Is this a thing in the US? Here, if the code was written of your own volition outside of work hours then it's yours.

“Work hours” are less clear for salaried workers who may or may not take work home: if it was written to solve a problem for the employer, reviewed with other workers at work, but ultimately not further pursued the status seems murky.

The later derivative that was actively used by and updated for the requirements of another employer during the coarse of work seems to more clearly their property as a derivative (but also murky because it is potentially an illegal derivative of the earlier work, if that was owned by the earlier employer.)

That's not what happened here though. For salaried workers everything you do that is related to your job is owned by your job. That's the default even if your contract doesn't state it. He may not have been directed by his boss to make the code for Box, but he did it with the intent of helping Box's business, as a salaried worker. That makes it Box's property.

But even if you are unconvinced of that, work was clearly done on it on company time at Uber, where it was deployed as part of Uber China's business infrastructure. That work is absolutely owned by Uber (with maybe also some claim by Box). Not owned by OP.

It depends on your employment agreement or contract. Most contracts I have seen say that any IP you develop related to what you're doing at work is the employers.

It only depends on your employment agreement in the other direction. Work done for hire is by default owned by your employer under federal law. For salaried employees it doesn't matter if it is done during working hours.

The employment agreement can give up this right for things not related to the company's core business, and I usually insist on that in my agreements. But that is not the default behavior.

Surely someone has to ask for it before it's work done "for hire".

I usually insist that personal and open source work done outside of the product areas I work on are not company owned. Otherwise if I work on financial software at a bank, and then at home I work on defi/blockchain based financial stuff, I could be setting up a liability for me or my users.

Now I understand what you are saying, and no. For a salaried employee it pretty much covers everything you do that is related to your job, with that “related to your job” being interpreted very loosely, or done with company equipment or on company time.

Okay, well that's a bad way to define those words if very vague relatedness is enough, with no other factors.

Work for hire should always be very clear.

Well that’s what the case law is.

That story just doesn't seem plausible. Maybe for Box, but it feels like a stretch, and definitely not for Uber.

The real liability is sharing publicly that you did this. But hey, people have done far worse for attention and fake internet points, right?

It’s pointless to worry about being sued by a large corporation. If they want to bankrupt you, they always can, regardless of whether you did anything wrong or not.

We are like ants to them, they can squash us at any time, but most of the time we are too small to worry about.

> If they want to bankrupt you, they always can, regardless of whether you did anything wrong or not.

Misses the point, which is: the likelihood of being sued increases when you break contracts or appear to do so