TISA Agreement Might Outlaw Governments From Mandating Open Source Software In Many Situations

from the what-happens-behind-closed-doors... dept

Since last summer, we've written a couple of times about TISA, the "Trade In Services Agreement" which is another secretive trade agreement involving a ton of countries, which will likely have an impact on the internet. There have been a few leaks of the various negotiating documents, and recently, WikiLeaks released a bunch more, including the e-commerce annex (though, it appears that a similar such copy leaked a few weeks ago as well).

Frankly, there's plenty of stuff in the TISA agreement that I think would actually be good for the internet, including many of the provisions I would normally cheer on if they were being presented and debated openly. We can discuss the merits of various proposals, but only if the discussion is held openly. Unfortunately, like with the TPP and TTIP agreements, all of the details are secret other than through leaks -- and as with some of those other agreements, the parties have agreed to keep all "negotiating" documents totally secret until five years after TISA is agreed upon.

So, even as I think there are ideas within TISA that actually are desirable, I can't see any reason why the people negotiating it can't make those arguments and positions publicly, and allow the public in on the debate. The fact that they're being kept secret, even when they're good ideas, makes me question whether or not they're truly good ideas, or what sorts of stupid poison pills have been slipped in.

But one clause, in particular, found in the leaked version is immensely troubling, opening up the possibility of effectively banning many governments from requiring open source software for certain activities. That's Article 6 in the latest leaked draft, which is text proposed by Japan:
Article 6: ... Transfer or Access to Source Code 1. No Party may require the transfer of, or access to, source code of software owned by a person of another Party, as a condition of providing services related to such software in its territory.

2. For purposes of this Article, software subject to paragraph 1 is limited to mass-market software, and does not include software used for critical infrastructure.
Now, this is nowhere near complete -- it is "bracketed text" which is still being negotiated, and Colombia already opposes the text. Also, some may argue that the second bullet point, which says it only applies to "mass market" software and not "critical infrastructure" software solves some of these issues. Finally, some might argue that this is reasonable if looked at from the standpoint of a commercial provider of proprietary software, who doesn't want to have to cough up its source code to a government just to win a grant.

But, if that language stays, it seems likely that any government that ratifies the agreement could not then do something like mandate governments use open source office products. And that should be a choice those governments can make, if they feel that open source software is worth promoting and provides better security, reliability and/or cost effectiveness when compared to proprietary software. That seems tremendously problematic, unless you're Microsoft.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: negotiations, open source, software, tisa, transparency, ustr


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 4 Jun 2015 @ 5:12pm

    This is probably a dumb question

    Does TPA apply to this agreement?

    Is there an expected completion date for this agreement?

    link to this | view in thread ]

  2. icon
    Mike Masnick (profile), 4 Jun 2015 @ 5:20pm

    Re: This is probably a dumb question

    Does TPA apply to this agreement?


    Yes, it does.

    And, no, not a dumb question. An important question.

    Is there an expected completion date for this agreement?


    The "expected" dates never seem accurate. I'd say "after TPP, but before TTIP."

    link to this | view in thread ]

  3. identicon
    Whoever, 4 Jun 2015 @ 6:05pm

    Re: This is probably a dumb question

    Is there an expected completion date for this agreement?
    When no one is looking.

    link to this | view in thread ]

  4. icon
    NeghVar (profile), 4 Jun 2015 @ 7:59pm

    Linux forbidden?

    So is that section stating that member country's government would be forbidden to use anything linux-based?

    link to this | view in thread ]

  5. icon
    Michael Ward (profile), 4 Jun 2015 @ 9:29pm

    TISA

    Beg pardon? Open source offers the source code. No one need go to huge efforts to get it, as it's freely available. The text of the agreement seems to me to block the "requiring" of access to the source code, which is pretty irrelevant when the code is already available.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 4 Jun 2015 @ 11:26pm

    Here's the thing.

    If you're bidding on, say, fax machine software and you are, say, an intelligence agency, you want to be able to prove that the fax is not listening to your network traffic (or even just your ambient noise!) or you can't afford to have it around anything secret.

    How do you do that, if you can't burn the ROMs yourself with code compiled by yourself? Trust Cisco to do it? After intercepting those packages and tarnishing their name?

    link to this | view in thread ]

  7. icon
    sciamiko (profile), 5 Jun 2015 @ 12:18am

    Security audits

    One place where a government may wish to mandate the acquisition of source code is in security related things like voting machines where they might require an independent, or even public, audit to ensure its integrity.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 5 Jun 2015 @ 1:38am

    Re: TISA

    It's a little bigger than that, I'm afraid.
    The problem could be with governments wanting to mandate or employ FOSS (free and open software) on a systemic level.
    Free is free from IP ownership and licen$ing and open is no convenient backdoors og no easily hidden phoning home/snooping algorithms, while savings to the public could be significant if governments didn't have to pay for software licenses but only for maintenance and services.
    Blocking this option through industry-designed international treaties runs counter to the public interest. Which, incidentally, could be why all this effort is spent on keeping it below the radar

    link to this | view in thread ]

  9. icon
    Richard (profile), 5 Jun 2015 @ 4:09am

    Everything

    For purposes of this Article, software subject to paragraph 1 is limited to mass-market software, and does not include software used for critical infrastructure.

    But - EVERYTHING that a government does can be defined to be critical infrastructure - end of problem.

