Intellectual Property | Ethics in IT

Slide 1 of 33 | ETH-W2-06 | Week 2

Intellectual Property
in the Digital Age

Copyright • Patents • Trade Secrets • Open Source • Reverse Engineering • Competitive Intelligence

Warehouse memo: Anthony Levandowski was Google's star self-driving car engineer. He left to found Otto, then joined Uber. He allegedly took 14,000 files of Google's proprietary LIDAR design data with him. Google sued Uber for trade secret misappropriation. Uber settled for approximately $245 million in equity. Levandowski was criminally charged with 33 counts of trade secret theft. He was sentenced to 18 months in federal prison in 2020. Later pardoned. The question this case asks: when an engineer takes their expertise to a competitor, where does the line between what they know and what they stole actually fall?

33 Slides ETH-W2-06 Week 2 Ethics in IT

Slide 2 of 33

Why IP Matters to IT Professionals

Intellectual property is the primary output of most IT work. Understanding what you own, what your employer owns, and what neither of you owns is a professional survival skill.

What You Create May Not Be Yours

Code written on company time using company resources belongs to the employer under work-for-hire doctrine. This is not ambiguous. Side projects that use company infrastructure or build on company knowledge may also be subject to employer claims. Employment agreements often extend this further. Read the IP assignment clause before you sign -- and before you build anything.

What You Use May Not Be Free

Open-source code is not "free to use without conditions" -- it is licensed under terms that impose conditions. GPL requires you to open-source derivative works. MIT requires attribution. CC-BY requires attribution. Using open-source code without understanding the license is both a legal and professional ethics violation. "I did not know" is not a defense for a professional.

What You Know May Be Owned

Trade secrets are not just documents and databases. They include methodologies, customer acquisition strategies, pricing formulas, and the accumulated knowledge of how a system was built and why. When you leave a company, the knowledge in your head does not have a bright-line ownership rule. The ethical obligation to protect former employer knowledge survives employment.

Slide 3 of 33

Copyright Fundamentals

Copyright protects original expression. It attaches automatically at creation. Understanding what it covers is a professional baseline.

What Copyright Protects

Original works of authorship fixed in a tangible medium. Literary works (including software code). Artistic works. Musical works. Dramatic works. Architectural works. Not ideas, facts, or concepts -- only the specific expression of those ideas. Copyright in software protects the specific code, not the algorithm it implements. The algorithm is not protectable by copyright.

Duration

Works created after January 1, 1978: author's life plus 70 years. Works for hire and anonymous works: 95 years from publication or 120 years from creation, whichever is shorter. The practical implication: nearly all software that matters commercially is under active copyright. Code written in the 1970s by living authors or by companies is still protected.

Registration

Copyright exists without registration. But registration provides significant benefits: the ability to sue for statutory damages (up to $150,000 per willful infringement) rather than actual damages, attorney's fees, and a public record of ownership. For commercially significant software, registration is standard practice.

Copyright in Software

Source code, object code, and user interface elements can all be protected by copyright. Oracle v. Google (2021): the Supreme Court held that Google's use of Java API declarations in Android was fair use, avoiding the question of whether APIs are copyrightable. The copyrightability of software APIs remains contested in some jurisdictions outside the US.

Slide 4 of 33

Fair Use: The Critical Exception

Fair use allows the use of copyrighted material without permission in specific circumstances. It is a defense, not a right -- it must be argued case by case.

The Four Factors

Purpose and character of use (commercial vs. educational; transformative vs. reproductive). Nature of the copyrighted work (factual vs. creative). Amount and substantiality of the portion used (how much, and whether the "heart" of the work was taken). Effect on the market for the original work. Courts weigh all four -- no single factor is determinative.

Transformation Is Key

Transformative uses -- commentary, criticism, parody, education, research -- receive stronger fair use protection. A parody that copies enough of the original to make the parody recognizable may be fair use (Campbell v. Acuff-Rose). A security researcher who copies code to analyze it for vulnerabilities may be engaging in transformative use. These cases are fact-specific.

Fair Use Is a Defense, Not a Right

You cannot know in advance with certainty whether a specific use is fair use -- a court must decide. The practical implication: "I think this is fair use" is a reason to proceed with informed judgment, not a guarantee of protection. When the stakes are high (commercial use, substantial copying), get legal advice before assuming fair use applies.

AI Training and Fair Use

The central legal and ethical dispute in generative AI: is training an AI model on copyrighted works without license or payment fair use? Courts are actively deciding this. The arguments cut both ways: training is transformative (the model does not reproduce the works); training is commercial; the market for licensing training data is emerging. No settled answer exists yet.

Slide 5 of 33

Patent Protection

Patents grant a temporary monopoly on an invention in exchange for public disclosure. In software, the ethical legitimacy of software patents is actively debated.

What Patents Protect

Utility patents: new, useful, and non-obvious processes, machines, articles of manufacture, and compositions of matter. In software, patents can cover specific algorithms, methods of doing business (with some restrictions post-Alice Corp.), user interface innovations, and technical processes. A software patent covers the method, not the specific code implementing it.

Duration and Process

20 years from filing. Application requires: novelty (not previously disclosed), non-obviousness (not obvious to a person skilled in the art), and utility (has a useful purpose). The patent application must fully disclose the invention. The examination process takes years and costs tens of thousands of dollars. Small inventors are systematically disadvantaged relative to large patent holders.

