TiSA-Leaks: Fundamental rights shall be levered out for free trade – also in the internet

The free trade agreement TiSA is a danger for the internet. New leaks we publish in cooperation with Greenpeace show clearly that privacy, net neutrality and IT security are under threat. Moreover, the US want to privatize censorship. An overview of the most important issues.


Today we publish new TiSA documents in cooperation with Greenpeace which have been kept secret until now. The „Trade in Services Agreement“ is a proposed trade treaty for services between 23 Parties, including the EU and the United States.

The new leaks include the Annexes about Electronic Commerce and Telecommunications Services. Those will have a noticeable impact on net politics in the EU. They point to negative effects on data protection, net neutrality, freedom of speech and IT security.

If the EU does not manage to defend its positions and grovels to the interests of industry lobbyists it will become unreliable and show that it prefers trade to fundamental rights.

This article is the English version of „TiSA-Leaks im Überblick: Grundrechte sollen für den freien Handel ausgehebelt werden – auch im Internet“. A detailed analysis in German can be found in „Neue TiSA-Leaks: Handelsinteressen gehen vor Datenschutz, Netzneutralität und IT-Sicherheit“.

Civil society out, industry lobbyists in

The public is banned from the TiSA negotiations, information is only spread by official statements of the negotiating Parties. Those do not mention some of TiSA’s critical aspects. The public’s only comprehensive information sources are leaks that enable civil society to assess the effects of TiSA – before being presented with a fait accompli.

For industry lobbyists, the situation is different. Those are very close to the negotiators as shown in a leaked schedule of a TiSA meeting. In the context of this meeting, a US lobby group consisting of members like Facebook and IBM invited the negotiators to a reception at Microsoft.

Privacy shall not be a trade restriction

If a company’s business model is built upon the processing and sale of personal data, this company has a big interest in letting this data flow without being subject to strict data protection rules. With TiSA, the Parties may have their own regulatory requirements, but only as long as they do not impose restrictions on trade.

There would be no possibility to privilege European services over US services that have less data protection rules. The strongest initiative for this rule comes from the US that see their market domination in danger since the Snowden revelations, especially when European companies distinguished themselves by offering stronger data protection measures.

With TiSA in place, the negotiating Parties may no longer require service suppliers to store data of their citizens on the Party’s territory. If data of non-US citizens is stored in the US, they are served to US law enforcement agencies and secret services on a silver platter. This was one of the reasons why the Safe Harbor decision was declared invalid by the European Court of Justice.

Up to now, the EU did not bring in its own position towards data protection into the TiSA negotiations. Internal conflicts blocked the process of finding a joint position. While France is insisting that rules for data protection should not be part of TiSA, EU trade commissioner Cecilia Malmström presented her point of view on 17th November: „No data, no trade“.

US fight against strong net neutrality rules

Net neutrality rules could also be undermined by TiSA if the EU does not prevail. According to the documents, the EU wants to restrict network management to non-discriminatory and reasonable cases. But the US do not want the word ’non-discriminatory‘ in the text. That would open the possibility to offer special services and paid fast lanes in the internet.

Following the EU, net neutrality should not only be in place for the access to data but also for the distribution. Here again, there is resistance from the US. They obviously do not acknowledge that users should not only be consumers of internet services but also participate actively and distribute their own content.

Marketing spam: opt-in, opt-out or minimization?

Unsolicited marketing messages are a nuisance. There is consense among the TiSA Parties that spam has to be contained. In the future there will be the formalized possibilty to opt-out or opt-in to marketing messages.

But: It is still under debate if a third suggestion of the US will be included – qualifying the previous paragraph: The mere acknowledgement to provide for the minimization of unsolicited commercial messages – an elastic concept that might not result in a tangible improvement.

Interactive computer services shall be allowed to censor freely

The US tabled a whole new article about „Interactive Computer Services“. According to TiSA’s definition, this encompasses all services that „provide or enable electronic access by multiple users to a computer server“. These services and their users shall not be liable for the content they delete or block as long as they did not create it. They may make content inaccessible themselves if they assume it is „harmful or objectionable“.

This could be called privatization of censorship. The judgement over appropriate content is left to the service suppliers – a chance for Facebook to avoid future discussions about the deletion of content that depicts nudity. The platform has been heavily criticized for the deletion of the famous photograph „Napalm Girl“ – showing a naked girl running down a road after a napalm attack during the Vietnam War.

Secret source code is a danger for IT security

Control software for a nuclear power plant and no one may check the source code? Sounds like a bad idea, but this would also be legitimized by TiSA. No software and service provider may be forced to let another Party look into their source code because of regulatory requirements.

Picture: CC BY-SA 2.0 via flickr/MarcelG, Editing by wetterfrosch
Picture: CC BY-SA 2.0 via flickr/MarcelG, editing by wetterfrosch

At the beginning, there has still been an exception for critical infrastructure that has vanished by now. Next to nuclear power plants, waterworks or alike there is a concrete danger for IT security: If one imagines network components like routers that have unrevealed security vulnerabilities for a long time because no one is allowed to audit the source code, many people could be affected by security breaches at once. Not to mention secret backdoors and implanted surveillance interfaces for secret services.

What now?

The inital plan was to conclude the negotiations for TiSA in December. This is not going to happen. One of the reasons is the election of Donald Trump as future President of the US. The US negotiators do not know how to proceed because they are not aware of Trump’s position towards TiSA. According to insiders in Geneva this is one of the reasons why the next negotiation round in December has been cancelled.

Another reason for the delay is the missing position of the EU regarding data protection. Due to the discrepancies amongst the member states, no joint position was developed for a long time. If the EU buckles now and grovels to the will of the US, it will not be credible anymore. It would give up the accomplishments of the new EU General Data Protection Regulation and rank a free trade agreement with unclear economic benefits higher than the protection of fundamental rights.

10 Ergänzungen

Dieser Artikel ist älter als ein Jahr, daher sind die Ergänzungen geschlossen.