[License-review] For Approval: The Cryptographic Autonomy License

Bruce Perens bruce at perens.com
Tue Apr 23 01:27:48 UTC 2019 

I am also assuming that "*any third party with which you have an
enforceable legal agreement" *means everyone, this including every formal
and informal commercial transaction, and thus probably all members of the
market theorized.

On Mon, Apr 22, 2019 at 5:58 PM Bruce Perens <bruce at perens.com> wrote:

> I suspect that it might not really be time to submit the license yet, and
> that it needs further work.
>
> The purpose of the license is to implement a sort of market and to protect
> the operation *of the market,* rather than simply *the rights regarding
> the program.* This necessarily requires that the terms of the license go
> substantially beyond  terms regarding the software itself. Thus, we have
> the terms regarding user data, which apply to *any data whatsoever* which
> the program has touched in some way:
>
> *b) Throughout any period in which You exercise any of the permissions
> granted to You under this License, You must also provide to any third party
> with which you have an enforceable legal agreement, a no-charge copy,
> provided in a commonly used electronic form, of the User Data in your
> possession in which that third party has a Lawful Interest;*
>
> And then we define user data this way:
>
>
> *l) “User Data” means any data that is either a) an input to, or b) an
> output from, the Work or a Modified Work, in which a third party other than
> the Licensee has a Lawful Interest in the data.*
>
>
> But we never define* lawful interest. *We refer to GDPR and, I guess,
> vaguely wave at the body of law entire.
>
> So, consider that each user processes data about the *entire market, *as
> is common in blockchain systems*.* Each user may thus have an obligation
> to disclose data to very many other users who have a legal interest in that
> data. The user may also have an obligation to guard data from being
> disclosed to the wrong people, because this would endanger the user's
> privacy rights or those of other users, or break the market. So, this can
> be a very large legal obligation to properly verify requests and distribute
> data.
>
> Now, I can guess that Van intended these terms to apply only to a large
> operator of a financial network of the sort theorized. But as written they
> apply to every user.
>
> The user is very poorly informed regarding user data. When does another
> user actually have a *legal interest* in it? And where, since this is
> European law? Why are we using a term from real estate law: "quiet
> enjoyment", which we can not expect the user to understand regarding
> software? Since GDPR is referenced, the user needs to understand that too,
> even if it doesn't apply where they live.
>
> If the user data is stored using a one-way hash, and we also have terms
> regarding cryptographic hashes, must the specifics of the one-way hash be
> revealed, even when they would put the security of other users at risk?
>
> So, it strikes me that overall, this is a license that requires a lawyer
> simply to *use *the software, and that a user without legal counsel would
> not practically be able to exercise their responsibility regarding the
> license terms.
>
> I am not recommending approval until the actual complexity of the license
> as faced by a non-developer user is much better bounded than it is by the
> current terms.
>
>     Thanks
>
>     Bruce
>
> On Mon, Apr 22, 2019 at 11:44 AM VanL <van.lindberg at gmail.com> wrote:
>
>> I'd like to thank everyone who provided feedback on earlier drafts of the
>> Cryptographic Autonomy License (CAL). Since we presented the draft license
>> in February, we have received hundreds of comments and suggestions, all of
>> which have helped us fine-tune the license.
>>
>> We now present the CAL 1.0-Beta for approval at the next board meeting:
>>   Google Docs link:
>> https://docs.google.com/document/d/1sWUREQN02YJ-q91gXOCflRB57Q1YcU1G7UMS_a8WOTI/edit#
>>   PDF Link: https://www.processmechanics.com/static/CAL-1.0-Beta.pdf
>>
>> The CAL is still open for revision until it is approved by the Board, and
>> the links above will be updated as appropriate.
>>
>> I also refer everyone here again to the blog post describing the legal
>> foundations of the license (
>> https://www.processmechanics.com/2019/03/15/the-cryptographic-autonomy-license/)
>> as well as the discussion on license-discuss, summarized by Lukas Atkinson
>> here:
>> http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2019-April/020394.html
>>
>> Thanks,
>> Van
>>
>> _______________________________________________
>> License-review mailing list
>> License-review at lists.opensource.org
>>
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190422/1d548ca7/attachment-0001.html>

More information about the License-review mailing list