Sunday, March 6, 2011

Copyright, Open Source, Clean Rooms and Ignorance of the Law

Recently I was reminded (by being an observer to some drama) of the legal constraints that developers should know but frequently do not know – especially the new self-taught developers. I suspect that even some Computer Science graduates are ignorant here.

Monkey See, Monkey Do –Lawyers Knock!

Jack develops websites and a customer points him to a website that he wants emulated. Jack goes to the site and copy portions of the code from the site. Often the code is nothing more than a JavaScript function or a chunk of CSS. He uses these code fragments exactly as written (no renaming variables, changing line orders etc). He brings in a graphic designer that does a brilliant original design.


The site is ready, the customer is happy, Jack drops a check in his pocket.   Two months later, the customer phones Jack – he has just received a letter from a lawyer to take down the web site because it contains copyrighted material.

Jack talks the customer into leaving it up. The site provider gets a similar letter 4 weeks later and dutifully takes down the site. The customer phone Jack, angry that his site is down and the site provider refuse to restore it. Jack moves the site to another provider… and the cycle repeats – except this time the customer does not receive a polite letter but either:

  • Papers indicating he is being sued.
  • Knock on the door by the FBI (under 18 U.S.C. Section 1030 or equivalent)

Things go worst….


What is the problem? Simple – items on the internet retain copyright unless licensed or placed explicitly in the public domain. There is no “fair use” of code. The rights problem is actually made more severe with open source – because there are hundreds of contributors, there is a significant chance that one of them did a copying of someone’s code off a website. You have an right to use the open source code – but it does not indemnify you if the code violates a copyright.


The person in procession of the violation is always accountable! Someone selling bogus DVD or Viagra is not excused because he did not know it was illegal. The best that they can hope for is a deal if they drop their suppliers into the mess.

Clean Rooms

Old timers know about “clean-rooms” from the days of MSDOS. The name has been re-used. The old meaning was putting developers in isolation to develop a product and protect the firm from lawsuits; for example, because a developer reverse engineered code or behavior.


In the internet world it would mean that you can do screen shots of a site and create an equivalent NEVER NEVER looking at a single line of source (HTML, JScript, CSS). If the site has “patents” or “patent pending”, then it is even harder because of patents on things like ‘One Click’, so you cannot even do screen shots.


The problem is simple, a license, items placed explicitly into the public domain or a truly original creation is needed.


Taking your own code with you to the next firm…

If you are an employee of a firm and wrote this awesome library of routines and then leave the firm I have some bad news for you. You cannot use a single item from that library unless you get explicit written permission from your old firm. You created it; they OWN it. You can recreate the library (literally rewrite the library) and likely will improve it in the process.  Every routine etc must be revised. I usually recommend defining a NEW different naming convention, changing the preferred coding patterns and doing a complete refactor with some improvement in at least 50% of the functions.


Consultants have more code re-use freedom

Consultants arrive with libraries of code they have evolved from other projects. The use of this code is often viewed as an unrestricted licensing of the code to the customer without the acquisition of ownership. If the contract specifies “work for hire”, then the consultant should clearly mark what is new and novel in this work, and what is simply an unrestricted license.  If the consultant writes work for hire code that he like, he  is still free to refactor the code and add it to his own repository of code – after doing a clean and complete refactor – ideally with some further improvements.


If you are responsible for the management of code….

If your crew produces websites – you have an obligation of due-diligence to make sure they do not violate copyright or perform theft of code (a criminal offense). If you do not have the skills, you need to get someone with the skills to come in and:

  • Present and document that your employees have been instructed on best practices at least once a year.
  • Review some code (often this actually amount to testing the dev if they understand the code they are using or just copied it from elsewhere).
  • Make sure that you have insurance against this (I would recommend at least $1,000,000 policy)

If you do not care…

Several years ago, my wife got involved with VRML and creates a short example, 420 bytes of code, that she used on her website. She put a copyright in it.  One day when she Altavista-ed (pre-google) her name she found it on an Israeli site. We contacted a lawyer in Israel, arranged a contingency agreement and told him to go for it. Two months later we received a check. The offender opted to settle for $1200 for the 420 bytes of code instead of our lawyer going the distance for copyright infringement.


Many lawyers have spare cycles and a clean copyright lawsuit on contingency can be an easy sale…  We did it internationally with little hassle.


Is it fair? Should copyrights and patent be abolished? I have no comment of those issues – they exists and can result in significant financial pain; they are to be respected.



No comments:

Post a Comment