The Cryptographic Autonomy License (CAL), a revolutionary license for software and decentralized applications, was just approved as an open source license by the Open Source Initiative. The CAL is the first license specifically designed to protect end users’ rights and ownership of data and control of their cryptographic keys—and by extension their security. The CAL was developed by the people at Holo in consultation with open source lawyer Van Lindberg and is focused on enabling decentralized applications.
“People realize that today, they are not in control of their identities and user data on existing web-based platforms,” says Lindberg. “The CAL changes that. It is the first open source license that recognizes that a user’s data and identity are directly tied to how the software works.” The CAL is applicable to any application, but was commissioned by Holo in support of Holochain, Holo’s framework for writing distributed web applications.
“Breakthroughs in decentralized computing show promise for new patterns of organizing ourselves—sometimes replacing the need for certain centralising institutions. But this requires ensuring people’s autonomy over their data and cryptographic keys,” says Holochain Co-Founder, Arthur Brock.
Brock recognizes the importance of the CAL in an ever-evolving tech landscape. “With the rise of blockchain and other decentralized platforms, it’s more important than ever to ensure end-user rights to their data and control of their keys,” says Arthur Brock. “This license bans us e of our software to build an app where people think they’re in control of their data, but in fact the app developer has kept copies of seeds or private keys which would allow them to take over control.”
The CAL and Holochain are raising the bar for software development communities, and especially the crypto software community, by creating a way to protect people’s rights to their data. Some key features of the Cryptographic Autonomy License are:
- It protects the rights of end users of distributed and cloud-based apps, ensuring users ownership of their data, the ability to operate the software independently, and control of their keys
- The CAL is a strong reciprocal (“copyleft”) license that ensures any code contributions remain open and available for ongoing use
- It has a built-in mechanism for allowing exceptions for linked or co-compiled code, preserving a distinction between applications built on a licensed framework itself vs other other connected applications.
- It applies to all uses of the software, including delivering services over a network, as well as to new implementations that copy elements of the software interfaces into a new applications.
The CAL is essential to distributed application frameworks like Holochain where the architectur e ensures that users have physical control over their data, and where that ownership and control needs to be reflected in the licensing model. It will also be extremely helpful for other communities who are working different tech stacks or frameworks where they want to legally and securely ensure the rights end users have as it pertains to the control of their identity and data.
Mary Camacho, Executive Director of Holo often speaks about the ways that new legal guidelines like GDPR are demanding that businesses and institutions step up and become responsible for how we treat the privacy of personal data. “The tide has turned when it comes to the way that personal data is being viewed and protected. With this new open source license, the end-users are not only assured of their rights, but it meets many of the explicit requirements of these new regulations.” She continues, “End-users of software really want to know about this license, because when it is used, they will know they are retaining the rights they want - to control their identity and to own their own data.”
Camacho is thrilled to see months of hard work come to fruition, “Holo is proud to be involved in the process that has made this license available. We are grateful to the communities of people who have given feedback and helped to make the license evolve to meet the needs of the changing technology landscape. We appreciate especially Van Lindberg’s role in preparing the legal text and the engagement of the licensing committee at the OSI for their diligent review process.”