Boss wants me to ignore a software API license prohibiting mass downloadHow can I approach management when asked to work without a software license?How can I persuade my boss to license the software I need to use?Did I overstep my bounds by creating a tool “behind my manager's back”, during non-work hours?Software license not valid in my country; how to handle being asked to use it anyways?How to effectively change a boss's mindset on technology choices when I will be the one building a project?Co-worker team leader wants to inject his friend's awful software into our development. What should I say to our common boss?My boss wants to get rid of me - what should I do?

Collinear Galois conjugates

What is this "Table of astronomy" about?

Submitting a new paper just after another was accepted by the same journal

Bitcoin successfully deducted on sender wallet but did not reach receiver wallet

are there an infinite number of primes which are any multiple of n apart?

Are 变 and 変 the same?

Boss wants me to ignore a software API license prohibiting mass download

Specific: effect of rm -r /./*

First amendment and employment: Can a police department terminate an officer for speech?

Is There a Tool to Select Files to Download From an Org in VSCode?

A Non Math Puzzle. What is the middle number?

How would timezones work on a planet 100 times the size of our Earth

How do some PhD students get 10+ papers? Is that what I need for landing good faculty position?

Word for an event that will likely never happen again

What is my malfunctioning AI harvesting from humans?

How can Radagast come across Gandalf and Thorin's company?

Is this n-speak?

Are differences between uniformly distributed numbers uniformly distributed?

What is a good class if we remove subclasses?

When were the tantalum capacitors first used in computing?

Is there a Morita cocycle for the mapping class group Mod(g,n) when n > 1?

The cat exchanges places with a drawing of the cat

Safest way to store environment variable value in a file

Do beef farmed pastures net remove carbon emissions?



Boss wants me to ignore a software API license prohibiting mass download


How can I approach management when asked to work without a software license?How can I persuade my boss to license the software I need to use?Did I overstep my bounds by creating a tool “behind my manager's back”, during non-work hours?Software license not valid in my country; how to handle being asked to use it anyways?How to effectively change a boss's mindset on technology choices when I will be the one building a project?Co-worker team leader wants to inject his friend's awful software into our development. What should I say to our common boss?My boss wants to get rid of me - what should I do?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








34















I am a software developer at a European company.



My boss wants me to develop some software that consumes an external API and stores the received data in our own database.



The policy of the external API clearly does not allow this but it would probably never catch someones eye.



Still I am really uncomfortable with this and probably won't do this.



My boss knows that it is not allowed but still wants me to implement this feature.



What should I do?










share|improve this question









New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Comments are not for extended discussion; this conversation has been moved to chat.

    – Snow
    1 hour ago

















34















I am a software developer at a European company.



My boss wants me to develop some software that consumes an external API and stores the received data in our own database.



The policy of the external API clearly does not allow this but it would probably never catch someones eye.



Still I am really uncomfortable with this and probably won't do this.



My boss knows that it is not allowed but still wants me to implement this feature.



What should I do?










share|improve this question









New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Comments are not for extended discussion; this conversation has been moved to chat.

    – Snow
    1 hour ago













34












34








34


3






I am a software developer at a European company.



My boss wants me to develop some software that consumes an external API and stores the received data in our own database.



The policy of the external API clearly does not allow this but it would probably never catch someones eye.



Still I am really uncomfortable with this and probably won't do this.



My boss knows that it is not allowed but still wants me to implement this feature.



What should I do?










share|improve this question









New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I am a software developer at a European company.



My boss wants me to develop some software that consumes an external API and stores the received data in our own database.



The policy of the external API clearly does not allow this but it would probably never catch someones eye.



Still I am really uncomfortable with this and probably won't do this.



My boss knows that it is not allowed but still wants me to implement this feature.



What should I do?







ethics software-development legal






share|improve this question









New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










share|improve this question









New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








share|improve this question




share|improve this question








edited 23 mins ago









smci

2,07910 silver badges21 bronze badges




2,07910 silver badges21 bronze badges






New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








asked 17 hours ago









RolfZRolfZ

1742 silver badges3 bronze badges




1742 silver badges3 bronze badges




New contributor



RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




New contributor




RolfZ is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















  • Comments are not for extended discussion; this conversation has been moved to chat.

    – Snow
    1 hour ago

















  • Comments are not for extended discussion; this conversation has been moved to chat.

    – Snow
    1 hour ago
















Comments are not for extended discussion; this conversation has been moved to chat.

– Snow
1 hour ago





Comments are not for extended discussion; this conversation has been moved to chat.

– Snow
1 hour ago










8 Answers
8






active

oldest

votes


















31














Get it in writing. Save a copy of said confirmation away from company hardware.



Violating software and service licenses are the kind of thing that, if they are caught, can really screw over a company. They will want someone to blame and an unscrupulous windbag will end up deleting any emails on the company servers related to their 'request' and make you their scapegoat.



Take the initiative and email your boss asking for confirmation, laying out exactly what they asked you to do. BCC a personal email account or save the email to a USB drive (whichever is safer). Ditto with any responses you receive. From there, you can choose to either get in contact with higher ups, Federation Against Software Theft (a piracy resource, but intentional license violations are pretty much treated as this anyway), or the service provider themselves.



Bear in mind that the first can wind up with you getting punished if the higher ups let your boss know, the second can trigger a witch-hunt (FAST generally do not give information about informants, but if your company are unscrupulous, they WILL be looking for who did what) and the third can lead to wasted work as your company's account gets perma-banned over the infraction soon after the code is up and running.






share|improve this answer




















  • 5





    Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

    – computercarguy
    7 hours ago






  • 3





    USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

    – Peter
    7 hours ago



















15














Like anything that touches on ethical considerations, you need to be prepared for the repercussions from your decisions.



If your company has a legal department, I would consider starting there. What you are doing is a violation of the terms of service of the API and could result in problems for your organization. This can help you get additional eyes on the terms and policies of the API creator to ensure that everyone understands them.



If your company doesn't have a legal department, what you do is up to you. However, it's widely considered unethical to misuse someone else's API. If your manager refuses to understand the possible implications of this, you have four options. You can either go along with it and you would need to live with your decision, you can refuse and deal with the outcomes which may result in an inability to move up in your organization or even termination, or you can resign and refuse to be part of an unethical organization. Alternatively, you may be able to reach out to the API creator to clarify the terms of service and, if your company is indeed violating them, self-report it - perhaps there's room for agreement, or the API creator can block your company's access to the API.



At the end of the day, no one should fault you for doing what you need to do. The ethical thing, according to the various software engineering codes of ethics that I'm familiar with, is to ensure that the API isn't misused and you comply with the terms of service. However, if you are relying on this job for money or benefits to support yourself and your family and losing it without something lined up would put you into an unsustainable position, I don't believe that anyone would fault you.






share|improve this answer
































    5














    It comes down to your personal convictions.



    From what I understand the misuse of the API does not appear to be a criminal offense (please don't just take my word for it, get legal advice to be sure). However, make sure that the collection and storage of data that your software is performing is legal. In Europe there are strict data privacy laws (GDPR), especially when it come to collecting data on people. The policy of the API may very well be to prevent the illegal collection of data.



    People have different personal convictions and some are more ethical than others. As long as the data being collected is legal, you will have a hard time convincing your boss to take the route that you see as ethical. You have to realize that, depending on their culture and personal convictions, your boss might not view the misuse of an API as something unethical.



    As I see it you have a few options:



    1. You can obey your boss and use the API against its policy. Be aware that this is not likely to be a one time thing and more requests like this are likely to come in the future. The more of them you say yes to the harder it gets to say no down the line.


