[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
INTERNATIONAL DATA FLOWS: PROMOTING DIGITAL TRADE IN THE 21ST CENTURY
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
COURTS, INTELLECTUAL PROPERTY,
AND THE INTERNET
OF THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
NOVEMBER 3, 2015
__________
Serial No. 114-49
__________
Printed for the use of the Committee on the Judiciary
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://judiciary.house.gov
______
U.S. GOVERNMENT PUBLISHING OFFICE
97-419 PDF WASHINGTON : 2015
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON THE JUDICIARY
BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr., JOHN CONYERS, Jr., Michigan
Wisconsin JERROLD NADLER, New York
LAMAR S. SMITH, Texas ZOE LOFGREN, California
STEVE CHABOT, Ohio SHEILA JACKSON LEE, Texas
DARRELL E. ISSA, California STEVE COHEN, Tennessee
J. RANDY FORBES, Virginia HENRY C. ``HANK'' JOHNSON, Jr.,
STEVE KING, Iowa Georgia
TRENT FRANKS, Arizona PEDRO R. PIERLUISI, Puerto Rico
LOUIE GOHMERT, Texas JUDY CHU, California
JIM JORDAN, Ohio TED DEUTCH, Florida
TED POE, Texas LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah KAREN BASS, California
TOM MARINO, Pennsylvania CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho HAKEEM JEFFRIES, New York
BLAKE FARENTHOLD, Texas DAVID N. CICILLINE, Rhode Island
DOUG COLLINS, Georgia SCOTT PETERS, California
RON DeSANTIS, Florida
MIMI WALTERS, California
KEN BUCK, Colorado
JOHN RATCLIFFE, Texas
DAVE TROTT, Michigan
MIKE BISHOP, Michigan
Shelley Husband, Chief of Staff & General Counsel
Perry Apelbaum, Minority Staff Director & Chief Counsel
------
Subcommittee on Courts, Intellectual Property, and the Internet
DARRELL E. ISSA, California, Chairman
DOUG COLLINS, Georgia, Vice-Chairman
F. JAMES SENSENBRENNER, Jr., JERROLD NADLER, New York
Wisconsin JUDY CHU, California
LAMAR S. SMITH, Texas TED DEUTCH, Florida
STEVE CHABOT, Ohio KAREN BASS, California
J. RANDY FORBES, Virginia CEDRIC RICHMOND, Louisiana
TRENT FRANKS, Arizona SUZAN DelBENE, Washington
JIM JORDAN, Ohio HAKEEM JEFFRIES, New York
TED POE, Texas DAVID N. CICILLINE, Rhode Island
JASON CHAFFETZ, Utah SCOTT PETERS, California
TOM MARINO, Pennsylvania ZOE LOFGREN, California
BLAKE FARENTHOLD, Texas STEVE COHEN, Tennessee
RON DeSANTIS, Florida HENRY C. ``HANK'' JOHNSON, Jr.,
MIMI WALTERS, California Georgia
Joe Keeley, Chief Counsel
Jason Everett, Minority Counsel
C O N T E N T S
----------
NOVEMBER 3, 2015
Page
OPENING STATEMENTS
The Honorable Darrell E. Issa, a Representative in Congress from
the State of California, and Chairman, Subcommittee on Courts,
Intellectual Property, and the Internet........................ 1
The Honorable Jerrold Nadler, a Representative in Congress from
the State of New York, and Ranking Member, Subcommittee on
Courts, Intellectual Property, and the Internet................ 3
The Honorable Bob Goodlatte, a Representative in Congress from
the State of Virginia, and Chairman, Committee on the Judiciary 4
The Honorable John Conyers, Jr., a Representative in Congress
from the State of Michigan, and Ranking Member, Committee on
the Judiciary.................................................. 5
WITNESSES
Ambassador Peter Allgeier, President, Coalition of Service
Industries (CSI)
Oral Testimony................................................. 12
Prepared Statement............................................. 15
Robert D. Atkinson, Ph.D., Founder and President, The Information
Technology and Innovation Foundation
Oral Testimony................................................. 22
Prepared Statement............................................. 24
Victoria Espinel, President and CEO, BSA | The Software Alliance
Oral Testimony................................................. 46
Prepared Statement............................................. 48
Ed Black, President & CEO, The Computer & Communications Industry
Association
Oral Testimony................................................. 54
Prepared Statement............................................. 56
Mark MacCarthy, Senior Vice President, Public Policy, Software &
Information Industry Association
Oral Testimony................................................. 73
Prepared Statement............................................. 75
LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING
Material submitted by the Honorable John Conyers, Jr., a
Representative in Congress from the State of Michigan, and
Ranking Member, Committee on the Judiciary..................... 8
APPENDIX
Material Submitted for the Hearing Record
Prepared Statement of Edward M. Dean, Deputy Assistant Secretary
for Services, International Trade Administration, U.S.
Department of Commerce......................................... 120
Prepared Statement of Nuala O'Connor, President and CEO, Center
for Democracy & Technology; and Gregory T. Jojeim, Director,
Freedom, Security & Technology Project, Center for Democracy &
Technology..................................................... 124
Letter from Michael Beckerman, President & CEO, The Internet
Association.................................................... 130
Letter from Daphne Keller, Director of Intermediary Liability,
Center for Internet and Society, Stanford Law School........... 133
Response to Questions for the Record from Ambassador Peter
Allgeier, President, Coalition of Service Industries (CSI)..... 137
Response to Questions for the Record from Robert D. Atkinson,
Ph.D., Founder and President, The Information Technology and
Innovation Foundation.......................................... 139
Response to Questions for the Record from Victoria Espinel,
President and CEO, BSA | The Software Alliance................. 140
Response to Questions for the Record from Ed Black, President &
CEO, The Computer & Communications Industry Association........ 142
Response to Questions for the Record from Mark MacCarthy, Senior
Vice President, Public Policy, Software & Information Industry
Association.................................................... 146
INTERNATIONAL DATA FLOWS: PROMOTING DIGITAL TRADE IN THE 21ST CENTURY
----------
TUESDAY, NOVEMBER 3, 2015
House of Representatives
Subcommittee on Courts, Intellectual Property,
and the Internet
Committee on the Judiciary
Washington, DC.
The Subcommittee met, pursuant to call, at 1 p.m., in room
2141, Rayburn House Office Building, the Honorable Darrell E.
Issa (Chairman of the Subcommittee) presiding.
Present: Representatives Issa, Goodlatte, Collins, Smith,
Chabot, Jordan, Poe, Marino, DeSantis, Nadler, Conyers, Chu,
DelBene, Jeffries, Cicilline, Peters, Lofgren, and Johnson.
Staff Present: (Majority) Vishal Amin, Senior Counsel; Eric
Bagwell, Clerk; and (Minority) Jason Everett, Minority Counsel.
Mr. Issa. The Committee will come to order.
Today's hearing concerns digital trade, and specifically
cross-border data flows. The modern economy requires data flow
and to flow freely.
Individuals and businesses rely on technology and the
efficient and reliable movement of data across borders. The
recent decision by the European Court of Justice, invalidating
the 15-year-old Safe Harbor Agreement between the United States
and the European Union, created uncertainty that's bad for
business everywhere. We hear that a new Safe Harbor Agreement
is imminent. But if an agreement is not reached by the end of
January 2016, then the consequences for transatlantic data flow
and business operations could be dire.
To help us reach a new agreement with the EU, the House
passed a Judicial Redress Act last month. Though it still
awaits Senate action, it is a strong move by the House to
support--in support of reaching this vital agreement.
But cross-border data flow are not simply a transatlantic
issue. They also figure prominently in the Trans-Pacific
Partner Agreement, or TPP. As we consider digital trade issues
more globally, it is important to view the tactics being used
to restrict it as much as any other point of it. The trade
barriers being used to restrict cross-border data flows are
simply nontariff trade barriers. By any other name, it is
protectionism, and it hurts U.S. competitiveness; it hurts the
very countries who are implementing these protectionist
agreements, and ultimately, it will hurt global trading with
all the partners who depend on data free flow in a 21st
Century.
These trade barriers include localization requirements for
cloud computing. That means that instead of harnessing the
economies of scale that come from a cloud, companies will be
forced to house in facilities in individual countries,
resulting in duplicative infrastructure and higher costs. Let
us bear in mind that a location anywhere on the face of the
earth is a location everywhere on the face of the earth. And
many countries seem to ignore that in favor of basically an
infrastructure construction project being mandated in their
country.
And it's not just technology companies that can be harmed
by these types of digital trade barriers. In the financial
services industry, banks use a security practice known as
charting, that splits a single customer's information into
discreet packets that are stored in multiple locations to
prevent a hacker from compromising it. By its very definition,
this practice would be impossible without the free flow of
data.
In July, we held a hearing on The Internet of Things, or
IOT. This new era of technology relies on sensors transmitting
data to a cloud for analysis. If the data cannot flow freely
around the globe, then The Internet of Things technologies will
not be as successful as they could be, and, in fact, could
restrict many of the technologies already implemented in The
Internet of Things.
If countries are allowed to unduly restrict data flow, what
is to stop them from creating new market access requirements
that require companies to share source code, trade secrets,
utilize--utilize or source solely from local companies, and
more absurdly, force U.S. studios to alter their story line of
a movie as a condition of market access.
The last one isn't that absurd. A report published just
last week by the U.S.-China Economic and Security Review
Commission, explains just how China regulator--China's
regulators do just that as a condition of market access.
As this Committee works to promote digital trade, we are
continuing a long battle against market access barriers that
take surprisingly, and oftentimes, strange forms.
Though the issues can oft-times seem complex, the goal here
is to actually make this simple and understandable for the
American people to ensure free and fair trade, improving U.S.
competitiveness globally.
Digital trade helps drive the modern economy, and I look
forward to our witnesses today and a healthy debate on these
issues.
Last but not least, it goes without saying that no one owns
data in a global environment exclusively. An economic
transaction for an American who is traveling in a foreign
country, requires a look-back to their country. If the United
States refuses to provide that data, while another country
refuses to provide the information as to what is being bought
or what service is being procured, then, in fact, you have a
standoff; I won't let my data flow to you to tell you what
customer X is buying, and you won't tell me if customer X can
pay for it. Can you imagine trying to travel with a MasterCard
or a Visa or an American Express that simply couldn't cross
international lines? Sounds absurd? Not if everyone says, my
data is mine, and I won't share.
And with that, I recognize the Ranking Member for his
opening statement.
Mr. Nadler. Thank you, Mr. Chairman.
Today's global economy is largely a digital economy. Thanks
to the Internet, massive amounts of data can be sent across the
global in an instant, connecting businesses and consumers
alike. The ability to easily transmit data at low cost
throughout the world has spurred tremendous innovation and
fostered significant economic growth. But various countries
have erected barriers to the free flow of data across borders.
Some of these restrictions are intended to stifle dissent and
free speech. Some are purely protectionist in nature, or some
are for other policy reasons, such as protecting the privacy of
a country's citizens.
Today's hearing presents a good opportunity to examine what
rules should govern the international flow of data, and what
role the United States can play in establishing and enforcing
these policies.
When we talk about cross-border data flow, it could be
something as simple as someone in a New York office of a multi-
national bank and emailing a colleague in the bank's Hong Kong
office. It could also be someone sitting in Paris accessing
their Facebook account, or logging onto iTunes and downloading
movies and songs contained on American servers.
But it also has much more complex applications. Cloud
computing allows businesses and consumers to store data and
service that could be located anywhere in the world. And some
global businesses gather data across their worldwide operations
to a centralized location where it can be analyzed to better
stream their supply chain or improve service to their
customers.
Companies of every shape and size, and across nearly every
industry, rely on data that crosses international borders at
some point along its journey. That is why it's important that
we carefully examine any restrictions that might impede the
free flow of data.
Some restrictions, like those that block access to social
media or filter out political dissent, are clearly improper,
and threaten the human rights of those countries and citizens.
America should continue to lead the world in opposing
oppressive regimes that stifle the freedom of their people.
Other restrictions, like those requiring a company to
process data domestically, or to locate certain infrastructure
in-country, are often intended to bolster domestic companies.
Many of these restrictions can be removed in the context of
trade agreements.
But I have been a persistent critic of some such
agreements, in part, because of their devastating impact on
American jobs, and we should tread carefully in the digital
realm before we make some of the same mistakes we have made
with physical goods.
More complicated to address the limitations on data flow,
the countries impose to advance other policy goals, like
privacy protection. Finding the right balance between
protecting the needs of American businesses, respecting the
legitimate policies of other Nations, and to ensure that other
countries respect ours is not an easy task. That was made clear
by the recent decision by the Court of Justice of the European
Union to invalidate the U.S. EU Safe Harbor framework. This
important agreement enabled more than 4,000 American businesses
to transfer the personal data of EU citizens to the United
States if the company certify that they would comply with
certain adequacy requirements to protect personal privacy.
The court, however, determined, in part, that because the
Safe Harbor scheme only applies to companies and not public
authorities, there was not adequate protection for EU citizens
from U.S. surveillance activities, and the entire agreement
was, therefore, invalidated.
The court also found that EU citizens do not have
sufficient remedies under U.S. law if their privacy rights
after a transfer are violated.
The gentleman from Wisconsin, Mr. Sensenbrenner, and the
distinguished Ranking Member of the full Committee, Mr.
Conyers, deserve great credit for working to address the second
issue by drafting the Judicial Redress Act, which will provide
important privacy protections for EU citizens under U.S. law.
The Judicial Redress Act has already passed the House, and
I hope the Senate will take it up shortly. I also appreciate
the U.S. Department of Commerce, which is hard at work
negotiating a new Safe Harbor Agreement. I hope a new agreement
is reached soon, but I also hope that Congress will view this
incident as a wake-up call.
The USA Freedom Act took an important step in curtailing
surveillance activities, but we should go much further in
strengthening our privacy protections. It should not take a
European court to prod us into protecting our own citizens.
To ensure that businesses have the flexibility they need,
while consumers have the protections they deserve, the United
States must work with its partners in the global community to
set clear standards governing cross-border data flow. I look
forward to discussing what these standards ought to be with our
esteemed panel of witnesses today, and I yield back the balance
of my time.
Mr. Issa. The gentleman yields back.
I now recognize the Chairman of the full Committee, Mr.
Goodlatte, for his opening statement.
Mr. Goodlatte. Thank you, Mr. Chairman.
Today's hearing reflects a new twist on the same old song.
U.S. companies are at the forefront of the digital economy, and
as our companies look to operate globally, they face new and
novel nontariff trade barriers that could make it costly, or
near impossible, to operate overseas. As we work to promote
digital trade, we must work to make sure that the international
playing field is fair. When foreign countries attempt to raise
trade barriers ore put in costly regulations as a cost of doing
business, we need to call it out for what it is, a barrier to
free and fair trade.
