Skip to content
This repository has been archived by the owner on Jun 11, 2022. It is now read-only.

Add clause for service providers #24

Closed
wants to merge 1 commit into from
Closed

Add clause for service providers #24

wants to merge 1 commit into from

Conversation

y6nH
Copy link

@y6nH y6nH commented Oct 14, 2019

This relates to issue #15, and attempts to require users to require their users to be good in turn. The additional clause certainly needs legal review, and may be deemed beyond the scope of this license by the authors. But it's a starting point for discussion.

@y6nH
Add clause for service providers
7b41acd 
This relates to issue EthicalSource#15, and attempts to require users to require *their* users to be good in turn. The additional clause certainly needs legal review, and may be deemed beyond the scope of this license by the authors. But it's a starting point for discussion.
@CoralineAda
Copy link
Member

I think this is really interesting. I'd like to have the lawyer weigh in on it, so I've shared it with him. Thank you for this!

@mattsb42
Copy link

and take reasonable measures to prevent such use

This clause feels potentially problematic to me from a user privacy and usage intent perspective. Is the intent here to require proactive or merely reactive action on the part of the service provider?

Some hypotheticals:

  1. I am a service provider who provides a file storage service. Am I required to analyze the contents of every file uploaded to attempt to determine both content and intent for compliance? What if my users are using client-side encryption?
  2. I am a service provider who provides end-to-end encrypted chat services. The keys are exchanged out of band, so I cannot decrypt the messages, but users are not anonymous, so I could ban violating users (however that might be determined). Are reactive user bans sufficient to comply with this clause?
  3. I am a service provider who provides an anonymous, end-to-end encrypted, file drop service (say, intended for journalists and whistle-blowers). The keys are exchanged out of band, so I cannot decrypt the files. The users are anonymous, so I cannot ban violating users. The most I can do is delete files that are (somehow) determined to be in violation of this clause. Is that sufficient?

What is the burden of proof that a service provider can or must require in order to prove that user activity is in violation of this clause? To what authority?

If the above file drop service is being used by a whistle-blower to report illegal activity, what keeps a bad actor from reporting that activity to this service provider as a violation of this license clause? On whom is the burden of proof that both the content and the intent of the user is in violation of this clause, in order for the service provider to itself be compliant with this clause?

@y6nH
Copy link
Author

y6nH commented Oct 21, 2019

Any suggestions on how to make it more useful? I'd interpret "reasonable measures" to exclude breaking the encryption of a private message service, or manually checking every user upload. Reasonable measures (in my not-legally-trained opinion) would be having a system for abuse reporting in place, publishing clear rules about what constitutes abuse, and taking action on reports in accordance with those rules.

@CoralineAda CoralineAda mentioned this pull request Oct 26, 2019
Merged
@CoralineAda
Copy link
Member

Addressed in amended language for the proposed 1.2 version of the license here: #28

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@y6nH @CoralineAda @mattsb42