    2. You can refuse to use the API against it's policy. This will likely not sit well with your boss, with the extreme case being that you might lose your job.


    3. You can suggest an alternative solution. It probably requires some creativity but you might even find an API where it's not against their policy to implement it in the way your boss is asking of you. This has the potential of not upsetting your boss (too much) while allowing you to stick to your convictions.


    In your case I would suggest giving all you have to make option 3 work, only resorting to 1 or 2 if all else fails.






    share|improve this answer
































      2














      You've raised this as a concern and have your manager's instructions in writing that you're to code the API as the requirements stand (and against the API's documented guidelines).



      They also have fully indicated their understanding that the code might well break when and if the API is updated to close this vulnerability/backdoor.



      If so, you may as well carry out the instructions and code.



      When and if things go sour, you'll be ready to change that code, so bear this in mind with your intended development path to make the rectification easier in the future.






      share|improve this answer
































        2














        You haven't given enough information in your question to determine whether your boss's request is unethical and/or illegal and/or in breach of their contract/ToS with another party. These are all vastly different matters that you should treat differently.



        If the request is illegal, you should not do it on your employer's behalf, even if you don't think it's particularly unethical. When they're caught, they'll make you the scapegoat. You can refuse to take part (and, depending on jurisdiction, probably have protection if they retaliate against you for this), but you might still find yourself working in a hostile environment, or out of a job if the fallout brings down the company.



        If the request is unethical - for an example fitting your scenario, think of scraping people's photos from social media or personal info from dating profiles in a jurisdiction where doing so isn't illegal - then in my opinion you shouldn't do it, but you might lack protection in your refusal to do so. You should probably consult a lawyer.



        If the request is merely in violation of your employer's contract or terms of service with another party, but not illegal or unethical, then in my opinion there's little reason not to go along with it. You might want to consult a lawyer first and ensure that there could be no cause of action for tortious interference on your part. (Note: IANAL but that's my guess at the most relevant area of law.) But otherwise it's their matter, not yours. For what it's worth, lots of APIs' terms of service are borderline unethical and unenforceable to begin with.






        share|improve this answer
































          0














          I can think of three possible responses:



          1. Challenge: Say, "I need a written and signed order to do this on physical paper before I will do it." Now his claim that it's okay for YOU to do the job runs into his own sense of self-preservation.

          2. Passive: Say, "It's going to take me X months to do that" where X is several times longer than you can really do it. This will be a strong hint to him that he's better off finding someone else to do it.

          3. Direct: Say, "Sorry, but I can't do that. It goes against my beliefs to ignore the terms of use."

          Now any of these options may result in your boss taking action against you. Even if he seems to fully accept your response on day 1, days/weeks later he could start a campaign to harass you.



          Let's say that you don't help the boss do this project but he gets it done anyhow. You're still working at a company that is blatantly going against your ethical standards. How will you feel about that? If you won't feel good then it's may be time to look for another job because most likely the boss is going to get the project done regardless of your involvement.



          Something else for you to consider: Lawyers write the terms but the business and technical people at the other company may be 100% okay with your company doing what your boss wants. If your company is caching data that the API company doesn't sell per request then it's harmless. Although in my experience, someone in tech at your company should discuss with someone technical at the other company before assuming that you'll be able to do business this way since the API can be switched off (deny you access) at any time for any reason typically. And that's probably bad for your business.






          share|improve this answer


































            0














            Do a risk assessment (https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html) with your boss to determine whether violating the terms of the agreement is worth the risk, and identify if there are any alternatives that reduce the risk while achieving the same goal.



            If you approach the problem in this way, there are four possible outcomes:



            1. You and your boss determine an alternative that is lower risk and yields the same result.

            2. You and your boss decide the risk is not worth it and the project does not proceed.

            3. You and your boss determine that the risk is so low you'll do it anyway.

            4. Your boss tells you to shut up and do it. Do a risk assessment to determine if staying in this environment is worth the risk.

            If the result is any other than #4, you'll have demonstrated to your boss that you know the correct way to think about the sorts of problems that upper management contemplates every day.



            Finally, remember most people violate laws every day (jaywalking, speeding, drinking underage, smoking weed, etc. - some of which involve very serious penalties) because they view the risk as worth the reward. Just because someone says to not do something isn't on its own reason enough not to do it - you have to think about the reward vs consequences.



            If you are not violating a government's law (this is not clear from your question), the most likely outcome if the API provider decided you were violating their terms would simply be to cut off access and send you a cease and desist letter. In order for them to go after you/your company in court, they would need to prove to the court damages from your violation, which is likely to be negligible unless you are competing against them in some way.






            share|improve this answer

























            • Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

              – RedSonja
              25 mins ago











            • Violating a contract is not the same as breaking the law.

              – Gregory Currie
              4 mins ago


















            -1















            My boss wants me to develop some software that consumes an external API and stores the received data in our own database.




            Did you (company) reverse engineer the API to get the details/spec for it? Or was there a document given to you/found detailing the API?




            The policy of the external API clearly does not allow this but it would probably never catch someones eye.




            An external API doesn't want external usage? Sounds strange to me. The likelihood of them catching you is irrelevant, if you're breaking their rules you're liable for legal issues. That's a risk any clued-up business would want to avoid.




            My boss knows that it is not allowed but still wants me to implement this feature.




            Don't go to your boss with we aren't allowed, end of story. Go with a solution.



            Get in contact with the API developer/company and ask what their policy is on external usage and persistence of the data. Detail explictly how you intend to fetch the data and where you intend to store it. If they say you aren't allowed, ask if there's a way to purchase a license/API key.



            Take this back to your boss and present it as:




            I got in contact with the developer to avoid potential legal issues for the company regarding the API you asked me to work with. I thought their policy was a little unclear and they got back and cleared us to use it for free/have said we can use it with an API key, but we need to pay X amount per month.




            If they reject the claim and don't allow you to access it, don't then go ahead with it anyway. If you boss is still hounding you to break their policy and implement some functionality to use their API I would considering polishing my CV.






            share|improve this answer




















            • 4





              You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

              – Gregory Currie
              16 hours ago







            • 1





              As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

              – Jay Gould
              16 hours ago






            • 2





              "I was just following orders officer".

              – Jay Gould
              16 hours ago






            • 1





              It's highly unlikely this would be a criminal offense, if that is what you are implying.

              – Gregory Currie
              16 hours ago






            • 1





              @JayGould I never said it wasn't.

              – Gregory Currie
              16 hours ago













            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "423"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: false,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            RolfZ is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f142049%2fboss-wants-me-to-ignore-a-software-api-license-prohibiting-mass-download%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown




















            StackExchange.ready(function ()
            $("#show-editor-button input, #show-editor-button button").click(function ()
            var showEditor = function()
            $("#show-editor-button").hide();
            $("#post-form").removeClass("dno");
            StackExchange.editor.finallyInit();
            ;

            var useFancy = $(this).data('confirm-use-fancy');
            if(useFancy == 'True')
            var popupTitle = $(this).data('confirm-fancy-title');
            var popupBody = $(this).data('confirm-fancy-body');
            var popupAccept = $(this).data('confirm-fancy-accept-button');

            $(this).loadPopup(
            url: '/post/self-answer-popup',
            loaded: function(popup)
            var pTitle = $(popup).find('h2');
            var pBody = $(popup).find('.popup-body');
            var pSubmit = $(popup).find('.popup-submit');

            pTitle.text(popupTitle);
            pBody.html(popupBody);
            pSubmit.val(popupAccept).click(showEditor);

            )
            else
            var confirmText = $(this).data('confirm-text');
            if (confirmText ? confirm(confirmText) : true)
            showEditor();


            );
            );






            8 Answers
            8






            active

            oldest

            votes








            8 Answers
            8






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            31














            Get it in writing. Save a copy of said confirmation away from company hardware.



