TPP banning requirements to transfer or access to source code of software
keionline.orgThese are rules for States. It has no bearing whatsoever on the GPL.
This prevents a country from forcing somebody like Microsoft or Apple to give up their source code for "inspection" in order to access their market. It also helps to prevent States from demanding and acquiring encryption or other private keys (there's a separate section that also explicitly forbids mandating backdoors be added).
Not everything in the TPP is bad.
So, as an actual lawyer i actually think i disagree with you in practice.
Imagine for a second that the US gets tough on GPL violators, and says "well, if you want to sell android devices in the US, you have to produce the GPL source code".
Or something even simpler, along the lines of "products marketed in the US must comply with all licensing obligations of software that it contains".
This one actually happens behind the scenes sometimes right now, though you don't see it.
I believe they would not be allowed to do that under this provision.
It clearly falls into:"1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
3 is no exception:
"3. Nothing in this Article shall preclude: (a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts;"
The GPL and other open source licenses are arguably not commercially negotiated contracts.
So yeah, it doesn't stop private citizens or parties from doing whatever they want. It may stop you from being able to create laws and enforce them at import/export time around actually complying with OSS licenses.
Which is really not great, since it in practice means free reign.
You will never get state supported companies in their own countries to comply with licenses. Generally, your only course of action is to try to enforce elsewhere, or ban import/export.
Here, in the case of the US, you will not be allowed to ban import unless all of that open source software is completely US written.
(since the provision limits requiring "source code of software owned by a person of another Party". Of course, what it means by "software owned by a person of another Party" is also up in the air, since most open source software has many copyright owners , so does it mean complete ownership, partial ownership, or what?)
"GPL and other open source licenses are arguably not commercially negotiated contracts"
This is the key issue. It seems like a copyright license to code under GPL would be commercial, in the sense that the parties are exchanging a license for the recipient undertaking the GPL obligations. Whether it's "negotiated" seems like a more difficult question.
One interpretive guide could be to look to the reason for the provision. I suspect the purpose was to allow for source-code escrow agreements in things like enterprise software deals. It would be odd for the enforceability of those provisions to turn on the degree to which the parties "negotiated," so I suspect this will be a low bar.
Rather, I suspect the term "negotiated" is intended to block end-runs around the default rule. Otherwise, governments could obligate copyright holders to burden their code with GPL-like code, e.g., a reg saying you can only provide voting machines if they are based on a modified version of the Linux kernel.
So I think GPL source-code disclosure obligations remain enforceable, absent coercive acts by a government to force parties to undertake those obligations. But this is really speculative.
They are contracts of adhesion and by definition are explicitly NOT negotiated contracts. They are 'take it or leave it' much like insurance policies.
Some states are beginning to throw their support behind OSS. It seems the "nation-state" has been "soon to be irrelevant" for a while now, but until "soon" arrives, the State is still a primary actor with immense resources and influence. So saying, "these are rules for States" as a way to minmize the importance of this section of the TPP does not make sense to me. At all. It frankly sounds like crazy talk. Sorry, but is does. As software becomes more pervasive and goods and services are delivered by or composed of software more and more, software will take on attributes once associated soley with "real property" and "free speech". As that happens, legal language like this limiting the State's ability, in any way, to legislate software will limit the State's population from having a say over how software should be treated in that population, in that society, in that community.
If the TPP does not impose the same restrictions on contracts between private parties, that is not a benign thing. Private parties includes corporations, and most contests between legal corporations and "individual natural persons" eventually are settled in the interest of the party with more resources, often the legal corporation. Such challenges may play out in the markets or the courts, or it may play out over an even longer period in the legislature by changing the laws regulating or guiding the markets and courts. Thus, hamstringing the State's ability to have laws counter to this section of the TPP actually saves an entity the time and money which might otherwise have been needed to lobby a State's legislative bodies or develop the legal framework by way of a legal process. It fixes the playing field in favor of non State actors. Currently the most powerful non State actors are for profit corporations and privately held companies. This section of the TPP is not at all neutral, if understood to apply only to States. It would then heavily favor corporations and companies, and it would limit State actors and thus their populations. It would favor entities driven by profit motive or the motives of whomever the individuals are that own said private companies. That. Is. Huge. That is a fundamental shift in how, say someone like an American like me, many people might want to govern the communities they are a part of.
I am not a lawyer and I'm trying to wrap my head around this. For me the main issue (with respect to the GPL) is that the GPL does not compel you to distribute source code. It is simply a condition of the the granting of the license. The GPL is quite specific about it. It states that you do not have to accept the license. However, if you do not accept the license, there is nothing that will allow you to distribute the software (under copyright law).
In order to distribute software for which you do not own the copyright, you need to have a license. If you do not agree to the license, then it doesn't even get to the stage we are talking about. You can't distribute it anywhere (under international copyright law). If you agree to distribute the source code in order to get a license, then you have agreed to do that. Is that not what is meant by a commercially negotiated contract? There is consideration on both sides (one party gets to use the software, the other party ensures that the source code is available to users of the software).
Either way, I think this wording is terrible and it worries me greatly. However, my layman's view seems to fall on the side of the GPL being OK. I would be grateful for explanations on what I may have misunderstood.
