The Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) pursue copyright infringement claims against companies accused of installing unauthorized copies of software.  Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems.

This audit process often is arduous and involves collecting all available license-purchase documentation for the BSA- or SIIA-member software product installations discovered during the investigation.  However, unlike the IRS’ retention requirement of 7 years for business records, the BSA and SIIA will not recognize license-credit in favor of the businesses they target without dated proof of proper licensing for every installed software product, regardless of when it was purchased.

More troubling for many businesses is the fact that, even if they are able to produce purchase documentation for software installed on their systems, they may receive no credit for that documentation if it appears to have been received from a software vendor that is not an authorized dealer.  Purchasing software from some web sites, such as Amazon.com’s Amazon Marketplace, eBay, or Craigslist, can be risky, especially when the quoted price for a product is less than 80% of its MSRP value. Many of these heavily discounted software products licenses are offered without the authorization of the software publisher and could end up being useless to the business purchasing them, in the event of an audit. The cost can be magnified when, following settlement, the affected companies are required to re-purchase the same software from a reputable vendor.

In rare instances, the BSA and SIIA sue unauthorized resellers. In June, the SIIA worked with the LAPD to bring criminal charges against two individuals accused of pirating SIIA member software and selling it on Craigslist. However, while the BSA and SIIA pursue unauthorized retailers with civil and criminal charges, they are unable to expose all potential unauthorized retailers. Therefore, as a prudent practice, prior to making any software purchases, a company should investigate whether a vendor is an authorized seller of properly licensed software.  Additionally, a company should beware of heavily discounted software.

Tags:

The Business Software Alliance (“BSA”), and the Software & Information Industry Association (“SIIA”) pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others.  Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products.  In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities’ members’ software products are properly licensed.

It is not unusual for a company to discover during the audit process that its current or former employees installed software on company computers without authorization.  Unfortunately, this oversight may lead to substantial financial penalties from the BSA or SIIA for any allegedly unauthorized installations.  During the course of settlement negotiations, the BSA and SIIA routinely fine companies three times the MSRP value of each allegedly unlicensed product.

While no written policy is foolproof against employees installing unauthorized software, a proactive approach includes guidelines and policies to outline proper use of a company’s computers.  This may include provisions banning installing, using, or accessing software unless specifically authorized by the company.  Educating employees to have a better understanding of how to use a company’s resources and technology properly may help to prevent costly penalties in the future.  In addition to a written policy, it also is advisable for a company to routinely conduct an internal audit of its computers to help ensure software compliance.  Once the BSA or the SIIA gets involved, it is typically too late to avoid paying a penalty.

Tags:

Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor.  Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses’ software license-compliance status as of the audit effective date – the date on the first letter those entities send to a targeted business.  The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date.

Because computer networks may change rapidly, the auditors need to identify a moment in time for which they can ask the audited business, “Did you have all of the licenses for the software installed on your computers?”  If the answer is yes, the auditing entity will typically close its file.  If the answer is no, the auditing entity will claim the business engaged in copyright infringement on the effective date.  The business’ representation that it was compliant after the effective date has no bearing on whether the business engaged in copyright infringement on the effective date.  If the matter proceeds to a lawsuit, the auditor likely would claim that the business infringed its or its members’ copyrights on the effective date.

The auditing entity typically demands proof of purchase documentation that demonstrates the ownership of a sufficient number of licenses on or before the effective date.  Software purchased after the effective date is not relevant to the audit.  Locating, reviewing, and compiling the proof of purchase documentation is a collective effort that often requires coordination among various individuals and departments within an organization.  In addition, identifying and listing all of the software on the company’s computers as of the effective date may be made doubly difficult when computers contain large amounts of software irrelevant to the audit. It is also important to keep in mind that software environments change as computers are added, decommissioned, and rebuilt with the ebb and flow of HR turnover.

If you have been contacted by an auditing entity such as the BSA, the SIIA, or a software publisher, you should proceed with caution and should familiarize yourself with the typical process for such software audits.  Experienced counsel can help to guide you through that process and to avoid unnecessarily large expenses.

Tags:

The Software & Information Industry Association (SIIA) and the Business Software Alliance (BSA) routinely sends letters to businesses on behalf of many software publishers, including Microsoft, to investigate potential copyright infringement claims based on allegedly unlicensed software.  The software audit process can be long and expensive, in part due to the fact that the SIIA and BSA typically require a targeted company to produce dated proofs of purchase for licenses for every software product installed on its computers as of the effective date of the audit, regardless of how many years have passed since the license purchase.  Although the IRS generally requires businesses to maintain records for only seven years, the SIIA and BSA allow no such limitation in demanding invoices or receipts for all software license purchases.  Businesses often are unable to find the documentation for the purchase of each product, which typically results in a higher payment demanded by the SIIA or BSA to settle the matter.

