This prevents a country from forcing somebody like Microsoft or Apple to give up their source code for "inspection" in order to access their market. It also helps to prevent States from demanding and acquiring encryption or other private keys (there's a separate section that also explicitly forbids mandating backdoors be added).
Not everything in the TPP is bad.
Imagine for a second that the US gets tough on GPL violators, and says "well, if you want to sell android devices in the US, you have to produce the GPL source code".
Or something even simpler, along the lines of "products marketed in the US must comply with all licensing obligations of software that it contains".
This one actually happens behind the scenes sometimes right now, though you don't see it.
I believe they would not be allowed to do that under this provision.
It clearly falls into:"1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
3 is no exception:
"3. Nothing in this Article shall preclude: (a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts;"
The GPL and other open source licenses are arguably not commercially negotiated contracts.
So yeah, it doesn't stop private citizens or parties from doing whatever they want. It may stop you from being able to create laws and enforce them at import/export time around actually complying with OSS licenses.
Which is really not great, since it in practice means free reign.
You will never get state supported companies in their own countries to comply with licenses. Generally, your only course of action is to try to enforce elsewhere, or ban import/export.
Here, in the case of the US, you will not be allowed to ban import unless all of that open source software is completely US written.
(since the provision limits requiring "source code of software owned by a person of another Party". Of course, what it means by "software owned by a person of another Party" is also up in the air, since most open source software has many copyright owners , so does it mean complete ownership, partial ownership, or what?)
This is the key issue. It seems like a copyright license to code under GPL would be commercial, in the sense that the parties are exchanging a license for the recipient undertaking the GPL obligations. Whether it's "negotiated" seems like a more difficult question.
One interpretive guide could be to look to the reason for the provision. I suspect the purpose was to allow for source-code escrow agreements in things like enterprise software deals. It would be odd for the enforceability of those provisions to turn on the degree to which the parties "negotiated," so I suspect this will be a low bar.
Rather, I suspect the term "negotiated" is intended to block end-runs around the default rule. Otherwise, governments could obligate copyright holders to burden their code with GPL-like code, e.g., a reg saying you can only provide voting machines if they are based on a modified version of the Linux kernel.
So I think GPL source-code disclosure obligations remain enforceable, absent coercive acts by a government to force parties to undertake those obligations. But this is really speculative.
If the TPP does not impose the same restrictions on contracts between private parties, that is not a benign thing. Private parties includes corporations, and most contests between legal corporations and "individual natural persons" eventually are settled in the interest of the party with more resources, often the legal corporation. Such challenges may play out in the markets or the courts, or it may play out over an even longer period in the legislature by changing the laws regulating or guiding the markets and courts. Thus, hamstringing the State's ability to have laws counter to this section of the TPP actually saves an entity the time and money which might otherwise have been needed to lobby a State's legislative bodies or develop the legal framework by way of a legal process. It fixes the playing field in favor of non State actors. Currently the most powerful non State actors are for profit corporations and privately held companies. This section of the TPP is not at all neutral, if understood to apply only to States. It would then heavily favor corporations and companies, and it would limit State actors and thus their populations. It would favor entities driven by profit motive or the motives of whomever the individuals are that own said private companies. That. Is. Huge. That is a fundamental shift in how, say someone like an American like me, many people might want to govern the communities they are a part of.
In order to distribute software for which you do not own the copyright, you need to have a license. If you do not agree to the license, then it doesn't even get to the stage we are talking about. You can't distribute it anywhere (under international copyright law). If you agree to distribute the source code in order to get a license, then you have agreed to do that. Is that not what is meant by a commercially negotiated contract? There is consideration on both sides (one party gets to use the software, the other party ensures that the source code is available to users of the software).
Either way, I think this wording is terrible and it worries me greatly. However, my layman's view seems to fall on the side of the GPL being OK. I would be grateful for explanations on what I may have misunderstood.
In your opinion how does this affect the ability of governments to pass laws requiring them to use only free and open source software? I think this is incredibly important not only for software freedom but for a properly functioning free society in general (think of voting, financial accounting and digital currencies, etc). Would such use be considered "critical infrastructure" or does this provision preclude passing such laws?
The treaty specifically states a party cannot compel the owner to reveal the source code. Arguably someone violating the GPL or similar license is not the actual owner of the code.
To make a poor analogy, imagine that the law said States can't require people to kneel and kiss a pinky ring in order to enter the State. However, they can require a valid passport, even if in Guilder in order to get a passport you have to kneel and kiss the pinky ring of the King of Guilder.