            Violating software and service licenses are the kind of thing that, if they are caught, can really screw over a company. They will want someone to blame and an unscrupulous windbag will end up deleting any emails on the company servers related to their 'request' and make you their scapegoat.



            Take the initiative and email your boss asking for confirmation, laying out exactly what they asked you to do. BCC a personal email account or save the email to a USB drive (whichever is safer). Ditto with any responses you receive. From there, you can choose to either get in contact with higher ups, Federation Against Software Theft (a piracy resource, but intentional license violations are pretty much treated as this anyway), or the service provider themselves.



            Bear in mind that the first can wind up with you getting punished if the higher ups let your boss know, the second can trigger a witch-hunt (FAST generally do not give information about informants, but if your company are unscrupulous, they WILL be looking for who did what) and the third can lead to wasted work as your company's account gets perma-banned over the infraction soon after the code is up and running.






            share|improve this answer




















            • 5





              Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

              – computercarguy
              7 hours ago






            • 3





              USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

              – Peter
              7 hours ago
















            31














            Get it in writing. Save a copy of said confirmation away from company hardware.



            Violating software and service licenses are the kind of thing that, if they are caught, can really screw over a company. They will want someone to blame and an unscrupulous windbag will end up deleting any emails on the company servers related to their 'request' and make you their scapegoat.



            Take the initiative and email your boss asking for confirmation, laying out exactly what they asked you to do. BCC a personal email account or save the email to a USB drive (whichever is safer). Ditto with any responses you receive. From there, you can choose to either get in contact with higher ups, Federation Against Software Theft (a piracy resource, but intentional license violations are pretty much treated as this anyway), or the service provider themselves.



            Bear in mind that the first can wind up with you getting punished if the higher ups let your boss know, the second can trigger a witch-hunt (FAST generally do not give information about informants, but if your company are unscrupulous, they WILL be looking for who did what) and the third can lead to wasted work as your company's account gets perma-banned over the infraction soon after the code is up and running.






            share|improve this answer




















            • 5





              Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

              – computercarguy
              7 hours ago






            • 3





              USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

              – Peter
              7 hours ago














            31












            31








            31







            Get it in writing. Save a copy of said confirmation away from company hardware.



            Violating software and service licenses are the kind of thing that, if they are caught, can really screw over a company. They will want someone to blame and an unscrupulous windbag will end up deleting any emails on the company servers related to their 'request' and make you their scapegoat.



            Take the initiative and email your boss asking for confirmation, laying out exactly what they asked you to do. BCC a personal email account or save the email to a USB drive (whichever is safer). Ditto with any responses you receive. From there, you can choose to either get in contact with higher ups, Federation Against Software Theft (a piracy resource, but intentional license violations are pretty much treated as this anyway), or the service provider themselves.



            Bear in mind that the first can wind up with you getting punished if the higher ups let your boss know, the second can trigger a witch-hunt (FAST generally do not give information about informants, but if your company are unscrupulous, they WILL be looking for who did what) and the third can lead to wasted work as your company's account gets perma-banned over the infraction soon after the code is up and running.






            share|improve this answer













            Get it in writing. Save a copy of said confirmation away from company hardware.



            Violating software and service licenses are the kind of thing that, if they are caught, can really screw over a company. They will want someone to blame and an unscrupulous windbag will end up deleting any emails on the company servers related to their 'request' and make you their scapegoat.



            Take the initiative and email your boss asking for confirmation, laying out exactly what they asked you to do. BCC a personal email account or save the email to a USB drive (whichever is safer). Ditto with any responses you receive. From there, you can choose to either get in contact with higher ups, Federation Against Software Theft (a piracy resource, but intentional license violations are pretty much treated as this anyway), or the service provider themselves.



            Bear in mind that the first can wind up with you getting punished if the higher ups let your boss know, the second can trigger a witch-hunt (FAST generally do not give information about informants, but if your company are unscrupulous, they WILL be looking for who did what) and the third can lead to wasted work as your company's account gets perma-banned over the infraction soon after the code is up and running.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 16 hours ago









            520520

            6,60710 silver badges32 bronze badges




            6,60710 silver badges32 bronze badges










            • 5





              Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

              – computercarguy
              7 hours ago






            • 3





              USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

              – Peter
              7 hours ago













            • 5





              Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

              – computercarguy
              7 hours ago






            • 3





              USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

              – Peter
              7 hours ago








            5




            5





            Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

            – computercarguy
            7 hours ago





            Some companies don't allow personal USB (or any other) devices to be plugged into their computers, so the OP needs to make sure they aren't violating company policies when they make copies of the paper trail. Emails to a private account might be just as against policy, as well a paper copies removed from company offices. Saving the emails to a backup/archive on their computer's drive might work for hardcore company IP policy. BTW, you might want to add talking to the company's lawyers about copyrights. Having company law backing their refusal to comply with orders is key.

            – computercarguy
            7 hours ago




            3




            3





            USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

            – Peter
            7 hours ago






            USB drives can easily get corrupted or lost. If you get it on a drive, you should still later send it per email to yourself so (1) you can find and access it when you need it and (2) the upload of the file is timestamped by a third party (the email provider). Yet another option is making a photo of the email, which again may or may not be allowed by company policy.

            – Peter
            7 hours ago














            15














            Like anything that touches on ethical considerations, you need to be prepared for the repercussions from your decisions.



            If your company has a legal department, I would consider starting there. What you are doing is a violation of the terms of service of the API and could result in problems for your organization. This can help you get additional eyes on the terms and policies of the API creator to ensure that everyone understands them.



            If your company doesn't have a legal department, what you do is up to you. However, it's widely considered unethical to misuse someone else's API. If your manager refuses to understand the possible implications of this, you have four options. You can either go along with it and you would need to live with your decision, you can refuse and deal with the outcomes which may result in an inability to move up in your organization or even termination, or you can resign and refuse to be part of an unethical organization. Alternatively, you may be able to reach out to the API creator to clarify the terms of service and, if your company is indeed violating them, self-report it - perhaps there's room for agreement, or the API creator can block your company's access to the API.



            At the end of the day, no one should fault you for doing what you need to do. The ethical thing, according to the various software engineering codes of ethics that I'm familiar with, is to ensure that the API isn't misused and you comply with the terms of service. However, if you are relying on this job for money or benefits to support yourself and your family and losing it without something lined up would put you into an unsustainable position, I don't believe that anyone would fault you.






            share|improve this answer





























              15














              Like anything that touches on ethical considerations, you need to be prepared for the repercussions from your decisions.



              If your company has a legal department, I would consider starting there. What you are doing is a violation of the terms of service of the API and could result in problems for your organization. This can help you get additional eyes on the terms and policies of the API creator to ensure that everyone understands them.



              If your company doesn't have a legal department, what you do is up to you. However, it's widely considered unethical to misuse someone else's API. If your manager refuses to understand the possible implications of this, you have four options. You can either go along with it and you would need to live with your decision, you can refuse and deal with the outcomes which may result in an inability to move up in your organization or even termination, or you can resign and refuse to be part of an unethical organization. Alternatively, you may be able to reach out to the API creator to clarify the terms of service and, if your company is indeed violating them, self-report it - perhaps there's room for agreement, or the API creator can block your company's access to the API.



