[License-discuss] For Public Comment: The Cryptographic Autonomy License

Henrik Ingo henrik.ingo at avoinelama.fi
Mon Mar 25 10:11:46 UTC 2019

On Thu, Mar 21, 2019 at 5:30 PM VanL <van.lindberg at gmail.com> wrote:
> Thanks again for your comments. They have been helpful in making sure that the scope of the CAL is clearly communicated.

You're welcome. The goal given by your client is interesting. I hope
you end up with a good new license.

> On Wed, Mar 20, 2019 at 6:27 AM Henrik Ingo <henrik.ingo at avoinelama.fi> wrote:
>> Btw, it will probably continue to be a source of confusion that people commonly say - and think of "user data" - when they mean GDPR personal data. No matter how clear you make the license itself, calling out this difference seems like a good FAQ entry. (Even I started out googling with "user data", and google was smart enough to point me in the right direction anyway.)
> I will think about whether a different term might help avoid confusion.

Maybe. Added challenge is that we speak about GDPR in our native
languages. So it's in any case somewhat arbitrary what I happen to
think is the English translation for GDPR "personal data". But several
blogs did seem to talk about "user data".

>> If we again compare to the GPL, merely to draw from existing history and practice, it always explicitly didn't restrict "unlimited permission to run the unmodified Program".
> The CAL also grants unlimited permission to run the program, although it is not stated as an explicit positive grant like the GPL. Rather, it is phrased such that the only conditions are the ones in section 2, and all other uses are allowed. From the current header to section 2:
> The following conditions apply to any exercise of the permissions given in section 1. These are the only conditions imposed by this license relative to the Work; any other exercise of the permissions given in section 1 is allowed.

And this is good. The discussion here is really just pointed toward
the use of "public performance".

> I don't think I have ever been confused with an IP maximalist. And as I responded to Bruce: It is not this license that would move the needle one way or another. The CAL carefully hews to the exact boundaries of existing IP law, and goes no further. It even has a limiting clause emphasizing as such:

For practical purposes there's still a huge difference between lawyers
writing fairly theoretical essays about how public performance applies
also to software (which I don't dispute) vs a license asserting that
for a piece of real software.

>> I'm myself always open to discuss ways of making copyleft stronger, but Bruce has a valid point. In the case of CAL my argument is that you can achieve the same goals by using legal tools already existing in the software industry, so pioneering the use of public performance has only downsides (for users of CAL, but also all of us) but little benefits.
> And what tools are those? I am aware of AGPL's remote network interaction for modified works. However, that does not reach the scope needed for the use cases I have articulated.
> I would be very interested to hear - from *anyone* - about proposed tools that could accomplish this task while still being OSD compliant.

To summarize my previous argumentation:
 - When I access remotely your Holochain node instance, necessarily
you are executing it on a computer
 - It is well established that software (copyright) licenses can and
do place essentially arbitrary limitations on executing the software.
This power seems to only be limited by other considerations, such as
anti-trust law, while copyright law itself grants the licensor
unlimited power here.
 - We should not interpret the OSD such that it prevents you from
using this power to protect user freedoms. This should be clear in
itself, but also from aforementioned policy perspective, where the
alternative route of trying to innovate even more power out of IP law
is counter productive. (Obviously, the OSD restricts *some* ways of
implementing this. For example using words like "vendor" would imply
that a limitation is primarily targeting commercial use.)

>> Passers by have been recipients of a public performance. These examples are straight out of existing case law and money exchanges hands every month based on this being legally established. Licensees have fought  these cases in court and lost and now they're paying.
> Yes. But even assuming your hypothetical, to avoid infringement only requires "an easy-to-find hyperlink to an Internet location also providing Access to Source Code." (CAL 2.1). If the hyperlink is there, then people receiving the public performance have been notified to the exact extent they received the public performance. If the hyperlink is not there, then the work is infringing.

In my examples I was also thinking of more or less unintended
instances of such public performance. As an example, say that an
operating system is licensed under the CAL, and the new open source
friendly Microsoft has ported PowerPoint to this OS. The billboard in
the park is really intended to show a PowerPoint presentation, but it
has crashed, and instead everyone can see the desktop of the operating
system (or window manager).

henrik.ingo at avoinelama.fi
+358-40-5697354        skype: henrik.ingo            irc: hingo

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7

More information about the License-discuss mailing list