From my (not a lawyer) reading, it seems to suggest that the government can't forbid the sale of closed-source software.
Also, you don't need a license to use software, which is why the GPL is irrelevant to end users. But I can't see how someone choosing the use GPLed software is doing anything different than downloading the Torque 3d engine, etc. It's freely accessible, but you have to agree to some conditions to legally do certain things with it.
So, just because a piece of legal language can be interpretted a certain way, that does not mean it is likely to prevail in court. In this sort of case, I'd be surprised if any TPP negotiator or representative, or any documentation from the TPP process, will indicate that this language was intended to break the GPL and open source in general.
But that's unrelated to today's GPL situation, because the way the GPL works today is: "I as a copyright holder sue you for copyright infringement because you don't have my permission to my work… by the way, I'll give you permission if you follow these license terms…"
UPDATE--saw you already addressed this at the end of your post. Agreed.
The only way out of this would be to declare car ECUs (or other systems) as "critical infrastructure", the definition of which I'm sure will be subject to many political tug-of-wars once this is implemented.
I haven't studied it closely to see how narrow those meanings are, but it seems like emissions control software might fall under infrastructure (I also guess that mass market is talking more about shrink wrap software than embedded software, you don't use an ECU in the same way that you use a word processor).
When Peru made a law demanding that the state has access to the source code for that exact purpose, Microsoft was upset, because they didn't want to play by those rules, but also doesn't want to lose that market.
Since when is that a good thing?
At present, "Chinese officials have learned to tackle multinational companies, often forcing them to form joint ventures with [Chinese companies] and transfer the latest technology in exchange for current and future business opportunities" [1] which is good for China but bad for America. America wants a treaty with China that will stop them doing that.
Personally I'd be surprised if China went for such a deal, regardless of what happens with TPP.
[1] https://hbr.org/2010/12/china-vs-the-world-whose-technology-...
TPP is designed to give commercial entities equivalent rights to nation states. That's what the 'Investor-State Dispute Settlement' provisions refer to. Under these provisions a commercial entity could 'steal' Open Source code, without the requirement to release the source code. In effect rendering licenses such as the GPL unenforceable. At the very least it may cause a dilution and hinder the growth of the Open Source sector. Now I wonder whose interests that that would advance and who helped to write such provisions.
ISDS is intended to provide standing for a company from one country to request relief from the government of another country. Without ISDS, the Vietnamese national government could simply take whatever U.S. property is located in Vietnam, and the U.S. company would have no recourse.
So when it says "No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory," Party refers to a government.
It means other countries can not have the software they buy inspected for NSA (or whoever else) planted backdoors.
It also means that countries can not ask for source code in a guarantee that the software will remain useful if the company goes away.
What it does not mean is that those countries will stop pirating software. There's no mechanism for enforcing that.
So a government can still choose to use open source software, and have whoever do whatever consulting on that software, they just can't refuse to allow a proprietary vendor to offer their product for sale.
boom, encryption done wrong!!
Look at PGP, source code is open. Nobody can crack it yet.
But DO we know if Apple is really on "our" side or are they just marketing it? Well, if our governments could see into the code. They could tell us. And if you tell me. Well there could be some people working for the government that could leak the code. Well then I tell you, just don't hire people who worked for a company for many years as their lead [[something]].
> Not everything in the TPP is bad. I go by the rule. If it is a big thing and will alter a lot of stuff. It primarily is bad, very very bad. And they got to convince they are doing good.
They could but they never would.
I prefer the more open options.
"No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
Or am I misinterpreting that? Does this preclude a government from requiring the use of open source software in some cases? IANAL, but I don't think it precludes government USE of OSS, but I think it means they can not have an open source requirement in a bidding process.
On another note, what IS the purpose of this language in TPP if not a direct attack on open source software?
With all the secrecy one has to try and determine who might have written these clauses (USA multinational corporations presumably) and what the clauses are supposed to achieve (higher profits).
Preventing countries from freely moving away from the strongest capitalist models of software production seems like something that's likely to appear in TPP & TTIP; anything socialist also seems like it's going to be a target.
> [Nothing in this Article shall preclude] the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts
It seems like this wouldn't affect licensing at all, given that licensing is supposedly a contract. Am I missing something?
And that's about it.
It seems like it would also apply to new or existing laws requiring the disclosure of code inside proprietary voting machines, medical equipment, and of course, the Volkswagon ECU. Then again, could those things be considered "critical infrastructure"?
The Department of Homeland Security considers the entire "Information Technology sector" as "critical infrastructure":
- probably not as a blanket precondition to allow them to sell cars,
- probably yes during the course of a trial if their cars were measured to have too strong emissions.