              At the end of the day, no one should fault you for doing what you need to do. The ethical thing, according to the various software engineering codes of ethics that I'm familiar with, is to ensure that the API isn't misused and you comply with the terms of service. However, if you are relying on this job for money or benefits to support yourself and your family and losing it without something lined up would put you into an unsustainable position, I don't believe that anyone would fault you.






              share|improve this answer



























                15












                15








                15







                Like anything that touches on ethical considerations, you need to be prepared for the repercussions from your decisions.



                If your company has a legal department, I would consider starting there. What you are doing is a violation of the terms of service of the API and could result in problems for your organization. This can help you get additional eyes on the terms and policies of the API creator to ensure that everyone understands them.



                If your company doesn't have a legal department, what you do is up to you. However, it's widely considered unethical to misuse someone else's API. If your manager refuses to understand the possible implications of this, you have four options. You can either go along with it and you would need to live with your decision, you can refuse and deal with the outcomes which may result in an inability to move up in your organization or even termination, or you can resign and refuse to be part of an unethical organization. Alternatively, you may be able to reach out to the API creator to clarify the terms of service and, if your company is indeed violating them, self-report it - perhaps there's room for agreement, or the API creator can block your company's access to the API.



                At the end of the day, no one should fault you for doing what you need to do. The ethical thing, according to the various software engineering codes of ethics that I'm familiar with, is to ensure that the API isn't misused and you comply with the terms of service. However, if you are relying on this job for money or benefits to support yourself and your family and losing it without something lined up would put you into an unsustainable position, I don't believe that anyone would fault you.






                share|improve this answer













                Like anything that touches on ethical considerations, you need to be prepared for the repercussions from your decisions.



                If your company has a legal department, I would consider starting there. What you are doing is a violation of the terms of service of the API and could result in problems for your organization. This can help you get additional eyes on the terms and policies of the API creator to ensure that everyone understands them.



                If your company doesn't have a legal department, what you do is up to you. However, it's widely considered unethical to misuse someone else's API. If your manager refuses to understand the possible implications of this, you have four options. You can either go along with it and you would need to live with your decision, you can refuse and deal with the outcomes which may result in an inability to move up in your organization or even termination, or you can resign and refuse to be part of an unethical organization. Alternatively, you may be able to reach out to the API creator to clarify the terms of service and, if your company is indeed violating them, self-report it - perhaps there's room for agreement, or the API creator can block your company's access to the API.



                At the end of the day, no one should fault you for doing what you need to do. The ethical thing, according to the various software engineering codes of ethics that I'm familiar with, is to ensure that the API isn't misused and you comply with the terms of service. However, if you are relying on this job for money or benefits to support yourself and your family and losing it without something lined up would put you into an unsustainable position, I don't believe that anyone would fault you.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 16 hours ago









                Thomas OwensThomas Owens

                14.3k5 gold badges56 silver badges75 bronze badges




                14.3k5 gold badges56 silver badges75 bronze badges
























                    5














                    It comes down to your personal convictions.



                    From what I understand the misuse of the API does not appear to be a criminal offense (please don't just take my word for it, get legal advice to be sure). However, make sure that the collection and storage of data that your software is performing is legal. In Europe there are strict data privacy laws (GDPR), especially when it come to collecting data on people. The policy of the API may very well be to prevent the illegal collection of data.



                    People have different personal convictions and some are more ethical than others. As long as the data being collected is legal, you will have a hard time convincing your boss to take the route that you see as ethical. You have to realize that, depending on their culture and personal convictions, your boss might not view the misuse of an API as something unethical.



                    As I see it you have a few options:



                    1. You can obey your boss and use the API against its policy. Be aware that this is not likely to be a one time thing and more requests like this are likely to come in the future. The more of them you say yes to the harder it gets to say no down the line.


                    2. You can refuse to use the API against it's policy. This will likely not sit well with your boss, with the extreme case being that you might lose your job.


                    3. You can suggest an alternative solution. It probably requires some creativity but you might even find an API where it's not against their policy to implement it in the way your boss is asking of you. This has the potential of not upsetting your boss (too much) while allowing you to stick to your convictions.


                    In your case I would suggest giving all you have to make option 3 work, only resorting to 1 or 2 if all else fails.






                    share|improve this answer





























                      5














                      It comes down to your personal convictions.



                      From what I understand the misuse of the API does not appear to be a criminal offense (please don't just take my word for it, get legal advice to be sure). However, make sure that the collection and storage of data that your software is performing is legal. In Europe there are strict data privacy laws (GDPR), especially when it come to collecting data on people. The policy of the API may very well be to prevent the illegal collection of data.



                      People have different personal convictions and some are more ethical than others. As long as the data being collected is legal, you will have a hard time convincing your boss to take the route that you see as ethical. You have to realize that, depending on their culture and personal convictions, your boss might not view the misuse of an API as something unethical.



                      As I see it you have a few options:



                      1. You can obey your boss and use the API against its policy. Be aware that this is not likely to be a one time thing and more requests like this are likely to come in the future. The more of them you say yes to the harder it gets to say no down the line.


                      2. You can refuse to use the API against it's policy. This will likely not sit well with your boss, with the extreme case being that you might lose your job.


                      3. You can suggest an alternative solution. It probably requires some creativity but you might even find an API where it's not against their policy to implement it in the way your boss is asking of you. This has the potential of not upsetting your boss (too much) while allowing you to stick to your convictions.


                      In your case I would suggest giving all you have to make option 3 work, only resorting to 1 or 2 if all else fails.






                      share|improve this answer



























                        5












                        5








                        5







                        It comes down to your personal convictions.



                        From what I understand the misuse of the API does not appear to be a criminal offense (please don't just take my word for it, get legal advice to be sure). However, make sure that the collection and storage of data that your software is performing is legal. In Europe there are strict data privacy laws (GDPR), especially when it come to collecting data on people. The policy of the API may very well be to prevent the illegal collection of data.



                        People have different personal convictions and some are more ethical than others. As long as the data being collected is legal, you will have a hard time convincing your boss to take the route that you see as ethical. You have to realize that, depending on their culture and personal convictions, your boss might not view the misuse of an API as something unethical.



                        As I see it you have a few options:



                        1. You can obey your boss and use the API against its policy. Be aware that this is not likely to be a one time thing and more requests like this are likely to come in the future. The more of them you say yes to the harder it gets to say no down the line.


                        2. You can refuse to use the API against it's policy. This will likely not sit well with your boss, with the extreme case being that you might lose your job.


                        3. You can suggest an alternative solution. It probably requires some creativity but you might even find an API where it's not against their policy to implement it in the way your boss is asking of you. This has the potential of not upsetting your boss (too much) while allowing you to stick to your convictions.


                        In your case I would suggest giving all you have to make option 3 work, only resorting to 1 or 2 if all else fails.






                        share|improve this answer













                        It comes down to your personal convictions.



                        From what I understand the misuse of the API does not appear to be a criminal offense (please don't just take my word for it, get legal advice to be sure). However, make sure that the collection and storage of data that your software is performing is legal. In Europe there are strict data privacy laws (GDPR), especially when it come to collecting data on people. The policy of the API may very well be to prevent the illegal collection of data.



                        People have different personal convictions and some are more ethical than others. As long as the data being collected is legal, you will have a hard time convincing your boss to take the route that you see as ethical. You have to realize that, depending on their culture and personal convictions, your boss might not view the misuse of an API as something unethical.



                        As I see it you have a few options:



                        1. You can obey your boss and use the API against its policy. Be aware that this is not likely to be a one time thing and more requests like this are likely to come in the future. The more of them you say yes to the harder it gets to say no down the line.


                        2. You can refuse to use the API against it's policy. This will likely not sit well with your boss, with the extreme case being that you might lose your job.


