[License-review] For Approval: The Cryptographic Autonomy License

Bruce Perens bruce at perens.com
Fri May 10 01:39:38 UTC 2019

On Thu, May 9, 2019 at 4:00 AM VanL <van.lindberg at gmail.com> wrote:

> Since your language seems oriented toward a system with a system operator
>> who potentially hoards data....
> I am not sure where you are getting this.

The fact that your text has language to compel someone to disclose data in
certain situations obviously indicates that you believe a licensee might
not otherwise wish to disclose that data ("hoard" it). Your discussion of
the terms, albeit theoretical, was posed as applying to a photo storage
site which refused to return your photos.

The intent for Holochain, as promoted by your customer, is to be
distributed without middlemen. However, in such a network there would be
little need for the data disclosure terms, thus they appear to be meant to
fight a centralized operator. Indeed, the explanatory language for
Holochain poses it this way:

Suppose someone releases a cryptocurrency which promotes itself as a
peer-to-peer app that is extremely easy to use. You just install it on your
phone, tablet, or computer, and it leverages the power of cryptographic
keys to sign transactions to and from your account/wallet. You can do
direct transactions with other users without those transactions going
through any centralized servers.

That sounds pretty normal so far, but this particular application generates
the crypto keys for your account from a key-server controlled by the
software developer. It turns out the developer ALSO has a copy of
everyone’s private keys that control their accounts, and can spend anyone’s
funds whenever they want. Would you consider this a valid approach for a
decentralized cryptocurrency?

It seems to me that this is the sort of operation to which the data
disclosure terms are directed.

> *cryptographic keys*, and any information reasonably necessary to compile
>> the Source Code into Object Code *or Process User Data* using generated
>> Object Code.
>> I am still reading this as "cryptographic keys necessary to process user
>> data". If that is not what it says, perhaps splitting this into two
>> sentences is appropriate.
> ...

> No. You are selecting elements from the sentence in such a way as to
> create a new sentence. A Recipient gets everything necessary to compile the
> binary and execute the resulting object code.

The problem I am having here is a more global problem with the license. A
number of competent attorneys have struggled with it here, and it's
sufficiently unclear to them; or in the case of public performance,
contrary to their understanding of law; that I can't count on lawyers and
courts holding to your interpretation. Nor do I believe that uncounseled
developer has the slightest hope of developing a correct understanding of
the license.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190509/02a3ae85/attachment.html>

More information about the License-review mailing list