Ethics in IT — Week 2 · Ch. 6
Intellectual Property
Four mechanisms. Four open-source license tiers. The line between competitive intelligence and corporate espionage.
13 slides ~16 minutes ETH-07 · The Factionless
By the end of this module, you will distinguish copyright / patent / trademark / trade secret, navigate four open-source license tiers, analyze the Waymo v. Uber trade-secret case, recognize cybersquatting, and locate the line between intelligence and espionage.
Slide 2 of 13
Four IP Mechanisms
Different protections, different durations, different registration requirements. Pick the wrong one and you have nothing.
The mechanism choice is strategic. Coca-Cola's recipe is a trade secret (indefinite, but if leaked = gone). Your code is auto-copyrighted (life + 70, but registration needed to sue for damages). Pick the wrong tool and you've protected nothing.
Slide 3 of 13
IP Mechanisms in Detail
What each protects, what it doesn't, and where IT typically lives.
Copyright
Protects: original works of authorship — software, text, images, music, film.
Duration: author's life + 70 years; 95 years for work-for-hire.
Registration: automatic at creation; required before suing for damages.
Doesn't protect: ideas, methods, facts — only the specific expression.
Patent
Protects: novel, non-obvious inventions and processes.
Duration: 20 yr (utility), 15 yr (design), from filing.
Registration: USPTO application required; typically 2-4 years.
Doesn't protect: abstract ideas, mathematical formulas, laws of nature.
Trademark
Protects: brand identifiers — names, logos, slogans that distinguish goods/services.
Duration: indefinite with continuous use + renewal.
Registration: recommended; common-law rights exist without it.
Doesn't protect: generic terms; functional features.
Trade Secret
Protects: confidential business info that provides competitive advantage.
Duration: indefinite as long as secret is maintained.
Registration: none — depends on reasonable protective measures.
Doesn't protect: independently discovered or reverse-engineered info.
Slide 4 of 13
Software Licensing
Open source isn't a single thing. The license you pick determines what your downstream users can — and must — do.
Permissive (MIT, BSD, Apache)
Use, modify, distribute — with attribution. No copyleft.
Commercial use OK. Closed-source forks OK.
Philosophy: "use my work however you want, just say my name."
Copyleft (GPL, AGPL)
Use, modify, distribute — but distributions of modified code must also be GPL'd. Source must be available.
Philosophy: "use my work, but the public benefit must propagate."
The strategic choice: permissive licenses help your code spread fastest into commercial products (no friction). Copyleft licenses prevent your code from being absorbed into proprietary products without giving back. Pick based on what you want to happen downstream.
Slide 5 of 13
Four License Tiers
A spectrum from permissive to maximally copyleft. Each step adds an obligation on downstream use.
The SaaS loophole: GPL v2/v3 only triggered "share alike" when code was distributed. SaaS platforms run modified GPL code on servers but never distribute it — so they avoided the obligation. AGPL v3 closed this by extending copyleft to network use. Most commercial deployments avoid AGPL because of it.
Slide 6 of 13
Work-for-Hire Doctrine
The default rule. The contract often overrides it. Read your employment agreement.
Default rule
Software created by an employee within the scope of employment is owned by the employer.
Applies to: code written during work hours, on company equipment, for work purposes.
The override
Code written entirely on personal time, with personal equipment, for unrelated purposes may belong to you — but employment agreements frequently include broad IP assignment clauses that override this.
Read the contract before you start the side project.
The professional checklist before any side work: (1) read your employment agreement's IP-assignment scope; (2) document time/equipment/topic separation; (3) get written acknowledgment from your employer if there's any overlap. Discovering the dispute when you try to monetize is too late.
Slide 7 of 13
Case: Waymo v. Uber
14,000 files. One engineer. $245M settlement. A criminal conviction. The textbook trade-secret case.
The facts: Anthony Levandowski, a former Google/Waymo autonomous-vehicle engineer, downloaded approximately 14,000 confidential files before leaving to found Otto, which was acquired by Uber. Waymo alleged the files included trade secrets related to LiDAR sensor designs.
The outcome: Levandowski pleaded the Fifth in the civil case. In 2020, he pleaded guilty to criminal trade-secret theft. Uber settled with Waymo for approximately $245 million in equity.
14,000
Files downloaded before departure.
$245M
Uber's settlement to Waymo (in equity).
Guilty plea
Levandowski's criminal conviction (2020).
Slide 8 of 13
The 14,000-File Pattern
No accident. No edge case. Each step in the chain is its own ethical violation.
The Taking
14,000 files downloaded before departure. Scale alone defeats any "I forgot to delete them" defense.
