Do you know the lineage of your software code?

Out-Law News | 10 Jun 2004 | 12:00 am | 2 min. read

Code copying is rife. More than 75% of software developers will reuse blocks of code that were written elsewhere. But it does not automatically follow that they are breaking the law: sometimes copying is done with permission, sometimes no permission is required. The problem for those who employ developers is that they need to understand where the legal boundaries lie.

A survey conducted by OUT-LAW.COM gauged responses from 3,970 coders. There was a general acknowledgement of the practice of reusing and 'borrowing' code. The problem, according to Susan McKiernan, an IT lawyer with Masons, the international law firm behind OUT-LAW.COM, is that "Many developers don't know and cannot be expected to know where the legal boundaries lie."

McKiernan, who reported on the results for the latest edition of OUT-LAW Magazine said that 889 additional comments received from those who completed the survey demonstrated that "developers are more clued-up about intellectual property rights than they are given credit for."

But she also warned that companies must take care to avoid placing the burden on individual developers "to make a judgement call about what can and cannot be copied."

"Most software – including open source software - is available for reuse only if licence conditions are followed," explained McKiernan.

"Some code can be reused without following licence conditions if the section taken is not a substantial part of someone else's work. But the problem lies in figuring out what is a substantial part of a software program – and it's not fair to expect developers to make that call. Copying a small part of the code, even just 2% in one case, could amount to a substantial part because courts will look at the quality of what is taken, not just quantity."

Blocks of code do not need to be identical for copyright infringement to arise. Almost 90% of developers said they would reproduce the way another piece of software functions, without copying any code. By consulting the original code and program, however, a developer could still be found to have copied a substantial part, simply by following aspects of structure and design, sequences of operations or algorithms.

McKiernan explains that the best practice is to obtain permission in all cases. "Libraries of code developed and shared in-house are unlikely to present any problems. Problems may arise, however, when the code is introduced from elsewhere by an individual who has not gone through a proper approval process."

The survey found that almost 80% of programmers keep a personal code library and almost 85% of that group would take their code library with them if switching from one employer to another. The figures equate to around 67% of the developer community taking personal code banks from job to job.

"The key message for any company is that it should have an audit trail for its software development projects," said McKiernan, "and this may require some training for developers to avoid bad practices. Doing so helps to avoid an individual developer being required to judge what is or is not substantial."

Clean room procedures, carefully worded contracts and comprehensive insurance cover also play important parts. Companies like London-based insurer Digital Risk Solutions already offer policies that cover some forms of code copying in the event of a lawsuit.

"We're not saying that a developer cannot use code from third party software," said McKiernan. "Often its just a case of getting someone in the company to check the licensing position, even if it is open source software. But employers need to understand that it is their company, not their individual developers, that are likely to be the target of any action for infringement."