[License-review] For approval: The Cryptographic Autonomy License (Beta 2)

[VanL]

*Rationale:* The CAL is a new network copyleft license especially
applicable for distributed systems. It is designed to be as protective as
possible of downstream recipients of the software, providing them all that
they need to create and use an independent copy of a licensed work without
losing functionality or data.

*Distinguish:* The CAL is most similar to the AGPL, and will have a similar
scope of action in most cases. However, the CAL has provisions that require
that operators provide recipients of the software with a copy of their user
data, enhancing their ability to independently use the software. The CAL
also allows the creation of mixed "Larger Works," provides for affiliate
use, and does not specify a mechanism by which notice is given to
recipients.

*Legal Analysis*: The CAL was drafted by legal counsel. Previous
discussions have outlined many aspects of the legal analysis.

Following the rejection of CAL Beta 1, this version has been reworked to
remove the reasons for rejection and to address the concerns that led into
the “further discussion” items. In particular, I worked on laying out the
scope of the private right of use, clarifying when the conditions apply,
and avoiding constructions that may result in adverse policy inferences. I
also simplified the language to enhance interpretability.

The most controversial aspect of the CAL remains: it requires someone who
is communicating the software (or a part of the software) to a "Recipient"
(a non-affiliated third party), to also allow that Recipient access to the
Recipient's own user data. To show how this fits into the broader concept
of software freedom, the policy associated with this requirement is also
laid out: to allow a Recipient to fully use an independent copy of the Work
generated from the Source Code provided with the Recipient’s own User Data.

*Previous Discussion*: For those only following this list, I also provided
a changelog on license-discuss [1] which prompted some discussion. From
that discussion, I'll note that Russell McOrmond is on record as believing
that the CAL is part of a class of licenses - which includes the AGPL, and
the GPL as applied) is not compliant with the OSD. Bruce Perens is on
record as believing the any requirements that an operator provide user data
is a violation of "no field of use" restriction in OSD 6. Bruce is also on
record as believing that the identification of the private right of use is
a field of use restriction.


[1]
http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2019-August/020937.html

A copy of the license in markdown-formatted plaintext is attached.

Thanks,
Van
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190819/d4e67183/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Cryptographic Autonomy License v1.0-Beta 2.md
Type: application/octet-stream
Size: 15616 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190819/d4e67183/attachment-0001.md>