>Article 14.17: Source Code
>1. No Party shall require the transfer of, or access to, source code of software
owned by a person of another Party, as a condition for the import, distribution,
sale or use of such software, or of products containing such software, in its
>2. For the purposes of this Article, software subject to paragraph 1 is limited
to mass-market software or products containing such software and does not
include software used for critical infrastructure.
>3. Nothing in this Article shall preclude:
(a) the inclusion or implementation of terms and conditions related to
the provision of source code in commercially negotiated contracts;
To point (1), the text seems like something Steve Ballmer would write to because "GPL is a cancer".
To point (2), I wonder if "GNU gcc" is considered "mass-market" or "infrastructure".
To point (3), I assume that proprietary software users will want the most narrow definition of "commercially negotiated contracts". This means reading the LICENSE.TXT that states "copyleft" and downloading from github is definitely not a "contract". Therefore, copyleft would be null & void.
Based on skimming the preamble, it looks to me like "Party" is capitalized to indicate that, within the context of this document, Party has a very specific meaning: One of the nation-states that has entered into this trade agreement.
If that's a correct reading, then this might have some unintended consequences around government open source projects, but, since it isn't trying to place any restrictions on anyone who isn't a nation-state, it wouldn't be that much of a threat to copyleft in general.
I think what it's really trying to say is, "You can't pass laws saying overseas companies have to share their source code if they want to sell software or SaaS in your country."
Your interpretation seems reasonable. I'm guessing OSIA
and the Linux Journal are interpreting it like this:
>No Party (e.g. GNU GCC) shall require the transfer of, or access to, source code of software owned by a person of another Party (e.g. Australia Atlassian), as a condition for the import, distribution, sale or use of such software (e.g. GCC), or of products containing such software (e.g. GCC), in its territory.
The "such software" is misinterpreted as referring back to a hypothetical "GCC" instead of "Atlassian".
Your interpretation would be more like:
>No Party (e.g. USA) shall require the transfer of, or access to, source code of software owned by a person of another Party (e.g. Australia Atlassian), as a condition for the import, distribution, sale or use of such software (e.g. Atlassian), or of products containing such software (e.g. Atlassian), in its territory.
With that interpretation, the text is a response against China and Russia demanding source code from USA and European tech companies. E.g. https://www.google.com/search?q=china+russia+import+share+so...
If so, the worry would be whether countries would use the ambiguous wording of CPTPP as a way to ignore copyleft. Ignoring GCC's license wasn't the intention but it becomes the side effect. Organizations like GNU don't have an army of expensive lawyers to fight companies in Australia, etc. I have no idea if this "abuse" of CPTPP is a realistic concern.
How is it ambiguous? The treaty contains a definition of "Party":
> Party means any State or separate customs territory for which this Agreement is in force;
To argue that this means that GNU cannot enforce the GPL would be to argue that GNU is a state or a customs territory that signed the treaty.
I'm guessing it's because "commercially negotiated contract" in subsection 3a seems to use another (inferred) meaning of "party" such as a commercial business and not a country. (Text is "a person of another Party".) So one side of that "contract" is not a country. (E.g. Microsoft Windows is not the USA.)
>To argue that this means that GNU cannot enforce the GPL would be to argue that GNU is a state
Since CPTPP is a trade agreement, maybe an analogy is the NAFTA trade agreement. Even though Boeing is not a signatory on the treaty, the USA signed it so Boeing is prohibited from certain practices with Canada and Mexico. Although "party" is literally defined as "country", it applies to the businesses in within a country.
I'm going a bit of a limb here in applying SCOTUS principles to how to read law, as we're not talking about US jurisdiction, but since Australia is also a common law country, I'd assume that the principles are basically the same. One basic principle of determining different interpretations is that you have to ask "is there a clearer way to write this interpretation?" If the intent of the treaty were to make copyleft unenforceable, the text included would be along the lines of "No party shall permit a person to require the disclosure of source code." Indeed, if you read some of the other articles in that chapter, there is actually text that says "No party shall require a covered person..." This does signal that there is intent that the text of Article 14.17 apply onto the government and not to the general public within a country.
I think the consensus is that is not the intent. The OSIA and Linux Journal concern is the unintended alternative interpretation of the text.
I don't know the jurisprudence of Australian law to understand how Australian courts would interpret the text, but I would honestly be surprised if OSIA's purported interpretation were accepted.
It's the same definition. "A person of another Party" is "a person from another country."
ie. "Boeing" is the person and "USA" is the Party.
That just means "foreigner".
> Although "party" is literally defined as "country", it applies to the businesses in within a country.
What "it"? The NAFTA could certainly have requirements from signatory states to implement certain laws, and when such laws are implemented, of course they would apply to Boeing or any other US company. But I don't think NAFTA itself would apply directly.
As per usual in international trade agreements, this provision merely codifies the present status quo. There's no reason to expect that it will affect the GPL.
Restrictions on states in treaties also restrict their judiciary and their executive in enforcing judicial acts, not just acts taken in running the government administration. So, if the terms conflicted with what the state must do to give effect to enforcemrnt of open source licenses, it would make them unenforceable even if it doesn't prohibit private parties from offering and accepting them.