Software Patent Controversy

Alice Corp. v. CLS Bank (2014): abstract ideas implemented on a computer are not patentable without an inventive concept beyond the abstraction. This decision invalidated many software patents but left ambiguity about which software innovations can be patented. The line between a patentable technical innovation and an unpatentable abstract idea implemented in software remains contested in patent practice.

Patent Trolls

Non-practicing entities that hold patents without implementing them and extract licensing fees through litigation threats. The asymmetric cost of patent litigation -- where defending a meritless claim costs more than settling -- enables abuse. The EFF estimates that patent trolls cost US companies more than $29 billion per year in direct costs. The ethics of the patent troll business model are broadly condemned within the technology community.

Slide 6 of 33

Trade Secrets: What They Protect

Trade secrets protect valuable business information that is kept confidential. They have no expiration date -- as long as the secret is maintained, protection continues.

What Qualifies as a Trade Secret

Any information that derives economic value from not being generally known or readily ascertainable, and for which reasonable steps have been taken to maintain secrecy. Software source code. Customer lists and pricing. Business strategies and financial projections. Machine learning model architectures and training data. Manufacturing processes. The content and relationships are unlimited -- the requirements are value and reasonable secrecy measures.

The Defend Trade Secrets Act

The DTSA (2016) created a federal civil cause of action for trade secret misappropriation. Misappropriation includes: acquisition by improper means (theft, bribery, espionage), disclosure or use of a trade secret known to have been acquired improperly, and disclosure or use of a trade secret in breach of a duty to maintain secrecy. Criminal penalties apply to willful misappropriation.

What Does Not Qualify

Information that is generally known in the industry. Information that could easily be reverse-engineered from a publicly available product. Information for which the company has not taken reasonable secrecy measures. A company that publishes its pricing on its website cannot later claim those prices are a trade secret. The secrecy must be genuine and maintained through concrete measures.

The Employee Obligation

When you sign an employment agreement with a confidentiality clause, you are taking on a specific legal obligation. But the ethical obligation to protect information you received in confidence exists independent of the contract. Information shared with you in the context of employment -- customer relationships, system architectures, financial projections -- was shared in trust. Betraying that trust is an ethical violation whether or not it triggers a lawsuit.

Slide 7 of 33 | Case Study

Case Study: Waymo v. Uber

The most consequential trade secret case in Silicon Valley history. What Anthony Levandowski did -- and why it matters for every IT professional who changes jobs.

Anthony Levandowski led Google's self-driving car project for years. Before leaving Google in January 2016, he downloaded approximately 14,000 confidential files from Google's servers to a personal laptop. He founded Otto, a self-driving truck startup, within weeks. Uber acquired Otto for $680 million six months later, without full investigation into the provenance of its technology. Google (through Waymo) sued Uber for trade secret misappropriation. The case settled during trial for approximately $245 million in Uber equity.

What Levandowski Took

The files included Google's proprietary LIDAR circuit board designs, which represented hundreds of millions of dollars of research and development. The files were downloaded systematically, not incidentally. Levandowski wiped the laptop afterward. The forensic evidence -- Google server logs showing the download, corroborated by federal forensic analysis -- was central to both the civil and criminal cases.

Uber's Role

Uber acquired Otto while conducting limited due diligence on the intellectual property origins of Otto's technology. Internal documents showed Uber leadership knew Levandowski had taken files from Google and chose to proceed. "Strapping rockets to our program" is how one Uber executive described the acquisition. Willful blindness to the source of an employee's trade secret carries legal and ethical liability.

Slide 8 of 33 | Case Study

Waymo v. Uber: Ethical Analysis

Three separate ethical failures -- by Levandowski, by Uber, and by the due diligence process.

Levandowski's Violations

Breach of fiduciary duty (executive-level employees have heightened duties). Violation of employment agreement's IP assignment clause. Trade secret misappropriation. Criminal theft of trade secrets (convicted on 33 counts, sentenced to 18 months). The "I built most of it" defense does not survive legal or ethical scrutiny: the files were owned by Google, regardless of who wrote the code.

Uber's Ethical Failure

Uber knowingly benefited from misappropriated trade secrets. The acquisition team had red flags and chose to proceed. The ethical standard for acquiring a company -- or hiring an employee -- includes reasonable investigation of whether the intellectual property they bring was honestly acquired. "We did not know" is not credible when the investigation was deliberately curtailed.

The Industry Norm Problem

Levandowski's behavior was extreme but not completely foreign to Silicon Valley talent acquisition culture, where engineers routinely join competitors carrying detailed knowledge of former employers' systems. The ethical and legal line between "what I know" and "what I took" is contested. Waymo v. Uber established that systematic downloading is clearly on the wrong side -- but the gray zone around tacit knowledge remains.

What Would You Do?

You are a senior engineer at a startup. Your new hire was previously at a major competitor. In their first week, you notice that the technical architecture they are proposing looks almost identical to descriptions you have seen in the competitor's patent filings. No files have been shared. No code has been written. What is your obligation?

Slide 9 of 33

Non-Competes and NDAs

Contractual mechanisms that attempt to protect employer IP interests beyond the employment relationship. Enforcement is highly variable.

