA that do not provide EU-standard data protection"
"Whereas the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy"
http://eur-lex.europa.eu/LexUr...
Not true.
The EU has similar rules. Data cannot leave or be processed outside the country without SOMEONE in the EU taking the fall for allowing it to happen should something go wrong.
EU data protection is pretty hard. Google, Microsoft etc. provide guarantees to EU governments that school data on their apps (e.g. Google Apps for Education/Government etc.) are never stored nor transmitted to non-EU datacentres. I know, because as part of my job, I have a legal duty to check that this is the case of any company I hand our pupil's data off to.
Just because we don't want US noses in our data doesn't mean we're being malicious. It just means we have a set of rules and if you're not prepared to follow those rules, you can't have our data. Rules like "We have a right to see the data stored on ourselves", "We have the right to correct that information if it's incorrect", "We have a right to know what's happening to our data and who processes it and for what purpose" and so on.
There's a reason that I cannot allow use of Apple iCloud on-site. Apple refuse to provide such guarantees. Therefore their cloud service is dead to us (for many other reasons as well, but that's just Apple). There's a reason that I cannot use a software supplier from Sri Lanka who wants our business - because they can't provide the correct guarantees of our data and thus I personally, can be held *LEGALLY* liable if they take our data and some of it leaks out (for the purposes of the EU data protection laws, leak of any personally-identifiable information can result in fines and prosecution with personal liability - personally-identifiable information might be, say, one name with, say, one date-of-birth. Game over).
Sorry, but there's a reason that Dropbox, Twitter, Facebook, Google, Microsoft and everyone else has an Irish datacenter - they have to control and process UK and EU user's data within the EU, according to strict laws, or risk enormous fines. The US divisions "demanding" access to the EU data is the impetus of the last year to separate the companies geographically so they can legally comply with EU regulations and not have to give data to the overbearing demands of the US court system that has no such jurisdiction.
We protect our data. Just because you don't, that doesn't make us terrorists or police states. In fact, it skews towards the exact opposite.
I can easily store your personal data in the EU utilizing US companies. Please don't let your blind prejudices inconvenience others.
Isn't it more of a threat that a government can force me to store my data in particular places?
This is about offshoring jobs. Changing these rules will mean millions of data center jobs can finally be move to India where the labor is cheap and benefits don't exist
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Calling someone a pejorative before outlining your argument is a major debating faux pas. Especially when you don't even touch on the opposite party's points.
This would give you the freedom to choose. If you feel that the EU's data privacy laws are stronger, store your data here. If you don't care, store them elsewhere.
The point is, if you live in Estonia, you won't be limited to the two hosting companies in Estonia. You have a choice of world-class international data services.
seriously. NO.
+10, If I had mod points you'd get one.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Forget about your privacy... this is bigger. A year or two ago, the UK decided against going to the Cloud, because they could not be guaranteed that UK government data would stay on UK soil. If I read that correctly... for Americans, how'd you feel about the Pentagon, or your doctor, having to use data services in, say, India or China, or eastern Europe?
mark
In the US, we have really crappy protection for our data in the first place, and I don't see that this treaty would affect that. It would affect many other countries, who shouldn't rely on the US Senate to protect themselves. The European Union should be getting those provisions removed, as they are clearly against many of the protections in EU member states, if not the the whole EU.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
He's a troll. He's being sarcastic. That should be painfully obvious, but there are so many aspies around here that it's probably not.
Why is it still illegal to shoot politicians? Only because they're the ones making the laws, I guess.
I cannot fathom anyone really being opposed to the idea. Unless of course he'd be affected.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Under the draft provisions of the latest trade deal to be leaked by Wikileaks, countries could be barred from trying to control where their citizens' personal data is held or whether it's accessible from outside the country. ... These negotiating texts are supposed to remain secret for five years after TISA is finalized and brought into force (1). Like TTIP and TPP, TISA could be sped through Congress using Trade Promotion Authority (TPA), also known as fast-track authority, which has been passed by the US Senate and may be taken up in the House this month. Under TPA, Congress is barred from making amendments to the trade deals, and most simply give yes-or-no approval. (2)
1. How is that supposed to work if no one knows about it?
I assume that the companies doing business would be "business as usual", and the country's governments being bullied by the agreement just wouldn't be able to say they want their citizens' data store within borders. Which sounds ok for me, being in the US, but sounds pretty shitty for them...but that sounds like "business as usual" from what I hear.
2. Congress should always be barred from adding amendments that have nothing to do with the bill. Something related I'm good with, but an amendment to spend money studying ducks in Arkansas on a bill to build a bridge in Massachusetts is bologna.
I refuse to sign
I want half of the bits in my Dropbox stored in the US, and the other half in the EU, in such a way that neither can read my files.
The fact that they have some of the most favorable corporate tax laws allowing them to shield billions from US taxes by setting up a nexus there I'm sure has nothing to do with it.
You're absolutely right, it has nothing to do with it. You don't need to set up a datacenter in Ireland to take advantage of the tax laws there - one accountant is probably enough.
The Irish datacenter is to keep data in the EU, as required by EU law, and out of the grubby paws of the NSA. I wholeheartedly approve.
Not really, the point was protectionism, to try to keep these companies taxable in Europe. Accountability is a nice way to sell it, but it's all about money and power for European oligarchs who are no less corrupt than ours.
So is this the "Change we can believe in"?
And no, I'm not making fun on democrats. I'm making fun of anyone that thinks their party cares about them or their country at all.
So the FedGov is going to give preferential trade agreements that help other economies at the expense of the US economy in exchange for more spying ability. Its almost like a supervillian is running the intelligence agencies and has the rest of the government blackmailed to get all the data in the world under his control.
You are looking for an All-Or-Nothing Transform. If you are technically inclined, it's not too hard to whip this up for yourself. OTOH, you are implementing a cryptographic protocol, so, you shouldn't be using it for anything more serious than entertainment and education. You would need a service in the US and a service in, say, Ireland, though.
You could also just use split on an encrypted archive, but that might take all the fun out of it.
"Your ICE designated status is now a 'terrorist' for arguing against US interests at this very second. The classification will stay until proven innocent regardless of US interests at the following second. "
"No Party may require a service supplier, as a condition for supplying a service or investing in its territory, to: (a) use computing facilities located in the Party’s territory."
So my reasoning for not using your USA located computing facilities is not because the are in the USA, it is because you can not grantee the level of data security I require at that facility. The fact that this happens to be because the facility is located in a particular territory with stupid laws - relevant but NOT the end reason I'm refusing to deal with it. The reason is security requirements I have, not physical location. Not a problem?
Not quite. The EU data protection rules apply to companies operating within the EU. They don't apply if, e.g., an EU citizen voluntarily gives their data to a US company.
What the rules say is that a country can't try to enforce its rules against a company based in another country. That's all. The EU data protection rules would not be affected: they would continue to apply to companies based in the EU, or advertising services as complying with EU law on this subject, and they would continue not to apply to companies that don't do this. No change there.
The Russian law is something quite different, and like most Russian laws, wholly evil.