Project Management

Legal liabilities that programmers need to consider

In our current business environment, lawsuits are all too common. Be aware of four areas that could pose litigation risks for programmers.

As a developer, lawsuits may seem like something you don't need to worry about; unfortunately, that is not a safe bet. There are plenty of things that programmers can do that put their employers, and possibly even themselves, at risk of litigation. Four potential lawsuit areas to be aware of are: breach of contract, patent violations, copyright problems, and data storage woes. (Please keep in mind that I am not a lawyer.)

Breach of contract

There are many ways a developer could get into contractual issues; projects done by a consultancy that get behind schedule or under deliver are a good example. If you are a service provider with a service level agreement (SLA), missing that SLA too often can put you in legal hot water; many SLA contracts even define explicit penalties, such as refunds of money or allowing the customer to walk with no early termination fees. Whenever you engage in work with a contract involved, make sure that you and your team have a firm understanding of the contract's details and how you need to work to comply with the contracts.

Patent violations

Something that we are seeing more and more is the use of patents as a business version of a nuclear missile. Regardless of your opinions on current patent law, you cannot ignore the reality that it is very easy to inadvertently find yourself in a position to be sued for patent violation. We've been seeing a surge in these lawsuits over the last 10 years, starting with the SCO lawsuits around UNIX. Today, fear of patent litigation has been causing all sorts of trouble in the industry, such as the delays around the <video> tag in HTML5.

Navigating the patent waters can be tricky. One constant is that most companies that are not patent aggregators tend to only enforce patents against competitors (like when Amazon.com hammered Barnes & Noble over "one-click shopping"). If you are doing something that seems to be unique in your space, you should check for existing patents first and possibly contact a patent attorney. If you are trying to implement a well-established algorithm, there may be deep patent coverage already; for example, it is essentially impossible to write video codecs without tripping over dozens of patents.

Copyright problems

Like patents, we're seeing developers get into hot water with copyrights. While open source software has been a great boon for businesses, programmers who do not properly understand the licenses (such as the popular GPL) are finding themselves in hot water. Not too long ago, for example, Microsoft was forced to open source a piece of code after a contractor included GPL'ed code in it. To avoid these issues, make sure that you understand the licensing and copyright of anything that ends up in your application, including graphics and code copied from the Web. Remember, just because someone posted it to the Internet does not mean that it is public domain. In fact, it could be code from a GPL project, and including it in your application would put your whole app under GPL too.

Data storage woes

If you are writing a SaaS application, you need to keep in mind that you are taking partial responsibility for that data. If the application gets damaged, lost, or falls into the wrong hands, the rightful owner may come after you. If your customers are putting data in your system that should not be there, you can find yourself on the receiving end of a call from lawyers or even law enforcement officials. Your terms of service should provide you with the legal cover you require, but all the same, this is a problem that can arise.

You will also want to be very circumspect with your program to make sure that no account can access another account's data. You should use encryption for any sensitive data at rest, and SSL for transmission of any data that is important. Also, you need to get familiar with the relevant laws relating to subpoenas and such, so if you are ever asked to provide user data, you know your legal obligations.

J.Ja

About

Justin James is the Lead Architect for Conigent.

