[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGPsdk is now free for non-commercial use




Bill Stewart writes:

> I'm pleased to see PGP Inc. permitting development of freeware,
> but at leased from a first reading of the license, 
> it's a _really_ restrictive definition of "freeware" - 
> not only does the software have to be free, but it can only be used 
> in extremely restrictively non-commercial activities.
> It's far more restrictive than RSAREF (though more precisely defined.)
> Here's an excerpt from the web page at
>         http://www.pgp.com/sdk/sdklicencefree.html
>         For purposes hereof, the term "non-commercial" shall mean that
>         the application 
>         (a) has been distributed or otherwise made available at no charge 
>         (direct or indirect) and 
>         (b) is not used for any commercial purpose, which includes, 
>         but is not limited to, any activity engaged for the purpose 
>         of generating revenues (directly or indirectly). 
>         For example, a commercial purpose includes the use of the 
>         application within a commercial business or facility or 
>         the use of the product to provide a service, or in support 
>         of service, for which you charge. 
>         Commercial purpose also includes use by any government agency
>         or organization. 
>         Examples of non-commercial purposes include use 
>         at home for personal correspondence, 
>         use by students for academic activities, 
>         or use by human rights organizations. 
> 
> First of all, it sounds like it can only be used by students at
> non-government-run universities, but not at Berkeley, and if
> Random MIT Student develops PGPwidget using the toolkit,
> students at U.C.Berkeley can't use it for academic use either,
> except perhaps on their PCs at home (if they live off-campus.)
> (Do any of the UK universities count as non-government-run?)

You consider use by students at U.C.Berkeley to be use by a "government
agency or organization".  I don't think that is what is meant.  They mean
something like the NSA, or Congress, or the military.

It would be better if they explicitly explained how public schools
were to be dealt with.  My guess would be that instructors and staff
members would require a license, but that students could use it for free.
Probably the best thing to do is to send email to PGP and ask them to
issue a clarification.

> But "within a commercial business or facility" is far more 
> restrictive.  
> I use a laptop for my home and work email, and carry it around.
> It sounds like I can't use PGPwidget or PGPsdk for encrypting 
> personal email at lunchtime when my laptop is at the office,
> and perhaps not from a hotel (at least if I'm there on business)?

"Within" is probably meant in the organizational sense, not in terms of
physical inclusion.  The fundamental point is whether revenue generation
is involved.  Personal email does not generate revenue (arguably reading
your personal email at work interferes with generating revenue).

> I probably can't start PGPwidget at home and leave it running
> when I carry the laptop to work.  I probably can't use PGPwidget
> when I'm reading my work email at home, though perhaps it's ok
> to use it on personal mail that someone sent to my work MSExchange,
> assuming it's not a widget that competes with a PGP product.

You can't use it to do your work.  Your company should buy a copy in
that case.  Reading your work email counts as part of doing your work.

Mostly these seem like reasonable definitions of non-commercial use.
But you have identified some gray areas that should be fleshed out.

Xcalibur