Stories
Slash Boxes
Comments

SoylentNews is people

Congress Votes to Force Software Makers to Say When Foreign Governments Peep Their Code

posted by martyb on Monday August 06 2018, @05:42PM   Printer-friendly
from the we-want-to-look-at-who-is-looking-at-you dept.

MrPlow writes:

Submitted via IRC for BoyceMagooglyMonkey

The U.S. government is stepping up its sensitivity to foreign governments insisting on reviews of software company's source code.

The section of the bill that passed the Senate with an 87-10 vote stipulates that the Department of Defense cannot use any software product in a range of its systems unless the manufacturer fully discloses the software reviews by foreign governments that it has previously allowed or is under obligation to allow in the future. The language of the order is typically convoluted, and it does not include all foreign governments, only governments that are placed on a forthcoming list of cyber threats that is due within 180 days after the bill is signed. The president still has to sign off on the legislation, something he's expected to do, but you never know with this guy.

It appears that the section was prompted by a Reuters investigation from last year that found Hewlett Packard Enterprise permitted a company to review its source code for a piece of cyber defense technology on the behalf of the Russian government. The software is also used by the Pentagon. A subsequent report found that SAP, Symantec, and McAfee had also given the Russian government permission to dig through their code for software that's also used by the DOD.

Source: https://gizmodo.com/congress-votes-to-force-software-makers-to-reveal-if-th-1828064013

Original Submission

 
This discussion has been archived. No new comments can be posted.
Congress Votes to Force Software Makers to Say When Foreign Governments Peep Their Code | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Anonymous Coward on Monday August 06 2018, @10:03PM

    by Anonymous Coward on Monday August 06 2018, @10:03PM (#718000)

    Sec. 1639. Mitigation of risks to national security posed by providers of information technology products and services who have obligations to foreign governments
    (a)

    Disclosure required

    The Department of Defense may not use a product, service, or system relating to information or operational technology, cybersecurity, an industrial control system, a weapons system, or computer antivirus provided by a person unless that person discloses to the Secretary of Defense the following:
    (1)

    Whether the person has allowed a foreign government to review or access the code of a product, system, or service custom-developed for the Department, or is under any obligation to allow a foreign person or government to review or access the code of a product, system, or service custom-developed for the Department as a condition of entering into an agreement for sale or other transaction with a foreign government or with a foreign person on behalf of such a government.
    (2)

    Whether the person has allowed a foreign government listed in section 1638(a) to review or access the source code of a product, system, or service that the Department is using or intends to use, or is under any obligation to allow a foreign person or government to review or access the source code of a product, system, or service that the Department is using or intends to use as a condition of entering into an agreement for sale or other transaction with a foreign government or with a foreign person on behalf of such a government.
    (3)

    In a case in which the person is a United States person or an affiliate of a United States person, whether or not the person holds or has sought a license pursuant to the Export Administration Regulations under subchapter C of chapter VII of title 15, Code of Federal Regulations, the International Traffic in Arms Regulations under subchapter M of chapter I of title 22, Code of Federal Regulations, or successor regulations, for information technology products, components, software, or services that contain code custom-developed for the product, system, or service the Department is using or intends to use.

    License the code to a joint-venture. You're not under obligation and you're not showing it to a government or to a person on that governemnt's behalf. You ARE willingly showing it to a foreign person as part of a deal between companies. But the law didn't request you to disclose that particular arrangement. And that applies to both the custom-developed code as well as the mass-market code.

    Pretty obvious someone got paid rather well to make this "honest" mistake.

    Starting Score:    0  points
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Total Score:   3