Not a lawyer either.
Extrapolating this some more, might we even see a pattern emerging where some kind of clever legal offshoring could allow domestic companies to get a stronger position vs their own governments?
a) they would have been less likely to deliberately subvert the emissions tests in the code or
b) they were more likely to have been found out earlier.
This is a rule which basically says that governments cannot impose laws that say "thou shalt not sell closed-source mass-market software in this country".
It doesn't translate to "thou shalt sell nothing but closed-source software, and may do so even if it is derived from a copyrighted work whose holders forbid that".
It's a good rule because it reduces government interference in business by a modicum.
As products grow in complexity and corporation grow in power the only way to secure safety of the public would be to prevent corporations from profiting from secrecy.
I suppose those are usually delivered under a "negotiated contract."
Sure, TPP uses the power of governments to impose interest of certain corporations.
In the other hand, TPP gradually weakens national governments by limiting their power over the individual.
Had it been restricted to providing economic cooperation and freedom between countries, it would have been amazing.
Seriously, it's difficult to imagine that the process that produced this could have produced anything else. Everything was done in secret. The few admitted to the proceedings were required mafia-style to agree to their generally corrupt direction and total secrecy ahead of time. The later one got in, the fewer scraps one could beg from the head table. The officials responsible are all looking forward to comfortable corporate positions after the whole mess goes into effect.
These observations typically inspire scores of well-informed "this is simply how it is done in these modern times" rejoinders. As if that weren't an even bigger indictment of these modern times. The comparison that comes to mind is NSA-supplied curve constants in cryptography. Sure NSA might not have derived the constants in such a fashion that would leave them able to break cryptography. At this point, however, why would a thinking human being assume their innocence? When rules for the public are created in public the motivations of the rulemakers can be scrutinized by the public, before the public is subject to those rules. Take for example the just-defeated Ohio pot initiative, which was billed as simple legalization but was in fact a permanent pot-growing monopoly for the few farmers who had paid for the advertising. Those rules did not withstand public scrutiny.
From a giant secret proceeding like this, we can be sure that the problems identified so far by EFF, etc. are only the tip of the iceberg.
This is about freedom and the right to self-determination of governments/citizens (and thus also about democracy).
I would like to point out that our patent system is basically something like this: We as a society will protect your intellectual property rights for your machine only if you show us your blueprints.
Sure but, right or wrong, the general consensus of developed countries is that software is protected even if it is closed source. (That is, they have decided that patent protection requires disclosure but copyright protection does not.) A few other countries may disagree, but the whole point of TPP is to harmonize disagreements because (it is claimed) the frictions they introduce are worse than the micro-optimizations that individual states make.
Incidentally, in practice these sorts of disclosure agreements are used by states like China for protectionist reasons, not as part of some open-source ideal.
You lose control over your own property. That's enough. Similar to police officers entering your home without a warrant.
And these non-capitalist countries are?
All countries are capitalist. They may claim otherwise, but if the party that paid for the means of production makes a claim on the value of the produced goods, then they are capitalist. It doesn't matter if the party that provided the capital was a private citizens or a government. If the workers that produced the goods don't have sole claim on the value of what they produced, the system is capitalist. The only difference in the USSR, Maoist China or even North Korea is that the state tried to monopolize capital.
I will just put one copy of windows in a powerplant. Somewhere.
It will certainly make it a lot easier for VW lobbyists to kill legislation intended to regulate them this way.
It isn't a 'secret court':
* 9.23.1 Documents from the complainant are submitted and they should "make them available to the public"
* 9.23.2 "The tribunal shall conduct hearings open to the public"
Of course there is a section (9.23.4) detailing that complainants can withold any 'protected information' so perhaps in practice the process will not be as transparent as proponents would have us believe.
There is nothing about 'damages equal to their lost profits':
* Awards (9.28.4) "the only damages that may be awarded are those that the claimant has proven were sustained in the attempt to make the investment, provided that the claimant also proves that the breach was the proximate cause of those damages. If the tribunal determines such claims to be frivolous, the tribunal may award to the respondent reasonable costs and attorney's fees"
I think there is much that's disagreeable about the TPP but detractors relying on falsehoods opens TPP opposition up to easy attacks relying on the fallacist's fallacy.
[1] http://www.mfat.govt.nz/downloads/trade-agreement/transpacif...
But if, for instance, VW cars were measured to have too high emissions, I see nothing in this article that would prevent justice from demanding access to the source code to audit it.
