[License-discuss] For Public Comment: The Cryptographic Autonomy License

VanL van.lindberg at gmail.com
Thu Mar 21 15:18:11 UTC 2019

 Hi Henrik,

Thanks again for your comments. They have been helpful in making sure that
the scope of the CAL is clearly communicated.

On Wed, Mar 20, 2019 at 6:27 AM Henrik Ingo <henrik.ingo at avoinelama.fi>

> It's IMO regrettable that the goal of the CAL isn't to protect the entire
> scope of GDPR personal data (in addition to copyrighted ebook data),
> because that would have been really cool, but since I am not your client in
> this project, I will have to settle with the victory that the above is at
> least clearer now.

I think that might be an interesting project as well. But as you note, that
is not *this* project.

> Btw, it will probably continue to be a source of confusion that people
> commonly say - and think of "user data" - when they mean GDPR personal
> data. No matter how clear you make the license itself, calling out this
> difference seems like a good FAQ entry. (Even I started out googling with
> "user data", and google was smart enough to point me in the right direction
> anyway.)

I will think about whether a different term might help avoid confusion.

> If we again compare to the GPL, merely to draw from existing history and
> practice, it always explicitly didn't restrict "unlimited permission to run
> the unmodified Program".

The CAL also grants unlimited permission to run the program, although it is
not stated as an explicit positive grant like the GPL. Rather, it is
phrased such that the only conditions are the ones in section 2, and all
other uses are allowed. From the current header to section 2:

The following conditions apply to any exercise of the permissions given in
section 1. These are the only conditions imposed by this license relative
to the Work; any other exercise of the permissions given in section 1 is

> In addition to concerns I already raised above and in previous email,
> reading this reminds me of an email Bruce sent in January
> <https://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2019-January/020261.html>.
> I realize now it may have been motivated by the CAL all along? Key point:
> "In addition, I think there's a principle here. Extension of copyright is
> bad for Open Source, even if it helps us enforce our licenses more
> effectively."

I don't think I have ever been confused with an IP maximalist. And as I
responded to Bruce: It is not this license that would move the needle one
way or another. The CAL carefully hews to the exact boundaries of existing
IP law, and goes no further. It even has a limiting clause emphasizing as
7.1.2 No extension beyond intellectual property

The scope of the permissions granted in section 1.1 shall be interpreted to
be coextensive with the rights granted to the Licensor under the
intellectual property laws of the jurisdiction in which this License is
enforced. The scope of the permissions granted also includes any necessary
permissions, such as for moral rights, needed in a jurisdiction to exercise
the permissions explicitly granted in section 1.1.

> I'm myself always open to discuss ways of making copyleft stronger, but
> Bruce has a valid point. In the case of CAL my argument is that you can
> achieve the same goals by using legal tools already existing in the
> software industry, so pioneering the use of public performance has only
> downsides (for users of CAL, but also all of us) but little benefits.

And what tools are those? I am aware of AGPL's remote network interaction
for modified works. However, that does not reach the scope needed for the
use cases I have articulated.

I would be very interested to hear - from *anyone* - about proposed tools
that could accomplish this task while still being OSD compliant.

Passers by have been recipients of a public performance. These examples are
> straight out of existing case law and money exchanges hands every month
> based on this being legally established. Licensees have fought  these cases
> in court and lost and now they're paying.

Yes. But even assuming your hypothetical, to avoid infringement only
requires "an easy-to-find hyperlink to an Internet location also providing
Access to Source Code." (CAL 2.1). If the hyperlink is there, then people
receiving the public performance have been notified to the exact extent
they received the public performance. If the hyperlink is not there, then
the work is infringing.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20190321/41728263/attachment.html>

More information about the License-discuss mailing list