TPP Countries Can't Insist on Software Code Disclosure

The Internet Law Resource Center™ is the complete information solution for practitioners in cyberlaw. Follow the latest developments on ICANN’s gTLD program, keyword advertising, online privacy,...

By Joseph Wright

Nov. 5 — National laws mandating access to the source code of mass-market software as a condition of selling software in those countries would be prohibited under the electronic commerce chapter of the Trans-Pacific Partnership trade agreement.

The chapter prohibits participating countries from conditioning imports of software, or products containing software, on revealing the software's code to the importing country's government. The provision excludes software used for critical infrastructure and commercially negotiated provisions of source code, and allows countries to require modifications to source code to comply with local law.

A separate chapter of the TPP dealing with technical barriers to trade would also prohibit national laws requiring manufacturers or suppliers to provide access to a product's encryption technologies as a condition of manufacture or sale. Transactions with governments are excluded from this provision.

Nor may participating countries mandate the use of a particular cryptography method nor that companies using cryptography partner with a domestic company.

This section of the TPP eliminates practices that have required U.S.-based software companies to choose between providing access to highly confidential information and avoiding certain markets altogether.

The cryptography provisions appear to be a win for Silicon Valley companies that have argued against mandatory “backdoors” to gain access to encrypted information.

Source Code, Crypto Rules Short-Sighted?

Stewart Baker, a partner with Steptoe & Johnson LLP in Washington, told Bloomberg BNA Nov. 5 he expects the source code sharing provision to be controversial.

“Obviously big mass-market software companies in the U.S. want to avoid sharing their source code, and U.S. users don’t really want other governments to have insights into the programs they use,” Baker said. “But from the U.S. national interest perspective, over the long haul, we may greatly regret adopting such a principle.”

Baker said that while the U.S. currently dominates the mass-market software market, that may not always be the case. If the roles are reversed, he said, policy choices made today may no longer be in the U.S.'s national interest.

Baker also said the encryption provisions “cement Silicon Valley’s position on encryption into international treaty law.”

“If [Federal Bureau of Investigations director] Jim Comey wins his argument in a couple of years, and Congress wants to require some form of access to strong cryptography, it won’t be able to do so,” Baker said. “That decision will have been made by the United States Trade Representative and his counterparts in other countries, and it can’t be changed without making trade concessions to those countries.”

On Oct. 12, FBI Director Comey told the Senate Homeland Security and Governmental Affairs Committee that the White House won't ask Congress for encryption-related legislation, a position that few observers believe is the government's final word on the topic (20 ECLR 1476, 10/21/15). U.S. officials made clear they still expect cooperation from technology companies, who can be compelled to turn over data — encrypted or plaintext — by court order.

Annex 8-B of the TPP makes a distinction between product manufacturers and communications service providers. Law enforcement officials would not be prohibited by the TPP from demanding the plain text of encrypted communications. The TPP protects product manufacturers from limits on their use of encryption, but not communications service providers that offer their own encryption to users.

Besides the U.S., the TPP countries are Australia, Brunei Darussalam, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, and Vietnam.

To contact the reporter on this story: Joseph Wright in Washington at jwright@bna.com

To contact the editor responsible for this story: Thomas O'Toole at totoole@bna.com

Full text at https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/TPP-Full-Text

The electronic commerce chapter can be found at https://ustr.gov/sites/default/files/TPP-Final-Text-Electronic-Commerce.pdf

The encryption provision can be found in annex 8-B at https://ustr.gov/sites/default/files/TPP-Final-Text-Technical-Barriers-to-Trade.pdf