Alas I would absolutely prefer states to mandate this sort of source code to be open-sourced, but I think that makes me stand firmly in the minority.
It's not so much a question of regulation as establishing a truer cost for what is produced/consumed. If the above is correct the TPP will basically mandate obscurity on (again this particular issue as an example) that indirectly impacts everyone who must continue to exist on this planet.
I'm not sure I'd want a US company to supply hardware/OS to schools, and not be able to stipulate source code availability in the contract.
I'm not sure if this is the kind of things that this makes illegal -- but I wouldn't be surprised if it is.
The TPP is a government signing away its sovereignty and duty to protect its citizens, for both will take second place to expected future profits.
However, given the contents of the treaty, I don't think this exclusion is something that really bothers China.
China wanted in on the WTO bad. Real bad. China doesn't really care about the TPP.
> The TPP means that America will write the rules of the road in the 21st century.
http://in.reuters.com/article/2015/11/05/trade-tpp-idINKCN0S...
It very much sounds like they’re treating the rest of the world as colonies.
He really seems to think that the TPP is a key plank in shoring up American power in Asia.
Which, if it were a better treaty, it might.
True. There are two problems. First, this violation is remedied by an action. Normally, that action for an order to comply with the license (not just "stop using it and pay damages"). There is a question whether a court would legally be able to order such a thing anymore.
B. As you have identified, "Is that not what is meant by a commercially negotiated contract? "
Generally, a commercially negotiated contract is a contract explicitly negotiated between two parties. If i have received GPL software, i have not negotiated a contract with the author or anyone else.
In every case, the use of the license (and subsequent release of the source code) is a choice. Of course, without choosing to follow the license, you can't distribute the software. As far as I understand, this is by design and the reason why the GPL is so robust.
I also think this is a negotiated license because the GPL specifically says that you don't have to accept it. It is a written offer for a license. Sometimes, if you contact the copyright holder you can get a different license. Usually now. Just because the offer is made to everybody, doesn't mean it is not a negotiation (I don't think... but that's probably where knowledge of the law would come in handy ;-) ).
What does it matter that a state cannot compel a corporation to reveal its source code as a condition of distribution? The key is that the recipient of the distribution cannot make use of it without a license, pursuant to international copyright law and treaties. And you can indeed sue them for infringing on this, under copyright law, can you not? As a condition of use, they must also OFFER TO distribute the source code of any derivatives.
No one is forcing the actual distribution of the source code of derivatives. But if this distribution does not happen, the recipient CAN be sued for copyright infringement, lacking a license, no?
"1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
It does not say no party can compel an owner, it says no party can compel access to the source code owned by person of another party. That is not "no party can compel the owner" it's "no party can compel access to source code that meets certain conditions".
Period. There is no "nobody can compel the owner" part in there that i see.
The only reference to ownership is around a pre-req to compulsion. IE if you break it down, it says:
"unless the software that meets the following conditions, you can't compel access to code
Conditions:
A. It's owned by a citizen of the party
or
B. It's not being done as a condition for the import, distribution, sale, or use of such software, or products containing such software, in its territory"
It would essentially mean software authors could not enforce their copyright against infringers in other party nations if proving infringement required access to the author's or infringer's source code.
Of which part.
I think the part about whether you can compel an owner is cut and dry. It says nothing about compelling owners. Period.
The part about countries being able to make laws about import/export, also very cut and dry. This is very clearly covered.
The part about countries not being able to have courts order source access, yes, is a broad interpretation, but honestly, not inconsistent with how this kind of wording tends to be read by courts.
Even if you cut the last part out, the other two are still very very worrying.
I still don't see how the State would be involved here though...
IE If i get a federal judge to order source code access, do you think I did it, or instead that a party (IE US) just compelled access?
(Hint: The law mostly says the latter ;p. That's why i can get law enforcement to enforce it. Because it's an order of the government, not an order of me)
Now, whether it meets the other conditions for the "no compulsion" part, that depends on the circumstances.
I was going to argue that, but after thinking about it realized I was making the incorrect assumption that the owner of the source code was the only one who could provide said code. Hence my incorrect interpretation.
> The part about countries being able to make laws about import/export, also very cut and dry. This is very clearly covered.
Not challenging that.
> The part about countries not being able to have courts order source access, yes, is a broad interpretation, but honestly, not inconsistent with how this kind of wording tends to be read by courts.
If that is the case, I don't see how any state with a decent technology sector would agree to it, because it would allow party states to basically set themselves up as piracy safe havens.
