Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Non-Disclosure Legal Fun w/ my ex-Employer

by idnopheq (Chaplain)
on May 27, 2001 at 17:20 UTC ( #83596=perlmeditation: print w/ replies, xml ) Need Help??

UPDATE: Yech ... This node is a reminder that I should not go near my PC when drinking. While historically correct, this node almost completely misses the point I was making, which is something along the lines of employer/employee expectations, verbal agreements, and the entaglements thereof. The legal aspects are a moot point, and largely brought about due to my blockheadedness. A few claifications in the original node will help explain.

My sincerest appologies to all, and thanks to those who pointed out my erroneous stuff about GPL ... I meant to talk about the spirit of it, not tha actual legal mumbo-jumbo. I am flogging myself in repentence.

With all the talk recently about DeCSS and the legal entanglements thereof, I encountered a situation a while back which, thanks to the linear way many perceive time, I can now discuss. For me, this is a bit of therapy. For others, maybe this will help in the future.

From Sun Tzu:
He who knows when he can fight and when he cannot will be victorious.

This node is chock full of intrigue, legal wranglings, David -v- Goliath-kind of stuff, and an Albert Einstein-look alike makes a cameo. This is about a simple System Administrator ( yours truly ) who did some perl coding and brought the legal weight of a Fortune 100 company down to bear on himself ( well, actually, they didn't break a sweat ... makes for good copy, tho! ). This node may sound like whining, but the lesson learned may be of benefit to others.

Anyone who works on firewalls, especially CheckPoint firewalls, likely knows about PhoneBoy. This site is a compenduim of FW-1 stuff, sometimes better than paid tech support.

Anyway, in the Downloads section exists several perl scripts to make life with FW-1 more flexible, the best of which is a script called fwrules42.pl.

The firewall group started to use this after I joined them. Basically, it takes the flat text files that make up a rulebase and kick the results out into HTML. We used it for peer review, periodic documentation archive, and for customers to review the access existing into their private network. BTW, the company would not lay out the cash for a COTS product.

Being the only perl coder in the group, I looked at the innards and made several modifications to the output. The script at the time did not handle things like IPSec rules and group memberships well. The HTML behind it was sometimes a little less-than-optimal.

So, as my grasshopper-trainees were covering my workload for a time, I proposed to management that I enhance the script, making it more useful and allowing the script to output to CSV as well for import into our help desk database. Especially important, I said, was that the script is open source, so I would post the new script back onto PhoneBoy.

Everyone agreed. A while later, fwrules50.pl came out. So, I stopped my work on 42 and migrated my changes to 5, which was a better script anyway.

When I was done, including testing, peer review, pod, etc., Management came to me and said I was legally bound NOT to post my alterations. I had signed a non-disclosure a while back and the corporate legal department deemed the script offered the company a competative advantage, even tho the competition was using the more robust COTS products we would not buy.

UPDATE: My point about the GPL-ness of the script was intended to be about open-source advocacy. My intent on working the script, as I vaguely mention below, was to incorporate my modifications and re-release it. Had the non-disclosure issue reared it's ugly head, I would have givin the whole thing a miss which I should have done anyway. I do not mean to imply that GPL is something it is not, but as I professionally and personally believe it's spirit to be.

I brought up the whole GPL thing. They laughed. I brought up the verbal agreement to my intentions. They pointed out that the non-disclosure stated verbal agreements do not superscede the writen. I said I never would have done it if this had been known. They said it was in the document I signed and it was their money & resources that paid for the changes. I retorted that perl is free, NT Emacs is free ( my editor-of-choice ), and the only thing they did was pay me for my time, which they had, by that point, more than recouped. The lawyers picked up their briefcases and left.

I became upset, in a professional manner, and began taking my case up the chain of command. My nose flattened and ears bled from the constantly slamming doors in my face. So, I went to my Einstein-looking lawyer. Told him the story. He went and did some checking, and then advised me to just let it go. The amount of money I would have to spend to prove I was right would put me into poverty about 40 times.

