Untitled Page
|
Entries tagged with "BSA" |
| | Intellectual Property Enforcement or Witch-hunt? |  Recently, the Coalition Against Counterfeiting and Piracy (CACP), a group consisting of heavy-hitting IP stakeholders, such as the Recording Industry Association of America, the Business Software Alliance (BSA), the Software and Information Industry Association (SIIA), and the U.S. Chamber of Commerce, announced its intent to push for rapid improvements in what it perceives to be universally lax enforcement of U.S. laws protecting IP rights. At a news conference on Thursday, June 14, the CACP, through its Chairman, NBC Universal general counsel Rick Cotton, announced that under this "aggressive, comprehensive" effort, the CACP would seek to increase resources for governmental investigation and enforcement of criminal IP laws, to "reform civil and judicial process" (whatever that means), and to educate consumers.
Generally speaking, few would quarrel with the notion that intellectual property is a valuable and important property interest, fully deserving of strong protection. However, in announcing this new, altruistically-titled "Campaign to Protect America," Mr. Cotton verbally expressed a degree of fanaticism that is, in practice, characteristic of many industry organizations that cite to the public interest to justify their sometimes indiscriminate targeting of alleged IP infringers. Mr. Cotton said:
<blockquote>
Our law enforcement resources are seriously misaligned...If you add up all the various kinds of property crimes in this country, everything from theft, to fraud, to burglary, bank-robbing, all of it, it costs the country $16 billion a year. But intellectual property crime runs to hundreds of billions a year.
</blockquote>
Never mind the personal stress and often life-long sense of unease that can follow a home invasion or burglary, not to mention a mugging. Never mind the complete financial devastation that can come in the wake of white-collar crimes that lead to the evaporation of a worker's life savings. Never mind the fact that "bank-robbing" often also involves immediate public danger flowing from the use of deadly weapons and, on occasion, subsequent police chases. Clearly, these concerns are trifles compared to the bottom-line cost of IP crimes, and they should not serve to divert our valuable public resources away from the identification, apprehension and prosecution of those who would infringe IP rights. Right?
At least Mr. Cotton was kind enough to limit his generalization to "property crimes."
Statements like these should make clear to any business targeted and accused of "piracy" by organizations such as the BSA or the SIIA that the IP "defenders" are more likely to be interested in making examples of their targets, rather than reaching a solution that truly accounts for all the facts (not the least of which is the usually confusing and even deceptive way that software publishers in particular undertake to license and market their content). If your business has been accused of "pirating" software, it is immensely important that you know whom you are dealing with before you divulge any information or sign any agreement.
A copy of the CACP’s press release can be found <a href="http://www.uschamber.com/press/releases/2007/june/07-103.htm">here</a>.
|  | Tags: BSA intellectual property | | |
| | Eight Software Asset Management Predictions For 2008 |  2007 was an exciting and dynamic year for the software asset management industry.
As we enter a new year, the software industry will continue to evolve. Here are my predictions for what will happen in 2008.
1. BSA expands its “no-fine” self-audit program
I will remember 2007 as the year that the BSA increased its reward program for “anti-piracy” leads to up to $1,000,000. With approximately fifty-five million dollars in global revenue showing on its most recent tax return, BSA will continue to be the most important software police organization in the world. Recently, BSA has created a new audit flavor, it’s a self-audit with a twist. Targets are asked to conduct an audit, provide invoices for software purchased as a result of the audit and the BSA agrees to close its file. I call this the “no-fine” self-audit because once the audit is conducted and materials produced to BSA, the file is in fact closed without protracted settlement negotiations over fines and other terms. I predict that the “no-fine” audit will be used with greater frequency 2008.
2. Microsoft Expands SAM Engagement Program
Microsoft’s SAM initiatives have replaced what used to be contractual audits. Under this program, Microsoft hires a consultant to assist the customer in conducting and audit that is the results of which are reported to Microsoft. As many clients continue to struggle to manage compliance with Microsoft licensing, Microsoft will continue to invest time and resources in various SAM initiatives. Although, I have been a critic of the certain aspects of Microsoft’s SAM Engagement, I think publishers like Microsoft that help customers deal with SAM challenges will be most successful in the long run. I think the number of variety of global SAM engagements will increase dramatically in 2008.
3. Adobe to Focus Attention on Fonts
In the recent weeks, we have started to see BSA audit letters specifically requesting audit information regarding installed fonts. Depending on the nature of your business, you may be receiving files that contain proprietary fonts licensed by your company vendors, clients, and partners when they send you documents. Frequently, these fonts wind up remaining on your computers systems creating a potential compliance issue. Adobe has an extensive portfolio of fonts that are used in its industry leading design products. I think that in 2008 the focus on font licensing compliance will continue.
4. Industry Consolidation Accelerates
As we continue to experience the economic ripple effects of the sub-prime meltdown, I think there will be an increased credit squeeze in 2008. As smaller publishers find it harder to borrow funds to fuel growth, continued industry consolidation should occur in 2008. These same economic factors may lead to increased acquisition and divestiture work for software asset managers in all industries.
5. Autodesk Stays Aggressive
In addition to participating in audits conducting by the SIIA and BSA Autodesk maintains its own “anti-piracy” program implemented exclusively by Donahue Gallagher & Woods law firm. While other publishers search for kinder and gentler enforcement strategies, I predict that Autodesk will continue to be aggressive in its approach to enforcement working through the pre-eminent anti-piracy attorneys to implement its heavy-handed strategy.
6. End-Users Benefit from Soft Economy
If the economy weakens and revenue pressure on software publishers increases, end-users will enjoy greater negotiating and bargaining power. The smartest companies will negotiate aggressively with the software industry to secure favorable pricing and licensing terms custom tailored to their business needs. In my experience, senior management at software publishers are more likely to make licensing and pricing concessions when there is a new transaction and considerable cash on the table. A soft economy will force publishers to make concessions to end-users in 2008.
7. Resellers Expand Asset Management Services
To stay competitive, software resellers have had to offer value added tools and services to assist their customers with managing the hardware and software assets they sell. The smartest resellers are learning that the more asset management tools and services they can provide the greater wallet share they will enjoy for hardware, software, and services. Dell’s purchase of ASAP Software and Insight’s purchase of Software Spectrum have started a trend that will continue in 2008.