The notion that a business could legitimately purchase software only to be required to re-purchase it following a software audit – in addition to having to pay a penalty to the SIIA or BSA – leads some businesses to seek open source alternatives.  For many of the BSA-member products most commonly found to be at issue during a third-party audit – such as Microsoft Office and Adobe Photoshop – there are analogous open-source alternatives – such as OpenOffice or GIMP – that are available at little or no cost to license.  Although the functionality of these alternatives is not identical to that of the SIIA- or BSA-member products, many consumers determine that those differences are less compelling than the advantage of cutting costs and avoiding future exposure related to third-party audits. However, it is important to keep in mind that, while it may cost nothing to deploy open-source software, the installation and use of those products are still subject to copyright laws and governed by the terms of license agreements (such as the GNU General Public License). The terms of those licenses can have a significant impact on a business’ ability to host, modify or redeploy open-source software products. Therefore, businesses should make an effort – if necessary, with the advice of counsel – to familiarize themselves with the terms of those licenses.

Tags:

IBM has begun a comprehensive program of compliance audits of its software clients. Scott & Scott’s clients have begun receiving letters from IBM Software Compliance demanding cooperation with a “routine assessment” of the client’s deployment of IBM software. According to the letter, IBM employs the services of Deloitte, LLP to conduct these audits and states that it is performing the audits to:

“confirm licensing requirements, determine actual deployment and usage, verify compliance with IBM applicable agreements and enhance IBM’s understandings of the challenges…in managing their IBM software deployments.”

According to IBM, these audits are part of a broad initiative to audit all of its clients. This is one of the most audacious compliance moves we have seen in the software industry. While most major publishers have compliance programs, we are not aware of any software company who plans to audit all of its customers. Here, however, IBM appears to be invoking its right to “conduct a routine assessment” under licensing provisions without prior suspicion of software licensing noncompliance.

These audits can entail significant financial exposure, and the software products at issue often form the lynch pins of whole lines of business. A company targeted by an audit of this type should seek experienced counsel to identify and defend its rights under the software license agreements. There may be significant rights pertaining to the audit contained within licensing agreements that could strengthen the target company’s position throughout the audit process.

Tags:

Microsoft’s Services Provider License Agreement (“SPLA”) is a popular licensing framework for businesses delivering hosted or rented software solutions to their customers. However, as with many software license agreements pertaining to resale or other business channel partnership programs, the SPLA typically includes audit rights language giving Microsoft the ability to review a SPLA partner’s records regarding software deployments and entitlements and to demand compensation – usually at a mark-up over standard reseller pricing levels – for any deployments found to be excess of the business’ past monthly SPLA reporting.

Businesses that deploy software under one or more SPLAs should strongly consider working with an attorney experienced in publisher-initiated software audits before disclosing any information to Microsoft in response to a SPLA audit engagement. Many businesses discover during the course of a SPLA audit that in the past they have either under-licensed or over-licensed some or all of their deployments based on an incomplete grasp of Microsoft’s complex distributed software licensing rules. Learning this information before disclosing any audit results to Microsoft can help to avoid a protracted dispute over past licensing discrepancies. In addition, a third-party software audit taking place at a company’s offices may represent a significant disruption to business activities. For others businesses, unprotected access to or disclosure of company information regarding software deployments and entitlements entails confidentiality concerns that are greater in scope and significance than the concerns that all businesses should keep in mind when disclosing information to a party that could, in some cases, end up on the other side of the aisle in a litigated dispute.

Experienced counsel should have a familiarity with both the substantive licensing rules under SPLA and with the audit procedures Microsoft typically uses in these matters. They also should have a good idea of the various alternative procedures to which Microsoft may be willing to agree in order to resolve the audit request in a way that minimizes adverse impacts on a company’s business operations. Especially in light of the financial exposure that SPLA audits can entail and the business-critical nature of the software products often licensed under a SPLA, attorney consultation in these matters often is vital to achieving a mutually agreeable outcome.

Tags:

In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation.  NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI.   NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs.

The court rejected NEI’s request for damages for each separate work and concluded that “a plaintiff should not receive a windfall recovery by inflating the number of works infringed from its own compilation.”  The court determined that “when a plaintiff compiles assorted copyrighted products into a new product, the compilation constitutes one work for purposes of copyright infringement.”

NEI’s focus on “whether each item (in a compilation) has an independent economic value and is, in itself, viable” did not sway the court.  Rather, the Court held that “adopting such a test would be to make a total mockery of Congress' express mandate that all parts of a compilation must be treated as a single work for purposes of computing statutory damages.”  The court also declined to apply rulings from cases NEI presented in which defendants, rather than plaintiffs, created compilations of the plaintiff’s works.