During this, I made one crutial mistake. I told my company I would seek a legal oppinion. when I returned, I had a gag order ( I kid you not ) waiting for me.

UPDATE: I conveniently neglected to mention that in the heat of the moment, I made an off-hand remark about releasing it anonymously. Thus the legal action was my own fault.

Well, I realized that the 15th of May caused the injunction to expire, thus I tell my woeful tale. I'm with a new employer now. As my skills have improved considerably in the mean time, I am beginning to rewrite the fwrules50.pl script again, this time on my own dime, without the benefit of my previous work ( which they grabbed they day I resigned and I let them, no personal backups or anything ... on purpose ). My stuff will also find it's way to the Monastery. The Einstein-look-a-like says I should be free to do so, legally, with a slim chance of future legal troubles.

In a bit of irony, before I left the company, tho ... they came to me and asked if I would improve a useradmin set of scripts for a new customer. The gaul! Were I a vindictive SOB, I would have broke it, but instead verbosely commented the thing as a friend was assigned the job after I left.

I know various other monks have had legal problems ( merlyn, others ). Anyone had anything simillar? Different tacks I could have taken? Advice for those who may need it in their day? Anyone encountered a company who subordinates the GPL or similar to their own selfish needs?

For those going into the workplace or changing jobs, I offer this advice: Have an attourney review the documents you sign before taking the job. Anything you do outside of your job description should be in writing. And, know where you stand with your principles and ethics before tangling with the suits.

HTH
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.

Comment on Non-Disclosure Legal Fun w/ my ex-Employer
GPL/artistic licence issues
by Anonymous Monk on May 27, 2001 at 20:14 UTC
    Your post strikes me as I'm currently starting a 'legal fight' with my employer
    (I really don't like it, but I'm not given any other option).

    Being all but a lawyer, I'd like to know how the GPL/Artistic Licence affects what I coded while I was employed, specifically :

    I used the LWP to code several products for my (futur ex) company.
    I'm employed in France.

    • Isn't it mandatory to make public the sources of those product as they were made using LWP and Perl ?
    • Is it legal to keep perl script sources secret
      (based on the fact that they're only executed on our servers, even if we're selling the use (ASP)?
    • Am I allowed to code a new 'open source' (here read 'free') version of the products (as the GPL grant me the right to enhance anything producted by a GPLed product) without exposing legal pursuit ?
    • Can I use the fact that they use several GPL,Artistic licence based products without granting access to source against my company ?
    • Can my company claim any rights on the SOURCES of a product based on the LWP ?
      (I know they can charge for it, but can they forbid someone else (me?) to use the sources to make a new products (free or not)
    I know that my questions are REALLY vague, but feel free to ask for any info you'll find necessary to give me an accurate answer...

    If you find the question redundants, you're probably right, but I want to make things sure, by asking them a slighltly different way...

    NOTE: Sorry for not posting under my real nick, but as my employer and several co-workers can read this post,
    I prefer to play it safe...
    (I'd like to add, for those willing to restrict AM rights, that I've never been so happy that AM CAN post...)
      I'm not to sure about your question about proprietry code that relies on GPL stuff. When in doubt, I tend to think "What does Debian do?". They never package proprietry code, so that doesn't help. Red Hat and SUSE do, so that makes me think it's ok.

      As an example, just because something compiles under gcc doesn't mean it inherits the gcc (GPL license).

      Had you modified LWP in any way, however, you would have had to release your LWP changes as GPL.

      I'm not familiar with the Artistic License (PERL), but at work we use a product which stealth installs perl on the hard drive without making a mention of it, and then uses it as a back end. This indicates that either it's ok to abuse the perl distribution license a bit or that the authors of this software are over the line.

      You are definately allowed to write your own free version of the software that you wrote for your company, but if it looks too similar you leave youself open to charges of copying. The GNU people do this all the time (it's called Chinese Wall or Black Box coding - you try and reproduce the functionality with no knowledge of the inside workings. Gnutella, ICQ and AIM clients were done like this).

