TPP may create a barrier to source code disclosure, risking privacy

Photo: flickr/ Friedemann W.-W.

Like this article? rabble is reader-supported journalism. Chip in to keep stories like these coming.

Problems? Oh, the Trans-Pacific Partnership has a few! Read about them all in the new series The Trouble with the TPP.

Yesterday's Trouble with the TPP post examined some of the uncertainty created by the surprising e-commerce provision that involves restrictions on source code disclosures. KEI notes that governments have not been shy about requiring source code disclosures in other contexts, such as competition worries.

Yet this rule will establish new restrictions, creating concerns about the implications in areas such as privacy. For example, security and Internet experts have been sounding the alarm on the risks associated with exploited wifi routers and pointing to source code disclosures as potential solution.

Dave Farber, former Chief Technologist of the Federal Communications Commission, warns:

"Today, there are hundreds of millions of Wi-Fi routers in homes and offices around the globe with severe software flaws that can be easily exploited by criminals. While we agree with the FCC that the rules governing these devices must be updated, we believe the proposed rules laid out by the agency lack critical accountability for the device manufacturers."

How to address the issue?

Experts such as Vint Cerf, one of the founders of the Internet, recommend several precautions including source code disclosure:

"Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio must make public the full and maintained source code for the device driver and radio firmware in order to maintain FCC compliance. The source code should be in a buildable, change-controlled source code repository on the Internet, available for review and improvement by all."

The TPP may create a barrier for this solution. If companies are unwilling to voluntarily release the source code, TPP governments will be restricted in their ability to mandate disclosure (absent a claim that all wifi routers are now critical infrastructure, a definition that renders the term largely meaningless).

The source code provision is unprecedented in an established trade agreement, fostering new worries about how it may limit the available responses to a growing privacy and security threat.

This piece originally appeared on Michael Geist's blog and is reprinted with permission.

Photo: flickr/ Friedemann W.-W.

 

Further Reading

Thank you for reading this story...

More people are reading rabble.ca than ever and unlike many news organizations, we have never put up a paywall – at rabble we’ve always believed in making our reporting and analysis free to all. But media isn’t free to produce. rabble’s total budget is likely less than what big corporate media spend on photocopying (we kid you not!) and we do not have any major foundation, sponsor or angel investor. Our only supporters are people and organizations -- like you. This is why we need your help.

If everyone who visits rabble and likes it chipped in a couple of dollars per month, our future would be much more secure and we could do much more: like the things our readers tell us they want to see more of: more staff reporters and more work to complete the upgrade of our website.

We’re asking if you could make a donation, right now, to set rabble on solid footing in 2017.

Make a donation.Become a monthly supporter.

Comments

We welcome your comments! rabble.ca embraces a pro-human rights, pro-feminist, anti-racist, queer-positive, anti-imperialist and pro-labour stance, and encourages discussions which develop progressive thought. Our full comment policy can be found here. Learn more about Disqus on rabble.ca and your privacy here. Please keep in mind:

Do

  • Tell the truth and avoid rumours.
  • Add context and background.
  • Report typos and logical fallacies.
  • Be respectful.
  • Respect copyright - link to articles.
  • Stay focused. Bring in-depth commentary to our discussion forum, babble.

Don't

  • Use oppressive/offensive language.
  • Libel or defame.
  • Bully or troll.
  • Post spam.
  • Engage trolls. Flag suspect activity instead.