[License-review] For approval: The Cryptographic Autonomy License (Beta 2)

Thu Aug 22 23:51:13 UTC 2019

On 8/22/19 7:38 PM, VanL wrote:
> Hi Pam,
>
> Thanks for the hypothetical.
>
> On Thu, Aug 22, 2019 at 6:10 PM Pamela Chestek
> <pamela at chesteklegal.com <mailto:pamela at chesteklegal.com>> wrote:
>
>
>     As a complete duffer in software, this provision is troublesome to
>     me. It goes well beyond offering a service. This is the same
>     example I used on the last review of this license, so forgive me
>     for repeating it. Suppose I put up my homemade website and want a
>     widget that displays my Twitter feed. I look at my options among
>     the various addons and extensions and pick one that looks like
>     it's just the ticket. Woe is me if I picked one under the CAL.
>     Having the widget on my website is not a private use and so I have
>     to make the source code available, plus provide notices and
>     attribution on my website for the widget. I suspect anyone would
>     be surprised that they had incurred such a burden.
>
>
> - Is your concern here with the requirement to provide source code, or
> with the user data/user autonomy provisions? The source code can be
> provided via "easy-to-find hyperlink to an Internet location" with the
> necessary source code and disclosures.
The concern was separate from the data issue. It's not the ease of
compliance, it's the fact that there is a compliance requirement at all
when no other license has one in the same circumstance. Surely when I
search for a widget in an app store and install it on my platform CMS of
choice I can assume I have a license to do just that with no further
requirements.

This license may be troller's gift. We already have copyright trolls who
use the CC licenses to troll. They post images, use SEO to make sure
their image is at the top of any image search (say "Los Angeles" or
"success"), count on the fact that the person using the image will fail
to comply with the license properly, and then sue them for lots of
money. I have several clients who have been bitten by this scheme.
Indeed the cure provision reduces the risk, but there is still the
opportunity to create some havoc simply because you have caught people
unaware on an unexpected requirement.

> - You stated that you are putting in the widget to quote your own
> tweets. So would there be any "Recipient’s User Data in your
> possession" to be worried about? If it would just be your own tweets,
> then no, correct?
Agree.
> - If you are referring to other's tweets, then do you have them "in
> your possession", or are you just displaying what is provided by
> Twitter via their API?
> - If for some reason you have them in your possession - say as a local
> JSON cache - and the person who wrote them asks for a copy, then would
> it be an excessive burden to email the JSON file to the person?
You assume I know what a JSON file is and where to find it.

Pam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190822/4861ab95/attachment.html>