TISA Agreement Might Outlaw Governments From Mandating Open Source Software In Many Situations
from the what-happens-behind-closed-doors... dept
Since last summer, we’ve written a couple of times about TISA, the “Trade In Services Agreement” which is another secretive trade agreement involving a ton of countries, which will likely have an impact on the internet. There have been a few leaks of the various negotiating documents, and recently, WikiLeaks released a bunch more, including the e-commerce annex (though, it appears that a similar such copy leaked a few weeks ago as well).
Frankly, there’s plenty of stuff in the TISA agreement that I think would actually be good for the internet, including many of the provisions I would normally cheer on if they were being presented and debated openly. We can discuss the merits of various proposals, but only if the discussion is held openly. Unfortunately, like with the TPP and TTIP agreements, all of the details are secret other than through leaks — and as with some of those other agreements, the parties have agreed to keep all “negotiating” documents totally secret until five years after TISA is agreed upon.
So, even as I think there are ideas within TISA that actually are desirable, I can’t see any reason why the people negotiating it can’t make those arguments and positions publicly, and allow the public in on the debate. The fact that they’re being kept secret, even when they’re good ideas, makes me question whether or not they’re truly good ideas, or what sorts of stupid poison pills have been slipped in.
But one clause, in particular, found in the leaked version is immensely troubling, opening up the possibility of effectively banning many governments from requiring open source software for certain activities. That’s Article 6 in the latest leaked draft, which is text proposed by Japan:
Article 6: … Transfer or Access to Source Code 1. No Party may require the transfer of, or access to, source code of software owned by a person of another Party, as a condition of providing services related to such software in its territory.
2. For purposes of this Article, software subject to paragraph 1 is limited to mass-market software, and does not include software used for critical infrastructure.
Now, this is nowhere near complete — it is “bracketed text” which is still being negotiated, and Colombia already opposes the text. Also, some may argue that the second bullet point, which says it only applies to “mass market” software and not “critical infrastructure” software solves some of these issues. Finally, some might argue that this is reasonable if looked at from the standpoint of a commercial provider of proprietary software, who doesn’t want to have to cough up its source code to a government just to win a grant.
But, if that language stays, it seems likely that any government that ratifies the agreement could not then do something like mandate governments use open source office products. And that should be a choice those governments can make, if they feel that open source software is worth promoting and provides better security, reliability and/or cost effectiveness when compared to proprietary software. That seems tremendously problematic, unless you’re Microsoft.
Filed Under: negotiations, open source, software, tisa, transparency, ustr
Comments on “TISA Agreement Might Outlaw Governments From Mandating Open Source Software In Many Situations”
This is probably a dumb question
Does TPA apply to this agreement?
Is there an expected completion date for this agreement?
Re: This is probably a dumb question
Does TPA apply to this agreement?
Yes, it does.
And, no, not a dumb question. An important question.
Is there an expected completion date for this agreement?
The “expected” dates never seem accurate. I’d say “after TPP, but before TTIP.”
Re: This is probably a dumb question
When no one is looking.
Re: Re: This is probably a dumb question
My guess is sometimes around midnight on July 4th, 2018. Huge holiday in the USA and the rest of the word will be watching the football worldcup.
Around midnight because only the people who will vote yes show up at that time.
Linux forbidden?
So is that section stating that member country’s government would be forbidden to use anything linux-based?
TISA
Beg pardon? Open source offers the source code. No one need go to huge efforts to get it, as it’s freely available. The text of the agreement seems to me to block the “requiring” of access to the source code, which is pretty irrelevant when the code is already available.
Re: TISA
It’s a little bigger than that, I’m afraid.
The problem could be with governments wanting to mandate or employ FOSS (free and open software) on a systemic level.
Free is free from IP ownership and licen$ing and open is no convenient backdoors og no easily hidden phoning home/snooping algorithms, while savings to the public could be significant if governments didn’t have to pay for software licenses but only for maintenance and services.
Blocking this option through industry-designed international treaties runs counter to the public interest. Which, incidentally, could be why all this effort is spent on keeping it below the radar
Re: TISA
Beg pardon? Open source offers the source code. No one need go to huge efforts to get it, as it’s freely available. The text of the agreement seems to me to block the “requiring” of access to the source code, which is pretty irrelevant when the code is already available.
I think you’re missing the point. This is not about the efforts needed to get the source code, but the inability of a government to mandate that it only use open source software, because saying so would violate this provision.
