[License-review] For approval: The Cryptographic Autonomy License (Beta 2)

[Henrik Ingo]

On Sun, Aug 25, 2019 at 10:38 PM Pamela Chestek <pamela at chesteklegal.com>
wrote:

>
> Assume I downloaded code to my web server that creates a display on my
> website, a red square. It was easy for me to install, I just went to
> WordPress Plugins and, voila! I do not distribute any code to the viewer
> of my website, no Javascript, nothing. It is just displayed on my
> website. (Maybe that's not a realistic hypothetical, I don't know - does
> everything have Javascript?)


As Bruce clarified, a Wordpress plugin is still likely to send some
fragments of HTML and CSS that may be part of the copyrightable work. But I
understand your intent. Let's say the server side code really produces a
red PNG image that is 100% generated, definitively not copyrightable (or at
least a separate work, let's leave it at that), and you include this red
square on your web page.




> Under the CAL, just because when you look
> at my website you see the red square, I have to provide the source code,
> the attribution, the license, etc. So I have to figure out how to make
> that all happen on my website when all I know how to do is download
> plugins because I'm a duffer.
>
> My point is this is well beyond the AGPL. For the AGPL, two more things
> have to happen before I have to provide the source code, I have to have
> modified the code and a user has to be able to interact with the
> program. For those who think that the AGPL is too far, or the outermost
> appropriate reach for copyleft, the CAL is beyond that.
>
>
WRT AGPL I disagree on the first point. In my opinion the AGPL does apply
to the red square. It is a user interface element and it was sent to your
browser over the network, and you interacted with the server using HTTP. If
you successfully argue that I have not interacted with the server side
program over the network, then this is a loophole in the AGPL, not a
desired property. (And yes, it is a real weakness of the AGPL. This is why
we need alternatives.)

The only reason the AGPL doesn't cause any legal obligation to you is the
phrase "if you modify the Program", which you haven't.

Wrt the CAL, I think there are 2 issues here:

1. You are responsible for source availability even when using the
unmodified software. It seems to me this is not a fundamental requirement
for Van and it's possible to relax it.

2. You are responsible to fulfill obligations wrt user data. This is the
fundamental idea of this license. I've explored ideas on license-discuss to
implement this more analogously to AGPL, to be more friendly to use of
unmodified software. It was a good discussions but I'm not sure my
alternatives were preferable. For my part I welcome more discussion and
better ideas.

The idea to not encumber (naive) users of unmodified versions  is a
worthwhile discussion to have. But I also wouldn't want to overdo it. It is
certainly within the spirit of (network) copyleft that you as the creator
of the website may have obligations toward your viewers/users, and
ignorance doesn't absolve you. Also, it is not at all unlikely that even
the duffer makes some trivial modifications to the source - this is the
miracle of open source after all! For example, you may be capable of
finding the word "red" and changing it to "green" and now you have modified
the program. We should note that §4.2 seems fairly flexible wrt the time it
may take for the duffer to fulfill his obligations, and in any case there
is a 60 day general grace period to come into compliance. So these
requirements seem very reasonable to me at least, as we are securing
freedom for users of the website.

The example I find more interesting would be users that download an
unmodified app to their laptops and phones. From a user experience point of
view, this is private use. But if it is a peer-to-peer app - which is what
CAL is designed for - then the app is in fact acting behind the users back
as a network server and receiving data from other users. Here it seems the
users are rightfully unsuspecting and shouldn't be burdened with the
obligations of a SaaS vendor. (Both 1 and 2 apply.)


For completeness, I'll repeat myself with:

3. If I manually create an identical red PNG file for my website, it seems
the CAL is claiming that I'm now infringing on your website. This is
obviously absurd, yet that's what those words seem to say.

henrik
-- 
henrik.ingo at avoinelama.fi
+358-40-5697354        skype: henrik.ingo            irc: hingo
www.openlife.cc

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190826/7114d5ea/attachment-0001.html>