Non-Compete Agreements

Prohibit employees from working for competitors for a defined period and geographic area after leaving. Enforceability varies dramatically by state: California bars virtually all employee non-competes; Florida strongly enforces them. The FTC issued a rule in 2024 banning most non-competes nationally -- that rule was blocked by courts. The legal landscape is actively changing.

NDAs

Non-disclosure agreements require the signatory not to disclose confidential information received under the agreement. NDAs are broadly enforceable in most jurisdictions. They can survive employment by years or indefinitely. The ethical obligation underlying an NDA exists independent of the contract: information shared in confidence deserves to be kept confidential.

The Knowledge Problem

Even where non-competes are unenforceable, trade secret law remains fully operative. A software engineer in California cannot be prevented from joining a competitor by a non-compete. But they can be sued for trade secret misappropriation if they use specific confidential technical knowledge from their former employer. California's rule creates the clearest version of the "what you know vs. what you took" problem.

NDA Abuse

NDAs have been used to silence sexual harassment victims, prevent employees from reporting fraud, and suppress whistleblowing. The #MeToo movement exposed widespread NDA use to silence harassment victims. California, New York, and other states have passed laws limiting the use of NDAs to suppress reports of illegal conduct. Using NDAs for purposes that impede the reporting of crimes is an ethical violation regardless of enforceability.

Slide 10 of 33

Plagiarism in IT Work

Academic plagiarism rules apply to professional work. The professional consequences of plagiarism in IT are different from but as serious as academic ones.

Code Plagiarism

Presenting code you did not write as your own work. Copying production code from a tutorial without attribution or understanding. Submitting code generated by AI tools as original work in contexts where that is prohibited. Taking a former colleague's code and using it in a new project without disclosure. Each is a form of professional misrepresentation that affects those who trust the representation.

Why It Matters Beyond Attribution

Code you plagiarized is code you do not understand. Code you do not understand is code you cannot maintain, secure, debug, or take professional responsibility for. The ethical problem with code plagiarism is not only misrepresentation -- it is the deployment of systems you cannot stand behind. A security flaw in plagiarized code is your responsibility even if you did not write it.

The AI Code Generation Question

When an AI coding assistant generates a function you paste into your codebase: who is the author? Is disclosure required? What happens when the AI generates code that closely resembles existing copyrighted code in its training data? The professional obligation: understand the code you deploy, verify its license compatibility, and represent honestly to your employer and colleagues how it was produced.

Academic Context

Submitting AI-generated or copied code as your own work in an academic assignment is academic fraud. It harms the student (who does not develop competence), harms classmates competing on honest terms, and harms any future employer or user who relies on the fraudulent credential. The short-term advantage is real; the long-term professional damage is also real.

Slide 11 of 33

Open Source Ethics

Open source is built on voluntary contribution and collective trust. The ethics of participating -- using, contributing to, and commercializing open source -- are specific and enforceable.

Open Source Licenses Spectrum

Permissive (MIT, BSD, Apache): use, modify, distribute with minimal requirements (usually attribution). Weak copyleft (LGPL, MPL): derivative works of the licensed component must share modifications; can be incorporated in proprietary software under conditions. Strong copyleft (GPL, AGPL): any software that incorporates GPL code must be distributed under GPL. The stronger the copyleft, the more freedom is required of downstream users.

GPL Compliance Ethics

Using GPL code in a closed-source commercial product without compliance is both a legal violation and an ethical breach of the open source community's trust. The GPL was designed precisely to prevent this use. The developer who knowingly incorporates GPL code in a closed product without compliance has taken value from a community that offered it conditionally and violated the condition.

AGPL and SaaS

The Affero GPL extends GPL obligations to software used as a network service. If you provide a SaaS application built on AGPL code, you must make your source code available even though you are not distributing the software. Many companies specifically prohibit use of AGPL software to avoid this obligation -- a compliance decision that should be made explicitly, not discovered post-deployment.

The Contribution Obligation

Many organizations benefit enormously from open-source software -- using it in products, saving millions in development costs -- while contributing nothing back. This is not necessarily illegal. Most permissive licenses do not require contribution. But the ethical question of whether organizations that extract substantial value from open source have a community obligation to contribute resources back is real and increasingly discussed.

Slide 12 of 33

Reverse Engineering: When Is It Ethical?

Examining how a product works to understand, replicate, or improve on it. Legally complex. Ethically contextual.

Legal Status

The Sega v. Accolade (9th Cir. 1992) and Sony v. Connectix (9th Cir. 2000) cases established that reverse engineering of software to achieve interoperability is generally fair use in copyright law. The DMCA anti-circumvention provision (1201) may restrict reverse engineering of software that uses technological protection measures -- subject to specific exceptions for interoperability, security research, and other purposes.

Ethical Purposes of Reverse Engineering

Security research: finding vulnerabilities in software that the vendor will not or cannot patch. Interoperability: creating products that work with proprietary formats or protocols. Competitive analysis: understanding how a competitor's product works to develop independently. Legacy system maintenance: understanding code for which source is unavailable. Academic research. Each has a strong legitimate justification.

Unethical Reverse Engineering

Using reverse engineering to copy the specific expression of a product (not the ideas, but the expression) -- which would infringe copyright. Reverse engineering to identify and exploit vulnerabilities in systems you are not authorized to test. Reverse engineering to misappropriate trade secrets rather than to achieve interoperability. The purpose matters as much as the act.