We are now in a world where, on one side of the globe, the
United States has negotiated the Trans-Pacific Partnership
Trade Agreement, with rules promoting cross-border data flows
and preventing undue restrictions, such as localization
requirements.
And on the other side of the globe, we look at Europe,
which has invalidated a 15-year-old Safe Harbor Agreement. This
decision translates into uncertainty for thousands of American
companies doing business in Europe, which could have a ripple
effect on our economy.
As the United States and Europe continue to negotiate the
new Safe Harbor Agreement, we must understand that this is a
complex issue for all sides. And we are cautiously optimistic
that the Administration and our European allies will be able to
come to an agreement that eliminates uncertainty and allows
transatlantic commerce to continue.
In the House, we recently passed the Judicial Redress Act.
This bipartisan bill, awaiting Senate action, extends certain
privacy protections to citizens of European countries, as well
as other allied Nations if the Federal Government willfully
discloses information in violation of the Privacy Act. Under
this bill, citizens of designated countries will be extended
the core benefits of the Privacy Act, which already applies to
Americans, with regard to information shared with U.S. law
enforcement authorities, including the ability to bring a
lawsuit for the intentional or willful disclosure of personal
information.
This hearing is important because the rules of the road
that are considered on digital trade and data flows will either
promote or impede the growth of the Internet. A recent BSA
report stated that 90 percent of all of the world's data was
created in just the last 2 years. While an incredible
statistic, it also shows how important data and data flows are
to innovation and economic growth.
Localization requirements, such as forcing companies to
locate data centers in a particular country, defeat the whole
point of cloud computing. New technologies, like The Internet
of Things and cloud computing, rely on cross-border data flows.
Undue restrictions could prevent companies like Boeing and GE
from using IOT sensors in jet engines to send back real-time
data to their engineers in the United States.
For global diversified technology and manufacturing
companies, they would face the absurd situation of not being
able to move their own R&D data from country to country.
Restrictions on data flows fail to recognize the importance
of interconnected global supply chains, and the need for the
uninterrupted movement of data.
As this Committee continues to study this issue, it is
important for us to keep in mind the effects on public policy
today and in the future.
I am hopeful that the right policies will help fuel the
engine of American innovation, prosperity, and creativity. I
think we have a great panel assembled today, and I look forward
to hearing from all of our witnesses.
Thank you, Mr. Chairman.
Mr. Issa. The gentleman yields back. Thank you.
We now will hear from the Ranking Member of the full
Committee, the gentleman from Michigan, Mr. Conyers.
Mr. Conyers. Thank you, Chairman Issa.
I think this is a more important hearing than a lot of
people appreciate it. Certainly, that's the case of myself. And
to our distinguished list of panelists, we welcome you all,
particularly Dr. Atkinson. But I just want to get something out
about the digital trade, because the growth of our economy
relies on the expansion of the global digital economy, and
efficient cross-border data flow as digital trade becomes a
larger portion of the global economy. That's the heart of my
introductory comments.
According to the United States International Trade
Commission, a digital trade increased U.S. average wages and
helped create about 2.4 million full-time positions in 2011,
the same year digital trade also increased annual U.S. GDP by
4.8 percent.
As we hear from today's witnesses, which I welcome, I'd
like to have considered the following points: To begin with,
any discussion on digital trade and unrestricted cross-border
data flows requires a serious discussion on surveillance
reform. Earlier this year, a coalition of companies, trade
associations, civil rights organizations, wrote to the
leadership of both parties to outline the economic costs of the
significant erosion of global public trust in both the United
States Government, and the United States technology sector.
Their fears appear to have been prescient.
Last month, citing concerns about insufficient privacy
safeguards in the U.S. Court of Justice of the European Union
suspended the U.S. EU Safe Harbor framework that allows about
4,400 United States-based companies to move digital information
across the Atlantic. The decision is a reminder that we need to
have a thorough conversation about surveillance reform. Without
one, we cannot fully address eliminating restrictions on cross-
border data flow.
A couple of weeks ago, the House took a step toward a
fuller discussion by passing H.R. 1428, the Judicial Redress
Act, which our colleague, Jim Sensenbrenner, introduced, and I
was proud to be a cosponsor of.
The bill extends to the citizens of certain foreign
countries, privacy protection, and it will facilitate
information-sharing partnerships with law enforcement agencies
across the globe. This will save lives.
Although there is far more work to be done, I hope that our
allies will take our work on the Judicial Redress Act as a sign
of good faith and a first step.
We must continue to work to restore the public trust
necessary for the continued success of the United States
industry overseas, while protecting individual rights. Digital
trade and cross-border data flows are transforming how American
consumers and small businesses operate and interact. For
example, Ford Motor Company and Boeing, analyze, in real time,
digital data from their vehicles and aircrafts. This helps them
diagnose problems and quickly find solutions. This saves
consumers money and saves lives.
Similarly, small businesses depend on having efficient
cross-border data flow in digital trade. For example, digital
trade affords them the ability to expand into foreign markets.
Consumers rely on online payment processors, like PayPal, to
process their payments globally from purchases on online
platforms and small businesses.
Finally, the flow of data across international borders
presents a unique regulatory setting. Congress, the
Administration, foreign governments, and nongovernmental
actors, must provide solid consumer protections that safeguard
the development of these ever-increasing data flows. The smart
and thoughtful discussion I believe we ought have today will be
to illuminate barriers to future growth that we need to
consider and address. According to studies, restrictions like
data localization mandates hinder economic development in those
companies that erect barriers to digital trade. We should
examine how they affect consumers and the United States-based
businesses.
Still, some barriers are necessary to protect against the
digital trade of illegal goods and services, such as digital
piracy and the trafficking of child pornography.
I look forward with interest to having the witnesses at
today's hearing, and I thank the Chairman.
Mr. Issa. Thank you. The gentleman yields back.
Without objection, all----
Mr. Conyers. Mr. Chairman.
Mr. Issa. For what purpose does the gentleman seek
recognition?
Mr. Conyers. For the record, I would like to enter into the
record an ACLU report concerning the Subcommittee on Courts,
Intellectual Property, and the Internet hearing dated November
2, 2015.
Mr. Issa. Without objection, placed in the record.
Mr. Conyers. Thank you.
[The information referred to follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. You're most welcome.
Without objection, other members' opening statements will
be made a part of the record. We now move to our distinguished
panel for today.
The witnesses' written statements will be entered into the
record in their entirety, and I'd ask you to please summarize,
within 5 minutes or less, your opening statement.
To help us stay within the timing, as you may be used to,
you will see a red, yellow, and green light in front of you.
Please think of them like you do the lights that you never,
never run in your daily driving habits.
Before I introduce the witnesses, I would ask that all
witnesses please rise to take the oath pursuant to the
Committee rules. Raise your right hands.
Do you solemnly swear or affirm that the testimony you're
about to give will be the truth, the whole truth, and nothing
but the truth?
Please be seated.
Let the record reflect that all witnesses answered in the
affirmative.
Our witnesses today include Ambassador Peter Allgeier,
president of the Coalition of Service Industries; Dr. Robert
Atkinson, president of the Information Technology and
Innovation Foundation; Ms. Victoria Espinel, president and CEO
of BSA, the Business Software Alliance, or the Software
Alliance now as we want to call it; and Mr. Ed Black, president
and CEO of the Computer and Communications Industry
Association; and certainly never least, Mr. Mark McCarthy,
senior vice president of Public Policy for the Software &
Information Industry Association.
And with that, we'll go down, starting with the Ambassador.
Oh, and before you begin, I would note that we're going to go
about 5 or 10 minutes into when the bells ring, and then we'll
be gone for roughly half an hour, but we'll try to get through
as many witnesses as possible.
Ambassador.
TESTIMONY OF AMBASSADOR PETER ALLGEIER, PRESIDENT, COALITION OF
SERVICE INDUSTRIES (CSI)
Mr. Allgeier. Thank you very much, Mr. Chairman, Mr.
Ranking Member, and Members of the Subcommittee for allowing me
to participate in today's hearing.
The global economy today is in the midst of two revolutions
that are inextricably linked: The digital revolution and the
services revolution. And the United States is in the best
position to define the courses of these revolutions, and to
benefit from them if we follow appropriate policies, especially
in international trade.
Now, the services revolution is evident from the fact that
service is, by far, the largest source of jobs, of GDP, and of
job growth. And more importantly, they are the enablers of all
other sectors of the economy, including manufacturing,
agriculture, and energy.
At the center of the service's revolution, however, is the
second revolution, the digital revolution. And all services,
indeed, all parts of the economy, depend upon digital
communication within their own businesses, with their
customers, and with their suppliers. And the Internet, of
course, is emblematic of the digital revolution. This
revolution has enabled services to be delivered digitally
across borders to a degree that was unimaginable two decades
ago. But, the international rules and provisions governing
trade and services and digital trade have not kept up with
these developments. So they urgently need to be updated and
brought into line with the realities of a digitally-connected
world.
Now, as a number of the members already have said, many
countries do not share our entrepreneurial and technological
aptitudes and seek to get advantage by imposing legal
restrictions on the ability of a firm to manage and move its
own data across borders, or they impose requirements to store
data on local servers. A common measure by such countries is
for the government to require that foreign firms establish
facilities for storing and processing their data in the
jurisdiction that they are serving.
This tendency is particularly pronounced in regulated
sectors such as banking, insurance, and telecommunications.
These localization requirements essentially make cloud
computing services impossible. Examples of local data storage
and processing requirements abound, just, for example, in
Greece, in China, in India, in Russia, in Indonesia, and in
Malaysia.
So it is essential that our government oppose attempts, in
all sectors, to impose localization requirements on local
businesses. The opportunity to do so lies in the various trade
negotiations that are occurring now. The Trans-Pacific
Partnership, the Transatlantic Trade and Investment
Partnership, the Trade in Services Agreement in Geneva, and
also work in the World Trade Organization.
These negotiations should set the standards for digital
trade by, one, ensuring parties can transfer, access, process
and store data across borders; two, prohibiting parties from
requiring the establishment or use of local servers; three,
ensuring nondiscriminatory treatment of digital products and
services from other parties; and four, allowing parties to
regulate cross-border data flows for legitimate policy reasons,
but only within the accepted standards that are included in the
World Trade Organization in the GATS, the General Agreement on
Trade in Services.
So how are we doing with respect to using these trade
agreements? The TPP has made important progress in advancing
the objective of freedom for cross-border data flows and
prohibitions on localization requirements. However, it includes
one very disturbing exception to the prohibition on
localization requirements, and that is that financial services,
including banking and insurance, are excluded from the
localization prohibition. Every other business has that
prohibition in this agreement. But most disturbing is that this
exception was at the insistence of the U.S. Government, and
this misguided position gives our trading partners the perfect
political argument to impose such requirements on our
businesses.
What we need to do, in addition to fixing that, is to
ensure that we don't repeat that mistake in the negotiations
that are taking place elsewhere in the transatlantic
negotiations, and in the Trade in Services Agreement.
I'll just make one point about Safe Harbor, because that
also is something that is extremely important. Everybody knows
that that decision was just handed down by the Court of Justice
in Europe. Our member companies are very eager to work with the
Congress and the Administration to find a solution that
preserves our companies' ability to move data across the
Atlantic, but with appropriate respect for individuals'
privacy.
So thank you, Mr. Chairman and members. We very much
appreciate the opportunity to be part of this today, and
congratulate you on the attention that you are paying to this
issue. It's extremely important to the service industry, but
also to the economy more broadly. Thank you.
[The prepared statement of Mr. Allgeier follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you, Ambassador.
Dr. Atkinson.
TESTIMONY OF ROBERT D. ATKINSON, Ph.D., FOUNDER AND PRESIDENT,
THE INFORMATION TECHNOLOGY AND INNOVATION FOUNDATION
Mr. Atkinson. Good afternoon, Chairman Issa, Ranking Member
Nadler, Members of the Subcommittee. It's a pleasure to be here
today to talk about this critical issue. And in my written
testimony, I go into great length and detail on all the
economic benefits to both the global and the U.S. economy from
cross-border data flows, so I won't go into that too much, but
I want to make one point that a couple of others have made,
which is, this is not, quote, ``just a Silicon Valley thing.''
Cross-border data flows are critical to a wide variety of
industry, mining, agriculture, automobile production, finance,
retailers.
So this is really something that's affecting all of our
industries, all sizes of companies. And, unfortunately, we
don't have the ability to control our own fate here, because a
growing number of Nations are engaging in digital
protectionism. Some of the policy reasons for them are,
perhaps, legitimate in the sense that they have this concern
for privacy. In other cases, privacy is a guise for just naked
protectionism; they don't want data to flow outside their
country in order to benefit their own domestic companies. And
in, still, other cases, companies are requiring data to reside
in their borders so they can have unfetterred government access
to that data without the rule of law.
But whatever the rationale, this data protectionism hurts
the U.S. economy. It raises costs for our companies; it makes
them have less global market share. That's why in 2013, ITIF
estimated that the cost to U.S. technology companies alone from
all of the Snowden revelations and the backlash against us and
the restrictions that companies--countries were putting in
place under the guise of the Snowden revelations, we stood--our
technology companies stood to lose anywhere between 21- and $35
billion by next year in revenues, in global revenues. That
hurts not just our technology companies, but the U.S. economy
and U.S. workers.
So what do we need to do? I think one of the things we
cannot do for a lot of, I think, reasons, but one is we cannot
simply say that the way to solve this problem is to adopt the
most stringent privacy regime in the world. We can't have
another region, another country, tell us what our laws and
rules should be with regard to privacy. Our view is our privacy
rules and policies are actually the reason we lead in the
global digital economy, not the other way around. So we cannot
have one solution.
The good news is, we don't have to have one solution. The
way--we've argued very, very strongly that when a foreign--when
a U.S. company operates on foreign soil, they're subject to the
laws of that country. They can't just--just by moving data back
to the U.S., they can't get out of their legal obligation. They
can't then say, well, we're going to use U.S. privacy policies,
even though we have a branch in Brussels.
So in a lot of ways, I think this is a lot of much ado
about nothing. We can look just, for example, at the Canadian
privacy commissioner, who has filed a number of successful
suits against U.S. companies who have branch plants or
facilities in Canada, who have broken, or purportedly, broken
Canadian privacy law by moving the data back to the U.S.,
processing it in a way that was against Canadian rules. The
Canadian Government had the ability and the right to bring
action against those U.S. companies. They did so, and they
prevailed. There's no reason why Europe couldn't do the exact
same thing.
So what do we need do? I agree with the Ambassador, we
really need to push forward on two steps: The first step being
trade agreements. TPP purportedly has--reportedly has strong
agreements, protections for digital trade there, TiSA as well.
But I think the key challenge there is really making sure that
any national security or privacy exceptions are very, very
narrow. The risk is that the exceptions won't be narrow, and
countries will use this again as a guise to restrict--to
restrict data flows.
