Secret financial services agreement exposed by WikiLeaks threatens personal data
While the Trade in Services Agreement Financial Services Annex document leaked overnight doesn’t quite justify some of the headlines it has attracted, there is plenty in the draft that is deeply concerning.
The draft was released by WikiLeaks, which also released a working draft of the Trans-Pacific Partnership last year. Julian Assange and his tiny staff might be hampered by his embassy exile and have not repeated the kind of hammer blow to secrecy of Chelsea Manning’s cables and videos, but they’re still putting traditional media outlets to shame.
What the FSA document does is propose the freezing of financial regulation, and a kind of downwards ratcheting — if Australia chose to liberalise its four-pillar policy, for example, the agreement would prevent us from restoring the status quo ante. Moreover, as Professor Jane Kelsey of the University of Auckland points out in an accompanying analysis, Australia has adopted a different position on freezing, or “standstill”, as the draft calls it, to the United States and the European Union: Australia wants standstill to apply from the moment the agreement comes into force, not right now, giving it time to introduce further financial regulatory measures.
But as Fairfax’s Peter Martin correctly explains today, the draft inserts an international dispute resolution clause that would allow other states and companies to take disputes out of Australian courts, a direct infringement of Australian sovereignty the Coalition, normally hot to trot on protecting all things border-related, appears to have no qualms about.
A related and potentially even more serious issue is what the draft proposes for personal financial data. The United States is seeking to use the draft as a pre-emptive strike against data sovereignty moves in the wake of the Edward Snowden revelations. It has proposed:
“Each Party shall allow a financial service supplier of another Party to transfer information in electronic or other form, into and out of its territory, for data processing where such processing is required in the financial service supplier’s ordinary course of business.”
Whereas Europe wants to be able to protect data:
“Nothing in this paragraph restricts the right of a Party to protect personal data, personal privacy and the confidentiality of individual records and accounts so long as such right is not used to circumvent the provisions of this Agreement.”
And don’t be misled by a later section on “Treatment of Information” — note how it is worded:
“Nothing in this Agreement shall be construed to require a Party to disclose information relating to the affairs and accounts of individual consumers or any confidential or proprietary information in the possession of public entities.”
That is, the agreement wouldn’t force a country like Australia to hand over data — it would merely prevent it from stopping foreign firms from sending data offshore.
The growing interest data sovereignty by a number of countries has the US deeply concerned — Brazil only dropped a proposed law for data on Brazilians to be kept within the country’s borders at the last minute in March. Not only would such requirements severely affect US cloud providers and companies that are already regarded internationally as, essentially, honeypots for the National Security Agency, but it would also make it more difficult for the NSA and other institutions engaged in mass surveillance to obtain personal information on non-US citizens from compliant US companies. Financial data is regarded as critical by the NSA, and we know that it has worked hard to undermine SSL encryption commonly used in online banking (yet another example of how efforts to make us more secure in fact directly make us less secure).
Page 1 of 2 | Next page