EULA Restrictions

Software EULAs routinely prohibit reverse engineering. The legal enforceability of these terms against reverse engineering that would otherwise be permitted by copyright fair use doctrine is unsettled. Some courts have upheld such clauses; others have found them preempted by copyright law. Contractual restrictions on reverse engineering in EULAs should be reviewed by legal counsel before proceeding.

Slide 13 of 33

Competitive Intelligence vs. Espionage

Understanding your competitors' products, strategies, and capabilities through legitimate means is competitive intelligence. Obtaining that information through deception, theft, or unauthorized access is industrial espionage.

Legitimate Competitive Intelligence

Analysis of public filings (10-Ks, patent applications, trademarks). Analysis of competitor products through legitimate purchase and use. Review of publicly available job postings to infer technology stack and hiring direction. Conferences, publications, and public statements. Web presence analysis. Customer reviews. All of this is ethical and standard competitive practice.

Industrial Espionage

Theft of trade secrets by any means: hacking, bribery, insider recruitment, physical theft. Misrepresenting yourself to obtain confidential information (posing as a customer, vendor, or journalist). Recruiting employees with the primary purpose of obtaining their former employer's confidential information. Using an employee you know has misappropriated trade secrets.

The Gray Zone

Aggressive but legal: hiring a competitor's employee for their general skills and knowledge, then asking them detailed questions about their former employer's unpublished roadmap. Hiring a consultant who works simultaneously for your competitor. Purchasing a competitor's discarded hardware to recover data. Each involves leveraging a position of access in a way that is technically legal but ethically questionable.

The Economic Espionage Act

Federal criminal law prohibits trade secret misappropriation that benefits a foreign government (up to 15 years, $5M fine) or private actors (up to 10 years, $5M fine). The Defend Trade Secrets Act provides a federal civil remedy. Over two dozen cases per year are prosecuted under the EEA, many involving foreign state-sponsored actors targeting US technology companies.

Slide 14 of 33

Trademarks and Cybersquatting

Trademark law protects brand identifiers. The internet created cybersquatting -- registering domain names to exploit or profit from others' trademark rights.

What Trademarks Protect

Source identifiers: names, logos, slogans, colors, sounds, and other marks that identify the source of goods or services and distinguish them from competitors. Trademark rights in the US are acquired through use, not registration, but registration provides significant benefits including nationwide constructive notice and the ability to block infringing imports.

Cybersquatting

Registering a domain name that is identical or confusingly similar to a trademark with bad faith intent to profit from the trademark owner's goodwill. The Anticybersquatting Consumer Protection Act (ACPA) provides a federal cause of action. ICANN's UDRP provides an administrative arbitration process for domain disputes. Cybersquatters face civil liability and potential domain transfer orders.

Typosquatting and Phishing

Registering domains that are typos of legitimate sites to capture misdirected traffic -- for advertising revenue or to conduct phishing attacks. Domains like "paypa1.com" or "amazon-security-team.com" are used in social engineering attacks and brand impersonation. These practices are both illegal under the ACPA and CFAA and clear ethical violations.

Social Media Squatting

Registering social media usernames of brands, celebrities, or organizations with intent to hold them for ransom, impersonate, or disrupt. Most platforms' terms of service prohibit this and provide identity verification and name squatting enforcement mechanisms. The professional's obligation: do not participate in these practices, and report them when you encounter them.

Slide 15 of 33

Software Licensing in Practice

The practical professional obligations when building software that incorporates licensed components.

License Inventory

Before shipping any software product, audit every dependency for its license. Software Composition Analysis (SCA) tools automate this. The professional obligation: know what you are shipping and on what terms. An organization that ships a GPL-licensed component in a commercial product without compliance has violated both the license and the professional standard for informed IP management.

License Compatibility

Not all open source licenses are compatible with each other or with commercial licenses. Combining GPL and MIT code in the same project requires the GPL terms to govern the entire project if the GPL component is incorporated (not merely linked). Combining Apache 2.0 with GPL-3.0 is permitted in one direction. These interactions require deliberate management, not guesswork.

Attribution Requirements

MIT, BSD, and Apache licenses typically require preservation of copyright notices and attribution in documentation distributed with the software. This is not optional -- it is a condition of the license. Software shipped without required attribution notices violates the license under which the components were obtained.

The SBOM

Software Bill of Materials: a formal record of all components in a software product, including their versions, licenses, and known vulnerabilities. The Biden administration's May 2021 cybersecurity executive order and subsequent CISA guidance made SBOMs a federal software procurement requirement. The professional obligation to know what is in your software is now a government contracting standard.

Slide 16 of 33

AI and Intellectual Property

Generative AI creates IP questions that existing legal frameworks were not designed to answer. The ethical questions are clearer than the legal ones.

Who Owns AI-Generated Work?

The Copyright Office has ruled that purely AI-generated works are not copyrightable -- copyright requires human authorship. Works created with AI assistance where a human author made sufficiently creative choices may be copyrightable. The line between "assisted" and "purely generated" is actively contested in pending copyright office guidance and litigation. The practical implication: the IP status of AI-generated code, text, and images is currently uncertain.

Training Data Copyright

Generative models are trained on copyrighted works, typically without license or payment. Authors, artists, and musicians have filed class action suits claiming training on their work without consent is infringement. Getty Images sued Stability AI for training on its photo library. The New York Times sued OpenAI and Microsoft. These cases will determine whether the AI industry's training practices require a licensing infrastructure.

