SoylentNews is people
SoylentNews
The TPP E-Commerce chapter has a provision banning requirements to transfer or provide access to software source code. This applies to "mass market software."
Article 14.17: Source Code
1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.
2. For the purposes of this Article, software subject to paragraph 1 is limited to mass-market software or products containing such software and does not include software used for critical infrastructure.
3. Nothing in this Article shall preclude:
(a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts; or
(b) a Party from requiring the modification of source code of software necessary for that software to comply with laws or regulations which are not inconsistent with this Agreement.
4. This Article shall not be construed to affect requirements that relate to patent applications or granted patents, including any orders made by a judicial authority in relation to patent disputes, subject to safeguards against unauthorised disclosure under the law or practice of a Party.I'm wondering how the GPL fares here, and how much money Microsoft spent lobbying to get this included in the TPP, or if the NSA has a role in this. One aspect of this provision is that governments cannot insist on source code transparency, for mass market software, even to address concerns over security or interoperability.
(Score: 5, Insightful) by gman003 on Saturday November 07 2015, @05:48AM
"Party" as a legal term means "one who has signed this contract or other legal document". In treaties (which are essentially contracts between countries), it does not bind citizens, only the governments themselves.
This clause seems to be a good thing. It prevents a country from saying "if you want to sell your software here, you have to give us the source code", either to search for security flaws to exploit, or just for good old-fashioned state-sponsored corporate espionage.
It even explicitly says "this does not mean license agreements cannot include a clause requiring source code" (3a). The GPL is perfectly safe.
There are plenty of good reasons to be concerned about TPP. This is not one of them.
(Score: 4, Insightful) by frojack on Saturday November 07 2015, @06:25AM
Agreed, that's how I read it as well. The GPL itself is safe.
Parties are governments. Governments can't demand source code from persons in OTHER countries.
But is the GPL still enforceable in any court? Hmmm. That's not so clear.
I could imagine there might be a situation where the GPL couldn't be enforced because the requirement to release source code.
That requirement might not be enforceable by any court order because courts are an arm of the country, and the country can not compel the release of the source code owned by a person of another country.
That may be the tinfoil talking..... I dono.
There are still some issues, such as the US government demanding access to, and requiring an export license for, encryption source code developed by a US citizen who wants to contribute to a Linux distro or OpenBSD or something.
No, you are mistaken. I've always had this sig.
(Score: 2) by gman003 on Saturday November 07 2015, @04:03PM
Seeking redress for contract breach through the judicial system does not magically make a commercial, contractual obligation into a government one. The GPL is still just as enforceable as any other software license.
(Score: 2) by cykros on Monday November 09 2015, @06:02AM
IANAL, but I would think that a court case involving the GPL would much more likely look like a traditional copyright infringement case rather than a forcing-a-party-to-reveal-source case. The goal, thus, would be a cease and desist from failing to abide by the terms of the license, as well as potential damages to be awarded to the original developer(s) that hold the copyright. It's if you want to avoid those cases and yet still code using bits that are GPL'ed that you'll need to release the source, something that seems hardly anything anyone is forcing you to do.
(Score: 2) by caffeine on Saturday November 07 2015, @06:59AM
This clause seems to be a good thing. It prevents a country from saying "if you want to sell your software here, you have to give us the source code", either to search for security flaws to exploit, or just for good old-fashioned state-sponsored corporate espionage.
Access to the source code by a government to ensure that there are no back doors for some products seems reasonable to me. A smaller country that does not produce networking products, should be able to verify that the ones they want to use are secure.
I also see is as reasonable for a government to decide if a product is safe to be sold or used in their country.
For example, if the Australian government were to block the use of a radiation therapy machine that the TGA could not verify due to this TPP limitation, would the US based manufacture be able to sue them for access to the market?
