TPP will ban rules that require source-code disclosure


#1

[Read the post]


#2

Cory, isn’t it worse than that? Won’t it destroy CopyLeft for software, and make things like the GPL unenforceable because of it requires source-code provision?


#3

Came here to say just that. This basically nullifies GPL.


#4

I was going to say the same as these fine people, but I can just imagine the consequences - government agency mistakenly chooses a piece of GPL-licensed software - world disappears in a mass of impossible contradiction!


#5

It won’t nullify the GPL, as it only blocks source disclosure being required by the government as a blanket requirement for import/sale. GPL is a voluntary / license disclosure, which is not covered. Even if it somehow was by parts 1 and 2, the fact that 3(a) states that contracts trump this would make the GPL (which is a form of contract) immune.

In fact, 3(a) seems to invalidate a few of Cory’s examples - the government can require source code on anything it buys since that’s “in commercially negotiated contracts”. It would, however, still cover other examples given (such as requiring source code as part of safety testing).


#6

I know the power of the Corporations will work against it, but it would be great if TPP lead to more countries home growing their tech and moving away from the Global model.


#7

I’m a little confused, but this question must have come up before now.

Suppose a company, call them WolksVagen, refuses to publish the source code for its cars. And suppose a government decides to buy a different brand. Can WolksVagen then sue, claiming the government “required” that the source code be disclosed? Where does the burden of proof lie?

I would think there are things besides cars that suddenly become very problematic. Suppose the military commissions a godzillion-dollar bomber, and the manufacturer insists the software is a trade secret and only their employees can service the plane. Nerds in basements aren’t the only ones who want to look these things over.


#8

Ah, now I see it! TPP is a win win win for litigation lawyers!


#9

Isn’t the source code part close to the way it works now, anyway? If they really want the source, they should probably stipulate it in the contract.


#10

Can’t. TPP says so. (Maybe)


#11

Screw this friggin treaty.


#12

No, they cannot. Read the end of the article where the treaty is quoted. All this does is say that the government cannot lay down a blanket requirement that the company gives out source code in order to sell within the country. It does not state that anyone, government or not, has to buy anything.

The key clause you’re missing is the 3(a) section; any commercial contract (including a government purchasing contract) is exempt from this requirement.


#13

I assume this covers legal requirements for source disclosure (not contract terms). There’s nothing stopping a contractor being required to disclose their source code as part of a contract requirement. Any of the scenarios mentioned in the post could be addressed through contract law, but (I suppose) there is no way within the TPP to require minimum standards for such contracts.

My first thought is that the TPP may remove any possibility that independent review of voting machines will be mandated by law. Yay, democracy!

I wonder what this would mean for the strict requirements imposed on gambling machines? Does this invalidate sections of the Nevada gaming commissions rules?


#14

[quote=“restlesshead, post:13, topic:68785, full:true”]Any of the scenarios mentioned in the post could be addressed through contract law, but (I suppose) there is no way within the TPP to require minimum standards for such contracts.[/quote]Not all of them can be. Government mandated testing, including those for safety, emissions, etc. will be prevented from requiring source code to pass.

[quote]My first thought is that the TPP may remove any possibility that independent review of voting machines will be mandated by law. Yay, democracy![/quote]Yes, and no… while the government cannot require voting machines provide source code in order to be sold, they can refuse to buy machines that don’t provide the source. The sticky issue here becomes one of how to enforce that requirement on districts… can the government pass a law saying they can’t buy machines without source (but the public can) without running afoul of the treaty?

[quote]I wonder what this would mean for the strict requirements imposed on gambling machines? Does this invalidate sections of the Nevada gaming commissions rules?[/quote]This is a much more realistic problem of the TPP - as the government are not the ones purchasing the machines, any source-audit requirement by the government would be illegal under this section. The Commission could make a “source-audited seal of approval” for casinos that only buy the proper machines, but its unrealistic to think that many people would actually look for such a thing before putting in their money.