8. Third-Party Commercial Access Licenses Go Mainstream
In 2007 Microsoft greatly expanded its reseller network for its Service Provider License Agreement Program. This program provides commercial access licenses to Microsoft technology. Traditional client access licenses (CAL) are for internal use and access only. If you provide direct or indirect access to third parties including your customers, vendors, and business partners you should consider whether you need SPLA licensing. In 2008, third party access licensing will become increasingly important under Microsoft SPLA as well as other major publishers licenses.
| | Tags: BSA SIIA software audit | | |
| | What You Need to Know if You Receive a Letter from the Business Software Alliance (BSA) | Preparing the BSA Audit Materials
The Business Software Alliance’s primary enforcement tool is to send a threatening letter indicating that an investigation has commenced and offering to forego litigation if the target company provides a self-audit. A self-audit consists of a listing of all BSA member software running on a company’s computer networks, appropriate indicia of ownership for the software comprised of dated proofs of purchase for each title. It is important to note that companies are usually under no legal obligation to cooperate with the Business Software Alliance. In most instances, however, cooperation will yield the most cost effective resolution. But, that is not necessarily always the case.
Cooperating Carefully with BSA
I usually advise my clients to cooperate with the BSA, but to do so without compromising any legal rights. Prior to submitting audit materials on behalf of clients we require that the BSA sign a contract protecting the confidentiality of the audit materials and ensuring that the audit materials will not be used in court if the case cannot be settled informally.
BSA Settlement Demands
The Business Software Alliance has developed a standard formula for assessing fines as part of its settlement process. It is important to note that the BSA is not a governmental entity and has no independent authority to levy an enforceable fine. Business Software Alliance fines are therefore merely offered in settlement to avoid litigation and, like all pre-litigation settlement offers, are negotiable with the help of experienced counsel.
The BSA's methodology for calculating fines starts by treating as unlicensed all software products for which there is a lack of adequate documentation, including dated proofs of purchase. All proofs of purchase must be dated prior to the Business Software Alliance's initial letter to be considered valid evidence. Because companies may not always have access to the requisite dated proofs of purchase, the BSA's proposed fines are often based, in part, on software titles that companies legally own and properly acquired.
The Business Software Alliance also unbundles the products in software suites such as Microsoft Office and Adobe Creative Suite. So instead of proposing a fine based upon one copy of Microsoft Office, the BSA proposes a fine for Microsoft Outlook, Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. The result is a proposed fine of $1,126 for a product that retails for $339.
After disallowing credit for valid software without dated proofs of purchase and unbundling all software suites, the Business Software Alliance then applies an arbitrary multiple of three times the full retail price for each software title. Accordingly, one allegedly unlicensed copy of Microsoft Office will carry a proposed fine of $ 2,252.
To add insult to injury, the Business Software Alliance’s proposed fine will include a line item for $3,500 to pay the BSA’s attorney’s fees. While this is not usually a large number as a percentage, it should be taken into account when considering potential exposure. To calculate your potential exposure, use our Business Software Alliance Fine Calculator, http://www.bsadefense.com/resources-fine-calculator.asp.
| | Tags: BSA business software alliance software audit | | |
| | The Cost of Confidentiality in a BSA Settlement |  Part of negotiating a settlement for alleged software licensing violations with the Business Software Alliance (BSA) involves certain provisions that have far-reaching implications. A key to understanding those provisions involves carefully reading and dissecting each subsection.
Often, one of the most important provisions, aside from the sections resolving a company’s alleged liability for copyright infringement, consists of language (if any) pertaining to confidentiality. Unless a company requests a confidentiality provision to be included in the settlement agreement, the BSA often will issue a press release detailing the investigation of the company and the terms and cost of settlement. Many businesses understandably seek to avoid this type of publicity. If included in the settlement agreement, the confidentiality provision provides protection from the public release of information and prohibits the BSA from disclosing the terms of the settlement. However, it is important to note that this provision does not protect against court-ordered subpoenas or against the release of information by the BSA to the software companies it represents.
It is also important to note that this provision often comes at a cost. The BSA regularly significantly increases the settlement price if a company seeks confidentiality. Companies therefore often choose not to include a confidentiality provision, but they should be prepared for the press release detailing each alleged violation of licensing agreements and the amount paid to the BSA in fines. If the company chooses not to purchase confidentiality, the BSA often will allow the business to review a proposed release prior to publication and to provide a quote to include with the release.
Businesses negotiating the resolution of a BSA-initiated audit matter should carefully consider with counsel whether the benefits of a confidentiality provision outweigh its cost, in light of that business’ location, industry, market share, and financial situation. | | Tags: BSA business software alliance software audit | | |
| | Audit Inspections: How to Proceed with Inspecting Computers for Software Installations | The Business Software Alliance (BSA) is an organization that represents software companies and prosecutes alleged unlicensed use of those member companies’ software products. The BSA generally initially sends a company a letter indicating the company may be out of compliance with applicable software license agreements and demanding that the company investigate and inspect each computer for BSA-member software installations. Then the inspection begins.
This process varies depending on the size of the company and the number of computers within the scope of the audit. A small company with very few computers has more cost-effective options, such as using a free scan tool to inspect their computers, conduct hard drive imaging, or simply logging on to the computers to determine what is installed.
However, there are numerous methods of inspecting and reporting software installations, and because of the complexities facing companies with many computers, it often is more effective to use a network scanning tool to determine installations on computers.
After selecting and deploying the scanning tool that is most effective for a company’s needs, a company should review the raw inventory results to determine if there are any errors in the results. It is not uncommon for inventory tools to report the presence of a software product on a computer even after the company has taken steps to remove the product. In addition, there are several product-specific pitfalls to avoid. For example, it is common for older versions of the free Adobe Reader to appear in inventory results as the full Acrobat product. Also, a computer may appear to have a full Microsoft Office suite, when one component, such as Microsoft Word, is the only product from the suite that actually is installed. Each of these items can make a significant difference in a company’s exposure.
Finally, companies also should use a review of their software inventory results to determine which software products they need going forward. BSA settlements typically require companies to certify their compliance with applicable software agreements as of the date of settlement, and it is advisable to begin the compliance review as soon as possible. For example, it is often the case that a company does not require the full Adobe Acrobat, but could meet their needs using the Adobe Reader tool. | | Tags: BSA business software alliance | | |
| | Microsoft Licensing Considerations | Generally when purchasing new software online, or upgrading existing software, a box pops up on the computer that says “Agree to Terms”. Most people simply check the appropriate box and click next without reading the fine print. This can be troublesome when the Business Software Alliance (BSA), which represents major software companies such as Microsoft, decides to conduct an audit of software licenses.
The Microsoft Licensing Agreement is a complex document. Properly reading and understanding the type of license granted by Microsoft is important. Some licenses may allow installation on two computers as long as they are not used concurrently. Other licensing agreements allow users to install a backup or archive copy of the software on another computer. Knowing the difference between OEM, retail, or open licenses enables the user to operate within the confines of the license agreement.
Moreover, with regard to Microsoft server products such as Exchange, SQL Server and Windows Server, businesses are facing a greater demand for remote access capabilities to enable individuals to work outside the office. Accessing a network and software remotely by VPN may require a Windows Server CAL and a Terminal Services CAL license in addition to the proper license for each installation of software on the computers on the network.
