Developer

How copyright and licensing issues affect programming work


What ever happened to the Perl vs. C# text processing shootout I promised? Well, I will tell you what happened.

Something had been bothering me for ages, but I could not put my finger on it. As I sat down to write the code, I finally remembered what it was: I am not allowed to publish benchmarks of .Net without Microsoft's expressly written permission. This is part of the Microsoft .Net Framework EULA, and it also applies to many of its other products, such as SQL Server 2005. Therefore, instead of writing about Perl vs. .Net, I will be discussing how licensing terms can affect the work of a programmer. Please note: I AM NOT A LAWYER.

In the late 90s, I worked for a small startup. One of my tasks was to research patents and copyrights. The company had a clever system (for the time) on its Web site that it wanted to protect. The Amazon "One Click Shopping" patent had already been used against Barnes & Noble, and my boss wanted to be able to do the same to our competitors if they put a similar feature on their sites. So I became fairly familiar with patent and  copyright laws. I was able to determine that we could probably not get a patent on what we were doing (it was pretty obvious how to do it), but we were implicitly and automatically granted copyright over the code and could argue in court if need be that a competitor's code was based on ours without proper payment.

The lesson I learned from this was fairly striking: Copyright is powerful. Most folks do not realize how strong it is and that you don't actually have to do anything to copyright your work. If I make a doodle on a dinner napkin, I automatically have a copyright on it, which can be enforced. Of course, proof of authorship is always helpful and publicly marking something as being copyrighted makes it clear to all those who view the work that there is a copyright on it. However, the lack of copyright markings does not grant free usage.

How does this work in the world of programming?

For starters, programmers are notorious for going to a search engine when they get stuck on a problem and then copying and pasting code into their code without the necessary modifications. Unfortunately, this is most likely illegal unless the poster of the original code expressly granted usage rights to you. In other words, by hitting the search engine and grabbing some code, you are opening your employer up to a potential lawsuit. Granted, the chances of this being noticed are probably billions to one; but if you aren't granted express usage rights, you are probably in violation of the law.

There are even more problems with doing a copy/paste of code. What happens when you copy/paste a piece of open source into your project? Well, it depends on the type of open source license it has. If it is the BSD license, you are in great shape because the BSD license is forgiving. However, the GPL is a completely different story. You have to be careful when copying/pasting, linking to (in the compilation sense and not in the URL meaning), or otherwise making use of GPL-ed code. The GPL has a sneaky way of injecting itself into projects in a way that can potentially force large amounts of a project (if not the entire thing) to be subject to it.

Microsoft is a huge contributor to the license and copyright headaches. For one thing, Microsoft is one of the largest obtainers of patents in the world, in no small part to the massive amounts of R&D it does. If you are working on a project, there is a darn good chance that Microsoft has a patent on something identical or similar, particularly in some oddball parts of computing. And Microsoft has never been afraid to flex its legal muscles (in other words, when buying out the offender would be more expensive than suing them). Microsoft also has a bad habit of slipping unusual license terms (like the no benchmark clause) in places that you would not expect. Before embarking on a project that makes use of Microsoft technologies, I recommend that you carefully inspect all relevant licenses; if you are unsure about what they mean, consult a lawyer.

Even clip art can turn around to bite you. One of my favorite Web sites, iStockphoto, has reasonable licensing terms for its images. Royalty free may be used on Web sites and marketing collateral, etc., but it's a problem if you want to: use one of the site's images in a template library that you redistribute or use an iStockphoto image at a resolution above 800x600. And so on. You have to be very careful with these types of agreements. For instance, say that your Web developer uses one of these images for your company's Web site, which is a permitted use. Then you decide that you like the photo so much, you will use it in the splash screen for your application. There could be liability if there wasn't clear communication between the person who read and signed the license and the developer using the image.

It is extremely unlikely that your project's miscellaneous and/or accidental violations of copyright and license terms will ever be noticed, unless it receives large enough mainstream usage. In addition, violations within closed source, proprietary code are difficult to find. Nevertheless, there are plenty of lawsuits in the history of IT to show that it is quite possible to have the pants sued off you too.

