Like this article? rabble is reader-supported journalism. Chip in to keep stories like these coming.
Problems? Oh, the Trans-Pacific Partnership has a few! Read about them all in the new series The Trouble with the TPP.
Yesterday’s Trouble with the TPP post examined some of the uncertainty created by the surprising e-commerce provision that involves restrictions on source code disclosures. KEI notes that governments have not been shy about requiring source code disclosures in other contexts, such as competition worries.
Yet this rule will establish new restrictions, creating concerns about the implications in areas such as privacy. For example, security and Internet experts have been sounding the alarm on the risks associated with exploited wifi routers and pointing to source code disclosures as potential solution.
Dave Farber, former Chief Technologist of the Federal Communications Commission, warns:
“Today, there are hundreds of millions of Wi-Fi routers in homes and offices around the globe with severe software flaws that can be easily exploited by criminals. While we agree with the FCC that the rules governing these devices must be updated, we believe the proposed rules laid out by the agency lack critical accountability for the device manufacturers.”
How to address the issue?
Experts such as Vint Cerf, one of the founders of the Internet, recommend several precautions including source code disclosure:
“Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio must make public the full and maintained source code for the device driver and radio firmware in order to maintain FCC compliance. The source code should be in a buildable, change-controlled source code repository on the Internet, available for review and improvement by all.”
The TPP may create a barrier for this solution. If companies are unwilling to voluntarily release the source code, TPP governments will be restricted in their ability to mandate disclosure (absent a claim that all wifi routers are now critical infrastructure, a definition that renders the term largely meaningless).
The source code provision is unprecedented in an established trade agreement, fostering new worries about how it may limit the available responses to a growing privacy and security threat.
This piece originally appeared on Michael Geist’s blog and is reprinted with permission.
Photo: flickr/ Friedemann W.-W.