Hitsniffer’s Downfall Highlights IP Problems over Code Ownership
Hitsniffer is a well-regarded web analytics app. Its WordPress plugin has had 141,166 downloads, including four today. But the Hitsniffer website has been shuttered, raising accusations of theft against ‘a programmer who had worked for the company since its inception.’ It is a case study on how to protect intellectual property — although in this instance it is not yet certain who actually owns what IP.
The Hitsniffer website explains, “Hitsniffer was compromised by a programmer who had worked for the company since its inception. This programmer has stolen all databases. The customer database is now in his hands. You will probably have received an email from a company called Hitsteps, this company has no relationship with Hitsniffer, Hitsteps is now using our customer database to contact our customers. We have made allegations of theft and fraud regarding this matter and it is now being investigated by the Police…”
The programmer concerned, Armin Nikdel, has a completely different take on the situation, and has published a rebuttal on Facebook.
According to Nikdel, he developed the software and allowed a former friend to handle the business side of things. The relationship went bad with missed payments. “This situation continued for long and got worst and he missed my shares every months,” writes Nikdel. “I voiced out and told him he need to pay my shares in order to return back to our healthy and fair partnership, without hesitation, He refused to payback any of debts.”
Nikdel suggests that the real problems came when his friend attempted to move the system to a new server. The move failed, “as Hitsniffer is using many custom non-standard and purpose specific apps and it wouldn’t run without them.”
And that seems to be the current situation. Hitsniffer is down, its original developer is accused of theft, and the police are allegedly involved. The case, however, is a Pandora’s mare’s nest of intellectual property.
There does not appear to be any current public accusation of theft of code by Hitsniffer against Armin Nikdel (Hitsteps). That would probably require a code-level comparison of the two apps. But at the moment it is an open question whether Hitsniffer or Nikdel actually owns that code. Resolution would depend on whether Nikdel was legally a Hitsniffer employee, or someone with a more casual relationship — and refusal to deliver revenue ‘shares’ (never mind a salary) could suggest no formal employee relationship.
Dr. Brian Bandey, Principal at Patronus PhD and a specialist in international intellectual property, explains some of the pitfalls. “So here’s the ‘big rub’ for companies that develop software,” he told SecurityWeek. “If they use a 3rd party non-employee, they won’t own the copyright work as author automatically. So what happens? Well, we get a number of legal tests. And a ton of uncertainty for all. The freelance (non-employee) programmer might (would probably) own the copyright work on trust for those who commissioned it – and could be compelled to sign a copyright assignment to vest the copyright formally (legally) in the party that commissioned it.”
But they don’t always do that. “When conducting an IP Audit on large software houses,” he continued, “I have seen many instances where their pride and joy flagship software product is not owned by them per se. In a sense it is a honeycomb of ownership — them owning some and the rest of the copyright works (modules, routines) generated by 3rd parties not formally and completely vested in them.”
So for large companies it becomes essential that copyright ownership is legally settled. “They must have a written assignment of copyright in place that includes something called ‘future copyrights’ to ensure that they own the code they commission to be written.” The reason is obvious. “If I’m a software house, I build value by making intellectual property — property that I own and can sell, lease, license and mortgage. Fragmented copyright equals less value.”
In the Hitsniffer case, the issue seems to be less the code itself as the database of customers. It is similarly problematic (a problem that doesn’t exist if Armin Nikdel was legally employed by Hitsniffer). Nikdel is accused of stealing the database — but Hitsniffer doesn’t automatically own the data in the database unless it was a Hitsniffer employee that entered the data into the DBMS. But, warns Bandey, “There’s a world of pain available to those who take databases containing personal data (data that can identify living individuals) and use it or sell it in another trading situation.”