If you believe you have a good grasp on Microsoft licensing terms and requirements, it may be a good idea to consult with an attorney with experience in software licensing matters to help ensure compliance and avoid the exposure that can be associated with the BSA and other audit engagements. | | Tags: BSA business software alliance copyright software audit | | |
| | Tracking Down Proofs of Purchase for Software Licenses | When a company receives a letter from the Business Software Alliance (BSA) questioning the authenticity of software licensing status and demanding an in-house audit, it is very important to have proofs of purchase for the licenses in question. Absent sufficient proof of purchase, the BSA will assume that the associated software installations are unlicensed and will demand that the company pay a penalty to resolve claims of alleged copyright infringement. It is also important to note that the BSA requires specific types of proof of purchase in its evaluation of a company’s compliance status. For example, a serial number, installation CD, or an empty box in which software was sold likely will not be acceptable to the BSA to establish proof of license.
Therefore, it is an important to keep records of all software purchased, regardless of the vendor or the date purchased. Typical forms that are acceptable to the BSA include receipts of purchase and invoices from authorized vendors. If software is pre-installed on a computer, a company may be able to obtain documentation from the manufacturer showing all such software on that computer.
Once all of the information related to installations and licenses is gathered, it is submitted to the BSA for review. The review may be a lengthy process, usually ultimately culminating in a settlement offer, which is typically negotiated downward. It is therefore key to submit all information proving proper licensing to decrease the total settlement. By obtaining a lower opening settlement offer, a company can reduce total exposure in negotiations. | | Tags: BSA business software alliance copyright software audit | | |
| | When to Seek Help for a BSA Audit | Many companies choose to pursue an internal audit of software systems after receiving a request from the Business Software Alliance (BSA). When it comes to deciding how to proceed with an audit, there are multiple considerations, including, but not limited to, the size of the company, amount of computers, type of software at issue, IT support, and accuracy of a company’s records.
A small company with few computers is better suited than a larger corporation to conduct its own audit either manually or to take advantage of one of the many free software scan tools available on the internet. There are still risks of inaccuracy involved. One danger is that a company may submit information regarding a free download that may be mislabeled, and inaccurately reported to the BSA as unlicensed software.
This risk is amplified for larger companies with many computer systems and multiple users. If a large company seeks to conduct its own audit, the free scanning tools are still an acceptable choice, as manually checking each computer is both tedious and can lead to mistakes. An alternative is to seek a consultant who specializes in software infringement issues and who can assist with network inventory and sorting through software purchasing invoices and receipts. However, it is important to keep in mind that, unless that consultant is an attorney, he or she may have no duty of confidentiality to the company. Therefore, it is wise either to obtain a comprehensive confidentiality agreement from the consultant or to retain a knowledgeable attorney to assist with the inventory.
In addition to collecting an inventory of software installations, it is important to gather purchasing information to provide to the BSA. If receipts and invoices are not provided for all software installations reported, the BSA will assume the software is unlicensed and will increase its settlement demand. Regardless of the size of a company, if there are concerns about the ability to scan software, locate purchasing information or evaluate audit results, it is advisable to seek outside assistance with the process from an expert. | | Tags: BSA business software alliance internal audit network inventory | | |
| | How High Can Damages Go for Unlicensed Software Use? | Recent, high-profile damages awards in the two online-music-sharing copyright lawsuits that have gone to trial – involving defendants Joel Tenenbaum in Massachusetts and Jammie Thomas-Rasset in Minnesota – leave unanswered questions regarding just how high copyright damages can go in copyright actions under other circumstances.
On July 31, 2009, the Tenenbaum jury returned its verdict that the defendant (a Boston University graduate student) should pay $675,000 in statutory damages to several different record labels for sharing copyrighted songs over the Internet on peer-to-peer networks. The Thomas-Rasset jury’s verdict was even higher, ordering the defendant there – a natural resources coordinator for the Mille Lacs Band of Ojibwe Indians – to pay $1.92 million to several labels under similar factual circumstances. Each defendant has vowed to pursue a reduction in damages or to appeal the verdicts based on the Supreme Court’s suggestion in other circumstances that punitive damages awards greater than 10 times actual damages are unconstitutional. In each of these cases, the damages awarded are many times higher than the amounts the defendants claim to be able to pay without filing for bankruptcy protection. The Recording Industry Association of America (RIAA) certainly is aware of this, undoubtedly making the magnitude of the awards most valuable to it and its member music distributors as useful examples to help coerce other, potential defendants into accepting settlement on the RIAA’s terms.
Many businesses are justifiably concerned regarding the implication of these recent awards, to the extent that software companies and their representatives – such as the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA) – might attempt to use them in the context of settling claims of software copyright infringement. In fact, the attorneys at Scott & Scott already have noticed that attorneys for software publishers and trade groups have begun to reference the awards in the music download cases in order to force their clients’ points at settlement. From this perspective, the cases are a good reminder of the importance of implementing solid software asset management practices in order to prevent the significant exposure that could result from a BSA or SIIA software audit.
However, it is also important to keep in mind that the circumstances surrounding allegations of software copyright infringement often depart substantially from the circumstances in the music cases. In many cases, business owners and managers may be wholly unaware of any unlicensed software use in their organization, and in some cases, the fault for any non-compliance may rest in the hands of the individuals who are acting as the confidential sources of the BSA’s or SIIA’s information. Every case is different, and a business’ attorneys should be prepared and able to distinguish the facts at hand in a dispute from the facts of cases that a claimant may use to argue for excessive settlement amounts.
It is also important to keep in mind that these high-profile music cases may serve as catalysts for judicial or legislative action on the issue of the maximum damages available for copyright infringement. It will be very interesting to watch development in this area. | | Tags: BSA RIAA Recording Industry Association of America SIIA Software & Information Industry Association business software alliance copyright software audit | | |
| | Microsoft Loses Appeal to Sell Microsoft Word | In August 2009, i4i, Inc., a Canadian development company, won a $290 million judgment against Microsoft Corporation for willfully infringing on a 1998 patent for a custom XML editing feature used in Microsoft Office Word software. Microsoft’s software allows users to edit XML, a computer code that controls the way content is displayed in the document. i4i had alleged that Word’s XML editor constituted an infringement of its patent.
Microsoft appealed the judgment, the injunction against selling Word, the jury award and the enhancement of damages. During the trial, Microsoft had denied its knowledge of the existence of i4i’s patent and also had alleged the patent was invalid. However, the appellate court confirmed the findings of the jury, noting the evidence presented by i4i of an e-mail exchange between Microsoft employees discussing i4i marketing material and the patent number for the custom XML editor. These e-mails purportedly claimed Microsoft’s custom XML editor would render i4i’s technology obsolete.
