• Article

{ End Bracket }

Legal Doesn’t Think the Way You Do

Don McGowan

If you develop software for a large company, you've undoubtedly experienced the joys of dealing with "Legal." The meetings, the endless explanations, the long waits. I'm here to report from the other side. No, I'm not going to apologize or make excuses either for myself or my colleagues, but if I tell you what's in our heads, maybe you can address some issues in advance, and maybe you can avoid dealing with us at all. (And if you don't have a Legal department, you might think it's time to stop reading. Nothing could be further from the truth. Fact is, everyone has a Legal department. Yours is called "the jury.")

Legal Is Full of Pessimists There's a simple reason behind this thinking. Lawyers are paid to do what comes naturally to pessimists: tell you everything that can go wrong. We're like testers, only better-dressed (sometimes). So handle us just like testers. Gather your team together and think of everything that could possibly go wrong with your project. Assume a collapse of the global telecoms systems at the exact time you deploy your Web-based app. Imagine the possibility that one of your team members stole their entire codebase from some rootkit author living in Kazakhstan. Or, perhaps more realistic, if you've promised delivery on a certain date and one of your team members gets sick or married, what will you do? And it's OK if you don't have answers to all of these questions. Showing that you've thought of them is half the battle. Business is about managing risks, and Legal's job is to find those risks and explain them.

Legal Isn't Paid to Fix Anything More true than you know, but worth bearing in mind. Once Legal has found all the problems it can think of, its work is complete. No one expects Legal to figure out the solutions to these problems. Of course, a good lawyer should help with finding solutions, but law school doesn't prepare you to fix bugs. Lawyers shouldn't be writing your code. They shouldn't be telling you who has the right skillset to be on your team. Many of us would be perfectly happy to help out with fixing the problems, but we have no idea where to start. And that's because...

Legal Doesn't Think the Way You Do Have you ever noticed that Legal doesn't have project managers? And that if you ask two lawyers the same question you'll never get the same answer. Or that sometimes you can't get an answer at all. And if you do get an answer, it's often "No."

There are very few black and white situations in law. When there's a statute that says "writing spyware is illegal" then anyone can tell you that if you do it, you're breaking the law. But what if the software you're writing needs to be updated regularly and you write a feature that phones home for updates. Is that "spyware" under these laws and, if so, what do you need to do to make it legal? That's a surprisingly difficult question. If you ask Legal to tell you how to guarantee that your software won't be "spyware," then Legal has to tell you not to let your software phone home. If you want certainty, then "No" is the only answer where Legal is guaranteed never to be proven wrong. You've asked for a yes-no answer to an either-or question.

By the way, it's not like Legal is the only place this happens. Would you feel comfortable saying that your app is unhackable? Or just that no one has found a way to hack it (yet)? Again, you can fix this. Don't ask for black or white. Ask how dark a shade of grey you're dealing with. Of course, then you're the one who has to take the risk, but...

Legal Takes Risks Too, but They're Different Risks You call the final shots—not Legal. I come across lots of people who want to let Legal tell them whether or not they should do something, and they get really upset when we won't. It may not be obvious, but every time we say "yes" we leave ourselves open to the chance of having been wrong, that we took a shades-of-grey question and answered black or white. That's why it can take five lawyers to answer one question—because we're all paranoid about missing something. Again, it's like your own experience. We have hackers constantly looking to attack our work, they're just called "other lawyers" and they do it in front of a jury where there's an audience and everyone knows which lawyer got the company into this mess. So that's why we won't take your risks, too—we have enough of our own.

So, it turns out we're people just like you. If we're a necessary part of your life, you can make it less painful to deal with us. Understand that we're paid to find problems. Know that we usually can't give you a straight answer. And be ready for us to tell you that the decision is yours. Sorry, there's no magic bullet. But then again, silver bullets kill werewolves, not bloodsucking vampires.

Don McGowan is an attorney for Microsoft Corporation. He tries to be less useless than this column probably makes him sound.