[License-review] For Approval: The Cryptographic Autonomy License

Fri May 10 20:40:08 UTC 2019

Hi Nigel,

On Fri, May 10, 2019 at 11:59 AM Tzeng, Nigel H. <Nigel.Tzeng at jhuapl.edu>
wrote:

> Is the implication then that I can request any data for which I have
> ownership interest?  I have photos for which I have a copyright license but
> the original photographer still owns the copyright.  How does the operator
> tell the difference between ownership interest and a license to use?  Does
> a license to use a work in certain circumstances give me possessory
> interest? I haven’t run into possessory interest used before in the context
> copyright (IANAL).
>

Yes, technically you have the right to ask for things that you don't own
but you have a rightful license. In practice, this would mean that "I can
download things that I uploaded" 99% of the time. If someone wanted to ask
for more, then I presume that the standard practice would be that the
requester would need to demonstrate that they had a lawful interest. This
is standard practice, for example, in some music and photography
applications that have a process for registering that you have a license to
particular content.

> Do I need to provide the operator with a list of items I believe I have
> ownership interest or can I just say “hey give me everything I own?” If I
> can get data back where I only have a license can I request any data that I
> have a valid license whether I uploaded it or not?
>

Under most circumstances, this would be a "give me my stuff" like Facebook
export or Google Checkout. If you think you have an interest in something
else, you would need to demonstrate that. If you successfully demonstrate a
lawful interest, the operator would need to provide a copy.

>    Can my wife ask for all of my data based on community property interest?
>

Your wife is not a Recipient. But if she were, then she would need to
establish that she has a lawful interest, as above. If she has a lawful
interest, then she should be able to get that thing which she "owns."

> You also deleted the section regarding the difficulty of an operator
> returning data that is difficult to access from the provided software.  I
> think you avoided answering Bruce when he asked that as well.
>

I guess I didn't note that portion. But in general, something being
difficult to access does not seem like it would excuse non-compliance.

> Is this a can of legal worms I want to open as a developer or user?
> Because CAL seems problematic for everyone except the original developer
> even for folks trying to adhere to the license in good faith.  If the data
> is present but hard to access the non-developer operator is going to have
> significant issues in complying with the requirements.
>

Can you explain more of what you mean about "hard to access"? In practice,
the data portability provision is mostly applicable in the SaaS context,
where you also have a registered account associated with any provided
material. That is the 99.9% common use case.

 Thanks,
Van
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190510/fbd1f48a/attachment-0001.html>