Category Archives: Legislation

Free ICT Europe contributes towards EU Standards – Places secondary market on the agenda

Europe is moving:increasing special requirements for product types through EU Ecodesign product groups.

At first these were focussed on energy reduction. However following review it and putting an emphasis on circular economy aspects, it appears that improvements to stimulate materials used, repair, reuse and recycling should be added – underpinned by a standard for all product classes.

To deliver this general standard the “JCT10” project will build a proposal. Free ICT Europe has provided input to the current text versions of three working groups that have influence in the IT aftermarket: Durability, Remanufacturing/Refurb and Repair, Reuse, Upgrade.

tc10

Within our comments we want to make clear that the independent channel is an important contributor to facilitate the extension of life-cycle, reuse and repair of ICT equipment. Also practical issues regarding Firmware, Diagnostics and Passwords are being addressed.

The General Standard will be placed above the current Ecodesign product specific groups. Having our issues addressed at this General level is our target. It will mean easier acceptance at the review at product level (Servers & Storage) while for a new product group (Networking?) this will also be applied.

ecod

To gain more insight in Ecodesign and what it does contribute to our position in the market, please listen to our Podcast with Davide Polverini.

To learn more about the JCT10, get involved with Free ICT Europe and make a difference please contact us.

WannaCry ? Time has come so dry your tears and act!

The unprecedented ransomware attack that started on 12th May was wholly predictable and a wakeup up call of reality to a sleepwalking world.

Everyone seems to have a view on the attack with traditional media and social media being red hot with comments and finger pointing; according to Microsoft it’s all the fault of the NSA . In today’s world this is to be expected but it is only through serious investigation that the truth will be uncovered and this is the role of the authorities, supported by experts. We can all only hope they succeed in their endeavours.

We must resist the temptation of naivety. Our industry is renowned for its ability in providing innovation and making possible today what was only a dream yesterday but that ability brings with it the paradox that has been with us since the first computer was designed; the products which are launched on the market, either hardware of software, are vulnerable. No manufacturer of IT products can pretend their systems are without a hole or a door that ill-intentioned and very determined individuals or organisations can enter to either steal our identities, to spy on our private lives or to kill our businesses. It is a very reasonable paranoia to declare that WannaCry is just a taste of our future and a clarion call of what is to come.

There are many on-going debates around the world with purpose of setting up rules, providing guidance and introducing policies to deal with the threat so we can be prepared. For example in the US one debate is clearly described in a report under the title “Law Enforcement Using and Disclosing Technology Vulnerabilities” . The questions raised in this report can be condensed as, should we make public a vulnerability to which there is no associated fix and how should we organize and reward the community of “good guys” that detect the vulnerabilities and fix them before hackers exploit them? Those who read the report will be disturbed to discover that security agencies are playing on 2 boards of the same game by exploiting for their own needs the vulnerabilities. This is the real world we are living in and we will not change it by simply trying to wish it away. We have to face the facts and be cognisant of reality.

Contained within the report is a detail which is of most interest for our secondary market industry. On Page 2 is a short but clear definition in a grey box under the title Relevant Terms. Vulnerability is defined as “a security hole or weakness in hardware, software, or firmware that can leave it open to becoming compromised.” Previous attempts at defining vulnerabilities have never been as clear. Reviewing the “Common and Vulnerabilities Exposures” (CVE) web site we can read : “A “vulnerability” is a weakness in the computational logic (eg. code) found in software and some hardware components (eg. firmware)…”. We are glad that the definition provided in the report takes us one step further than the CVE definition with the clear distinction between hardware, firmware and software being independently potential sources of vulnerability that require discreet fixes. This definition reflects the point of view of Free ICT Europe despite the many debates and attempts by OEMs and Software Companies to make it confusing.
For our precious secondary market to move forward and be a part of a secure future the lessons to be learned are easy to summarise:
– Firmware & Software updates that fix vulnerabilities should be applied on a regular routine basis and in emergency when an attack in imminent or in progress
– If it is a customer responsibility to keep their infrastructure up to date and protect them with all technological means, independent services providers should advise customers of serious threats which are in the scope of the commitments of their services agreements
– OEMs and Software Companies should make available without charge, unfettered and in an expeditious way all vulnerability fixes, without the precondition of a service agreement and allow independent providers to act on the behalf of their customers

The last point in the list is one of the main positions we defend at Free ICT Europe. We have tirelessly campaigned to raise the awareness of the stakeholders and are heavily involved in the legislative agenda of the European Commission.
In discussions with the new initiative of Directive for Ecodesign , we have successfully introduced the obligation on an OEM to provide firmware updates in to their project. This is just a first step but we will not giving anything away.
To enable us to reach the goals that will benefit us all your support is more than precious and we are thankful for your contributions. The very future of our industry is in our collective hands.
Don’t give up, be part of the solution and join us. We need you, you need us, we all need each other.