That is to say, the article is explicitly not prohibiting countries from enforcing copyleft licenses.
This is terrifying. Foreign-made self-driving cars can deliberately kill people via software algorithms, and even the government can't insist on seeing the source code to find out whether the car maker is incompetent or malicious.
Transparency is a dependency of trust. There's no going around that. If a product is not transparent, then it is not trustworthy, period. I'm not at all inclined to wait for something to violate my trust further before demanding a prerequisite for that trust. Governments shouldn't be so inclined, either, especially when it comes to human safety.
— especially for innovative safety algorithms that could save the lives of their competitors' customers, if only the code was reusable.
Competent auditors will emerge if there's demand. There were once no competent astronauts!
Probably not, but by requiring companies to disclose source code on request, effective independent audit of that code is merely improbable versus effectively impossible.
Entities in Country A provide entities in Country B with software for, say, self-driving cars. Such cars become sufficently popular in Country B. ("Sufficiently" being read as numerous enough for the next step to become important.)
Country A and Country B come into conflict. Potential causes: resources (oil, fresh water, rare earths, whatever), ideology, etc.
Country A uses its legal (and extra-legal) powers to force the entities providing said software to push out an over-the-air update of the software. When Country A flips a switch, the self-driving cars begin moving offensively, attempting to kill passengers and pedestrians and jam the road infrastructure, doing as much economic and political damage as possible. (Whoo; suppose they target specific people and infrastructure.)
It's an entertaining scenario for your favorite TV series or something, but possibly more troubling for software controlling information networks or the power grid. And the proof-of-concept of such an attack has already been shown to be successful.
P.S. We are both assuming that self-driving cars are better than human-driven cars, which fact is not currently in evidence.
- false numbers, similar with Tesla PR where they use bad statistics to prove their system is safer
- too general statistics for your situation, say car X is safer then human globally but locally in your region humans are much safer, will you send your children with car X where is probably not safer then average human(including drunks, teens and tired people)
- say car X is super safe, so you allow them to kill some people deliberately because they saved lives, so CEO of X hates people from a specific group(say gun owners, or teachers, or developers) so he decides that on 13 every month 666 people will be sacrificed
"Party means any State or separate customs territory for which this Agreement is in force;"
"person of a Party means a national or an enterprise of a Party;"
(Chapter 1, Section A, Article 1.3, )
So the statement "No Party shall require the transfer of..." restricts what a State that signed the treaty may do to the persons and enterprises of another State. For example, China can't require Microsoft to disclose its source code as a condition to selling Windows in China.
Regarding the other quote about contracts, the operative part is "Nothing in this Article shall preclude". So this treaty has no effect on terms regarding source code in commercially negotiated contracts. Even if you are of the misguided belief that FOSS licenses are contracts, this provision does not affect them.
Finally, FOSS licenses are not contracts because they do not contain bargained-for reciprocal promises. They are grants of rights, subject to terms and conditions. A FOSS license operates as a defense against copyright infringement. If the terms and conditions are not met, then the license is void. The infringer can then be sued for copyright infringement, not breach of contract. This has two important implications: (1) a court won't order specific performance (a contract remedy) in a case of copyright infringement, and (2) a third party has no standing to sue, because where there is no contract there can't be a third-party beneficiary (only the rights-holder may sue).
(Edit: Clarified lack of breach of contract claim.)
All in all, it only says that a government cannot demand the source code to a piece of software that is being exported from another country. Although, they can still force a software developer in their own country to give up the source code to a piece of software. It goes on to add some exceptions but is otherwise very inconsequential.
I am not a lawyer, but this a paraphrasing of an explanation given to me by someone who is a copyright/securities lawyer in one of the member countries (Canada).
5. Japan (already ratified)
7. Mexico (already ratified)
8. New Zealand
Much of the terms of this treaty were negotiated behind closed doors with "industry leaders" (large corporate interests) invited to attend.
What if we want to hold government accountable?
In other words: Business as usual.
It's fortunate that the United States left the TPP. They were the ones demanding draconian intellectual property laws. With the US gone, the worst clauses could be removed and the agreement was greatly improved.
The full text has been public for a while now. I'm not a fan of everything in there, but the good outweighs the bad. Linux Journal's concerns are based on a misunderstanding.
It would appear to be troublesome, at a minimum, for copyleft projects, too.
I suppose the most common method is to seize assets or personnel that are located in-country.
By making it a condition of allowing imports of the product, which is why that's exactly what the provision prohibits.
Nations should also decide in a way that is representative of the desire of the population.
Perhaps the population thinks the following:
"Just like private citizens, a nation should also be allowed to enter into contracts where all the parties agree not to do things [commit cyber crime/negligence hidden behind the veil of closed source software] to each other that none of them want to have done to themselves."
From the position of a free-trade agreement, it would be a statement of trust. We trust you enough to be our partner that we won't attempt to claw open your citizens' code if, in return, you don't do so to our citizens' code.