The Transfer
Files used to found a competing company. The competitive advantage was built on IP that belonged to the former employer.
Uber's Exposure
Uber acquired Otto knowing Levandowski had left Google. What Uber knew — and when — determined liability for receiving stolen trade secrets.
Professional Obligation
The obligation was clear at the moment of download. Downloading employer IP for use at a competitor violates the professional code — whether or not the law catches up.
The lesson for the IT professional: the moment of taking is the ethical line, not the moment of getting caught. Code, designs, customer lists, internal docs — downloading them as you walk out is the violation. The lawsuit is the consequence, not the boundary.
Slide 9 of 13
Cybersquatting & Domain Ethics
Registering a domain to profit from someone else's trademark. The legal regime is mature; the ethical line is bright.
ACPA (US)
The Anti-Cybersquatting Consumer Protection Act creates a federal cause of action against bad-faith domain registration that incorporates another party's trademark. Statutory damages available.
UDRP (Global)
The WIPO Uniform Domain Name Dispute Resolution Policy provides arbitration. To prevail: (1) confusingly similar to a trademark; (2) no legitimate interest; (3) bad faith registration and use.
The ethical bar is lower than the legal bar: registering famouscompany-feedback.com to extort the company is bad faith even if you'd evade ACPA. The professional position: don't.
Slide 10 of 13
What Would You Do?
A startup. A product name. A trademark in the EU. A domain squatter. One advisor — you.
A startup you advise has developed a successful product under a name that turns out to be a registered trademark in the EU (but not in the US). A domain squatter has registered the .eu version of the name. The EU trademark holder has also contacted you. What IP issues does your client face, and what professional obligations do you have?
EU Exposure
EU trademark holder has rights in the EU. Selling into the EU under that name = infringement risk. US-only operation may be safe; expansion plans aren't.
Domain Squatter
UDRP challenge available if you can show: confusingly similar to your client's mark, squatter has no legitimate interest, bad faith. Likely viable.
Your Obligation
Recommend immediate IP counsel (you're not their lawyer); flag the EU exposure as a strategic decision, not a technical one; document the conversation.
Slide 11 of 13
IP Ethics in Practice
Four common scenarios. Two are legitimate. Two are not. The line is the method, not the information.
Reverse engineering for interoperability
Status: generally permitted.
Clean-room reverse engineering is a recognized exception under trade-secret law. DMCA has an interoperability exception. Building the ability to connect to a competitor's system is allowed.
Competitive intelligence
Status: permitted.
Gather publicly available info via lawful methods. Read the 10-K. Attend conferences. Buy the product. The same info via deception or unauthorized access becomes espionage.
Corporate espionage
Status: prohibited.
Deception, unauthorized access, or theft to obtain competitor IP. DTSA (Defend Trade Secrets Act), CFAA, possible criminal wire fraud charges.
GPL violation (use without disclosure)
Status: copyright infringement.
GPL-licensed code incorporated in a proprietary product without releasing source. Software Freedom Conservancy actively litigates these.
Slide 12 of 13
The Line: Method, Not Information
The same competitor data is intelligence or espionage depending on how it was obtained. The information doesn't move; the act does.
The information is identical in both cases. The act is not. This distinction is sometimes used by people in espionage roles to argue "but the data is public elsewhere" — that's the deflection. The legal and ethical analysis follows the act, not the artifact.
Slide 13 of 13
Module 7 Summary
Intellectual Property — key takeaways.
1Four IP mechanisms: copyright (auto, life+70), patent (USPTO, 20 yr), trademark (use + renewal, indefinite), trade secret (no registration, indefinite while secret).
2Pick the right tool. Coca-Cola = trade secret. Code = copyright (register before suing). Mechanism choice is strategic, not procedural.
3Open source is a spectrum. MIT/BSD → Apache 2 → GPL v3 → AGPL v3. Each step adds an obligation downstream.
4AGPL closes the SaaS loophole. Network use triggers copyleft. Most commercial deployments avoid AGPL specifically because of this.
5Work-for-hire assigns employee work to the employer by default. IP-assignment clauses in employment agreements can extend this. Read the contract.
6Waymo v. Uber: 14,000 files downloaded before departure = trade-secret theft. Criminal conviction. $245M civil settlement. The taking is the line.
7Cybersquatting: ACPA (US) and UDRP (global). Three elements: confusingly similar mark, no legitimate interest, bad faith.
8Method, not information. Same datapoint via SEC filing = intelligence. Same datapoint via unauthorized access = espionage. The act, not the artifact, determines the ethics.
Next up: Module 8 — Week 2 Checkpoint. Three domains (privacy, expression, IP) reviewed and connected. The patterns of how law and ethics diverge in modern IT.