Could Your API Land You in Court: What Developers Should Know

When a federal judge declared in June that software APIs aren’t covered by copyright law, it was a major victory not just for Google against Oracle, but for the API developers and users alike.

The judge called APIs “a utilitarian and functional set of symbols, each to carry out a pre-assigned Function... Duplication of the command structure is necessary for interoperability," according to an ArsTechnica article on the ruling.

"So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API," the judge wrote in his ruling.

But while APIs overcame a major copyright challenge in Google versus Oracle, that doesn’t mean you’re safe from a legitimate legal action, as developers in two separate matters are learning the hard way.

First, there’s Craiglist’s recent lawsuit against 3Taps and Padmapper for copyright infringement. 3Taps wrote the API that provides apartment rental data gleaned from Craigslist to PadMapper, which marries the data to maps. (This week, Craigslist also rolled out a map feature for its apartment listing.)

3Taps is fighting back, claiming it does not inhibit Craigslist’s servers but rather collects the data from search engines. It’s also filed a countersued for anticompetitive business practices. Padmapper has filed for a court extension to respond to the lawsuit.

But on Monday, Oct. 1, Craigslist up the ante, filing a cease-and-desist order again Mashery, the API Platform that helps 3Taps serve customers, according to a report by Mashery backed away from the battle, citing the complexities of copyright, and ended support for 3Taps on Friday, forcing 3Taps to handle its API services manually.

Second, The H Security reported last week that WhatsApp Messenger threatened legal action against the developers of WhatsAPI, an open source implementation of the WhatsApp protocol. The action seems to be a reaction to a security flaw in the API found and publicly identified by by heise Security. WhatsApp demanded that the Source Code for the API be taken down, and the developers are reportedly complying — although, as the article notes, there’s now a Web Service based on the API that could still be used to send and receive messages from a stolen account.

It’s not clear what legal issue was cited by WhatsApp Messenger.

Copyright law isn’t as straight-forward as most people think. For instance, Craigslist’s lawsuit claims copyright protection in two ways, according to a blog post by Mirsky & Co, an east coast law firm specializing in new media and technology:

  1. Public facts aren’t copyrightable —but are apartment listings public facts or a private piece of information created by a landlord and Craigslist?
  2. Compilations can be copyrightable based on the unique design, presentation and formatting. Mapmakers and telephone book publishers use this as a rationale for copyrighting their materials, and Craigslist contends it’s postings are a unique compilation in its claim.

While copyright seems to be the most popular justification for legal actions against API developers, it’s not the only issue you need to consider when writing APIs.

For example, Craigslist’s lawsuit also cites its terms of service, which explicitly prohibit the use of its data.

“Copyright law or the absence thereof as applied to Craigslist data notwithstanding, voluntarily entered-into contracts for otherwise binding commitments can prohibit all sorts of activities by their contract parties – including use of data that is acquired under the service,” the post states. “There’s not a lot of complexity in this aspect of contract law.”

Some other legal questions developers should consider when creating or using APIs, according to a twitter chat hosted by Mirsky Legal Attorney Andrew Mirsky :

  • Does the contract allow you to maintain Intellectual Property rights to the API?
  • Does this API comply with privacy laws? Often, the onus is on the developer when it comes to privacy issues, Mirsky stated.
  • If you have a contract, does it outline the scope of work and responsibility for bug fixes and other maintenance issues?
  • Who owns the source code?

Be sure to read the next Security article: Rise of the Spambots: 3 APIs For Beating CAPTCHAs