Fear, and loathing uncertainty
While we aren’t quite sure whether America is great again yet, what we are sure of is there is still a distinct air of the chaotic about the whole thing, with shades of farce, tragedy and worse coming from leaks, ‘informed sources’ and Sean Spicer.
However, one thing that sparked some interest for the tech world was a provision of the “Enhanced Public Safety” order that said:
“Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
This Section 14 provision would appear to allow “agencies” which is sure to include the good men and women of the NSA, FBI, CIA etc, with the ability to do as they will with personal identifiable data (PID) of on-US citizens, irrespective of their status.
Kieren McCarthy over at the Register takes it up and gives a rather excellent analysis of the facts and concludes that while this would appear to defenestrate the EU-US Privacy Shield, a later clarification by the EU Commission would appear to counter this and that for now Privacy Shield will stand and give the protections EU Citizens were promised.
“This going back to zero has many in the industry deeply worried. Will other countries be willing to engage with a United States that will not offer the same safeguards on PID of non-US citizens as it does for its own?”
However, episode may well be a good example of the law of Unintended Consequences. It is highly improbable in creating this order that the Trump administration was thinking about anything other than making provision for its intelligence services to get access to data that suits the administration’s agenda. The knock-on effects for the citizens of a political entity and trading block outside the US, even of the magnitude of the EU, is unlikely to have been present, let alone uppermost in the mind of the instigator of this order.
Further to this is President Trump’s executive order nullifying the Trans-Pacific Partnership trade deal.
As pointed out in this article by Kenneth Corbin on the IDG News Service, the deal had extensive provisions for various kinds of trade, digital being one of them.
Quoted in the piece is Claude Barfield, resident scholar at the American Enterprise Institute. The institute is described as a conservative think tank.
“Basically, it was the first [step] in terms of important international agreements that began to set a legal foundation for digital trade. And now with the TPP being gone that has now been swept away. So, the Trump administration is starting from zero, as it were, in terms of digital trade rules with whatever else it does.”
This going back to zero has many in the industry deeply worried. Will other countries be willing to engage with a United States that will not offer the same safeguards on PID of non-US citizens as it does for its own? How will cross-border data exchanges work where US intel agencies have no obligation to preserve rights?
How will the likes of Google, Facebook, Twitter, operate in such an environment? And perhaps more importantly, how will AWS, Azure and the entire cloud computing market operate?
Will firm’s risk their confidential and intellectually sensitive data when they suspect, or know outright, that it will not have appropriate safeguards in the hands of US companies?
Cloud computing has been about breaking down barriers, in infrastructure, operations, applications and availability. It has broken down silos, opened fences and allowed interoperability that has fostered entirely new ways of doing business. But if there is a whiff of the kind of risk that is being introduced by the actions and orders — intentional or otherwise — of a White House administration, will it lead to companies simply taking the safe option, and dealing with providers that do not fall under the control, or indeed, influence of the 45th US president?
Time will tell, but what is certain is that the uncertainty and risk associated will prompt action.