"You can't distribute it anywhere (under international copyright law)."
True. There are two problems. First, this violation is remedied by an action. Normally, that action for an order to comply with the license (not just "stop using it and pay damages"). There is a question whether a court would legally be able to order such a thing anymore.
B. As you have identified, "Is that not what is meant by a commercially negotiated contract? "
Generally, a commercially negotiated contract is a contract explicitly negotiated between two parties. If i have received GPL software, i have not negotiated a contract with the author or anyone else.
Is there any prior case where an court demanded that a party comply with a copyright license? "stop using it or comply with the license" seems to be the obvious step for any infringer.
In the case of the GPL, the "or comply with the license" doesn't even apply. As soon as you violate the license, the license is terminated. This is to stop people from violating the license and then saying, "Ok, Ok, I'll comply" when they are threatened with a lawsuit. In practice, copyright holders usually forgive the other party and offer then a new license, though. So, again from my layman's point of view, I don't think this is an issue since the court can't force the other party to disclose their source code. It can only grant an injunction on distribution.
In every case, the use of the license (and subsequent release of the source code) is a choice. Of course, without choosing to follow the license, you can't distribute the software. As far as I understand, this is by design and the reason why the GPL is so robust.
I also think this is a negotiated license because the GPL specifically says that you don't have to accept it. It is a written offer for a license. Sometimes, if you contact the copyright holder you can get a different license. Usually now. Just because the offer is made to everybody, doesn't mean it is not a negotiation (I don't think... but that's probably where knowledge of the law would come in handy ;-) ).
I happen to agree with your analysis, but I am not a lawyer either.
What does it matter that a state cannot compel a corporation to reveal its source code as a condition of distribution? The key is that the recipient of the distribution cannot make use of it without a license, pursuant to international copyright law and treaties. And you can indeed sue them for infringing on this, under copyright law, can you not? As a condition of use, they must also OFFER TO distribute the source code of any derivatives.
No one is forcing the actual distribution of the source code of derivatives. But if this distribution does not happen, the recipient CAN be sued for copyright infringement, lacking a license, no?
Danny,
In your opinion how does this affect the ability of governments to pass laws requiring them to use only free and open source software? I think this is incredibly important not only for software freedom but for a properly functioning free society in general (think of voting, financial accounting and digital currencies, etc). Would such use be considered "critical infrastructure" or does this provision preclude passing such laws?
> So yeah, it doesn't stop private citizens or parties from doing whatever they want. It may stop you from being able to create laws and enforce them at import/export time around actually complying with OSS licenses.
The treaty specifically states a party cannot compel the owner to reveal the source code. Arguably someone violating the GPL or similar license is not the actual owner of the code.
I'm not sure why you believe this. I quoted the actual text:
"1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
It does not say no party can compel an owner, it says no party can compel access to the source code owned by person of another party. That is not "no party can compel the owner" it's "no party can compel access to source code that meets certain conditions".
Period. There is no "nobody can compel the owner" part in there that i see.
The only reference to ownership is around a pre-req to compulsion. IE if you break it down, it says:
"unless the software that meets the following conditions, you can't compel access to code
Conditions:
A. It's owned by a citizen of the party
or
B. It's not being done as a condition for the import, distribution, sale, or use of such software, or products containing such software, in its territory"
I believe this because the overly-broad interpretation you are taking is ludicrous. It would prevent code owners from asking other countries to take enforcement actions for them, regardless of what license the code was under, if they suspect someone in another party nation misappropriated their code.
It would essentially mean software authors could not enforce their copyright against infringers in other party nations if proving infringement required access to the author's or infringer's source code.
"I believe this because the overly-broad interpretation you are taking is ludicrous."
Of which part.
I think the part about whether you can compel an owner is cut and dry. It says nothing about compelling owners. Period.
The part about countries being able to make laws about import/export, also very cut and dry. This is very clearly covered.
The part about countries not being able to have courts order source access, yes, is a broad interpretation, but honestly, not inconsistent with how this kind of wording tends to be read by courts.
Even if you cut the last part out, the other two are still very very worrying.
> I think the part about whether you can compel an owner is cut and dry. It says nothing about compelling owners. Period.
I was going to argue that, but after thinking about it realized I was making the incorrect assumption that the owner of the source code was the only one who could provide said code. Hence my incorrect interpretation.
> The part about countries being able to make laws about import/export, also very cut and dry. This is very clearly covered.
Not challenging that.
> The part about countries not being able to have courts order source access, yes, is a broad interpretation, but honestly, not inconsistent with how this kind of wording tends to be read by courts.
If that is the case, I don't see how any state with a decent technology sector would agree to it, because it would allow party states to basically set themselves up as piracy safe havens.
> Even if you cut the last part out, the other two are still very very worrying.
I don't think the first is worrying at all without the third. To try to extend the meaning of the first to include legal actions taken in copyright infringement cases would be tantamount to scuppering the very protections other parts of the same treaty are trying to enhance.
It doesn't seem to prevent other reasons for compelling source access. Simply not *as a condition ... sale in the territory".
