[License-review] For Approval: The Cryptographic Autonomy License

VanL van.lindberg at gmail.com
Fri May 10 20:40:08 UTC 2019

Hi Nigel,

On Fri, May 10, 2019 at 11:59 AM Tzeng, Nigel H. <Nigel.Tzeng at jhuapl.edu>

> Is the implication then that I can request any data for which I have
> ownership interest?  I have photos for which I have a copyright license but
> the original photographer still owns the copyright.  How does the operator
> tell the difference between ownership interest and a license to use?  Does
> a license to use a work in certain circumstances give me possessory
> interest? I haven’t run into possessory interest used before in the context
> copyright (IANAL).

Yes, technically you have the right to ask for things that you don't own
but you have a rightful license. In practice, this would mean that "I can
download things that I uploaded" 99% of the time. If someone wanted to ask
for more, then I presume that the standard practice would be that the
requester would need to demonstrate that they had a lawful interest. This
is standard practice, for example, in some music and photography
applications that have a process for registering that you have a license to
particular content.

> Do I need to provide the operator with a list of items I believe I have
> ownership interest or can I just say “hey give me everything I own?” If I
> can get data back where I only have a license can I request any data that I
> have a valid license whether I uploaded it or not?

Under most circumstances, this would be a "give me my stuff" like Facebook
export or Google Checkout. If you think you have an interest in something
else, you would need to demonstrate that. If you successfully demonstrate a
lawful interest, the operator would need to provide a copy.

>    Can my wife ask for all of my data based on community property interest?

Your wife is not a Recipient. But if she were, then she would need to
establish that she has a lawful interest, as above. If she has a lawful
interest, then she should be able to get that thing which she "owns."

> You also deleted the section regarding the difficulty of an operator
> returning data that is difficult to access from the provided software.  I
> think you avoided answering Bruce when he asked that as well.

I guess I didn't note that portion. But in general, something being
difficult to access does not seem like it would excuse non-compliance.

> Is this a can of legal worms I want to open as a developer or user?
> Because CAL seems problematic for everyone except the original developer
> even for folks trying to adhere to the license in good faith.  If the data
> is present but hard to access the non-developer operator is going to have
> significant issues in complying with the requirements.

Can you explain more of what you mean about "hard to access"? In practice,
the data portability provision is mostly applicable in the SaaS context,
where you also have a registered account associated with any provided
material. That is the 99.9% common use case.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190510/fbd1f48a/attachment-0001.html>

More information about the License-review mailing list