How software gets done Process

Does Committing Code to an Open Source Project Mean Committing Career Suicide?

Plenty of developers work on open source projects on their own time or even with their employer’s blessing. But before you become a committer, you should be aware of these legal concerns.
by Shawna McAlearney | February 25, 2011 Comments

In these days of economic uncertainty, it’s more important than ever for developers to contribute to open source projects. There are plenty of reasons to work on open source: to keep your skills up-to-date (especially if you are unemployed, underemployed, or want a better job), to make a difference in a community where your efforts are valued, or just to keep the open source project moving forward. Every snippet of code contributed builds a better mousetrap, but you also need to safeguard yourself from lawsuits.

Yes, lawsuits! Whether you contribute small bug fixes or entire code modules, every developer needs to be aware that some people do not look at such donations in the spirit of generosity. Being fired, being sued, or even having the foundry sued are just some of the consequences you could face if your employer finds out that you have become a committer.

“Contributing to open source projects without employer approval could be grounds for termination, lawsuits, or a promotion, depending on where you work,” says Ron Gula, CEO and CTO of Tenable Network Security, who runs the Nessus Project.

Adds Michael Overly, an attorney at Foley and Lardner, “An employer could go after the foundry for damages – and even potentially the end users of the open source product enhanced by its ‘stolen’ intellectual property. If the employer’s [intellectual property (IP)] is uploaded and contributed without its consent, the employer can sue the foundry and each end user directly for IP infringement.”

Part of the problem is the question, “Who owns the code?” and this can be a surprisingly complex issue.

“The general rule under the US Copyright Act is that the developer will own the copyright in and be the ‘author’ of the code unless (1) the developer is an employee and the code has been written ‘within the scope of employment’ of the developer, or (2) the developer has signed an agreement transferring the developer’s rights to the company,” says Frederic M. Wilf, an attorney at Morgan Lewis & Bockius.

Winning or losing a lawsuit over intellectual property hinges largely on the business or even the anticipated business of your current employer, says attorney Daniel Appelman, partner at Montgomery & Hansen.

“The test for what relates to the business or anticipated business of the employer is pretty easy to pass,” he clarifies. “One would look at the current products and services of the employer and also its business plan for new products and services going forward. If the invention at issue relates to either of those, then under California law, the employer owns the invention even though it may have been developed by the employee on his/her own time and without using the employer’s facilities.”

And what about the basics? Do you use your own computer? Work only on your own time? Use only your personal resources?

“Where did they get their ideas, programming, and tools?” asks Overly. “This is always a gray area. If the IP is developed using knowledge or tools gained from an employer, there is a strong presumption the IP belongs to the employer.”

What about using knowledge gained on the job? Watch out there, too.

“Even if the development is done during off-hours, the employee must carefully segregate in his/her mind what they learned from their employer and the employer’s intellectual property and what is truly the employee’s development, ideas, etc.,” says Overly.

Of course, many such issues could be avoided entirely by simply communicating with your employer prior to contributing code.

“If the developer is an employee, then the developer should not contribute any software or other code to an open source software project without first hashing out the issues with the employer,” says Wilf. Contractors shouldn’t assume that these issues don’t apply to them. “If the developer is not an employee, then the developer does not have that issue and the developer is free to contribute code to an open source software project, so long as the contribution does not interfere with any other contract the developer has signed, and so long as the developer does not use any trade secrets or confidential information of any other person or company,” Wilf adds.

He cites the fairly well-known case of Computer Associates International, Inc. v. Altai, Inc.,  982 F.2d 693 (2d Cir. 1992), in which a former employee of Computer Associates copied portions of software that he had written for Computer Associates into new software written for his new employer, Altai. “Once Altai was sued, it removed the copied code from the new software, and revised the new software using programmers who did not have access to the Computer Associates code,” says Wilf. “However, the court noted that the programmer may have incorporated Computer Associates’ trade secrets into the new Altai software in portions of the Altai code that did not directly copy the Computer Associates code. So, in the open source context, a developer must be careful not to use or reuse any source code developed for an employer or customer without written permission of the employer or customer, and the developer must be careful not to use any trade secrets of a former employer or customer for any other person or purpose.”


Wilf says there are many examples of developers being sued, but most of these cases are settled out of court. “One example is a group of programmers wanted to form a software company that competed with the software company that employed them at that time. They used their own time, money and other resources to develop their own, competing software.  However, they did so while still employed by their original employer. After the software was written, they quit their employer and opened their new shop to sell competing software.  They were promptly sued by the employer. The court ordered them to turn over the code to their now-former employer. Lesson: Quit first, then develop competing software, and don’t use any of the former employer’s code or trade secrets.”

“Unfortunately, the many examples rarely go to a published decision,” adds Wilf. “I based my comments on several cases, including Plains Cotton v. Goodpasture Computer and CA v. Altai.

And if you think you’re safe because you have your employer’s approval, have you considered all of the logistics?

Gula suggests, “Think of some simple things, like can the employer’s corporate e-mail be used? Is the employer entitled to audit the code contribution to make sure there is no conflict of interest?”

In an interview a few years ago, Ward Cunningham, developer of the first wiki, then the director of committer community development at the Eclipse Foundation and now CTO of AboutUs.org, said, “[Eclipse has] a code submission process and part of that is getting approval from your employer. Developers tend to be optimists who want to solve problems and aren’t so worried about what could happen.”