So you can't (seemingly) require FOSS to access the market at all, but you could compel someone to reveal source for any number of other reasons.
Yes, it means that some states can allow rampant piracy, and other states who are aggrieved can not block the import from the offending stats. Which is precisely what some of those states want.
Party means party to the treaty. As in, a country. It has no bearing on private sector agreements, such as the GPL.
The are the owner of the code that they wrote that depends on the GPL code... so they might not own all of the code, but they presumably own some of the code. And that's usually the most interesting bits that one might need (when modifying a device, for example).
I still don't see how the State would be involved here though...
States make laws about import and export, and ignoring that, are the enforcement mechanism. The legal authority under which things happen is going to be "The party".
IE If i get a federal judge to order source code access, do you think I did it, or instead that a party (IE US) just compelled access?
(Hint: The law mostly says the latter ;p. That's why i can get law enforcement to enforce it. Because it's an order of the government, not an order of me)
Now, whether it meets the other conditions for the "no compulsion" part, that depends on the circumstances.
With the right spin, I think it would still be allowed by a State to not allow a software in a market that violates an OSS license. This is because they are blocking software that doesn't have the right to be redistributed because it doesn't complete the requirements to be redistributed. The State isn't requiring the source to be revealed, just that it has the ability to redistribute the software.
To make a poor analogy, imagine that the law said States can't require people to kneel and kiss a pinky ring in order to enter the State. However, they can require a valid passport, even if in Guilder in order to get a passport you have to kneel and kiss the pinky ring of the King of Guilder.
Wouldn't the authors of the software be able to sue if the licensee didn't fulfill their obligations? And wouldn't one of the civil remedies sought be to ban importation if the offending product into the country in question?
From my (not a lawyer) reading, it seems to suggest that the government can't forbid the sale of closed-source software.
Also, you don't need a license to use software, which is why the GPL is irrelevant to end users. But I can't see how someone choosing the use GPLed software is doing anything different than downloading the Torque 3d engine, etc. It's freely accessible, but you have to agree to some conditions to legally do certain things with it.
It's worth pointing out that legal language almost always permits more than one interpretation, which is why disputes are adjudicated by humans in (hopefully) impartial courts, under processes that permit the parties to provide testimony and evidence to support one or the other interpretation.
So, just because a piece of legal language can be interpretted a certain way, that does not mean it is likely to prevail in court. In this sort of case, I'd be surprised if any TPP negotiator or representative, or any documentation from the TPP process, will indicate that this language was intended to break the GPL and open source in general.
The US could not, under the TPP say "well, if you want to sell android devices in the US, you have to produce the GPL source code".
But that's unrelated to today's GPL situation, because the way the GPL works today is: "I as a copyright holder sue you for copyright infringement because you don't have my permission to my work… by the way, I'll give you permission if you follow these license terms…"
DannyBee's example is interesting. But since the treaty applies to software "owned by a person of another Party," couldn't the U.S. pass a law that says, in effect, "if you want to sell android devices in the U.S., you have to produce the GPL source code if the rights holder is a U.S. domiciled person?"
UPDATE--saw you already addressed this at the end of your post. Agreed.
Why would the GPL not be considered a commercially negotiated contract?
If the TPP is ratified, would it be worth updating the GPL to say "You agree that this is a commercially negotiated contract"?
The FSF says that GPL is not a contract [1] [2] [3].
[1] http://www.gnu.org/licenses/200104_seminar.html
Probably because it usually doesn't involve any commercial, that is, monetary, transaction, and it doesn't involve any negotiation; it's just slapped on by someone you've never talked to. How would it be considered a commercially negotiated contract?
A contract doesn't need to have any money change hands, as long as both sides get something out of the deal (have "consideration"). The GPL does have this as one side gets the right to use source code and the other side gets guarantees on how that source code will be used.
Also, being slapped on is not a problem for a contract. We interact with adhesion contracts every day that are slapped on to things. When you accept a valet ticket for parking it has a contract on the back that you are assenting to by using the service. No negotiation occurs and adhesion contracts are valid contracts.
Since "commercially negotiated" is not a term of art, why do we think the GPL is not one?
I'm not saying the GPL is an invalid contract; I agree that it is a valid contract. I gave reasons why it may not be considered "commercially negotiated". If they just meant any valid contract, they would've just said "contract" instead of "commercially negotiated contract".
It's a Contract of Adhesion. Adhesion contracts are, by definition not negotiated.
Not all non-negotiable contacts are a a contract of adhesion. Stores will rarely negotiate (in N.A.), for example.
CoAs require a weaker party, who has no leverage, and it seemingly need to be for a necessity (as part of the "no choice but to agree").
The GPL is an offer, but in no way precludes authors from accepting other terms for use of their work.
It also would prevent government agencies from demanding i.e. the source code of a car's ECU to verify its safety and emissions behavior.
The only way out of this would be to declare car ECUs (or other systems) as "critical infrastructure", the definition of which I'm sure will be subject to many political tug-of-wars once this is implemented.
Playing the devil's advocate here, but you shouldn't need access to a car's source code to measure its emissions. The test is broken, not the software.