27 comments
mr_bandit
mr_bandit

I was relaying what the patent attorney (Bruce M. Winchell; see below) said, not my opinions. 1. uspto.gov should be used. The google patent search results are sold. It is pretty obvious what someone is searching for, and their intent, if you take the context of the search and can then start filing patents around that intent. Note this can also be used as a method of indirection by someone clever enough. Also, it is not always obvious what the intent of the searcher is, but many things can be inferred. A large company has plenty of folks that can look at a series of searches and determine the intent, see what the goal is, and come up with enough of an invention, with claims, to file a patent very quickly. First To File makes this process very attractive for large companies. 2. Ease of invalidating a patent. This attorney is an old-style (ie 55..60 yo) junk-yard lawyer with very deep pockets behind him. If a patent threatens Lockheed Martin, and it looks like it is based on prior art or otherwise invalid, this guy wants to go for the throat. I am sure they (LM) uses some sort of cost/benefit analysis to determine if they want to fight or license the patent. I brought up the XOR patent, and how everybody just licensed it. You could see his blood pressure rise - he said LM would have fought it. You can interpret that anyway you wish - I believe he would have done it for the pleasure of hearing the lamentations of the women and the crunch of the children's bones under his feet. 3. cost of litigating a patent. If my memory serves, he stated that to take a patent to the court of appeals is roughly $4.5 million. It is a *potfull* of money. Again, if my poor memory serves, the *several* $100K (ie could easily be $500k) was referring to fighting a *very obvious* case of prior art. However, this is *my* recollection, and I did not keep a complete set of notes on everything said. Please note the above is a report of what he (Bruce M. Winchell) said, with my opinion of how serious he is on these topics. He presents the same seminar every month at TVC (Technology Venture Corp, of Lockheed Martin, Albuquerque. It is free, and anyone may attend. (I do not work for these folks, nor have I received any money from them.) You have his name, and bio is below. His cases should be a matter of public record (or at least public to other attorneys). Personally, I would want this guy on my side. TVC is a subsidiary of LM, and connects inventors with VC money. One of the services they provide is legal, including patent help and litigation. Mr. Winchell is one of those attorneys. http://techventures.org/events/calendar-of-events/ Writing Your Own Patent Application Workshop, New Mexico September 28, 2011, 8:30AM-12:30PM October 26, 2011, 8:30AM-12:30PM (etc) Writing Your Own Patent Application Workshop Where: McCorkle Room in the TVC Albuquerque Offices 1155 University Blvd SE Albuquerque, NM 87106 When: The fourth Wednesday of each month in 2011 (With the exception of December 21st) Time: 8:30 AM - 12:30 PM Cost: This seminar is FREE!!!!! The Instructor will be Bruce M. Winchell, a Registered Patent Attorney in the U.S., Registered Patent Agent in Canada, and Certified Licensing Professional with more than 30 years of experience. Bruce is a Sandia National Laboratories Senior Attorney assigned to TVC under the Sandia National Laboratories contract. The seminar will include: 1. A review of the Patent Laws and most recent case law related to writing patent applications that will stand up in court. 2. A review of the latest Patent Office Rules and mechanics of actually writing the application to maximize the probability of being issued as patents. 3. Claim drafting to maximize the scope while providing best ability to survive legal tests in the courts. For those who are actively working on (or only thinking about) patenting an invention, this workshop will be invaluable. This seminar is FREE!!!!! Space is limited so please register soon. Please RSVP by e-mail to Margaret Speer at margaret.speer@lmco.com Sponsored by: Technology Ventures Corporation

herlizness
herlizness

> Any of the search tools -- at whatever cost -- are "useful" only to the extent that the person reading the patents has the skill to interpret the claims. Lay people almost never do. That's just the way it is. > Successful lawyers have records that speak for themselves > I don't agree ... but can speak to that if he wishes

bornbyforce
bornbyforce

Been in this industry for ages and still I see there are lots of things I don't know. Thanks Justin

mr_bandit
mr_bandit

I just attended a morning seminar by a Lockheed-Martin patent lawyer. The patent reform act is close to being signed, and will go into effect 18 months after. The law changes "First to Invent" to "First to File". SW and Biz patents will still be allowed. Here is a real kicker: The *only* way to search for a patent and *protect* yourself is uspto.gov. *If* you use google.com/patent, *ALL* searches are recorded and *sold*. This means large companies will buy up the search results and start filing a patent within a day or so. This will reveal your idea area and big companies will make preventive filings. This is straight from the patent lawyer - and he is a very experienced one. He was *very* specific about this. (He also boasted about the number of companies he had driven into bankruptcy because he won and the loser had to pay all legal and court fees. To me, this is a sign of a good junkyard dog lawyer - the only kind you want on *your side, not the other guy's.) As far as the liability from doing a search to protect you from "violating" a SW patent - he claims I am mistaken, and I may well be. Keep in mind he *is* a lawyer for a *huge* company - his attitude was "it's easy to invalidate a bad patent for prior art" - several $100K later - no big deal. Sigh.