                        3. You can suggest an alternative solution. It probably requires some creativity but you might even find an API where it's not against their policy to implement it in the way your boss is asking of you. This has the potential of not upsetting your boss (too much) while allowing you to stick to your convictions.


                        In your case I would suggest giving all you have to make option 3 work, only resorting to 1 or 2 if all else fails.







                        share|improve this answer












                        share|improve this answer



                        share|improve this answer










                        answered 14 hours ago









                        IsakIsak

                        1,1032 gold badges6 silver badges13 bronze badges




                        1,1032 gold badges6 silver badges13 bronze badges
























                            2














                            You've raised this as a concern and have your manager's instructions in writing that you're to code the API as the requirements stand (and against the API's documented guidelines).



                            They also have fully indicated their understanding that the code might well break when and if the API is updated to close this vulnerability/backdoor.



                            If so, you may as well carry out the instructions and code.



                            When and if things go sour, you'll be ready to change that code, so bear this in mind with your intended development path to make the rectification easier in the future.






                            share|improve this answer





























                              2














                              You've raised this as a concern and have your manager's instructions in writing that you're to code the API as the requirements stand (and against the API's documented guidelines).



                              They also have fully indicated their understanding that the code might well break when and if the API is updated to close this vulnerability/backdoor.



                              If so, you may as well carry out the instructions and code.



                              When and if things go sour, you'll be ready to change that code, so bear this in mind with your intended development path to make the rectification easier in the future.






                              share|improve this answer



























                                2












                                2








                                2







                                You've raised this as a concern and have your manager's instructions in writing that you're to code the API as the requirements stand (and against the API's documented guidelines).



                                They also have fully indicated their understanding that the code might well break when and if the API is updated to close this vulnerability/backdoor.



                                If so, you may as well carry out the instructions and code.



                                When and if things go sour, you'll be ready to change that code, so bear this in mind with your intended development path to make the rectification easier in the future.






                                share|improve this answer













                                You've raised this as a concern and have your manager's instructions in writing that you're to code the API as the requirements stand (and against the API's documented guidelines).



                                They also have fully indicated their understanding that the code might well break when and if the API is updated to close this vulnerability/backdoor.



                                If so, you may as well carry out the instructions and code.



                                When and if things go sour, you'll be ready to change that code, so bear this in mind with your intended development path to make the rectification easier in the future.







                                share|improve this answer












                                share|improve this answer



                                share|improve this answer










                                answered 16 hours ago









                                SnowSnow

                                69.4k57 gold badges227 silver badges276 bronze badges




                                69.4k57 gold badges227 silver badges276 bronze badges
























                                    2














                                    You haven't given enough information in your question to determine whether your boss's request is unethical and/or illegal and/or in breach of their contract/ToS with another party. These are all vastly different matters that you should treat differently.



                                    If the request is illegal, you should not do it on your employer's behalf, even if you don't think it's particularly unethical. When they're caught, they'll make you the scapegoat. You can refuse to take part (and, depending on jurisdiction, probably have protection if they retaliate against you for this), but you might still find yourself working in a hostile environment, or out of a job if the fallout brings down the company.



                                    If the request is unethical - for an example fitting your scenario, think of scraping people's photos from social media or personal info from dating profiles in a jurisdiction where doing so isn't illegal - then in my opinion you shouldn't do it, but you might lack protection in your refusal to do so. You should probably consult a lawyer.



                                    If the request is merely in violation of your employer's contract or terms of service with another party, but not illegal or unethical, then in my opinion there's little reason not to go along with it. You might want to consult a lawyer first and ensure that there could be no cause of action for tortious interference on your part. (Note: IANAL but that's my guess at the most relevant area of law.) But otherwise it's their matter, not yours. For what it's worth, lots of APIs' terms of service are borderline unethical and unenforceable to begin with.






                                    share|improve this answer





























                                      2














                                      You haven't given enough information in your question to determine whether your boss's request is unethical and/or illegal and/or in breach of their contract/ToS with another party. These are all vastly different matters that you should treat differently.



                                      If the request is illegal, you should not do it on your employer's behalf, even if you don't think it's particularly unethical. When they're caught, they'll make you the scapegoat. You can refuse to take part (and, depending on jurisdiction, probably have protection if they retaliate against you for this), but you might still find yourself working in a hostile environment, or out of a job if the fallout brings down the company.



                                      If the request is unethical - for an example fitting your scenario, think of scraping people's photos from social media or personal info from dating profiles in a jurisdiction where doing so isn't illegal - then in my opinion you shouldn't do it, but you might lack protection in your refusal to do so. You should probably consult a lawyer.



                                      If the request is merely in violation of your employer's contract or terms of service with another party, but not illegal or unethical, then in my opinion there's little reason not to go along with it. You might want to consult a lawyer first and ensure that there could be no cause of action for tortious interference on your part. (Note: IANAL but that's my guess at the most relevant area of law.) But otherwise it's their matter, not yours. For what it's worth, lots of APIs' terms of service are borderline unethical and unenforceable to begin with.






                                      share|improve this answer



























                                        2












                                        2








                                        2







                                        You haven't given enough information in your question to determine whether your boss's request is unethical and/or illegal and/or in breach of their contract/ToS with another party. These are all vastly different matters that you should treat differently.



                                        If the request is illegal, you should not do it on your employer's behalf, even if you don't think it's particularly unethical. When they're caught, they'll make you the scapegoat. You can refuse to take part (and, depending on jurisdiction, probably have protection if they retaliate against you for this), but you might still find yourself working in a hostile environment, or out of a job if the fallout brings down the company.



                                        If the request is unethical - for an example fitting your scenario, think of scraping people's photos from social media or personal info from dating profiles in a jurisdiction where doing so isn't illegal - then in my opinion you shouldn't do it, but you might lack protection in your refusal to do so. You should probably consult a lawyer.



                                        If the request is merely in violation of your employer's contract or terms of service with another party, but not illegal or unethical, then in my opinion there's little reason not to go along with it. You might want to consult a lawyer first and ensure that there could be no cause of action for tortious interference on your part. (Note: IANAL but that's my guess at the most relevant area of law.) But otherwise it's their matter, not yours. For what it's worth, lots of APIs' terms of service are borderline unethical and unenforceable to begin with.






                                        share|improve this answer













                                        You haven't given enough information in your question to determine whether your boss's request is unethical and/or illegal and/or in breach of their contract/ToS with another party. These are all vastly different matters that you should treat differently.



                                        If the request is illegal, you should not do it on your employer's behalf, even if you don't think it's particularly unethical. When they're caught, they'll make you the scapegoat. You can refuse to take part (and, depending on jurisdiction, probably have protection if they retaliate against you for this), but you might still find yourself working in a hostile environment, or out of a job if the fallout brings down the company.



                                        If the request is unethical - for an example fitting your scenario, think of scraping people's photos from social media or personal info from dating profiles in a jurisdiction where doing so isn't illegal - then in my opinion you shouldn't do it, but you might lack protection in your refusal to do so. You should probably consult a lawyer.



                                        If the request is merely in violation of your employer's contract or terms of service with another party, but not illegal or unethical, then in my opinion there's little reason not to go along with it. You might want to consult a lawyer first and ensure that there could be no cause of action for tortious interference on your part. (Note: IANAL but that's my guess at the most relevant area of law.) But otherwise it's their matter, not yours. For what it's worth, lots of APIs' terms of service are borderline unethical and unenforceable to begin with.







                                        share|improve this answer












                                        share|improve this answer



                                        share|improve this answer










                                        answered 8 hours ago









                                        R..R..