I also think the U.S. should not be overly defensive, at
least on the commercial side of the ledger. We have a right to
do what we're doing. Our companies aren't really breaking any
laws, by and large. And I think it's time for us to at least
put on the table the possibility of a WTO suit against Europe.
Europe has, as we all know, cut off our access to data flows to
the U.S. because of the Safe Harbor. They have not cut off data
flows to Israel; they have not cut off data flows to Argentina,
neither--both of those countries still have agreements with
Europe, and yet, there is no evidence that the national
security protections for government access to that data in
Israel or Argentina are any less stringent than ours. If Europe
wants to go down this path, they should cut off data flows from
every country in the world, not just the United States.
And lastly, we need to--one area we do need to act on is
with regard to government access of data. Our companies in
America can comply with foreign laws quite well, and when they
don't, they can be prosecuted. What they can't comply with is
what government does with data. That's why we've proposed that
we work with Europe to craft what we call the Geneva convention
on the acts on data, where we come up with a set of norms and
rules that we would all agree with in terms of government
access to data to restore that trust.
Thank you for the opportunity to appear before you today.
[The prepared statement of Mr. Atkinson follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. And thank you.
Ms. Espinel. Sorry. Ms. Espinel. I do that. I apologize.
Thanks. Victoria.
TESTIMONY OF VICTORIA ESPINEL, PRESIDENT AND CEO,
BSA | THE SOFTWARE ALLIANCE
Ms. Espinel. Thank you, Mr. Chairman, Ranking Member, and
Members of the Subcommittee.
Mr. Issa. Try--Victoria, pull it a little closer to see if
that works.
Ms. Espinel. Maybe mine is off. Can I borrow yours? Thank
you.
Mr. Issa. These are very effective.
Ms. Espinel. Thank you. My name is Victoria Espinel, and
thank you for the opportunity to testify today on behalf of BSA
| The Software Alliance. Promoting international trade by
eliminating barriers for cross-border data flows is a top
priority for us and for our members. And today's hearing
presents a tremendous opportunity to explore three areas:
First, the growing importance of data and digital trade;
second, forward-looking efforts to expand such trades through
agreements like the Trans-Pacific Partnership, and troubling
recent developments in Europe and other markets that could
derail these potential opportunities.
International trade is critical to our members, and as is
the case for many other sectors, international trade for our
members increasingly involves data services and digital, rather
than physical transactions. The economic implications of the
software-enabled data revolution are enormous. Economists
predict that making better use of data could lead to a data
dividend of $1.6 trillion in the next 4 years. And that
efficiency gains alone could add almost $15 trillion to the
global GDP by 2030. That's an amount that's equal to the
current economy of the United States.
But beyond the economic implications, data is central to
the lives of billions of people around the world. Farmers use
data to reduce pesticides in water use while increasing yields;
families are cutting down on their commute times; cities are
redesigning transportation routes that save time and reduce
pollution; doctors are using data to save the lives of
premature babies and do research on Alzheimer's; people around
the world are using data to improve their lives.
Because the actual processing and analysis of data often
takes place in various locations that are miles, or even
continents apart, it is critically important to be able to move
data freely across national borders. And as excited as BSA
members are about the potential for software and data-driven
innovation to spur growth, we are deeply concerned about steps
that several U.S. trading partners have considered, or taken to
erect barriers to digital trade and cross-border data flows,
including Brazil, Nigeria, China, Russia, and many others.
These barriers take many forms. Sometimes they expressly
require the data stay in country, or they impose unreasonable
conditions in order to send it abroad, and other cases, they
require the use of domestic data centers or other equipment.
In light of the troubling growth and barriers to data
flows, BSA members welcome the recently concluded TPP. We
understand, based on briefings and discussions with U.S. and
TPP partners, that the agreement include several commitments
that are vital to digital trade.
First, robust commitments on cross-border data flows,
including explicit prohibitions on data and server localization
mandates; second, a prohibition against imposing custom duties
on digital products; and third, prohibitions against requiring
companies to disclose software service code as a condition of
competing in the market.
This is the first time that strong enforceable rules on
data have been included in the FTA agreement, and it is a
historic opportunity. We look toward to studying carefully the
final text, and to working with the Administration and Members
of Congress as the agreement moves forward.
While we are pleased by the important rules that the TPP
will provide with many of our transpacific trading partners, we
are concerned about potential new obstacles that have recently
arisen with our biggest transatlantic trading partner, the
European Union.
As the Subcommittee is aware, the European Court of Justice
recently handed down a decision that invalidates the Safe
Harbor, a mechanism that nearly 5,000 U.S. companies of all
sizes have relied on for more than a decade, to facilitate
digital commerce with customers, suppliers, and partners in
Europe. The invalidation of Safe Harbor has broad ramifications
with transatlantic trade, not only for software, but for many
other sectors of the economy as well.
The current situation has led to uncertainty for Europeans
and American individuals and the businesses that serve their
needs and the millions of customers that are served by them. We
encourage Congress and the U.S. Government to respond with
urgency and focus. And we thank each and every member of this
Committee for their vote or Judicial Redress Act, and we hope
that the Senate follows your lead.
Our members work hard to build privacy and security into
their products and services, and are committed to protecting
the data in their care, regardless of where that data
originates. We are ready to work with Congress and the U.S.
Government and with the EU and its member states, to ensure
that data continues to move across our borders for the benefit
of both Americans and Europeans.
Thank you, again, for providing this opportunity to share
our views on these important matters, and I look forward to
your questions.
[The prepared statement of Ms. Espinel follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you.
Mr. Black.
TESTIMONY OF ED BLACK, PRESIDENT & CEO, THE COMPUTER &
COMMUNICATIONS INDUSTRY ASSOCIATION
Mr. Black. Mr. Chairman, Ranking Member, and Members of the
Subcommittee, thank you for your focus on this important issue.
Mr. Issa. I'm afraid now you're not quite loud enough.
Mr. Black. Thank you for your focus on this important
issue. CCIA members and our industry are directly impacted by
barriers to international data flow, as are many other industry
sectors that utilize our services. CCIA members alone generate
revenues in excess of $540 billion, and employ over 750,000
workers. International data flows are critical to U.S. economic
interests. While the top Internet brands are American-based,
the majority of their users are abroad. And increasingly, our
most important exports are access to platforms and provision of
services. Internet platforms uniquely empower businesses to
participate in the global economy.
Small businesses in the U.S. would be the biggest winners
if we can eliminate digital trade barriers. This is not a zero-
sum game, but a win-win one. Global citizens and economies
would also benefit if other governments eliminate digital trade
barriers, which effectively lock their own citizens out of the
21st century economy.
U.S. policies have not adequately adapted to the new
reality. We excel at the export of bits, but under current
trade rules, countries can far more easily block bits than
bananas. While TPP begins to make progress on digital trade,
the situation worsens faster than U.S. policy can respond. We
must do more. We should bring trade cases against countries who
block bits.
Unless the trade system meaningfully responds to Internet
trade barriers, our industries have little to gain from the
trade agenda. Five issues must be prioritized: Internet
blocking; forced localization; intermediary liability; balanced
copyright; and data protection. TPP should make progress on
blocking and forced localization, but the problem is worsening.
A third of the world's 3 billion-plus Internet users live where
social media or messaging apps have been blocked, and adoption
of forced localization policies abroad keeps accelerating.
Sensible intermediary liability rules are essential.
Internet businesses have thrived here because of carefully-
crafted legal safe harbors, but foreign liability rules
frequently favor domestic plaintiffs. Foreign courts often
shoot the messenger when users express unfavorable views online
about government, royalty, or national heroes. This has to
change.
Particularly troubling is so-called EU right to be
forgotten. European data regulators are prohibiting online
services from simply linking to published news accounts about
individuals. Some have even prohibited linking to stories that
reported on these cases, and have even demanded removal of such
links worldwide. If foreign officials punish U.S. companies,
for pointing U.S. citizens to lawfully published news articles,
we must stand up for free trade and free speech.
Another barrier for digital exports is unbalanced
copyright. We have failed to export strong copyright
limitations along with strong protections. Thus, we are seeing
demands for snippet taxes to be paid for the privilege of
quoting news. Such taxes on U.S. services subsidize foreign
news publishers and violate international law. Since U.S.
policy hasn't made them a priority, we're seeing such laws
metastasize in Spain, Germany, and elsewhere.
Finally, data protection barriers are a problem. Recently,
the EU Court of Justice, as my colleagues have mentioned,
struck down the Safe Harbor framework. This has been used by
thousands of U.S. companies to lawfully transfer data between
Europe and the U.S. This decision forces thousands of
businesses to find alternative tools to ensure they can
lawfully transfer data from the EU. Current alternatives are
costly, piecemeal, and difficult to implement for all
companies, especially smaller ones. It is essential that a Safe
Harbor framework be implemented promptly.
For the Internet to flourish as a tool for innovation,
expression, and commerce, we must commit to showing that users
worldwide continue to have confidence in the services of U.S.
Internet companies. Passage of the U.S. Freedom Act was a step
in the right direction, as will be the hoped-for passage of the
Judicial Redress Act. Our domestic policies must also reinforce
our own commitment to the free flow of data. For example, since
cross-border access to competitive telecommunications is
essential to facilitating the free flow of data, eliminating
bottlenecks in U.S. telecom networks via proceedings, such as
FCC's current special access reform review will enhance our
global credibility.
In conclusion, our economy's future is intertwined with the
Internet, but threats to Internet commerce proliferate. We must
prioritize protecting this vital part of U.S. commerce. Thank
you.
[The prepared statement of Mr. Black follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you.
Mr. MacCarthy.
TESTIMONY OF MARK MacCARTHY, SENIOR VICE PRESIDENT, PUBLIC
POLICY, SOFTWARE & INFORMATION INDUSTRY ASSOCIATION
Mr. MacCarthy. Chairman Issa, Ranking Member Nadler----
Mr. Issa. Once again, we'd like to hear you better.
Mr. MacCarthy. Is that better?
Mr. Issa. Pull it a little closer, and let's see.
Mr. MacCarthy. Is that better?
Mr. Issa. Yes. Sequestration gets us all.
Mr. MacCarthy. On behalf of the technology trade
association, thank you for your equipment.
I want to make a few points in my testimony. First, cross-
border data flows fuel 21st century trade and investment across
all sectors of the economy, not just technology or Internet
companies.
Second, one goal of U.S. policy is to reduce barriers to
trade--to traditional flows around the world. We should stay
the course on this wise policy.
And third, the recent European decision on the Safe Harbor
is a step backwards for open data flows. A new, workable, Safe
Harbor must be put in place as soon as possible.
Mr. Chairman, digital trade involves tech products like
software, where exports are growing at about 9 percent a year.
But digital trade also involves business services generally,
financial sector, royalties and licensing revenue, and
communication services. It is 60 percent of all trade and
services, it's growing three times faster than other service
exports.
Digital trade increases our economic output by up to $711
billion a year. As Mr. Conyers mentioned, that's 4.8 percent of
our gross domestic product, and it increases employment by 2.4
million workers. We have a global surplus in digital trade of
$150 billion. A loss of open data flows would not be a minor
sector-specific irritant. Data localization mandates have been
studied for other economies. They would impose large welfare
losses up to $63 billion for China, and $193 billion for the
European Union.
Mr. Chairman, one goal of the U.S. trade policy is to
promote cross-border data flows. Congress has instructed U.S.
trade negotiators to dismantle measures that impede digital
trade in goods and services that restrict cross-border data
flows, or require a local storage or processing of data. Any
exceptions have to be narrow, the least restrictive on trade
and nondiscriminatory.
The United States has largely achieved these goals in the
TPP agreement, although I concur with Ambassador Allgeier's
remarks on financial services. That's an unfortunate exception,
but we must seek similar outcomes in TTIP and TiSA.
Mr. Chairman, the demise of the Safe Harbor is a setback
for open data flows. It has been in place since 2000, and the
invalidation just this month left 4,400 companies in legal
limbo, and that's not just technology companies. The list of
Safe Harbor companies include many SIIA members, companies in
online publishing and information services. In fact, the list
of Safe Harbor companies reads like a Who's Who of American
brand name corporations, including Ford Motor Company,
Starbucks, and the Walt Disney Company.
We need a new Safe Harbor. We need a Safe Harbor 2.0.
Congress can help your passage of the Judicial Redress Act with
a step forward. It's a modest step, but one that we need to
follow in the Senate. We're hopeful that the Senate will act
quickly on this bill and move forward with it.
Mr. Chairman, we urge this Committee to stay the course on
promoting data flows and to help establish a new Safe Harbor
for transatlantic data sharing. I stand ready to answer any
questions you might have.
[The prepared statement of Mr. MacCarthy follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Issa. Thank you.
With that, Mr. Nadler has responsibility on the floor with
his votes, so he will do the round of questioning, and then we
will recess until after three quick votes.
Mr. Nadler. Thank you, Mr. Chairman.
Dr. Atkinson, in your testimony, you urge the U.S. to lead
on reform of government access to data, so that other Nations
do not have an excuse to restrict cross-border data flows. You
also note that after the Edward Snowden revelations about the
U.S. Government's expansive intrusive surveillance programs, a
number of countries pulled data out of the U.S., and imposed
restrictions on the flow of data to this country.
Can you describe the impact that the Snowden revelations
had on American companies? And can you expand on what sorts of
reforms we should put in place, if we lead on reform, as I
agree we must?
Mr. Atkinson. Sure. Thank you.
For a long time, countries were wanting to do these kinds
of things, but never had the sort of public excuse or
rationale. And a case in point is China. China, in the last
year and a half, as I document in my testimony, has put in
place a number of restrictive policies that negatively affect
U.S. companies. And the goal there--and the reason they say
they are doing it is because exactly because of the Snowden
revelation. They talk about secure and controllable technology
and other kinds.
And these are, just frankly, just an outright guise on
their part. This is a policy they've long wanted to do to
punish, or to favor their own domestic companies at the expense
of U.S. companies. We see that in Germany, for example, where
you have some major German technology companies that are
marketing themselves as NSA free, and pushing the European
Commission to adopt policies like the, quote, ``European
cloud,'' so that NSA or other law enforcement agencies in the
U.S. couldn't get access to the data.
And there have been a number of cases that have been
documented where U.S. technology companies have actually lost
market share. We see that in Australia, where one of the
leading cloud providers, domestic cloud providers in Australia,
has been arguing the exact same thing; in fact, funding a
report, trying to convince the Australian Government to ban
storage of data outside the country with U.S. providers.
So in our view, it has been a systemic effort to target the
leadership of U.S. technology companies. And what do we do
about it? As I said, I really--I think it's a two-part process.
It is that we do need--there are some reforms that we need to
make domestically, a number of people talk about judicial
redress, other steps that we could take. But at the same time,
I would agree with a couple of other panelists who said I think
we just have to get tougher on trade enforcement and
negotiations with these countries, particularly China, which is
getting away with murder on many, many fronts engaged in a
systemic effort to take market share away from U.S. companies.
