[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Josh Berkus josh at berkus.org
Fri Feb 14 23:06:37 UTC 2020


> So let's put it another way, in terms of a very high-level approach that
> most people here will be familiar with: let's say that Alice runs a
> distributed social network server (let's say Mastodon was under the CAL,
> for simplicity, and Alice is running that), and Bob signs up as a user.
> Bob makes a significant number of posts.
> 1. Is Alice required to be able to provide Bob with a "dump" of all of
>    Bob's content so that Bob can leave at any time?  Presumably, yes.
> 2. This then means that Mastodon must be written in such a way where
>    Alice can easily do this (or even better, that it can even be done
>    without Alice's intervention).  If Mastodon does an incomplete job at
>    this data dump, and some data is missing, is Alice in violation of
>    the software license?

See the thread I started on this concern, already on the list.  Alice is
not obligated to create data-dump functionality in the software that
doesn't already exist.  Instead, the license merely prevents her from
*removing* data-dump functionality without replacing it, or from putting
legal barriers in place to users getting their data.  Where this puts a
burden on Alice is if she adds some crypto functionality to the software
encrypting things that weren't encrypted under the version she
inherited; if she does that, then yes she does need to implement new
data-extraction functionality.

> 3. Presume an existing implementation of Mastodon today.  Right now we
>    re pre-Datashards implementation... all links are https:// based, so
>    you can't really migrate posts between servers.  Is this a
>    "substantially identical use of the work in an equivalent context"
>    even though now everything is broken?  (I genuinely don't know, but
>    it could be interesting to see that tested in court.)

I don't understand this point, but then I don't know that much about
Mastodon internals.

> 4. If Alice in violation of the license if:
>    - She deletes old posts from 5+ years ago, because she was running
>      out of server space?


>    - She decides that Bob was violating community guidelines, and
>      decides to delete some of Bob's posts?

Again, no.  This does provide a workaround for dishonest operators, but
I think that's unavoidable.

>    - The server experiences a crash, and some or all content is lost?

Also no.

> I still have some other concerns that I expressed in the prior email,
> but I'm not sure how to get into them without getting back into the
> technical muck (at least with my level of brain activity at this time of
> the night)... at any rate, I've run out of time to argue them.  I also
> still feel that the legal layer is the wrong layer at which to solve
> this.  Still, I want to make clear that my concerns are not with the
> sincerity of the *goals* of the CAL... I don't doubt Van's sincerity in
> trying to solve problems which we both agree on.  I'm just nervous about
> this as a solution.  But I have probably said as much as I have time to
> say.

Oh, I'd say that it's pretty much certain that we'll end up revising the
CAL down the line, as we have done with every other license.  But at
some point it needs field-testing.

Josh Berkus

More information about the License-review mailing list