(Score: 4, Insightful) by Adamsjas on Saturday November 07 2015, @07:12AM
For example, if the Australian government were to block the use of a radiation therapy machine that the TGA could not verify due to this TPP limitation, would the US based manufacture be able to sue them for access to the market?
Read past the first paragraph, all the way to the second paragraph, where you find this:
2. For the purposes of this Article, software subject to paragraph 1 is limited to mass-market software or products containing such software and does not include software used for critical infrastructure.
Pretty sure that covers all your objections.
(Score: 2) by caffeine on Saturday November 07 2015, @07:35AM
Critical infrastructure seems fairly hazy. Does that include the software to run a router? The operating system used by government employees? The email client used in the military? The control systems for the new F35?
My example was the software in a machine used for radiation therapy. I'd imagine that would not be critical infrastructure but may not be covered as not being mass market. That is another hazy term.
(Score: 1, Interesting) by Anonymous Coward on Saturday November 07 2015, @07:45AM
What if some governments want to ban some proprietary software for some mass market applications? No proprietary software can be trusted.
(Score: 2) by frojack on Saturday November 07 2015, @08:47AM
Nothing in the quoted section of the TPP addresses bans. We have nothing to go on for that question.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday November 07 2015, @10:10AM
One way to alleviate the problem would be to force companies to surrender the source code in some cases. Others would be to simply not use specific software. But it seems the former solution would be disallowed in this case.
(Score: 0) by Anonymous Coward on Saturday November 07 2015, @07:12AM
That manufacturer could probably sue, yes.
(IANAL, etc.)
(Score: 0) by Anonymous Coward on Saturday November 07 2015, @09:21AM
The clause prohibits governments requiring source code disclosure for market access.
This makes it illegal to demand source code escrow for safety-critical systems like pacemakers, automobiles, aircraft, and heating systems.
It also appears to prohibit the requirement for source code disclosure when it is not safety critical, but prudent. Such as tendering contracts for digitizing archives. If proprietary file formats are used, odds are high that history will be lost.
(Score: 0) by Anonymous Coward on Saturday November 07 2015, @07:20AM
Unless "party" has been defined in the preceding text to refer to someone other than a national signatory. I haven't poured through the preceding text to discover if this is the case or not.
(Score: 0) by Anonymous Coward on Sunday November 08 2015, @01:16AM
Ever use a magnifying glass to look at something with little tiny holes in it (like your skin)?
That's what you should be thinking when you use that term.
pore+verb [google.com]
I've see this several times here recently and this time it was pushing my buttons once too often.
...and the preposition that typically follows "pored" is "over".
-- gewg_
(Score: 1, Interesting) by Anonymous Coward on Saturday November 07 2015, @08:11AM
It even explicitly says "this does not mean license agreements cannot include a clause requiring source code" (3a).
No, 3.(a) says this:
the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts;
The GPL is not a contract.
(Score: 2) by fido_dogstoyevsky on Saturday November 07 2015, @09:56AM
It even explicitly says "this does not mean license agreements cannot include a clause requiring source code" (3a).
No, 3.(a) says this:
the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts;
The GPL is not a contract.
However, something like "3.7.19 The software shall be supplied under the General Public Licence ..." can be inserted in a commercial contract.
It's NOT a conspiracy... it's a plot.
(Score: 2) by Grishnakh on Saturday November 07 2015, @03:31PM
Bullshit. I agree with your interpretation of the language (it binds governments, not citizens), but it's not a good thing. If a government wants to require a foreign company to provide its source code in order to sell their software within that country, that's their sovereign right. China would be right to require Microsoft to provide its source code in order to sell Windows in China, because it's quite likely there's NSA backdoors embedded in it.
If MS doesn't agree, they don't have to sell their software there.
(Score: 2) by RamiK on Saturday November 07 2015, @06:36PM
The clause is bad because it could be interpreted as preventing a country from passing laws and safety regulation requiring open source for communication equipment, banking or medical equipment in the private sector. That's to say, "critical" needs classification.
compiling...