Entering such an agreement might be unwise, should a counterparty turn out to be disreputable or irresponsible.
Why not? Collaboration is far superior to competition as you can see Wikipedia beating Britannica and so on.
We just criticize it using our current capitalistic paradigm.
A country could state simply: If we can't audit your code, you can't import, distribute, sell, or use it in our country. See: United States vs. ZTE for a hardware example.
Am I misreading it or misunderstanding what "Party" means?
More generally, it would seem very out of form for a free-trade deal to include provisions that undermine the freedom of contracts. Contracts are an important part of capitalism, after all.
You could just as validly say the same thing about pretty much all mass-market software. Replace "copyleft license" with "terms of service" or "end user license agreement".
It's hard to think of any mass-market software that would not be covered under that interpretation, which is a strong hint that the interpretation cannot be right.
What I believe (3a) is trying to cover cases where a Party (e.g., Australia) is acquiring software for its own use. For instance, suppose Australia wanted to use AgileBits' 1Password  on all the government's desktop computers.
1Password is mass-market software, and this treaty would prohibit Australia from requiring that AgileBits make the source available as a condition of selling to consumers in Australia.
But if Australia negotiates a deal with AgileBits to supply Australia's government istself with 1Password, rather than the government simply buying it the same way consumers would, (3a) applies and the treaty does not apply.
 Picked for this example because it is the only well-known mass market software that I could think of offhand that (1) a government might reasonably want to mass deploy internally, and (2) is owned by a company that is in a country (Canada) that will be a Party to this treaty.
It's possibly a contract, but it is clearly not “commercially negotiated”, it's a contract (if at all) of adhesion.
It's unlikely that invalidating an open source license would be of benefit to a user, since they then have no legal right to make copies of the software.
"I demand the full, buildable source to MS Outlook before accepting this meeting request!"
Still, does making this type of demand have to be made against the law?
When you put (a) and (b) together, it seems like a miracle if the whole thing is not a disaster.
11 of 20 articles were struck from the intellectual property chapter of the agreement, including the ones I found to be most concerning. It's a very different agreement for software.
My cursory understanding is that the GPL becomes more like the BSD or MIT license in that it becomes lawful to distribute altered binaries without the corresponding altered source code.
However, legal texts are tricky and the correct interpretation of this one my well be different from my current understanding.
After rereading parargraph 1 another three times, I think that the wording of the text suggests a far broader scope than it actually covers.
"...as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
This part of the sentence limits the application of the rest of the paragraph to software that crosses the border into the country in some way or another. The sentence also begins with
where parties are the countries (represented by their governments). So this is about government regulation of software that somehow gets into the country some way or another.
" shall require the transfer of, or access to, source code of software owned by a person of another Party"
With all the preconditions above in mind, this actually means that no government can impose rules on somehow imported software that would require the seller in another country to provide the source code with the product. Effectively, this is only a restriction on lawmakers. Individual persons and companies are not directly affected this section of the treaty.
If you want to be evil and have written any GPL you can sue everybody in the target country that uses your software. Since the GPL isn't legal in their country residents of that country have no legal right to use your code. Note that you need to write "mass market software" for this to apply.
Of course I'm not a lawyer, consult a lawyer if you need legal advice.
>This part of the sentence limits the application of the rest of the paragraph to software that crosses the border into the country in some way or another.
No, the word "or" is the operative one here. So if you deleted the word "import", it wouldn't matter. Yes, the law applies to imported software, but it also applies to any software which is distributed in its territory, or sold in its territory, etc. No border-crossing is necessary.
Infact government contracts and even large private contracts require source code or escrow for continuity. Anything defense or critical infrastructure related will require code. So both from a technical, legal and national interest standpoint this can't pass the smell test. Vendors can always choose not to do business.
Some large country may still try to arm twist smaller countries and do backroom deals with allies but on the whole its unlikely to pass because no one will sign it.
Ratifying these sorts of laws through a treaty process has the power to abrogate a state's constitutional, judicial, and legislative laws - disenfranchising the people. Its the consequence of "rule of lawyers" instead of "rule of law".
Politicians engaging in these sorts of shenanigans really should not be welcome in polite company.
The first one was ten years back, and they acted like this has always been a problem.
The German case of nor allowing to give up all your rights has another intention: In the past creators were pressured to give up certain rights which was deemed unfair. To protect the weaker party in negotiations you can't sign away some rights, e.g. allowing defecament of your work, the right to not have someone else's named as an author, or remuneration for a novel not yet envisionable use of the work.
So, I expect all 11 of these countries to stop using all said software, forthwith and without exception.
Well I can ignore the GPL all I want and still use GPL software. There's nothing I can see in copyright law that prevents me from doing that. Microsoft and co conditioned people into thinking that they required permission to use software, but that's certainly not the case in software I use.
However if I want to do something that I can't do in copyright law (like give someone else a copy), I require permission from the copyright holder. That permission is pre-emptively given in the GPL. If I don't like those terms, that's fine, I can contact the copyright holder and attempt to negotiate other terms.