For many of us the word “hacking” conjures up images of cyber crime and security breaches – take the recent Sony Pictures hacking scandal or the attacks on eBay’s databases earlier in 2014. However, along with the rise in hacking-related online crime, another type of hacking activity has been gathering pace in recent years. This other type, a good type, is all about collaborative and exploratory programming and involves taking something apart such as a line of code or a set of data and re-building it to solve a problem or create something unique.
The event at which this good type of hacking takes place is most commonly known as a hackathon (but also goes by the names hack day, hackfest or codefest) and takes the form of an intensive coding competition where designers and coders collaborate with the aim of producing a working prototype to be judged by an expert panel (which often comprises venture capitalists, CEOs and engineers). Hackathons generally last from 24 to 48 hours, at the end of which each team is given a few minutes to demonstrate its prototype to be in with a chance of winning prizes ranging from a cash sum to a place on a seed accelerator programme or a partnership with the host company. While these events are not new (the concept emerged in the late 1990s following open source software conferences held by what was then Sun Microsystems and separately by the developers of OpenBSD), they are becoming increasingly widespread across companies in a range of industries.
Hey, hey we’re the hackers
The focus of a hackathon varies from event to event. Some centre on a specific operating system, programming language or framework while others, such as the annual Yahoo! Open Hack Day, involve exploring APIs and using them to develop new applications. Recently, a number of hackathons have focused on a particular cause, for example, DementiaHack which aimed to develop products that benefit people living with dementia, and Random Hacks of Kindness, a joint initiative between Microsoft, Google, Yahoo!, NASA and the World Bank that was established to tackle humanitarian issues.
While AWS, Facebook and other big players in the tech sector have all hosted internal and/or public hackathons (Facebook’s “Like” button was conceived during an internal hackathon for the company’s engineers), these app-generating contests are certainly not confined to hard-core tech companies. Companies such as Unilever, Lonely Planet and recently, McDonalds have also hosted hackathons in various forms.
Be in it to win it
A growing number of companies are clearly recognising the broad appeal of hosting a hack event. Not only do the events provide good brand visibility, they also enable companies to gain firsthand feedback on their APIs and software, as well as the opportunity for business development through partnerships with tech start-ups.
It all sounds simple enough – pick a date and a venue, secure some sponsorship, line up some judges and let the hacking begin. But what else should companies consider before opening up their data or APIs to third parties?
The long arm of the law
Given the open, collaborative nature of hackathons, it is important for hosting companies to think about legal issues such as confidentiality, IP ownership and obtaining the relevant consents. Below is a checklist of issues for hosts to consider before the hackers are let loose.
- Eligibility: hosts tend to exclude their employees and, if one is used, the employees of the third party event organiser (unless it is an internal hack). Host companies should require that participants take responsibility for compliance with the relevant employer, agency, university or other policies by which they are bound.
- Code: host companies should specify what code is permitted to be used during the hackathon (i.e. code that is publically available or newly created onsite by the teams during the event, and not copied from privately existing code). The host should ensure clarity over the software, products and data made available by it and third parties (such as sponsors/partners) and state that these third parties have no rights over the prototypes developed during the hack.
- Intellectual Property: an important condition of participation should be the originality of the applications/prototypes developed during the hackathon. Host companies should require that all the IP and other rights in a prototype are owned by its creator(s) or otherwise that they have obtained the necessary rights and licences to use the IP rights in the prototype. Without this, host companies risk third party IP infringement claims.
- Licences: although host companies would not generally require an assignment of the rights in the prototype entries, they should ensure that the participants grant them a licence to use the prototypes in order to test and analyse the entries, and for promotional purposes (in relation to the event, not for commercial use).
- Confidentiality: hosts should consider the obligations of confidence they require from the various parties. Greater obligations may be placed on sponsors for example, whereas the obligations on the host and the participants may apply only until the judging stage of the hackathon.
- Relevant Parties: host companies should ensure that they have proper, legally binding agreements in place with all relevant third parties, such as the event organiser and any sponsors.
The majority of these issues can be addressed in a set of hackathon rules to which participants agree prior to entering the contest. Short letter-style agreements are likely to be suitable for contracting with third parties. Separately, participants should also consider entering into collaboration agreements with team members to avoid bust-ups over IP and other rights further down the line (particularly if they wish to develop their concept further after the event). While these rules and agreements may not eliminate all risks associated with hosting a hackathon, they will allow participants and other parties to be clear on their respective rights and obligations.
So, should all companies be embracing the hackathon?
It is safe to say that the world of hackathons is definitely open for business and can bring significant benefits to those companies that choose to embrace it. However, alongside the numerous commercial factors involved in planning a hack, companies should draw up a robust set of rules to carefully consider and address the relevant legal issues (most notably, IP ownership) in order to make the most of this good type of hacking.