Six U.S. ambassadors published an open letter to the United States Congress on January 17 admonishing the disintegration of the Trans Pacific Partnership (TPP). They wrote that “walking away from TPP may be seen by future generations as the moment America chose to cede leadership to others in this part of the world and accept a diminished role.”
But the TPP had many cybersecurity holes. Its death, quickened when Vietnam’s Prime Minister Nguyen Xuan Phuc pulled out after Donald Trump’s presidential election, has global benefits.
Since the purpose of the TPP was the free flow and enhancement of trade, commerce took priority over security.
Regarding Internet governance, the TPP allowed for many loopholes in user safety, digital privacy, preservation of intellectual property, and government surveillance.
The TPP recommended a coordinated defense against fraud and identity theft that included electronic authentication, consumer protection law, and unspecified punishment for cyber espionage. However, the TPP undermined those security methods by also suggesting all Parties exchange information about user protection. Exchanging information about user protection undermines that protection because collaborating on malware mitigation adds vulnerabilities by exposing those holes. For example, sharing how a hacker damaged a company weakens that company.
Ross Schulman, senior policy counsel at New America’s Open Technology Institute, told FPA that if the defense against fraud and identity theft was “done while still respecting the privacy of users, and limits the transmission of that information, the two are not incompatible.” However, the TPP report did not specify how the Parties plan to reconcile defense and privacy.
The TPP’s emphasis on sharing raised questions about privacy. Transparency “of technical regulations” could provide more oversight to make sure the Internet is not overly regulated through censoring public content or secretly monitoring private online usage. On the other hand, the TPP Parties hoped to “share best practices,” which could weaken data protection and confidentiality. Also, nothing can “prevent law enforcement authorities from requiring… unencrypted communications,” which invalidates encrypting any messages in the first place.
Paul Tiao, a partner at Hunton & Williams and an expert in cybersecurity law, told FPA that there was merit in companies warning each other about cyber threats because that strengthens security for all. Tiao pointed out that “the fault line concerns sharing information about breaches” because of the reputational, legal, and fiscal implications of disclosing such information. Complicating this further, the TPP did not specify what information should be shared and how much, so each country could have participated to whatever extent it desired.
Sharing these ideas may have created added communications regulations. The TPP members believe intellectual property rights benefit business and vaguely encouraged all Parties to draft regulations to protect those rights. According to Schulman, “the TPP, as many international treaties have done over the years, has gone altogether too far in favor of expanding controls on freedom of communication in the name of intellectual property.”
Accessibility was important to the TPP. The report promised “that no condition is imposed on access to and use of public communications networks and services” except to “protect the technical integrity of public telecommunications networks or services.” That exception would have made an open Internet more confusing to maintain, since the provision gives telecommunications services the capacity to interpret at will what constitutes protection of technical integrity.
Internet Service Providers (ISPs) serve under Internet Corporation for Assigned Names and Numbers (ICANN) and has the ability to disable websites. The TPP Parties wanted “a rich and accessible public domain,” but also any restriction done “in good faith” will not make an ISP liable. Jeremy Malcolm, a senior analyst at a nonprofit organization advocating for digital freedoms, Electronic Frontier Foundation (EFF), points to Title 47 of the US Code for a country-specific example of ISPs’ independent power under the “Good Samaritan” clause. Title 47 places trust in actions done with good intentions, but as Malcolm told the FPA, “Good faith is not a hard test to satisfy.”