[License-review] For Approval: The Cryptographic Autonomy License

VanL van.lindberg at gmail.com
Mon May 13 21:02:51 UTC 2019

Hello all,

I wanted to stop for a minute and provide a checkpoint: a good faith
summary of what I see as the arguments and counterarguments about the CAL.
Please correct me if I am misrepresenting anyone's arguments.

As far as I see it, there are two substantive debates occurring over the
    1) Can data portability can be guaranteed as part of software
freedom/under the OSD?
    2) Is the legal mechanism of using "public performance" effective,
compliant with the OSD, and good policy?

These issues are fundamental. Regardless of how well (or how poorly) the
CAL is drafted, these cannot be resolved through more precise wording or
better examples. Other issues of wording, or clarifications about the role
of patent rights have been raised, but those seem to have been resolved
through explanation or changes to the wording. There is also a third line
of argument that the CAL is too complicated, and that complexity *per se*
should be disqualifying. With regard to this third argument regarding
complexity, it seems subordinate to the substantive debates above. (For an
example, see Perens, ; also in rebuttal, Villa,

The substantive arguments above generally only apply to the "operator" use
case, where the software is being run by a first user (the "operator") to
provide services to one or more second users (the "end users"). Note that
the linked messages below are *representative*, not comprehensive.

*1. Arguments about data portability:* The CAL conditions the exercise of
copyright and patent permissions on providing data portability for end
users of the software in the operator context. This is for "User Data" as
defined in the CAL, which is scoped to data that is input to or output from
the software in which a user as a preexisting interest.

- Argument: The data portability provisions violate freedom zero. (Perens,
- Response: Data portability is in line with traditional notions of
software freedom (Lindberg,
see also "CAL is a net positive contribution to software freedom" (Ingo,

- Argument: It is a use restriction (prohibited under OSD 6) to deny
operators the ability to withhold user data from end users because it
applies more particularly in the operator case. (Perens,
- Response: Operators are free to use the software in any way they see fit
- there is nothing in the CAL that denies them the ability to use the
software in any particular way. They just have to take the additional
action of providing data portability along with source.

- Argument: This encumbers data that is outside the scope of the license.
- Response: The CAL does not create any rights that did not previously
exist. It does not change the license for any work or data. (Lindberg,

- Argument: Data is not copyrightable, so not reachable by the license.
- Response: The copyrightability or not of data is not relevant to the
license; the CAL does not create new ownership interests or licensing
rights. (

- Argument (Ingo vs Ingo!): CAL may fail OSD #6, in similar fashion to
license zero... "I also agree with Bruce that this whole topic is a can of
- Response: Having "Freedom to run the program for any purpose" includes
both operator and end user as people "running" the program - this is the
idea behind all network copyleft.... CAL is scoped "in a way that is quite
(Both are Ingo, same message:

- Argument: Data portability is an ethical restriction which doesn't belong
in a license. (Cowan,
- Response: The CAL limits itself to permissions for the work and does not
invoke ethical duties (

*2. Arguments about the legal mechanism:* Open source software licenses
rely on intellectual property law to enforce their rules concerning the
licensing of derived works. Most existing FOSS licenses have used the
ability to distribute the work and to create derivative works (both under
copyright) as the traditional "hook" for enforcement. Some alternatives do
exist: the third party beneficiary language in NASA 1.3, and the "network
interaction" with a modified work in AGPL.The CAL also uses distribution
and the ability to create derivative works as hooks for copyleft
enforcement. The CAL also uses "public performance" (either as included in
the copyright statute or as defined in the included definition), as well as
patent rights (specifically "use", "sale," and "offer for sale").

Most of the arguments have to do with the use of public performance:
- Argument: This is legally untested and not necessary (e.g. Ingo,
- Response: The only other license applicable in an operator context is the
AGPL, which uses legally novel terms, is gameable relative to enforcement,
and ambiguous in a corporate context (Lindberg,
see also Fleming,

- Argument: Public performance is US-centric and may not be applicable in
the international context. (Chestek,
- Response: WIPO "Communication to the public" appears analogous (Atkinson,
see also Ingo,
and "Public performance is also a defined term" (Lindberg,

- Argument: Public performance extends copyright ("is copyright
maximalist") and so should be rejected as a matter of policy. (example:
Henrik Ingo,
see also Peterson,

- Response: "Public performance is recognized under copyright" and it is
better to use existing legal terms (Lindberg,
see also Rosen,
but Rosen mentions that it may be limited in application)

- Argument: The CAL uses Oracle v. Google-based logic regarding API
reimplementation, this is premature (Fontana,

- Response: These rights already exist, this is not an extension (Lindberg,
Also, the structure of the CAL does not make it dependent upon a particular
outcome in OvG (Chestek,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190513/12eb9848/attachment-0001.html>

More information about the License-review mailing list