                                        1,66310 silver badges23 bronze badges




                                        1,66310 silver badges23 bronze badges
























                                            0














                                            I can think of three possible responses:



                                            1. Challenge: Say, "I need a written and signed order to do this on physical paper before I will do it." Now his claim that it's okay for YOU to do the job runs into his own sense of self-preservation.

                                            2. Passive: Say, "It's going to take me X months to do that" where X is several times longer than you can really do it. This will be a strong hint to him that he's better off finding someone else to do it.

                                            3. Direct: Say, "Sorry, but I can't do that. It goes against my beliefs to ignore the terms of use."

                                            Now any of these options may result in your boss taking action against you. Even if he seems to fully accept your response on day 1, days/weeks later he could start a campaign to harass you.



                                            Let's say that you don't help the boss do this project but he gets it done anyhow. You're still working at a company that is blatantly going against your ethical standards. How will you feel about that? If you won't feel good then it's may be time to look for another job because most likely the boss is going to get the project done regardless of your involvement.



                                            Something else for you to consider: Lawyers write the terms but the business and technical people at the other company may be 100% okay with your company doing what your boss wants. If your company is caching data that the API company doesn't sell per request then it's harmless. Although in my experience, someone in tech at your company should discuss with someone technical at the other company before assuming that you'll be able to do business this way since the API can be switched off (deny you access) at any time for any reason typically. And that's probably bad for your business.






                                            share|improve this answer































                                              0














                                              I can think of three possible responses:



                                              1. Challenge: Say, "I need a written and signed order to do this on physical paper before I will do it." Now his claim that it's okay for YOU to do the job runs into his own sense of self-preservation.

                                              2. Passive: Say, "It's going to take me X months to do that" where X is several times longer than you can really do it. This will be a strong hint to him that he's better off finding someone else to do it.

                                              3. Direct: Say, "Sorry, but I can't do that. It goes against my beliefs to ignore the terms of use."

                                              Now any of these options may result in your boss taking action against you. Even if he seems to fully accept your response on day 1, days/weeks later he could start a campaign to harass you.



                                              Let's say that you don't help the boss do this project but he gets it done anyhow. You're still working at a company that is blatantly going against your ethical standards. How will you feel about that? If you won't feel good then it's may be time to look for another job because most likely the boss is going to get the project done regardless of your involvement.



                                              Something else for you to consider: Lawyers write the terms but the business and technical people at the other company may be 100% okay with your company doing what your boss wants. If your company is caching data that the API company doesn't sell per request then it's harmless. Although in my experience, someone in tech at your company should discuss with someone technical at the other company before assuming that you'll be able to do business this way since the API can be switched off (deny you access) at any time for any reason typically. And that's probably bad for your business.






                                              share|improve this answer





























                                                0












                                                0








                                                0







                                                I can think of three possible responses:



                                                1. Challenge: Say, "I need a written and signed order to do this on physical paper before I will do it." Now his claim that it's okay for YOU to do the job runs into his own sense of self-preservation.

                                                2. Passive: Say, "It's going to take me X months to do that" where X is several times longer than you can really do it. This will be a strong hint to him that he's better off finding someone else to do it.

                                                3. Direct: Say, "Sorry, but I can't do that. It goes against my beliefs to ignore the terms of use."

                                                Now any of these options may result in your boss taking action against you. Even if he seems to fully accept your response on day 1, days/weeks later he could start a campaign to harass you.



                                                Let's say that you don't help the boss do this project but he gets it done anyhow. You're still working at a company that is blatantly going against your ethical standards. How will you feel about that? If you won't feel good then it's may be time to look for another job because most likely the boss is going to get the project done regardless of your involvement.



                                                Something else for you to consider: Lawyers write the terms but the business and technical people at the other company may be 100% okay with your company doing what your boss wants. If your company is caching data that the API company doesn't sell per request then it's harmless. Although in my experience, someone in tech at your company should discuss with someone technical at the other company before assuming that you'll be able to do business this way since the API can be switched off (deny you access) at any time for any reason typically. And that's probably bad for your business.






                                                share|improve this answer















                                                I can think of three possible responses:



                                                1. Challenge: Say, "I need a written and signed order to do this on physical paper before I will do it." Now his claim that it's okay for YOU to do the job runs into his own sense of self-preservation.

                                                2. Passive: Say, "It's going to take me X months to do that" where X is several times longer than you can really do it. This will be a strong hint to him that he's better off finding someone else to do it.

                                                3. Direct: Say, "Sorry, but I can't do that. It goes against my beliefs to ignore the terms of use."

                                                Now any of these options may result in your boss taking action against you. Even if he seems to fully accept your response on day 1, days/weeks later he could start a campaign to harass you.



                                                Let's say that you don't help the boss do this project but he gets it done anyhow. You're still working at a company that is blatantly going against your ethical standards. How will you feel about that? If you won't feel good then it's may be time to look for another job because most likely the boss is going to get the project done regardless of your involvement.



                                                Something else for you to consider: Lawyers write the terms but the business and technical people at the other company may be 100% okay with your company doing what your boss wants. If your company is caching data that the API company doesn't sell per request then it's harmless. Although in my experience, someone in tech at your company should discuss with someone technical at the other company before assuming that you'll be able to do business this way since the API can be switched off (deny you access) at any time for any reason typically. And that's probably bad for your business.







                                                share|improve this answer














                                                share|improve this answer



                                                share|improve this answer








                                                edited 12 hours ago

























                                                answered 13 hours ago









                                                HenryMHenryM

                                                1,0883 silver badges9 bronze badges




                                                1,0883 silver badges9 bronze badges
























                                                    0














                                                    Do a risk assessment (https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html) with your boss to determine whether violating the terms of the agreement is worth the risk, and identify if there are any alternatives that reduce the risk while achieving the same goal.



                                                    If you approach the problem in this way, there are four possible outcomes:



                                                    1. You and your boss determine an alternative that is lower risk and yields the same result.

                                                    2. You and your boss decide the risk is not worth it and the project does not proceed.

                                                    3. You and your boss determine that the risk is so low you'll do it anyway.

                                                    4. Your boss tells you to shut up and do it. Do a risk assessment to determine if staying in this environment is worth the risk.

                                                    If the result is any other than #4, you'll have demonstrated to your boss that you know the correct way to think about the sorts of problems that upper management contemplates every day.



                                                    Finally, remember most people violate laws every day (jaywalking, speeding, drinking underage, smoking weed, etc. - some of which involve very serious penalties) because they view the risk as worth the reward. Just because someone says to not do something isn't on its own reason enough not to do it - you have to think about the reward vs consequences.



                                                    If you are not violating a government's law (this is not clear from your question), the most likely outcome if the API provider decided you were violating their terms would simply be to cut off access and send you a cease and desist letter. In order for them to go after you/your company in court, they would need to prove to the court damages from your violation, which is likely to be negligible unless you are competing against them in some way.






                                                    share|improve this answer

























                                                    • Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

                                                      – RedSonja
                                                      25 mins ago











                                                    • Violating a contract is not the same as breaking the law.

                                                      – Gregory Currie
                                                      4 mins ago















                                                    0














                                                    Do a risk assessment (https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html) with your boss to determine whether violating the terms of the agreement is worth the risk, and identify if there are any alternatives that reduce the risk while achieving the same goal.



                                                    If you approach the problem in this way, there are four possible outcomes:



                                                    1. You and your boss determine an alternative that is lower risk and yields the same result.

                                                    2. You and your boss decide the risk is not worth it and the project does not proceed.

                                                    3. You and your boss determine that the risk is so low you'll do it anyway.

                                                    4. Your boss tells you to shut up and do it. Do a risk assessment to determine if staying in this environment is worth the risk.

