Volkswagen's infamous emissions-test-subverting software lurked in cars for years before it was discovered by regulators. The company got away with it for so long, in part, because it's hard to actually tell what's going on within the embedded computers of an automobile.
One way to deal with the issue would be to require that certain types of companies, like automakers, release the software code that powers their products to the public, so that researchers could evaluate deceitful practices as well as security flaws. A less extreme solution, suggested by Zeynep Tufekci in the New York Times this year, would be to simply require automakers to release code to auditors, the same way the manufacturers of casino slot machines must open their code to gambling regulators.
But if the international trade deal called the Trans-Pacific Partnership is adopted, the US and other member countries would be prohibited from requiring that companies from other member states hand over the source code of their products. Volkswagen's home country Germany is not one of the TPP's potential member states, so this restriction wouldn't apply to that company, but it could potentially limit US regulators' access to Japanese and South Korean cars, among other products. It could also put the kibosh on an idea proposed by Internet pioneer Vint Cerf and a group of other experts to require manufacturers to release the code that runs WiFi routers.
Article 14.17 of proposal, published at last today after years of secret negotiations, says: "No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
The proposal includes an exception for critical infrastructure, but it's not clear whether software involved in life or death situations, such as cars, airplanes, or medical devices would be included.
Forcing companies to publish their source code won't necessarily solve the problem of cheating or buggy software. Huge security problems have been known to linger for years in open source projects that had too few security audits. And there are ways to encourage companies to release their source code that don't involve passing import laws. But the TPP, as written, would remove one powerful option in the fight to open the Internet of Things.
