Why We Need a New Open Source License
Our developer and application communities have been asking for more clarity on our licensing models, and we are very happy to share our progress and some exciting news. Last September, we wrote about the licensing needs for truly peer-to-peer software. As part of that post, we said that it was time to develop a new type of license to protect people’s rights to their data, which we then called the “Human Commons License.” Since then, we have been working hard on Holochain, as well as this new licensing model, now called the “Cryptographic Autonomy License.”
In contrast, we are creating the Cryptographic Autonomy License because we don’t believe that any existing license is written to match the structure of fully peer-to-peer cryptographic applications, which seek to uphold the interests of the users, like the ones that can be developed using the Holochain framework.
Creating a new license must be done with care and in consultation with both experts and the community. Thus, this post is the first of a number of blog posts that will lay out why we think a new license is necessary, how we propose it be structured, and how we intend to proceed throughout implementation.
Distributed Applications are Different
Most software and licenses assume a single point of execution for each software component. Each of these software components is considered an independent “work” that carries its own license. For example, many client-server applications have servers licensed differently than clients.
Distributed applications, on the other hand, are designed to be a single “work” run across many different computers. All of the different parts of the application framework must interoperate as a unified whole in order for the distributed framework to function. Maintaining uniformity is simple for proprietary software: simply create a license that forbids any changes to the code or protocol used in the distributed application. However, we believe that the underlying framework should be free and open source. The Cryptographic Autonomy License is designed to comply with the principles of the Open Source Definition while recognizing the importance of the interfaces between different parts of the distributed system. The interfaces, APIs, and performance of those APIs are recognized and protected as part of the license.
The Cryptographic Autonomy License is not just about an application framework. It is also about how the architecture of an app maximizes the autonomy of each user that participates. In a system like Holochain, the cryptographic keys that protect individual user data and allow the execution of user processes are held respectively by each user. It is a basic principle of the Holochain framework that users should by default be empowered to control their own identity, data, and processes. This is true even if parts of the system that host the data and processes are physically located on computers that they do not control.
Applications that do not respect this principle actually work against the decentralized nature of the Holochain framework. If there is a proprietary application that controls the creation and use of the cryptographic keys that allow for the processing of application user data, then that proprietary application becomes a point of centralization in the distributed autonomous system. The proprietary application doesn’t just control the user data, it also affects the functioning of the distributed system itself. Without access and real control over those keys, you, the user, do not have the “freedom to run the program as you wish for any purpose.”
We do intend to allow proprietary applications on Holochain, but we want the framework to default to empowering and respecting the freedom of individual users overall. It is in this context that we see the need for the Cryptographic Autonomy License.
How the Cryptographic Autonomy License Will Work
The next post in this series will lay out some of the specific legal structures that underlie the Cryptographic Autonomy License. At a high level, however, a few points are key:
- The Cryptographic Autonomy License will be a strong reciprocal (“copyleft”) license so as to maintain user agency and freedom.
- Unlike other current open source licenses, the Cryptographic Autonomy License will require software that implements a compatible API or publicly performs the API to also be open source.
- The Cryptographic Autonomy License will strive to maximize compatibility. Despite the strong copyleft nature of the license, it will not require compatible software to itself be licensed under the Cryptographic Autonomy License; other open source licenses will also be acceptable.
- The Cryptographic Autonomy License will also have a built-in mechanism for allowing exceptions for linked or co-compiled code, preserving a distinction between applications built on the framework itself and connected user applications.
No other open source license has this combination of elements, so once we have publicly developed the Cryptographic Autonomy License, we will be submitting it to the Open Source Initiative for recognition as an official Open Source License.
We believe that the Cryptographic Autonomy License will be of benefit beyond the Holochain community. We believe that it will also provide an answer for developers in other communities who are creating software that is framework-native but requires strong reciprocality.
We look forward to engaging in a constructive dialogue to help make that happen.
We hope the community of Holochain projects, developers, and supporters are as excited about this news as we are about sharing it. This is a big step forward, which in concert with the accomplishments that we have been sharing recently in our Holochain Dev Pulse, ensure, in quite distinctive ways, that we are prepared for the upcoming releases of Holo.
As a reminder, the milestones and releases that will be coming out are:
Promised in February
- Holo Closed Alpha TestNet (not public, only Indiegogo Alpha/Beta backers)
Dates To Be Announced
- HoloPorts Shipped (Indiegogo in 1st batch, HoloPort store in 2nd batch)
- Holo Open Alpha TestNet
- Holo Full Feature TestNet
- Holo Beta MainNet
Again, a big thank you goes out to all our stakeholders for your continued commitment and invincible enthusiasm. We look forward to reading your thoughts and feedback regarding the Cryptographic Autonomy License in the coming weeks.
— Holo Executive Director, Mary Camacho