Mr. Nadler. Thank you. And as you know, FBI Director Comey
and other law enforcement officials have argued that the
government must maintain a backdoor into technology, and have
opposed strong encryption measures. Do you think that would be
a mistake? And if so, why?
Mr. Atkinson. I do think that's a mistake. I think it's a
mistake for several reasons: Number one, if the technology is
inextricably going in the direction of unbreakables, encryption
where the key is not public, it's just between two parties, the
technology provider doesn't have the key, the government
doesn't have the key, that's where the technology is going. I
think the FBI is fighting a losing battle there, as they fought
a losing battle in the '90's with the clipper chip.
The second problem with that is if they mandate--try to
mandate that, they are setting, I think, a dangerous precedent,
for example, by letting the Chinese Government do the exact
same thing. The Chinese Government is trying to do the same
thing right now to prevent encryption in China for U.S.
companies.
And, finally, weakening our encryption technology that U.S.
companies would use, why give the FBI more access? We would
also give the Chinese and the Russians and anybody else who
wants to do harm to us, it would give them access as well.
Mr. Nadler. Thank you. My last question to you, and I think
for this series is, as you explained in your testimony, support
for free trade and data does not mean we must allow the free
flow of illegal content like child pornography or email stem or
pirate creations and other banned products. But what if two
countries have different standards of what is illegal or
objectionable? You may have a country that thinks political
dissent is objectionable, but pirated movies are perfectly
acceptable. Even in a less extreme case, countries may treat
certain content differently under the law. How should countries
determine what data should be permitted to flow freely between
them in cases of disagreement on these standards?
Mr. Atkinson. Because, as I said earlier, I think it's an
un--essentially, an untenable project that we would end up with
global harmony on every single rule with regard to the
Internet. We're not going to be able to do that. And we're
certainly not going to be able to do that with free speech.
There are certain countries, particularly more traditional,
religious countries that find pornography objectionable. We
dealt with our--at least we have free speech, we might found
objectionable, but we allow it. We are not going to be able to
agree on that. And for certain things like that, countries are
going to do that, and I think we are just going to have to be
okay with that.
Another example was in Germany, you're not allowed to
download a copy of Mein Kampf. In the U.S., we can. Again,
we're not going to change the German view. I don't know whether
they are right or wrong, it doesn't make any difference. Where
we can and should, though, take action is there are certain
things that are clearly illegal under the WT0 framework for
intellectual property.
For example, piracy and intellectual property, thus, can be
prosecuted. So when countries engaged in steps, for example, to
block certain Web sites that are clear piracy sites, like, for
example, a domain called the Pirate Bay, that should be quite--
you know, we should be encouraging that. That's quite different
than blocking, say, you know, Facebook or something like that,
or blocking some site just because you don't want competition.
I think the key step, though, is we have to understand,
just in free trade--in good free trade, there's certain things
that we don't allow trade in. Like elephant ivory, we signed a
global agreement, we shouldn't trade in that. It doesn't mean
we don't support free trade. I would argue we should apply the
same standards, things like malware or a pirated content and
the like.
Mr. Nadler. Thank you very much.
Mr. Issa. I thank all of you. We're going to--we'll stand
in recess until 5 minutes after the last of 3 votes begin,
because I will vote, and I will walk. So 5 minutes after that,
I will be here, and we will pick up with those who are present.
We stand in recess.
[Recess].
Mr. Issa. The Committee will come to order. I'll now
recognize myself for my 5 minutes or longer, if people doddle
getting back.
Ambassador, when you talked about--I believe you talked
about the carveout for banks. Can you go through one thing with
me? What could possibly prompt the United States Government to
want to carve out banks?
Mr. Allgeier. Well, our understanding, from having met with
various agencies in the U.S. Government, is that the Treasury
Department wants to maintain the flexibility that sometime in
the future, it might want to impose a localization requirement.
We do not understand that because the issue is, will data be
made available for prudential reasons, security, for law
enforcement. And in this world, it doesn't matter where the
data is. You can get it instantaneously, as you know.
Mr. Issa. Well, let me ask you a rhetorical question:
Localization versus duplication. If the United States
Government had said that on all American persons and/or all
accounts, whether owned by non-U.S. persons or U.S. persons,
there must be maintained a copy in the United States, thus not
requiring localization but simply the ability to get a copy
related to U.S. bank accounts, wouldn't that have met all of
their requirements?
Mr. Allgeier. Well, that certainly does add an element of
additional cost to the operation, and so in that sense, they're
not happy--wouldn't be happy about that.
Mr. Issa. Well, I hear you, but I want to have a dialogue
for a moment, because I think part of the data question for all
of us is cost. I hear you say cost, but in the--with the
possible exception of the IRS, it doesn't seem they'll maintain
6 weeks of backups. In the ordinary course, backups are a
relatively cheap mass storage.
So, again, the question I have for you is, regardless of
where live data is hosted, realistically, the only American
interest, the only U.S. interest was, for purposes of the IRS,
7 years worth of data, right? So let me ask again, wouldn't any
country, for purposes of sufficient information to allow them
to make the appropriate tracking for tax purposes, either
demand that it be maintained, a copy be maintained where they
could reach it by a U.S. law enforcement agency, or an
agreement that would allow a long-arm relationship?
So, for example, if you're going to host in Britain,
Germany, somewhere, there has to be an ability for the IRS to
be able to ask for and receive that. Would that be an example--
as a former trade ambassador, would that be an example of these
carveouts that you think are limited but appropriate as long as
you can demonstrate the need, the specific need that is being
preserved?
Mr. Allgeier. Well, certainly, it is an improvement in the
sense that it's limited. But I guess the question again I say
is, first of all, these businesses, insurance and banking, are
highly regulated. If they don't provide the data, they can lose
their license, and so----
Mr. Issa. Okay. You've made my case in a sense. Isn't it
true that without the U.S. having imposed this, they already
had other requirements, the FDIC, and so on, that would have
required banks and other financial institutions for various
reasons to have a copy available for their observation and
review, right?
Mr. Allgeier. Well, they have to make it available. The
question is if the server is in Singapore and the IRS or the
Fed or anybody else comes and says I want this data, how long
does it take them to get it from Singapore? It doesn't take
them any faster----
Mr. Issa. It depends on the bandwidth of the pipe.
Mr. MacCarthy.
Mr. MacCarthy. Mr. Chairman, I used to work at Visa, the
payment card company, and so I'm familiar with how----
Mr. Issa. Visa? Payment card?
Mr. MacCarthy. Yeah.
Mr. Issa. Small company. Okay.
Mr. MacCarthy. Small company.
Mr. Issa. I've heard of it.
Mr. MacCarthy. I left there in 2008, but before that, we
were familiar with the rules that the Federal regulators had in
place, and they actually provided for outsourcing of bank
records, and they had rules and guidance for how it should be
done, making sure that U.S. law followed the records. And under
existing case law, they have a full authority to reach out
wherever the bank records are stored, and have the bank produce
them for----
Mr. Issa. So your position is that the United States asking
for this in the trade agreement was unnecessary and
counterproductive?
Mr. MacCarthy. Unnecessary, counterproductive, and----
Mr. Issa. Is there anyone that disagrees with it being
unnecessary and counterproductive? Okay. Then we'll consider
that it was unnecessary, counterproductive.
I'll close--because I want to get to the other folks that
are now coming back--with a very simple question: To the best
of your knowledge--and, you know, Mr. Snowden helped us have
some of this knowledge, but--and WikiLeaks did, too, for that
matter--isn't it true, that, for example, Nigeria, a country
that loses half a billion dollars a month of oil, which is
tangible and hard to steal, is, in fact, a place where if the
United States wanted to get any and all records hosted there,
they would be able to do so easier in Nigeria, and be able to
do so without the court's supervision at all? Because
ultimately, once something leaves the United States, the United
States is under no obligation not to--the NSA, which has been
mentioned here previously, can simply take what they want,
assuming they have the technology.
Isn't that true that the countries who demand that the data
be kept in their country and out of the U.S. actually lose
protection that is granted in the United States for under the
Fourth and other amendments?
Okay. We'll assume that I knew the answer to that one. Ms.
Espinel?
Ms. Espinel. I was just going to point out that there is a
certain irony in a country like Nigeria, which is one of the
countries that's putting in place things like data localization
laws.
Mr. Issa. I used them because they can't even keep track of
their own oil.
Ms. Espinel. When I think the processes that we have in the
United States to protect due processes and civil liberties. I
think our system would stand up well against their system. So
Nigerial is one of the countries of the concern, and there is a
certain irony there.
Mr. Issa. But let me do a final, and it's a rhetorical
question, but isn't it true, really, that Nigeria hosting their
Nigerian information really simply means that, like China and
other countries, they have the ability to take, without due
process potentially, the information of their citizens where if
it's hosted in the U.S., there would be due process?
Yes, Dr. Atkinson.
Mr. Atkinson. I completely agree with that. There are a lot
of countries that have nowhere near the due process, the rule
of law that we have, and in that sense, data stored in those
countries can be quite problematic. That's why I raised my
earlier point about the European Commission cutting us off in
the Safe Harbor, but leaving in some other countries that have
at least the same, if not more dubious protections for
government access to data.
Mr. Issa. Thank you. And I look forward to additional
questions.
And with that, I'd like to go to the Ranking Member of the
full Committee, the gentleman from Michigan, Mr. Conyers.
Mr. Conyers. Thank you, Mr. Chairman.
I am struck by the unanimity among the five witnesses
today, and I commend them all.
Let me start with Dr. Atkinson. And keeping in mind the
privacy concerns of Americans and our allies, how can the
United States and its trade partners move forward to advance
free data trade? And I understand you have some regrets about
strong encryption.
Mr. Atkinson. Is the question--I'm sorry--about encryption?
Is that----
Mr. Conyers. No. It's how they advance free data trade.
That's the main idea here in this question.
Mr. Atkinson. Well, I think the challenge is that countries
will use the guise of privacy as an excuse for protectionism.
And as I--I think the Chairman's comment--question alluded to
this, I think, central point, which is, as long as countries--
as long as companies have nexus in a country, if they're doing
business in a country, they cannot get out from under that
country's privacy and commercial security rules and laws by
moving data to a third country.
They still have to comply with those laws no matter where
the data are located. And I think that's really the fundamental
principle that we have to go by with this. So you can protect--
you could have--you can protect the privacy of your citizens,
and you don't have to require the data be located there, as
long as you have jurisdiction over the company doing business
there.
Mr. Conyers. Thank you.
Mr. Allgeier, with regards to privacy, what's been done,
and what do you think still needs to be done in order to ensure
the viability of cross-border data flows?
Mr. Allgeier. Well, there is a structure in place already
in the WTO, the World Trade Organization, and the agreement
there on trade and services. And what it says explicitly is
that governments may put in various restrictions on data to
achieve certain ends.
And one of them, specifically, is to protect the privacy of
individuals in the processing and dissemination of personal
data. And so, all of the countries are obliged to recognize
that. And so, if a country does put in place certain privacy
rules, that's legitimate.
Mr. Conyers. Absolutely.
Now, we passed the Judicial Redress Act. We are hoping that
the other body will act with appropriate swiftness. But I think
we may have something else to think about.
Mr. MacCarthy, can you elaborate on how the Judicial
Redress Act affects the companies that you represent?
Mr. MacCarthy. Thank you for that question. The Act doesn't
directly affect our companies. What it does do is to create a
reason for the European negotiators in Safe Harbor to move
ahead with finalizing the agreement. And when the agreement is
finalized, then it would create enormous benefits for our
companies and for Europe as well.
The second reason is that there's a separate agreement
called the umbrella agreement, which is a law enforcement
agreement, where the Judicial Redress Act is actually an
intrinsic part of that agreement and has to be finalized before
the agreement is itself going into effect.
If I might, Mr. Chairman, if I could ask unanimous consent,
there's an op-ed that I published in today's Hill on this very
issue, if I could ask unanimous consent that it be included in
the record of the Committee hearing.
Mr. Conyers. As soon as I see it.
Mr. MacCarthy. Okay.
Mr. Conyers. Ms. Espinel, how does the recent invalidation
of the U.S.-European Safe Harbor agreement impact the software
industry?
Ms. Espinel. Thank you. So we are very concerned about the
revocation of the Safe Harbor, and it has implications not just
for software, but across our economic sectors. The cross-border
data is used by nearly 5,000 companies, some of them large,
many of them quite small, that use it to do all sorts of
things, including process payrolls so that their employees get
paid at home.
So we have significant concerns about the European Court of
Justice decision that undermine the process put in place by the
Safe Harbor. That said, we do think there is a path forward,
and we think there are three things that need to happen: The
first is that we need as, quickly as possible, to have the U.S.
and the European negotiators come to agreement on a new Safe
Harbor; the second thing is we need to have some reasonable,
appropriate period of time for companies to be able to come
into compliance with the new rules under that Safe Harbor; but
third, because we know this will continue to evolve and change,
we need to work together, the United States and Europe,
industry and Congress, on coming up with a global, sustainable
long-term solution. It's clear that we need a new global
framework for data and how it moves. And that needs to be an
important part of the process as well.
I'll just say lastly, going to the point that Mr. MacCarthy
made, passage of the Judicial Redress Act by the House is
tremendously helpful, and so we thank all of you for your vote
on that, and we hope the Senate follows your lead. That is, you
know, important, both for our own domestic system, but is also
helpful in terms of concluding negotiations on the Safe Harbor
with Europe.
Mr. Conyers. Thank you.
Thanks, Chairman Issa. I yield back.
Mr. Issa. Thank you.
We now go to the gentleman from Ohio, Mr. Chabot.
Mr. Chabot. I thank the Chairman for yielding, and also for
holding this very, I think, important and very interesting
hearing this afternoon.
It has been mentioned that barriers to free trade in the
digital arena have a particularly adverse impact on small
businesses, and I happen to be the Chairman of the House Small
Business Committee, so I'd just like to ask--give each of the
witnesses an opportunity to address what steps should be taken,
specifically, to address this adverse impact on small
businesses.
And I'll start with you, Mr. Allgeier, Ambassador Allgeier.
If that's okay, and I'll just go down the line. If you don't
have anything to say, that's okay, too, but----
Mr. Allgeier. No. Thank you very much.
What we find, of course, is that the digital technology has
opened the world to small businesses. I mean, in the past,
let's say a small business wanted to go overseas, well you'd
have to find an agent, and you'd have to have a presence
overseas. Now you put your product up on the Internet, whether
it's a good or a service, and it's called random exporting. You
don't know whether your next customer is coming from Boise,
Idaho, or Bangladesh.
And then with the combination of express delivery and
electronic payments, you're in the international market. And so
it's extremely important that the movement of data remain open,
and that people be able to have access to the Internet, and
particularly small businesses or people in poor areas.
Mr. Chabot. Thank you.
Dr. Atkinson.
