Not content to simply publish National Security Agency intelligence briefs, WikiLeaks has also released its second round of leaked drafts from the Trade in Services Agreement (TISA) negotiations. For the first time, the group also released the “Core Text”—the primary guiding document part of any trade negotiations.

Nearly a month ago, the group released the first round of 17 secret documents. The main participants in the treaty deal are the United States, the European Union, and 23 other countries including Turkey, Mexico, Canada, Australia, Pakistan, Taiwan, and Israel, which together comprise two-thirds of global GDP.

The TISA has been criticized by labor and advocacy groups, particularly with respect to some of its tech-related draft provisions. The leak comes just days before the next scheduled round of talks to open on July 6 in Geneva, Switzerland.

The new tech-related language in these leaked drafts includes revisions on data protection and national security policy. According to a new 18-page analysis provided by Burcu Kilic of Public Citizen and Tamir Israel of the Canadian Internet Policy & Public Interest Clinic, those revisions contain some questionable provisions.

To serve and protect

The document is a bit difficult to read as it contains various bracketed portions, articulating various countries’ negotiating positions as represented by two-letter codes such as KR for South Korea, CA for Canada, and TW for Taiwan, and so forth.

For example, there's this section in the TISA Annex on Electronic Commerce:

[KR: Regarding the article on movement of information, Korea is of the view that any movement of information arising from the actions of a service supplier must be based on “informed consent.” Informed consent refers to the idea that individuals supplying their personal information to service suppliers have full protection and recourse under the law in regards to the usage of their personal information provided to service suppliers. This should be appropriately reflected in the language of the article. HK: The movement of information should be without prejudice to the domestic regime for the protection of personal data and be based on informed consent.] [CA/TW/CO/JP/MX/US propose: No Party may prevent a service supplier of another Party [CO/JP propose: or consumers of those suppliers,] [CA/CO/JP/TW/US propose: from transferring, [accessing, processing or storing] information, including personal information, within or outside the Party’s territory, where such activity is carried out in connection with the conduct of the service supplier’s business.]

Kilic and Israel write:

Data protection laws exist to strike a balance between the rights of individuals to privacy and the ability of businesses to use data for the purposes of their business. This provision provides grant freedom to business on how they use the data (including personal information) without being subject to restrictions. Governments may not be able to ensure that data is processed fairly and lawfully or obtained only for specified and lawful purposes. Since there will be no control over the data, it will not be possible to check whether the data is kept longer than is necessary or for the purposes for which it is processed. It is not clear what would happen in case of unauthorized or unlawful processing, or accidental loss or destruction of, or damage to, personal data. This provision allows for the cross-border transfer of data to a country or territory without confirmation that the country maintains an adequate level of protection for the rights and freedoms of individuals.

The European Union, though, claims on its website that its strong data protection laws will not be undermined as part of the agreement: “Nothing in TiSA would stop a country from applying its confidentiality or data protection laws.”

Staying mum

Another curious provision is the American-proposed section on national security:

Article 14 [US propose: Nothing in Section III (Electronic Commerce) shall be construed to prevent any Party from taking any action which it considers necessary for the protection of its own essential security interests.] [CO/JP would like to clarify the meaning of “essential security interests” in paragraph 1 of this article.] [KR: Korea would like to have greater discussion on what is meant by “essential security interests” in this article.]

The United States clearly wants to preserve its national security infrastructure and be able to snoop on individuals and companies, as the Snowden revelations have demonstrated.

Kilic and Israel conclude:

This US proposed exception protects the right of a government to take any action it deems necessary to protect its essential security interests. The provision makes no provision for limitations or reservations. When applying these exceptions, governments should weigh the harm to the public interest. The national security exception is self-judging. The US has refused to submit to any dispute that has challenged its use of a similar, but weaker provision under the [General Agreement on Trade and Tariffs] and in the [World Trade Organization].

Of course, discussion of the TISA would not really be possible without the entire set of drafts being linked in the first place. After all, it’s difficult to provide outside analysis when the negotiating documents are secret to begin with, despite the European Union’s insistence that they are not. “Trade negotiations are not held in public, but they are not secret,” the EU says.