[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

VanL van.lindberg at gmail.com
Wed Dec 11 23:59:34 UTC 2019


Hi Bruce,

You say:

So they either are compelled to write an export facility, or do some sort
of ad hoc export.


No. They are not compelled to offer services to other people! They can run
the software themselves.

If someone *chooses* to offer services to others, then they need to comply
with the CAL.

Which, as you point out:

Most operators, of course, have more than one customer, and in returning
> data to one customer, must be very careful to segregate it from anyone
> else's data. The penalties in Europe for failing to do that are potentially
> very significant, and we can expect them to get that way everywhere.
>
> ... But they must be very careful about what data is released, and due
> diligence probably requires that they inspect the outgoing data manually.
>


If someone chooses to offer services to other people, they need to expect
that there will be compliance burdens that they are taking on - far more
substantial than the requirements of the CAL. It doesn't make sense to
manufacture a "clueless operator" theory that requires someone to knowingly
offer services, take on burdens they can't comply with, and then complain
that the problem is the software license.

Thanks,
Van



>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191211/1649b4b0/attachment.html>


More information about the License-review mailing list