• 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle


  • In the latest version of the emergency broadcast specification (WEA 3.0), a smart phone’s GPS capabilities (and other location features) may be used to provide “enhanced geotargeting” so precise boundaries can be set for local alerts. However, the system is backwards compatible – if you do not have GPS, you will still receive an alert, but whether it is displayed depends on the accuracy of the location features that are enabled. If the phone determines it is within the target boundary, the alert will be displayed. If the phone determines it is not within the boundary, it will be stored and may be displayed later if you enter the boundary.

    If the phone is unable to geolocate itself, the emergency message will be displayed regardless. (Better to display the alert unnecessarily than to not display it at all).

    The relevant technical standard is WEA. Only the latest WEA 3.0 standard uses phone-based geolocation. Older versions just broadcast from cell towers within the region, and all phones that are connected to the towers will receive and display the alerts. You can read about it in more detail here.


  • Open source software is also notably lacking from the impact assessment documents, but I suspect this is because it was intended to not impact open source software at all. It seems the legislation intends to exclude open-source software, but doesn’t clearly and unambiguously exclude open source software that is developed or contributed to in a commercial setting (e.g by paid contributors).

    I think the wording seems clear enough to determine the intent, but the ambiguity surrounding the “commercial activity” part might necessitate trial (which nobody wants to risk), or might lead to poor implementation of this directive in the laws of member states. I think we should be campaigning to improve the wording, not reject it outright.


  • Ah, OK. So it seems it’s a case of the spirit of the text not matching the precise technical wording used. IMO, the legislation clearly intends to exclude freely-distributable open-source software, but the issue lies with what constitutes a commercial activity. (I’ve not yet checked the rest of the document to see if it clearly defines “commercial activity” in relation to the legislation.)

    TBH, it seems that what is needed here is a clarification and tightening up of definitions, not wholesale rejection of the legislation.


  • Why is everyone up in arms about this?

    The legislation specifically excludes open source software. Has nobody in this discussion actually read the proposed legislation?

    From the current proposal legislation text:

    In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable.

    There is also a clause that states those using open source software in commercial products must report any vulnerabilities found to the maintainer.