But you can imagine an internal AI that can tell whether it's being watched by the government with arbitrarily sophisticated means. In fact, that's just an extreme example of how VW broke rules. It wasn't, as I think you might be imagining, a case where the emission measuring device was lazy and just took the car's word for it. Rather, the car's software determined that it was being tested (based, I think, on various cues from how it was being driven), and lowers emissions in those situations.
Or even simpler: if $INTERNAL_CLOCK < $PROJECTED_DATE_OF_SALE { fake_emissions; }
Many states in the US force you to test emissions when you register your car.
if(miles_driven < 10,000) { fake emissions; }
You often have to renew this every few years, or when you move to a new state. Even my 16-year-old Chevy Caprice with 200k+ miles had to run the CA gauntlet.
(unless (car-radio-playing?) ; probably not the owner driving (fake-emissions))
I mean that would be a pretty crappy defeat device
Expounding further - what government agency has the time or money to actually sift through mountains of source code?
From a pure financial standpoint, there's no possible way that it isn't cheaper to just measure real emissions than attempt some kind of software analysis for every version of every vehicle on the market.
Furthermore, an agency inspecting source code has absolutely no way to tell whether or not that the source they've been given is actually what's running on a car.
Just as a counterpoint: the Nevada Gaming Commission has plenty of time and money to sift through the source code of every gaming device that gets deployed in NV.
Compared to any car ECU and related software, gaming machine software is rather simple. Not exactly trivial, but much simpler, and the state can afford to set rather arbitrary behavioural restrictions.
Similar restrictions would severely cripple innovation in cars. Just consider Tesla's autopilot software.
If I write the software for those devices in ASM, do/can they still look through it?
Is there some kind of formal engineering practice they require manufacturers to adhere to?
How are their staff qualified to read the vast variety of languages out there?
I cite these as immediate, obvious roadblocks to verification, regulation, because they're easy and many PLs are something that the vast majority of the software industry are not used to.
Do we have specific evidence that they actually do sift through the source code? They demand its submission, but how do we know they actually do anything with it? I'm asking this as a serious question.
It doesn't really matter if they sift through every one so long as they have them on record. If there's ever an allegation of misconduct, the code can be examined in full by any large variety of experts.
If you have source code then you can tell whether a particular executable was built from said source code. Pull the executable out of the car and also build the source code yourself as instructed by the manufacturer, compare the two binaries.
If the binaries don't match, then whatever certification the device needs automatically fails and it cannot be sold.
What that means is that later on, if "Something Bad" happens, you are in a position to be certain of what code was running. This makes investigation much easier as there is no chance that the original source code cannot be found when needed later. This does get a bit more complicated with software updates, especially OTA updates.
To me, this seems like a relatively difficult feat.
- Are governments and other regulatory agents going to formally verify compilers?
- Are these agencies going to prevent software from being written that doesn't conform to their rigid standards?
- Many compilers, technologies in use today aren't perfectly deterministic. Optimizations, flags, etc. can all dramatically affect an emitted binary.
- What if I want to use a completely different architecture than a regulatory agency is used to? Am I just not allowed to?
And as you mentioned, updates.
With the ability to do OTA or any other updates, software becomes almost impossible to identify or deal with.
The point isn't for regulators to have to sift through code line by line or do something complicated like verifying compilers. I'd propose that the industry can pretty much do whatever they like in terms of technology, so long as it's inspectable and meets other regulations of course. If they can't provide repeatable instructions for building their code then they should not be working on something safety critical anyway.
I'm not familiar with exactly what software regulations exist today for the auto industry, but certifications for repeatable software processes (including build and deploy) are nothing new.
The point is that we should trust the industry to do the right thing, but also maintain our ability to double check. Until something like the VW defeat scandal happens it doesn't make sense to invest the resources needed to really dig in.
Updates and cheating can be detected by requiring service stations to pull software from randomly chosen vehicles during annual inspections. In the US we could use the standard highway funding threats to require states to enact such laws.
In a similar vein, what government agency has the time or money to actually review every single diagram for a building to be constructed?
It's actually the same problem: an extremely complex object is being constructed, a critical failure within which could leave many people nearby injured or dead.
The solution is actually somewhat ingenious: License a small group of people to go analyze such things, let them organize themselves independently, but require them to sign off on the design. It turns out that with their license and livelihood on the line, enough people aren't willing to sign off on terrible, shoddy crap that the system mostly works.
Perhaps it's time that software grew up and became something closer to a real engineering discipline?
> Perhaps it's time that software grew up and became something closer to a real engineering discipline?
Filled with red tape, inaccessibility, limitations?
No thanks. I think we've done a very decent job of self-regulation, licensure and review have fared well for most* life-threatening software systems.
You not only have to sift through the code, but compile and flash it yourself.
You want repeatable conditions for tests so that you can compare results between models, and against the norms.
When you have repeatable conditions - software in the tested product can detec that and act differently in these conditions.
That's exactly what happened in VW case.
It's nontrivial to fix the test so that it is still repeatable and hard to fool by company determined to fool it.
Randomized test with a suitable number of runs will cost-efficiently give useable results.
I agree, it's not trivial. But, it's not hard either.