Mr. Atkinson. With the way the European Commission is
negotiating the Safe Harbor, it's possible and hopeful that
that will happen. But if it doesn't, people are talking about
other possible ways that companies can get access to finding
corporate rules and other types of model agreements. Those are
clumsy, they're expensive, they're time-consuming, but large
corporations can do that. Small companies really can't, and
that would be the real harm here, or the biggest harm.
And so that's why I think we have to really insist that we
put these very strict rules in trade agreements so that
companies don't have to do these very expensive workarounds
with--particularly in Europe where they'd have to go to 28, or
if you include the German lander or the states there, perhaps
almost 40 different jurisdictions to be able to move data. And
if you're a small company that's doing business in all of those
jurisdictions in Europe, it's going to be almost impossible for
you to be able to do that.
Mr. Chabot. Thank you.
Ms. Espinel.
Ms. Espinel. So I think the risks and some of the options
for small companies can be even more serious than for the large
companies. So I would say a couple of things: One is
specifically with respect to the Safe Harbor, as I said, the
United States and Europe need to come together on a new
agreement as quickly as possible. There needs to be some
appropriate period of time for companies to come into
compliance.
And then we need a long-term sustainable solution. But
picking up on what Dr. Atkinson said, part of that is making
sure that we have a good global framework for how data moves
around and pushing back on restrictions of data.
You know, when I think about kind of the moment that we're
in with data, and, you know, we live in a world where data is
increasingly important, not just to big companies, but to small
companies, not just to software, but to all of our sectors, it
is an interesting fact that there is no comprehensive
enforceable trade rules on data.
So it's kind of--you know, we're sort of at the moment that
intellectual property was back in the Uruguay round, when the
WTO was being established. There were no global rules on
intellectual property in the trading system. That was a very
difficult negotiation, but it was also very farsighted, on
behalf of the United States and the other trading partners, to
come together at the end of the Uruguay round, and agree to a
global framework for intellectual property rules.
And I think that is exactly the moment that we are in right
now with data. It is clear that it is a complicated new issue.
It is also clear that it is going to be a driver of the U.S.
economy and the global economy, and we need U.S. and other
countries to lead on this issue and establish a global
framework.
I think TPP, we understand, it could be--based on what we
know about it, it could be the beginning of that. I think it's
a real historic opportunity. But we are going to need to have
those rules applied broadly across the world.
Mr. Chabot. Thank you.
Mr. Black and Mr. MacCarthy, I've only got about 30 seconds
left.
Mr. Black. My colleagues have been very articulate. Let me
just stress that we are in a new era, and digital trade, if we
want to make a metaphor back to original trade, blocking a Web
site, doing various kinds of barriers or like blocking a port,
and the openness of the trading system and going forward is so
much tied to data and digital activity.
And Ms. Espinel is absolutely right. We need--our laws are
based on historical outdated concepts of what trade is about.
And we really need to see--and that's why we call for some
precedent-setting efforts in the WTO to bring some cases to
start relaying some criteria and ground rules for how the
problem should be dealt with.
Mr. Chabot. Thank you. Mr. Chairman, is it okay if Mr.
MacCarthy answers real quickly?
Mr. Issa. Without objection.
Mr. Chabot. Thank you.
Mr. MacCarthy. The one point I'd add to everything else my
colleagues have mentioned is that in this global framework for
data, which I think is a great idea, we have to make sure that
whatever rules affect the flow of data, whether they are
privacy rules or consumer protection rules, or whatever,
they're narrowly crafted, that they're least restrictive of
trade. We can't take away the option for countries to enforce
their privacy of consumer protection laws, but they can't
unnecessarily trample on cross-border trade.
Mr. Chabot. Thank you.
I yield back, Mr. Chairman.
Mr. Issa. I thank the gentleman.
We now go to my colleague, the gentlelady from California,
Ms. Chu.
Ms. Chu. Thank you, Mr. Chair.
Dr. Atkinson, you state that several countries around the
world are limiting free trade in data, and you argue they are
motivated by privacy and security concerns, national security
and law enforcement concerns, and the desire for economic
growth. The European Court of Justice recognized that the U.S.
lacks an adequate level of protection for EU data amongst other
privacy concerns.
Within this context, can you tell me how the EU views
individual privacy and data security, and to what laws or
principles do they have in place and what do we have in place
here in the U.S.?
Mr. Atkinson. Thank you. The Europeans culturally look at
privacy differently than Americans do. As a general rule, they
look at privacy as a fundamental human right. We look at it as
a consumer right that has to be balanced against a number of
other issues.
There's a lot of good scholarly evidence that shows that
the European privacy directive and the rules that they have
there actually significantly limit the Internet economy in
Europe. There's a reason why the Europeans don't have global
leaders in the Internet space, by and large. The effectiveness
of their companies is significantly limited because of their
privacy rules, and there's a very good study by Catherine
Tucker at MIT who has demonstrated that.
Having said that, there's also another broad generalization
that, I think, has some merit to it, which is, that we have
less stringent rules, but we do a better job through the FTC
and the State AGs of enforcing them than the Europeans do. They
have stronger paper rules, but less real enforcement.
Having said that, I'll just close by saying, I don't think
that we're miles apart. We generally share the goal of privacy.
We share the goal of the rule of law, and I do think that we
can work this out in a cooperative manner as long as the
Europeans are willing to be reasonable, as we need to be
reasonable.
Ms. Chu. So what, then, do you think should be done by
Congress or by the Administration in these ongoing negotiations
with the EU to ensure that we're providing adequate privacy
protections for our citizens, and for those whose data travels
to our country from across the Atlantic?
Mr. Atkinson. So I think there's two key points there: One
is, I believe that we shouldn't sign a trade--a TTIP agreement
with the Europeans unless it includes strict and enforceable
rules around the free trade-in of data. I don't see why we
should have that trade agreement if we don't have that
component in there.
At the same time, there are steps that we need to take with
regard to government access of data in the U.S. that have made
the Europeans rightly uncomfortable, and I do think we need to
do a better job there. And the Judicial Redress Act was one
step in that, but I think there are other steps we can and
should take.
Ms. Chu. Can you describe which countries have the most
stringent regulations when it comes to setting limitations on
data flowing in and out of their country? And what effect does
that have an American companies' ability to compete?
Mr. Atkinson. Sure. So we listed a number of countries in
the written testimony, and what's troubling about that is if
you look at that list, say in 2010, it would be significantly
smaller: Nigeria, Turkey, Greece, Malaysia, Australia,
Indonesia, Russia, China. China, just within the last year, for
example, has put in place a set of--a numerous set of policies
that would--that will significantly limit the ability for
American companies to process data there.
So it really is something that's growing. There's a couple
of Canadian provinces that do this as well. And I think one of
the challenges really is their--they falsely believe that by
doing this, that they will enhance security and privacy,
commercial privacy. And I just simply reject that notion. I
don't believe that's the case.
Ms. Chu. Ms. Espinel, you argue that as a result of that
invalidation of the EU-U.S. Safe Harbor, many routine
commercial dealings between the U.S. and European countries
have now been disrupted. Can you give us an example of this?
Ms. Espinel. An example of the impact that it's having?
Ms. Chu. The disruptions that are occurring today?
Ms. Espinel. So, you know, an example of an impact that
could happen if data stops moving back and forth is the ability
to process payroll, as an example. Warranty information that
U.S. consumers rely on would be at risk. So there are a number
of real-life development--real-life impacts.
In cybersecurity, one of the maxims is that information is
to follow the sun. So if you have information about a threat,
you want to have that in the hands of cybersecurity experts,
wherever they are in the world while they are awake, and
restricting the data moving back and forth in the United States
and Europe could put that at risk.
So I think there are a number of real world impacts. But,
you know, even at a more macro level, the promise and the
efficiencies that are brought about by cloud computing and by
data analytics simply do not work if information cannot move
around as efficiently as possible.
And I think one of the things that the trade barriers in
the various countries that we see around the world, and the
situation in Europe is putting at risk, is putting a shadow on
an industry that has enormous potential, but is still at a
relatively early stage. And I think putting a shadow on the
development of where remote computing can go and where data
analytics can go at this early stage of its development is
extremely troubling.
Ms. Chu. Thank you. I yield back.
Mr. Issa. I thank the gentlelady.
We now go to the Vice-Chairman of the Subcommittee, the
gentleman from Georgia, Mr. Collins.
Mr. Collins. Thank you, Mr. Chairman. I appreciate it.
Ms. Espinel, I want to go back to something, and then I've
got others, too. Back in October last year, 2014, many of my
colleagues, including myself, wrote a letter to the U.S. trade
representative about the TPP. And just to review, first--we had
several things: First, we wanted to include provisions that
specifically keep borders open to free flow of data; second, it
must prohibit countries from acquiring the use of local data
servers and computing infrastructure as a condition for
providing digital service; third, it must ensure
nondiscriminatory treatment of digital products and services.
Based just on the reports that have come out so far from
the Administration and others, where do you think we are in
that right now?
Ms. Espinel. So, again, with the caveat that we have not
seen the final text, our understanding is that the TPP has
strong commitments on all of those provisions. First, on cross-
border data trade and on pushing back on data localization;
obviously, we would like that to be as comprehensive as
possible. But our understanding is that, overall, the
commitments there are strong. Our understanding is that there
are prohibitions on imposing Custom duties on digital services,
which is also important.
And our understanding is that, I believe for the first time
ever, there are prohibitions on forcing companies to disclose
source code in order to compete in a market. Those are all very
important to us. And, again, based on the reports that we have
heard, TPP contains strong and enforceable rules in those
areas.
Mr. Collins. And granted, I think we will see those, and
that's part of our whole process. But if that was not there,
and probably a short answer is, if these protections were not
there, given the new marketplace of the future that we're
looking at, that being much more in this round, than it is for
rounds and others, would that be a serious hindrance to
enactment of this agreement?
Ms. Espinel. Well, I hope and expect that they are there.
If they were not there, I think it would be an enormous missed
opportunity. We were talking earlier about the fact that this
is really the future, not just of the U.S. economy, but of the
global economy as a whole. There are also enormous societal
benefits that come from data analytics in cloud computing.
Mr. Collins. I agree.
Ms. Espinel. And in order for us to see the potential of
those, it's enormously important that we have a global system
of trading rules that gives clarity and predictability to the
system.
Mr. Collins. Thanks.
Mr. Atkinson, real quickly, could you please describe for
the Committee the problem of forced localization, and how this
impacts member companies and your ability to create American
jobs? Mr. Atkinson.
Mr. Atkinson. So one of the real advantages the U.S. has is
in cloud computing, for example, where we have north--it's in
my testimony--north of 70 or 80 percent of--maybe even more--of
the global market, partly because we have scale in our own
domestic market that's given our companies the ability to scale
up and get capabilities.
Other countries look at the cloud computing industry as a
core strategic industry for their countries. And one of the
ways that they're trying to gain market share is by simply
saying that you have to store data out, not just in country,
but, in some cases, in country with a domestic company. And
that----
Mr. Collins. It could present a load of problems on many
different levels?
Mr. Atkinson. Pardon me?
Mr. Collins. It could present a load of problems on many
different levels?
Mr. Atkinson. Yeah. Even if it is just simply localization
to tell an American cloud provider you have to put a server in
a country, that essentially raises cost. If it was cost
effective, they would have already done it, by definition.
Mr. Collins. Right. Okay.
Mr. Atkinson. Not only does it raise cost, but something
people haven't talked about, it has environmental impacts.
Cloud computing, by putting it all in one place, you can save a
lot of energy by requiring servers all over the world. So
either way, whether it's forced server localization or domestic
company preferences, it's going to hurt U.S. companies and the
U.S. economy.
Mr. Collins. Mr. Atkinson, I appreciate that.
Mr. Black, very forceful in this Committee discussing some
issues, but I've noticed something. We do read through all of
your printed text before you appear. And on page 8 of your
written testimony, you seem to want to have it both ways, and I
think it's a concern.
The first way is you basically say that U.S. Internet
intermediary liability and copyright rules discourage
investment in growth and domestic startups. Yet, two sentences
later in the same paragraph, you say U.S. businesses have
thrived domestically under carefully crafted legal framework of
U.S. law.
Now, you're basically contradicting yourself there. I don't
know why you would do that, but I think one of the things that
goes back for me is, is something I have said in this Committee
from the day I came on, strong copyright, strong protective
laws are not a barrier, but they're a creative incentive. I
believe that what we--the framework that we have here has
allowed U.S. Internet businesses to thrive, and they become a
growth for your association and for many others that grow this
industry.
So my question is, why are we presenting what seems to be a
false narrative here, on one hand, saying that it discourages,
and on the other hand, two sentences later, saying it
encourages?
Mr. Black. Thank you very much for the question. Barriers
to international trade data flows are a problem that we all
talked about how important the economy of the future is.
Mr. Collins. Whoa, whoa, whoa. Your word says ``domestic.''
Mr. Black. We look at what made our society, what in the
U.S. law has worked to help build our industry. Part of it is
the balanced copyright. We have a very important, well-
developed, well-refined system that provides both strong
copyright protection and significant limitations and
exceptions. That is a key to the health and vitality of what
has allowed the Internet to flourish here.
And we believe it is, likewise, and it is appropriate, for
the U.S. Government as we try to persuade others in the world
to have strong copyrights, that they also reflect the
boundaries and limitations that have proved so important to the
ability of Internet and Internet companies to flourish.
Mr. Collins. It's an interesting question because -it's an
interesting answer, because it frankly doesn't answer my
question. Why would you contradict yourself? I understand that
you want to say that--but when you said domestically U.S., it's
either hindering or it's helping. You can't have it both ways
in the same four sentences.
Mr. Black. Maybe I'm not----
Mr. Collins. You cannot say the U.S. Internet liability and
copyright rules discourage investment and growth in domestic
startups, and then two sentences later say, ``U.S. Internet
businesses have thrived domestically under carefully-crafted
legal framework in the U.S.'' Either the legal framework we
have here is bad, or the legal framework we have here is good.
I believe it to be good. I'm not sure why it would be
contradictory there.
Mr. Issa. Would the gentleman yield?
Mr. Collins. Yes.
Mr. Issa. If I heard that, Mr. Black, were you saying that
the international conundrums are causing problems, while the
domestic well-crafted has allowed us to thrive. Is that what
your intent was in that paragraph?
Mr. Black. Yes, that's correct.
Mr. Collins. Well, the problem is--and that would be fine
if understood, except that the footnote is to a footnote to a
domestic--you know, saying which gives you the realization that
it was for that. And this isn't something that our--you know,
we've had many meetings on this from different various
interests.
So I think the biggest thing is--the safe way to put this
is, I believe that as we look at this, this is crafted in a
well way. We continue to craft our copyright laws. It's going
to help us all in this bigger picture, and not settling for
what is a weaker system in other parts of the world, and I
think we can----
Mr. Black. I would just suggest, weaker is the wrong
terminology. A strong system is a balanced one. Just the same
way as a three-legged stool versus a two-legged stool. The fact
that you have balance and limitations in your system makes it
stronger, not weaker.
