[License-review] For Approval: The Cryptographic Autonomy License

Pamela Chestek pamela at chesteklegal.com
Sat Apr 27 14:29:49 UTC 2019

Hi Van,

Below are some comments on the text itself.

On 4/22/19 2:43 PM, VanL wrote:
> We now present the CAL 1.0-Beta for approval at the next board meeting:
>   Google Docs link:
> https://docs.google.com/document/d/1sWUREQN02YJ-q91gXOCflRB57Q1YcU1G7UMS_a8WOTI/edit#
>   PDF Link: https://www.processmechanics.com/static/CAL-1.0-Beta.pdf
Section 2.2.1 and 2.4 are circular references so that it's not clear
what the duty is. Section 2.2.1 says it is "Subject to the exception" of
2.4. 2.4 says you have to comply with 2.2.1 "relative to the Source Code
provided by You." First, I don't know what "relative" means. Couldn't
the original code be considered "relative" to mine? And saying that I
must provide my source code doesn't relieve me of the obligation of
providing your source code. I assume that is what you are trying to
accomplish but it's not clearly stated anywhere.

Section 2.2.2: The predicate "With the exception in section 2.4" says
the opposite of what I believe you mean to say. "With" can be read as a
conjunction and "the exception" is read as a description of what is in
Section 2.4. So it says "in conjunction with what is described in
Section 2.4, you must provide ..." when I believe you mean to except out
2.4 from the requirement of 2.2.2. If you don't mean to except it out,
then the clause is unnecessary. The language is also different from
2.2.1 ("Subject to the exception in 2.4") and I don't understand why
they are different.

"Access to Source Code" must be provided by "You," the Licensee. It
doesn't make sense to me that the Licensee has to provide access to the
source code.

Section 2.3: It says "You must give the same permission received under
this License to any Recipient...." However, Section 7.2 says the license
is not sublicensable, so the Licensee doesn't have authority to grant
permissions at all. The clause doesn't seem to have an effect and
therefore only creates confusion.

Section 2.3(e): missing capitalization of "Work"? I also don't
understand what it's trying to say or stop.

Section 4.1: I would insert the word "automatically" before "compliance"
within 60 days to distinguish it from compliance after that, which
requires the express restoration by the Licensor.

You have defined "Public Performance" as using the Software to take any
action that implicates the right of performance or public display under
copyright law, and include as one use case of making an interface
available. The license grant is for this full scope. However, your
definition of "Modified Work" and "Recipient" refer only to "Public[ly]
Perform[ance/ing] an interface." This creates ambiguity about the scope
of the right for Modified Work and that Recipients have.

Section 7.1.1: I don't understand why a reference to GDPR is required;
it strikes me as a "you must comply with all applicable law"
requirement. And why the GDPR and not any other or future laws? If a
statement is needed that the requirements the law impose will override
the license requirements, you can say that more generally.


Pamela S. Chestek
Chestek Legal
PO Box 2492
Raleigh, NC 27602
+1 919-800-8033
pamela at chesteklegal.com

More information about the License-review mailing list