Do you have Legal ‘Viruses’ in your Code?

Do you have Legal ‘Viruses’ in your Code?

Most developers I speak to are under a lot pressure to deliver. They borrow code from ‘open source’ libraries and think they are free to use it in their deliverables. They don’t have time to read software licences. For many of them, English is a second language, and even native speakers cannot be expected to understand the nuances of contractual interpretation, particularly under ‘multi-licensed’ software with conflicting terms. Discussions of licence terms in forums such as HackerNews and Reddit are typically prefaced with the disclaimer IANAL (“I am not a lawyer”).

coding pic

As a result, it’s not surprising that a significant amount of proprietary code is in breach of open source licences, increasing the risk of lawsuits. For example, a 2010 code audit undertaken by Open Logic, found that 71% of iPhone®, iPad® and Android™ apps failed to comply with the open source licence terms. Disturbingly, there was 0% compliance with Android apps incorporating software licensed under GPL/LGPL.

The latter contain ‘viral’ clauses covering third-party software incorporated into their software product, which require you to release source code to your competitors or open you to risk of a copyright infringement claim for non-compliance with various conditions.

The problem is there are hundreds of licences “in the wild”. Further, the license agreements themselves are not drafted by lawyers, and therefore include ambiguous or contradictory language.

For example, the BSD license is one of the most popular in the ‘open source’ community, and in fact, BSD licensed software is running the MacBook Pro computer I am writing this on. However, the BSD license arguably requires you to put a broad liability disclaimer “in the documentation and/or other materials provided with the distribution”. Therefore, it is not clear whether the BSD disclaimer itself is ‘viral’ (particularly where the BSD-licensed software itself is modified in order to incorporate it within the ‘downstream’ software). Such uncertainties do not help attempts to comply with the licence.

The moral of the story is: make sure you check and understand the licence terms of any software incorporated into your code, and assess your risk of non-compliance. Otherwise, you could find some nasty surprises, particularly where you are providing a warranty or indemnity that your code is not in breach of any third party IP rights.