[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

VanL van.lindberg at gmail.com
Wed Dec 4 20:29:32 UTC 2019

 Based upon ongoing discussions with the license review committee, I am
withdrawing Beta 3 and substituting Beta 4 (here attached).

The primary change between Beta 3 and Beta 4 is the definition of "User

My understanding of OSI's position is that data requirements, such as are
addressed by the CAL, are within scope of what an open source license can
reasonably address. However, there was a request by the committee to more
tightly define the definition of "User Data" so that it was more closely
tied to function and experience of using the software by a user who chooses
to self-host.

In consultation with my client, we have proposed and received positive
feedback on the following modified definition of User Data (most
significant change bolded):

“User Data” means any data that is an input to or an output from the
Work, *where
the presence of the data is necessary for substantially identical use of
the Work in an equivalent context chosen by the Recipient*, and where the
Recipient has an existing ownership interest, an existing right to possess,
or where the data has been generated by, for, or has been assigned to the

There are also a few cleanups and the following minor but substantive
- Section 7.4, There is a definition of "prevailing party" for attorney fee
awards (" A “prevailing party” is the party that achieves, or avoids,
compliance with this License, including through settlement.")
- Section 5.3, Enforcing against a terminated licensee does not cause
termination for the license-enforcing party  ("Administrative review
procedures, declaratory judgment actions, counterclaims in response to
patent litigation, and enforcement actions against former Licensees
terminated under this section do not cause termination due to litigation.")

All other discussion regarding CAL Betas 2 and 3 should apply.

>From the original submission:

*Rationale:* The CAL is a new network copyleft license especially
applicable for distributed systems. It is designed to be as protective as
possible of downstream recipients of the software, providing them all that
they need to create and use an independent copy of a licensed work without
losing functionality or data.

*Distinguish:* The CAL is most similar to the AGPL, and will have a similar
scope of action in most cases. However, the CAL has provisions that require
that operators provide recipients of the software with a copy of their user
data, enhancing their ability to independently use the software. The CAL
also allows the creation of mixed "Larger Works," provides for affiliate
use, and does not specify a mechanism by which notice is given to

*Legal Analysis*: The CAL was drafted by legal counsel. Previous
discussions have outlined many aspects of the legal analysis.

A copy the the license in Markdown format is attached. For those who would
prefer it, a Google Docs version of the license is viewable here:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191204/64d396d6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Cryptographic Autonomy License v1.0-Beta 4.md
Type: application/octet-stream
Size: 16454 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191204/64d396d6/attachment-0001.md>

More information about the License-review mailing list