Bill Stewart writes:

I'm pleased to see PGP Inc. permitting development of freeware, but at leased from a first reading of the license, it's a _really_ restrictive definition of "freeware" - not only does the software have to be free, but it can only be used in extremely restrictively non-commercial activities. It's far more restrictive than RSAREF (though more precisely defined.) Here's an excerpt from the web page at http://www.pgp.com/sdk/sdklicencefree.html For purposes hereof, the term "non-commercial" shall mean that the application (a) has been distributed or otherwise made available at no charge (direct or indirect) and (b) is not used for any commercial purpose, which includes, but is not limited to, any activity engaged for the purpose of generating revenues (directly or indirectly). For example, a commercial purpose includes the use of the application within a commercial business or facility or the use of the product to provide a service, or in support of service, for which you charge. Commercial purpose also includes use by any government agency or organization. Examples of non-commercial purposes include use at home for personal correspondence, use by students for academic activities, or use by human rights organizations.

First of all, it sounds like it can only be used by students at non-government-run universities, but not at Berkeley, and if Random MIT Student develops PGPwidget using the toolkit, students at U.C.Berkeley can't use it for academic use either, except perhaps on their PCs at home (if they live off-campus.) (Do any of the UK universities count as non-government-run?)

You consider use by students at U.C.Berkeley to be use by a "government agency or organization". I don't think that is what is meant. They mean something like the NSA, or Congress, or the military. It would be better if they explicitly explained how public schools were to be dealt with. My guess would be that instructors and staff members would require a license, but that students could use it for free. Probably the best thing to do is to send email to PGP and ask them to issue a clarification.

But "within a commercial business or facility" is far more restrictive. I use a laptop for my home and work email, and carry it around. It sounds like I can't use PGPwidget or PGPsdk for encrypting personal email at lunchtime when my laptop is at the office, and perhaps not from a hotel (at least if I'm there on business)?

"Within" is probably meant in the organizational sense, not in terms of physical inclusion. The fundamental point is whether revenue generation is involved. Personal email does not generate revenue (arguably reading your personal email at work interferes with generating revenue).

I probably can't start PGPwidget at home and leave it running when I carry the laptop to work. I probably can't use PGPwidget when I'm reading my work email at home, though perhaps it's ok to use it on personal mail that someone sent to my work MSExchange, assuming it's not a widget that competes with a PGP product.

You can't use it to do your work. Your company should buy a copy in that case. Reading your work email counts as part of doing your work. Mostly these seem like reasonable definitions of non-commercial use. But you have identified some gray areas that should be fleshed out. Xcalibur