Mr. Collins. Mr. Chairman, I yield back.
Mr. Issa. I thank the gentleman.
And without objection, Mr. Black, if you want to revise and
extend that portion to clarify it, I'm sure the Committee would
be happy to have that record be full and complete.
And with that, we go to the gentlelady from Washington
State, Ms. DelBene.
Ms. DelBene. Thank you, Mr. Chair. And thanks for calling
this important and timely hearing.
And thanks to all of you for being here with us today.
First, I want to start with Ms. Espinel. As you state in
your testimony, quote, ``In striking down the Safe Harbor, the
Court of Justice focused on issues around national security and
law enforcement access to data. Troubled by the Snowden leaks,
the court concluded that countries that permit indiscriminate
surveillance and interception, and mass and undifferentiated
accessing of personal data could not be deemed adequate under
EU law,'' end quote.
While the national security piece is certainly something
familiar to members of this Committee, could you elaborate a
bit on why the EU might be concerned about current U.S. law on
law enforcement access to data?
Ms. Espinel. Yes. And I think it's, in part, because the
rules in that area, as in other areas, are unclear. So, you
know, one of the things that I think is clear is that we need a
new global framework. And part of that needs to be addressing
the fact that the rules right now on how U.S. law enforcement
and foreign law enforcement can access data in the trading
partners are unclear.
You are one of the cosponsors and introducers of the LEADS
Act. We think that that would be--that approach would be a
helpful part of the solution. We think it would be helpful,
both, because it would give our businesses, but also their
customers, whose data they keep, and law enforcement, a clear
and predictable framework for how to access information.
We additionally think it would be helpful because without
that, we fear our current system in the United States will open
the door for foreign governments to be able to reach back into
the United States for the data of our citizens, and that is a
situation is that we would like to avoid.
Ms. DelBene. And are there examples right now that you've
seen in terms of how the lack of certainty has impacted
businesses today?
Ms. Espinel. Yes. So there are a number of examples.
There's a case that is actually being litigated right now in
the U.S. courts between Microsoft and the Department of Justice
involving data that is held in an Irish data center. The
Department of Justice, making a request to get that data, and
Microsoft's view that the request is inappropriate under U.S.
law.
That is a real-life example that is being litigated in the
courts right now. We will see what the outcome from the courts
are, but we are concerned that if the outcome of that case is
inconsistent with the position that Microsoft has taken in
which the software industry is supportive of, as a whole, that
this will open the door to other governments being able to
reach back into the United States.
And so there is a domestic issue that we need to resolve
absolutely, but part of the reason that we are so concerned
about that is because of the international implications of that
and what that would mean for our system and the privacy of our
citizens back at home.
Ms. DelBene. Thank you.
You know, I had a meeting with a group visiting from the EU
a few weeks ago, and someone--part of that group from the EU
said that he felt like Americans don't care about privacy. And
so are we contributing to that negative narrative about how
privacy is viewed in the U.S. by failing to address some of
these questions and policy ourselves?
Ms. Espinel. I think there are differences in approaches
between the United States and Europe. But I reject the notion
actually that United States and Europe are that different on
privacy. Yes, Europeans care deeply about privacy. Americans
care deeply about privacy, too. It is enshrined in our
Constitution. We have a long history of protecting privacy.
I think there are improvements to our laws that have been
made, or are in the process of being made. So I think the USA
Freedom Act was a significant step forward, and I thank all of
you for that. I think Judicial Redress Act is also a step
forward, and hopefully, again, the Senate will pass it.
I think one of the things that will be really helpful in
the environment that we live in today is for there to be a
constructive dialogue between the United States and Europe to
truly understand our different systems. Because as I said, I
don't think the differences are as far apart as people
sometimes portray them.
And if I could respectfully make a request of the members
of this Subcommittee, I think when you're in discussions with
your European counterparts, I think one of the things that
would be very helpful is to explain to European counterparts
how our privacy system works in the United States, some of the
recent improvements that have been made in the privacy system,
and try to lessen the amount of misunderstanding that I think
exists today.
Ms. DelBene. Thank you.
I wanted to get one more quick question in for Dr.
Atkinson. You spoke earlier about things that you thought we
could do to bolster our credibility and standing to fight data
protection, and you talked about kind of some of the other
steps we could do beyond judicial redress, which we just did.
And I wonder if you could be more specific and tell us about
some of those other steps we could take with our own privacy
laws.
Mr. Atkinson. Sure. I would second what Ms. Espinel just
said, and go to the case in the court right now with the
Microsoft Ireland case. And I think it's a very important case,
because if the principle in the U.S. is that we can access data
on a foreign person without going through that country's law,
just because it's hosted by an American company, there will
only be one result and that will be American companies will not
host foreign person data in other countries. That will be the
result.
The Europeans, the Irish, they will just simply say, you
cannot put your data on an American cloud provider, regardless
of where it's located. That can't be the result we want, and
that's why the LEADS Act is important. That's why as part of
the LEADS Act, one of the components in that is strengthening
the MLAT process.
If the Justice Department wants access to that data, they
should go through the MLAT process. The MLAT process could and
should be better and faster and more streamlined, but that
really has to be the direction we go, otherwise it just means
that countries will just say you can't put data with an
American company anymore.
Ms. DelBene. Thank you.
Thank you, Mr. Chair. I yield back.
Mr. Issa. Thank you.
We now go to the gentleman from Pennsylvania, Mr. Marino.
Mr. Marino. Thank you, Mr. Chairman.
I know my colleague and coauthor, Ms. DelBene, asked direct
and pointed questions concerning the LEADS Act, so I don't want
to get into rehashing that. But is there anyone on the panel
that wants to respond even further because of--given the fact
that Ms. DelBene ran out of time? Please.
Mr. MacCarthy. Thank you for that. The LEADS Act is an
important piece of legislation. If the court case that----
Mr. Issa. I'm afraid you're going to have to use Mr.
Black's microphone.
Mr. MacCarthy. Is that better?
Mr. Issa. Yeah.
Mr. Marino. Much.
Mr. MacCarthy. So the LEADS Act is a very important piece
of legislation. And if the court case that Microsoft is
involved in goes the wrong way, there would, indeed, be
disastrous consequences for U.S. companies.
But I wonder if a small amendment to the LEADS Act to make
sure that it doesn't inadvertently encourage data localization
wouldn't be in order. To the extent that it says to companies
store the information in this country, and it's safe from the
U.S., that, I think, would encourage people to store data in
one location rather than the other.
Instead, the real stand, or issue, would be the nexus
between the government and the data subject. If they're
citizens or residents, then local laws should apply; if they're
not, then local law should not necessarily apply.
Mr. Marino. Okay. I'll ask that our staffs review your
statement and others to see how we can make this more
effective.
Anyone else? Ms. Espinel.
Ms. Espinel. I would just say briefly that I think these
are clearly new issues, and they are complicated issues. I
think the introduction of the LEADS Act and the work that's
done--and I thank both you and Ms. DelBene for your work on
that--demonstrates that while they are new issues and they are
complicated issues, we as the United States, can still show
leadership on these issues and try to move forward with various
ways to approach them.
And I think that's extremely important. I do think that we
need to bring other governments into that. I think having
international consensus around these issues is going to be very
important. But the United States, I think, will inevitably need
to show the way. And I thank members for their leadership that
has already been shown on this issue.
Mr. Black. If I could just jump in briefly. I think we are
all on agreement an MLAT and LEADS. To understand the
complexity and why we have to be careful, whether it's EU or
us, trying to come up with the solution, the answer of is data
owned or located, a conversation among the five of us, if we
were sitting in different countries and it was a video capture
of that, it would, in fact, be stored around the globe on
different servers, be in the cloud. So do each of us own it? To
what rights do the others have to stop it, block it,
disseminate it? We get into very complex issues.
We believe we can find answers, but quick, easy, simple
answers in this area is very difficult. Ownership of data is a
very tricky concept, and trying to precisely identify--the
Microsoft case is very interesting because they've identified
that the data has a location. A lot of people view the data
they have on their servers disseminated through multiple
servers, partly for security purposes.
So the answers--the questions here are very tricky. The
answers need collaborative between governments, multiple
governments and private sector players to come up with
solutions, which is why we're nervous about imposed solutions,
kind of rigidly applied in a regionally-limited area.
Mr. Marino. I'm not sure if my colleague went into this
area. If she did, perhaps you could expand on it; if not, take
a shot at it. Give me your impression or what you've heard or
what you see or think about the LEADS Act potentially having an
adverse effect on U.S. law enforcement, compared to the
abilities that they have now to obtain information from other
countries? Dr. Atkinson.
Mr. Atkinson. Well, I think it's a question of do they look
at their access in a short-term or long-term perspective. In
the short run, at the margin, it makes it slightly harder for
them to get access to that data. In the long run, it will make
it impossible to get it, or much more difficult to get access
to that data.
Because as I said before, the dynamic will be, if the rule
is that the U.S. can compel a U.S. company to turn over data
with the lower standard on a foreign person that's stored in
their country, countries will just mandate that that data
cannot be stored with the U.S. company, and that will make it
harder, not easier, for a law enforcement to get that data.
Mr. Marino. Ms. Espinel, you have 9 seconds.
Ms. Espinel. Sorry?
Mr. Marino. You have 9 seconds.
Ms. Espinel. I would just say, the Department of Justice
right now is in a situation where they don't know exactly what
the rule is. And that lack of clarity, predictability is not
helpful for law enforcement either. I think the LEADS Act would
be helpful in making it clear and predictable for everyone
involved, including law enforcement.
Mr. Marino. Thank you. I yield back.
Mr. Issa. Thank you.
Gentleman from New York is next, I think, or from Rhode
Island. Which one of you is ready to go first? The gentleman
will yield to the gentleman from New York.
Mr. Jeffries. Thank you, Mr. Chair.
And I want to thank the witnesses for their presence here
today and for very thought-provoking testimony.
Let me start with Ms. Espinel. There have been some
concerns that have been raised by some of the people that I
represent, and, indeed, many aspects of the American public
about sort of the downside of development of big data, the
privacy concerns with respect to this data being
misappropriated, abused, and misused.
But I was wondering if you could speak to some of the
potential upsides, the transformative nature of big data as it
develops to improve, you know, the quality of life, or address
social conditions or improve the functioning of the economy as
we move forward.
Ms. Espinel. I would be happy to. I will start by saying
that our company take the privacy issues very seriously, so
those do need to be addressed.
But, you know, I think we are living in exciting times. So
here is a kind of incredible fact: If you look at all the data
that exists in the world today, 98 percent of it was created in
the last 2 years alone. That is extraordinary. That is
obviously without precedent, and that is a rate of change that
is going to continue to increase.
That has enormous implications for businesses, but it also
has enormous implications for human beings who can use that
data. And already today, even though this is an early stage, I
think, for data, we're seeing enormous societal impact. So
we're seeing them, you know, in cities that are using them to
reduce pollution. Doctors are using data to make diagnoses more
quickly.
There's an example that relates to saving lives of
premature babies that are in NICUs that is, sort of, personally
very meaningful to me. There is research being done on
Alzheimer's. Farmers are using them to increase their yields
while reducing the use of pesticides. So I think the societal
benefits from data, data used properly, are enormous.
And beyond that, there are enormous economic benefits. So a
conservative estimate of the gains from efficiency--so one of
the things that businesses in the United States and Europe and
around the world say is that using data helps them to be more
efficient. And generally speaking, they report sort of a 5- to
6 percent increase in efficiency.
If you take a very conservative estimate and assume that
there will be a 1 percent gain in efficiency, we are talking
about creating $15 trillion to the world economy by 2030. That
is equivalent to another U.S. economy. So both from the
economic point of view, from the ability of small businesses,
as panelists talked about before, to have access to
international markets in a way that was never possible before,
and in terms of some of the societal benefits we've seen, there
is enormous promise.
And I will just conclude by saying, while there is enormous
promise, it is early days. And so one of the reasons that we
are concerned about some of the trade barriers that we see
around the world is because we fear it will cast a shadow on
innovation to come.
Mr. Jeffries. Now, the international concerns that many on
the panel have spoken to in the context of trade, and some of
the court decisions that we've seen come out of Europe, I want
to turn inward for a moment and ask you, Ms. Espinel, do you
think that the United States, in the face of this exponential
growth of data in such a short period of time, as it relates to
that 98 percent figure, do we have an adequate legal and
regulatory framework in place right now, or are there things
that this Committee, that this Congress should be thinking
about in this new data era that we exist in?
Ms. Espinel. I think it's inevitably the case that legal
systems around the world are going to need to adjust to the
world that we live in. You know, there's country's individual
laws, and then there's sort of the global trading system that
also needs to address.
And we've talked about some of the pieces of legislation
that we think could be helpful, like the Judicial Redress Act,
in trying to repair--be part of the solution to getting us to a
new Safe Harbor. We've talked about the LEADS Act. You know, I
think this is a rapidly-evolving landscape, so I think it's
entirely possible that we will need further legislative change
in the United States, and I am very confident that we will need
legislative change in other countries of the world.
And I will close by saying, I think it is imperative that
we have a global trading system that sets up strong and
enforceable rules or data. Without that predictability around
the world, I think it will be very difficult, not just for U.S.
companies, but for all companies.
Mr. Jeffries. And in the limited time that I have, you
mentioned the importance of American leadership, but you also
said that it was important to develop international consensus.
Could you speak to what some of the international challenges
may be as it relates to how other international actors look at
big data, which perhaps may differ than our view here in the
United States?
Ms. Espinel. So I could talk about this almost
indefinitely. I will try to be very brief. So I'll just
highlight a couple of things: One is, I think, you know, other
countries, sometimes the motivations are about trying to grow
their domestic industry or trying to keep U.S. industry out of
their markets. And so that is a reason, or can be a motivation
for why countries put in place restrictions to keep barriers
out.
But I think, you know, as I alluded to before, I think part
of the issue is that these are new cutting-edge issues. And so
I think not just the United States, but countries around the
world are struggling with how do you balance security and
privacy appropriately?
And so that is why I think, while I believe the U.S. will
and needs to show leadership on this, I also think it's
incredibly important that it's not the U.S. going out and
saying this is our solution, and we think this should be
imposed on the rest of the world. I think there does need to be
international consensus.
I am fully aware of the fact that not every country in the
world is going to want to be, or be able to be at that table
right away, but I do think there are a number of countries
where the United States could start having discussions about
what norms of those areas should look like, and that would be
very productive.
Mr. Jeffries. Thank you, Mr. Chairman. I yield back.
Mr. Issa. We now go to the gentleman from Texas, who has
been patiently at the end of the dais.
Mr. Poe. Thank you, Mr. Chairman.
Thank you all for being here.
I want to talk about a specific issue of privacy:
Surveillance by government. That's what I'm talking about. Not
cybersecurity or any of those issues. Let's focus on that one
issue.