                                                    If the result is any other than #4, you'll have demonstrated to your boss that you know the correct way to think about the sorts of problems that upper management contemplates every day.



                                                    Finally, remember most people violate laws every day (jaywalking, speeding, drinking underage, smoking weed, etc. - some of which involve very serious penalties) because they view the risk as worth the reward. Just because someone says to not do something isn't on its own reason enough not to do it - you have to think about the reward vs consequences.



                                                    If you are not violating a government's law (this is not clear from your question), the most likely outcome if the API provider decided you were violating their terms would simply be to cut off access and send you a cease and desist letter. In order for them to go after you/your company in court, they would need to prove to the court damages from your violation, which is likely to be negligible unless you are competing against them in some way.






                                                    share|improve this answer

























                                                    • Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

                                                      – RedSonja
                                                      25 mins ago











                                                    • Violating a contract is not the same as breaking the law.

                                                      – Gregory Currie
                                                      4 mins ago













                                                    0












                                                    0








                                                    0







                                                    Do a risk assessment (https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html) with your boss to determine whether violating the terms of the agreement is worth the risk, and identify if there are any alternatives that reduce the risk while achieving the same goal.



                                                    If you approach the problem in this way, there are four possible outcomes:



                                                    1. You and your boss determine an alternative that is lower risk and yields the same result.

                                                    2. You and your boss decide the risk is not worth it and the project does not proceed.

                                                    3. You and your boss determine that the risk is so low you'll do it anyway.

                                                    4. Your boss tells you to shut up and do it. Do a risk assessment to determine if staying in this environment is worth the risk.

                                                    If the result is any other than #4, you'll have demonstrated to your boss that you know the correct way to think about the sorts of problems that upper management contemplates every day.



                                                    Finally, remember most people violate laws every day (jaywalking, speeding, drinking underage, smoking weed, etc. - some of which involve very serious penalties) because they view the risk as worth the reward. Just because someone says to not do something isn't on its own reason enough not to do it - you have to think about the reward vs consequences.



                                                    If you are not violating a government's law (this is not clear from your question), the most likely outcome if the API provider decided you were violating their terms would simply be to cut off access and send you a cease and desist letter. In order for them to go after you/your company in court, they would need to prove to the court damages from your violation, which is likely to be negligible unless you are competing against them in some way.






                                                    share|improve this answer













                                                    Do a risk assessment (https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html) with your boss to determine whether violating the terms of the agreement is worth the risk, and identify if there are any alternatives that reduce the risk while achieving the same goal.



                                                    If you approach the problem in this way, there are four possible outcomes:



                                                    1. You and your boss determine an alternative that is lower risk and yields the same result.

                                                    2. You and your boss decide the risk is not worth it and the project does not proceed.

                                                    3. You and your boss determine that the risk is so low you'll do it anyway.

                                                    4. Your boss tells you to shut up and do it. Do a risk assessment to determine if staying in this environment is worth the risk.

                                                    If the result is any other than #4, you'll have demonstrated to your boss that you know the correct way to think about the sorts of problems that upper management contemplates every day.



                                                    Finally, remember most people violate laws every day (jaywalking, speeding, drinking underage, smoking weed, etc. - some of which involve very serious penalties) because they view the risk as worth the reward. Just because someone says to not do something isn't on its own reason enough not to do it - you have to think about the reward vs consequences.



                                                    If you are not violating a government's law (this is not clear from your question), the most likely outcome if the API provider decided you were violating their terms would simply be to cut off access and send you a cease and desist letter. In order for them to go after you/your company in court, they would need to prove to the court damages from your violation, which is likely to be negligible unless you are competing against them in some way.







                                                    share|improve this answer












                                                    share|improve this answer



                                                    share|improve this answer










                                                    answered 6 hours ago









                                                    MineRMineR

                                                    5562 silver badges6 bronze badges




                                                    5562 silver badges6 bronze badges















                                                    • Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

                                                      – RedSonja
                                                      25 mins ago











                                                    • Violating a contract is not the same as breaking the law.

                                                      – Gregory Currie
                                                      4 mins ago

















                                                    • Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

                                                      – RedSonja
                                                      25 mins ago











                                                    • Violating a contract is not the same as breaking the law.

                                                      – Gregory Currie
                                                      4 mins ago
















                                                    Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

                                                    – RedSonja
                                                    25 mins ago





                                                    Break the law because other people break other laws all the time? Not a good excuse. Would definitely not stand up in court.

                                                    – RedSonja
                                                    25 mins ago













                                                    Violating a contract is not the same as breaking the law.

                                                    – Gregory Currie
                                                    4 mins ago





                                                    Violating a contract is not the same as breaking the law.

                                                    – Gregory Currie
                                                    4 mins ago











                                                    -1















                                                    My boss wants me to develop some software that consumes an external API and stores the received data in our own database.




                                                    Did you (company) reverse engineer the API to get the details/spec for it? Or was there a document given to you/found detailing the API?




                                                    The policy of the external API clearly does not allow this but it would probably never catch someones eye.




                                                    An external API doesn't want external usage? Sounds strange to me. The likelihood of them catching you is irrelevant, if you're breaking their rules you're liable for legal issues. That's a risk any clued-up business would want to avoid.




                                                    My boss knows that it is not allowed but still wants me to implement this feature.




                                                    Don't go to your boss with we aren't allowed, end of story. Go with a solution.



                                                    Get in contact with the API developer/company and ask what their policy is on external usage and persistence of the data. Detail explictly how you intend to fetch the data and where you intend to store it. If they say you aren't allowed, ask if there's a way to purchase a license/API key.



                                                    Take this back to your boss and present it as:




                                                    I got in contact with the developer to avoid potential legal issues for the company regarding the API you asked me to work with. I thought their policy was a little unclear and they got back and cleared us to use it for free/have said we can use it with an API key, but we need to pay X amount per month.




                                                    If they reject the claim and don't allow you to access it, don't then go ahead with it anyway. If you boss is still hounding you to break their policy and implement some functionality to use their API I would considering polishing my CV.






                                                    share|improve this answer




















                                                    • 4





                                                      You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

                                                      – Gregory Currie
                                                      16 hours ago







                                                    • 1





                                                      As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 2





                                                      "I was just following orders officer".

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 1





                                                      It's highly unlikely this would be a criminal offense, if that is what you are implying.

                                                      – Gregory Currie
                                                      16 hours ago






                                                    • 1





                                                      @JayGould I never said it wasn't.

                                                      – Gregory Currie
                                                      16 hours ago















                                                    -1















                                                    My boss wants me to develop some software that consumes an external API and stores the received data in our own database.




                                                    Did you (company) reverse engineer the API to get the details/spec for it? Or was there a document given to you/found detailing the API?




                                                    The policy of the external API clearly does not allow this but it would probably never catch someones eye.




                                                    An external API doesn't want external usage? Sounds strange to me. The likelihood of them catching you is irrelevant, if you're breaking their rules you're liable for legal issues. That's a risk any clued-up business would want to avoid.




                                                    My boss knows that it is not allowed but still wants me to implement this feature.




                                                    Don't go to your boss with we aren't allowed, end of story. Go with a solution.



                                                    Get in contact with the API developer/company and ask what their policy is on external usage and persistence of the data. Detail explictly how you intend to fetch the data and where you intend to store it. If they say you aren't allowed, ask if there's a way to purchase a license/API key.



