13

Consider the following scenario:

Person A is employed by a large company and has the usual "everything you do while employed by us is owned by us" in their employment contract.

Person B is self-employed and creates intellectual property (here let's assume software) in the natural course of their business.

They both work from the same home and use a shared home internet connection (for which only one of them, let's assume person A, is the official account holder).

Is there a risk that person A's employer can attempt to attach themselves to person B's business or the intellectual property created by person B's business?

For example, if B uploads intellectual property to a third-party service using the same IP address that A uses, can A's employer use that fact as evidence that B's intellectual property might have been created by A or with A's involvement?

How does the law look at this situation?

bdb484
  • 58,968
  • 3
  • 129
  • 184
confused-by-it-all
  • 139
  • 1
  • 3
  • 3
    So A's employer is monitoring all of the traffic on A's personal internet connection? How are they doing that, and how do they disclose that they know some data was uploaded to the third party without admitting that they've broken the law? – phoog Apr 03 '23 at 16:04
  • 2
    @phoog If the Person A's company owned computer performed a promiscuous packet sniffing function, then depending on the network setup, that company could easily identify all external resources that Person B accessed and send them back to home base. I have no idea if that is legal or not. – Peter M Apr 03 '23 at 22:07
  • 6
    How is this scenario where two people work for different companies from one building that is their home different from when two people work for different companies in one building that is anything else? It's extremely common for this to happen when the building is a coworking space, or a cafe, or a library, etc. – Ben Apr 04 '23 at 03:31
  • @PeterM wouldn't the packet sniffer recognize the different IP addresses? – RonJohn Apr 04 '23 at 04:07
  • @RonJohn Person A may have 2 devices, eg a work laptop and a home computer, so the company could still want to track everything regardless of ip address – B-K Apr 04 '23 at 04:18
  • 1
    @B-K a declaration under penalty of perjury from Person B saying "that's my computer, and I do X" should be a good starting point in shooting down the Company's complain. – RonJohn Apr 04 '23 at 04:23
  • 4
    @PeterM if they were sniffing packets in the home LAN network, the data collected could be evidence AGAINST the company, assuming B didn't use A's company-owned laptop. The MAC address of the sniffed packets would show B's machine, in this case. – Mindwin Remember Monica Apr 04 '23 at 11:36
  • 1
    @MindwinRememberMonica While true, that's only if the log the MAC address. A company that goes to the extreme of packet sniffing may realize this. And while not the OP's question I just had an epiphany that in this day and age, the packet sniffing could be performed to look for any "extreme" views of the employee such as viewing porn, LBGTQ+ rights, abortion access, or even unionization. I still don't know if the packet sniffing is illegal or just reprehensible. – Peter M Apr 04 '23 at 13:05
  • 1
    "Is there a risk that person A's employer can attempt to attach themselves to person B's business or the intellectual property created by person B's business?" There's always a risk. The question is the magnitude of the risk. It's really low. – RonJohn Apr 04 '23 at 14:47
  • If PersonA's company was doing any of that they would have a hard time winning a legal case let alone not having part of their C Suite end up in jail. – Matthew Whited Apr 04 '23 at 16:40

3 Answers3

25

It is conceivable that A's employer would claim that the intellectual property was actually created by A in the course of their employment rather than B. That would be a question of fact for the lawsuit to determine.

Realistically, assuming A and B both testify that B created the intellectual property with no input from A and A's employer had only the IP address as evidence, it is pretty unlikely that the fact finder would find that A created the intellectual property. A's employer would almost certainly need to provide some additional evidence that would show that the balance of probabilities favored the employer's position (i.e. A works at FedEx writing software for package logistics, B is a 12 year old kid with no formal computer science training, and the intellectual property in question involves the implementation of sophisticated graph traversal algorithms that would be common in package logistics applications).

Justin Cave
  • 2,789
  • 1
  • 12
  • 17
  • 6
    I concur and write separately only to add that unless its complaint is based on something more substantial than the IP addresses, the employer would probably be looking at a very fast dismissal under Twiqbal and maybe some Rule 11 sanctions, as well. – bdb484 Apr 03 '23 at 15:57
  • 1
    If A had a full time job and B didn’t because they were full time creating IP, it would be hard to argue that A did effectively two jobs and B did nothing. – gnasher729 Apr 03 '23 at 18:48
4

I would not be too worried about Company A making a claim over company B's intellectual property because your wife sent something over the shared home network. I would more concerned if your Company A and your wife's company B were competitors or in the same line of business. If that is so, you could open yourself up to trade secret or confidentiality legal actions.