My general rules of thumb about copyright and licensing

I only use content in a project that I have created or that I know another employee within our company has created. I do not copy and paste code from the Web, and I do not use GPL-ed code within a project unless the project is to be released as GPL-ed code. I carefully check any content, code, images, etc. for copyright and license terms before using them; if I'm confused, I kick it over to a lawyer. If I do not see any explicit rights granted to me, I assume none. I think this is a fairly reasonable and sensible approach.

Basically, think twice before copying and pasting code you dig up on the Web into your project.

J.Ja

About

Justin James is the Lead Architect for Conigent.

15 comments
Duggeek
Duggeek

Working for a Technology Services Provider, specifically in the web-design department, I've seen first-hand how the Long Arm of Copyright Law can grab a firm in the worst way and at the worst time. Speaking as someone who was hired to specifically address the use of licensed stock-photography, I can say that it's a sticky business if you're not careful. For the part of my employer, I can't go into details, but the cost of carelessness in this area can mean potential loss in the millions, or at least in the many-thousands. Side-effects may include loss of choice; that is, which vendors you can use in the future. Though it's not apples-to-apples with coding, I think it's still parallel. Not every project is a money-maker, content may or may not be key to functionality, and sometimes, crafting from scratch is just as good. For anyone that's listening, (BTW:IANAL, either) my rule-of-thumb is this: If the project is going to make you money, you'd better see to it that everything that goes into it is paid-for. (and—in the case of GPL—that's legal to sell in the first place!) Frankly, just use some sense... does that code look rather simple? Can you see yourself doing the same thing easily? If the answer to either of those is "no", then you'd better think of how to thank the person that came up with it. (or in my case, thank the photographer for having such a good eye for composition and subject by paying them for their good work)

jbarros
jbarros

As microsoft loves its tons of patents and similar stuff, worrying about topics like this doesn't do other than increasing the use of open source software

Wayne M.
Wayne M.

For source code available in a public forum, I generally take the approach that unless it is explicitly copyrighted, then it is being provided for public use. I have generally used this approach in cases where we are programming against a new (to us) API or library and do not want to use a trial and error approach to finding the right sequence of commands. Some examples include using MS extended MAPI and setting ACLs to register COM components. I view the code in question as merely a starting point as it typically is poorly structured and contains minimal error handling, though the calling sequence operates correctly and operation can be tested immediately. I should note that the structure and error handling issues seem to be necessary byproducts for someone trying to provide a concise example of how to do something. I do take copyright seriously and will not use code that the author has expressly copyrighted. I also will not use GPL source code, though I would use GPL tools (executables only) in the development environment as appropriate. There are lots of programming problems out there that someone else has already solved. If the author freely publishes his source without an explicit copyright, do not spend time reinventing the solution. Recognize, however, the sample code is unlikely to be production quality, but it is beneficial to start with something that is functionally correct.

Mark Miller
Mark Miller

This is something I learned about only recently. I had assumed for a long time that published code in "how-to" books was free for me to use. I learned that I was wrong. It just seemed counter-intuitive to me. If someone is showing you how to do something with code, don't they intend for you to perhaps use the code? I knew about the copyright notices on these types of books, but I thought they only pertained to making wholesale copies of the books, or significant portions of them. A few years ago I copied and modified some code in a how-to book for a commercial product I was helping a friend develop. Fortunately, I guess, that product was never sold. I have on a few rare occasions used images in my blog that are taken from other sites. They've all been non-original as well. In other words the site that was using the image did not create it themselves, but was just using it. I have wondered whether what I did was kosher or not. I make an effort to attribute them properly, at least, and if I was ever notified of a violation I would make a point of taking it off of there.

Justin James
Justin James

Is this something you think about when writing code? If so, what do you do to ensure that you stay within the law? J.Ja

apotheon
apotheon

There's nothing illegal about selling software that contains GPLed code. What's illegal is doing so without offering the source code along with it, or offering it under a license other than the GPL. In some cases, of course, this could actually be worse than simply being illegal to sell.