You don't, you need access to great if those are the emissions when the engine is running as it normally would under regular driving conditions.
It's like weighing someone, you don't need to see their feet, but if you can't then you can't tell if they have both feet on the scale.
The test should be to validate software is correct.
The text draws a distinction between mass market software and infrastructure.
I haven't studied it closely to see how narrow those meanings are, but it seems like emissions control software might fall under infrastructure (I also guess that mass market is talking more about shrink wrap software than embedded software, you don't use an ECU in the same way that you use a word processor).
That doesn't seem unreasonable. How much do you trust arbitrary 3rd world country's transport department to keep your trade secrets really secret? Any answer other than "hardly" suggests you haven't spent much time in poorer countries...
I think it primarily bans states from using access to the source code to prevent vendor lock-in. States tend to invest in enormous software projects. If they need specific new features, and the original vendor is unable or unwilling to provide those for a reasonable price, this would prevent the state from going to someone else to continue development. The original vendor will be able to ask unreasonable prices.
When Peru made a law demanding that the state has access to the source code for that exact purpose, Microsoft was upset, because they didn't want to play by those rules, but also doesn't want to lose that market.
>This prevents a country from forcing somebody like Microsoft or Apple to give up their source code for "inspection" in order to access their market.
Since when is that a good thing?
America hopes to use TPP as a model for a similar deal with China, so America has insisted on a bunch of rules you'd only expect in a trade deal with a banana republic - like investor-state dispute settlement.
At present, "Chinese officials have learned to tackle multinational companies, often forcing them to form joint ventures with [Chinese companies] and transfer the latest technology in exchange for current and future business opportunities" [1] which is good for China but bad for America. America wants a treaty with China that will stop them doing that.
Personally I'd be surprised if China went for such a deal, regardless of what happens with TPP.
[1] https://hbr.org/2010/12/china-vs-the-world-whose-technology-...
The TPP is actually supposed to exclude China and create a competing trade bloc. It was even called the "everybody but China deal" by some people. All part of Obama's "pivot to Asia"... supposedly.
However, given the contents of the treaty, I don't think this exclusion is something that really bothers China.
China wanted in on the WTO bad. Real bad. China doesn't really care about the TPP.
To quote Obama:
> The TPP means that America will write the rules of the road in the 21st century.
http://in.reuters.com/article/2015/11/05/trade-tpp-idINKCN0S...
It very much sounds like they’re treating the rest of the world as colonies.
Not colonies, markets. The connotations of your word choice seem solely intended to make emotional connections that the reality does not support.
No, colonies and indentured servants are a better description at the level of control, power, and military that supports it:
http://www.projectcensored.org/the-global-1-exposing-the-tra...
It's been going on a long time. General Butler, who got Medal of Honor twice & led many wars, straight up said in his confession (War is a Racket) they hit countries to enforce American capitalism while pretending it was about liberty, etc. I can also direct you to some resources covering how much people in Iraq and Afghanistan appreciate how America doesn't do imperialism any more. Oh, wait, I don't know any...
Well, ISDS – which, obviously, is a way to give up parts of sovereignty (not necessarily bad) – has some specific exceptions that make it unlikely it can be used against the US, instead mostly against the other partners.
This gradient of power reminds of the colony-empire relationship of one entity having might over another. (though not nearly comparable, I used it as hyperbole)
In a good treaty both the US and any partners – like Japan, Singapore, or New Zealand – would get the exact same rights.
Honest curiosity: which exceptions make it hard to use the ISDS against the US government?
The exception of the US telecommunications market, the US pharmaceutical market from the free trade regulations, for example?
These markets are not part of the free trade deal and not subject to ISDS.
Yeah, but they say that in order to appeal to us voters, who are assumed all to be ignorant jingoist buffoons, ready to support any idiocy so long as it can be imposed on foreigners. It's actually like many other political efforts in this country, in that only the interests of the very richest donors, corporations, and lobbyists are considered.
Obama sees the TPP as a key part of his legacy (along with Obamacare). I think that sentence might have been as much about self-aggrandizement as it was jingoism.
He really seems to think that the TPP is a key plank in shoring up American power in Asia.
Which, if it were a better treaty, it might.
Since Microsoft and Apple spend hundreds of millions developing that code. To let a country 'inspect' it is to put valuable intellectual property at risk. Would you trust China to inspect your source code for a project you spent millions developing a unique technology? Should Boeing open source their aircraft wing designs? To suggest such is ludicrous. Do you really want governments with access to everyone's source code?
I'm not sure I'd want to allow China to sell a "secure operating system" to government agencies - and not be able to demand source code access as part of the bidding process.
I'm not sure I'd want a US company to supply hardware/OS to schools, and not be able to stipulate source code availability in the contract.
I'm not sure if this is the kind of things that this makes illegal -- but I wouldn't be surprised if it is.
Since Capitalism ;)
"These are rules for States. It has no bearing whatsoever on the GPL."
