Strange naming choice?

Posted Aug 26, 2019 21:09 UTC (Mon) by leromarinvit (subscriber, #56850)
Parent article: Debating the Cryptographic Autonomy License

The name makes it sound like the license is somehow related to cryptography, while that doesn't seem to be the case. It only mentions cryptography in two places: once in the definition of the term "source code", and again in section 4.2.2 (emphasis mine):

#### 4.2.2. No Technical Measures that Limit Access
You may not, by means of cryptographic controls, control of encryption keys, seeds, hashes, or any other technological protection measures, or any other method, limit a Recipient’s ability to access any functionality present in Recipient's independent copy of the Work, or to deny a Recipient full control of the Recipient’s User Data.

It seems to me that the mention of cryptography is only an example of how access could be limited (and the license thus violated). Indeed, an entity could be violating this license without running any crypto code at all. So why focus on cryptography to the point of including it in the name?

to post comments

Strange naming choice?

Posted Aug 27, 2019 6:57 UTC (Tue) by nim-nim (subscriber, #34454) [Link] (11 responses)

Presumably, because withholding crypto keys, is the usual way to block user access to his data (as replicated on the smartphone client for example).

Such licenses do not spring up out of the blue. Writing them is a lot of work. They are the outcome of years of rampant VC-friendly antifeaturing.

Strange naming choice?

Posted Aug 27, 2019 7:17 UTC (Tue) by gfernandes (subscriber, #119910) [Link] (10 responses)

But what data are we talking about, that is **currently** locked cryptographically, that **can't equally easily** be blocked by other means (license agreements etc.)?

Strange naming choice?

Posted Aug 27, 2019 11:38 UTC (Tue) by nim-nim (subscriber, #34454) [Link] (7 responses)

Ah, licensing agreements, dangerous stuff, that takes you in legal land, and judges actually understand when you try overreaching and screwing up other parties.

Much safer to use technical means, that a lot of judges will wave over because they don't want to be dragged into software voodoo discussions.

Strange naming choice?

Posted Aug 27, 2019 16:53 UTC (Tue) by gfernandes (subscriber, #119910) [Link] (6 responses)

Isn't that exactly what this "license" is as well?

Strange naming choice?

Posted Aug 28, 2019 7:34 UTC (Wed) by nim-nim (subscriber, #34454) [Link] (5 responses)

Yes that’s exactly what it is and why it will work.

Remember that the people writing this license want the exact opposite of the people deploying sneaky underhanded technical ways to screw up the population.

So from their point of view, clearing the technical fog, and putting the ball squarely in legal land, is a good thing. *They* do not fear any scrutiny, nor judges or the general public wisenning up to what’s been going on.

Strange naming choice?

Posted Aug 28, 2019 13:52 UTC (Wed) by gfernandes (subscriber, #119910) [Link] (4 responses)

I doubt it'll work. Look at Google. Successfully side stepped the limitations of the GPL, but **only** using the Linux kernel, and **rewriting** the entire stack on top of it!

The Google's and the Facebook's of this world have ample resources to completely sidestep this license, as they have demonstrated time and time again.

This license changes nothing.

Only strong government legislation, like that introduced recently by the EU, will work.

Strange naming choice?

Posted Aug 28, 2019 15:01 UTC (Wed) by nim-nim (subscriber, #34454) [Link] (3 responses)

This isn't aimed at Google of Facebook, they are already in the regulator visor, this is aimed at the miriad boutique shops that add antifeatures to squeeze as much value from users as possible, without the capability to rewrite the free software world.

And rewriting the world privately is not comfortable, even when you’re Google, or it would have never bothered to open source kubernetes.

Strange naming choice?

Posted Aug 28, 2019 15:04 UTC (Wed) by nim-nim (subscriber, #34454) [Link] (1 responses)

(and BTW “strong legislation” means moving the problem legal-side exactly like this license does)

Strange naming choice?

Posted Aug 29, 2019 6:26 UTC (Thu) by gfernandes (subscriber, #119910) [Link]

Not really. This license is a license, like any other. Under most jurisdictions it falls under either copyright or contact law.

Strong legislation is neither. It's **new** laws introduced specifically for data protection, like the GDPR.

Strange naming choice?

Posted Aug 29, 2019 6:30 UTC (Thu) by gfernandes (subscriber, #119910) [Link]

Are you serious?
Have you looked at the Apache family is licenses? Or the permissive licenses used by Facebook and Google?

Have you taken an inventory of the libraries published under **those** _permissive_ licenses?

And then compared them with the libraries published under this license you so strongly advocate?

What data?

Posted Aug 27, 2019 15:49 UTC (Tue) by Herve5 (guest, #115399) [Link] (1 responses)

Currently? Basically all the data your wrist cardiograph is recording, for instance, like mine. Or steps. Or geoloc.
Or the graph of your friends and relations on your social network -even : here (who you did reply to, who you criticized. Who you are close to.)
This among many, no, most others.
I think this is the kind of applications the authors had in mind, more than terrible data-crunchers showing next week's weather... (but there it may apply too, indeed, as raw meteo data is indeed free...)

What data?

Posted Aug 27, 2019 16:52 UTC (Tue) by gfernandes (subscriber, #119910) [Link]

Then this license does little, if anything, to stop that. Stopping misusing of personal data is a legal, legislation challenge. Not a licensing challenge.

Strange naming choice?

Posted Aug 29, 2019 16:40 UTC (Thu) by kpfleming (subscriber, #23250) [Link]

This license was created by VanL at the request of one of his clients, who intend to use it for a distributed-ledger-style system where cryptography is part of the essential nature of the system. The expectation is that once the code is published under this license, anyone will be able to use it to create their own distributed-ledger networks, with the caveat that they must always allow users of those networks to get copies of the data they've placed into the network.