Tech & Work

Legal considerations when using free software in IT consulting projects

Don't let your use of free software in an IT consulting project wind up costing your client money and possibly legal headaches.

 When you need to solve a consulting problem that stretches the limits of your expertise, do you lie awake each night for weeks trying to invent an algorithm? Well, maybe you do — but if you're smart, you google it. Chances are, you'll find that this problem has been solved before, and the answer is just a few clicks away. If you're lucky, you'll be able to download it, pop it into your client's project, compile it, and you're done.

Not so fast, cowboy. If you're billing for the project, and especially if it is destined to become commercial software, you'd better check the license on that code snippet before you include it, or you could be creating a legal Frankenstein's monster. Your project, or part of it, may legally become a derivative work of the material you grabbed. Much of what is available as "free software" on the Web carries legal requirements for derivative works or for even usage of an unmodified work.

Free software licenses

Copyleft licenses Copyleft refers to licenses that allow derivative works but seek to promote in the derivative all rights that any user has to the original work. In strong copyleft, you can incorporate the code into your project, but yours has to be licensed under compatible terms. Your software becomes copyleft as well — everyone must have the same access to your product's source code as they have to the original that you copied. These requirements also apply to projects that rely on the original, even if they don't modify it (exclusions apply for dynamic linking), and you must republish the original code. These licenses are often called "viral" because they infect all further usage and distribution.

The most popular strong copyleft license is the GNU General Public License (GPL). Many, many free software projects are licensed under the GPL, but you can't include the projects in your client's software if your client doesn't want to publish their source code.

Slightly less restrictive copyleft licenses (called weak copyleft) only apply these restrictions to modifications to the borrowed work, but not to code that relies on the original without modifications — and may also relax the requirement to redistribute source code. The GNU Lesser General Public License (LGPL) and the Mozilla Public License are examples of weak copyleft.

Creative Commons licenses come in a wide variety of options, so you'll need to inspect the details of each license. If a license includes the ShareAlike condition, then it is considered copyleft because derivative works, if allowed, must be licensed under identical terms. Some variants exclude commercial use entirely or specify that derivative works are not allowed.

When researching Elance, I found it interesting to discover that the contract that Elance provides between clients and providers specifically excludes the GPL and the LGPL from any background technology included in the engagement. California, which officially welcomed open source usage as a cost-cutting measure, states in Item 9 of its definition of Open Source Software that is acceptable for state projects "License must not contaminate other software."

Copyfree licenses A number of software licenses do not impose such restrictions on reuse, as long as certain easy conditions are met (usually attribution). These licenses are called copyfree, because you are free to copy the material and use it as you see fit. The author retains copyright and expects to receive credit for the original work, but not much else. Unlike with copyleft licenses, derivative works are not required to be licensed under the same or compatible terms, though the original material retains its original license. Some of the more popular copyfree licenses include the BSD, the Apache, and the MIT/X11 licenses. For my published works, I prefer the Open Works License (OWL) for its simplicity and broad applicability. Public domain If software has been released into the public domain, then the author retains no rights to it, and you are free to reuse it or derive works from it. One Creative Commons license, CC0, mimics the public domain. It explicitly relinquishes copyright protections even when they are automatic (as in the United States).

Your client's copyright and license

No matter how software is or isn't licensed, though, if it wasn't created by someone who yielded copyright to you or your client, then your client may not be able to exercise copyright over it or enforce their own license. If your client is a proprietary software vendor, that may be enough of an objection to prevent you from reusing copyfree or even public domain software in their projects.

What constitutes reuse?

Copying source code in whole or in part falls under the term reuse; modifying source code makes it a derivative work. But it can still be confusing to know how different it has to be to be considered original. For instance, if within a copyleft-licensed source you observe a clever optimization for a widely understood algorithm, are you free to adapt the principle behind that optimization to your own implementation? In general, I think the answer is yes, as long as you don't just copy and tweak it — copyright protects the expression of ideas, not the ideas themselves — but that may be a case for the lawyers to approve, and I'm not a lawyer.

Poll, acknowledgement, and legal disclaimer

Justin James recently posted a poll on this subject in TechRepublic's Programming and Development blog. If you haven't already, go vote.

Many thanks to Chad Perrin for his review and suggestions on this article.

Disclaimer: I am not a lawyer, nor have I ever played one on TV. If you're uncertain about how to protect your code, be sure to talk to a lawyer.

Have you used open source code in solutions that you provide to clients? Were the legal implications discussed at all? Based on what you've read here, do you think you need to review past usage of open source software in your clients' projects?

Get weekly consulting tips in your inbox TechRepublic's IT Consultant newsletter, delivered each Monday, offers tips on how to attract customers, build your business, and increase your technical skills in order to get the job done. Automatically sign up today!

About Chip Camden

Chip Camden has been programming since 1978, and he's still not done. An independent consultant since 1991, Chip specializes in software development tools, languages, and migration to new technology. Besides writing for TechRepublic's IT Consultant b...

Editor's Picks