TPP is designed to give commercial entities equivalent rights to nation states. That's what the 'Investor-State Dispute Settlement' provisions refer to. Under these provisions a commercial entity could 'steal' Open Source code, without the requirement to release the source code. In effect rendering licenses such as the GPL unenforceable. At the very least it may cause a dilution and hinder the growth of the Open Source sector. Now I wonder whose interests that that would advance and who helped to write such provisions.
That is not what investor-state dispute resolution does. If it was, the GPL would have been broken a long time ago because ISDS has been part of bilateral treaties for decades.
ISDS is intended to provide standing for a company from one country to request relief from the government of another country. Without ISDS, the Vietnamese national government could simply take whatever U.S. property is located in Vietnam, and the U.S. company would have no recourse.
Just to agree with this point and elaborate: when the text uses the word "party" it refers to a nation signing the treaty, and not people.
So when it says "No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory," Party refers to a government.
In a State where the GPL is enforceable would it be a violation of the TPP to require that a foreign company comply with the GPL and release the source code? I think that's the $1,000,000 question.
As I understand it: a government can not say to a foreign company "we won't buy your software / won't allow your product in our market unless you give us the source code" and that's it. It has nothing to do with GPL, possibly with the exception that writing "the provided software shall be released under GPL license" into government-sponsored bids would be illegal as it basically forces a company to provide the source code as a requirement to do business.
No, because that's just enforcing a private contract.
Maybe not everything in it is bad, but this part is very bad.
It means other countries can not have the software they buy inspected for NSA (or whoever else) planted backdoors.
It also means that countries can not ask for source code in a guarantee that the software will remain useful if the company goes away.
What it does not mean is that those countries will stop pirating software. There's no mechanism for enforcing that.
They can still do both of those things, they just can't stop the import of software that has not been inspected or had the source shared.
So a government can still choose to use open source software, and have whoever do whatever consulting on that software, they just can't refuse to allow a proprietary vendor to offer their product for sale.
> It also helps to prevent States from demanding and acquiring encryption or other private keys
boom, encryption done wrong!!
Look at PGP, source code is open. Nobody can crack it yet.
But DO we know if Apple is really on "our" side or are they just marketing it? Well, if our governments could see into the code. They could tell us. And if you tell me. Well there could be some people working for the government that could leak the code. Well then I tell you, just don't hire people who worked for a company for many years as their lead [[something]].
> Not everything in the TPP is bad. I go by the rule. If it is a big thing and will alter a lot of stuff. It primarily is bad, very very bad. And they got to convince they are doing good.
> Well, if our governments could see into the code. They could tell us.
They could but they never would.
The US government wouldn't, but wouldn't it only take one? Iceland might do it.
There are trade-offs in this. It means states cannot require code for certification, inspection, and continued development in case of abandonment. But it also means that states cannot require code for copying and illicit use.
I prefer the more open options.
Just because this clause is completely unrelated to the GPL doesn't make the clause okay. It's still shitty because it blocks democratic governance options to have policies that require source release for various situations (such as requiring Open Source for government software use or making policies that software in schools needs to be Open Source etc)
What I've been gathering is that there is no way the text of the TPP could have been interpreted favorably because people had already made up their minds before seeing a word of it. Every single thing in it is getting the most negative, (often) far fetched interpretation imaginable to fit the predefined narrative. FUD wins the day. FUD always wins the day.
So you're not allowed to mandate that back-doors are added to software. But you're not able to look for them in systems you buy for what might be security or infrastructure systems?
To me, it says a government can not mandate the use of open source software:
"No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
Or am I misinterpreting that? Does this preclude a government from requiring the use of open source software in some cases? IANAL, but I don't think it precludes government USE of OSS, but I think it means they can not have an open source requirement in a bidding process.
On another note, what IS the purpose of this language in TPP if not a direct attack on open source software?
I've got to agree this seems like an offensive against democratic movement towards open source being required in the public sector.
With all the secrecy one has to try and determine who might have written these clauses (USA multinational corporations presumably) and what the clauses are supposed to achieve (higher profits).
Preventing countries from freely moving away from the strongest capitalist models of software production seems like something that's likely to appear in TPP & TTIP; anything socialist also seems like it's going to be a target.
Even a broken clock is correct twice a day.
Sounds pretty bad to me.
Is that a good thing?
The "parties" of a treaty are governments. This has nothing to do with GPL. This is saying that a government can't say "you aren't allowed to sell software in the country of Frain as a non-Frainian unless you provide the source code for that product (whether to the end user or to the government)". They leave an exception for "critical infrastructure", because it was hard to argue that the government of Frain shouldn't be able to require that nuclear control software come with source code. Essentially, I don't see why this clause is concerning. It is clearly a form of pandering to the interests of software developers reliant on intellectual property rights, but only in a way that seems to me mostly about forcing capitalism on nation states that might disagree with its premise.
I can't see how this about capitalism. Showing source code to anybody (government or end user) does not make you loose your rights to that source code or the compiled application.
This is about freedom and the right to self-determination of governments/citizens (and thus also about democracy).
I would like to point out that our patent system is basically something like this: We as a society will protect your intellectual property rights for your machine only if you show us your blueprints.
> I would like to point out that our patent system is basically something like this: We as a society will protect your intellectual property rights for your machine only if you show us your blueprints.