The Ethics of Training Without Permission

Regardless of how the legal cases resolve, the ethical question is distinct: is it right to use millions of human creators' work -- which they produced at personal cost -- to train commercial products that compete with those creators for customers? The argument that "it is like a human reading books" ignores the commercial purpose and the scale of economic impact on creators.

The Professional's Obligation

If you are training AI models on data you do not own: have you assessed whether your use is likely to be licensed or a fair use defense? Have you disclosed what data you used? Have you considered what compensation, if any, creators whose work enabled the commercial product might receive? These questions do not have settled legal answers. They have clear ethical ones.

Slide 17 of 33

The Open Source Movement

Open source is both a licensing framework and an ethical philosophy about how knowledge should be shared and controlled.

The Free Software Philosophy

Richard Stallman's Free Software Foundation holds that software freedom is a political and ethical value. Users must have the freedom to run, study, modify, and redistribute software. Proprietary software is ethically objectionable because it restricts these freedoms. The GPL was designed to enforce these freedoms as legal conditions on anyone who distributed software built on free software foundations.

The Open Source Pragmatism

The Open Source Initiative took a more pragmatic position: open source development produces better, more secure software through distributed collaboration and transparent development. Open source is not primarily an ethical stance -- it is a development methodology. Permissive licenses (MIT, Apache) reflect this pragmatism by placing minimal restrictions on commercial use.

Corporate Open Source

Large companies -- Google, Microsoft, Meta, Amazon -- have become major contributors to open source while also building large proprietary businesses on open source foundations. The ethical dynamics of this relationship -- companies extracting enormous commercial value from community-built infrastructure while selectively controlling the commercial layers -- are actively debated in the open source community.

Open Core Controversy

Companies that release a free community edition under open source licenses and sell a proprietary enterprise edition. HashiCorp, Elasticsearch, and MongoDB shifted licenses from open source to Business Source License (BSL) after cloud providers monetized their software at scale. The ethical question: is it legitimate to relicense open source software after the community has built its value? The community frequently says no.

Slide 18 of 33

Copyright System Abuse

Copyright law was designed to incentivize creation. Systematic exploitation of the copyright system for purposes unrelated to incentivizing creation is a professional ethics issue.

Copyright Trolls

Entities that acquire copyrights not to create value but to extract licensing fees through litigation threats -- typically sending mass settlement demand letters to individuals and businesses for low-level infringement, knowing that settlement is cheaper than defense. This practice exploits the cost asymmetry of copyright litigation. It does not incentivize creation -- it monetizes the fear of litigation.

DMCA Abuse

Filing false DMCA takedown notices to remove competitors' legitimate content, silence critics, or censor coverage of public affairs. Competitor DMCA abuse uses copyright law as a censorship weapon against content that creates no copyright harm. The DMCA requires certification that the filer has a good faith belief in infringement -- false notices can expose filers to liability under 512(f), though this remedy is rarely awarded.

The Professional's Position

IT professionals involved in IP enforcement decisions have an ethical obligation to ensure that enforcement is proportionate, accurate, and aimed at genuine infringement rather than strategic suppression of competition or criticism. Participating in campaigns of bad-faith DMCA notices or copyright trolling is an ethical violation regardless of whether it is profitable and regardless of who orders it.

Slide 19 of 33

Government, IP, and Public Interest

Intellectual property rights are government-granted monopolies. The public interest in access to knowledge is in tension with the private interest in exclusive exploitation.

The Bayh-Dole Act

Allows universities and small businesses to patent inventions developed with federal research funding. Intended to incentivize commercialization of publicly funded research. The law allows the government to "march in" and license patents if the patent holder is not making the invention available on reasonable terms. The government has never used march-in rights -- a controversial non-use that affects drug pricing.

Patent and Drug Pricing

Pharmaceutical companies hold patents on drugs developed partly through public funding. Those patents enable prices that prevent access in the US and globally. The ethical tension: patents incentivize the R&D investment that produces new drugs; patents also restrict access to the treatments those drugs provide. The IP system creates this tension by design.

Public Domain and Creative Commons

Works in the public domain can be freely used, modified, and built upon without permission or payment. Creative Commons licenses allow creators to voluntarily share work on specified terms, creating a licensing infrastructure between "all rights reserved" copyright and the public domain. CC licenses are widely used in educational, research, and creative communities.

Slide 20 of 33

IP Obligations and Whistleblowing

When professional ethics obligations to disclose wrongdoing conflict with IP confidentiality obligations, which governs?

The Conflict

An employee discovers their employer is committing fraud. The evidence is in documents covered by trade secret protection and confidentiality agreements. Disclosing to regulators means disclosing confidential information. Staying silent means allowing the fraud to continue. The IP confidentiality obligation and the whistleblowing obligation are in direct conflict.

The Legal Resolution

The Defend Trade Secrets Act contains a whistleblower immunity provision: an individual cannot be held criminally or civilly liable for disclosing trade secrets to a government official or attorney in confidence for the purpose of reporting or investigating a suspected violation of law. Confidentiality obligations yield to legitimate whistleblowing -- but only to appropriate channels, not to the general public.

