For regulatory supervision we need access to source code. The Volkswagen emissions scandal has shown that devices can be programmed to mislead researchers. 2 In addition, audits can reveal whether decision making software contains biases. And Facebook’s role in elections and referendums shows that the use of personal data is not only a civil rights issue, but may compromise the integrity of our institutions. Zeynep Tufekci:
“Volkswagen will be neither the first nor the last scandal of the Internet of Cheating Things.”
The report of the EU’s independent High level Group on fake news and online disinformation points out the importance of algorithm accountability. And one of the conclusions of the Council of Europe study “Algorithms and human rights” on the human rights dimensions of automated data processing techniques and possible regulatory implications states:
“Certification and auditing mechanisms for automated data processing techniques such as algorithms should be developed to ensure their compliance with human rights.”
“Algorithmic transparency, for example, plays a key role in resolving the question of Facebook’s role in the Russian interference of the 2016 Presidential Election.”
Zeynep Tufekci, same article:
“It’s a pity that casinos have better scrutiny of their software than the code running our voting machines, cars and many other vital objects, including medical devices and even our infrastructure. As computation spreads in society, our regulatory systems need to be funded appropriately and updated in their methods so that keeping our air clean and our elections honest is not a worse gamble than a slot machine.”
The European Commission and European politicians (for instance Angela Merkel, Katarina Barley, and Kees Verhoeven) want more algorithmic transparency. Kees Verhoeven also wants strict standards for internet connected things.
EU-Japan trade agreement
Under the EU-Japan trade agreement’s article 8.73 the EU and Japan may not require the transfer of, or access to, source code of software owned by a person of the other Party. The article provides some exceptions, but they have a limited scope or are limited by many conditions. 3 The article restricts audits of software and algorithms, also of software embedded in “smart” products.
To protect personal data, the EU commission recently agreed on an updated, much stronger safeguard. Software auditing needs an equally strong safeguard. Better yet: remove the source code clause, which is not found in earlier EU trade agreements.
Update: in a letter to Dutch parliament, Vrijschrift calls for a parliamentary scrutiny reservation.
EU-Japan article 8.70.4 reads:
“This Section applies to measures by a Party affecting trade by electronic means.”
Any measure that affects trade by electronic means is included. This is extremely broad. This (new) formulation (not found in EU-Canada trade agreement CETA) may undermine important regulations.
In article 8.70.3 the parties recognise the importance of the principle of technological neutrality in electronic commerce. The effect of this is that commitments in older WTO treaties, such as GATS, with weak safeguards, written for just some limited services, now also cover new, more invasive services. This, again, undermines regulatory power. The EU-Canada trade agreement CETA does not contain this formulation.
The EU wants to rush through the EU-Japan trade agreement. This is irresponsible; full scrutiny is needed.
The trade agreement is the first EU only one – no ratification by EU national parliaments is needed. National parliaments have to act now. After EU parliament and council ratify, there is no way back. Council vote on signing may already take place on 26 June 2018.
For more information on source code clauses, see, Neeraj R S, Trade Rules on Source Code: Deepening the Digital Inequities by Locking up the Software Fortress; and Jane Kelsey’s submission on revised TPP, paragraph 56 and further.
Article 8.73 (1) concerns open source software; article 8.73 (2)(a): competition law; article 8.73 (2)(b): intellectual property rights; article 8.73 (2)(c) refers to Article III of the Agreement on Government Procurement, its article III concerns National Treatment and Non-discrimination; EU-Japan article 1.5 Security exceptions does not apply as it is under-inclusive; article 8.65 concerns financial measures. This leaves article 8.3 General exceptions, a GATS article XIV like safeguard; these exceptions come with many conditions which undermine the strength of the safeguard. See, in general, IvIR, 2016 and Public Citizen, 2015. Note also that in the future investment protection with a form of enforcement (ISDS / ICS / Multilateral investment court) may be added. This could further undermine the possibility to audit software.