Justin James
Justin James

Wayne - You are absolutely right when you say that sample code is often not of production quality! And as you point out, the things that would improve it would make it bad sample code. That is one thing I always liked about the Perl documentation, it showed good style including error handling, and many of the examples *were* copy/paste quality. I also agree that sample code is a great way to learn the general nature of a solution, and then adapt it to your needs. I have rarely found that a copy/paste of code would help me very much anyways. J.Ja

apotheon
apotheon

That's one reason I tend to use open source licenses: it keeps me honest in practice as well as by intent. Of course, it's easier to make that sort of decision when one doesn't have a daycoder job.

rclark
rclark

I find that other peoples standards of programming are mostly junk, even if they are better than mine. I do look at new features on the web. I also use google extensively to find methods of using both language and api calls. But by the time my program hits the users machine, no one would say it was copied. Mostly I'm looking for the verb and the parameters for usage. Their code doesn't survive the translation, so I'm pretty sure I've not violated any rules. As for legal copyright, if I use code that has a copy right, I don't paste the users code, I interpret and then recode.

royhayward
royhayward

It is rare that the code I find on my google search is exactly what I need. I search to find out how others have solved the problem I have and then copy the approach. I may copy and past their code to dissect it, but by the time it gets to my code, it is mine. It looks like the rest of the code and has consistent coding standards applied.

Justin James
Justin James

One thing that has always bothered me about the GPL is that it is insanely complex and difficult to understand. You need a lawyer to make sense of it. Even lawyers argue about what it means. It is so complex, the license itself has an FAQ. For something that many of its proponents says helps to give "power to the people", the fact that it can be such a minefield to navigate makes it difficult for "the people" to really leverage it and stay within the legal boundaries of it. At least Microsoft's licenses are pretty cut and dried. Restrictive, sure. But the restrictions are easy to understand and clearly stated. J.Ja

Justin James
Justin James

Yes, that is one of the unfortunate consequences of a day job, my flexibility is quite limited. I personally really like the BSD license. If I were to do something at home that I had no intention of trying to monetize, I would release it under the BSD license. However, every employer I have worked for had me writing code with the express intention of monetizing the code itself. So closed, proprietary licenses it is. Few coders get to pick their license, and most of them get paid to work on closed source systems. It makes the understanding of these things fairly important. Putting your employer in legal risk out of personal ignorance of the law or a personal disregard for the law is just unprofessional. :( J.Ja

Justin James
Justin James

I am in total agreement on the FSF and GPL. It is really hard to *not* call GPL a "virus". It really, really is. I avoid calling it that just out of respect for the folks out there who work on GPL code. The GNU stuff is generally of a very high quality and their software has made a big impact on the world. But their political agenda is something that I personally disagree with, and it bothers me that the GPL is just as "embrace and extend" as Microsoft is. They lure you in with their systems, and WHAM! you are tied to the GPL. Their behavior is often not much different from Microsoft's either, as your examples make clear. J.Ja

apotheon
apotheon

I know what you mean. For my own tastes, the Microsoft licenses are a little more complex than they should be -- but only a little. They are, as you pointed out, significantly simpler and easier to understand than the GPL and LGPL. Part of the problem with the GPL is that the complexity is necessary to achieve the practical goals of the license. Specifically, it is geared toward expanding its own influence, absorbing more software all the time into the world of required source code distribution. With the release of GPLv3, it has expanded its sphere even further, entering the realm of hardware specifications as well as source code. The one thing all the GPL's terms -- and all of the FSF's policies -- have in common is an almost combative opposition to corporate ownership of software. While I'm not opposed to that aim, I do find the single-mindedness of the efforts behind the GPL dismaying, especially in the externalities imposed on those who have no interest in furthering principles of corporate software ownership. Reading about the legal threats sent to small Linux distribution projects like MEPIS, Kororaa, and others didn't surprise me -- but it [b]was[/b] disappointing.

apotheon
apotheon

Even working for myself (or, put another way, working for someone new all the time -- but on my own terms, for the most part), I have to meet the clients' demands or go find a different client. As a result, I end up working with closed source proprietary systems as well. I do get to choose my own license terms for what I do more often than most people, however -- so in that respect I guess I'm one of the lucky ones. . . . and, as you say, exposing an employer (or client) to legal risk is unprofessional. In fact, I view it as simply [b]unacceptable[/b], and go to great lengths to avoid that sort of problem. I think my exposure to, and experience with, open source systems and their license terms has greatly improved my awareness of licensing in general, and thus provided me with some valuable perspective when dealing with closed systems. I'm sure my previous employment by the Wikimedia Foundation also contributed to that increased licensing awareness, of course.

Editor's Picks