Rubio To World: Stop Doing The Exact Same Thing The US Just Did
from the hypocrites-r-us dept
The State Department wants US diplomats to fight data localization around the world. The policy position is correct. It’s just that the messenger has spent the last few months systematically destroying every reason anyone might listen.
Reuters has an exclusive report on a State Department cable ordering US diplomats to lobby against data sovereignty and data localization initiatives around the world:
In the State Department cable, dated February 18 and signed by U.S. Secretary of State Marco Rubio, the agency said such laws would “disrupt global data flows, increase costs and cybersecurity risks, limit Artificial Intelligence (AI) and cloud services, and expand government control in ways that can undermine civil liberties and enable censorship.”
The cable said the Trump administration was pushing for “a more assertive international data policy” and that diplomats should “counter unnecessarily burdensome regulations, such as data localization mandates.”
Now, if you’ve been reading Techdirt for any length of time, you know we’ve long been critical of data localization mandates. They really are bad for the internet. They fracture the global internet into national fiefdoms. They raise costs. They can actually weaken cybersecurity by forcing data onto local infrastructure that may be less secure. And in authoritarian or semi-authoritarian countries, data localization is often a thinly veiled mechanism for government surveillance and control of information. Requiring that data stay within a country’s borders makes it a whole lot easier for that country’s government to demand access to it.
So on the merits, the policy position described in the cable is basically correct. Data sovereignty mandates do tend to hurt the open internet, and the US pushing back on them has, historically, been a genuinely good thing for global internet freedom. Indeed, the US State Department has a long history of pushing back on such efforts.
But the US already blew its credibility on this issue before this administration even took office. Remember the TikTok ban? That was a bipartisan effort—both Trump and Biden supported it—to do the exact same “data sovereignty” nonsense we’re now telling other countries not to do.
While the justification kept changing depending on the day and who you talked to, many of its supporters (including those in the Supreme Court who blessed that travesty) insisted that it was perfectly legitimate to force a “data localization” plan on TikTok because “ooh, scary foreigners shouldn’t have American data.” Literally this was the Supreme Court’s conclusion:
But Congress has determined that divestiture is necessary to address its well-supported national security concerns regarding TikTok’s data collection practices and relationship with a foreign adversary.
So both parties, both of the last two presidents, and the entirety of the Supreme Court announced to the world “it’s totally fine to force a foreign company to not just be required to hold data locally, but even to be forced to sell off local operations to a favored oligarch.”
That alone would make this diplomatic push awkward. But let’s talk about why it lands as completely absurd right now.
The reason data sovereignty initiatives have been “gathering pace,” as Reuters puts it, is in no small part because of the behavior of this very administration. Countries—and especially our allies in Europe—are rushing to build digital walls because the US government has spent the last few months torching every alliance, cozying up to dictators, kicking off arbitrary trade wars, and generally making it abundantly clear that it has zero respect for the norms, rules, or institutions that underpin international cooperation.
You cannot spend your days insulting and threatening your closest allies, engaging in wildly protectionist trade policies, and signaling to the world that no agreement or partnership is safe from your whims, and then turn around and demand that those same allies keep the data pipeline wide open for American tech companies.
This would be like setting your neighbor’s house on fire and then asking to borrow their garden hose. And everyone sees exactly what’s happening:
Bert Hubert, a Dutch cloud computing expert and former member of the board that regulates the Dutch intelligence services, said Europe’s increasing wariness of America’s tech companies may be spurring Washington to take a more aggressive tack.
“Where the previous administration attempted to woo European customers, the current one is demanding that Europeans disregard their own data privacy regulations that could hinder American business,” he said.
And then there’s what the cable actually reveals about its real motivations. The cable reportedly frames data sovereignty as a threat to “Artificial Intelligence (AI) and cloud services,” which is a pretty revealing tell. It strips away any pretense that this is about internet freedom or civil liberties. What it actually says is: “American AI companies need access to your citizens’ data to train their models, and we’d appreciate it if you’d stop putting up barriers to that.”
This is the diplomatic equivalent of saying the quiet part loud. The US isn’t making a principled argument about the open internet here. It’s making a commercial demand dressed up in freedom rhetoric. And that’s not exactly a compelling pitch to countries that are already worried about the dominance of US tech firms and the lack of meaningful privacy protections in the US.
The cable also takes a swipe at the GDPR specifically, calling it an example of “unnecessarily burdensome data processing restrictions.” Look, the GDPR has plenty of problems and we’ve written about many of them. But when the US government is publicly calling Europe’s flagship privacy law a burden it wants to fight, while simultaneously offering no credible privacy framework of its own, it’s hard to see how that’s going to win hearts and minds.