Sure but, right or wrong, the general consensus of developed countries is that software is protected even if it is closed source. (That is, they have decided that patent protection requires disclosure but copyright protection does not.) A few other countries may disagree, but the whole point of TPP is to harmonize disagreements because (it is claimed) the frictions they introduce are worse than the micro-optimizations that individual states make.
Incidentally, in practice these sorts of disclosure agreements are used by states like China for protectionist reasons, not as part of some open-source ideal.
>Showing source code to anybody (government or end user) does not make you loose your rights to that source code or the compiled application.
You lose control over your own property. That's enough. Similar to police officers entering your home without a warrant.
One big difference is that you're distributing the binaries (or devices containing them) anyway, which makes them reverse-engineerable.
> ...mostly about forcing capitalism on nation states..
And these non-capitalist countries are?
All countries are capitalist. They may claim otherwise, but if the party that paid for the means of production makes a claim on the value of the produced goods, then they are capitalist. It doesn't matter if the party that provided the capital was a private citizens or a government. If the workers that produced the goods don't have sole claim on the value of what they produced, the system is capitalist. The only difference in the USSR, Maoist China or even North Korea is that the state tried to monopolize capital.
Well, you will be surprised how much can be classified as critical.
I will just put one copy of windows in a powerplant. Somewhere.
Although any nation state that does not like capitalism, surely would not be signing a trade agreement to open up trading markets.
So in short, if I understand this correctly, the US government (and any other government party to the treaty) will for example be unable to insist that Volkswagen (or any other manufacturer) open source their future emissions control software (as a condition for regulatory compliance) ?
They can still do this. However VW can later sue them for damages equal to their lost profits in a secret court.
It will certainly make it a lot easier for VW lobbyists to kill legislation intended to regulate them this way.
I don't think you've read the investment chapter [1].
It isn't a 'secret court':
* 9.23.1 Documents from the complainant are submitted and they should "make them available to the public"
* 9.23.2 "The tribunal shall conduct hearings open to the public"
Of course there is a section (9.23.4) detailing that complainants can withold any 'protected information' so perhaps in practice the process will not be as transparent as proponents would have us believe.
There is nothing about 'damages equal to their lost profits':
* Awards (9.28.4) "the only damages that may be awarded are those that the claimant has proven were sustained in the attempt to make the investment, provided that the claimant also proves that the breach was the proximate cause of those damages. If the tribunal determines such claims to be frivolous, the tribunal may award to the respondent reasonable costs and attorney's fees"
I think there is much that's disagreeable about the TPP but detractors relying on falsehoods opens TPP opposition up to easy attacks relying on the fallacist's fallacy.
[1] http://www.mfat.govt.nz/downloads/trade-agreement/transpacif...
Assuming it falls into the category of mass-market software/product, it would indeed be forbidden as a precondition to sell VW cars.
But if, for instance, VW cars were measured to have too high emissions, I see nothing in this article that would prevent justice from demanding access to the source code to audit it.
Alas I would absolutely prefer states to mandate this sort of source code to be open-sourced, but I think that makes me stand firmly in the minority.
The problem is the indirect costs of a product which are offset from the corporation or the consumer (e.g. onto the environment) - people buying and Volkswagon selling cars that do not meet emission standards isn't an isolated issue.
It's not so much a question of regulation as establishing a truer cost for what is produced/consumed. If the above is correct the TPP will basically mandate obscurity on (again this particular issue as an example) that indirectly impacts everyone who must continue to exist on this planet.
If you cannot analyse the binaries, or, conversely, if the authors cannot obfuscate the source code to the point of being unintelligible, neither of you are worthy as engineers.
Without a court order, at least.
Wasn't there some notion of an international TPP court that could dispute nations' decisions?
Volkswagon could sue for their expected future profits. A private arbitration court where the judges are corporate lawyers will decide if the court of a sovereign nation is somehow inhibiting VW's future possible profit. The health and safety of the citizens will not be considered.
The TPP is a government signing away its sovereignty and duty to protect its citizens, for both will take second place to expected future profits.
So it makes all governments that sign it banana republics of the corporations? If I get to work for Tyrell Corp, I am in!
"Party" here means party to the treaty, right? So, governments can't require source disclosure (except for critical infrastructure), but this specifically exempts contracts about such from this rule:
> [Nothing in this Article shall preclude] the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts
It seems like this wouldn't affect licensing at all, given that licensing is supposedly a contract. Am I missing something?
It prevents the government from saying "You can't sell your software in our country unless we can see the code."
And that's about it.
An interesting side effect of this would be the invalidation of the Nevada law requiring the source code for all electronic gambling machines be disclosed in order to operate in that state.
It seems like it would also apply to new or existing laws requiring the disclosure of code inside proprietary voting machines, medical equipment, and of course, the Volkswagon ECU. Then again, could those things be considered "critical infrastructure"?
The Department of Homeland Security considers the entire "Information Technology sector" as "critical infrastructure":
I can only think of TPP/TIPP as Protectionism... how can this go well?
That's what I've been wondering. They say these treaties facilitate trade between countries. But it actually looks more like they just shakes things. The result being a new, wild west trade environment in which the rules the players abide to are yet to be found.