Frances Haugen Redux

Haugen disclosed internal Facebook documents to Congress and the press. The documents were confidential company information. Her disclosures were protected by the SEC whistleblower program for disclosures related to investor-material information and potentially other provisions. The ethical question is independent of the legal one: her IP confidentiality obligation to Facebook yielded to her ethical obligation to disclose information she believed was causing public harm.

Slide 21 of 33

Applied IP Scenarios

Apply the legal and ethical frameworks. Identify which IP right is implicated and what the professional obligation requires.

1 A startup discovers that a major competitor filed patents on a technology that the startup publicly disclosed at a conference six months before the competitor's patent application. What IP protection, if any, does the startup have? What should they do next?

2 An engineer leaves Company A and joins Company B, a direct competitor. On her last day at Company A, she downloads the source code for a proprietary algorithm she personally wrote. She wants to use her own work. Analyze: copyright (who owns it?), trade secrets (DTSA analysis), and the ethical dimension beyond the legal one.

3 A developer incorporates a GPL-licensed library into a commercial SaaS product. The company's CTO says GPL compliance would require open-sourcing code representing $5M in development investment. What are the legal obligations? What is the ethical analysis of the company's options?

4 A security researcher discovers a critical vulnerability in medical device firmware by reverse engineering the device's software, which the manufacturer's EULA prohibits. She has found a flaw that could allow remote manipulation of the device. Analyze the legal exposure under DMCA and CFAA, and then state the ethical obligation independently of the legal analysis.

Slide 22 of 33

Knowledge, the Commons, and Access

Intellectual property regimes create private monopolies on knowledge. The ethical case for strong IP protection and the ethical case against both deserve serious engagement.

The Case for Strong IP Protection

Without patent protection, pharmaceutical companies cannot recoup the $1-2 billion average cost of drug development. Without copyright, authors cannot earn from their work, reducing the incentive to create. Without trade secret protection, innovation advantages cannot be maintained long enough to fund the next innovation. IP rights create the economic incentives that fund investment in new knowledge.

The Case Against Excessive IP Protection

IP terms have been extended repeatedly beyond what incentivization requires. Most of the knowledge on which new innovations build is uncompensated prior work in the public domain or freely shared scientific literature. IP protection increasingly serves incumbent companies protecting existing revenue rather than incentivizing new creation. The deadweight loss of monopoly pricing on knowledge products is large and borne by people who cannot access life-saving drugs or educational materials.

Aaron Swartz

Aaron Swartz, a programmer and activist, was prosecuted under the Computer Fraud and Abuse Act for bulk downloading academic articles from JSTOR using MIT's network, intending to make them freely available. He faced 35 years in prison. He died by suicide in 2013. The prosecution was widely criticized as disproportionate. The underlying question -- should academic research funded by public grants be locked behind paywalls -- remains unresolved.

Slide 23 of 33

IP in International Context

Intellectual property rights are national in scope but the internet is global. The mismatch creates both compliance challenges and ethical questions.

TRIPS Agreement

WTO Trade-Related Aspects of Intellectual Property Rights agreement sets minimum standards for IP protection that all WTO members must implement. Minimum copyright term of 50 years. Patent protection in all technology fields. Trade secret protection. TRIPS has significantly expanded IP protection globally, including in developing countries that argued strong IP protection imposes costs without proportionate benefit.

China and IP Theft

US government and industry reports estimate that IP theft by China-based actors costs US companies hundreds of billions of dollars annually. State-sponsored theft of trade secrets -- including through cyber operations by PLA units -- is a documented national security and commercial threat. The DTSA's provision for misappropriation benefiting foreign governments was enacted specifically to address this threat.

Geographic Variations

Software patents are not granted in many European and Asian jurisdictions the way they are in the US. A patent that protects a software innovation in the US may not protect it in the EU, where abstract mathematical methods and software are not patentable per se. A company's global IP strategy must account for jurisdiction-specific variations in what is protectable and how.

Slide 24 of 33

Ethics of IP Enforcement

Enforcing intellectual property rights is not inherently ethical. The proportionality, purpose, and target of enforcement all matter.

Proportionate Enforcement

IP enforcement should be proportionate to the harm suffered and the infringement committed. A company that sues an individual student for sharing academic papers to achieve a deterrence effect -- at the cost of $750,000 per shared file, as in some RIAA cases -- is using IP enforcement as an instrument of disproportionate harm. Legal, but not beyond ethical critique.

Strategic Enforcement

Using IP claims to suppress competition, silence critics, or remove inconvenient information rather than to protect genuine IP interests is an abuse of the IP system. Software companies that send DMCA notices to remove negative reviews featuring screenshots of their product are using copyright as a censorship tool. This undermines both IP law and free expression.

The Professional's Role

IT professionals involved in IP enforcement -- building DMCA notice systems, reviewing takedown requests, developing licensing compliance systems -- have an ethical obligation to ensure those systems operate to protect genuine IP interests, not to suppress competition or silence speech. "The tool can be abused" is not a sufficient response when you are building the tool.

Slide 25 of 33 | Exercises

Practice Exercises

Written responses required for exercises 2 and 3.

1 You are conducting due diligence on a startup acquisition. The startup's core product is an AI model that appears to have been trained on datasets the founding team previously had access to through a former employer. What IP questions do you ask, what documents do you request, and what are the red flags that should stop the deal?