      Update Chromatic gives a much better answer below.

      ____________________
      Jeremy
      I didn't believe in evil until I dated it.

        Thanx Jepri !

        By the way, I may contact you soon for any available contract
        (seen on your homenode ;-)
        According to the GNU GPL FAQ:

        The GPL does not require you to release the modified program. You are free to make modifications and use them privately, without ever releasing them. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.

        So if you modify LWP, and you release it, it has to be under the GPL
        (Update:considering LWP being released under the GPL; I don't know how it works under Artistic License)

        Greetz
        Beatnik
        ... Quidquid perl dictum sit, altum viditur.
        Section 8 of my copy of the Artistic License says:
        8. Aggregation of this Package with a commercial distribution is always permitted provided that the use of this Package is embedded; that is, when no overt attempt is made to make this Package's interfaces visible to the end user of the commercial distribution. Such use shall not be construed as a distribution of this Package.
        I believe that this explicitly allows the "stealth install".
      Disclaimer: I am not an attorney at law, nor is this legal advice, especially in your jurisdiction.

      With programs licensed under the GPL and the Artistic license, you are free to choose one to follow. You do not have to follow both. (You are also free to make other arrangements with the copyright holder, if you can.)

      Under the GPL:

      • You must make the sources of your product available to anyone to whom you distribute your product.
      • Linking to a GPLd application still falls under these rules.
      • It is *probably* okay not to distribute sources executed only on your server, as the output of a GPLd program is generally not also GPLd. This is a point of contention, however, and will likely be addressed in GPL v3.
      • In general, only the copyright holder can pursue legal action against someone violating the license. Specific laws in your jurisdiction may apply.
      • If you modify the program, you only have rights to your modifications, not the original version.

      Under the Artistic License:

      • You are not required to provide your modified sources to people to whom you distribute your modified version. You must provide documentation that describes your changes in detail, though, and you must rename any modified applications. You must also provide instructions on how to obtain the original version.
      • Linking to libraries or packages under the Artistic License does not require your application to use the Artistic License.
      • The output of a program under the Artistic License does not fall under the license.
      • Again, it's probably only the copyright holder who can pursue license violations.
      • If you modify the program, you only have rights to your modifications, not the original version.
      In either case, you do not have a right to the source of an application from a user or company if the application has not been distributed to you. (That sentences parses poorly.)

      ObDisclaimer: I am not a lawyer, though I should have normally become one. I just chose Perl instead of Law, go figure...

      Hey AM!
      In France, the law about copyright makes really clear that everything you do during the time spent in a company and for tasks that are described in your contract belongs to the company.
      No matter the nice GPL forewords you may write at the top of your file. As long as you're hired to write programs, all the programs you write during your work hours aren't yours.

      Now, that being said, you may be aware that Perl (and most of the modules that come with Perl, including LWP) is ruled by two licenses: the GPL (french translation) and the Artistic License. If you read the 5th article of the Artistic License, you'll notice that one can distribute a program (or package) in another product. This other product doesn't need to be available for free.

      That being said, I don't think that your (future-ex)company will apply the GPL for the programms you wrote, if it has half a clue of where its interests are... Since they belong to it, the License can easily be switched to the Artistic License.

      As for distributing the sources of the programs. As I understand the Artistic License, you don't have to provide the source of the package, as long as you document where can you find the original version, and what modifications did you make to the package.

      /msg me if you want more infos on how coypright and intelectual property works in France!

      <kbd>--
      my $OeufMayo = new PerlMonger::Paris({http => 'paris.mongueurs.net'});</kbd>
        In France, the law about copyright makes really clear that everything you do during the time spent in a company and for tasks that are described in your contract belongs to the company. No matter the nice GPL forewords you may write at the top of your file. As long as you're hired to write programs, all the programs you write during your work hours aren't yours.