After interest and fees, the judgment against Microsoft totals nearly $300 million. In addition, the injunction against Microsoft went into effect January 11, 2010, and bans sales for Word 2003 and Word 2007. It is expected to affect the 2007 Office Suite as well. In anticipation of losing the appeal, Microsoft already had removed the infringing code from Word 2010, and has plans to do the same for Word 2007. The injunction will not apply to sales of Word products that do not contain the code, and Microsoft will be able to continue to offer technical support to users who currently own the affected software.
However, at this time it is unclear if the judgment will affect the Business Software Alliance (“BSA”)’s pursuit of alleged copyright violations of affected Word and Office products through software audits. In light of the judgment, if your business has been targeted by the BSA for a software audit, you should work with counsel to determine an appropriate strategy relevant to any installations of Word for which you are unable to locate proofs of purchase in the form demanded by the BSA. | | Tags: BSA business software alliance patent disputes software audit | | |
| | Microsoft Introduces Rental Rights Licensing | For years, many businesses interested in renting computers running Microsoft software to third parties have faced a dilemma: either (1) commit to a complicated and potentially expensive Microsoft Services Provider License Agreement (SPLA), which until recently was the only license agreement under which Microsoft has allowed its software to be rented, (2) rent the computers outside a SPLA relationship and risk the exposure that such activity can entail in the form of an audit by Microsoft or by the Business Software Alliance (BSA), or (3) forego the revenue that might be realized from the rental business. Many other business owners have been unaware of the prohibition against renting in most Microsoft license agreements until discovering, in the context of a BSA audit, that the BSA typically treats a breached license as no license at all for the purpose of calculating the penalty to be paid to resolve a software audit. Worse, after paying that penalty to the BSA, affected businesses have been forced to enter into a SPLA in order to continue offering rental services, or else run the risk of losing the release from liability that they purchased with the settlement payment.
However, in a comparatively rare move toward licensing simplification, as of January 1, 2010, Microsoft is offering Rental Rights as an additive license for certain Windows operating system and Office productivity software licenses purchased under its Open and Select volume licensing programs. Now, instead of signing up for a SPLA, Microsoft’s compliance-minded volume licensing customers will be able to purchase rental rights along with other additive licenses (such as, for example, Software Assurance) when they purchase the underlying license for an eligible software product. The rental rights will be valid for the term of the underlying software license or for life of the system on which the software is installed.
More information on the new Rental Rights is available here:
https://partner.microsoft.com/40104043
The current pricing appears to be such that businesses with larger fleets of rental computers may want to stay with the more scalable SPLA licensing requirements. However, smaller businesses or those with a more limited number of rental systems should work with counsel or a licensing consultant to determine whether Rental Rights will be an appropriate mechanism to stay in compliance with licensing obligations. | | Tags: BSA Microsoft business software alliance software licensing | | |
| | BSA Pursues Software Audits Despite Questionable Information from Informants |  The Business Software Alliance (BSA) regularly targets small-to-medium sized businesses for expensive software audits to determine whether those businesses are in compliance with their BSA-member software licenses. In furtherance of that effort, the BSA offers cash rewards to disgruntled current or former employees who provide information about allegedly unlicensed software installed on their employers’ computers.
However, in many cases, businesses targeted by the BSA discover that there appear to be significant discrepancies between the information apparently provided by the BSA’s confidential informants and the actual license-compliance status of those businesses. Many businesses suspect that the cause of the discrepancy is the informants’ desire to profit from the BSA’s reward program. Regardless of the cause, however, when the audit materials submitted in an audit matter do not conform to the information supplied by the confidential informant, the BSA typically disputes the results. The business then ends up incurring additional legal fees in an effort to authenticate those results and move the matter forward to a resolution.
Worse, though, even when the BSA discovers that its informant may have provided false information, it typically will not stop pursuing the copyright infringement claims. The BSA’s loose definition of “unlicensed” software covers any software with no proof of purchase. Therefore, even though business records are only required to be kept for seven years for tax purposes, because the BSA requires dated proof of purchase in order to credit a business with license ownership, it effectively expects its business targets to keep their invoices for software license purchases forever. The BSA thus justifies its continued pursuit of businesses, even in the face of an apparently unreliable informant, based less on principles of copyright law than on potentially inadequate accounting practices.
There is usually little recourse against the BSA or the informant for initiating legal action based on false information. In some cases, a company may consider suing the informant on a breach of contract or breach of confidentiality claim, depending on the existence of any prior agreements with the informant, but the expense of such an action would be prohibitive for most businesses. For these reasons and others, it is important for all companies, regardless of whether they are faced with a BSA audit, to be prepared to document their license ownership, to keep confidential all information relevant or potentially relevant to an audit, and to seek the assistance of counsel. | | Tags: BSA business software alliance software audit | | |
| | What is the BSA’s Definition of Software Piracy? | .jpg "Keli Johnson") “Software piracy” is a favorite catch-phrase used by the Business Software Alliance (BSA) and the software companies it represents. Most people understand software piracy to involve the intentional copying and, in many cases, distribution of copyrighted software to third parties without permission of the copyright owner. Understandably, the term has extremely negative connotations, and most businesses will go to great lengths to avoid behavior that could reasonably be branded as “piracy.”
Unfortunately, the BSA’s definition of software piracy is considerably more broad than the common understanding and may be confusing to companies audited by the BSA who have never knowingly copied unlicensed software. During a BSA-initiated software audit, the BSA requires the businesses it targets to provide dated proofs of purchase for each software product installed on their computers. There are specific types of documentation the BSA accepts, and it usually rejects purchases from E-bay, Amazon, or similar Internet-based re-sellers. Therefore, if a company unknowingly purchases software from an unauthorized retailer or simply is unable to find receipts for products it purchased, the BSA will penalize the company as though it intentionally violated copyright law and “pirated” the software.
Worse, typically after an audit the BSA will enter into settlement agreements with the companies it accuses of copyright infringement. Unless a provision for confidentiality is included in a settlement agreement (usually only in return for a significant additional amount to be paid at settlement), there is nothing to prevent the BSA from publishing a press release identifying the targeted company, the software products involved, and the settlement amount, and otherwise making express or implied statements that the company is guilty of “software piracy.”