Meanwhile, Rubio has also been ordering diplomats to fight against the EU’s Digital Services Act, and the US reportedly wants to set up a portal to help Europeans “bypass” content moderation rules around hate speech and terrorist content.
So the diplomatic message from the US to Europe is currently: ignore your privacy laws, ignore your content moderation laws, give our companies access to your data for AI training, and also we might slap tariffs on you tomorrow. Good luck getting anyone to take the “open internet” pitch seriously after that.
The deeply frustrating thing about all of this is that there really is a strong case to be made against data localization. The open, global internet has been one of the most powerful engines of innovation, communication, and human rights in history, and fragmenting it into national data silos is genuinely dangerous. But making that case requires credibility. It requires being the kind of partner that other countries can trust with their citizens’ data. It requires demonstrating, through your own behavior, that you believe in the rule of law, in stable institutions, and in respecting the sovereignty of your allies even while you advocate for open data flows.
Henry Farrell and Martha Finnemore’s 2013 Foreign Affairs piece on “The End of Hypocrisy” keeps proving prescient. A huge part of America’s moral power around the world resulted from the clear hypocrisy between America’s stated values and the ones we repeatedly failed to uphold. But it was a convenient myth that we could pretend to hold the moral high ground, and use that as a form of soft power to demand better of others. That falls apart entirely with administrations like Trump’s, where the idea of soft power, or even the moral high ground, is seen as woke nonsense. The Trump administration refuses to understand the power of that myth.
But now it’s gone. And that has a real cost: the policy position in Rubio’s cable is exactly right. The US should be pushing back on problematic data localization and “data sovereignty” laws. They’re bad for the open internet and good for local surveillance. This is an argument worth making—and we’ve surrendered the ability to make it credibly at precisely the moment it most needs to be made.
Foreign diplomats aren’t stupid. They can see that we demanded TikTok localize or divest while telling them localization is bad. They can see that we’re attacking their privacy laws while offering nothing in return. They can see that we’re framing this as “freedom” while the cable itself reveals it’s about feeding data to American AI companies. The policy is correct. The hypocrisy is total. And the result is that we’ve handed every country in the world a perfectly reasonable justification to ignore us.
Filed Under: ai, data localization, data sovereignty, diplomacy, marco rubio, open internet, state department
Companies: tiktok
Comments on “Rubio To World: Stop Doing The Exact Same Thing The US Just Did”
That’s called American exceptionalism.
What's this?
Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »
We want to trawl through the data ourselves without hearing whining from our allies and threats from our enemies/adversaries.
We will obviously ignore both and attempt to get it all anyway. As will other countries given the opportunity.
Data localization doesn't weaken cybersecurity
I certainly agree with the overall thrust of this piece, and with almost all of the points. But I’m going to sharply disagree on this one (localization weakening cybersecurity) because I’ve worked in the field for decades, and I’m still working because I’m bad at retiring.
The problem is that the US has — as you’ve observed — no effective privacy laws or regulations. It also doesn’t have any effective security laws or regulations. As a result, every day we see a nonstop parade of security breaches and dataloss incidents, because there are no consequences for anyone except — sometimes — a few low-level people who are thrown under the bus because scapegoats are required. This fosters a culture of “fuck it, that would cost money, so don’t even bother, we’ll just deny it in press releases until we can’t, and then we’ll blame someone else or maybe threaten the journalist(s) reporting the problem”.
Other countries have noted this. They’ve also noted that any security at any US company can be bypassed in minutes with just a phone call, because that phone call will be backed up with implicit and explicit threats. So even the companies that have made a credible, good-faith effort can have be compromised with no warning and no notice. The “CLOUD” act specifies warrant or subpoena, but that’s easy to bypass with a few black SUVs full of jackbooted thugs — and which CEO, seeing them arrive outside their office or their home, is going to continue to insist that “no” is the answer?
I don’t like the ensuing fragmentation and balkanization either, having spent decades working in the other direction. But these countries have no other viable choice. Not any more. So while some of their efforts certainly have issues, they at least provide a fighting chance; sticking with US companies means having no chance whatsoever.
Re:
The balkanization is a necessary reaction to monopolization. Historically, a lot of companies and countries have said, “Hey, let’s let Microsoft and Oracle control everything. We’ll own nothing, have no rights, and like it.”
One odd person in Boston has been, for 40-plus years, talking about the dangers of ceding control to others, to anyone who will listen. And has written and been involved with software that actually gives people rights. Paradoxically, it seems to actually avoid balkanization. We all run basically the same LibreOffice, Linux, Firefox… okay, there are a few BSDs, but to some degree that proves the point. If the leaders lose trust, people can replace them while continuing to use the same code; no need to change the world all at once.
Similarly, if your “cloud services” are written for KVM, you can move them to any data center that has KVM, or start your own data center that provides it. It’s all commodity stuff, which I guess is not true if you’re designing for Amazon or Microsoft systems.