apotheon
apotheon

In general, licensed works (such as source code you might want to use) must carry the license forward in redistributions and derived works to be compliant with the license. In addition to that, they must also conform to other clauses within those licenses. The GPL is "dangerous" to businesses that deal in proprietary or closed source software for two reasons: 1. The GPL requires you to release any derived works under the terms of the GPL. That includes cases where you just use some GPLed code in your own work, as well as cases where GPLed files as complete works are somehow inextricably attached to a work you distribute. 2. The GPL requires you to provide source code to recipients, with some pretty draconian terms for that provision of source code. For instance, you are not allowed to charge separately for the source code per se (though you could charge shipping, handling, and packaging fees), and you must maintain sources of the same version as the binary you distributed, to distribute them to any recipients on demand for a period of several years after distribution of the original binaries (unless the sources were delivered at the same time as the binaries in every case). This is because the GPL is a strongly copyleft license. By contrast, the terms of copyfree licenses are much more permissive and, in general terms, pretty much mimic the status of the public domain with one major exception: the license must be carried forward with redistributions and modifications. Because copyfree licenses are not copyleft, however, the license does not apply to derived works, which means covered works can be incorporated into larger works without the larger work as a whole being necessarily subject to the terms of the license. Even if it was, however, you would still be able to keep sources closed if you wanted to, because copyfree licenses do not require distribution of source as a condition of distribution of binaries, and you can still employ external contractual agreements as a means of limiting how recipients deal in what you give them. In general, it is in one's best interests to develop software under an open source model, which is the strongest motivation for distributing sources. Copyleft software, which attempts to force people to distribute sources through legal pressure, ignores that fact -- and, in the result, create a pool of works using incompatible licenses, eliminating some of the benefits of open source software by ensuring that projects distributed under different copyleft licenses often cannot be used together. As a software developer myself, I find that the safest way to write software is to use copyfree licenses for everything I write (I prefer the Open Works License, which also applies nicely to non-software works) when circumstances permit, and to only use copyfree code in my own works when I borrow from elsewhere. This policy actually helps in more ways than you might realize. For instance, clients tend to feel like I'm being generous when I give them code under a copyfree license rather than debating delivery terms with them, even though the end result is that I get to keep the copyright. There is a list of Certified Copyfree Licenses, as well as a list of licenses rejected for copyfree certification. These lists grow over time as more licenses are submitted for certification according to the Copyfree Standard Definition, and it is by no means comprehensive as of this writing. When selecting licenses from outside the list of certified licenses, it is in your best interests to either have a lawyer provide guidance or select a license that is relatively short and simple with terms that read like plain English (or Japanese or whatever other languages there are in which you are fluent enough to be sure you will not misunderstand them). Anything too long and complex, such as the GPL, should be avoided if at all reasonable to do so. . . . and don't get me started on the Affero GPL. That thing's evil.

my.dvlpr7
my.dvlpr7

Where is the place to find lists of patents and copyrights?

lobl
lobl

When it comes to contract signing, I've lost count of how many times I've heard "It's just a boilerplate. No need to read it." from recruiters and fellow contractors. Not aware of what you're agreeing to? Haven't made sure you can meet the terms of the agreement as written? Not identifying potential issues and negotiating amendments to avert them? Hello!?

lobl
lobl

You omitted Errors and Omissions liability!

mr_bandit
mr_bandit

As I understand the law (and IANAL), if you research to see if you are violating a patent, you are much more liable if you end up violating a patent (even if your research does not find one), than if you ignore the research phase completely. We, as an industry, need to pay attention to patent reform. There is a good chance Congress will just make things worse than they are already.

