TPP will ban rules that require source-code disclosure

As we pick through the secret, 2,000-page treaty, we're learning an awful lot of awfulness, but this one is particularly terrible.

As software becomes more tightly integrated into cars and buildings and medical devices (and everything else), many governments have enacted procurement policies requiring contractors to disclose and/or publish the sourcecode of the products they supply to public bodies. For example, if Volkswagen were to supply a fleet of diesels to the National Parks Service, the government might tell them that they have to turn over their source-code so that it can be audited for "defeat devices," or Chrysler might have to disclose source on their jeeps before they're sold to the Army, which could result in them being made secure against over-the-Internet attacks on steering and brakes.

If this sounds weird, think of other kinds of procurement. If a government commissions a private contractor to produce a building, the contractor wouldn't be allowed to keep the mathematics used to calculate load-stresses a secret (even if having proprietary engineering principles could make the firm for money). The firmware for an engine or an HVAC system could render cars and buildings unusable or even deadly -- why should public money be spent on infrastructure produced with secretive and opaque methodologies?

As we saw with the VW "defeat device," disclosure and publication of software is also necessary for a thorough evaluation of regulated devices, like emissions systems. It would be reasonable for regulators to demand that source code for these sorts of devices be made available for public inspection as a condition of approval for use within a nation's borders.

Under TPP, such requirements will be banned. The article in question could well have been written by a Microsoft lobbyist. It carves out "critical infrastructure" (power plants), but leaves intact cars, HVAC, medical devices, and even databases used to store sensitive public information.

1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.

2. For the purposes of this Article, software subject to paragraph 1 is limited to mass-market software or products containing such software and does not include software used for critical infrastructure.

3. Nothing in this Article shall preclude:

(a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts; or

(b) a Party from requiring the modification of source code of software necessary for that software to comply with laws or regulations which are not inconsistent with this Agreement.

4. This Article shall not be construed to affect requirements that relate to patent applications or granted patents, including any orders made by a judicial authority in relation to patent disputes, subject to safeguards against unauthorised disclosure under the law or practice of a Party.

TPP has provision banning requirements to transfer or access to source code of software [KEI]

Loading...