As a general rule, companies should keep all receipts from software purchases indefinitely, and they should purchase software only from authorized dealers. Additionally, recipients of letters from the BSA should seek experienced legal counsel to assist with the audit and to help negotiate a resolution that may prevent the unnecessarily negative publicity that can result from the BSA’s overzealous application of the “pirate” label.
| | Tags: BSA business software alliance copyright infringement software audit | | |
| | BSA-Supported Organization Adopts Troubling Position On Open-Source Software | Many businesses targeted for software audits initiated by the Business Software Alliance (BSA) often make the decision as a result of the audit process to forego the expense and risk associated with using BSA-member software and instead transition to open-source software (OSS) solutions. While OSS may entail some challenges related to hardware and software compatibility, in many cases, those products do not entail any licensing fees, are subject to much less stringent licensing requirements, and may be upgraded at will to the latest versions without the purchase of any support subscriptions or product upgrades. As a result, they present a tempting and cost-effective alternative to other solutions, especially in light of the fact that expensive BSA settlements typically do not include the acquisition of any software licenses that a business may require in order to achieve compliance. However, through the International Intellectual Property Alliance (IIPA) – an IP trade organization of which the BSA and other content-oriented groups like the Motion Picture Association of America and Recording Industry Association of America are members – the BSA appears to be subscribing to the position that the use and endorsement of OSS is the equivalent of software “piracy.”
The IIPA’s position was reflected recently in comments it submitted to influence U.S. trade policy. Each year, the Office of the U.S. Trade Representative (USTR) conducts a review of foreign IP laws – called the Special 301 review – to identify those nations believed to have unacceptably lax copyright policies. Negative treatment in the review can lead to trade sanctions and is intended to exert pressure on foreign nations to adopt more stringent copyright policies. During the review process, the USTR accepts recommendations from interested parties regarding countries they believe should be added to the “blacklist” of poor copyright enforcers. In its 2010 recommendations to the USTR, the IIPA named among the countries to be “watched,” among others, Indonesia, Brazil and India, at least in part, it seems, for endorsing the use of OSS in governmental agency offices. This is in spite of the fact that some nations – Indonesia notable among them – adopted those recommendations in order to curb the use of unlicensed software.
A person could be forgiven for adopting a cynical assessment of the BSA’s motivations in the wake of such an apparent policy endorsement. Under the guise of protecting its members’ valuable copyright interests, the BSA has targeted hundreds of small-to-medium-sized businesses for software audits under the threat of federal court litigation and has labeled many of those businesses “pirates” upon failure to meet the BSA’s unnecessarily strict requirements for proving ownership of software licenses. However, the IIPA’s position with regard to OSS seems to indicate that copyright enforcement may be less of a concern to the BSA than is driving sales of its members’ products.
The BSA has not historically objected to businesses transitioning to OSS in the wake of software audits, but the IIPA’s recommendations to the USTA may be cause for concern. All businesses that have been contacted by the BSA for such audits should consult with counsel to work toward the most reasonable available resolution.
The full text of the IIPA’s recommendations is available here:
http://www.iipa.com/2010_SPEC301_TOC.htm | | Tags: BSA business software alliance software audit | | |
| | Costly Software Audit Mistakes | The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish. In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements. In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses.
The audit process is lengthy and arduous and often is affected by costly mistakes. One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process. It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit. The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions, Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives.
However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA. Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit. Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product. The BSA then typically applies a multiplier for each product included in its settlement offer calculations.
For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA. If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity. | | Tags: BSA SIIA copyright infringement software audit | | |
| | Judge Rejects Copyright Damages Compilation Components |  In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation. NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI. NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs.
The court rejected NEI’s request for damages for each separate work and concluded that “a plaintiff should not receive a windfall recovery by inflating the number of works infringed from its own compilation.” The court determined that “when a plaintiff compiles assorted copyrighted products into a new product, the compilation constitutes one work for purposes of copyright infringement.”
NEI’s focus on “whether each item (in a compilation) has an independent economic value and is, in itself, viable” did not sway the court. Rather, the Court held that “adopting such a test would be to make a total mockery of Congress' express mandate that all parts of a compilation must be treated as a single work for purposes of computing statutory damages.” The court also declined to apply rulings from cases NEI presented in which defendants, rather than plaintiffs, created compilations of the plaintiff’s works.
If you have been contacted by the Business Software Alliance (BSA), Software & Information Industry Association (SIIA), or another software industry auditing entity, you should contact counsel experienced in negotiating with auditing entities regarding bundled software suites that resemble compilations. | | Tags: BSA SIIA copyright infringement software audit | | |
| | Life after a Software Audit: Keeping Settlement Confidential | The Business Software Alliance (BSA) is an organization that pursues copyright infringement claims on behalf of many software publishers against companies it accuses of violating its members’ software license agreements. Because the cost of litigation in most cases outweighs the cost to settle out of court, the BSA often is able to force businesses to comply with an arduous and often arbitrary software audit process that typically culminates in a negotiated settlement entailing a significant settlement payment to the BSA.
Due to the nature of the process and the possibility that a settlement may be misconstrued to reflect misconduct on the part of a company, many companies that settle with the BSA seek to keep the existence and terms of settlement confidential. However, the BSA disfavors confidentiality provisions, because they interfere with its efforts to publicize the results of its license enforcement program. Therefore, the BSA typically demands a higher settlement payment to include such a provision.
Absent a confidentiality provision in the settlement agreement, the BSA generally is free issue to a press release detailing the terms of settlement and name of the company. The BSA often then seeks to publish the release in media outlets relevant to the targeted business’ industry or geographic location, in addition to publishing the press release on its web site.
There are many considerations for a company contemplating a demand for confidentiality. Some larger, more recognizable companies seek confidentiality provisions to offset potentially negative publicity associated with their brand. Under those circumstances, the additional penalty amount may represent an acceptable cost. However, smaller companies often choose to pay a lower settlement amount not inclusive of confidentiality, based on a determination that damage to their brands, if any, likely would be less significant. This is a decision in which a company’s upper management should be given an opportunity to contribute. Finally, on rare occasions, some companies seek to issue their own press releases, detailing the settlement terms, and exposing the BSA’s software auditing process as a warning for other businesses.
Regardless of the strategy a company chooses regarding confidentiality, it is important to be aware of the implications of failing to include a confidentiality provision in the final settlement agreement. When in doubt, it is beneficial to seek counsel from an attorney familiar with the BSA process. | | Tags: BSA business software alliance software audit | | |
| | Businesses Turn to Open Source Software After Software Audits | The Software & Information Industry Association (SIIA) and the Business Software Alliance (BSA) routinely sends letters to businesses on behalf of many software publishers, including Microsoft, to investigate potential copyright infringement claims based on allegedly unlicensed software. The software audit process can be long and expensive, in part due to the fact that the SIIA and BSA typically require a targeted company to produce dated proofs of purchase for licenses for every software product installed on its computers as of the effective date of the audit, regardless of how many years have passed since the license purchase. Although the IRS generally requires businesses to maintain records for only seven years, the SIIA and BSA allow no such limitation in demanding invoices or receipts for all software license purchases. Businesses often are unable to find the documentation for the purchase of each product, which typically results in a higher payment demanded by the SIIA or BSA to settle the matter.
