Subject: Re: Q: Can you build an authentication system on OS?
From: "Tim O'Reilly" <>
Date: Mon, 09 Jul 2001 16:28:14 -0700

Shiraz Kanga wrote:
> Tim:

> opinion on my previous suggestion of having a license
> that regulates how data is used in addition to all the
> ones we have that only regulate code.

It's certainly something to consider.  

There are several issues here:

* Privacy, and the right of individuals to own their own data.
is a good place to watch for information on these threats.  (And Simson
Garfinkel's book Database Nation gives a rather chilling overview of the
various negative possibilities.)  Dave Farber, one of the EFF founders,
is fond of quoting Benjamin Franklin on this one:  "They that can give
up essential liberty to obtain a little temporary safety deserve neither
liberty nor safety."  Substitute convenience for users of Passport, or
various "Fastrak" type bridge and freeway toll payment mechanisms, and
you have a good sense of the slippery slope we're on.  Larry Lessig's
books (Code and other Laws of Cyberspace, and especially the new one
that will be out in the next couple of months) are also really good on
this topic.  We think of the internet as an architecture of freedom, but
in fact it's becoming an architecture that will support an unprecedented
amount of control.  EBook security mechanisms could eventually regulate
what we read, not just what we buy.  GPS is already being used to
regulate how fast we drive, not just to tell us where we are.  Etc. 
What we tell others about ourselves, and who owns it, is one of the
great battlegrounds of the next few decades.  But I don't think it's
going to be solved by a license.  It's going to take an awake and
alarmed citizenry that resists the slippery slope, and makes other
choices about what technologies to adopt.

* The rights of the creators of volunteer databases.  IMDB is a good
example.  A lot of people contributed, only to find their work "taken
private" -- and there was no license to prevent it.  Here we really do
need some kind of "open data" license, in which work that is contributed
is required to be kept freely available.  There's a slippery slope in
copyright law where the rights of compilers increasingly have been given
primacy over the rights of providers of the underlying data.  An open
data license would be a good idea.

In many cases, the licenses are in fact going the other way, with a
"click wrap" license that effectively says "If you post here, we own
it."  Of course, there was a recent pushback when MS had a very broad
"we own it" license on MSN messenger (I think it was), so the public is
becoming increasingly wary of power grabs in this direction by

But we don't yet have a widely used "the public owns this" kind of
license.  We do need one.  Perhaps Bob Young (of Red Hat fame, and now
putting most of his energy into the Center for the Public Domain) could
be encouraged to take up this challenge.

Tim O'Reilly @ O'Reilly & Associates, Inc.
101 Morris Street, Sebastopol, CA 95472
+1 707-829-0515, FAX +1 707-829-0104,