If you have been contacted by the Business Software Alliance (BSA), Software & Information Industry Association (SIIA), or another software industry auditing entity, you should contact counsel experienced in negotiating with auditing entities regarding bundled software suites that resemble compilations.

Tags:

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish.  In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements.  In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses.

The audit process is lengthy and arduous and often is affected by costly mistakes.  One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process.  It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit.  The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions,  Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives.

However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA.  Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit.  Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product.  The BSA then typically applies a multiplier for each product included in its settlement offer calculations.

For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA.  If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity.

Tags:

Many businesses that use software published by Autodesk are familiar with the company’s vigorous copyright enforcement program. Autodesk is one of the most active software publishers when it comes to threatening litigation over allegedly unlicensed use of its well-known computer-aided design products, such as AutoCAD, and it regularly targets businesses of all sizes demanding costly and distracting audits and settlements, often based solely on the word of unidentified informants.

In addition to such matters targeted at its past and potential customers, however, Autodesk’s enforcement program also includes efforts to eradicate what it believes to be unauthorized sale of its software. The Washington state federal lawsuit of Vernor v. Autodesk Inc. falls into this category. Here, the plaintiff, Timothy Vernor, had for some time attempted to sell used AutoCAD packages on eBay. However, when he did so, Autodesk sent notices to eBay pursuant to the Digital Millennium Copyright Act that such activity violated Autodesk’s copyrights, and in order to avoid contributory copyright liability, eBay removed the listings. After several such exchanges, eBay eventually terminated Vernor’s account. In response, Vernor filed suit against Autodesk, seeking a declaratory judgment that his sale of used software did not constitute copyright infringement.

In its first substantive opinion in the matter, the Federal Court for the Western District of Washington denied a motion to dismiss in which Autodesk had argued that the software Vernor attempted to sell on eBay had been licensed exclusively to a Seattle architecture firm, that the firm had no authority to transfer the software to any other party, and that Vernor’s activity therefore constituted a violation of its copyrights in the software. The court disagreed, holding that the first sale doctrine under U.S. copyright law protected Vernor from liability. Despite Autodesk’s characterization of the earlier transaction as the transfer of a license, the court ruled that the architectural firm merely had purchased a copy of the product, and first sale doctrine allows the lawful owner of a copy of a work to sell or give it away.

On September 30, 2009, the court essentially repeated this holding in ruling on cross-motions for summary judgment filed by each of the parties. Again relying primarily on the 9^th Circuit’s opinion in United States v. Wise (1977), the court characterized the earlier sale to the architectural firm as just a sale with a restriction as to use. After Wise, the 9^th Circuit held in other cases involving software disputes that software licensees did not “own” their copies. However, the Vernor trial court nevertheless looked to Wise as the controlling precedent, because it was the earliest case to consider the issue and because the 9^th Circuit did not expressly address it in the cases that followed.

A decision by Autodesk not to appeal these rulings by the Vernor court would be surprising, considering what is at stake. The implications of the court’s holding, if allowed to stand, would cast a shadow across the license-enforcement initiatives of not only Autodesk, but also other software publishers and their trade groups, such as the Business Software Alliance and the Software & Information Industry Association. It will be very interesting to see what happens next in this matter.

Tags:

The BSA and SIIA are not the only organizations pursuing business for software copyright infringement.  Though it is a member of both the BSA and SIIA, Autodesk, which manufactures the popular design software AutoCAD, often pursues audit targets on its own. 

The audits begin much like those instituted by the BSA or SIIA.  The target of Autodesk’s audit will receive a letter from a law firm representing Autodesk demanding the business’ cooperation in disclosing the number Autodesk installations on its network and the number of Autodesk licenses it owns, including serial numbers.  The law firm will assert it has received information that indicates the business may have more installations of Autodesk software than it is licensed to use.  The letter will go on to describe the various penalties associated with copyright infringement and it may threaten the business with civil litigation.

Targets who receive such letters should treat the matter very seriously.  It is important to know your legal rights and protect your legal position before responding to a request for information from a software publisher who is trying to conduct an audit.  Additionally, many companies who prepare their own responses to Autodesk without the benefit of counsel and before conducting a thorough investigation often receive an unexpectedly high settlement offer from Autodesk. 

In many cases, Autodesk demands a settlement payment calculated as the MSRP of the allegedly unauthorized products installed on the business’ network multiplied by three.  The multiplier, Autodesk argues, is the penalty for using unauthorized software and is assessed in lieu of proceeding with formal judicial resolution.  The use of multipliers as an approximation of damages is a hotly contested issue.

When responding to Autodesk audit requests, companies should work with experienced counsel to thoroughly investigate the software usage on their computers, protect themselves by requesting agreement from Autodesk regarding the use of the materials that will be produced in the audit, and negotiate a resolution geared toward ensuring future compliance. 

Tags: