Although we are getting far afield from the structure of open-source
licenses, there seem to be some procedural and technical steps someone could
take to ensure that a license is perpetuated, especially for
digitally-conveyed works and licenses to those works.
There are moves afoot to establish the legal acceptability of digital
signatures and their non-repudiation qualities. I don't want to substitute
technology for common sense, but this does seem to promise a way to be clear
what (1) the licensed work is, and (2) the authenticity of the license (or
even notice). It might even provide a mechanism for "affixing" a license to
a copy of the work even though the elements are physically separated.
A. USING DIGITAL SIGNATURES TO CONVEY LICENSES
It is interesting that employing digital signatures to establish the
authenticity of open-source distributions is already on the rise.
Here is what I noticed:
1. If I provide a license statement in digital form, which is digitally
signed, a recipient can confirm whether the license has indeed been signed
according to an accompanying certificate, and whether the document is
unaltered. That establishes signature and that the license is a true copy
of the signed material. Then the "usual" mechanisms come into play with
regard to determining whether (a) the signature is authentic and can be
trusted and is indeed non-repudiatable and (b) whether I have the right to
convey such a license, signed or not. [That is, we are in the same place
that we are with conventional written instruments.]
2. I can, as part of the signed license document, provide certificate
information that is usable to confirm signatures on the digital copies of
the covered works themselves. These can be incorporated in the signed
material of (1), and be an intrinsic part of the signed material. I see
some weaknesses in this step, but no more so than with the EULA I have in
front of me pertaining to a massive amount of software that I just installed
on my development computer.
3. Various secure repository (certificate authority) mechanisms are used to
establish the provenance of a digital certificate of particular quality.
Along with this, there can be deposit mechanisms for licenses (just as there
is or at least was a way to record copyright assignments for registered
copyrights). It would be valuable to have a repository where licenses could
be recorded/deposited so that someone researching the status of a copyright
and its assignments/licenses could find them. I don't know that the U.S.
Copyright Office would be particularly happy to provide that, but who knows.
It would certainly depend on having registered the copyright, though.
4. Digital signature techniques are being used to provide more confidence
in the authenticity and provenance of digital material, permitting trust
against substitution of altered or counterfeit works that may be dangerous
to users of the work. They also provide a level of commitment by an
authentic signer that the work (including the license) is not repudiatable.
None of these provisions prevent someone from forging a work or making
fraudulent exclusive transfers. It is just harder to do it without
incriminating oneself. It also depends on due diligence on the part of
recipients of such materials.
B. EARTH TO DENNIS, EARTH TO DENNIS ...
I notice that the EULA I am looking at right now is not "signed" although I
have every reason to believe that it is authentic. The box within which the
software was packed even had an affixed "certificate of authenticity," and I
guess I should retain that with my EULA, the CD-ROMS, the CD-ROM "key," and
the proof-of-purchase. I purchased the software over the Internet. I have
registered myself as the purchaser using the on-line mechanism provided as
part of the software installation process.
I suspect that's quite enough for me and the software vendor, either one, to
establish the likelihood that I have purchased their software and that I am
a party to the accompanying EULA, which I also recall "clicking-through" as
part of the software installation process. I can't imagine what either of us
might do that would have this be in dispute. I will hold onto the materials
anyhow.
I also notice that there are a number of digital certificates included in
the software collection. Although a number of them have expired (that is a
problem with these things), I have strong reason to believe that they are
authentic.
-- Dennis
--
Dennis E. Hamilton
InfoNuovo
mailto:[EMAIL PROTECTED]
tel. +1-206-779-9430 (gsm)
fax. +1-425-793-0283
http://www.infonuovo.com
-Original Message-
From: W. Yip [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 30, 2000 04:43
To: [EMAIL PROTECTED]
Subject: Re: Wired Article on the GPL
[ ... ]
---
USC 17 205 E
(e) Priority Between Conflicting Transfer of Ownership and Nonexclusive
License. - A nonexclusive license, whether recorded or not, prevails over a
