TPP will ban rules that require source-code disclosure

As we pick through the secret, 2,000-page treaty, we're learning an awful lot of awfulness, but this one is particularly terrible.

As software becomes more tightly integrated into cars and buildings and medical devices (and everything else), many governments have enacted procurement policies requiring contractors to disclose and/or publish the sourcecode of the products they supply to public bodies. For example, if Volkswagen were to supply a fleet of diesels to the National Parks Service, the government might tell them that they have to turn over their source-code so that it can be audited for "defeat devices," or Chrysler might have to disclose source on their jeeps before they're sold to the Army, which could result in them being made secure against over-the-Internet attacks on steering and brakes.

If this sounds weird, think of other kinds of procurement. If a government commissions a private contractor to produce a building, the contractor wouldn't be allowed to keep the mathematics used to calculate load-stresses a secret (even if having proprietary engineering principles could make the firm for money). The firmware for an engine or an HVAC system could render cars and buildings unusable or even deadly -- why should public money be spent on infrastructure produced with secretive and opaque methodologies?

As we saw with the VW "defeat device," disclosure and publication of software is also necessary for a thorough evaluation of regulated devices, like emissions systems. It would be reasonable for regulators to demand that source code for these sorts of devices be made available for public inspection as a condition of approval for use within a nation's borders.

Under TPP, such requirements will be banned. The article in question could well have been written by a Microsoft lobbyist. It carves out "critical infrastructure" (power plants), but leaves intact cars, HVAC, medical devices, and even databases used to store sensitive public information.

1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.

2. For the purposes of this Article, software subject to paragraph 1 is limited to mass-market software or products containing such software and does not include software used for critical infrastructure.

3. Nothing in this Article shall preclude:

(a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts; or

(b) a Party from requiring the modification of source code of software necessary for that software to comply with laws or regulations which are not inconsistent with this Agreement.

4. This Article shall not be construed to affect requirements that relate to patent applications or granted patents, including any orders made by a judicial authority in relation to patent disputes, subject to safeguards against unauthorised disclosure under the law or practice of a Party.

TPP has provision banning requirements to transfer or access to source code of software [KEI]

Notable Replies

  1. Cory, isn't it worse than that? Won't it destroy CopyLeft for software, and make things like the GPL unenforceable because of it requires source-code provision?

  2. Came here to say just that. This basically nullifies GPL.

  3. BeeVee says:

    I was going to say the same as these fine people, but I can just imagine the consequences - government agency mistakenly chooses a piece of GPL-licensed software - world disappears in a mass of impossible contradiction!

  4. It won't nullify the GPL, as it only blocks source disclosure being required by the government as a blanket requirement for import/sale. GPL is a voluntary / license disclosure, which is not covered. Even if it somehow was by parts 1 and 2, the fact that 3(a) states that contracts trump this would make the GPL (which is a form of contract) immune.

    In fact, 3(a) seems to invalidate a few of Cory's examples - the government can require source code on anything it buys since that's "in commercially negotiated contracts". It would, however, still cover other examples given (such as requiring source code as part of safety testing).

  5. No, they cannot. Read the end of the article where the treaty is quoted. All this does is say that the government cannot lay down a blanket requirement that the company gives out source code in order to sell within the country. It does not state that anyone, government or not, has to buy anything.

    The key clause you're missing is the 3(a) section; any commercial contract (including a government purchasing contract) is exempt from this requirement.

Continue the discussion

43 more replies