> Even if you cut the last part out, the other two are still very very worrying.
I don't think the first is worrying at all without the third. To try to extend the meaning of the first to include legal actions taken in copyright infringement cases would be tantamount to scuppering the very protections other parts of the same treaty are trying to enhance.
So you can't (seemingly) require FOSS to access the market at all, but you could compel someone to reveal source for any number of other reasons.
[1] http://www.gnu.org/licenses/200104_seminar.html
Also, being slapped on is not a problem for a contract. We interact with adhesion contracts every day that are slapped on to things. When you accept a valet ticket for parking it has a contract on the back that you are assenting to by using the service. No negotiation occurs and adhesion contracts are valid contracts.
Since "commercially negotiated" is not a term of art, why do we think the GPL is not one?
CoAs require a weaker party, who has no leverage, and it seemingly need to be for a necessity (as part of the "no choice but to agree").
The GPL is an offer, but in no way precludes authors from accepting other terms for use of their work.
http://www.projectcensored.org/the-global-1-exposing-the-tra...
It's been going on a long time. General Butler, who got Medal of Honor twice & led many wars, straight up said in his confession (War is a Racket) they hit countries to enforce American capitalism while pretending it was about liberty, etc. I can also direct you to some resources covering how much people in Iraq and Afghanistan appreciate how America doesn't do imperialism any more. Oh, wait, I don't know any...
This gradient of power reminds of the colony-empire relationship of one entity having might over another. (though not nearly comparable, I used it as hyperbole)
In a good treaty both the US and any partners – like Japan, Singapore, or New Zealand – would get the exact same rights.
These markets are not part of the free trade deal and not subject to ISDS.
From a pure financial standpoint, there's no possible way that it isn't cheaper to just measure real emissions than attempt some kind of software analysis for every version of every vehicle on the market.
Furthermore, an agency inspecting source code has absolutely no way to tell whether or not that the source they've been given is actually what's running on a car.
Similar restrictions would severely cripple innovation in cars. Just consider Tesla's autopilot software.
Is there some kind of formal engineering practice they require manufacturers to adhere to?
How are their staff qualified to read the vast variety of languages out there?
I cite these as immediate, obvious roadblocks to verification, regulation, because they're easy and many PLs are something that the vast majority of the software industry are not used to.
If the binaries don't match, then whatever certification the device needs automatically fails and it cannot be sold.
What that means is that later on, if "Something Bad" happens, you are in a position to be certain of what code was running. This makes investigation much easier as there is no chance that the original source code cannot be found when needed later. This does get a bit more complicated with software updates, especially OTA updates.
- Are governments and other regulatory agents going to formally verify compilers?
- Are these agencies going to prevent software from being written that doesn't conform to their rigid standards?
- Many compilers, technologies in use today aren't perfectly deterministic. Optimizations, flags, etc. can all dramatically affect an emitted binary.
- What if I want to use a completely different architecture than a regulatory agency is used to? Am I just not allowed to?
And as you mentioned, updates.
With the ability to do OTA or any other updates, software becomes almost impossible to identify or deal with.
It's actually the same problem: an extremely complex object is being constructed, a critical failure within which could leave many people nearby injured or dead.
The solution is actually somewhat ingenious: License a small group of people to go analyze such things, let them organize themselves independently, but require them to sign off on the design. It turns out that with their license and livelihood on the line, enough people aren't willing to sign off on terrible, shoddy crap that the system mostly works.
Perhaps it's time that software grew up and became something closer to a real engineering discipline?
Filled with red tape, inaccessibility, limitations?
No thanks. I think we've done a very decent job of self-regulation, licensure and review have fared well for most* life-threatening software systems.
When you have repeatable conditions - software in the tested product can detec that and act differently in these conditions.
That's exactly what happened in VW case.
It's nontrivial to fix the test so that it is still repeatable and hard to fool by company determined to fool it.
I agree, it's not trivial. But, it's not hard either.
It's like weighing someone, you don't need to see their feet, but if you can't then you can't tell if they have both feet on the scale.
I'm not familiar with exactly what software regulations exist today for the auto industry, but certifications for repeatable software processes (including build and deploy) are nothing new.
The point is that we should trust the industry to do the right thing, but also maintain our ability to double check. Until something like the VW defeat scandal happens it doesn't make sense to invest the resources needed to really dig in.
Updates and cheating can be detected by requiring service stations to pull software from randomly chosen vehicles during annual inspections. In the US we could use the standard highway funding threats to require states to enact such laws.
(unless (car-radio-playing?) ; probably not the owner driving
(fake-emissions))