                                                    Take this back to your boss and present it as:




                                                    I got in contact with the developer to avoid potential legal issues for the company regarding the API you asked me to work with. I thought their policy was a little unclear and they got back and cleared us to use it for free/have said we can use it with an API key, but we need to pay X amount per month.




                                                    If they reject the claim and don't allow you to access it, don't then go ahead with it anyway. If you boss is still hounding you to break their policy and implement some functionality to use their API I would considering polishing my CV.






                                                    share|improve this answer




















                                                    • 4





                                                      You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

                                                      – Gregory Currie
                                                      16 hours ago







                                                    • 1





                                                      As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 2





                                                      "I was just following orders officer".

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 1





                                                      It's highly unlikely this would be a criminal offense, if that is what you are implying.

                                                      – Gregory Currie
                                                      16 hours ago






                                                    • 1





                                                      @JayGould I never said it wasn't.

                                                      – Gregory Currie
                                                      16 hours ago













                                                    -1












                                                    -1








                                                    -1








                                                    My boss wants me to develop some software that consumes an external API and stores the received data in our own database.




                                                    Did you (company) reverse engineer the API to get the details/spec for it? Or was there a document given to you/found detailing the API?




                                                    The policy of the external API clearly does not allow this but it would probably never catch someones eye.




                                                    An external API doesn't want external usage? Sounds strange to me. The likelihood of them catching you is irrelevant, if you're breaking their rules you're liable for legal issues. That's a risk any clued-up business would want to avoid.




                                                    My boss knows that it is not allowed but still wants me to implement this feature.




                                                    Don't go to your boss with we aren't allowed, end of story. Go with a solution.



                                                    Get in contact with the API developer/company and ask what their policy is on external usage and persistence of the data. Detail explictly how you intend to fetch the data and where you intend to store it. If they say you aren't allowed, ask if there's a way to purchase a license/API key.



                                                    Take this back to your boss and present it as:




                                                    I got in contact with the developer to avoid potential legal issues for the company regarding the API you asked me to work with. I thought their policy was a little unclear and they got back and cleared us to use it for free/have said we can use it with an API key, but we need to pay X amount per month.




                                                    If they reject the claim and don't allow you to access it, don't then go ahead with it anyway. If you boss is still hounding you to break their policy and implement some functionality to use their API I would considering polishing my CV.






                                                    share|improve this answer














                                                    My boss wants me to develop some software that consumes an external API and stores the received data in our own database.




                                                    Did you (company) reverse engineer the API to get the details/spec for it? Or was there a document given to you/found detailing the API?




                                                    The policy of the external API clearly does not allow this but it would probably never catch someones eye.




                                                    An external API doesn't want external usage? Sounds strange to me. The likelihood of them catching you is irrelevant, if you're breaking their rules you're liable for legal issues. That's a risk any clued-up business would want to avoid.




                                                    My boss knows that it is not allowed but still wants me to implement this feature.




                                                    Don't go to your boss with we aren't allowed, end of story. Go with a solution.



                                                    Get in contact with the API developer/company and ask what their policy is on external usage and persistence of the data. Detail explictly how you intend to fetch the data and where you intend to store it. If they say you aren't allowed, ask if there's a way to purchase a license/API key.



                                                    Take this back to your boss and present it as:




                                                    I got in contact with the developer to avoid potential legal issues for the company regarding the API you asked me to work with. I thought their policy was a little unclear and they got back and cleared us to use it for free/have said we can use it with an API key, but we need to pay X amount per month.




                                                    If they reject the claim and don't allow you to access it, don't then go ahead with it anyway. If you boss is still hounding you to break their policy and implement some functionality to use their API I would considering polishing my CV.







                                                    share|improve this answer












                                                    share|improve this answer



                                                    share|improve this answer










                                                    answered 16 hours ago









                                                    Jay GouldJay Gould

                                                    2,4292 gold badges6 silver badges16 bronze badges




                                                    2,4292 gold badges6 silver badges16 bronze badges










                                                    • 4





                                                      You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

                                                      – Gregory Currie
                                                      16 hours ago







                                                    • 1





                                                      As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 2





                                                      "I was just following orders officer".

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 1





                                                      It's highly unlikely this would be a criminal offense, if that is what you are implying.

                                                      – Gregory Currie
                                                      16 hours ago






                                                    • 1





                                                      @JayGould I never said it wasn't.

                                                      – Gregory Currie
                                                      16 hours ago












                                                    • 4





                                                      You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

                                                      – Gregory Currie
                                                      16 hours ago







                                                    • 1





                                                      As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 2





                                                      "I was just following orders officer".

                                                      – Jay Gould
                                                      16 hours ago






                                                    • 1





                                                      It's highly unlikely this would be a criminal offense, if that is what you are implying.

                                                      – Gregory Currie
                                                      16 hours ago






                                                    • 1





                                                      @JayGould I never said it wasn't.

                                                      – Gregory Currie
                                                      16 hours ago







                                                    4




                                                    4





                                                    You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

                                                    – Gregory Currie
                                                    16 hours ago






                                                    You want the OP to get in touch with them, behind the OP's back, and for the OP to detail to them how they intend to use the API in breach of the licence. Are you trying to get the OP fired?

                                                    – Gregory Currie
                                                    16 hours ago





                                                    1




                                                    1





                                                    As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

                                                    – Jay Gould
                                                    16 hours ago





                                                    As opposed to just doing it anyway, because the boss said so? I'd much rather approach the devs and say what we're intending to do, does this line up with your policy, and if not can we make it so it does?

                                                    – Jay Gould
                                                    16 hours ago




                                                    2




                                                    2





                                                    "I was just following orders officer".

                                                    – Jay Gould
                                                    16 hours ago





                                                    "I was just following orders officer".

                                                    – Jay Gould
                                                    16 hours ago




                                                    1




                                                    1





                                                    It's highly unlikely this would be a criminal offense, if that is what you are implying.

                                                    – Gregory Currie
                                                    16 hours ago





                                                    It's highly unlikely this would be a criminal offense, if that is what you are implying.

                                                    – Gregory Currie
                                                    16 hours ago




                                                    1




                                                    1





                                                    @JayGould I never said it wasn't.

                                                    – Gregory Currie
                                                    16 hours ago





                                                    @JayGould I never said it wasn't.

                                                    – Gregory Currie
                                                    16 hours ago










                                                    RolfZ is a new contributor. Be nice, and check out our Code of Conduct.









                                                    draft saved

                                                    draft discarded


















                                                    RolfZ is a new contributor. Be nice, and check out our Code of Conduct.












                                                    RolfZ is a new contributor. Be nice, and check out our Code of Conduct.











                                                    RolfZ is a new contributor. Be nice, and check out our Code of Conduct.














                                                    Thanks for contributing an answer to The Workplace Stack Exchange!


                                                    • Please be sure to answer the question. Provide details and share your research!

                                                    But avoid


                                                    • Asking for help, clarification, or responding to other answers.

                                                    • Making statements based on opinion; back them up with references or personal experience.

                                                    To learn more, see our tips on writing great answers.




                                                    draft saved


                                                    draft discarded














                                                    StackExchange.ready(
                                                    function ()
                                                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f142049%2fboss-wants-me-to-ignore-a-software-api-license-prohibiting-mass-download%23new-answer', 'question_page');

                                                    );

                                                    Post as a guest















                                                    Required, but never shown





















































                                                    Required, but never shown














                                                    Required, but never shown












                                                    Required, but never shown







                                                    Required, but never shown

































                                                    Required, but never shown














                                                    Required, but never shown












                                                    Required, but never shown







                                                    Required, but never shown











                                                    Popular posts from this blog

                                                    Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                                                    Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                                                    199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單