A February 2015 draft of the secret Trade In Services Agreement (TISA) was leaked again last week, revealing a more extensive and more recent text than that of portions from an April 2014 leak that we covered last year. Together with the Trans-Pacific Partnership (TPP) and the Trans-Atlantic Trade and Investment Partnership (TTIP), TISA completes a trifecta of trade agreements that the administration could sign under Fast Track without full congressional oversight.
Although it is the least well-known of those agreements, it is the broadest in terms of membership. As far as we know, it presently includes twenty countries plus Europe (but notably excluding the major emerging world economies of the BRICS bloc), who, with disdainful levity, have adopted the mantle “the Really Good Friends of Services”. Like its sister agreements, TISA will enact global rules that impact the Internet, bypassing the transparency and accountability of national parliaments. The only difference is that its focus is on services, not goods.
In our previous analysis, we focused our attention on two points from the leaked text. The first was a provision that would prohibit democratically-elected parliaments from enacting limits on the "free flow of information" to protect the privacy of their citizens—limits that, we argued, should be debated publicly, not behind closed doors. The second was text on net neutrality, that would lock in a particular set of global rules on net neutrality, including an open-ended exception for “reasonable network management” that could become a loophole for exploitation. Those provisions remain in the new leaked draft.
But the latest leak has revealed more. The agreement would also prohibit countries from enacting free and open source software mandates. Although “software used for critical infrastructure” is already carved out from this prohibition (and so is software that is not “mass market software”, whatever that means), there are other circumstances in which a country might legitimately require suppliers to disclose their source code.
For example, one step that might be considered to improve the dire state of security of consumer routers might be to require that they be supplied with source code, so that their security could be more broadly reviewed, and third parties could contribute patches for critical vulnerabilities. Although that may sound radical, this is already required for many routers because they are based on software covered by the GNU General Public License. TISA would prohibit any such national initiative.
As in the TPP, and expanding on the earlier leaked draft, TISA also includes a prohibition on laws that require service providers to host data locally, which some countries have used to protect sensitive personal information, such as health data, from being snooped upon on foreign soil. There are arguments for and against such laws, and it is inappropriate that a secretive international agreement such as TISA should preempt these important debates.
The agreement would also require countries to introduce anti-spam laws. Although spam is bad, that doesn't necessarily make anti-spam laws good. In practice such laws have generally been ineffective at best, and ripe for abuse at worst. As such, we believe that it would be a legitimate choice for a country to decide not to tackle this blight through legislation—a choice that TISA would remove from them.
These examples only scratch the surface of TISA, yet they are enough to demonstrate a common problem that also affects the TPP and TTIP—that they are locking in a very specific rules for the Internet that the member countries may regret later. Locking in national laws through international law is something to be done sparingly. If it is done at all, then it should be through a transparent process that allows for users to have a voice—a process at least as open as that by which WIPO concluded the Marrakesh Treaty for the Blind.
What we have here is the very antithesis of that. The closed-door TISA negotiations are designed to set some very technologically-specific rules in stone—rules that will bind signatory countries for decades to come. Users and other stakeholders are completely excised from this process, and even our democratically elected representatives are being kept in the dark.