TISA Agreement Might Outlaw Governments From Mandating Open Source Software In Many Situations
from the what-happens-behind-closed-doors... dept
Since last summer, we've written a couple of times about TISA, the "Trade In Services Agreement" which is another secretive trade agreement involving a ton of countries, which will likely have an impact on the internet. There have been a few leaks of the various negotiating documents, and recently, WikiLeaks released a bunch more, including the e-commerce annex (though, it appears that a similar such copy leaked a few weeks ago as well).Frankly, there's plenty of stuff in the TISA agreement that I think would actually be good for the internet, including many of the provisions I would normally cheer on if they were being presented and debated openly. We can discuss the merits of various proposals, but only if the discussion is held openly. Unfortunately, like with the TPP and TTIP agreements, all of the details are secret other than through leaks -- and as with some of those other agreements, the parties have agreed to keep all "negotiating" documents totally secret until five years after TISA is agreed upon.
So, even as I think there are ideas within TISA that actually are desirable, I can't see any reason why the people negotiating it can't make those arguments and positions publicly, and allow the public in on the debate. The fact that they're being kept secret, even when they're good ideas, makes me question whether or not they're truly good ideas, or what sorts of stupid poison pills have been slipped in.
But one clause, in particular, found in the leaked version is immensely troubling, opening up the possibility of effectively banning many governments from requiring open source software for certain activities. That's Article 6 in the latest leaked draft, which is text proposed by Japan:
Article 6: ... Transfer or Access to Source Code 1. No Party may require the transfer of, or access to, source code of software owned by a person of another Party, as a condition of providing services related to such software in its territory.Now, this is nowhere near complete -- it is "bracketed text" which is still being negotiated, and Colombia already opposes the text. Also, some may argue that the second bullet point, which says it only applies to "mass market" software and not "critical infrastructure" software solves some of these issues. Finally, some might argue that this is reasonable if looked at from the standpoint of a commercial provider of proprietary software, who doesn't want to have to cough up its source code to a government just to win a grant.
2. For purposes of this Article, software subject to paragraph 1 is limited to mass-market software, and does not include software used for critical infrastructure.
But, if that language stays, it seems likely that any government that ratifies the agreement could not then do something like mandate governments use open source office products. And that should be a choice those governments can make, if they feel that open source software is worth promoting and provides better security, reliability and/or cost effectiveness when compared to proprietary software. That seems tremendously problematic, unless you're Microsoft.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: negotiations, open source, software, tisa, transparency, ustr
Reader Comments
Subscribe: RSS
View by: Time | Thread
This is probably a dumb question
Is there an expected completion date for this agreement?
[ link to this | view in thread ]
Re: This is probably a dumb question
Yes, it does.
And, no, not a dumb question. An important question.
Is there an expected completion date for this agreement?
The "expected" dates never seem accurate. I'd say "after TPP, but before TTIP."
[ link to this | view in thread ]
Re: This is probably a dumb question
[ link to this | view in thread ]
Linux forbidden?
[ link to this | view in thread ]
TISA
[ link to this | view in thread ]
If you're bidding on, say, fax machine software and you are, say, an intelligence agency, you want to be able to prove that the fax is not listening to your network traffic (or even just your ambient noise!) or you can't afford to have it around anything secret.
How do you do that, if you can't burn the ROMs yourself with code compiled by yourself? Trust Cisco to do it? After intercepting those packages and tarnishing their name?
[ link to this | view in thread ]
Security audits
[ link to this | view in thread ]
Re: TISA
The problem could be with governments wanting to mandate or employ FOSS (free and open software) on a systemic level.
Free is free from IP ownership and licen$ing and open is no convenient backdoors og no easily hidden phoning home/snooping algorithms, while savings to the public could be significant if governments didn't have to pay for software licenses but only for maintenance and services.
Blocking this option through industry-designed international treaties runs counter to the public interest. Which, incidentally, could be why all this effort is spent on keeping it below the radar
[ link to this | view in thread ]
Everything
But - EVERYTHING that a government does can be defined to be critical infrastructure - end of problem.
If also if the government excludes "mass market software" from a specification then that also solves the problem.
[ link to this | view in thread ]
Re: TISA
I think you're missing the point. This is not about the efforts needed to get the source code, but the inability of a government to *mandate* that it only use open source software, because saying so would violate this provision.
[ link to this | view in thread ]
Re: Re: This is probably a dumb question
Around midnight because only the people who will vote yes show up at that time.
[ link to this | view in thread ]
Re: Re: TISA
But the problem I see is the spyware. Germany for example uses iirc FinFisher made by Gamma. If I understand it correctly and this paragraph stays as is then the oversight commitee isn't allowed to ask for the sourcecode and has to believe whatever it is told. "Can the program upload code to a PC?" -"No" "Can we see the code to check?" -"No" and that could be it.
Gamma sells the software worldwide so it kind of falls in the mass-market area.
[ link to this | view in thread ]
Re: Re: Re: TISA
[ link to this | view in thread ]
Re: Security audits
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
In a better world...
Dunno if it could be circumvented by mandating that oversight agencies have access to the code and documentation (whether or not it's officially Open Source).
Otherwise, it does weaken governments with respect to the private sector who can still choose to mandate open source software, and will probably get better, safer software as a result.
Unless there's another provision that criminalizes open source generally, this is a step towards decentralization.
[ link to this | view in thread ]
Obviously nobody thought that one through.
As I understand it, if the GNU license is invalidated, normal copyright law would still apply. Which would mean that the original composer would own copyright even without having formally applied for one.
IOW, the respective governments would instantly become liable for billions of dollars worth of software license lawsuits for products they are currently using for: networks, street light systems, power grids, military and space related systems (yep, linux is in space) and probably thousands of applications in sectors I can't even fathom at the moment.
On paper it would pretty much turn Richard Stallman into a billionaire overnight... On second thought. Do it. I'd like to see it just to watch the aristocracies crap their collective pants: "We owe that fuzzy bearded dude, WHAT?"
[ link to this | view in thread ]
Re: Re: Re: TISA
* Nation mandates that gov't will ONLY use OS software,
* Microsoft/Oracle/etc run crying to the international Arbitrator (run by them & other multinationals), crying 'Unfair!111!',
* Arbitrator sues the crap out of Nation on the basis of this agreement, in a similar way to how Australia is being dragged through multiple international legal cases over its plain-packaging tobacco laws.
* Nation recinds it's OSS laws, or loses gigabuck$$$.
[ link to this | view in thread ]
It it time yet?
[ link to this | view in thread ]
Re: It it time yet?
Instead of government of the people, by the people, for the people as was originally intended.
What do you think?!
[ link to this | view in thread ]
Re: Re: Re: Re: TISA
[ link to this | view in thread ]
Mass market software
what about engine ecu software? Is it mass market software or does it belong to the group of critical infrastructure software? What about copyright in this case?
Greetings!
[ link to this | view in thread ]
Progress?
When it will be known ?
[ link to this | view in thread ]