2 Write a one-page analysis of the Waymo v. Uber case applying the Defend Trade Secrets Act. Address: what qualified as a trade secret, how misappropriation was established, what Uber's liability theory was, and what the professional ethics obligations of the engineers involved were -- independent of their legal obligations.

3 You are leading a software project at a startup. Your team discovers that a critical component of your product uses GPL-licensed code without compliance. Disclosure would require open-sourcing proprietary technology representing years of development. Write a one-page recommendation to the executive team covering: legal obligation, business options, ethical analysis, and your recommendation.

4 Assess the ethical case for and against generative AI companies training on copyrighted works without license or payment. Use at least two ethical frameworks. Address the "just like a human learning" counter-argument directly.

Slide 26 of 33

Key References

Primary sources for the cases and statutes covered in this module.

Case Law

Waymo LLC v. Uber Technologies, Inc. (N.D. Cal. 2018) -- settlement documents and related filings. Oracle America, Inc. v. Google LLC, 593 US 1 (2021). Alice Corp. v. CLS Bank International, 573 US 208 (2014). Campbell v. Acuff-Rose Music, Inc., 510 US 569 (1994). Sega Enterprises v. Accolade, 977 F.2d 1510 (9th Cir. 1992).

Statutes

Defend Trade Secrets Act (18 USC 1836). Economic Espionage Act (18 USC 1831-1839). Anticybersquatting Consumer Protection Act (15 USC 1125(d)). Copyright Act, 17 USC 101 et seq. (including fair use, 17 USC 107). Patent Act, 35 USC 1 et seq. All at law.cornell.edu.

AI and Copyright

US Copyright Office: "Copyright and Artificial Intelligence" report (2024) -- ongoing proceedings. Andersen v. Stability AI (N.D. Cal. filed 2023). Authors Guild v. OpenAI (S.D.N.Y. filed 2023). New York Times Co. v. Microsoft Corp. (S.D.N.Y. filed 2023). EFF "AI and Copyright" resource page -- eff.org.

Open Source Resources

Open Source Initiative -- opensource.org. Software Freedom Law Center -- softwarefreedom.org. SPDX License List (standard identifiers for open source licenses) -- spdx.org/licenses. Open Source Security Foundation (SBOM resources) -- openssf.org.

Slide 27 of 33

IP in the Knowledge Economy

In the modern economy, intellectual property is often more valuable than physical assets. Understanding its strategic role prepares you to work within organizations that treat it as core to competitive position.

IP as Strategic Asset

Technology companies value their IP portfolios -- patents, trade secrets, software, brand equity -- often far above their physical assets. Apple's brand is worth hundreds of billions. Google's search algorithm is the company's most valuable trade secret. Microsoft's patent portfolio is used both offensively and defensively. Understanding the strategic value of IP is part of understanding how technology companies compete.

Patent Portfolio Strategy

Large technology companies hold patent portfolios not only to protect their own innovations but to create deterrence (cross-licensing arrangements prevent mutual suits), generate licensing revenue, and provide freedom to operate (owning patents in a space creates defenses against claims by others). The IT professional who understands this strategic context can better assess the IP implications of their design decisions.

The Ethics of Patent Portfolio Strategy

Companies that patent aggressively primarily to deter competition, sue startups, or maintain market position -- rather than to incentivize innovation -- are using the patent system in ways that conflict with its stated public purpose. The engineer who invents something their company patents, and later sees those patents used to suppress a competitor's products that do not actually infringe, has participated in a system whose ethical legitimacy depends on whether the public interest it was designed to serve is actually served.

Slide 28 of 33

Core IP Ethics Principles

The professional ethical standards that should govern IP decisions in IT work, independent of jurisdiction-specific legal requirements.

1 Know what you own. Understand your employment agreement's IP assignment clauses before you create anything. The default for work created during employment is employer ownership. Know the exceptions and the limits.

2 Know what you use. Every dependency, library, and component you incorporate has a license. The professional obligation is to understand that license and comply with it. "I did not check" is not an ethical defense for a professional.

3 Respect what you were trusted with. Confidential information received in the context of employment -- whether or not it meets the legal definition of a trade secret -- was shared in trust. Honoring that trust is an ethical obligation independent of the NDA.

4 Give credit. Attribution is both a legal requirement under many licenses and an ethical obligation of professional honesty. Presenting others' work as your own -- whether code, research, or design -- is a form of misrepresentation that harms the people whose work you are taking.

5 Enforce proportionately. IP enforcement should address genuine infringement, not suppress competition or speech. If you are involved in IP enforcement decisions, apply that test consistently before acting.

Slide 29 of 33

Additional Cases for Discussion

Research one of these cases for further study.

Levandowski Criminal Case

US v. Levandowski (N.D. Cal. 2020). 33 counts of trade secret theft. Convicted on all 33 counts. 18-month sentence. Presidential pardon in 2021. The criminal case is the most detailed public record of what systematic trade secret misappropriation looks like, how it was detected, and how federal prosecutors prosecute it. The pardon raised its own questions about the rule of law and political influence.

Oracle v. Google API Case

Google used Java API declarations in Android without license. Oracle (which acquired Sun Microsystems and Java) sued. The case went to the Supreme Court twice. The final ruling: Google's use was fair use. But it did not settle whether APIs are copyrightable. The case consumed 11 years and $100M+ in legal fees. The interoperability of software systems -- and the copyright status of the interfaces that enable it -- was at stake.