Re:
Rephrase the ‘localization’ as ‘we demand that you keep your data where we can spy on it’ and you’ll see why it weakens cybersecurity.
Re: Re:
Replace the word ‘dogs’ in the sentence “I love dogs” with the word ‘murder’ and you’ll see why that’s a dogshit retorical move.
This comment has been flagged by the community. Click here to show it.
No, objecting to data localization efforts (bad for all the reasons you mentioned) is NOTHING like banning tiktok, a propaganda tool for the CCP, an enemy. (Which Trump still hasn’t really followed through on)
This is the dumbest article you’ve written for a while, and that’s saying something. I think you’re mad about Iran, or something, and want to say something dumb about it, realize you would be laughed at, so the dumb is leaking out in other places.
Re:
Really? The US is making enemies worldwide under the current administration. Anyone who the USA has threatened – be they Panama, Canada, Denmark, whomever should absolutely be removing the US from their signal path and their supply lines.
The concept isn’t new. In the glory days of the British Empire, there was something called the “All-Red Route”. Instead of using Minnesota as a shortcut from Ontario to Manitoba, lets build a railway through Kenora (Keewatin-Norman-Rat Portage), through Port Arthur (Thunder Bay), through Nipigon, through Sudbury and across Canada without leaving the US as a vulnerable link in the trans-Canada chain. Sound familiar? The year was 1885. Nothing has changed, except that it’s not just rails but roads, pipelines, networks, fibre, data processing…
The US has attacked us in the historical past. If they’re making more threats now? Yes, they should be routed around same as any enemy. Simple self-defence.
This comment has been flagged by the community. Click here to show it.
No, objecting data localization efforts (bad for all the reasons you mentioned) is NOTHING like banning tiktok, a propaganda tool for the CCP, an enemy. (Which Trump still hasn’t really followed through on)
This is the dumbest article you’ve written for a while, and that’s saying something. I think you’re mad about Iran, or something, and want to say something dumb about it, realize you would be laughed at, so the dumb is leaking out in other places.
Yeah, privacy is a huge reason why data sovereignty laws are as attractive as they are in countries outside of the US.
Right now, the US government is flooding the platforms with subpoenas in a bid to go after anyone daring to publish what amounts to thought crimes against the regime. This as they try and build a massive surveillance system on social media while hoovering up as much data as possible either for private vested interests of data brokers or by the US government trying to silence criticism. It makes no sense that other countries just allow their citizens data to get sucked up by the US surveillance industrial complex so that the US government can further their efforts to carry out human rights violations (deportations, murder, unlawful detention, etc.)
A robust federal level privacy law would at least be a good start, but at this stage, other countries are going to need more than that before even rationally thinking of just letting their citizens data to flow so freely. Ditching the dictator currently occupying the white house would be another step along with assurances that fascism is never going to take over like this ever again. That… is a very tall order, of course, but it would be an understandable ask these days given all that has happened at this point. You want our personal data? It’s going to take a heck of a lot to gain that trust for rational people. Until then, data sovereignty laws it is.
A good core surrounded by a toxic covering
Bloody hell talk about shooting themselves in the foot, even when they’re giving good advice(‘data siloing isn’t a good idea’) they still manage to do so in a way that guarantees that even if the current regime were worthy of trust it would still be foolish to take them up on their argument by framing it in the form of ‘… because it makes it harder for US AI companies to scrape every bit of data in your country to train off of’.
Have you SEEN the tricks microsoft has played?
their 365 system isn’t allowed to pump data out of the EU to the US for NSA consumption, but the loophole is they push ALL the data (I mean every single outlook email or word online doc etc) to a US embassy which is technically (according to them) neither US nor EU territory.
Then that embassy throws the data across the Atlantic.
Why else you think every “localized” UK government and EU government data-holding centre has a gigantic backbone straight to the nearest US embassy? Embassies ain’t processing data, just passing it straight through
Re:
I believe, instead of embassies, that’s what nato bunkers are for in the EU. Trump’s thwarted plan to quit NATO because a European was mean to him probably has him looking for a backup plan in case he somehow gets his way on it.
*The State Department wants US diplomats to fight data localization around the world. The policy position is correct. *
No it’s not.
Re:
Oh yes it is!
On the other hand, other countries requiring their data to stay out of the US’s borders makes it a lot harder for the US government to demand access to it.
Or in general, demanding that data be held somewhere that countries with decent privacy laws can actually enforce them, makes it a lot easier to enforce them.
Re:
Not really. The U.S. has no trouble demanding stuff like that. Sometimes they even get their way.
Why is that suddenly a problem? You do it all the time.
That’s called American exceptionalism.