Data is code. Code is data.
Cryptographic Autonomy is to data what Software Freedom is to code.
Copyleft is Software Freedom implemented in legal terms.
- The implementation of Cryptographic Autonomy in legal terms is copyleft for data.
That analogy might be useful.
We could break copyleft down into several parts:
Disclosure: giving copies of code
e.g. providing copies to users (GPL-style)
e.g. publishing in some discoverable way (RPL, Parity)
Completeness: giving copies of all relevant code
- e.g. providing Corresponding Source (GPLv3)
Form: giving copies of the source in the form preferred for making changes
Permission: giving permission for the source code shared
Porting Copyleft to Other Domains
As an exercise, let’s extend this rubric into a all relevant domains: Code, Data, Processing, and Network.
There are some holes here, which I’ve noted in italics.
Code: You must give users copies of the code you use to run the software.
Data: You must give users copies of “their” data.
Processing: You must give users information about how you are running the software and processing data, such as which jurisdiction your machines are subject to.
Network: You must give users information about how you are transmitting information.
Code: You must give users all the code needed to run and further develop the software.
Data: You must give users copies of all data they provide, and that’s collected about their use.
Processing: You must give users information about all the machines you’re using to process. For example, if you run a P2P network node on a virtual private server, you need to provide information not just on your VPS, but on the provider.
Network: You must give users information on your ISP.
Code: the preferred form for making changes
Data: the preferred form for processing with the software
Processing: I’m not sure how this translates. In a standard format AYTBD?
Network: I’m not sure how this translates. in a standard format AYTBD?
Code: You must license the code you disclose under such-and-such terms.
Data: You must license the data you disclose under such-and-such terms. For example, to waive any database rights you may have earned by collecting it.
Processing: I’m not sure how this translates.
Network: I’m not sure how this translates.
There are several means by which users could deny those parts:
refusal to comply
use of technical measures
- e.g. blocking the “quine” source-disclosure endpoints of an AGPL web service at the front-door proxy
disabling of technical measures designed for compliance
- e.g. removal of “quine” source-disclosure features of an AGPL web service
use of cryptographic measures
- You address this in CAL.
use of legal mechanisms, such as anticircumvention laws
- You address this in CAL.
assisting others in doing so
I strongly suspect this list is incomplete. What am I missing?