In November 2016, Bruce Schneier wrote about the need for increased regulation in the software sphere.
If we want to secure our increasingly computerized and connected world, we need more government involvement in the security of the "Internet of Things" and increased regulation of what are now critical and life-threatening technologies. It's no longer a question of if, it's a question of when. - Bruce Schneier
I may have my qualms about the Internet of Things, but it's impossible to shy away from the fact that where software development has been relatively free of government interventions and regulations, the increased reliance of software makes it impossible for governments not to act. They will act in the interest of security and critical societal functions, for consumer protection, to maintain market competition, or any other good and valid reasons.
The software community by and large has been reluctant to embrace any sort of regulation of itself, and the free and open source software community is no less different. Warranties and liabilities are routinely disclaimed and limited with the understanding that if someone is liable for the code they write, they would be much less willing to write it and even less willing to license it openly.
That may be true, but as Schneier puts it: it's no longer a question of it, it's a question of when. As free and open source software gets into health care, automotive and other safety critical areas, it's getting further into areas of software regulation, and those areas will only expand over time.
To meet this need for regulation, we must ensure regulatory agencies and governments are getting the support and knowledge they need to create good policies and regulation, rather than bad ones.
Advertisement: This is something the FSFE is already doing, but we could use your support to do more.
Our policy work need to cover two critical areas: we need to work more with governments and local municipalities to encourage uptake of free and open source software friendly policies in procurement and development of IT systems. There are limited reason for any government function today to rely on proprietary software for their core functions. When developing or procuring new systems, governments should make free and open source software the default, and install the necessary oversight to ensure this happens.
But this doesn't respond to the increased regulation in the software space. We also need to work with governments and regulatory agencies across the board to make sure that when and as they consider regulation of IT, free and open source software is considered and our ability to keep supplying and developing free and open source software is guaranteed.
We need to do this in any area which can be touched by regulation. No stone is too small to turn over: bank and financial regulation, food safety and security, occupational safety, environmental protection, telecommunication, automotive regulation, and so on and so forth.
Regulation can sometimes have unintended consequences, especially when it comes from areas where we did not expect it.