I have been a lawyer in Silicon Valley for over 25 years. There are certain companies that rigorously defend their trade secrets and will sue former employees in the flimsiest of cases. After you have spent thousands of dollars defending yourself they settle with you for an apology having taught you "a lesson".

If your employer believes you may have leaked trade secrets I could see them filing a law suit connected to the shared home network. You are a computer expert. So you know the solution to this better than I do. Interesting question. Thank you.

jdblaw
  • 35
  • 2
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Community Apr 04 '23 at 23:17
2

I am not a lawyer but from the technical aspect, it does not make much sense.

A company that allows you to work remotely ensures that your work environment is secure. This can roughly be done though

  • providing you with a complete network connected to the company (this is typical for small branch offices, but also doable at home)
  • or making sure that your device (typically a laptop) is secure when on a generic network

In the first case, you are alone on the network built by the company that connects to the company so it is an extension of what they have. This network "lays" on top of the home network, and then the Internet. The home network and Internet are just transport - so if a company states that this contributes to the IP they should sue the Internet, the providers of the tunnels the cables run through, and the vendors of the fiber.

In the second case, the laptop is expected to be secure and appropriately isolated so you are back to the "transport layers" above.

In other words - where you do not matter because the way the IP flows in is independent of the network it ultimately is. The company provides the appropriate security padding so that it does not matter.

WoJ
  • 2,460
  • 3
  • 18
  • 26
  • 4
    How does this relate to the question? I work from home on a heavily secured company laptop which can only communicate with the company by VPN. (Local LAN access is blocked.) That doesn't stop me from doing work on the side on my personal computer while I'm on the clock (as I'm doing now to post this). Nothing prevents my wife to use her laptop on the home-LAN to work, either for her own work or the additional freelance work she occasionally does. This is about the company claiming ownership from ANY data originating from the same home-LAN regardless how it was send online. – Tonny Apr 04 '23 at 13:39
  • 2
    They obviously have no right to any IP created by a non-employee. They can claim whatever they want, but they'd have to prove at the very least that you created the IP. That will be hard. – gnasher729 Apr 04 '23 at 15:11
  • 3
    @Tonny: the point is that there is no "home LAN". You have a VPN so your computer is part of the company network. What carries the signal is irrelevant - if you were in a McDonalds would the company claim that anything that was created on any MsDonalds networks (or at least the network of that McDo) is theirs? Now - if you do not use the VPN you may be misusing your laptop (but that's a matter of contract, and the "always-on" VPN should be enforced by the company) – WoJ Apr 04 '23 at 15:57
  • @Tonny: I realized when looking at your bio that you are a sysadmin, so I think I really do not understand your question as how a VPN works (and the network layers) are well-known to you. – WoJ Apr 04 '23 at 16:01
  • 3
    @WoJ I think his point is that if anything produced by the employee during working hours is presumptively the company's intellectual property, the company could still make the claim that the person made the property on a non-company computer but it's still the company's property. – IllusiveBrian Apr 04 '23 at 21:27
  • @IllusiveBrian That is exactly what I was trying to say. The question asks about other peoples work and NOWHERE states that it is done on the same computer. Even though my laptop is company issue and locked down doesn't mean that is the case for all our employees. We do have users that use their own PC to login to a secure virtual workplace. Zero-trust computing. We don't trust the users PC, but fully control the virtual workplace. For me the laptop is more convenient, but I still use the virtual setup at times, if I don't have the laptop with me. Any computer will do. – Tonny Apr 04 '23 at 22:18
  • @Tonny so you need to reformulate and clarify your question. Right now my McDonalds analogy is the answer: how can the network you connect from be "taken hostage" and why would that only be your home network? To take this to an absurd extreme - they could claim all of Internet devices to be producing work that is theirs. It simply does not make sense technically and this is why I am confused by your question, taking that you are a sysadmin. – WoJ Apr 05 '23 at 06:52
  • @WoJ I'm not the person who asked the question. – Tonny Apr 05 '23 at 09:12
  • @WoJ As far as I'm concerned the company has no business claiming any sort of ownership. With the possible exception if the home internet connection used for work is provided by the company and there is a contract stating it can't be used for anything else. Even then it would very much depend on locality, circumstances and the type of work before a judge would grant ownership to the company. E.g. Here in Europe reasonable private use of company resources (e.g use work computer to do your taxes) is permitted by law in many countries so such a contract would be void in the first place. – Tonny Apr 05 '23 at 09:22