Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsTPP Threatens Security and Safety by Locking Down U.S. Policy on Source Code Audit
from the Electronic Frontier Foundation:
DECEMBER 3, 2015 | BY JEREMY MALCOLM
TPP Threatens Security and Safety by Locking Down U.S. Policy on Source Code Audit
Multiple recent reports on serious security vulnerabilities in cable modems and routers paint a dire picture of the state of security of the devices that millions of users depend upon to connect to the Internet. Such vulnerabilities can be exploited to disable our access, snoop on our personal information, or launch malicious attacks on third parties. Other devices that are equally important for our security, or even to our physical health and safetysuch as home alarm systems and, terrifyingly, a cardio server used in hospitalshave also been the subject of recent vulnerability disclosures.
One tool that security researchers can use to more quickly uncover and eliminate such vulnerabilities is having access to the source code of the software embedded in these devices. Of course, that can usually only be done if the source code is made available to them by the supplier. Many router manufacturers do make at least some of their devices' source code available, and often they do so because they are legally compelled to do this by the terms of the GNU General Public License, which applies to some of the core software upon which such devices are frequently based.
But that's not the only way that the manufacturers of critical devices could be compelled to release their code for public or peer review. There's also the option that a law or regulation could be made requiring the disclosure of such code, perhaps as a condition of the licensing of the products under applicable law. In fact, in October, 260 cybersecurity experts called upon the Federal Communications Commission to impose just such a requirement.
The TPP's Ban on Code Audit
Which brings us to the Trans-Pacific Partnership (TPP) agreementwhich would prohibit such open source or code audit mandates being introduced in the future. Article 14.17 of the text of the Electronic Commerce chapter provides, No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory. .................(more)
https://www.eff.org/deeplinks/2015/12/tpp-threatens-security-and-safety-locking-down-us-policy-source-code-audit
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 523 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (6)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
TPP Threatens Security and Safety by Locking Down U.S. Policy on Source Code Audit (Original Post)
marmar
Dec 2015
OP
hedda_foil
(16,368 posts)1. This is terrifying. Basically, it means that.....
Let's say China sells us critical components for cell phones, or voting machines or airplanes or GOK what else, they could implant and use equipment in products consumers and government purchase to take down our grid, cause military jets to fall out of the sky, and who knows what else. Nobody could get at.the source.code , etc. to find out what happened.
lovuian
(19,362 posts)2. exactly which US intelligence and military
is filled with other countries computer work ......