[License-review] For Approval: Twente License

Carlo Piana carlo at piana.eu
Wed Feb 6 15:04:56 UTC 2019 

Anand,

that's a very good suggestion, in my humble opinion. The implementation
of that suggestion looks quite hard (details are important here), but
anything along the lines of providing more information in the space
where today we have proper attribution and reasonable copyright notice
is less likely to be at odds with the OSD rules and principles, yes. I
am currently working on where one can push the limit WRT AGPLv3, and
there you can find guidance, methinks.

Carlo


On 06/02/19 15:30, Anand Chowdhary wrote:
> Hi Lukas,
>
> Thank you for your thorough evaluation. I agree with you, especially
> how a better license can be created with transparency requirements. I
> will definitely think about this some more.
>
> Carlo, I would like you thank you once again for your in-depth
> explanation. Do you think your perspective changes with a transparency
> requirement, since there is not laws mandated?
>
> Best,
>
> Anand Chowdhary
> Chief Executive Officer
> Oswald Labs <https://oswaldlabs.com>
>
> NL +31 644691056
> IN +91 9555297989
> ceo at oswaldlabs.com <http://mailto:ceo@oswaldlabs.com>
> On 6 Feb 2019, 15:11 +0100, Lukas Atkinson
> <opensource at lukasatkinson.de>, wrote:
>> While any open source license expresses certain values, I do not think
>> licenses are a good vehicle of ethics. To fulfil the goal of Twente,
>> the next best available Open Source license would likely be a network
>> copyleft like the AGPL: that way, end users can at least inspect the
>> software they are using.
>>
>> Here, a problem is that the Twente License aims to regulate *use* of
>> the software, not just the copying and modification of the software.
>> I.e. it regulates something that is out of scope for copyright, and
>> takes away rights that users would otherwise have. (Similar problems
>> have been discussed regarding the SSPL). This is definitively an
>> OSD-incompatible restriction in jurisdictions where these privacy
>> rules wouldn't be mandatory anyway.
>>
>> I'd like to point out that even the EU is such a jurisdiction, as the
>> Twente License has a weird intersection with the GDPR: Twente covers a
>> more narrow area, but in that area is more restrictive.
>> - Twente covers only collecting PII from users and releasing that data
>> to third parties. GDPR covers any processing of any personal data, and
>> has a clear concept of Data Processors that are not third parties.
>> - Twente only recognizes consent as the basis for collection &
>> release. GDPR also recognizes legitimate interest, necessity for
>> fulfilment of a contract, and legal obligations (like a warrant, or
>> maintaining accounting records).
>> - Twente does not define critical terms such as user, PII, collect,
>> consent, release, third party.
>>
>> In a literal reading of the Twente license, the privacy paragraph
>> could be circumvented by running the Twente-covered software as a
>> separate service so that it neither collects nor releases any data
>> directly. If Twente's restrictions do not apply to the *software* but
>> to the *operator* of the software, this makes it so much clearer that
>> this is indeed an OSD #6 violation.
>>
>> I am also not sure whether Twente-covered software could realistically
>> be used e.g. for e-commerce solutions due to the high bar that
>> “unambiguous prior consent” represents, for example when sharing
>> necessary data with a payment processor or logistics provider.
>>
>> I think it might be possible to construct a better license by dropping
>> any usage restrictions and substituting transparency requirements.
>> E.g. when the software is conveyed in non-source form or publicly
>> performed so that others can interact with the software, then the
>> software must provide (a) proper attribution like under the normal MIT
>> license; and (b) a statement on who acts as a Data Controller in the
>> sense of the GDPR. Unfortunately, that would make it very difficult to
>> distribute binaries without taking on responsibilities as a
>> Controller.
>>
>> _______________________________________________
>> License-review mailing list
>> License-review at lists.opensource.org
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190206/79cbfbce/attachment-0001.html>

More information about the License-review mailing list