(1)] https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

(2) https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000b0jp3ebltdsdrs71bju2qbfb1

(3) https://www.hsdl.org/?abstract&did=800768

(4) https://cve.mitre.org/about/terminology.html

EU inaction would costs taxpayers €1bn+& hands it straight to US multinational

The EU made a Decision in 2011 to break the monopoly of IBM on the secondary market of maintenance and support of IBM mainframes. During the last five years mainframe users who chose Independent Service Providers (ISP) as an alternative to IBM, have reaped the benefit of millions of euro in costs savings as is to be expected in a fair, open and competitive landscape.

This Decision expired on December 14th 2016 when, in accordance with the spirit of competition rules it was expected that all the stakeholders involved would  come to a gentleman’s agreement to renew it on equitable terms. If the regulatory authorities cannot make a difference in applying Article 101 & 102 of the “Treaty on the Functioning of the European Union” (TFUE) this case shows its limitations in the real world.

ISPs need a long term “(main)frame of regulation” to protect their investments, their skills and their customers. Customers need to be sure ISPs will be able to comply with their needs. Customers need the certainty there is an authority that is strong enough to guarantee the balance between IBM and ISPs and, in case of any infringement, an authority that has the power to impose penalties.

It is illusory to believe that a multinational such as IBM would act in compliance with a Decision that is expired. It is  more realistic to consider that IBM would impose, without any negotiation, unilateral Terms and Conditions that dramatically reduces the level of the obligations IBM was forced to accept. The reality is that IBM is now ready and prepared to engage in a fast winback of the market share of the ISPs on the secondary market of services.

As a result the cost to Europe will be in excess of €250m.per year through higher maintenance and support costs with potentially up to €1bn in additional capital costs as the US giant, International Business Machines Corp (IBM), takes back total control of the mainframe hardware market in Europe.

Who will pay? Well of course it will be the European taxpayers and consumers of the large European organisations such as banks, insurance companies and financial institutions that still invest in this reliable technology that is critical to their businesses.

Don’t sleep at the wheel !

Having been alerted by the ISPs and then on its own initiative, the EU took bold step in dealing with the discriminatory behaviour toward competing suppliers of mainframe maintenance and support services. In 2016 the EU has to investigate again as, to not do so they will be handing back to IBM complete control of this lucrative market.

Despite the efforts of many European bodies and organisations to warn the EU of the potential costs of not renewing this arrangement, the Decision has not been renewed.

Nevertheless, the EU has received many requests from ISPs to re-open the case in order to renew the Decision. There is no doubt that any upcoming investigation will demonstrate IBM will again be in a monopoly without the Decision, and will come to the same conclusion it did in 2011.

Free ICT Europe is calling on the EU to make this a priority.

Jobs

The inevitable impact of this on the European IT services providers who operate in this sector are job losses. Of even greater significance will be the inevitable job losses from the organisations that use mainframes as they struggle with higher costs and the need to reduce their IT budgets. People are always the first thing to go in times of austerity.

For more information email to: contact@free-ict-europe.eu or call +(31) 30 698 2698

IBM EU Commitments

Five years ago the Directorate General of Competition of the European Union made a Decision related to the maintenance and the support of the IBM Mainframes. It was the result of a complaint filed 2 years before. This Decision could be compared to an earthquake as it was the first time in Europe a big IT player was forced to provide TPM’s with necessary inputs to compete on the secondary market of services. It was as well the first time a Decision article 9 was taken against an US company in favor of independent European companies. IBM was force to provide Commitments and the European Commission made them binding with a 10% penalty on the worldwide turnover in case of infringement or circumvention. This was in 2011.

Since we know how most of OEMs have been arguing about Intellectual Property in order to first withdraw the rights of customers to access bugs fixes for free and then foreclose the secondary market of services for the TPMs.

It is worth to notice that IBM was preparing its policy change (microcode update access restrictions) for Power Servers and Storage Solutions while in the meantime the company was forced to commit on making them accessible at reasonable terms and conditions microcode updates, spare parts and configuration records for mainframes.