apotheon
apotheon

re: case law There's a difference between presuming valid, then checking for challenges to validity, on one hand -- and presuming valid, then granting it without bothering to check on it at all, on the other. re: "fake up" an invention There's a difference between trying to defraud the USPTO (which is an abuse of the term "fraud" in a legal context) and making up an asinine "invention" that does nothing innovative but will still get you a patent (like the one-click ordering patent). re: "So does everyone else" Not my point. Go back, read again, pretend to be trying to have a discussion. re: "'useful' only to the extent that the person reading the patents has the skill to interpret the claims" This does nothing to challenge, dispute, or refute anything I said. re: "I'm actually not sure it's worthwhile to 'make do with [what] they have available to them.' If you can't play the game competently perhaps you shouldn't be playing it all." That basically means "I'm not sure it's worthwhile to invent anything." Your compassion for the lone inventor is touching. "Coca Cola never got a patent on the formula for its well-known and oft-imbibed soft drink and as a result they have been able to keep it secret and exclusive for a lot longer time than patent protection would have afforded." It's pretty easy to keep a secret when nobody gives a damn. The "secret" is just a marketing ploy. It doesn't provide an actual competitive advantage in terms of product quality. re: "I have no idea what was or is in the mind of the lawyer who made the remark." You should, however, be able to see that was the likely intent of mr_bandit's statement, rather than declaring his statement stupid by way of your refusal to take it in the spirit in which it was offered. re: the cheaper alternative . . . if they're willing to sell or license it. re: "My point remains: invalidating a patent is neither easy nor certain." My point remains: "easy" is a matter of perspective. re: "Successful lawyers have records that speak for themselves" True, but that doesn't mean they can't also be boastful, arrogant jackasses. In fact, they often are. re: talking about different things I was actually trying to be nice, taking the tacit assumption that you were just misunderstanding what mr_bandit said rather than being a willful, malevolent prick about it.

herlizness
herlizness

I'm afraid I don't quite understand this business of large companies "buying up" patent search results and "filing a patent within a day or so." What exactly are they filing? They need to have an invention in order to file and prosecute a patent. In the normal course, you don't do a patent search until you've actually invented something and self-help Googling is not the preferred method of proceeeding. If what this guy says is somehow true it sounds like a great opportunity to get a competitor to spin their wheels every day of the week with fraudulent filings in the PTO. As for it being "easy to invalidate a bad patent for prior art," that's complete nonsense. All issued patents are presumed to be valid and virtually all patent litigation is very long and very expensive. Bad patents are upheld all the time. Remember one thing when dealing with or listening to boastful lawyers: most of them are full of crap.

apotheon
apotheon

While the USPTO maintains a list of copyrights, it is far from exhaustive. In fact, every time someone writes something of nontrivial length it is subject to copyright in most industrialized nations. For instance, this very comment right here is subject to copyright the moment I finish writing it and commit it to durable form. The relatively rare cases where copyrighted works are registered with the USPTO are cases where the registrant expects to need the additional "protection" of official registration in court proceedings at some point. You can get a list of US patents from the USPTO if you really want to, but trying to find a list of copyrights that is anywhere near comprehensive is an exercise in futility. It's a little bit like asking for a list of people who own bicycles.

Justin James
Justin James

US Patent Office, US Copyright Office J.Ja

Justin James
Justin James

People just sign anything without reading it, which I've never understood. J.Ja

herlizness
herlizness

the amount of damages may be increased for infringment if the infringement is "willful." Knowledge of the patent is a necessary but not sufficient condition for establishing willful infringement. So, merely doing some research is not likely to result in enhanced damages.

