www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <rdon...@apache.org>
Subject RE: Corporate Contributions
Date Fri, 25 Mar 2005 10:48:47 GMT
On Thu, 2005-03-24 at 17:15 -0800, Jim Barnett wrote:
> All of this sounds imminently reasonable and common sensical.  But
> remember, we aren't dealing with common sense here, but rather with
> law and lawyers.  (How's that for a little self-deprecation?)



> What if it is a malicious contribution as it relates to the employee,
> but not as it relates to the employer?  In other words, what if the
> employee maliciously, willfully, intentionally, etc., hacks into his
> or her employer’s secure internal systems and lifts valuable code
> belonging to his or her employer, without the employer’s knowledge or
> consent, then contributes that code to an ASF project?  In this
> example, the employer (1) owns the code and (2) never agreed to permit
> its contribution to ASF.  Under US law, at least, the employer most
> likely could require ASF and all downstream licensees of the stolen
> code to stop using it.  It is even possible that ASF and those taking
> through it could have some liability for money damages to the
> employer.  Under the ICLA ASF could go after the employee for breach
> of the employee’s representation that he or she had the right to make
> the contribution, but will that make ASF and/or downstream takers
> whole?  Not likely.   

under UK law, this is theft pure and simple. it's the same as any other
inside job. the perpetrators of such a crime would face many years at
her majesty's pleasure in a proper british prison (the ones that the UN
keeps complaining about) if they were caught. not a pleasant prospect.

there would then be two questions: was the code stolen and did the ASF
and other downstream users act in good faith. 

a court would need to rule on the first. if ASF and other downstream
users were in the habit of receiving code that they knew or should have
reasonably suspected was stolen then that's a criminal matter, not a
civil one. most likely, those involved would be cr*pping in a bucket for
a number of years to come. 

on the other hand. if they acted in good faith then yes, they would have
to stop using the code (or come to some sort of agreement with the
owners) but there really isn't any question of a civil remedy. the ASF
would also be a victim of the crime.


> The real risk is an employee who doesn't understand their employment
> contract, and doesn't know to see a CCLA based on their employment
> contract, state law, and their Employer's awareness / complicity in
> their open source participation.  The most dangerous situation is
> a jurisdiction in which the Employer owns all IP the employee creates,
> and was never made aware of the employee's participation.


> So perhaps modifying the CLA to point out that these situations can
> lead to problems, remind them they are asserting they have the legal
> right to grant their code submissions, and point them to the CCLA
> if the situation is either ambiguous or if they explicitly do not
> have such rights.



> The problem with stopping at the ICLA is that the ICLA is a contract
> soley between ASF and the contributor.  The contributor’s employer is
> not a party, no matter what ASF requires the employee to represent
> with respect to the employer’s awareness of or consent to the
> employee’s participation.  That document does not have any effect on
> the employer’s actual rights and remedies.  In the case where an
> employee-contributor for whatever reason (malicious or simply
> accidental) signs an ICLA, and does not have his or her employer sign
> a CCLA, then later contributes something that actually belongs to the
> employer, having a beefy, clear ICLA on the issue is great for ASF
> asserting its remedies against the employee, but accomplishes little
> defensively against the employer’s ownership claim.   

the problem in the UK is that employment statue takes precedence over
contract law. it is based on different principles (master-servant). 

if a UK employee breaches UK employment law in such a way that a court
reassigns copyright ownership to the employer then it's hard to see what
remedy any downstream user would have. the code in question would be
owned by the employer. 

- robert 

DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message