Hacker News new | past | comments | ask | show | jobs | submit login

> 2. No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.

No Russian server situations


National data sovereignty would be restricted by TPP, if enacted into law, http://www.zdnet.com/article/tpp-moves-toward-killing-off-go... & https://blog.ffii.org/a-license-to-spy-cross-border-data-flo...

"Governments ... will be unable to force companies from those countries to store government data in local datacentres ... governments will not only be prevented from mandating data sovereignty provision, they will also be unable to demand access to source code from companies incorporated in TPP territories."

Wow. So this would mean that it is illegal to even require something like a safe haven for your own data?

TPP is an agreement between governments and corporations. Corporations could make individual agreements with their supplier corporations, where they could impose privacy conditions for data storage and jurisdiction. But this would be difficult for small businesses to negotiate. In Europe, the proposed TISA trade treaty text on data sovereignty is in conflict with EU law, https://www.techdirt.com/articles/20141217/09013129465/new-t...

"For the European Union, that's a hugely sensitive issue. Under data protection laws there, personal data cannot be sent outside the EU unless companies sign up to the self-certification scheme known as the Safe Harbor framework.

  TISA Article X.4: Movement of Information 

  No Party may prevent a service supplier of another Party 
  from transferring, accessing, processing or storing 
  information, including personal information, within or 
  outside the Party's territory, where such activity is 
  carried out in connection with the conduct of the service 
  supplier's business."
http://www.euractiv.com/sections/infosociety/dont-forget-big..., "It is one thing to have free data flows in the EU, where our own institutions make the rules for data protection and we can develop our technological sovereignty, but quite another to have free data flows across the Atlantic without adequate US rules for the treatment of European data ... Data about our condition and behaviour are assets ... they constitute a new asset class, which Harvard professor Shoshana Zuboff calls “surveillance assets.”

> TPP is an agreement between governments and corporations.

Since when are corporations party to a treaty? While the TPP is a huge push toward corporate sovereignty by diluting the power of governments, this is a trade agreement between nations. Just because the treaty is effectively governments hading power over to corporations (sorry, "investors"[1]) doesn't mean those corporations ratify the TPP.

[1] Investor-State Dispute Settlement? Just investors, not corporations in geneal or "other non-state actors"? This isn't even trying to hide that it's all about free movement of capital. Get ready to watch even more money flow out of the country.

While corporations may not officially ratify TPP, corporate lawyers (a) helped draft the treaty text, (b) had online access to drafts, while elected US government representatives had to read in a locked room, without taking notes, without their trade/legal staff, without a phone, (c) will be the people staffing future World Bank ISDS "courts" that can force governments to pay fines to corporations, https://youtube.com/watch?v=AABOIcXZZwg

The only force that can now stop ratification are the many corporations who did not receive TPP handouts and special TPP privileges for their legacy business models. Since citizens cannot effectively lobby government, the only recourse left is for citizen employees to lobby corporations who can lobby government. If you work in a technology company, ask your company to take a public stand on TPP. Ask Wikipedia to go dark in alternating 30 minute slots, to raise awareness about TPP. Look at examples where SOPA was brought to public attention.

Remember that the lead TPP negotiator is ex-Citibank, http://www.commondreams.org/news/2015/05/28/us-trade-rep-wal..., "Noting deep ties between the country's top trade negotiator and Wall Street banks, ten groups representing millions of Americans are calling on the White House to make public all communications between U.S. Trade Representative Michael Froman and the massive financial institutions that stand to benefit from proposed trade deals."

For more on lobbyists, http://www.ip-watch.org/2015/06/05/confidential-ustr-emails-..., ".. Many of the industry representatives are themselves former USTR officials ... Jim DeLisi of Fanwood Chemical said he had just seen the text on rules of origin, and remarked, “Someone owes USTR a royalty payment. These are our rules … This is a very pleasant surprise."

> Wow. So this would mean that it is illegal to even require something like a safe haven for your own data?

But safe haven is silly. I'm French and I don't care about my data being stored in the US. Why should the government force me to store my data in France? People who want to store their data in France only should be free to do so of course but why bring the government into the equation? Besides, safe haven is incompatible with reality where data is being live replicated across the world to make access to it faster depending on who is accessing it and what timezone they're in.

>I don't care about my data being stored in the US

Because uninformed consent is not consent and most people do not give informed consent to their data being stored overseas as they are not aware of all the laws and regulations that apply to it.

Unless we do want to say that uninformed consent is still consent, but what kind of problems does that create?

What would you consider informed content? Is specifying in the T&C that your data will travel worldwide enough? Should you get an email everytime your data is stored abroad or if you have a friend in Russia and he wants to see your profile, should he get very slow page load because data can't be replicated in Russia? That sounds like turning user experience into a horrible mess to me. Surprised people on HN would advocate that.

Caveat emptor.

Is a shining example of a failed economic principle which has caused unmitigated disaster whenever it is employed and is immediately rolled back by any group of human beings who care at all about what's good for anyone in the group.