The notion that a business could legitimately purchase software only to be required to re-purchase it following a software audit – in addition to having to pay a penalty to the SIIA or BSA – leads some businesses to seek open source alternatives. For many of the BSA-member products most commonly found to be at issue during a third-party audit – such as Microsoft Office and Adobe Photoshop – there are analogous open-source alternatives – such as OpenOffice or GIMP – that are available at little or no cost to license. Although the functionality of these alternatives is not identical to that of the SIIA- or BSA-member products, many consumers determine that those differences are less compelling than the advantage of cutting costs and avoiding future exposure related to third-party audits. However, it is important to keep in mind that, while it may cost nothing to deploy open-source software, the installation and use of those products are still subject to copyright laws and governed by the terms of license agreements (such as the GNU General Public License). The terms of those licenses can have a significant impact on a business’ ability to host, modify or redeploy open-source software products. Therefore, businesses should make an effort – if necessary, with the advice of counsel – to familiarize themselves with the terms of those licenses. | | Tags: BSA SIIA Software & Information Industry Association business software alliance open source software software audit | | |
| | Effective Dates in Software Audits are Critically Important | Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor. Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses’ software license-compliance status as of the audit effective date – the date on the first letter those entities send to a targeted business. The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date.
Because computer networks may change rapidly, the auditors need to identify a moment in time for which they can ask the audited business, “Did you have all of the licenses for the software installed on your computers?” If the answer is yes, the auditing entity will typically close its file. If the answer is no, the auditing entity will claim the business engaged in copyright infringement on the effective date. The business’ representation that it was compliant after the effective date has no bearing on whether the business engaged in copyright infringement on the effective date. If the matter proceeds to a lawsuit, the auditor likely would claim that the business infringed its or its members’ copyrights on the effective date.
The auditing entity typically demands proof of purchase documentation that demonstrates the ownership of a sufficient number of licenses on or before the effective date. Software purchased after the effective date is not relevant to the audit. Locating, reviewing, and compiling the proof of purchase documentation is a collective effort that often requires coordination among various individuals and departments within an organization. In addition, identifying and listing all of the software on the company’s computers as of the effective date may be made doubly difficult when computers contain large amounts of software irrelevant to the audit. It is also important to keep in mind that software environments change as computers are added, decommissioned, and rebuilt with the ebb and flow of HR turnover.
If you have been contacted by an auditing entity such as the BSA, the SIIA, or a software publisher, you should proceed with caution and should familiarize yourself with the typical process for such software audits. Experienced counsel can help to guide you through that process and to avoid unnecessarily large expenses. | | Tags: Autodesk audits BSA Microsoft Audit SIIA business software alliance software audit software information and industry association | | |
| | Adopting Software Use Policies to Protect Against Copyright Infringement Claims | The Business Software Alliance (“BSA”), and the Software & Information Industry Association (“SIIA”) pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others. Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products. In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities’ members’ software products are properly licensed.
It is not unusual for a company to discover during the audit process that its current or former employees installed software on company computers without authorization. Unfortunately, this oversight may lead to substantial financial penalties from the BSA or SIIA for any allegedly unauthorized installations. During the course of settlement negotiations, the BSA and SIIA routinely fine companies three times the MSRP value of each allegedly unlicensed product.
While no written policy is foolproof against employees installing unauthorized software, a proactive approach includes guidelines and policies to outline proper use of a company’s computers. This may include provisions banning installing, using, or accessing software unless specifically authorized by the company. Educating employees to have a better understanding of how to use a company’s resources and technology properly may help to prevent costly penalties in the future. In addition to a written policy, it also is advisable for a company to routinely conduct an internal audit of its computers to help ensure software compliance. Once the BSA or the SIIA gets involved, it is typically too late to avoid paying a penalty. | | Tags: BSA SIIA business software alliance software audit software information and industry association | | |
| | Unauthorized Software: Costly to Your Bottom Line | The Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) pursue copyright infringement claims against companies accused of installing unauthorized copies of software. Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems.
This audit process often is arduous and involves collecting all available license-purchase documentation for the BSA- or SIIA-member software product installations discovered during the investigation. However, unlike the IRS’ retention requirement of 7 years for business records, the BSA and SIIA will not recognize license-credit in favor of the businesses they target without dated proof of proper licensing for every installed software product, regardless of when it was purchased.
More troubling for many businesses is the fact that, even if they are able to produce purchase documentation for software installed on their systems, they may receive no credit for that documentation if it appears to have been received from a software vendor that is not an authorized dealer. Purchasing software from some web sites, such as Amazon.com’s Amazon Marketplace, eBay, or Craigslist, can be risky, especially when the quoted price for a product is less than 80% of its MSRP value. Many of these heavily discounted software products licenses are offered without the authorization of the software publisher and could end up being useless to the business purchasing them, in the event of an audit. The cost can be magnified when, following settlement, the affected companies are required to re-purchase the same software from a reputable vendor.
In rare instances, the BSA and SIIA sue unauthorized resellers. In June, the SIIA worked with the LAPD to bring criminal charges against two individuals accused of pirating SIIA member software and selling it on Craigslist. However, while the BSA and SIIA pursue unauthorized retailers with civil and criminal charges, they are unable to expose all potential unauthorized retailers. Therefore, as a prudent practice, prior to making any software purchases, a company should investigate whether a vendor is an authorized seller of properly licensed software. Additionally, a company should beware of heavily discounted software. | | Tags: BSA SIIA business software alliance software audit software information and industry association | | |
| | Victory for Consumers: Library of Congress and 5th Circuit Clarify Exceptions to DMCA | The Library of Congress and the 5th Circuit Court of appeals both recently made significant strides in expanding and clarifying the exceptions to the anti-circumvention provisions of the Digital Millennium Copyright Act (“DMCA”).
In its regular 3-year review of exemptions to the DMCA’s anti-circumvention exceptions, the Library of Congress, which includes the U.S. Copyright Office, added to the list so-called “jail breaking” of wireless telephones, most notably Apple’s iPhone. iPhone users are now able to modify, unlock, and use previously unauthorized applications on their cell phones. Apple had argued that modifications to its iPhones constituted unauthorized modification of its software. However, the Library of Congress emphasized that iPhone owners paid for the product and should have the right to modify their phone for their personal use. The new DMCA exceptions also include:
 Circumvention of security measures in DVDs, when short portions of the content is to be used for “educational uses by college and university professors and by college and university film and media studies students
Circumvention of security measures in video games accessible on personal computers for certain testing and security-related operations
Circumvention of security measures in computer programs protected by out-of-date hardware-based security accessories (also known as “dongles”)
Circumvention of security measures in ebooks for the purpose of making the content accessible for readers with disabilities, provided that no other edition of the work allows accessibility-related modifications
In MGE UPS Systems Inc. v. GE Consumer and Industrial Inc., the 5th Circuit further clarified the overall scope of the DMCA’s anti-circumvention provisions in ruling that bypassing protections on copyrighted software in order to access or use the product does not necessarily trigger a DMCA claim. MGE had sued GE for copyright infringement, claiming GE hacked the software security key to access its copyrighted software. The Court held that simply viewing or using copyrighted software does not constitute unlawfully accessing copyrighted materials in violation of the DMCA, and that a copyright owner’s software security protections must protect against a right specifically granted Act. That holding also might be significant for some companies faced with allegations of unlicensed software use by organizations such as the Business Software Alliance (BSA) or the Software & Information Industry Associations (SIIA).
