I got into this with another set of engineers on Reddit where I discovered there’s a subculture of engineers who don’t believe you can’t actually own code and apparently take a copy of their employers source code repository everytime they switch jobs.
Edit:
Updated “can actually own code” to “can’t actually own code”
FYI the edit might have made it more confusing, since there's a double negative now. "don't believe you can't actually own code" reads as "believe you can actually own code", which I'm not sure is what you were going for.
One thing I regret is not taking a copy of the code I wrote for another company, so many handy little utility functions I made that I then had to recreate. The transaction costs for b2b are far too high for any reasonable sale, so exfiltration is the utilitarian choice.
That’s still just theft if you’re not a contractor? Full time software employees are doing work for hire. There’s plenty of moral and ideological arguments about theft being morally acceptable in this situation but I was more marveling at the people who thought that taking source code from their company was legally not theft
There are situations where developers emailed/cloud uploaded/took hard drive of code they had been working on when he left the organization and were looking at prison sentences for theft...not copyright infringement. They didn't even give it to someone or reuse it somewhere. Just the fact of trying to keep it when they left as illegal.
All that to say that in some circumstances taking source code is considered theft.
in my country, copying source code is definitely theft and is contractually enforced. but reproducing similar concepts/architectures from memory happens often
Your jurisdiction may have a law called "IP theft" or it may not, either way the moral category of "theft" does nor apply.
(Also, if it was theft this particular example would be theft in the same way that taking a book from someone's recycling bin would be theft: no one is worse off)
1. Suppose the OP did not take the source code files, but memorized the source code and later recalled it from memory. Would that be theft?
2. Suppose the OP neither took the file nor memorized the code, but had photographic memory and replayed the exact visual scenes during their creation of the utility functions and copied down the code from what they saw in their mind's eye. Would that be theft?
3. Suppose the OP was solving a seemingly novel problem and suddenly remembered how they solved the exact same problem when they were employed by company X. Are they obligated to banish this solution from their mind?
For the other examples, it depends but I'm pretty sure a copyright infringement case for either of them wouldn't be immediately thrown out. IANAL but I do know that law is quite fuzzy.
It’s alarming because, in my experience, anything you write for an employer is intellectual property of the company. Unless he wrote that Box demo all on his own time and his own equipment completely outside of work, or Box has some abnormal contract with their employees, he can’t just slap an MIT license onto it and call it open source.
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.
Worse than that, many companies have clauses that indicate that any software you write (regardless of whether for the company or not), belongs to them. I don’t know if this would hold up in court, but it’s there in the contract.
It’s pretty hard not to overlap with big tech companies. Everything has been touched internally.
My understanding is the same though. Unfortunately whether a clause is legal or not may matter little - you’ll run out of cash for legal bills before they do. The best defense is probably just that most companies don’t care about your side projects.
Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.
Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.
If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.
It's easiest and sanest to assume that people are not lying.
> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Yep, that's the reasonable default position.
If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.
The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.
That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)
"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.
You can assume whatever you want but the cops may not be very impressed.
There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.
If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.
I'm not talking about this code in particular - I am talking about all code presumably written by individuals and posted on GitHub with a LICENSE file saying it's free software.
It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
This case is no different.
Nothing in the author's linked story suggests this code is not MIT licensed as the repo claims. It is unreasonable to assume that the license file in the repo is false; nothing available to us supports this assumption.
I think it's reasonable to assume that it belongs wholy to Uber and that he was acting illegally to publish it on github. He even showed us the sofa in the Uber office where he wrote it. He told us his manager asked him to write the code and seemingly had no idea that he'd written a database engine. He told us that they were paranoid of industrial espionage at the time. There seems to be zero reason to suspect that Uber carved out a specific exception to the usual employment contract enabling him to work on and release this code as FOSS while at the company.
Yeah, you want to get rid of uncertainty, but it's here to stay. The whole legal system is not brought to its knees over the fact that no code on GitHub (gasp) is automatically guaranteed to be safe against copyright infringement.
> It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
Yes, absolutely: presumption, not certainty. (Nitpicking the phrasing: presumption that the copyright is not a lie, the issue does not even venture into licensing.)
You seem to be using an absence of evidence as evidence of absence.
There's nothing to explicitly suggest that either is the rightsholder; that is another assumption, which is directly counter to the fact that the person who wrote the code posted it alongside an MIT license.
Not when he wrote it for and showed it to box. Doesn’t matter how he “licensed” it. They would have had good legal standing to come after him. I can’t believe he wrote that on his blog. He should honestly take it down.
> I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.
You can be 99.999% sure unless the engineer went through a long painstaking process to get Box or Uber to open-source and then re-license the code to MIT, it was fully owned under traditional copyright by Box when it was originally authored.
Actually, it gets fairly complicated, because he created a derivate work at Uber with with what is likely Box's IP.
Sorta. He has a license (MIT), but no copyright statement. The license is an agreement between the copyright holder and the user. Normally he would have gotten the sign-off from his employer to release this, and this thing would be Copyright: Box, License: MIT. But there's no explicit copyright holder stated, which makes me think that he just uploaded and "licensed" code that he doesn't own.
The code is MIT licensed if and only if the copyright holder - not the author of the story but respectively Box or Uber - explicitly made it MIT licensed. Without a legally binding commitment from these companies, a "license.txt" at the repository can't make it MIT licensed, all it means that the author is lying about its license. He doesn't own the code (despite writing it) so his "permission" is worse than worthless (by being dangerously misleading) without an explicit blessing by the company - even an implicit "we probably don't care" doesn't cut it.
He could be authorised to open source the company code he wrote. Though, I wouldn’t bet it’s the case there. But Uber has a lot of Open-source projects so they are perhaps allowing engineers to decide themselves.
You can't just re-license intellectual property that someone owns the rights to. EVEN if you authored originally. It's likely Box and Uber own rights to different parts of the IP, under both employment law, and his employment contract.