The bottom line: You aren’t an idiot to contribute to an open source project. It’s a wonderful thing that you do so. But give some thought to the consequences of open source involvement when you are also bound by an employer’s legal restrictions.

Share with your friendsJoin and Stay Current with the Community
JOIN RSS
Tags: | | | | | | | |
About Shawna McAlearney

Shawna McAlearney is a Boston-based freelance writer who has covered the business and technology space for more than 10 years. Her articles have appeared in a number of publications, including Information Security magazine, CSO, SearchSecurity.com, and CIO.

  • http://topsy.com/www.softwarequalityconnection.com/2011/02/does-committing-code-to-an-open-source-project-mean-committing-career-suicide/?utm_source=pingback&utm_campaign=L2 Tweets that mention Does Committing Code to an Open Source Project Mean Committing Career Suicide? — Topsy.com

    [...] This post was mentioned on Twitter by Esther Schindler, sjvn, Pam Baker, Lisa Hoover, Mike Bucken and others. Mike Bucken said: RT @sjvn: Does committing Code to an Open Source Project Mean committing Career Suicide? http://shar.es/3dwyr [...]

  • http://www.gilyehuda.com Gil Yehuda

    A simple solution (the one I implemented at Yahoo! Inc., and others have implemented in other tech companies) is to provide a process for granting the copyright of the code back to the developer. Developers who seek to contribute to Open Source projects “on their own” come to me before they contribute the code and show it to me first. In some cases it totally makes sense that this “ought to be” their own code — and we can ensure it is with a copyright grant and license. In other cases it does not make sense to grant this code to them (since it may be related to our business, but in a different group) and we can decide if we opensource under the company name.

    Either way, by making the process transparent and easy, we get to have the conversation before anything goes out the door. And then we can do the right thing based on the situation at hand. It’s a win-win for the company and the developer (as well as the open source community), and it’s legal — in fact, our IP lawyers are part of the process.

    Open Source is all about transparency. So by simply being transparent and encouraging it within your company, you avoid problems.

  • http://www.facebook.com/hafizanil Hafizan Aziz

    Yes and No.I build open source software because there is a person who test.Around 10k people download my software,i see various of idea of people like enhancement of the program,good request and bad request.The nature given free software is very hard and difficult.

  • http://marjancek.myopenid.com/ Moi

    This article is bullsh1t; it cites examples of employees copying portions of code from work, which is *of course* illegal.

    It is also true that you probably signed something saying you won’t work in the same field for anyone else.

    But I don’t see how working in an open source project that doesn’t compete with your company can get you in trouble.

  • Anonymous

    Some companies think that they own the rights to every bit of code you write at any time from the moment you sign on with them, regardless of subject matter or relevance.

  • http://www.whatisthebestandroidphone.com/new-android-powered-t-mobile-g1-phone/ New Android-powered T-Mobile G1 Phone | What Is The Best Android Phone

    [...] Does Committi&#110&#103&#32Code to an Open Source Project Mean Committing … [...]

  • http://www.siamsourcecode.com/programming/?p=2143 Does Committing Code to an Open Source Project Mean Committing … « Siam Source Code – สยามซอร์สโค้ด

    [...] Read the rest here: Does Committing Code to an Open Source Project Mean Committing … [...]

  • http://madhatter.ca The Mad Hatter

    This is one of the stupidest arguments that I’ve ever seen. Most of the programmers I know got hired BECAUSE of the Free Software contributions! Being able to see source code written by a developer makes it a lot easier for an employer to evaluate the developer’s skills. And the employer expects the developer to keep involved, to maintain their skills.

    Then we get to the oh so holy ‘IP’… Intellectual Property is a misnomer. It’s a nonexistent concept. Even if it did exist, it could not be developed by a company, companies aren’t creative. People are creative. Companies can attempt to steal it of course, and do attempt to steal it, which is why my recent submissions about copyright have included the suggestion that copyright be non-transferable from the creator (a human), except by inheritance, and that corporations be barred from owning copyrights and/or patents. If there’s reason for a corporation to need to use a copyright or a patent, they could license it for a limited time, with automatic renewals disallowed.

    In Computer Associates v. Altai, going by memory, the court misunderstood what had actually happened. The developer hadn’t ‘copied’ the source code, he’d written a new version with the same functions and capabilities. That some of the source code was practically the same was a function of the programming environment, in which certain functions had to be done certain ways. That’s why the tires on most automobiles look so much alike, they have to or they won’t function.

    My personal opinion is that you should just delete this entire article. It’s a useless piece of FUD, and makes your site look unprofessional.

    Wayne aka The Mad Hatter

  • http://loading-info.blogspot.com Gian Faye

    Atleast when they’re not in their office.

  • http://www.gilyehuda.com/2011/02/28/who-owns-your-ip/ Who owns your intellectual creations? | Gil Yehuda's Enterprise 2.0 Blog

    [...] came across this article with a catchy title Does Committing Code to an Open Source Project Mean Committing Career Suicide? where the author highlights this issue.  Assume that committing code to an open source project is [...]

  • http://pupeno.com J. Pablo Fernández

    This is FUD. The author talks about employees building a new company, it has nothing to do whether the code was open source or not. This article should be titled: “Be careful when do anything if you signed your soul of to a company”. Whether what you do is open source or not, when such a contract exists, it’s irrelevant. And actually, some companies would be more worried of non-open source project than open source projects.

  • http://profiles.google.com/jimcollins jim collins

    What Wayne Borean said.

blog comments powered by Disqus