1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Reverse engineering a schema - any ethical or legal imlications?

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Reverse engineering a schema - any ethical or legal imlications?"

Collapse
  • sam1a
    replied
    ahem ahem

    Originally posted by Clever Hans View Post
    I have been offered a short contract to convert data from one application to another.

    They want me to extract data from a competitors application/db to their system while their client transitions from one system to the other. This is to be done by reverse-engineering the schema and mapping to the fields in their application and extracting it via odbc/whatever.

    The two rival systems will remain in place, one extracting the data from the other, at the client over a period of time, perhaps months. They may want to repeat the operation for future clients/rival products. They will want me to sign an NDA.

    I used to work for the competitor on that product years ago. That product is still in development and is not at all legacy - they are a market leader.

    My understanding is that decompilation is against the law if used for competitive reasons. I regard reverse engineering a schema as part of the decompilation process, though this may be technically incorrect. They argue the client owns the data, and they've been through it all with lawyers.

    So:

    I feel uncomfortable with the ethical and legal implications, and want to know if I am being naive/precious/stupid believing the following:

    1. Its too much reverse engineering and direct mapping to an application for a bog-standard data conversion.
    2. I used to work with the rival on the product and feel a duty of confidentiality (and they were my mates).
    3. Its at best a legal grey area and should there be comeback later on, I will be particularly exposed as a contractor, even insured in a ltd.

    Basically, is it dodgy or perfectly normal and above board?

    this is interesting. reminds me of Robert Cringley's reverse engineering tip in his movie. Guess you should watch Triumph of Nerds

    Leave a comment:

  • SueEllen
    replied
    Originally posted by Wanderer View Post
    The way I see it is that the client has the contract with the software supplier and if anyone is going to get in trouble then it's going to be the client.

    <snip>

    If it comes to legal action then it's going to be a civil matter rather than a criminal one, probably claiming breach of software license conditions and that's between the supplier of the software and the licensee.
    I've actually been warned that there are cases that they can come after you as well as the client.

    Even if the supplier has no case with you it won't stop them trying to tie you up in their case particularly if the supplier has bigger pockets.

    Hence you get a clause or two in your contract ensuring the client indemnifies you.

    This obviously won't work if you know you are doing something blatantly illegal.

    Leave a comment:

  • krytonsheep
    replied
    This is a standard piece of data migration/modelling.
    I'd aggree, it's just migration. Without fully knowing the details, I would guess that the Ruby on Rails gem yaml_db would do what you need.

    Leave a comment:

  • Wanderer
    replied
    Originally posted by phileds View Post
    Excellent! Then they'll obviously be more than happy to give you a copy of said legal opinion.
    The way I see it is that the client has the contract with the software supplier and if anyone is going to get in trouble then it's going to be the client.

    If it comes to legal action then it's going to be a civil matter rather than a criminal one, probably claiming breach of software license conditions and that's between the supplier of the software and the licensee.

    As a contractor working for the client, I would not be party to the licensing agreement between the client and the supplier and I couldn't be reasonably expected to review it either. If for no other reason, it's none of my business.

    If the client have taken legal advice and are happy with it then I'd be good to go.

    Leave a comment:

  • SueEllen
    replied
    Originally posted by phileds View Post
    Excellent! Then they'll obviously be more than happy to give you a copy of said legal opinion.

    Though why they've sought a legal opinion for what sounds like a straightforward transfer of a client's data from one system to another is, er, "interesting".
    Depends on the company and their management.

    I know of relatively small companies that have their own in-house solicitor and larger ones that don't.

    Though it doesn't mean their solicitor specialises in Intellectual Property............

    Leave a comment:

  • MarillionFan
    replied
    Originally posted by phileds View Post
    Excellent! Then they'll obviously be more than happy to give you a copy of said legal opinion.

    Though why they've sought a legal opinion for what sounds like a straightforward transfer of a client's data from one system to another is, er, "interesting".
    Seems a little like David Blunkett leading Ray Charles to me.

    Leave a comment:

  • phileds
    replied
    They argue the client owns the data, and they've been through it all with lawyers.
    Excellent! Then they'll obviously be more than happy to give you a copy of said legal opinion.

    Though why they've sought a legal opinion for what sounds like a straightforward transfer of a client's data from one system to another is, er, "interesting".

    Leave a comment:

  • Clever Hans
    replied
    Ok, well I guess the question is answered:

    Ways forward for peace of mind include getting a lawyer to look over the contract, check the book linked, speak to FromCo, use the suggested information resources I may have access to. Excellent suggestions.

    Apparently unneeded though, because it is standard practice in software houses.

    Originally posted by MarillionFan View Post
    This project sounds extremely iffy to me. Personally I wouldn't touch it without the help of Max Clifford and a top notch legal team. Nobody has ever done a piece of data migration before which required knowledge of the schema. Best to avoid.
    Connecting up to the application in a way not intended by FromCo when it deployed it to the client, under conditions of secrecy and extracting the blueprint for a major part of it to help produce a competing product is not reverse engineering, its not illegal, and its not unethical.

    There you go.

    Leave a comment:

  • Clever Hans
    replied
    Originally posted by rd409 View Post
    This is pretty elementary. I have helped many clients migrate their data from SAP, Dynamics and salesforce. Put in some custom built CRMs and the picture grows in confusion. Each of the system has been configured for the client, and to migrate the data and business logic, I would need to get into the configuration management console provided by FromCo, and figure out what needs to be done in the ToCo. Technically this can be termed as reverse engineering, but this is a common expected methodology used by almost all professionals who overlook Data migration or any other kind of Technical Changes. Many companies look out for professionals who have already done something like this say for example who has migrated a client from Dynamics to SAP. This will make the project run smoothly and faster than someone trying for the first time.

    The point here is "Reverse Engineering" is not un-ethical or illegal. It is how you approach it makes the difference. If while working at the FromCo previously, you have left a backdoor open for future migration, and you use that now, it is illegal. But otherwise, it should be okay.
    Thanks. I should point out, I have done data migration before, but only on internally-created systems, not between competing products I don't 'own'. I understand the technical elementariness of it, I just wanted clarity on the legal/ethical side.

    Leave a comment:

  • rd409
    replied
    This is pretty elementary. I have helped many clients migrate their data from SAP, Dynamics and salesforce. Put in some custom built CRMs and the picture grows in confusion. Each of the system has been configured for the client, and to migrate the data and business logic, I would need to get into the configuration management console provided by FromCo, and figure out what needs to be done in the ToCo. Technically this can be termed as reverse engineering, but this is a common expected methodology used by almost all professionals who overlook Data migration or any other kind of Technical Changes. Many companies look out for professionals who have already done something like this say for example who has migrated a client from Dynamics to SAP. This will make the project run smoothly and faster than someone trying for the first time.

    The point here is "Reverse Engineering" is not un-ethical or illegal. It is how you approach it makes the difference. If while working at the FromCo previously, you have left a backdoor open for future migration, and you use that now, it is illegal. But otherwise, it should be okay.

    Leave a comment:

  • RichardCranium
    replied
    Originally posted by MarillionFan View Post
    This project sounds extremely iffy to me. Personally I wouldn't touch it without the help of Max Clifford and a top notch legal team. Nobody has ever done a piece of data migration before which required knowledge of the schema. Best to avoid.
    Whoever gets the gig in the end will be happy enough.

    Leave a comment:

  • MarillionFan
    replied
    Originally posted by RichardCranium View Post
    Are you a member of the BCS, IAP or PCG? All of those provide access to a free legal helpline for queries such as this.

    Also, check your professional indemnity insurance, contents / buildings insurance or bank account perks. You may get free legal advice bundled in with any of those, too.

    Failing that, check out the web site of egos (the IT contractors' lawyer; I've used him and he's good) which may have the answer. Or just phone him. (But have your debit card details to hand.)
    This project sounds extremely iffy to me. Personally I wouldn't touch it without the help of Max Clifford and a top notch legal team. Nobody has ever done a piece of data migration before which required knowledge of the schema. Best to avoid.

    Leave a comment:

  • RichardCranium
    replied
    Are you a member of the BCS, IAP or PCG? All of those provide access to a free legal helpline for queries such as this.

    Also, check your professional indemnity insurance, contents / buildings insurance or bank account perks. You may get free legal advice bundled in with any of those, too.

    Failing that, check out the web site of egos (the IT contractors' lawyer; I've used him and he's good) which may have the answer. Or just phone him. (But have your debit card details to hand.)

    Leave a comment:

  • SueEllen
    replied
    Originally posted by thunderlizard View Post
    This book covers the IP implications of reverse engineering in probably as much detail as you'll need, including case law:
    Software Copyright Law: Amazon.co.uk: David I. Bainbridge: Books
    Problem is books like that are normally as clear as mud to someone who doesn't have legally trained mates to discuss particular cases with. (If Clever Hans had he wouldn't be using the term reverse engineering.)

    It also doesn't help that the book is years out of date. Laws particularly in the legal jurisdictions of the UK change very quickly, so something that is valid one month is not valid the next.

    Leave a comment:

  • thunderlizard
    replied
    This book covers the IP implications of reverse engineering in probably as much detail as you'll need, including case law:
    Software Copyright Law: Amazon.co.uk: David I. Bainbridge: Books

    Leave a comment:

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X