Open source code extending / implementing proprietary software

| | August 5, 2015

I have a bit of a legal question, not sure SO is the place for it, but there’s not a ‘software development legal’-exchange yet afaik.

In my daily line of work, I work with a proprietary API (part of paid software, although developing for the software and getting the libraries etc. is free). This API and the software itself has its flaws, but, as it’s Java code, one can work around it by extending existing classes, building unit tests, and writing helper classes.

The legal questions now. Is it legal to build an open source library or collection of code snippets that extends or relates to the proprietary code? Of course, this is without including the actual libraries in the project.

Example:

import com.acme.api.SomeProprietaryClass
class OpenSourceClass extends SomeProprietaryClass {
    // something.
}

or:

import com.acme.api.SomeProprietaryClass;
class AnotherClass {
    private SomeProprietaryClass prop;
}

Would it be legal to put code like that under an open source license?

If the above is false, would it be legal to circumvent it like:

// add 'extends com.acme.api.SomeProprietaryClass here.
class OpenSourceClass {

}

Halfway through writing this, it dawned to me that the first answer or comment would be “Well, what does their license say?”. I’ve looked it up, here’s some relevant excerpts:

3. User rights for the (software) program are limited to the object code. Rights to and the full source code are not provided.
4. It is prohibited for the user directly or indirectly (through a third party) to copy, duplicate or alter the (software) program in any way.

3 is clear enough. 4, however, does subclassing the software’s code constitute as altering? Without replacing the existing code in a running JVM, of course.

On the section of intellectual property rights:

1. Except where third party (software) programs are concerned, all intellectual property rights, industrial property rights and other rights with regard to the (software) program and resulting
[…]
b) additions built to/ changes in the (software) program by or on behalf of the user,
reside with/belong to [Acme Inc.]

A subclass would be an addition, but would it still be if it was not included in the actual (software) program?

There’s also another clause in the license:

1. The user agrees to maintain strict confidentiality of the (software) program and all data and information concerning the (software) program.

Would exposing and fixing flaws in the (publically documented and available) API fall under said strict confidentiality?

I really want to be able to help fellow frustrated developers by making it easier to develop for [Acme Inc]’s systems, but I have trouble fully comprehending the license, and am not sure if I’m allowed to publish my extensions, tests, tools and code snippets under an open license.

Edit, extra question: As an alternative, instead of packaging it in an open source library / project, would, for example, writing a blog post with code snippets be allowed?

3 Responses to “Open source code extending / implementing proprietary software”

  1. I am not a lawyer, and I don’t play one on TV.

    First, no one can give legal advice except for an attorney. Second, most of the above is important to consider. Third, I will give you my take.

    If you want to use an open source license, often called a free license (free as in free to use and copy, not necessarily free in price), you should be able to use it for anything that is your own work. Given that, there is the proprietary consideration.

    I would not charge for anything connected to proprietary work without explicit permission from the owner. If you are making money, they could claim you are making money from their product.

    I would include a reference to any copyrights, trademarks, etc. Don’t copy it word for word; link to it if possible and include the copyright information. A statement like this software uses software with the following licenses and copyrights.

    I would call this an add-in or add-on. A statement like, “This software enhances or extends the use of performance {product name}. It does not change the actual software or use the source code.” That needs to be true.

    This is what I would do. Making it clear that there is no infringement intended, and that it is a good faith attempt to keep proprietary software separate from additional work product. Unfortunately, good faith and fair use have become meaningless. In addition to the fact that anyone can file a law suit and harass you as such in the legal process even if you win or the suit is canceled, the courts are likely to side with a company over the individual. However, most companies don’t consider one person important enough unless they think they are or might lose money in the future from an action similar to you.

    I hope that helps whoever reads this, even if the thread is two years old.

  2. Writing subclasses is not altering the original code. It would count as making a derivative work of the original code, though – that’s something the GPL covers, but apparently this license doesn’t (although you’ll certainly want to look again at the bits you haven’t posted!).

    I doubt the intellectual property rights apply here. Your library is not a change to the software, and if it’s distributed separately, it’s not an addition. If it were, then the application you’re building with the software would also be an addition, and the vendor would own it!

    I can’t imagine the confidentiality provision stops you either. Nobody reading the code could learn anything about the system that isn’t already in the publicly available API documentation, right? After all, what you call bugs must surely be correct behaviour of the software that just happens not to suit your purposes :).

    Now, putting my open source zealot hat on, i would say that although you can distribute this library, you shouldn’t. Why not? Because you’re investing your own time and energy in propping up a manufacturer of buggy proprietary software – a manufacturer who you can be assured does not give a fig about you, me, or any of our brethren programmers. How about finding the nearest open-source competitor to this software, and contributing to that instead?

    [removes hat]

  3. A few things to consider:

    • The only one that can really answer the question is Acme Inc. They would be able to explain to you the spirit of their license, not just its letter.

    • Historically, software companies (e.g. Microsoft and Cisco) have come down on people publicising bugs on their systems. Apparently bugs are part of their IP (EDIT: Or they really don’t want people to know how broken their software is…)

    • If you do release public code, you should choose your OSS license carefully. Not all of them are usable with proprietary code.

    EDIT:

    • The last clause that you posted (“…maintain strict confidentiality..”) could imply that you cannot post any information on their API. I know of quite few cases where developers had to sign NDAs and obfuscate all released code to comply with such clauses.

    EDIT 2:

    • You should also find out the past history of Acme Inc. regarding such issues, if any. Are there any similar efforts for any of their products? How did they respond?

    • It might also make sense to find out if Acme Inc. would be reasonably capable of causing legal problems if you do go against their wishes. Small companies are less likely to take on the legal expenses of a lawsuit – more so if you e.g. live in another country.

    Many would argue that such efforts actually promote their products:

    – “I heard that Acme Inc.’s Foo does Bar and goes FUBAR…”

    – “True, but the unFUBAR library works around all these issues!”

    Not all companies see it like this, though.

    EDIT 3:

    In many cases the API is not public, as the company considers it part of the product and releases it under various restrictions. They supposedly consider the API an integral part of the implementation that can reaveal its internals.

    In some cases it might be actually be so – revealing the data structures of an algorithm can be quite telling on its design.

    In most cases, though, they do that so that their license is air-tight. Should an IP infringement court case comes around, they want to be able to just say “everything belongs to us”, rather than force the judges into the more technical and nebulous task of deciding what is allowed and what not.

Leave a Reply