        I agree, but
        As the product I wrote for the company use and modify the LWP which is GPL'ed -> this product is GPL'ed (even if owned by my company).
        So I should be allowed (at least) to modify and sell it ?(I should be granted an acess to the source and a right to modify)
        In this case how could I be sued for copy ?
        Or did I miss something ?
Re: Non-Disclosure Legal Fun w/ my ex-Employer
by Brovnik (Hermit) on May 27, 2001 at 23:05 UTC
    Different tacks I could have taken?
    Couple of ideas which may have helped (and I have used in the past).

    1. Follow up any verbal agreement with an email, with a first line something like "This is just a quick note to confirm the recent discussions."
      You can then argue (quite reasonably) that the agreement was in writing, since, if "they" don't agree, it is up to them to replay and follow up.
    2. Post the code regularly to somewhere public, if that is your final intention anyway.
      It is too late to do this after the legal people are involved, but if you set an early precedent, it is easy to continue.
    3. Assuming you submit reports "up the chain of command", then you can add the one liner under achievements for the month that "Version 0.93 has been submitted to the XXX archive for review". Again, assuming that either the report isn't read, or that the implications aren't picked up, you have set the precedent.
      If the implications are picked up, then you get an early warning of problems ahead. Either way, you get a chance to end up with a better result, with at least a chance to have the argument early on.

    --
    Brovnik
(dws)Re: Non-Disclosure Legal Fun w/ my ex-Employer
by dws (Chancellor) on May 28, 2001 at 00:00 UTC
    I proposed to management that I enhance the script, making it more useful ... Especially important, I said, was that the script is open source, so I would post the new script back onto PhoneBoy.

    A laudable intention on your part. However, unless I'm misreading your story, the updated script was not part of a product that your employer was selling. If that's the case, then your employer is within their rights to refuse to publish the improvements that you made. As hard as it may be to stomach, your lawyer gave you good advice: You did good by pursuing the issue, now let it go.

    Your managers might also have started off with good intentions. Sadly, "We thought we could do this, but our lawyers told us otherwise" isn't a rare experience for managers in big companies.

Re: Non-Disclosure Legal Fun w/ my ex-Employer
by lemming (Priest) on May 28, 2001 at 00:42 UTC
Re (tilly) 1: Non-Disclosure Legal Fun w/ my ex-Employer
by tilly (Archbishop) on May 28, 2001 at 08:35 UTC
    I just downloaded and looked at fwrules50.zip.

    It appears to be under the GPL. I see no other applicable license. The main copyright holders appear to be Stephan Moser and Sean O'Neill.

    IANAL, this is not legal advice. However here is what my limited understanding says.

    1. I have no idea whether you have strong legal grounds for complaint. Probably not.
    2. If the company is distributing a product based on this software and is not giving source code or telling their customers that it is GPLed, then both Stephan Moser and Sean O'Neill have grounds for complaint. Unlike you they signed no agreement. Indeed it is their copyrighted code that is being used without permission.
    3. The FSF is interested in pursuing cases like this. They more than anyone else would like to see the GPL proven in a court of law, and they would prefer to see it happen on a fairly simple case where they are clearly in the right.
    4. I have no idea what your rights as a whistle-blower would be. In an ideal world you would have perfect immunity. This is not an ideal world, I don't even know what country you are in, let alone the laws that apply to you. Before raising a case you may wish to talk to a lawyer again with this question. If I raise this issue to the copyright holders and offer to serve as a friendly witness, what could my former employer try to do about it? Only if you are comfortable with the answer should you proceed.
    I am deadly serious about the last item. Remember that one of the obvious defences that the company will have is that you are lying, the script was developed independently, and you are lying to get revenge to settle a feud. It will be no problem for them to make up a plausible lie, and no problem to find people who are willing to repeat those lies under oath..

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://83596]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (7)
As of 2014-12-22 04:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (110 votes), past polls