David A. Pimentel
David A. Pimentel

It is inevitable that Congress will screw-up anything it "reforms."

xmetal
xmetal

Regarding "faking up" and "invalidating", for two excellent examples in one search USPTO for the "swinging on a swing" patent. a. The USPTO let it through in the first place. b. It sat there for several years. c. The filer eventually notified the USPTO of its absurdity and had it invalidated himself. edit: Patent # 6,368,227

herlizness
herlizness

Invalidating a patent is a long, tedious and expensive process, period. It is not "easy" and it's not "a matter of perspective." Don't take my word for it; ask 10, 20, 30 other lawyers who've ever litigated a patent case. It's actually difficult to maintain trade secret status. But the point holds: there are alternatives to patent. Your comments on Coca Cola demonstrate nothing less than an extraordinary misunderstanding of one of the most successful commercial products in the history of civilization.

apotheon
apotheon

> I'm afraid I don't quite understand this business of large companies "buying up" patent search results and "filing a patent within a day or so." What exactly are they filing? They need to have an invention in order to file and prosecute a patent. It's easy (from the point of view of a Fortune 500 company, generally speaking) to fake up an invention in the current patent filing climate, where the USPTO's response to being overworked is to do very slipshod vetting of patent filings before approving them. It doesn't help that case law has basically established the notion that the default response to a patent filing should be to accept the filing. > In the normal course, you don't do a patent search until you've actually invented something and self-help Googling is not the preferred method of proceeeding. Google has access to patent records, thanks to the public access nature of those records. If you find its search facilities superior to other facilities you can actually afford to use, I'm sure it would be a useful tool. Anyway, people who do not maintain massive stables of patent and copyright lawyers like IBM's have to make do with what knowledge and tools they have available to them. The patent system essentially exists to crush "the little guy", these days, when "the little guy" has to use inferior tools. > As for it being "easy to invalidate a bad patent for prior art," that's complete nonsense. The context of mr_bandit's commentary seemed to suggest to me that the lawyer is of the opinion that it's "easy" to invalidate a bad patent from the point of view of an organization that thinks nothing of blowing $100K on the process -- which is probably overstating the expense in the case of nuking the ability of very small, independent start-ups to stay in business. > Remember one thing when dealing with or listening to boastful lawyers: most of them are full of crap. True. On the other hand, there's usually some kernel of truth in the boasts of successful boastful lawyers. I think you and mr_bandit are essentially talking about different things here.

herlizness
herlizness

The copyright office maintains a database of registered copyrights, not the patent office ... and it is complete for registered copyrights. The "additional protection" you refer to is the statutory right to obtain money damages in court, which is not available to non-registrants. Registration is anything but rare (but yes, it would be rare for a blog post or discussion list comment). The PTO's patent database IS comprehensive from 1790 forward; that said, a "list of patents" is really not going to be of any particular use to those not skilled in the art of reading and interpreting them.

apotheon
apotheon

Saying something doesn't make it so, even if your name is herlizness.

herlizness
herlizness

Apotheon: The difference between my comments and yours is that I provide verifiable citations to the law and draw on my experience as a lawyer while you bloviate in vague and unverifiable terms from the perspective of an opinionated and irascible child who didn't get a trophy merely for showing up. Please, either make your case or STFU.

apotheon
apotheon

1. Your explanations do not match with what I have seen actually occur in cases that have gone to court. 2. Your abrasive manner is unlikely to "clarify" anything for anyone. edit: more detail . . . I haven't refused anything. You didn't ask. You, on the other hand, have (knowingly, it is reasonable to assume) omitted exception text in your reference to Section 411, and misrepresented Section 504 as though it proves something that it does not directly address.

herlizness
herlizness

Look, I know you're not a lawyer but if you want to talk about legal matters you could take the time to read at least some of the relevant law. On registration and money damages, see Title 17, Section 411 ("no civil action for infringement of the copyright in any United States work shall be instituted until preregistration or registration of the copyright claim") On actual and statutory damages, see Title 17, Section 504 (it's not really all that complicated as a basic concept) (but one you have either failed to grasp or refuse to expound upon for reasons known only to you) As for "honest discussions," I don't think we've ever come close here to have anything which might fairly be called a discussion. Thus far, my only intent has been to provide some clarification from the perspective of one with actual experience practicing law in these areas. And that's what I've done; if you prefer your own personalized version of the law, fine. But do your colleagues here a service and stop presenting misinformation.

