|No such thing as a small change|
Non-Disclosure Legal Fun w/ my ex-Employerby idnopheq (Chaplain)
|on May 27, 2001 at 17:20 UTC||Need Help??|
UPDATE: Yech ... This node is a reminder that I should not go near my PC when drinking. While historically correct, this node almost completely misses the point I was making, which is something along the lines of employer/employee expectations, verbal agreements, and the entaglements thereof. The legal aspects are a moot point, and largely brought about due to my blockheadedness. A few claifications in the original node will help explain.
My sincerest appologies to all, and thanks to those who pointed out my erroneous stuff about GPL ... I meant to talk about the spirit of it, not tha actual legal mumbo-jumbo. I am flogging myself in repentence.
With all the talk recently about DeCSS and the legal entanglements thereof, I encountered a situation a while back which, thanks to the linear way many perceive time, I can now discuss. For me, this is a bit of therapy. For others, maybe this will help in the future.
From Sun Tzu:
This node is chock full of intrigue, legal wranglings, David -v- Goliath-kind of stuff, and an Albert Einstein-look alike makes a cameo. This is about a simple System Administrator ( yours truly ) who did some perl coding and brought the legal weight of a Fortune 100 company down to bear on himself ( well, actually, they didn't break a sweat ... makes for good copy, tho! ). This node may sound like whining, but the lesson learned may be of benefit to others.
Anyone who works on firewalls, especially CheckPoint firewalls, likely knows about PhoneBoy. This site is a compenduim of FW-1 stuff, sometimes better than paid tech support.
Anyway, in the Downloads section exists several perl scripts to make life with FW-1 more flexible, the best of which is a script called fwrules42.pl.
The firewall group started to use this after I joined them. Basically, it takes the flat text files that make up a rulebase and kick the results out into HTML. We used it for peer review, periodic documentation archive, and for customers to review the access existing into their private network. BTW, the company would not lay out the cash for a COTS product.
Being the only perl coder in the group, I looked at the innards and made several modifications to the output. The script at the time did not handle things like IPSec rules and group memberships well. The HTML behind it was sometimes a little less-than-optimal.
So, as my grasshopper-trainees were covering my workload for a time, I proposed to management that I enhance the script, making it more useful and allowing the script to output to CSV as well for import into our help desk database. Especially important, I said, was that the script is open source, so I would post the new script back onto PhoneBoy.
Everyone agreed. A while later, fwrules50.pl came out. So, I stopped my work on 42 and migrated my changes to 5, which was a better script anyway.
When I was done, including testing, peer review, pod, etc., Management came to me and said I was legally bound NOT to post my alterations. I had signed a non-disclosure a while back and the corporate legal department deemed the script offered the company a competative advantage, even tho the competition was using the more robust COTS products we would not buy.
UPDATE: My point about the GPL-ness of the script was intended to be about open-source advocacy. My intent on working the script, as I vaguely mention below, was to incorporate my modifications and re-release it. Had the non-disclosure issue reared it's ugly head, I would have givin the whole thing a miss which I should have done anyway. I do not mean to imply that GPL is something it is not, but as I professionally and personally believe it's spirit to be.
I brought up the whole GPL thing. They laughed. I brought up the verbal agreement to my intentions. They pointed out that the non-disclosure stated verbal agreements do not superscede the writen. I said I never would have done it if this had been known. They said it was in the document I signed and it was their money & resources that paid for the changes. I retorted that perl is free, NT Emacs is free ( my editor-of-choice ), and the only thing they did was pay me for my time, which they had, by that point, more than recouped. The lawyers picked up their briefcases and left.
I became upset, in a professional manner, and began taking my case up the chain of command. My nose flattened and ears bled from the constantly slamming doors in my face. So, I went to my Einstein-looking lawyer. Told him the story. He went and did some checking, and then advised me to just let it go. The amount of money I would have to spend to prove I was right would put me into poverty about 40 times.
During this, I made one crutial mistake. I told my company I would seek a legal oppinion. when I returned, I had a gag order ( I kid you not ) waiting for me.
UPDATE: I conveniently neglected to mention that in the heat of the moment, I made an off-hand remark about releasing it anonymously. Thus the legal action was my own fault.
Well, I realized that the 15th of May caused the injunction to expire, thus I tell my woeful tale. I'm with a new employer now. As my skills have improved considerably in the mean time, I am beginning to rewrite the fwrules50.pl script again, this time on my own dime, without the benefit of my previous work ( which they grabbed they day I resigned and I let them, no personal backups or anything ... on purpose ). My stuff will also find it's way to the Monastery. The Einstein-look-a-like says I should be free to do so, legally, with a slim chance of future legal troubles.
In a bit of irony, before I left the company, tho ... they came to me and asked if I would improve a useradmin set of scripts for a new customer. The gaul! Were I a vindictive SOB, I would have broke it, but instead verbosely commented the thing as a friend was assigned the job after I left.
I know various other monks have had legal problems ( merlyn, others ). Anyone had anything simillar? Different tacks I could have taken? Advice for those who may need it in their day? Anyone encountered a company who subordinates the GPL or similar to their own selfish needs?
For those going into the workplace or changing jobs, I offer this advice: Have an attourney review the documents you sign before taking the job. Anything you do outside of your job description should be in writing. And, know where you stand with your principles and ethics before tangling with the suits.