Would this prevent us from requiring VW make available it's source code? Not a lawyer.
Germany is not part of the TPP, but assuming it were:
- probably not as a blanket precondition to allow them to sell cars,
- probably yes during the course of a trial if their cars were measured to have too strong emissions.
Not a lawyer either.
But think of all those millions of cars VW would sure love to sell in the USA via their soon to be founded Australian subsidiary...
Extrapolating this some more, might we even see a pattern emerging where some kind of clever legal offshoring could allow domestic companies to get a stronger position vs their own governments?
Yes. And this is actually one of the benefits of nation states signing the TPP!
Why would you want VW to make available its source code?
I believe the implication is that, if they were forced to release their source then either:
a) they would have been less likely to deliberately subvert the emissions tests in the code or
b) they were more likely to have been found out earlier.
Because stronger deterrence against cheating is needed. They got away with it for a very long time. Increasing the risks for cheaters is a rational change to make in light of that.
To audit the firmware of the emission control systems in their cars, for example.
The "Party" here refers to a political entity; a Party to the agreement among states.
This is a rule which basically says that governments cannot impose laws that say "thou shalt not sell closed-source mass-market software in this country".
It doesn't translate to "thou shalt sell nothing but closed-source software, and may do so even if it is derived from a copyrighted work whose holders forbid that".
It's a good rule because it reduces government interference in business by a modicum.
If a government wanted to give out Linux PCs to children. Then, the students could require the government to provide the open source software as it part of the copyright condition of Linux. But the government couldn't require the distributor of the Linux PC to provide the source code. What happens? Would it be illegal for the government to buy Linux PCs for civilians? Note: a Linux PC could be a smart card used for identification, voting, a licence, etc.
Those who use those machines have standing to ask for the source code, as per the GPL.
This might be good news for open source: No competent government will use software with classified information if it can't audit the code.
Software that is critical for public safety (and it is a lot) should be required to be one file as part of the product certification. If you have coded a safety interlock in software, that software should be viewable by the public. Toyota should have been required to submit their source with NHTSA.
This TPP is such bad news. I've never been politically active enough to want to "run a campaign" but honestly, this thing is really motivating me to take time out of my busy schedule ... I feel like it's such an uphill battle to get this thing defeated.
Could anyone rewrite cited part in plain-English? I have troubles understanding it.
Are you the fine article's author?
Does anyone know anything about the authors, Knowledge Ecology International, or their predecessor Consumer Project on Technology (CPTech)? They look interesting but their about page doesn't tell me very much.
Judging by the stark lack of intelligence displayed by these attacks on TTP, it is probably a fine treaty.
Actually this should (and I believe some day will) be mandatory. Everyone who wants to take money for software should be obliged to disclose full source code to purchaser. In case of mass market software it would be just publishing the source code.
As products grow in complexity and corporation grow in power the only way to secure safety of the public would be to prevent corporations from profiting from secrecy.
Will this impact governments' efforts to move to open source?
No. This just makes it unlawful to force a company to open it's closed-source software as a condition of entering a market.
TPP is no double political union instead of economical partners.
Doesn't this prevent Nevada and anyone else from demanding source code for slot machines and other gambling machines, to audit it for backdoors and other flaws? The last I heard, they're not even allowed to use off-the-shelf video drivers. Every line of code has to be (theoretically, anyway) audited by gaming authorities.
I suppose those are usually delivered under a "negotiated contract."
Too bad this isn't actually done for voting machines and ECUs.
So once this becomes law ( and surely it will ) how do these finer points of the law get decided, will it be done by the arbitration panel, ie the high paid lawyers who take turns being plaintiff, defendant, and judge?
This shows how the TPP could've been something great.
Sure, TPP uses the power of governments to impose interest of certain corporations.
In the other hand, TPP gradually weakens national governments by limiting their power over the individual.
Had it been restricted to providing economic cooperation and freedom between countries, it would have been amazing.
If it had hooves and a tail then it could have been a horse.
Seriously, it's difficult to imagine that the process that produced this could have produced anything else. Everything was done in secret. The few admitted to the proceedings were required mafia-style to agree to their generally corrupt direction and total secrecy ahead of time. The later one got in, the fewer scraps one could beg from the head table. The officials responsible are all looking forward to comfortable corporate positions after the whole mess goes into effect.
These observations typically inspire scores of well-informed "this is simply how it is done in these modern times" rejoinders. As if that weren't an even bigger indictment of these modern times. The comparison that comes to mind is NSA-supplied curve constants in cryptography. Sure NSA might not have derived the constants in such a fashion that would leave them able to break cryptography. At this point, however, why would a thinking human being assume their innocence? When rules for the public are created in public the motivations of the rulemakers can be scrutinized by the public, before the public is subject to those rules. Take for example the just-defeated Ohio pot initiative, which was billed as simple legalization but was in fact a permanent pot-growing monopoly for the few farmers who had paid for the advertising. Those rules did not withstand public scrutiny.
From a giant secret proceeding like this, we can be sure that the problems identified so far by EFF, etc. are only the tip of the iceberg.