    If also if the government excludes "mass market software" from a specification then that also solves the problem.

    link to this | view in thread ]

  10. icon
    Mike Masnick (profile), 5 Jun 2015 @ 5:13am

    Re: TISA

    Beg pardon? Open source offers the source code. No one need go to huge efforts to get it, as it's freely available. The text of the agreement seems to me to block the "requiring" of access to the source code, which is pretty irrelevant when the code is already available.

    I think you're missing the point. This is not about the efforts needed to get the source code, but the inability of a government to *mandate* that it only use open source software, because saying so would violate this provision.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 5 Jun 2015 @ 5:29am

    Re: Re: This is probably a dumb question

    My guess is sometimes around midnight on July 4th, 2018. Huge holiday in the USA and the rest of the word will be watching the football worldcup.
    Around midnight because only the people who will vote yes show up at that time.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 5 Jun 2015 @ 5:46am

    Re: Re: TISA

    Maybe I missread it but as I understand it a Gov can use open source only and mandate it. It just isn't allowed to f.e. tell Microsoft that if they don't get the sourcecode of Office then they will use something else.

    But the problem I see is the spyware. Germany for example uses iirc FinFisher made by Gamma. If I understand it correctly and this paragraph stays as is then the oversight commitee isn't allowed to ask for the sourcecode and has to believe whatever it is told. "Can the program upload code to a PC?" -"No" "Can we see the code to check?" -"No" and that could be it.
    Gamma sells the software worldwide so it kind of falls in the mass-market area.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 5 Jun 2015 @ 7:19am

    Re: Re: Re: TISA

    I think your interpretation is correct. I don't see it as anything but a contractual requirement. Thus laws against malware could be applied and enforced, with the caveat that this process cannot be started before the contract is signed.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 5 Jun 2015 @ 7:29am

    Re: Security audits

    Absolutely, but I would call voting machines "critical infrastructure" given its importance for democracy and it would thus fall under article 2 limitations. Malware for non-critical infrastructure can be pretty bad but likely the only real threat in that provision.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 5 Jun 2015 @ 7:45am

    the whole idea is to turn the planet into a giant, profit-making corporation where absolutely everything has to be bought and it has to make money for the owners. and dont think there will be any independent owners of anything because they will either be bought out or forced out (one way or another. leave that to the imagination) check to see how many countries are run by Conservative governments and what their main agendas are!

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 5 Jun 2015 @ 8:12am

    TISA would effectively ban copyleft-licensed software such as anything from the gnu project as well as linux and a host of other gpl'd software.

    link to this | view in thread ]

  17. icon
    Uriel-238 (profile), 5 Jun 2015 @ 11:07am

    In a better world...

    This would be a poison pill.

    Dunno if it could be circumvented by mandating that oversight agencies have access to the code and documentation (whether or not it's officially Open Source).

    Otherwise, it does weaken governments with respect to the private sector who can still choose to mandate open source software, and will probably get better, safer software as a result.

    Unless there's another provision that criminalizes open source generally, this is a step towards decentralization.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 5 Jun 2015 @ 11:39am

    Obviously nobody thought that one through.

    How much of their existing dependent software is of GNU or similar license?

    As I understand it, if the GNU license is invalidated, normal copyright law would still apply. Which would mean that the original composer would own copyright even without having formally applied for one.

    IOW, the respective governments would instantly become liable for billions of dollars worth of software license lawsuits for products they are currently using for: networks, street light systems, power grids, military and space related systems (yep, linux is in space) and probably thousands of applications in sectors I can't even fathom at the moment.

    On paper it would pretty much turn Richard Stallman into a billionaire overnight... On second thought. Do it. I'd like to see it just to watch the aristocracies crap their collective pants: "We owe that fuzzy bearded dude, WHAT?"

    link to this | view in thread ]

  19. icon
    Nop (profile), 6 Jun 2015 @ 1:15am

    Re: Re: Re: TISA

    Your reading sounds reasonable, but 'reasonable' is not how these things work. In practice, it would go like this:
    * Nation mandates that gov't will ONLY use OS software,
    * Microsoft/Oracle/etc run crying to the international Arbitrator (run by them & other multinationals), crying 'Unfair!111!',
    * Arbitrator sues the crap out of Nation on the basis of this agreement, in a similar way to how Australia is being dragged through multiple international legal cases over its plain-packaging tobacco laws.
    * Nation recinds it's OSS laws, or loses gigabuck$$$.

    link to this | view in thread ]

  20. identicon
    AC, 7 Jun 2015 @ 1:10pm

    It it time yet?

    Should we be referring to it as the Corporate Occupational Government now?

    link to this | view in thread ]

  21. identicon
    nonya, 7 Jun 2015 @ 1:25pm

    Re: It it time yet?

    Well we have government of the people by the corporate overlords, for the profits of the richest 1%.

    Instead of government of the people, by the people, for the people as was originally intended.

    What do you think?!

    link to this | view in thread ]

  22. icon
    Mason Wheeler (profile), 8 Jun 2015 @ 8:22am

    Re: Re: Re: Re: TISA

    *sigh* You're probably right. Where's the "sad but true" button?

    link to this | view in thread ]

  23. identicon
    Martin, 8 Jun 2015 @ 10:03pm

    Mass market software

    Hello,
    what about engine ecu software? Is it mass market software or does it belong to the group of critical infrastructure software? What about copyright in this case?
    Greetings!

    link to this | view in thread ]

  24. identicon
    Slovak, 9 Apr 2016 @ 7:28am

    Progress?

    Is any new info ?
    When it will be known ?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.