[beerandt]

I've had similar ideas, but with IP/DMCA rights/enforcement being conditional on depositing keys and source code with the Library of Congress, to hold in a sort of public escrow. Maybe even require it for FCC certification, or for courts to to recognize/enforce EULAs or other claims.

If you want to enjoy the public protections of IP, the public needs to get a copy of source code and meaningful device access, upon whatever definition of un-patched software or device abandonment.

Obviously there's a lot to work out, but philosophically, I like the idea better than introducing new jurisdictions of regulatory power, especially when the relief sought should already be attainable under the public contract made in seeking government enforced IP protection.

[mschuster91]

> Obviously there's a lot to work out, but philosophically, I like the idea better than introducing new jurisdictions of regulatory power, especially when the relief sought should already be attainable under the public contract made in seeking government enforced IP protection.

Putting your code into escrow does not imply it's going to get audited or that it was developed under somewhat reasonable conditions (aka with code reviewing and testing).

We have seen way, way too much damage, to the tune of billions of dollars and everybody's personal data ending up in hacks "thanks" to shoddy software now, it's a matter of national security to create ad enforce regulations.

Maybe we can create exemptions for small companies and startups, but as soon as you hit 10k users in general population you should have at least basic security processes implemented.