apotheon
apotheon

> If you don't register a copyright, you cannot get ANY form of monetary damages in a court of law False. > But, if you think that distinction is important, why don't you simply explain it? It's a deeply involved explanation for those with little or no understanding of the subject. > Despite your protest, saying that copyright registration is either "rare" or "relatively rare" is fundamentally misleading. False. > represent the norm for established authors. "Established authors" are a outnumbered by orders of magnitude by the rest of the populace. > If not giving you the last and final say on the matter qualifies as a mistake, I'm guilty. I don't think you'd grasp how to have an honest discussion if someone downloaded the idea and all its context and meaning into your brain Matrix-style -- and this sarcastic BS of yours only settles the matter. Go ahead. Have the "last word". It won't change its falsehood.

herlizness
herlizness

> Your remarks were unclear. Whether it has anything to do with a brain fart is beside the point. I gave what I think is a pretty clear and somewhat more complete answer with the original poster's interest in mind, not with "proving you wrong." I have no idea who you are and proving you right or wrong is of no interest or concern to me; clear explanation of the law DOES interest and concern me. On this post, you're not drawing the right distinction with respect to the protection accorded by registration. If you don't register a copyright, you cannot get ANY form of monetary damages in a court of law and readers likely want to know that if they don't already. To fail to raise this point because you assume that TR readers will not understand the distinction between statutory damages and actual economic damages makes no sense. But, if you think that distinction is important, why don't you simply explain it? Despite your protest, saying that copyright registration is either "rare" or "relatively rare" is fundamentally misleading. Registrations on works of authorship that anyone is likely to actually care about are quite common and represent the norm for established authors. > I'd prefer to stop when I've completed what I want to say. And I don't think I made any mistakes of fact. If not giving you the last and final say on the matter qualifies as a mistake, I'm guilty.

apotheon
apotheon

> The copyright office maintains a database of registered copyrights, not the patent office Yes. My fingers ran away from me, I had a brain fart -- something like that. > The "additional protection" you refer to is the statutory right to obtain money damages in court, which is not available to non-registrants. . . . which probably means nothing to most readers who don't know the difference between statutory awards and direct damage awards (e.g. appropriation of infringing profits). Thus, I kept the explanation simple and free of jargon in this case. Registration also provides other benefits, such as an official record of the date of registration, which can be useful in court proceedings where original authorship is in question. > Registration is anything but rare I didn't say it was rare, per se. I said it was relatively rare. Of all the trillions of copyrightable works committed to paper or film, posted to the web, or otherwise "fixed in a tangible medium of expression" every day -- most of which in the US are immediately subject to copyright -- a very, very small percentage of them is ever registered. Your reference to "a blog post or discussion list comment" clearly demonstrates the kind of thing that makes a registered copyright relatively rare. > The PTO's patent database IS comprehensive from 1790 forward; that said, a "list of patents" is really not going to be of any particular use to those not skilled in the art of reading and interpreting them. . . . or with several hundred man-years' worth of labor on hand to read through them for anything that might be relevant to the current patent issue one wishes to address. I'm curious about why you saw fit to speak of the patent database as if you're somehow refuting something I said, when you essentially restated what I had said about it; why you are so intent on proving me wrong about as much stuff as possible that you overstep yourself so thoroughly on your attempted corrections; and why you have never said anything in response to any comment of mine, ever, that was not contentious and at least mildly hostile in tone (as far as I recall) here at TR. If you had stopped at the ellipsis points, you would not have made any mistakes, and I would have thanked you for the correction. Instead, your comment has served to strengthen the impression that you have some kind of mysterious hate-on for me, and to riddle your comment with overstatements and hypercorrections. I suppose it's possible you're this abrasive and overzealous with everyone, but I don't stalk you to find out.