To me, the United States has always been the world leader
in privacy. We have a Fourth Amendment that you're all familiar
with. Many countries, maybe most don't have such a concept as
the Fourth Amendment, protection against unreasonable searches
and seizures by government.
Mr. Atkinson, you talked about the Europeans use privacy as
an excuse for really protectionism. I want to delve in this a
little further and, talk about and ask you your opinion. There
are three issues that we have regarding government surveillance
on Americans. And if the perception of the Europeans is that
America doesn't protect the right of privacy, perception,
whether it's reality or not, is part of the reason we have this
issue with the Europeans.
And one of those is the concept of the FISA courts; the
second is surveillance under 702 warrants; the third is
backdoor searches, and encryption that government may encourage
our businesses to have into their systems; and the fourth is
EPCA, whether it should be reformed or hasn't been reformed.
Those four issues to me, and I'm a former judge, are issues
where it seems that government intrusion in those four areas
and the failure for us, Congress, to redefine or define the
Fourth Amendment to make sure it applies in those four areas or
not may be part of the problem we have with dealing with
foreign countries on the issues that you've all talked about.
So my question is--and I want all five of you to weigh in
on this, I just want your opinion--does Congress, in your
opinion, need to look at each of those four issues, those four
areas where government surveillance on citizens is allowed, and
fix that problem, or look at those four issues? What do you
think about that issue as regarding government surveillance on
citizens and the effect it has on businesses being able to have
the free flow of data around the world?
So that's really the only question I have, and I'd like to
just start and go down the row and see what you all think about
that.
Mr. Atkinson. I would agree with that. I'm less familiar,
not an expert on the FISA court issue, but on all the other
issues you brought up, I fully agree with you that we do need
FISA reform on 702.
EPCA, we've been a long supporter of it. It really is
illogical that there is a lower standard of government access
to data that's stored in the cloud than data that's stored on
my home computer. It just doesn't reflect technological reality
that we would treat those differently. If we--so I fully agree
with you on that.
And I do think all of that, and including the backdoor
issue and the intentional weakening of U.S. systems, that all
of those things have hurt our ability to be a global technology
leader, and they're going to continue to hurt us until we take
steps on it.
I will just say, though, and I think we need to be a little
bit more vocal about saying that is, there are other countries
that are doing things like that. If I were the Irish data
protection authority, I wouldn't let Irish data go to France.
In other words, there are other countries that do these as
well, and I think it's important that we make that, that we're
not the only country that has challenges there.
Mr. Poe. I know other countries don't observe the concept
of the Fourth Amendment, but we do in this country.
Mr. Atkinson. Exactly.
Mr. Poe. And I just want to know if that is a factor in
this entire discussion.
Any others? We've got just about a minute left or less than
that to weigh in on that.
Ms. Espinel. Just briefly. Yes, I think those are all areas
that Congress should consider. I would speak to two of them. We
are concerned about movements undermining encryption and we've
made that clear. And we also very much support EPCA and would
urge its quick passage by Congress. Thank you.
Mr. Poe. Anybody else?
Well, I'm going to yield back my 9 seconds.
Mr. Issa. And I'm going to take the 3 seconds back and
treasure them always.
Oh, I'm sorry. I think--the gentleman is recognized for a
short addition to his now expired time.
Mr. Black. Thank you. Very good points. Frankly, the world
looks at what we do, not just what we say. If we're going to be
a moral leader for an open, free Internet, we need to walk the
walk as well as talk the talk. And those are all areas where we
need to do more.
Without a doubt, I should point out there was a story that
appeared today about the United Kingdom that just basically--
apparently it was either finally passed, or very close to
passing, a requirement that companies turn over--or have
encryption that can be broken. That would be a terrible
precedent, and the U.K. does it. Other countries are doing----
Mr. Issa. Ms. Espinel, are you familiar with that?
Mr. Black. We're the only ones that do some things.
Governments want to have access to information that's global.
Ms. Espinel. Yes. I should just say--and I will check on
this--but we have been concerned about the U.K.'s moves toward
requiring backdoors to encryption and have raised that with the
U.K. Government. My understanding is that most recently, the
U.K. Government has stepped back from that and has said that
they are not going to be requiring backdoors to encryption in
the legislation that is moving through the U.K. system.
So I will check to confirm that and come back to you. But
we view that as a very positive step, because, not to take too
much time, but part of the reason that we are concerned about
encryption here in the United States is not just because of
here in the United States, but because of the precedent
overseas.
And so if my understanding is correct, and the U.K.
Government yesterday said they would move forward with their
legislation without those requirements to backdoors, we view
that as, at least, one positive step in this discussion.
Mr. Issa. Mr. MacCarthy, if the gentleman would--okay.
Please.
Mr. MacCarthy. Very briefly. I agree with----
Mr. Issa. Again, you've got to use Mr. Black's microphone.
We've denied you full access, I'm afraid.
Mr. MacCarthy. Equal access to microphones.
Mr. Poe, I agree that those are issues that need to be
addressed. I agree that back doors are a problem. We would
oppose further movements in that area for the reasons that have
been articulated. We're strong supporters of EPCA. But my point
is that none of those things need to be preconditions for a
successful resolution of the negotiation for a new workable
Safe Harbor.
Mr. Poe. Thank you, Mr. Chair.
Mr. Issa. And with that, I'll take those 3 seconds and pass
them on to the gentleman from Rhode Island for an additional 3
seconds.
Mr. Cicilline. Thank you, Mr. Chairman.
Thank you to the witnesses for this very useful testimony,
as we sort of struggle with this question of how do we preserve
cross-border data flows, and if we're really making the point
of how important this is to our economy, and how unsustainable
a system that interrupts those flows would be in the long term.
And you've all spoken about the need for a narrowly-
crafted, but least-restrictive-of-trade kind of standard. And I
want to sort of press you a little bit on that, and beginning
with you, Mr. Ambassador. You make the same argument, of
course, in your written testimony that we need a workable, and
commercially-viable and legally-valid alternative to the Safe
Harbor provision.
I wonder if you could just expand on this a little bit, and
describe what you think should be included in such an
alternative. And also, how do your member companies plan to
take privacy concerns into account until such a new standard is
developed?
Mr. Allgeier. Well, thank you very much.
Yes, it is very important for all of our companies, because
they're all dealing with cross-border data flows, that there be
a successor to the now invalidated Safe Harbor. And I think it
goes a lot back to what Rob Atkinson was saying, is that
there's going to have to be a workable way of recognizing some
of the differences in privacy laws, but also make it viable for
companies to actually comply with it without making it
completely chaotic.
I'm not a lawyer, so I don't have specific suggestions on
how do we work that, but I think that--as Victoria said, that
once there is a successor, there needs to be sufficient time
for companies to come into compliance.
So I think there should be a recognition that, all right,
if we've reached agreement, we leave the existing system in
place for a reasonable period of time. And then these 4,000
companies--and some of them are small companies, a lot of them
are--need time to then show that they can meet the new
requirements of Safe Harbor 2.0, or whatever it's called.
Mr. Cicilline. Does anyone else have a suggestion? Yes. Dr.
Atkinson.
Mr. Atkinson. I would agree with that, although I think
ultimately, we're going to have to move beyond the Safe Harbor
to a formal trade agreement. I know people have alluded, for
example, to the WTO protections--or exemptions around--in the
services agreement around moving from privacy and security.
Unfortunately, what we're seeing are countries that are using
that as a guise for protectionism, China being a case in point.
I have talked to Chinese Government officials who tell me
that they're justified in doing what they're doing because of
national security concerns, which is just simply false. Under
the way the WTO rules are set up, it's hard to bring that case.
And I don't see any evidence that we're going to change the WTO
rules anytime soon.
That's why it's important to put this in trade and services
agreement, and a TTIP agreement with a very, very, very narrow
exception so that countries can't use that to drive the truck
of mercantilers through----
Mr. Cicilline. May I just follow up, Dr. Atkinson. One
thing you said in your written testimony is that the European
Court of Justice overturned the Safe Harbor agreement, not
because of privacy concerns, but because of concerns about
governmental access. Does it then sort of follow that either as
part of the Safe Harbor, the new agreement, or in conjunction
with it that we put into place additional surveillance reforms
to respond to that concern raised by the court? Sort of
building on Judge----
Mr. Atkinson. I would argue that it does follow from that.
I would say two quick things, though: One is, they made that
decision without any real judicial review. They must have just
watched some videos from--you know, that was shown, you know,
what NSA did or something. There was no real collection of
evidence when they made that decision, and I think that should
be very troubling.
Secondly, as I said earlier, they haven't cut off other
countries who have more problematic access, government access
rules than we do. But having said that, I do think it's
incumbent upon us to make some reforms that would go in that
direction, as you said.
Mr. Cicilline. And just one final question for the panel.
Does Congress have a role to play, and if so, what is it, in
establishing this sort of modernized Safe Harbor framework? Is
there a useful role that Congress can play in the development
of that?
Ms. Espinel. Sure. So I would say, there's a short term and
a long term. I think short term, we need to encourage the
United States and Europe to come to an agreement on new Safe
Harbor. We don't believe--we do not believe we need new U.S.
legislation to do that, although we do hope the Judicial
Redress Act passes as soon as possible. And I think Congress
has a role to play in working with your European counterparts
to encourage Europe to come to the table and to reach an
agreement as quickly as possible on a Safe Harbor 2.0.
But then looking at the long term, I think it is also clear
that is not our long-term solution. We're going to need a
global solution. We're going to need something that is flexible
and principled-base, and I think Congress absolutely should
play a role in working with the Administration and working with
industries and working with your counterparts around the world
and helping to determine what that long-term solution is going
to look like.
Mr. Cicilline. Thank you. I yield back, Mr. Chairman.
Mr. Issa. Thank you.
We now go to the gentlelady from San Jose.
Ms. Lofgren. Well, thank you. This has been very
interesting, and I appreciate the insight shared by all the
witnesses to the Committee.
You know, I think that we are in for a very tough time,
actually long term, in trying to reconcile very different
approaches to freedom, essentially. If you take a look at what
the European Court of Justice did, they basically said that the
2000 Commission had erred by failing to take into account the
interaction of U.S. domestic law and U.S. international policy
and the framework; in other words, it didn't take in the whole
picture, and it's going to allow the data protection agencies
in each country to investigate violations. Well, where does
that lead us?
I mean, you've got a situation in Europe, and I--as Ms.
DelBene mentioned, many of us meet with the parliamentarians
from Europe, who feel that their decision on right to be
forgotten is extremely important to them and very valuable. And
when you get into it with them, you say--I mean, recently, an
agency in France ruled that links in content removed under
their right to be forgotten has to be removed worldwide. And
when you talk to them about, Hey, we have a First Amendment.
Even if we agreed with you, we can't agree with you. I mean, we
can't allow elimination of First Amendment rights.
So when you talk about data, I think it's--it depends on
which kind of data you're talking about. I mean, if you have a
database that is the product of the health study, and it's
completely owned by, you know, a university, it's possible to
control the sharing of that data in a very different way than a
posting on Facebook. You know, I think we're looking--we're
looking down the road at some very severe--and I'm not sure how
we get to a situation that's going to be suitable. But getting
to that, I'm wondering--you know, Mr. Black, you mentioned the
right to be forgotten and others have talked about it, is a
major barrier to data flow. How do you see this ending up when
you've got the First Amendment that protects Americans' right
to free speech, and a Europe that has no equivalent respect for
speech, but has an equivalent right to--to sensor? How are we
going to resolve this?
Mr. Black. Well, as I tried to indicate, it's a very
troubling concept. And when you think about it, if it becomes
an established precedent, and we are seeing other countries in
other parts of the world are considering similar versions, it
is an amazing shield for basically hiding data, distorting
history, limiting the ability to prevent, frankly, honest
information transfer. We talked about ``data,'' and we all use
``data,'' and it's important we do, but we're talking about
information and knowledge, and the ability to block information
and knowledge, to block people's ability to communicate part of
communication is getting information. It's a very serious
precedent.
And unless it is whittled down, and we find some way to
back off of its broad reach--I mentioned the editorial aspect
that's exceptionally troubling, but frankly, even if you don't
go to that step, the breadth of the concept of the right to be
forgotten, the ability--and we all want database to be cleaned
up of erroneous fact, but, again, it is, once again, imposing a
liability on players, intermediaries, that is fundamentally a
flaw, and you can do it on--for so many purposes. You can----
Ms. Lofgren. Right.
Mr. Black. And we had this discussion earlier, but if you
have intermediaries liable for what users do, or for what
information or data that flows over the networks, you will have
a crippling of the open Internet as we know it today.
Ms. Lofgren. Well, what I see, I mean, going--I'm sorry Mr.
Marino had to leave, but we have Safe Harbors in the DMCA, and
we have section 230 of the Communications Decency Act. We have
some provisions that is would allow the Internet to flourish.
They don't have that in Europe. And so I think that's part of
the reason why they don't have an Internet economy. They have
crippled their tech sector in that way and maybe a few others.
And to think that you can control the flow of data and have
an Internet, that's not how the Internet works. So I--I think
that we have a fundamental misunderstanding with some of our
colleagues in parliaments across the world. That's not to say
there aren't countries that are just using this as an excuse. I
mean, you take a look at countries that want to have localized
data; Russia, China, Turkey, these are not companies that--
countries that are, you know, wallowing in free speech. They
have a different agenda.
I just want to make one final comment on--or maybe even a
question, on copyright. Because, you know, we've also got a
problem there, and it's a crossover with free speech. We
recently had a situation where European book publishers are
saying that you can't actually index their books, and that if
you index their books, there would be an index tax. Which is--I
remember when people wanted to do an email tax. That's not
going to happen. And so I've been telling the parliamentarians,
if they look ahead in Europe, they're going to be like China,
because we're going to have to cut them off, because we're not
going to lose our freedom because they don't value theirs.
Do you see it going in that direction?
Mr. Black. This is an excellent area for action to actually
be taken by the U.S. Government. Under the Berne Convention,
okay, it is very clear there is a right in order to basically
have access to news. We think if the U.S. Government wishes to,
some of these snippet tax approaches are, in fact,
challengeable under existing law. We all want--we've all said
we want to improve the rules governing data flow around the
world, but there are some rules that are in effect now that are
not being utilized. And in this area, we think there's room for
action immediately to go after some of these more egregious
attempts to, frankly, alter the rules of access to information.
Ms. Lofgren. Mr. Chairman, could I just have 1 second more
to make a comment?
When Spain said you can't link to news articles, and Google
just withdrew, and then none of the newspapers could find
readers. So I think to some extent, there's a role for the
government to play, but I think, also, companies are going to
have to take actions themselves, because they can't live with
some of these rules. And I think when the European public can't
actually access information, there's going to be reaction among
the public themselves.
Thank you, Mr. Chairman. I yield back.
