Chapter 35 Exercises: IP, Licensing, and Legal Considerations

These exercises are organized into five tiers of increasing complexity, aligned with Bloom's taxonomy. Complete the exercises in order within each tier, as later exercises may build on earlier ones.

Note

: These exercises are for educational purposes. They involve analyzing legal concepts and creating compliance tools. They do not constitute legal advice. Always consult qualified legal counsel for real-world legal decisions.

Tier 1: Remember and Identify (Exercises 1-6)

These exercises test your recall of key concepts and terminology from the chapter.

Match each legal framework to its primary relevance to AI-generated code:

Framework Options
Copyright law A. Protecting inventions and novel processes
Patent law B. Governing terms between users and service providers
Contract law C. Protecting original works of authorship
Data privacy law D. Regulating handling of personal information
Trade secret law E. Protecting confidential business information

Write your answers as a Python dictionary mapping framework names to their correct letter.

Exercise 2: License Classification

Create a Python dictionary that classifies the following licenses into their correct categories (permissive, strong copyleft, weak copyleft):

  • MIT License
  • GPL v3
  • Apache License 2.0
  • LGPL v2.1
  • BSD 2-Clause
  • AGPL v3
  • MPL 2.0
  • ISC License

Exercise 3: Data Classification Levels

List the four data classification levels described in the enterprise AI usage policy section of the chapter, from least sensitive to most sensitive. For each level, write one sentence describing what AI tool usage is permitted.

Exercise 4: Terminology Definitions

Write brief definitions (one to two sentences each) for the following terms as they relate to AI-generated code:

  1. Work made for hire
  2. Copyleft
  3. Indemnification
  4. Data Processing Agreement (DPA)
  5. Shadow AI
  6. Freedom to operate

Exercise 5: Jurisdiction Comparison

Create a table (as a Python list of dictionaries) comparing how the United States, European Union, United Kingdom, and China approach the question of AI authorship for copyright purposes. Include columns for jurisdiction, position on AI authorship, and key case or regulation.

Exercise 6: Regulatory Framework Identification

For each of the following industries, list at least two regulatory frameworks that affect how AI coding tools can be used:

  1. Financial services
  2. Healthcare
  3. Government/Defense
  4. Automotive
  5. Aviation

Tier 2: Understand and Explain (Exercises 7-12)

These exercises test your comprehension of the concepts and your ability to explain them.

Exercise 7: The Copyrightability Spectrum

Write a Python function called assess_copyrightability that takes a description of how AI was used to create code and returns a rating on a scale from 1 (likely not copyrightable) to 5 (likely copyrightable), along with an explanation. The function should consider factors such as:

  • Percentage of code that was human-written
  • Degree of modification to AI output
  • Creativity of the prompts used
  • Whether the code implements a novel design
def assess_copyrightability(description: str) -> dict:
    """
    Assess the likely copyrightability of AI-assisted code.

    Args:
        description: A text description of how AI was used

    Returns:
        Dictionary with 'rating' (1-5) and 'explanation' keys
    """
    # Your implementation here

Exercise 8: License Compatibility Analysis

Write a Python function that takes two license identifiers and determines whether code under the first license can be incorporated into a project under the second license. Cover at least the following licenses: MIT, BSD-2-Clause, Apache-2.0, GPL-2.0, GPL-3.0, LGPL-2.1, AGPL-3.0, and MPL-2.0.

def check_license_compatibility(source_license: str, target_license: str) -> dict:
    """
    Check if source-licensed code can be used in a target-licensed project.

    Returns:
        Dictionary with 'compatible' (bool), 'explanation' (str),
        and 'conditions' (list of str)
    """
    # Your implementation here

Exercise 9: Data Flow Diagram

Write a Python script using text-based diagramming that illustrates the data flow when a developer uses a cloud-based AI coding assistant. Show what data leaves the developer's machine, where it goes, what processing occurs, and what data is retained. Include annotations for privacy-sensitive data points.

Exercise 10: Terms of Service Comparison

Write a Python function that takes a dictionary representing key terms from an AI tool's terms of service and evaluates whether the terms are suitable for enterprise use. The function should check for:

  • Output ownership clarity
  • Training data opt-out
  • Data retention limits
  • Indemnification coverage
  • Compliance certifications
def evaluate_tos_for_enterprise(terms: dict) -> dict:
    """
    Evaluate AI tool terms of service for enterprise suitability.

    Args:
        terms: Dictionary with keys like 'output_ownership',
               'training_optout', 'data_retention_days', etc.

