Development & the Law: Code Reuse
law
development
About a year ago, I fell down a rabbit hole of information regarding the law as it relates to web development. You wouldn't think that you would run into any legal issues when building websites. But if you are a web developer, there are probably things you run into every day that could have legal implications.
While there are several topics that I want to cover, in this post I am going to focus on code. More specifically, code reuse.
Background
As developers, knowing how to fix bugs or implement features is important. Just as important is knowing where to look for help when you don't know. While Googling for help might not seem like a skill, you need to phrase your queries to help you find information about your specific situation.
In my experience, the most common sources for solutions we use as developers are StackOverflow, Github, and developer blogs.
Legal Issue
The problem we run into from a legal standpoint is that most of the time, these resources developers use provide code snippets. And its not uncommon for developers to copy and paste these snippets from online sources and use them directly in their applications. For the rest of this post I want to discuss this type of code reuse and its legal implications.
Before I do, it's standard legal disclaimer time.
I am not a lawyer, and did not study the law. This information is all based on research I have done online. This field is new and constantly developing. If you are unsure about something consult a lawyer.
Copyright
Under US law, source code is a literary work. So, like a news article or blog post, once it is written, it is immediately copyrighted.
Most developers don't realize that copyright applies to code. This because reusing or "stealing" code is such a common practice in our industry. "Don't reinvent the wheel" is a commonly used phrase when it comes to development.
So while source code is copyrighted, it is legal to use under the right circumstances. From what I can tell, there are three factors that determine whether or not reusing code is legal.
- How much and How Creative
- Where is the Code from
- How we use it
How much and How Creative
This requirement is probably the most abstract of the factors. The how much aspect of it is not clear. Most of the language I have seen is that something is not copyrighted if it can be considered a snippet. A snippet being something short enough that there is a good chance someone else could of thought of it on their own.
In terms of how creative the code is, the language is not clear either. But the examples I have come across put items into two categories. Code you came up with yourself, and code that is common use. Common use being algorithms, design patterns, and data structures. For example, I did a blog post on how to implement a queue in C#. I couldn't claim copyright on that code because it is a commonly known data structure.
Where is the Code from
When we talk about where the code is from, we are talking about how that source's rules for using the code. Regarding the examples I shared above as common sources of code for developers, Stack Overflow, Github, and blog posts, all have different rules.
Stack Overflow shares its code under the creative commons license. Under the creative commons license, you are allowed to use code that is shared. However, you need to properly attribute the work.
An example of how that would work is the following:
// Code found on stackoverflow at
//https://stackoverflow.com/questions/72126406/setting-scheme-programmatically-of-website
// Answered by Eric Herlitz
// https://stackoverflow.com/users/296568/eric-herlitz
// ISiteDefinitionRepository siteDefinitionRepository
var sites = _sideDefinitionRepository.List();
...
For Github, this would depend on the license for the provided repository. When setting up a project in Github, there are options to set the license.
For Open Source Licenses, you can create, modify, or redistribute the code, as long as you include the associated license. If you are using a whole repository, you can keep the existing license within it. If you are using a snippet, you need to include the license above the code snippet.
While this makes sense, it does bring up other questions. For example, if we are copying a JavaScript snippet, what kind of affect would that have on performance? For a more interesting read on that and possible solutions, check out Open source licensing notices in Web applications by Arnoud Engelfret for some great information and ideas on the subject.
For our last example, blog posts, the rules here are pretty simple. If a license exists, follow it. Otherwise, technically you need permission from the author. Just because they are sharing it online, doesn't imply they are giving permission. It's the same if an article was posted on CNN. Just because its posted, doesn't mean you can copy it and post it as your own.
Personally, as a dev who shares code on his blog, I do it with the intention that others could benefit from it. I believe lots of other devs do the same. So I don't think devs would complain too much if you leveraged something from their site. But its always better to be cautious. FYI, everything on my site is available under the following license.
How we use it
The third factor really depends on the license under which the code is shared. This will determine if you are able to use it for personal, commercial, or open source projects. Regardless of how you are using it, make sure you follow the rules of the license and properly attribute where required.
Consequences
Well... I haven't found any instances of legal repercussions for copying code. There have been reports online of organizations going through audits. This could happen if a code base is being transferred between organizations, and the receiving org wants to make sure they are covered.
For those reported audits, I have seen two solutions suggested for issues. The organization can either go through all the instances of code reuse and add the proper attribution. Or, the can have someone rewrite the code in a "clean room", where they don't have access to the source.
Final Thoughts
While I want to reiterate I am not an expert on this topic, I do find it very interesting. I think these topics will become much more important in the upcoming months and years. Historically technology has always progressed faster than the law. And with tools like ChatGPT and Github Copilot, which leverage models that are trained off of existing code found online, I feel like it poses even more of a legal risk.
So if you are concerned, remember to follow the licenses, always attribute the code writers, and make sure you consult with a lawyer!
Thanks to #WOCinTech for the teaser photo used in this post!