The DMCA is multi-faceted legislation, with some provisions that historically have been good for small to medium-sized businesses and some that have been less positive. These recent developments represent a net improvement to the effect of the law for most consumers of digital media. | | Tags: BSA DMCA SIIA copyright infringement software audit | | |
| | BSA Ramping Up Piracy Campaign | The Business Software Alliance (“BSA”), a trade association representing a number of software publishers, is launching a new campaign to attract would-be informants to its reward program. The BSA’s new Know it / Report it / Reward it campaign will attempt to attract a larger number of informants through a coordinated effort involving online advertisements, radio advertisements, research reports, and other tools.
The program continues the BSA’s practice of offering rewards of up to one million dollars for qualifying reports of software piracy. Individuals allegedly possessing knowledge about a business’ software compliance practices report information to the BSA which may become the basis of a legal engagement.
Issuance of a Software Policy can also provide the education and training employees need to help the business maintain compliance. Management should clearly delineate the company’s software asset philosophy and process to ensure compliance across the organization. Companies that receive audit letters from the BSA should contact experienced counsel for assistance. | | Tags: BSA software audit | | |
| | When to Buy vs. Uninstall in BSA Audits | One of the most common mistakes I encounter in BSA audits is what I call the post-effective date software buying spree. The buying spree occurs in response to a letter from the BSA’s attorney’s requesting a self audit. Many clients are discouraged to learn that software purchases made after the date of the BSA’s initial letter have no impact in a BSA audit matter. For this reason, I advise my clients against scrambling to acquire software in response to a BSA audit.
The first thing a target of BSA audit needs to do is preserve the evidence of BSA member software products installed on the company’s computers as of the audit effective date. Second, the software installed needs to be reconciled against proofs of purchase information to determine whether there is gap between licenses owned and software installed. Third, a decision needs to be made regarding whether to purchase or uninstall any unlicensed software. The BSA audits only those products installed as of the audit effective date, and accepts only proofs of purchase dated on or before that date.
I advise my clients that regardless of what was installed on the audit effective date, they only need to purchase software licenses for products that they need to use going forward. Although it will not resolve past liability, companies may choose to uninstall unlicensed BSA member products at the conclusion of the audit matter, rather than purchase unnecessary software simply because it was installed on the effective date. At the conclusion of a BSA matter, the target must certify that it has come into compliance through the combination of buying and\or uninstalling. | | Tags: BSA software audit | | |
| | A New Definition of Software Piracy | A New Definition of Software Piracy
What is software piracy? Like many politically charged phrases, the definition of software piracy is influenced by your financial interests and your viewpoint. The Business Software Alliance defines software piracy as:
“The illegal use and/or distribution of software protected under intellectual property laws.”
The Business Software Alliance specifically includes unintentional business overuse in its definition of software piracy as follows:
“End-user piracy occurs when an individual or organization reproduces and/or uses unlicensed copies of software for its operations.”
Armed with this definition of software piracy, the Business Software Alliance pursues global “anti-piracy” campaigns that include the targeting of many small to medium sized companies. The Business Software Alliance accuses these companies of engaging in software piracy and threatens them with litigation unless they voluntarily undergo a self audit. In my experience, the vast majority of the companies targeted by the Business Software Alliance are not pirates under anyone’s definition, they have merely failed to maintain financial records related to software purchases that no one, including the software companies, ever told them they were required to keep. In addition, the targets of Business Software Alliance audits are not pirates because they never intended to violate software licenses or copyright laws.
Scott & Scott’s Definition of Software Piracy
“Software Piracy is the distribution of counterfeit software and/or use or distribution of authentic software constituting the intentional violation of intellectual property laws.”
Our definition of software piracy differs from that used by the Business Software Alliance in that our definition adds emphasis to counterfeiting and expressly excludes the unintentional over deployment of software by end users. Piracy implies theft which under the law requires intent. Any definition of software piracy that includes unintentional over deployment should be rejected. The definition used by the software industry and the Business Software Alliance improperly characterizes software owners as thieves because they have been, at most, negligent in the management of their software assets and documents.
| | Tags: BSA software compliance | | |
| | Unbundling Software Suites in BSA Audits | One of the most controversial tactics the BSA uses when calculating its settlement demands is its practice of unbundling software suites such as Microsoft Office and Adobe Creative Suite. Unbundling occurs when the target of a BSA audit is unable to provide acceptable proof of purchase for one or more installation of a software suite.
The effect of unbundling is to dramatically and artificially inflate the monetary component of a BSA settlement because the BSA calculates its fine based upon the MSRP of each component part of the software. In a BSA audit involving Microsoft Office for example, the BSA unbundles the suite by separating Microsoft Outlook, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Access and then calculates its proposed fine on the basis of the MSRP of each component. This practice results in a proposed fine per installation of approximately $2,000 for a product with a market price ranging from $150 to $350, depending on the version.
In my opinion, the BSA’s practice of unbundling is completely contrary to law because the software suites of BSA member publishers are compilations under the copyright law and therefore constitute a single work for purposes of calculating statutory damages for infringement. The U.S. Copyright Act 17 U.S.C. § 101(c) defines a compilation as follows:
“A "compilation" is a work formed by the collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship. The term "compilation" includes collective works.”
The statutory damages provision of the U.S. Copyright Act 17 U.S.C. § 504(c) provides in pertinent part that:
For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.
Federal court’s have also interpreted these provisions to preclude recovery of statutory damages for the component parts of a compilation. For example, in XOOM v. Imageline, the Court of Appeals for the Fourth Circuit only made one statutory damage award for each compilation of electronic clip art, even though each compilation included thousands of works because “[a]lthough parts of a compilation or derivative work may be ‘regarded as independent works for other purposes[,]’ for purposes of statutory damages, they constitute one work.” XOOM v. Imageline at 285, citing H.R. Rep. No. 94-1476, at 162 (1976).
