Translating Copyleft to Other Domains

@vanl, riffing here on the Von Neumann analogy, looking for an approach to a more holistic view of the values we want to protect:

  • Data is code. Code is data.

  • Cryptographic Autonomy is to data what Software Freedom is to code.

  • Copyleft is Software Freedom implemented in legal terms.

Therefore:

  • The implementation of Cryptographic Autonomy in legal terms is copyleft for data.

That analogy might be useful.

Copyleft Generalized

We could break copyleft down into several parts:

  1. Disclosure: giving copies of code

    • e.g. providing copies to users (GPL-style)

    • e.g. publishing in some discoverable way (RPL, Parity)

  2. Completeness: giving copies of all relevant code

    • e.g. providing Corresponding Source (GPLv3)
  3. Form: giving copies of the source in the form preferred for making changes

  4. Permission: giving permission for the source code shared

Porting Copyleft to Other Domains

As an exercise, let’s extend this rubric into a all relevant domains: Code, Data, Processing, and Network.

There are some holes here, which I’ve noted in italics.

Disclosure

Code: You must give users copies of the code you use to run the software.

Data: You must give users copies of “their” data.

Processing: You must give users information about how you are running the software and processing data, such as which jurisdiction your machines are subject to.

Network: You must give users information about how you are transmitting information.

Completeness

Code: You must give users all the code needed to run and further develop the software.

Data: You must give users copies of all data they provide, and that’s collected about their use.

Processing: You must give users information about all the machines you’re using to process. For example, if you run a P2P network node on a virtual private server, you need to provide information not just on your VPS, but on the provider.

Network: You must give users information on your ISP.

Form

Code: the preferred form for making changes

Data: the preferred form for processing with the software

Processing: I’m not sure how this translates. In a standard format AYTBD?

Network: I’m not sure how this translates. in a standard format AYTBD?

Permission

Code: You must license the code you disclose under such-and-such terms.

Data: You must license the data you disclose under such-and-such terms. For example, to waive any database rights you may have earned by collecting it.

Processing: I’m not sure how this translates.

Network: I’m not sure how this translates.

Noncompliance

There are several means by which users could deny those parts:

  1. refusal to comply

  2. use of technical measures

    • e.g. blocking the “quine” source-disclosure endpoints of an AGPL web service at the front-door proxy
  3. disabling of technical measures designed for compliance

    • e.g. removal of “quine” source-disclosure features of an AGPL web service
  4. use of cryptographic measures

    • You address this in CAL.
  5. use of legal mechanisms, such as anticircumvention laws

    • You address this in CAL.
  6. assisting others in doing so

I strongly suspect this list is incomplete. What am I missing?

The meta-level thrust of this: I think we do a disservice if we simply port copyleft to the data side of the “service as a software substitute” problem. A bill of rights approach might be useful, in listing out component “freedoms” that have to be respected for an overall free result. But we’d do better to supplement that with a more evolved, general statement of principles that apply to all the relevant domains of operator and user conduct. Some of those we’ll miss, the first time around.