Mr. Issa. Thank you. And I thank you for that salient
point. I think it is one of those where be careful what you
wish for. May Spain always have the dark ages back, if that's
what it wishes for.
Dr. Atkinson, I'm going to ask you sort of a question that
I know the answer to, but--but it may be a will question as
much as it can.
Would be it helpful and/or appropriate and/or possible to
sue the EU under the WTO in light of their decision?
Mr. Atkinson. So, I'm not a trade lawyer, and I know when
Ira Magaziner made those veiled threats back in the late '90's
to get the Europeans to come to the table on Safe Harbor, he
did suggest that we file a suit with the WTO. I think the case
is stronger now, as I said earlier, because they haven't just
said they're cutting--they've only cut us off. They haven't cut
off other countries who have even less governmental protection.
So I think there is possibility. And I think we shouldn't back
down from holding up the--as Teddy Roosevelt in--speak softly
but carry the big WTO stick.
Mr. Issa. I'm sure WTO was in that.
Let me ask a broader question. I had the opportunity to be
in Antarctica last year. Fifty-three Nations--I had to look
that up to remember--53 Nations are all part of an
international treaty that says you can go there; you can have
things there; you can't--you can't mine and take the resources,
and nothing could be done there that essentially isn't agreed
to by the party as a whole. It's a noncountry by international
agreement.
As this Committee goes forward with the number of pieces of
legislation, and we're looking at privacy, domestically, and
then we're looking at a global world, do--I'd like each of your
comments briefly, just as we have around our Custom systems, if
you will, sort of free trade zones, they have places where you
can bring your goods to the United States, but they're not in
the United States for any practical purpose. And there's no
tariff, and quite frankly, they are still considered to be not
in the country. So they can only be seized or looked at as a
ship might be bordered in international waters.
Should we use, if you will, a combination of these two
models, the pretrade zone in the U.S. and the idea just like
Antarctica, there have been to be places, in this case, the
cloud, in which all countries have to view it as outside their
reach, and as such, not so easily taken whether it's in the
U.S., and Europeans are concerned that their privacy will be
breached, or vice versa, inside another country where somehow
the standard would be artificially higher or lower to enforce
whatever is subject to what I would envision as an
international trade agreement that mirrors, if you will, the
best of the protections of, let's say, the Europeans and
ourselves and other partners.
Can I have your comments on that?
Mr. Atkinson. Sure. One of the reasons we're having this
debate right now over privacy, it's emblematic of a broader set
of questions a number of the panelist members have brought up.
And, really, what we lack is we lack a consistent, readily
understandable and shared global framework for thinking about
governing the Internet. And by that, I don't mean ICANN
governance. I mean, all of the policy questions that countries
face with regard to the Internet. We don't have a shared view
of what's appropriate, what's not appropriate. And I think we
have to--we've proposed in that a recent report called the
``Framework For Resolving Cross-border Internet Policy
Conflicts.'' And I think we--I think it's incumbent upon----
Mr. Issa. And I appreciate that, and I'd love you to answer
further, and I'll read any material you send me. My question
was more narrow, is should we take away in some hosting
environments, if you will, a cloud and say it does not reside
inside the U.S., even though it's in Toledo, but, in fact, it
doesn't reside in any Nation, and all Nations have to observe
at the same level of respect as though one might do an
extradition, rather than a simple subpoena, no greater, no less
than--than that? And that's one of my questions is, if we're
going to make the cloud a free trade zone, do we have to begin
looking at it as not ours, even if it's in the U.S. and not
theirs, even if it's hosted there. And I'll just go down the
list. But please stay narrowly focused, because I want to get
to Mr. Johnson.
Mr. Atkinson. I disagree. I'm not sure that is exactly the
right way to go, because there are legitimate things government
has access to and concerns that are legal. And if it's in the
cloud, it shouldn't be extraterritorial, in my view, should be
covered by a trade agreement.
Mr. Issa. Just so you know, the Chairman of the full
Committee made it very clear in the last round of legislation
that this Committee was tired of our country knowing more about
us than us knowing less about them. So you may--you may find
the definition of legitimate interest to the government is on
the wane from this Committee rather than the ebb it had after
9/11.
Ambassador.
Mr. Allgeier. I thought your metaphor was very interesting,
because the free trade zone, as you say, the products are in
there and you can do all sorts of things with them. But once
they leave that zone, they are subject to whatever the duties
are and the regulations are of the markets they are going into.
So I don't know if it's perfect, but in a sense, the cloud is
where it resides, and then only when it leaves the cloud for a
particular reason does it become subject to, well, whatever the
jurisdiction is of whatever is being used. It's an interesting
thought.
Ms. Espinel. So I would just say, I'll take that to be a
serious proposal, and I would like to give it serious
consideration. But I could just make two observations, free
trade zones work, in part, because they fit inside of a global
trading system that has rules. And so, I think part of--a
prerequisite to this would be to have that global trading
system of rules for data.
Mr. Issa. By the way, I think it was about 1959 that we
started trying to get Antarctica. We are only at 53 countries.
So I have no illusions that this would necessarily be quick and
easy, but it is--it begins to appear to me that if we do not
begin to think of the cloud as not America's, then the rest of
the world will say, if it's going to be yours when it's in
America, then it's going to be mine if I have the ability to
mandate it. And that's--that's exactly what this hearing today
was about, is how do we get that free flow to be not a bias
toward a country of residence to the detriment of others
concerned?
Mr. Black.
Mr. Black. I think it's an intriguing idea. I agree it
should get some serious considerations, look at the
ramifications. I hate to use metaphors I haven't thought out
ahead of time. But, you know, when we talk about the oceans, we
have territorial waters, and then we have the open sea. And it
may well be there's a certain appropriateness here to think of
things that are not--should not be geographically, and
therefore, governmentally tied to one Nation. I would like to
explore that more.
Mr. Issa. Mr. MacCarthy, as you answer it, I want to tell
you--yeah, grab the right one--I did not use the high seas,
because there's too much seizing of things on the high seas,
but rather, places in which the world has agreed to a common
set of protection, a common set of respect for other countries.
Nobody can go into Antarctica and do something where other
countries are not essentially consulted in the process. So it
is a little more like extradition and a little less like the
high seas.
Mr. MacCarthy.
Mr. MacCarthy. So I think the idea is worth exploring in
great detail. I'm worried that even our own regulators who have
a responsibility to protect the privacy and the anti-fraud
interests of our own consumers would want to gain access to
information in order to enforce local law. And so the idea that
there could be a place of the cloud, the Internet, that is
literally a place without law, that probably is the right way
to go.
But the next step of trying to harmonize the rules probably
is difficult. We've heard the difficulties in the First
Amendment. We've--privacy is also a very, very difficult issue
to get harmonized laws. We have got a sectorial approach. The
Europeans have a different approach. But you can make those
rules interoperate. That's what the Safe Harbor was supposed to
be all about, and that's why we have to get it back into place
as soon as possible.
Mr. Issa. Okay. I'm going to go to Mr. Johnson. But I will
leave you with this, because we can certainly, many of you we
regularly have a dialogue with. If the United States is to
lead, we certainly have exclusively, within our jurisdiction,
the ability to create these zones. We have the ability to
lessen our own authority over a site hosted under this concept
that it is not America without specific protections. In other
words, a foreign hosting site, to use a term that may not exist
yet.
But, you know, the United States could, tomorrow, decide
that we're going to have foreign hosting sites, and that a
foreign hosting site is, by definition, one of which the
Department of Justice and others must treat it as a non-U.S.
and use an open and transparent process in order to go after
it, and not treat it quite the same as we would a U.S. In other
words, give it all the protections of being in the U.S. from a
standpoint of the NSA not being able to hack it, and yet, give
it additional protections.
This is not a new concept to think about, can we do better?
The question is, will America lead? And that's what I'd like to
have in the days and months to come.
Your comments on can America lead by creating something
which the rest of the world could have a higher belief on, and
if we do this, the same as we created the Internet, and we set
the standards and then we gave it as a gift to the world, at
least as to entities which are hosted within our borders, but
are hosted under some enhanced protection and assurances for
the rest of the world, we could lead a standard that I doubt
that Russia and China would follow, but I certainly would like
to reach a standard that the EU would admire and emulate.
Mr. Johnson, I apologize for going a little long, but the
gentleman is recognized.
Mr. Johnson. Well, no. In fact, I'm--I'm prompted to yield
whatever time that the gentleman would extend to me, the 5
minutes. I tend to think that I might be better off by just
simply yielding to you and listening to your questions. There's
a lot that I missed having been absent at an Armed Services
Committee meeting, and I don't want to go over plowed ground.
I'm just kind of here to learn. And so with that, I will yield
back to the Chair.
Mr. Issa. I thank the gentleman.
Is there anyone who wants to make any closing remarks that,
from the whole host of questions that you would like to have
briefly in the record, and then we can--you can extend, and
I'll say in that my closing remarks.
Mr. MacCarthy.
Mr. MacCarthy. So very briefly. It's very good news that
the European Commission has suggested that there's an agreement
in principle on the Safe Harbor. We have every reason to expect
it will see a rapid conclusion of that. Commissioner Jourova is
coming over here in a couple of weeks, maybe he will do
something there.
They have every incentive to get this right. Digital trade
between the United States and Europe is huge. We have a global
trade surplus of $150 billion in digital trade. They have a
global surplus of 163. They know that their fundamental
interests are at stake here, and I think they are going to try
to act to try to put in place a Safe Harbor to make
transatlantic data flows work again.
Mr. Issa. Mr. Black.
Mr. Black. Very short.
Mr. Issa. Reclaiming your mike.
Mr. Black. Very short. A lot of consensus I think you heard
today. The reality is that we're going to have a lot of these
problems linger for a while. There are no easy solutions. The
Internet is a tremendous part of our future. I would--I guess I
would urge, as a U.S. citizen, that we had a huge role in
creating the Internet. We have a tremendous history and
essential one to the First Amendment, freedom of speech, as we
go forth and set rules domestically or internationally, that we
keep it to a forefront of our principles, that commitment to
openness, the freedom to access information, and that has,
frankly, created a climate that has allowed the Internet to
flourish.
If we do that, we're gonna still have a lot of problems to
wade through, but keeping our eyes on that fundamental set of
principles will lead the way. Thank you.
Mr. Issa. Ms. Espinel.
Ms. Espinel. Thank you. Well, I would start off by thanking
you for holding this hearing and focusing on attention on this
issue. Having been given the extra time, I would just reiterate
two things I said before.
Mr. Issa. You can just tell us, what was it like being at
E&C versus here? Which Committee did you think better of? You
can be impartial here.
Ms. Espinel. Clearly, this one.
Mr. Issa. Of course.
Ms. Espinel. I think in terms of the trade barriers that we
have talked about, we have been playing policy Whac-a-Mole for
over 5 years. There are countries around the world that have
been considering trade barriers, putting trade barriers
forward, and our hope and expectation is that TPP will be, at
least, a start of a mechanism to push back on those. And so if
it does what we believe that it does, it is a truly historic
opportunity.
The second thing is just, if I could go back to the U.S.
EU's Safe Harbor, because it is sort of an issue of immediate
concern. I agree with Mr. MacCarthy. All indications are that
that we will--the United States and Europe will be able to come
to a quick conclusion on the Safe Harbor 2.0, but anything that
Congress can do to encourage U.S. and Europe to come together
on that would be--would be great, but we need to bear in mind
that if the Safe Harbor is concluded, and if there's an
appropriate period of time for U.S. companies to come into
compliance, that--that will only get us so far, and then we are
going to immediately need to turn to working out what our long-
term solution will be. Because I do not believe that the next
Safe Harbor will be that long-term solution.
Mr. Issa. Anyone else? Doctor.
Mr. Atkinson. I think one of the things that's been
happening in the last few years is that the policy realities
have finally caught up to the nature of the global Internet and
not in a good way. And I think the challenge that we face, both
here and around the globe, is we have to figure out a way to
balance the differences that we have between countries,
legitimate differences in values and cultures. We're not all
going to agree. We can never do that. And so we have to figure
out a way to allow the Internet to thrive and flourish in a
system where people are going to have different rules and
different policies.
At the same time, we have to be able to have a way that
global free trade and data goes on, and goes on in a robust
way. And I think we can square that circle, but it's really
gonna require not just all the specific actions that we've
talked about, which are important; it's going to require a
larger conversation along the lines of what you've proposed. A
much bigger way to think about this and the way to bring in
countries, like the Antarctica problems that we tried to solve.
We need something like that at the global level now.
Mr. Issa. Ambassador, you get to close.
Mr. Allgeier. Thank you very much. Well, these issues that
we've been talking about, cross-border data flows,
localization, open Internet, and so forth, should be subject to
rules that are multi-lateral, and the place normally to do that
would be the World Trade Organization.
The World Trade Organization is not operating at this point
in a way that we can do that. And so our second best
alternative is to get these issues right in each of the
negotiations that we're undertaking, whether it's the TPP, the
one with Europe, the one on services, bilateral investment
treaties with China. At least try to get a cohesive and right
approach in all of those to create de facto the template. The
advantage of the WTO, if we can get it there, is that there is
dispute settlement. It's legally binding, and so, for example,
if there's a dispute about whether somebody is using a--a
health reason or a prudential reason for protectionism, you can
at least battle it out within a legal framework there.
So I think that's what we should ultimately be looking for,
but in the meantime, we need to get it right in the other
negotiations.
Mr. Issa. Well, I want to thank you all of you for a
delightful conversation back and forth. I think to all of us
who attended, this was very useful.
As promised, I will leave 5 legislative days to submit
additional written materials on any subject, but particularly
the ones that I brought up. And if you have any additional
extraneous material, we also would accept that.
And with that, we stand adjourned.
[Whereupon, at 3:54p.m., the Subcommittee was adjourned.]
A P P E N D I X
----------
Material Submitted for the Hearing Record
Prepared Statement of Edward M. Dean, Deputy Assistant Secretary for
Services, International Trade Administration, U.S. Department of
Commerce
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Prepared Statement of Nuala O'Connor, President and CEO, Center for
Democracy & Technology; and Gregory T. Jojeim, Director, Freedom,
Security & Technology Project, Center for Democracy & Technology
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Letter from Michael Beckerman, President & CEO,
The Internet Association
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Letter from Daphne Keller, Director of Intermediary Liability,
Center for Internet and Society, Stanford Law School
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Response to Questions for the Record from Ambassador Peter Allgeier,
President, Coalition of Service Industries (CSI)
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Response to Questions for the Record from Robert D. Atkinson, Ph.D.,
Founder and President, The Information Technology and Innovation
Foundation
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Response to Questions for the Record from Victoria Espinel,
President and CEO, BSA | The Software Alliance
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Response to Questions for the Record from Ed Black, President & CEO,
The Computer & Communications Industry Association
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Response to Questions for the Record from Mark MacCarthy, Senior Vice
President, Public Policy, Software & Information Industry Association
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]