Not so true. With the internet it's easier to learn about the reputation of a vendor, so much so that many vendors are confident enough to offer return policies that go beyond what the law requires and most people rely more on these reviews than whatever refund policy vendors offer anyway.

I'm sure that you will be greatly comforted by a return policy or the fact that a company had to spend a few dollars to hire an Internet PR consulting firm or buy off yelp to smooth over any temporary loss in brand loyalty that occurs when they, say, don't properly care for their meat and people die from eating it. Or when they put poison in their children's toys because it's cheaper to make them that way and kids die.

It as a method generally works when consumers are aware of all of their options, do their research and stay informed about every single economic purchase they make throughout every moment of their lives, and the consequences of a bad choice are not serious. So nowhere in the real world.

And it's not so horrible when the choices don't matter: when none of them are harmful, and we're simply deciding based on quality. It's still bad, but we tolerate it because nobody dies from it.

You're implying that businesses only care about absolute profit with absolute no care for the customer experience whatsoever to the point of poisoning their kids and killing them on the spot. You either have never run a business or must be a horrible business person.

I'm implying that businesses do what is most profitable. If a certain business leader has an inconvenient moral compass they will, eventually be replaced or undercut by those willing to get their hands dirty. This is unfettered 'caveat emptor' capitalism. I'm not advocating it or saying it's good (the opposite, rather).

But you are acting like this is some mustache-twirling unrealistic liberal fantasy of an evil business person who does this -- not so. This happens ALL THE TIME in real life. People build cars that explode because it's too expensive to build them correctly. The poison on kids toys is not something I invented it is literally a real example from a number of years ago. This behavior is the inevitable consequence of 'caveat emptor' -- thank god we don't employ this awful principle anymore.

In a relationship, it's important to keep the power and the culpability/responsibility divvied up in equal proportions. If you're the powerful one in the relationship, you're also the responsible one. When you are a consumer you have zero power and zero information. You are a consumer of so many things coming from so many different industries you cannot be informed about them. You cannot become an expert on the toilet paper industry, you can simply watch ads and go to the store and pick based on garbage information fed to you by PR firms. Compared to the company selling it, staffed with hundreds of experts who live and breathe the toilet paper industry you are an infant. If they use this asymmetry to abuse or exploit you the culpability lies with THEM not with you. Caveat vendor.

But we aren't talking about just buying something, but consenting to the partial sell of your own information. Think of it like a child not being allowed to sell some object of great value they posses without parental approval because of how easily they can be misled about its value and uses.

Because governments have national security interests and need to be realistic about allowing their citizens to keep sensitive information in the hands of potential adversaries. If the US or Russian government can blackmail a computer technician into "accidentally" leaving a back door open because the technician is secretly gay and they know this because of an analysis of his Facebook messages, then this is a threat that the state may want to minimize.

That's true if you consider individual liberties to be less important State interests I guess, which is not my opinion.

Remember you are often storing data which concerns other people e.g. messages, address books and other PID

If people are storing data online that could be a risk to their lives or the life of their loved ones, then they should either not upload this data at all or strongly encrypt it before uploading such data. Whether it's stored in their own countries or abroad, criminal hackers don't care about borders.

It's not that simple at all - for example the recent finding that even using your own mailservers, half your mail would be going through google. As networking increases, data is becoming little more compartmentalised than the air we breathe - and we reasonably require pollution safeguards which everyone needs to adhere to

Governments have different privacy protections. A company choosing to operate in Country A should obey the laws of that country. Operating in Country A, but sending the data to Country B which has much less strict data protection laws means people in Country A suffer.

What was the point of the government of Country A making their data protection law if there's no way of enforcing those laws?

So if I have a friend in Country B and I'm in country A on facebook, she will not be able to access my profile info without downloading the info from across the world because the data can't be replicated to her country leaving her with a horrible slow user experience? Sounds like turning the internet into a UX horror story and inefficient mess to me.

A lot of major web companies already cache at different geolocations, to lower latency.

What? No, safe harbour means the data can be replicated to different countries.

Then what's to prevent Country B to access data replicated in its borders?

That would be one way to look at it. The other way is that companies can put their data wherever they like.

> their data

That’s the issue. User data always is the users data, the company merely has the license to store and access it.

Retroactive more permissible licenses are also not okay.

They mostly can, except for certain sensitive information. Some things should be regulated - I'm glad there are safety standards, and this is a (very basic) safety standard for data.

No, if I read right, it would mean that the government cannot require you to store your data within your government's jurisdiction.

That clause is just to undermine the European Union data directives.

Which is, funnily, not possible, because the EU original treaties (which are not really changeable) contradict these treaties.

Meaning, the treaty could not be ratified as long as the clause is valid. The question is now if the clause is null and void, or the whole treaty will be null and void (as in the case of Safe Harbor)

And it's an agreement for countries in the Pacific. Not for any countries in the EU.

Sort of, but you would still be required (I believe) to have a worker in Europe to look at any personally identifiable information of any European, even if the data is actually in the US.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact