Legal questions surround Windows code leak

Besides creating bad press for Microsoft, the Windows 2000 source code leak could mean a legal headache for developers

Microsoft has recourse to an arsenal of legal remedies for stopping the distribution of the recently leaked Windows 2000 source code and, if it chooses to do so, punishing those who have handled the code, according to a legal expert.

On Thursday, a 203MB file containing some of Microsoft's closely guarded source code was published on the Internet, representing around 1 percent of the code base of Windows 2000, the enterprise operating system on which Windows XP is based.

Industry analysts say the code is unlikely to reveal new security holes or to damage Microsoft competitively, its only real effect being bad publicity. "Its biggest impact is purely as an embarrassment," says Ovum principal analyst Graham Titterington. "A partial leak of source code is not of much use to anybody. Even if someone sees a potential flaw, it still doesn't give them a picture of the overall system."

Microsoft can argue that those spreading the leaked source code are breaking several intellectual property laws, including those related to confidentiality and copyright, according to Mark Watts, IT partner with Bristows. "There is no shortage of legal theories that Microsoft could rely on to prevent either the source code remaining on a Web site or being further distributed," he says.

Copyright infringement would affect anyone that knowingly distributes or handles infringing copies. Because of the nature of digital media, obtaining a copy of the source code involves making a copy, notes Watts.

He said the definition of copying is broad, including having a copy stored on one's hard drive. As for whether the copy was made knowingly, "it would be pretty hard for somebody to argue they weren't aware that this was an infringing work," he says.

Besides civil penalties, involving the payment of damages and an injunction against further infringement, handling infringing works could be prosecuted under criminal laws, according to Watts. Microsoft has said it is discussing the leak with law enforcement officials.

The amount of code being copied is not necessarily an issue, if the code is a substantial part of the operating system. "They would assess whether the bit you're talking about is substantial with relation to the entire copyrighted work. They don't just count the lines of code, generally the focus is on the quality of the bit taken," Watts says. For example, in the Mona Lisa, the smile is a small portion of the painting but could be considered a substantial part.

Questions for developers
The wide circulation of Windows source code raises questions for software developers, in that programmers who study the code could later be accused of copying it, even in a modified form, into other products -- turning those products into derivative works of Windows.

While this scenario may send shivers down the spines of developers familiar with SCO Group's byzantine lawsuit against IBM over Linux source code, Watts says reading the Windows code is unlikely to poison a developer's future career.

A derivative-works lawsuit would have to prove more than that a developer read the company's source code. To be successful, the suit would have to prove that elements of that code had made their way into another product, and that those elements were substantial. "If it were just a couple of lines of code that were a clever way of doing something, that may or may not qualify as substantial," Watts says.

He notes that a developer would be unlikely to be able to copy Microsoft code, even unconsciously, just from reading the source code; it would take an effort to study and understand the code. Of course, copyright lawsuits can damage companies financially, even if they have little chance of success, says Watts.

Theoretically, if a developer included third-party code in a company's product, it could damage that company's ability to guarantee to its customers that their code is "clean". But this scenario, too, would be unusual: "You would be unlikely to have a situation where a reputable software company and its employees are including Microsoft code, even inadvertently. They are too careful to do that," argues Watts.

While the Windows code is likely to be covered by patents, patent law does not come into play in this case. With patented software, the only issue is whether software uses patented concepts, whether or not the programmer was aware of the existence of the patent, according to Watts.

Why a secret?
Microsoft's main problem in this case is that the company has itself drawn so much attention to its policy of keeping Windows source code top secret.

The company has maintained this policy through lengthy antitrust battles and in competition with open-source software projects, which allow source code to circulate freely. While Microsoft has resisted open-source pressures, some competitors, such as Apple Computer and RealNetworks, have adopted open-source methods for some of their products as a way of tapping into developer interest. Open-source developers say the fact that anyone can scrutinise the code and report (or fix) bugs ensures the software is secure.

At the heart of the source code issue is Microsoft's strategy for continued domination of both operating systems and applications, according to analysts.

During the US antitrust case some participants argued Microsoft should be compelled to reveal the Windows source code as the only way of ensuring a level playing field with competing application makers. Otherwise, they argued, Microsoft will continue to leverage its desktop operating system dominance into software such as browsers, media players, servers and the like.

Microsoft says it supplies software makers with enough information to integrate their products with Windows, but continues to tout its control of Windows as a selling point for other software.

"Microsoft has decided on an optimum level of [source code] disclosure that suits its commercial interests," says Ovum's Titterington. "This is putting the spotlight on that."