[License-review] For approval: The Cryptographic Autonomy License (Beta 2)

Thu Aug 22 20:53:02 UTC 2019

Hi Bruce,

I appreciate your succinct statement of what you find problematic about the
CAL. I don't believe that our views are compatible. Thus, I am presenting
my comments to similarlly succinctly respond for the benefit of the others
on the list, who may have tired of our back-and-forth, This is not an
effort to reopen particular elements of the debate.

On Thu, Aug 22, 2019 at 3:14 PM Bruce Perens via License-review <
license-review at lists.opensource.org> wrote:

> It seems to me that this new submission has repaired some of the more
> trivial reasons for rejection of the license, while preserving the main one.
>
> #### 4.2.1. No Withholding User Data
>
>
[snip]

This is correct. The autonomy provisions, including the user data
provisions, are central to the CAL.

> While this particular submission places a very narrow limit on what data
> must be disclosed: giving it back to "it's owner", it's obvious that it
> could be followed by licenses regarding a more significant license term to
> be placed on the data processed....So, I am really most concerned with the
> precedent that this license would establish, which would lead to more
> severe terms being applied to the data processed. And thus I suggest that
> OSI not accept any such terms at all.
>

As you note, the CAL provisions are narrowly targeted. While I can
appreciate the existence of slippery slopes, the OSI has proved very
resilient to approving licenses based upon the existence of prior
"analogous" license provisions.

>
> Regarding how to reject the license within the tems of the OSD: the terms
> proposed work out to be a restriction on use. One can not use the program
> to sequester the customer's data. Such sequestration is a strategy in the
> implementation of software-as-a-service companies - I'm not saying that
> it's nice, just that they do it. Thus, I believe this runs awry of OSD#6, *No
> Discrimination Against Fields of Endeavor.*
>

Thank you for confirming your view in this respect. I would challenge this
thinking, however, based upon the observation that there exist SaaS
companies that provide user data for other reasons (such as Google Takeout,
Facebook's data download, etc). Thus I submit that this is not incompatible
with providing a SaaS service, and thus not a field of use restriction.

> OSI has affirmed that it supports Software Freedom, of the specific form
> defined by the Free Software Foundation and OSI's member the Software
> Freedom Conservancy. Thus, the Four Freedoms of the Free Software
> Foundation apply, and Freedom 0 is more specific to usage restrictions: *The
> freedom to run the program as you wish, for any purpose**. *In this case,
> the proposed terms withhold the freedom to run the program while
> sequestering the information processed.
>

Again, thanks for your statement of the case. I submit that the private use
provisions within the CAL are consistent with Freedom 0.

> There are other problems with practical use of the license. Open Source
> software is intended for everyone to use, not just everyone who can afford
> an attorney and a programming staff. It thus should be the case that the
> "naive user", who simply runs Open Source software and does not modify it,
> should *not *need to read and understand the license, and certainly
> should not need a lawyer to tell them how to run the program in a compliant
> manner.
>

Partially in response to this point, the CAL has been written to be much
simpler for a non-lawyer to understand. More specifically, however, the
provisions of the CAL would not apply unless the user decided to become an
operator, serving other people and providing them with aspects of the
software.

Thanks,
Van
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190822/0af82cde/attachment-0001.html>