#15

I think @TheRizz generally has this right. The copyleft/GPL concerns and Cory’s government procurement scenario (Army buying Jeeps) are obviated by the commercial contract carveout.

But the regulatory scenarios (EPA wanting vehicle emissions code disclosed, gaming commissions wanting slot machine code disclosed, etc.) seem to be realistic concerns. Even stranger, presumably those regulatory requirements could still apply to domestically produced cars or slot machines, but imported cars and slot machines would get a pass on domestic regulatory scrutiny.

My guess is that this provision was desired by companies like Microsoft and Cisco, who don’t want the Chinese to be able to require source code disclosure as a condition to importing their products. I wonder what the NSA’s position is, since they probably want Cisco and its ilk to be able to continue to ship NSA-approved black boxes overseas without scrutiny, but might not be so thrilled about Huawei or its ilk bringing NSA-proof black boxes into the US.

It’s a tough issue and I have no idea what the right answer is.


#16

This provision has China written all over it. The Chinese security establishment has long believed that use of foreign ICT products by domestic customers (government, state owned enterprise, private enterprise, consumer) constitutes a national security threat because foreign governments could install backdoors. Snowden proved they were basically right. Yet they recognize that US leads in software and Japan in office hardware, and customers want the best products. So their strategy has been to require the provision of source code and encryption keys these types of imports, and defend those requirements under the flag of national security. However, it has been alleged that they take that source code and provide it to domestic competitors, with the hopes of strengthening domestic companies to the point where they can compete with foreign brands.

From the Financial Times:

The TPP also requires countries to allow the unhindered flow of data across borders for most industries — bar financial services — and bans a swath of practices used by China and other countries to protect local technology companies. Such practices include requirements for businesses to house servers and data locally, for businesses to share proprietary source code in order to secure contracts or gain access to markets, and rules mandating the use of special local encryption algorithms that could allow governments a back door into electronic devices such as smartphones.

TLDR: this provision was probably written with the goal of preventing a potential TTP member from engaging in government-sponsored theft of trade secrets.


#17

3.(a) Means the only option regarding companies that refuse to disclose source-code as a condition of sale, is to refuse the deal.

But these are multi-nationals that already control vast markets. Are US consumers going to get together en masse and refuse to buy cars from literally every major multi-national?

No the will not.

3.(a) Specifically protects voluntary disclosure, which is like protecting you from the sun not coming up by legislating there shall be a sunrise. It also protects non-disclosure, and 3.(b) demands that signatories nullify any law, and not make any law, that requires a commercial entity to modify code.

Sorry, but what you are claiming as a protection relies wholly on the goodwill of the multi-national corporations that are pushing for non-disclosure.

That’s not a protection. 3. only protects the right of companies and individuals to voluntarily disclose (—preclude—) is the key word here. Terms and conditions that restrict source code are specifically ----not---- precluded by 3. or 3.(a) or 3.(b) anywhere.

Basically it’s a two-pronged fork, It precludes a govt making laws related to the code, and affirms the right of entities to restrict access.


#18

To my (possibly naive) reading, provision 2 would exclude this applying government contracts. Also, 3a would permit such a contract in the private sector.


#19

You’re correct that Section 3 doesn’t help with the Volkswagen scenario.

But Section 3 is still a “protection” in other scenarios, including (probably) @doctorow’s Army Jeep scenario. Unless the TPP treats government procurement contracts as not “commercial” (which seems unlikely to me), the US government would have the right to refuse to buy Jeeps unless Fiat-Chrysler agreed to disclose the code. They just couldn’t use the lack of disclosure as a basis for preventing Jeeps being sold in the US to other parties who don’t insist on seeing the code.


#20

Ugh, how does this kind of shit get into these treaties. Don’t tell me, I know the answer. But seriously, this is fucking nonsense. What the fuck? When are we going to be governed by people who can read?