ABA JOURNAL eREPORT
CODE NAME: TROUBLE
Developers Carry Bits of Programs From Job to Job, Survey Says
BY JASON KRAUSE
Computer programmers, according to a recent survey, consider using existing computer code to create new software programs an acceptable practice. That may come as a surprise to those code developers’ employers, since code borrowing could create a copyright nightmare.
Out-Law.com, a British online and print publication, surveyed the habits of more than 3,000 computer programmers. One statistic that jumped out of survey results published in June was that 75 percent of all coders use blocks of computer code they have appropriated from other software. The survey did not dig deep enough to find out whether these blocks of code were from copyrighted sources or public domain code.
Code copying is a hot topic these days. In fact, code borrowing is at the heart of the biggest lawsuit in the tech industry.
Software company SCO filed suit against IBM for $3 billion last year for allegedly putting some of SCO’s copyrighted source code into an operating system known as Linux. Linux is a tech darling because it is created as a group effort and distributed for free under what is called the General Public License. And it has recently gained attention for its use in computer servers and its possible role as a free platform for use by governments across the globe.
Though SCO is fighting the Linux crowd, the company says there is nothing inherently wrong with open source projects. "SCO still participates in open source efforts. Some open source projects are rigid in their analysis and the code is properly vetted," says Chris Sontag, SCO’s senior vice president and general manager. "However, with some, in particular with Linux, there seems to be very little oversight."
Linux supporters argue that any SCO code that may have made its way into Linux had been in the public domain before SCO bought the rights to the software in question. But even if that is the case, it only highlights the pitfalls of using other people’s source code.
Code copying is not just a problem for group efforts like Linux. It is a potential problem for any firm that develops software. "Certainly [code appropriating] is an issue in the software industry, but it’s only really come onto the radar with the SCO-Linux dispute," says Struan Robertson, a lawyer in England and editor of Out-Law.com.
Now that more companies and even some law firms have IT staffers writing computer code, more companies could be open to litigation. "The short answer is that it’s never right to copy code without permission," says Toni Tease, former chief counsel and now outside counsel for the Rocky Mountain Technology Group, a software developer in Billings, Mont. Code is copyrighted to its creators "from the moment they write it unless it’s done as work for hire. Then, their employer owns it."
There are three categories of code: copyrighted, public domain and open source. Tease says one problem is that some developers mistakenly believe open source code is free, when in fact open source licenses often impose obligations on anyone using the code."
The GPL is more restrictive than most people think, and you might forfeit some rights," she says. "We had a policy that no developer may use open source code unless general counsel approves. We’re going to look real closely, and nine out of 10 times, we will not use code like that."
Outside of a few giant companies like Microsoft, which has a compliance unit to monitor such issues, most firms do not have the manpower to check code before it goes into a product. And since source code in a software program is invisible to anyone using it, it is often impossible to know if someone has appropriated code from somewhere else. It is possible to look for telltale signs of misappropriated code, such as when two different programs have the same flaws. But usually the issue comes to light only if a disgruntled former employee tells someone about it.
Disgruntled employees are also common avenues by which code leaves one company and goes to another. To prevent programmers from taking proprietary code with them to another job, employers ought to create employment contracts and restrict access to the code, Tease says.
"We addressed the issue in employment agreements, confidentiality provisions, trade secret provisions and return of property provisions," Tease says. "Depending on the how [employees] leave, … you can terminate their access to the network. Of course, they could always have [code] on a CD in their bedrooms, so short of getting a search warrant, there’s not much you can do."
Some insurance companies now cover potential liabilities from code sharing. And a New York-based company, Black Duck Software, offers an automated review of newly developed software to identify open source and proprietary code.
But the best way to avoid liabilities is for anyone involved with software development to keep an eye on the source of the code. "It really is important to have an audit trail," Robertson says. "This is just not an issue software developers can ignore."
© The American Bar Association. All rights reserved. 09/02/2004 09:11:42 AM
Reprinted with permission.