The EU Decision will end December 14, 2016 and the subsequent contract some TPM signed (aka “TPM Agreement”) will expire at the same date. We bet the terms and conditions of the new TPM Agreement proposed by IBM will be reviewed to their lowest level while not being under the control of a Decision.

Also when you are not dealing in Mainframe products or services, this has still impact; the domination of IBM will increase their position in other segments and deeply inspire other OEMs and Software companies.

So doing nothing is absolutely no option. To get the required attention FIE supports a new complaint that has been filed to request the Commission to renew their Decision.

Update on Resale of Software

Since 2012 Reselling Software has been started by a number of brokers. Though little has been done to reassure owners of surplus software licenses and shelfware that, yes, indeed, licenses can be marketed and sold on. The European Court has restated the legality of the resale of software in Europe in its latest judgment: even where the license agreements signed up to by the licensee declared that the software was non-assignable and only for that particular licensee’s internal business purposes. But the court confirmed that the principle does not extend to software transferred on back-up discs.

Software vendors do not have not been very active in mentioning the resale option to customers. On the other side they cannot be too dismissive: they are constrained by competition (anti-trust) laws in seeking to inhibit the market in indirect ways. This can include discriminating against their customers, refusing support or seeking higher prices from those using pre-owned software. The jeopardy for them is a finding of abuse, damages and fines of up to 10% of their group’s global turnover.

An interesting perspective on support for secondary software being a potential growth market: Support costs on software generally exceed, over time, the initial license fees paid. This means that, if there were a new user of redundant software, there is the possibility of extending the vendor’s customer base and increasing, rather than damaging, its income.

Link to full article by Robin fry

How US and EU Courts & regulators developed their thinking on aftermarket issues

Aftermarkets are particularly important in the market of technical equipment. The downstream market for maintenance and support of both hardware and software is profitable and particularly coveted by OEM’s, often as a means to recoup their investments in research and development. In many cases these markets are contested by independent service organisations (“ISOs”), which frequently come into conflict with the manufacturers.

Read the full article that gives an interesting overview

John Deere restrictive practices hinder maintenance for Farmers

John Deere and General Motors want to eviscerate the notion of ownership. Sure, we pay for their vehicles. But we don’t own them. Not according to their corporate lawyers, anyway.

In spectacular display of market manipulation, John Deere—the world’s largest agricultural machinery maker- told the US Copyright Office that farmers don’t own their tractors. Computer code is so embedded within modern tractors; farmers receive “an implied license for the life of the vehicle to operate the vehicle.”  It’s John Deere’s tractor, folks. You’re just driving it. Or in modern software parlance ; “Tractor as a service”.

We live in a digital age, and even the physical goods we buy are complex. Copyright is impacting more people than ever before because the line between hardware and software, physical and digital has blurred. Due to the restrictive practices of manufacturers such as John Deere, farmers are now depending on the external service capabilities of original suppliers, with mechanics to be flown in at, high costs while equipment is left unavailable for days.  As opposed to, for example, fixing the tractor using a tractor mechanic in the same town.

YOU BOUGHT IT, YOU OWN IT

Once we buy an object — software is also an object — we should own it. We should be able to open it, to lift the hood, unlock it, modify it, repair it or have it maintained by a third party of our choice … without asking for permission from the manufacturer.

Over the last two decades, manufacturers have used the Copyright Law to argue that buyers do not own the software underpinning the products they buy—things like smartphones, computer equipment, coffeemakers, cars, and, yes, even tractors.

Product makers don’t like other people messing with their stuff, so some manufacturers place digital locks over software. Breaking the lock, making the copy, and changing something to match your needs could be construed as a violation of copyright law.

And that’s how manufacturers turn tinkerers into “pirates”— even if said “pirates” aren’t circulating illegal copies of anything.

John Deere may be out of touch, but it’s not alone. Other corporations, including trade groups representing and nearly every major automaker.  It’s worth noting Tesla Motors didn’t join automakers in this argument, even though its cars rely heavily on proprietary software.

Owners need access to repair information, replacement parts, apply security updates, maximum control to make required adjustments and freedom to decide who touches their equipment for maintenance and repair.

Free ICT Europe exists to support the owners of all ICT equipment. So let us step up to make it clear in the industry that we need a change from owner controlled ICT.