Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
TPP Threatens Security and Safety by Locking Down U.S. Policy on Source Code Audit
from the Electronic Frontier Foundation:
DECEMBER 3, 2015 | BY JEREMY MALCOLM
TPP Threatens Security and Safety by Locking Down U.S. Policy on Source Code Audit
Multiple recent reports on serious security vulnerabilities in cable modems and routers paint a dire picture of the state of security of the devices that millions of users depend upon to connect to the Internet. Such vulnerabilities can be exploited to disable our access, snoop on our personal information, or launch malicious attacks on third parties. Other devices that are equally important for our security, or even to our physical health and safety—such as home alarm systems and, terrifyingly, a cardio server used in hospitals—have also been the subject of recent vulnerability disclosures.
One tool that security researchers can use to more quickly uncover and eliminate such vulnerabilities is having access to the source code of the software embedded in these devices. Of course, that can usually only be done if the source code is made available to them by the supplier. Many router manufacturers do make at least some of their devices' source code available, and often they do so because they are legally compelled to do this by the terms of the GNU General Public License, which applies to some of the core software upon which such devices are frequently based.
But that's not the only way that the manufacturers of critical devices could be compelled to release their code for public or peer review. There's also the option that a law or regulation could be made requiring the disclosure of such code, perhaps as a condition of the licensing of the products under applicable law. In fact, in October, 260 cybersecurity experts called upon the Federal Communications Commission to impose just such a requirement.
The TPP's Ban on Code Audit
Which brings us to the Trans-Pacific Partnership (TPP) agreement—which would prohibit such open source or code audit mandates being introduced in the future. Article 14.17 of the text of the Electronic Commerce chapter provides, “No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.” .................(more)
https://www.eff.org/deeplinks/2015/12/tpp-threatens-security-and-safety-locking-down-us-policy-source-code-audit
2 replies
= new reply since forum marked as read
= new reply since forum marked as read
