Legal liabilities that programmers need to consider

In our current business environment, lawsuits are all too common. Be aware of four areas that could pose litigation risks for programmers.

As a developer, lawsuits may seem like something you don't need to worry about; unfortunately, that is not a safe bet. There are plenty of things that programmers can do that put their employers, and possibly even themselves, at risk of litigation. Four potential lawsuit areas to be aware of are: breach of contract, patent violations, copyright problems, and data storage woes. (Please keep in mind that I am not a lawyer.)

Breach of contract

There are many ways a developer could get into contractual issues; projects done by a consultancy that get behind schedule or under deliver are a good example. If you are a service provider with a service level agreement (SLA), missing that SLA too often can put you in legal hot water; many SLA contracts even define explicit penalties, such as refunds of money or allowing the customer to walk with no early termination fees. Whenever you engage in work with a contract involved, make sure that you and your team have a firm understanding of the contract's details and how you need to work to comply with the contracts.

Patent violations

Something that we are seeing more and more is the use of patents as a business version of a nuclear missile. Regardless of your opinions on current patent law, you cannot ignore the reality that it is very easy to inadvertently find yourself in a position to be sued for patent violation. We've been seeing a surge in these lawsuits over the last 10 years, starting with the SCO lawsuits around UNIX. Today, fear of patent litigation has been causing all sorts of trouble in the industry, such as the delays around the <video> tag in HTML5.

Navigating the patent waters can be tricky. One constant is that most companies that are not patent aggregators tend to only enforce patents against competitors (like when hammered Barnes & Noble over "one-click shopping"). If you are doing something that seems to be unique in your space, you should check for existing patents first and possibly contact a patent attorney. If you are trying to implement a well-established algorithm, there may be deep patent coverage already; for example, it is essentially impossible to write video codecs without tripping over dozens of patents.

Copyright problems

Like patents, we're seeing developers get into hot water with copyrights. While open source software has been a great boon for businesses, programmers who do not properly understand the licenses (such as the popular GPL) are finding themselves in hot water. Not too long ago, for example, Microsoft was forced to open source a piece of code after a contractor included GPL'ed code in it. To avoid these issues, make sure that you understand the licensing and copyright of anything that ends up in your application, including graphics and code copied from the Web. Remember, just because someone posted it to the Internet does not mean that it is public domain. In fact, it could be code from a GPL project, and including it in your application would put your whole app under GPL too.

Data storage woes

If you are writing a SaaS application, you need to keep in mind that you are taking partial responsibility for that data. If the application gets damaged, lost, or falls into the wrong hands, the rightful owner may come after you. If your customers are putting data in your system that should not be there, you can find yourself on the receiving end of a call from lawyers or even law enforcement officials. Your terms of service should provide you with the legal cover you require, but all the same, this is a problem that can arise.

You will also want to be very circumspect with your program to make sure that no account can access another account's data. You should use encryption for any sensitive data at rest, and SSL for transmission of any data that is important. Also, you need to get familiar with the relevant laws relating to subpoenas and such, so if you are ever asked to provide user data, you know your legal obligations.