    Returns:
        Dictionary with 'suitable' (bool), 'score' (int),
        'issues' (list), 'recommendations' (list)
    """
    # Your implementation here

Exercise 11: The Human Authorship Argument

Write a 300-word essay (as a Python multi-line string) arguing that a developer who writes a detailed 500-word specification and uses AI to generate the implementing code should be considered the "author" for copyright purposes. Then write a 300-word rebuttal arguing the opposite position.

Exercise 12: Privacy Impact Assessment

Write a Python function that performs a basic Privacy Impact Assessment (PIA) for using an AI coding tool in a given context. The function should take parameters describing the type of data being processed, the tool's data handling practices, and applicable regulations, and return a risk assessment with recommended mitigations.

Tier 3: Apply and Implement (Exercises 13-18)

These exercises require you to apply concepts to practical scenarios and build working tools.

Exercise 13: License Header Scanner

Write a Python script that scans a directory of source files and extracts license headers (typically found in the first 20 lines of a file or in a LICENSE file). The script should:

  • Recursively scan all .py, .js, .ts, .java, .go, and .rs files
  • Extract SPDX license identifiers if present
  • Identify common license patterns in file headers
  • Generate a report of all licenses found
  • Flag any files without identifiable license headers

Exercise 14: Sensitive Data Detector

Write a Python tool that scans code files for potentially sensitive data that should not be sent to AI services. The tool should detect:

  • Hardcoded API keys and tokens (common patterns like sk-, AKIA, etc.)
  • Email addresses
  • IP addresses (both IPv4 and IPv6)
  • URLs containing internal hostnames
  • Database connection strings
  • Social security numbers, credit card numbers
  • Hardcoded passwords (variables named password, secret, key, etc. with string values)

The tool should generate a report with file paths, line numbers, and the type of sensitive data found.

Exercise 15: AI Usage Commit Hook

Write a Python script that can be used as a Git pre-commit hook. The hook should:

  • Check staged files for AI-generated code markers (comments like # AI-generated, // Generated by AI, etc.)
  • Verify that AI-generated files have corresponding entries in an AI usage log
  • Optionally prompt the developer to confirm that AI-generated code has been reviewed
  • Exit with a non-zero status if compliance checks fail

Exercise 16: Policy Compliance Dashboard Data Generator

Write a Python script that generates mock compliance data and produces a summary report suitable for a compliance dashboard. The report should include:

  • Number of AI-generated files in the project
  • License scan results (clean, flagged, unscanned)
  • Data privacy compliance status
  • Code review coverage for AI-generated code
  • Trend data over the last 12 weeks (simulated)

Exercise 17: License Conflict Resolver

Extend the license compatibility checker from Exercise 8 to handle multi-license projects. Given a list of dependencies with their licenses, the function should:

  • Identify all license conflicts
  • Suggest compatible alternative licenses for the project
  • Recommend specific resolution strategies for each conflict
  • Generate a compliance action plan

Exercise 18: Regulatory Compliance Checklist Generator

Write a Python function that generates a regulatory compliance checklist based on the industry and jurisdiction. The function should:

  • Accept industry (financial, healthcare, government, automotive, aviation) and jurisdiction (US, EU, UK, etc.)
  • Return a checklist of regulatory requirements relevant to AI coding tool usage
  • Include specific regulation references
  • Provide compliance action items for each requirement

Tier 4: Analyze and Evaluate (Exercises 19-24)

These exercises require critical analysis and evaluation of complex scenarios.

Exercise 19: AI Tool Risk Assessment

Write a comprehensive risk assessment tool that evaluates the legal and compliance risks of adopting a specific AI coding tool in an organization. The tool should:

  • Accept parameters about the tool (data handling, terms, certifications) and the organization (industry, jurisdiction, data sensitivity)
  • Evaluate risks across categories: IP, licensing, privacy, regulatory, contractual
  • Score each risk on likelihood and impact
  • Generate a risk matrix
  • Provide risk mitigation recommendations
  • Output a formatted risk assessment report

Exercise 20: License Compliance Audit Simulator

Write a Python program that simulates a license compliance audit. The program should:

  • Generate a simulated codebase with a mix of human-written and AI-generated code
  • Assign realistic license scenarios (clean, flagged, violation)
  • Walk through the audit process step by step
  • Identify violations and near-misses
  • Generate an audit report with findings and recommendations
  • Calculate a compliance score

Exercise 21: Policy Gap Analysis

Write a Python tool that takes an existing AI coding policy (as a structured dictionary) and evaluates it against a comprehensive checklist of policy components. The tool should:

  • Check for the presence and completeness of each policy section
  • Evaluate the specificity and enforceability of policy statements
  • Identify gaps and weaknesses
  • Score the policy on a maturity scale (initial, developing, defined, managed, optimized)
  • Generate specific recommendations for improvement

Exercise 22: Cross-Jurisdictional Compliance Analyzer

Write a Python tool that analyzes AI coding tool usage across multiple jurisdictions and identifies compliance challenges. Given a set of offices/locations and the AI tools in use, the tool should:

  • Map applicable regulations for each jurisdiction
  • Identify conflicts between jurisdictional requirements
  • Flag data transfer issues (e.g., EU data processed in the US)
  • Recommend jurisdiction-specific controls
  • Generate a compliance matrix

Exercise 23: Incident Response Scenario

Write a Python program that simulates an IP-related incident and walks through the response process. Scenarios should include:

  • Discovery that AI-generated code matches GPL-licensed code in a proprietary product
  • Receipt of a cease-and-desist letter claiming AI output infringes a patent
  • Discovery that a developer sent regulated data to an unapproved AI tool
  • Finding that AI-generated code contains a security vulnerability that led to a data breach

For each scenario, the program should guide the user through assessment, containment, remediation, and documentation steps.

Exercise 24: Cost-Benefit Analysis of AI Tool Adoption

Write a Python tool that performs a cost-benefit analysis of adopting enterprise-grade AI coding tools versus free-tier tools. The analysis should consider:

  • Licensing costs for enterprise tools
  • Productivity gains from AI assistance
  • Risk reduction from enterprise features (data isolation, indemnification)
  • Potential cost of IP infringement claims
  • Potential cost of data breaches
  • Compliance cost savings
  • Training and onboarding costs

The tool should generate a financial model with sensitivity analysis for key assumptions.

Tier 5: Create and Design (Exercises 25-30)

These exercises require you to synthesize knowledge and create comprehensive solutions.

Exercise 25: Complete AI Governance Framework

Design and implement a Python-based AI governance framework for a medium-sized software company (200 developers). The framework should include:

  • Policy document generator (customized to industry and jurisdiction)
  • Tool approval workflow manager
  • Data classification system
  • Compliance monitoring dashboard data
  • Training curriculum outline
  • Incident response playbook
  • Annual review process documentation

Exercise 26: Automated Compliance Pipeline

Build a Python-based compliance pipeline that integrates into a CI/CD process. The pipeline should:

  • Scan for AI-generated code markers
  • Run license compliance checks
  • Check for sensitive data exposure
  • Verify code review attestations
  • Validate audit trail completeness
  • Generate compliance reports
  • Block merges that fail compliance checks (via exit codes)

Create a Python-based interactive training module that teaches developers about AI coding ethics and legal considerations. The module should:

  • Present concepts through scenarios and case studies
  • Include knowledge checks after each section
  • Adapt difficulty based on user responses
  • Track completion and scores
  • Cover all major topics from this chapter
  • Generate a completion certificate (as formatted text)

Exercise 28: Multi-Stakeholder Policy Negotiation Simulator

Write a Python program that simulates the process of creating an AI coding policy through negotiation between different stakeholders. The program should:

  • Define stakeholder roles (engineering lead, legal counsel, security officer, compliance officer, developer representative)
  • Generate stakeholder positions on key policy decisions
  • Simulate negotiation rounds where positions converge
  • Produce a final policy that balances competing interests
  • Document the rationale for each policy decision

Exercise 29: Open-Source Contribution Compliance Tool

Write a Python tool for organizations that contribute to open-source projects while using AI coding tools. The tool should:

  • Assess whether AI-generated code can be contributed to a specific open-source project
  • Check the target project's contribution guidelines for AI-related policies
  • Verify that AI-generated contributions meet the project's license requirements
  • Generate a contribution compliance attestation
  • Maintain a log of all AI-assisted open-source contributions

Exercise 30: Future-Proofing Strategy Generator

Write a Python program that generates a strategy for future-proofing an organization's AI coding practices against legal changes. The program should:

  • Analyze current practices against potential future regulatory scenarios
  • Identify areas of highest regulatory risk
  • Recommend proactive measures (documentation, tool selection, policy provisions)
  • Generate a monitoring plan for tracking legal developments
  • Create a scenario-planning matrix with response strategies for key regulatory outcomes
  • Produce a 12-month action plan with quarterly milestones

Exercise Submission Guidelines

For all exercises:

  1. Write clean, well-documented Python code with type hints and docstrings
  2. Include error handling for edge cases
  3. Write at least two test cases for each function
  4. Add comments explaining your legal reasoning (note: this is educational analysis, not legal advice)
  5. Follow PEP 8 style guidelines

Solutions to selected exercises are available in code/exercise-solutions.py.