Discover Cryptographic Autonomy License

From [License-review] For Approval: Cryptographic Autonomy License (Beta 2)

Hello all,

I noted the recording of the vote on the CAL Beta 1 previously presented
here. As seen on the license-discuss list, I am now submitting CAL Beta 2
for approval. The license text is here:

Cryptographic Autonomy License v1.0-Beta 3 - Google Docs

I have reworked the CAL to remove the reasons for rejection and to address
the concerns that led into the “further discussion” items. In particular, I
worked on laying out the scope of the private right of use, clarifying when
the conditions apply, and avoiding constructions that may result in adverse
policy inferences. I also simplified the language to enhance

The most controversial aspect of the CAL remains: it requires someone who
is communicating the software (or a part of the software) to a “Recipient”
(a non-affiliated third party), to also allow that Recipient access to the
Recipient’s own user data. To show how this fits into the broader concept
of software freedom, the policy associated with this requirement is also
laid out: to allow a Recipient to fully use an independent copy of the Work
generated from the Source Code provided with the Recipient’s own User Data.

For those only following this list, I also provided a changelog on
license-discuss [1] which prompted some discussion. From that discussion,
I’ll note that Russell McOrmond is on record as believing that the CAL is
part of a class of licenses - which includes the AGPL, and the GPL as
applied) is not compliant with the OSD. Bruce Perens is on record as
believing the any requirements that an operator provide user data is a
violation of “no field of use” restriction in OSD 6. Bruce is also on
record as believing that the identification of the private right of use is
a field of use restriction.



[License-discuss] For Discussion: Cryptographic Autonomy License (CAL) Beta 2
-------------- next part --------------
An HTML attachment was scrubbed…

And ongoing discussion, [License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Based upon ongoing discussions with the license review committee, I am
withdrawing Beta 3 and substituting Beta 4 (here attached).

The primary change between Beta 3 and Beta 4 is the definition of “User

My understanding of OSI’s position is that data requirements, such as are
addressed by the CAL, are within scope of what an open source license can
reasonably address. However, there was a request by the committee to more
tightly define the definition of “User Data” so that it was more closely
tied to function and experience of using the software by a user who chooses
to self-host.

In consultation with my client, we have proposed and received positive
feedback on the following modified definition of User Data (most
significant change bolded):

“User Data” means any data that is an input to or an output from the
Work, where
the presence of the data is necessary for substantially identical use of
the Work in an equivalent context chosen by the Recipient
, and where the
Recipient has an existing ownership interest, an existing right to possess,
or where the data has been generated by, for, or has been assigned to the

There are also a few cleanups and the following minor but substantive

  • Section 7.4, There is a definition of “prevailing party” for attorney fee
    awards (" A “prevailing party” is the party that achieves, or avoids,
    compliance with this License, including through settlement.")
  • Section 5.3, Enforcing against a terminated licensee does not cause
    termination for the license-enforcing party (“Administrative review
    procedures, declaratory judgment actions, counterclaims in response to
    patent litigation, and enforcement actions against former Licensees
    terminated under this section do not cause termination due to litigation.”)

All other discussion regarding CAL Betas 2 and 3 should apply.

From the original submission:

Rationale: The CAL is a new network copyleft license especially
applicable for distributed systems. It is designed to be as protective as
possible of downstream recipients of the software, providing them all that
they need to create and use an independent copy of a licensed work without
losing functionality or data.

Distinguish: The CAL is most similar to the AGPL, and will have a similar
scope of action in most cases. However, the CAL has provisions that require
that operators provide recipients of the software with a copy of their user
data, enhancing their ability to independently use the software. The CAL
also allows the creation of mixed “Larger Works,” provides for affiliate
use, and does not specify a mechanism by which notice is given to

Legal Analysis: The CAL was drafted by legal counsel. Previous
discussions have outlined many aspects of the legal analysis.

A copy the the license in Markdown format is attached. For those who would
prefer it, a Google Docs version of the license is viewable here:
Cryptographic Autonomy License v1.0-Beta 4 - Google Docs
-------------- next part --------------
An HTML attachment was scrubbed…
-------------- next part --------------
A non-text attachment was scrubbed…
Name: Cryptographic Autonomy License v1.0-Beta
Type: application/octet-stream
Size: 16454 bytes
Desc: not available

Glancing, sounds… different.

License page