Re: Re: TISA
Maybe I missread it but as I understand it a Gov can use open source only and mandate it. It just isn’t allowed to f.e. tell Microsoft that if they don’t get the sourcecode of Office then they will use something else.
But the problem I see is the spyware. Germany for example uses iirc FinFisher made by Gamma. If I understand it correctly and this paragraph stays as is then the oversight commitee isn’t allowed to ask for the sourcecode and has to believe whatever it is told. “Can the program upload code to a PC?” -“No” “Can we see the code to check?” -“No” and that could be it.
Gamma sells the software worldwide so it kind of falls in the mass-market area.
Re: Re: Re: TISA
I think your interpretation is correct. I don’t see it as anything but a contractual requirement. Thus laws against malware could be applied and enforced, with the caveat that this process cannot be started before the contract is signed.
Re: Re: Re: TISA
Your reading sounds reasonable, but ‘reasonable’ is not how these things work. In practice, it would go like this:
* Nation mandates that gov’t will ONLY use OS software,
* Microsoft/Oracle/etc run crying to the international Arbitrator (run by them & other multinationals), crying ‘Unfair!111!’,
* Arbitrator sues the crap out of Nation on the basis of this agreement, in a similar way to how Australia is being dragged through multiple international legal cases over its plain-packaging tobacco laws.
* Nation recinds it’s OSS laws, or loses gigabuck$$$.
Re: Re: Re:2 TISA
sigh You’re probably right. Where’s the “sad but true” button?
Here’s the thing.
If you’re bidding on, say, fax machine software and you are, say, an intelligence agency, you want to be able to prove that the fax is not listening to your network traffic (or even just your ambient noise!) or you can’t afford to have it around anything secret.
How do you do that, if you can’t burn the ROMs yourself with code compiled by yourself? Trust Cisco to do it? After intercepting those packages and tarnishing their name?
Security audits
One place where a government may wish to mandate the acquisition of source code is in security related things like voting machines where they might require an independent, or even public, audit to ensure its integrity.
Re: Security audits
Absolutely, but I would call voting machines “critical infrastructure” given its importance for democracy and it would thus fall under article 2 limitations. Malware for non-critical infrastructure can be pretty bad but likely the only real threat in that provision.
Everything
For purposes of this Article, software subject to paragraph 1 is limited to mass-market software, and does not include software used for critical infrastructure.
But – EVERYTHING that a government does can be defined to be critical infrastructure – end of problem.
If also if the government excludes “mass market software” from a specification then that also solves the problem.
the whole idea is to turn the planet into a giant, profit-making corporation where absolutely everything has to be bought and it has to make money for the owners. and dont think there will be any independent owners of anything because they will either be bought out or forced out (one way or another. leave that to the imagination) check to see how many countries are run by Conservative governments and what their main agendas are!
TISA would effectively ban copyleft-licensed software such as anything from the gnu project as well as linux and a host of other gpl’d software.
In a better world...
This would be a poison pill.
Dunno if it could be circumvented by mandating that oversight agencies have access to the code and documentation (whether or not it’s officially Open Source).
Otherwise, it does weaken governments with respect to the private sector who can still choose to mandate open source software, and will probably get better, safer software as a result.
Unless there’s another provision that criminalizes open source generally, this is a step towards decentralization.
Obviously nobody thought that one through.
How much of their existing dependent software is of GNU or similar license?
As I understand it, if the GNU license is invalidated, normal copyright law would still apply. Which would mean that the original composer would own copyright even without having formally applied for one.
IOW, the respective governments would instantly become liable for billions of dollars worth of software license lawsuits for products they are currently using for: networks, street light systems, power grids, military and space related systems (yep, linux is in space) and probably thousands of applications in sectors I can’t even fathom at the moment.
On paper it would pretty much turn Richard Stallman into a billionaire overnight… On second thought. Do it. I’d like to see it just to watch the aristocracies crap their collective pants: “We owe that fuzzy bearded dude, WHAT?”
It it time yet?
Should we be referring to it as the Corporate Occupational Government now?
Re: It it time yet?
Well we have government of the people by the corporate overlords, for the profits of the richest 1%.
Instead of government of the people, by the people, for the people as was originally intended.
What do you think?!
Mass market software
Hello,
what about engine ecu software? Is it mass market software or does it belong to the group of critical infrastructure software? What about copyright in this case?
Greetings!
Progress?
Is any new info ?
When it will be known ?