Elastic N.V. License Change

Elastic changed Elasticsearch from Apache 2.0 to a proprietary Server Side Public License after AWS began offering Elasticsearch as a managed service without contributing back. The community forked the project as OpenSearch under the original license. The case illustrates the tension between open source community expectations and commercial sustainability, and the ethics of post-hoc license changes to recapture commercial value from community-built software.

Slide 30 of 33

Discussion Questions

Bring a considered position to class discussion.

1 Should software be patentable? Make the strongest argument you can for the position you do not initially hold. What does the experience of the US software industry since 1994 tell us about the costs and benefits of software patent protection?

2 Anthony Levandowski was pardoned by the President after serving no prison time. Does a presidential pardon change the ethical assessment of what he did? Should it affect his professional reputation in the technology industry?

3 Open source software -- built by volunteer contributors, funded by community donations, maintained by individuals at personal cost -- forms the critical infrastructure of the internet. Large technology companies extract billions in value from that infrastructure while contributing relatively little back. Is this an ethical problem? If so, whose responsibility is it to address?

4 Non-compete agreements prevent employees from using skills they developed at one employer at a new employer. California bars them; other states strongly enforce them. Which approach better serves the public interest -- and should the federal government settle the question nationally?

Slide 31 of 33

Professional Implications

Concrete steps every IT professional should take to manage their IP obligations proactively.

When You Are Hired

Read the IP assignment clause before signing. Identify any prior inventions you want to exclude. Understand the scope of the work-for-hire clause. Ask specifically about side projects -- many agreements cover all inventions, even those created on personal time if they relate to the employer's business. Get exclusions in writing or consult an attorney.

During Employment

Do not use open-source software in commercial products without license review. Do not incorporate third-party code without attribution documentation. Do not access or copy employer systems for personal purposes. Do not use work resources for personal IP development if the employment agreement could claim those inventions. Maintain your own documentation of what you built independently.

When You Leave

Do not take any files, documentation, code, or data that belongs to your employer. Do not download your own work for "reference" without explicit permission. Return or delete employer data from personal devices. Be prepared to be asked about what you took. The answer must be: nothing. The ethical obligation to return and delete employer property on departure is clear regardless of whether enforcement is likely.

Slide 32 of 33

Week 2 Synthesis

Privacy, expression, and intellectual property are three distinct legal domains that interact continuously in IT work. The ethical principles underlying all three are related.

The Common Thread

Privacy, free expression, and intellectual property all involve the question of who controls information -- personal information, public discourse, and proprietary knowledge. The ethical principles are parallel: people have legitimate interests in controlling information about themselves (privacy), in speaking without government coercion (expression), and in profiting from their creative and inventive work (IP). Each interest can be overprotected or underprotected.

The Power Dynamic

In each domain, the most significant ethical problems arise from power asymmetry: powerful organizations collecting data on individuals (privacy), controlling the platforms through which individuals speak (expression), and using IP claims to suppress competition or access (IP). The IT professional is often inside those powerful organizations -- and therefore either part of the problem or part of the solution.

The Professional's Thread

Your professional obligations in all three domains are: know the rules, comply with the ones that are ethical, push back on the ones that are not, and document your reasoning when you encounter conflicts. The legal and ethical floors are not the same floor. The professional standard lives above the legal minimum in all three domains.

Slide 33 of 33 | Summary

Module Summary

IP rights are government-granted monopolies designed to incentivize creation. The ethical professional uses them for that purpose and no other.

Copyright, patents, and trade secrets are legal tools. The ethics of their use depends on purpose and proportionality. Levandowski stole files. Uber knowingly benefited. The license compliance failures of daily development work are less dramatic but equally real professional failures. Know what you use, what you own, and what you were trusted with.

8 Facts to Carry Out of This Lecture

1 Copyright: automatic at creation, protects expression not ideas, author's life plus 70 years. Work for hire belongs to the employer. Fair use is a defense, not a right.

2 Patents: 20 years from filing. Software patents are restricted post-Alice Corp. Patent trolls use cost asymmetry of litigation to extract settlements. The US software patent system has significant critics within the technology community.

3 Trade secrets: no expiration, any valuable secret maintained with reasonable measures qualifies. DTSA provides federal civil and criminal remedy. Whistleblower immunity protects disclosures to government in good faith reports of violations of law.

4 Waymo v. Uber: systematic downloading of 14,000 files = criminal trade secret theft. Levandowski convicted on 33 counts, sentenced to 18 months. Uber settled for $245M. Due diligence that ignores red flags creates acquirer liability.

5 Open source licenses: permissive (MIT, Apache) vs. copyleft (GPL, LGPL, AGPL). GPL requires open-sourcing derivative works. AGPL extends to SaaS. License compliance is a professional obligation, not an optional best practice.

6 Reverse engineering for interoperability is generally fair use (Sega v. Accolade). DMCA 1201 may restrict reverse engineering that circumvents technological protection measures. Security research exemptions exist but require renewal.

7 Legitimate competitive intelligence: public filings, product analysis, job postings. Industrial espionage: theft, bribery, unauthorized access. The Economic Espionage Act criminalizes misappropriation benefiting foreign governments up to 15 years and $5M.

8 When you leave an employer: take nothing, return everything, delete company data from personal devices. The ethical obligation to return and not misappropriate employer IP exists independent of enforcement likelihood.