[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

[Brian Behlendorf]

On Tue, 10 Dec 2019, Nigel T wrote:
> I also do not believe that we can rely on a more forgiving reading of 
> license terms but a stricter one...part of the review process here is 
> hopefully to figure out possible failure modes from both benign and 
> malevolent actors.

Indeed, can no one here think of rational use cases when you may possess 
personal data about someone else, that you wish that person not to be able 
to access on demand?  Consider:

* Whistleblowers
* Journalists
* Psychologists/Psychiatrists
* Sociologists performing research
* Business negotiations

There are some of difficult-to-evaluate balancing acts between privacy 
rights of two different parties in most business contexts, that leads to 
subjective criteria in well thought out regulations like the GDPR, for 
good reasons.  This is why, on day one, it was unclear what kinds of 
change the GDPR would actually bring about, until we've seen the various 
national regulators start to issue rulings that show where they draw the 
lines between reasonable exceptions and abuse of the loopholes.

Software copyright licenses are the wrong place to accomplish these goals. 
Open source licenses should be relatively immutable, universal, equitable 
between provider and recipient, and rely on well-understood (and 
case-law'd) legal paradigms. Network node governance agreements are the 
right place, as they can be updated more easily, allow for competition 
between networks with different policies, and be adjudicated in 
non-governmental ways.

Brian