Confusing source code rule in TPP creates long-term risks

Photo: flickr/ Christiaan Colen

Like this article? rabble is reader-supported journalism. Chip in to keep stories like these coming.

Problems? Oh, the Trans-Pacific Partnership has a few! Read about them all in the new series The Trouble with the TPP.

Another Trouble with the TPP is its foray into the software industry. One of the more surprising provisions in the TPP's e-commerce chapter was the inclusion of a restriction on mandated source code disclosure. Article 14.17 states:

"No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."

The provision is subject to some limitations. For example, it is "limited to mass market software or products containing such software and does not include software used for critical infrastructure." The source code disclosure rule is not found in any other current Canadian trade agreement, though leaked documents indicate that it does appear in a draft of the Trade in Services Agreement (TISA).

The provision has generated considerable uncertainty since key aspects are undefined. For instance, what is "mass market software or products containing such software"? There is no definition in the TPP nor a generally accepted definition for mass-market software or products, meaning it could include software sold to businesses or software in mass market products.

The inclusion of "software used for critical infrastructure" is similarly open to interpretation, raising the possibility of conflicts between mass market software and critical infrastructure software. Indeed, Stewart Baker, the former general counsel at the NSA, has noted:

"the ban doesn't apply to code run on critical infrastructure, which will make for endless disputes, since there's very little mass market software that doesn't run on computers involved in critical infrastructure."

Baker's concerns extend beyond the likelihood of confusion and disputes, as he also notes the long-term risks of including this provision in a trade deal:

"Right now, this is a measure U.S. software companies want. That's because we make most of the mass market software in the market. But that's likely to change, especially given the ease of entry into smart phone app markets. We're going to want protection against the introduction of malware into such software. The question of source code inspection is a tough one. If other countries can inspect U.S. source code, they'll find it easier to spot security flaws, so the U.S. government would like to keep other countries from doing that. But I doubt U.S. security agencies are comfortable letting Vietnam write apps that end up on the phones of their employees without the ability to inspect the source. In short, this is a tough policy call that is likely to look quite different in five years than it does today."

Confusion about the scope of the provision and worries about what it might mean longer term are just two of the concerns with the source code rule in the TPP. One more that brings in one of the founders of the Internet in tomorrow's post.

This piece originally appeared on Michael Geist's blog and is reprinted with permission.

Photo: flickr/ Christiaan Colen

Further Reading

Thank you for reading this story...

More people are reading rabble.ca than ever and unlike many news organizations, we have never put up a paywall – at rabble we’ve always believed in making our reporting and analysis free to all. But media isn’t free to produce. rabble’s total budget is likely less than what big corporate media spend on photocopying (we kid you not!) and we do not have any major foundation, sponsor or angel investor. Our only supporters are people and organizations -- like you. This is why we need your help.

If everyone who visits rabble and likes it chipped in a couple of dollars per month, our future would be much more secure and we could do much more: like the things our readers tell us they want to see more of: more staff reporters and more work to complete the upgrade of our website.

We’re asking if you could make a donation, right now, to set rabble on solid footing in 2017.

Make a donation.Become a monthly supporter.

Comments

We welcome your comments! rabble.ca embraces a pro-human rights, pro-feminist, anti-racist, queer-positive, anti-imperialist and pro-labour stance, and encourages discussions which develop progressive thought. Our full comment policy can be found here. Learn more about Disqus on rabble.ca and your privacy here. Please keep in mind:

Do

  • Tell the truth and avoid rumours.
  • Add context and background.
  • Report typos and logical fallacies.
  • Be respectful.
  • Respect copyright - link to articles.
  • Stay focused. Bring in-depth commentary to our discussion forum, babble.

Don't

  • Use oppressive/offensive language.
  • Libel or defame.
  • Bully or troll.
  • Post spam.
  • Engage trolls. Flag suspect activity instead.