[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

VanL van.lindberg at gmail.com
Thu Dec 5 14:05:54 UTC 2019

Hello Bruce,

You seem to be outlining a classic clean-room reverse engineering procedure
and asking if it is possible for someone to use such a procedure.

- In the case of Holochain itself, certain necessary aspects are patent
pending. The CAL itself is the mechanism by which the patent is licensed to
users and contributors. Someone who attempted to subvert the user
protections would thus be exposing themselves to an infringement lawsuit,
as they would have bypassed the method by which they could receive a
license. Thus patent law, like copyright, is harnessed to protect the
software commons.

- In the general case, I don't dispute that there could be a hypothetical
clean room procedure that would allow legal reverse engineering. In
practice, I believe the law is muddled and the steps needed to create and
execute such a clean room procedure are unclear. Maybe Google v. Oracle
will give us more clarity.


On Thu, Dec 5, 2019 at 12:23 AM Bruce Perens via License-review <
license-review at lists.opensource.org> wrote:

> Hi Van,
> I hope you've been well.
> The purpose of the CAL is to protect the Holochain (https://holochain.org/)
> from bad actors who would sequester user data. I am exploring whether it
> could possibly be effective at that, which of course has some implication
> on its usefulness.
> Is there anything in the terms that would prevent a developer from reading
> the entire code base, and developing a detailed understanding of how it
> works?
> Would anything in the terms prevent a developer from documenting how
> Holochain (or any other licensed code) works, and publicly distributing
> that document under a different license from the original code? Assume that
> the document only renders descriptions of the functionality necessary for
> interoperability.
> Would anything in the terms prevent any developer from taking that
> document, and implementing an interoperable program under any license, or
> no license?
> Would the CAL terms prevent such an interoperable program from operating
> as a Holonet node?
> Does Holonet have any other legal means of preventing such an
> interoperable program from operating as a Holonet node?
> Can the CAL data terms, and the overall intent to keep user data available
> to the user on Holonet, thus be circumvented by anyone who takes the
> trouble to develop an interoperable program?
> And if the answer is no, even if the program is under an OSI-approved
> license?
>     Thanks
>     Bruce
> On Wed, Dec 4, 2019 at 12:31 PM VanL <van.lindberg at gmail.com> wrote:
>> Based upon ongoing discussions with the license review committee, I am
>> withdrawing Beta 3 and substituting Beta 4 (here attached).
>> The primary change between Beta 3 and Beta 4 is the definition of "User
>> Data."
>> My understanding of OSI's position is that data requirements, such as are
>> addressed by the CAL, are within scope of what an open source license can
>> reasonably address. However, there was a request by the committee to more
>> tightly define the definition of "User Data" so that it was more closely
>> tied to function and experience of using the software by a user who chooses
>> to self-host.
>> In consultation with my client, we have proposed and received positive
>> feedback on the following modified definition of User Data (most
>> significant change bolded):
>> “User Data” means any data that is an input to or an output from the
>> Work, *where the presence of the data is necessary for substantially
>> identical use of the Work in an equivalent context chosen by the Recipient*,
>> and where the Recipient has an existing ownership interest, an existing
>> right to possess, or where the data has been generated by, for, or has been
>> assigned to the Recipient.
>> There are also a few cleanups and the following minor but substantive
>> changes:
>> - Section 7.4, There is a definition of "prevailing party" for attorney
>> fee awards (" A “prevailing party” is the party that achieves, or avoids,
>> compliance with this License, including through settlement.")
>> - Section 5.3, Enforcing against a terminated licensee does not cause
>> termination for the license-enforcing party  ("Administrative review
>> procedures, declaratory judgment actions, counterclaims in response to
>> patent litigation, and enforcement actions against former Licensees
>> terminated under this section do not cause termination due to litigation.")
>> All other discussion regarding CAL Betas 2 and 3 should apply.
>> From the original submission:
>> *Rationale:* The CAL is a new network copyleft license especially
>> applicable for distributed systems. It is designed to be as protective as
>> possible of downstream recipients of the software, providing them all that
>> they need to create and use an independent copy of a licensed work without
>> losing functionality or data.
>> *Distinguish:* The CAL is most similar to the AGPL, and will have a
>> similar scope of action in most cases. However, the CAL has provisions that
>> require that operators provide recipients of the software with a copy of
>> their user data, enhancing their ability to independently use the software.
>> The CAL also allows the creation of mixed "Larger Works," provides for
>> affiliate use, and does not specify a mechanism by which notice is given to
>> recipients.
>> *Legal Analysis*: The CAL was drafted by legal counsel. Previous
>> discussions have outlined many aspects of the legal analysis.
>> A copy the the license in Markdown format is attached. For those who
>> would prefer it, a Google Docs version of the license is viewable here:
>> https://docs.google.com/document/d/1-eD9EH6i3wdSXgG4XJbF-a0cSSknOERjYzlVonOwAQ0/edit?usp=sharing
>> _______________________________________________
>> License-review mailing list
>> License-review at lists.opensource.org
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
> --
> Bruce Perens - Partner, OSS.Capital.
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191205/77931134/attachment.html>

More information about the License-review mailing list