Similarly, in WB Music Corp. v. RTV Communications Group, 445 F.3d 538 (2d Cir. 2006) the Court of Appeals for the Second Circuit interpreted 17 U.S.C. § 504(c) and discussed the distinction between compilations authorized by the copyright holder that constitute “one work” for statutory damages purposes and collections of separate works compiled by the defendant and never authorized by the copyright holder. Because the software suites implicated in BSA audits involve separately copyrighted works included in a compilation authorized by the copyright owners, section 504(c) applies and prohibits the award of statutory damages for the component parts of the suite.
| | Tags: BSA business software alliance software audit | | |
| | BSA Audit TimeLine | One of the top ten questions asked by my clients is “How long does the BSA self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical BSA audit.
Preparation of Audit Materials (3 to 6 months)
A BSA audit is a request, under threat of litigation, to compile a listing of all BSA member software products installed on the audited entity’s computer network as of the Audit Effective Date. The Audit Effective Date is the date on the BSA initial letter requesting an audit. The first step in preparing this information is conducting an automated inventory of the software products installed on all computers owned or leased by the target company. Once an accurate inventory of the BSA member software products is completed, the next step is to reconcile the software inventory information with proofs of purchase dated prior to the audit effective date. While there are various ways to prove ownership of a software license, typically an invoice is considered the best evidence of ownership in a BSA audit. In the typical case, the inventory and reconciliation process takes three to six months.
Secure a Confidentiality and Federal Rule of Evidence 408 Agreement (1 week)
With very limited exceptions, we advise the targets of BSA audits to cooperate with the self-audit process but to do so in a way that does not compromise their position in the event that an out of court settlement is not possible. We do not disclose any information to the BSA until it signs an agreement regarding the confidentiality of the information disclosed and specifically limiting the BSA’s ability to introduce the information as evidence in court. In the typical case, the BSA will sign our standard agreement within one week.
BSA Analyzes Self-Audit Materials and Makes a Settlement Demand (3 to 6 months)
After the self-audit materials are submitted by the target of a BSA audit, the Business Software Alliance typically takes three to six months to respond. The BSA’s response provides its interpretation of the self-audit materials and applies a formula for its initial settlement proposal. The BSA’s formula for calculating fines is generally three times the unbundled full retail price of the software products installed on the target’s computers plus $3,500 for BSA’s attorney’s fees. In many instances, the BSA’s settlement proposal is substantially more than the target may have expected due to differences of opinion regarding what constitutes valid proof of ownership. In our experience, the BSA usually takes three to six months to make substantive response following the submission of the self-audit materials.
Negotiation of Monetary and Non-Monetary Terms of Settlement (6 to 24 months)
After the BSA makes its initial settlement demand, there are various monetary and non-monetary terms that need to be negotiated. The obvious material term in every BSA audit negotiation is the amount of any monetary amount to be paid to the BSA for alleged past infringement. The most significant non-monetary issue is whether the BSA will agree to a confidentiality provision. Such provisions require the BSA to keep the existence and details of the audit confidential and precluded BSA from issuing a press release. Negotiations over confidentiality provisions can be extremely protracted as the BSA agrees to such provisions in only very limited circumstances. Other non-monetary provisions include future obligations such as certifications of compliance, adoption of a software code of ethics, and production of additional proofs of purchase to the BSA for purchases made after the audit effective date. The length of the negotiation process differs from case to case but generally lasts between six months and two years.
| | Tags: BSA business software alliance software audit | | |
| | The Importance of the “Audit Effective Date” in BSA Audits | One of the first things I ask a prospective client is: What is the date on the initial letter you received from the BSA? The date on the initial in a BSA letter is often referred to as the Audit Effective Date. This date is important for many reasons. I like to tell my clients that a BSA audit measures a snap-shot in time – what BSA member software was installed on the company’s computers as of the Audit Effective Date. Once you have an accurate inventory of what was installed on the Audit Effective Date the next step is to determine what proofs of purchase are available to establish purchases prior to the Audit Effective Date.
When a BSA audit matter is settled, the target is required to certify that the audit results provided during the course of negotiations are true and correct as of the Audit Effective Date. For this reason uninstalling software that was installed on the effective date, or purchasing software products after the effective date have no impact on the BSA’s calculation of fines in BSA audits. It is critical to obtain an accurate inventory of the software installed on the target company’s computers as quickly as possible following receipt of the initial letter from the BSA. Failure to understand the importance of the Audit Effective Date, has caused companies to go on software buying sprees in response to a BSA audit and to report results to the BSA reflecting the software installed on a date after the Audit Effective Date. I believe that both of these strategies are mistakes that should be avoided.
| | Tags: BSA business software alliance | | |
| | Cooperation or Litigation: BSA Audit Strategy | If your company has received a letter from the BSA requesting a software audit, you are probably wondering whether you should cooperate or tell the BSA to pound sand. I advise my clients to cooperate but to do so in a manner that will not jeopardize their legal position in the event that cooperation does not result in an acceptable out-of-court settlement. This advice is predicated on the fact that business clients almost universally seek a resolution that has the lowest total costs and the most predictability. In BSA audits, these costs are software licensing fees, fines payable to the BSA, attorney’s fees, organizational impact, and the potential damage to brand associated with negative publicity. In my experience, a properly handled BSA audit can always be resolved for a lower total cost through cooperation than through litigation.
Most importantly, cooperation does not preclude litigation in the future if the BSA is unreasonable in its approach to settlement. In other words, you can always go to court if the out-of-court, lower total cost approach is not satisfactory. However, we have seen audit targets and other lawyers make several mistakes that actually detriment their legal position during negotiations with the BSA. The two critical success factors to properly handling a BSA audit or making sure that the information gathered during the process, which would not otherwise be discoverable in a court proceeding, is protected by attorney work-product and attorney client privileges. In addition, no information should be provided to the BSA unless and until the BSA agrees that the information is governed by Federal Rule of Evidence 408 and therefore will not be admissible in court if an out-of-court resolution is not reached with the BSA. The only time I have deviated from this advice has been where the audited entity was not a viable going concern and the principal(s) were judgment proof. If you have been contacted by the BSA, you should contact an experienced attorney to assist you with strategy.
| | Tags: BSA business software alliance software audit | | |
| | Suing the Informant in BSA Audits |  The targets of BSA audits frequently believe that they know who reported them to the Business Software Alliance. Justifiably angry, they want to know what legal recourse they have against the informant. Because the informants are frequently out of work, having been fired by the target, I advise my clients about the number one rule governing litigation: never sue poor people. Legally speaking, the most probable cause of action against an informant in a BSA audit would be based upon a breach of an employment agreement containing a confidentiality provision. We have frequently assisted clients in drafting letters to former employees presumed to be the informant, forcefully reminding them of their confidentiality obligations, but have come short of advising clients to file suit against a presumed informant.
| | Tags: BSA business software alliance | | |
| | Unpleasant Surprises in BSA & SIIA Software Audits | Many companies who comply with a demand by a software publisher or industry association (such as the BSA or the SIIA) for an internal software audit end up facing significant settlement demands after forwarding their audit materials to the other side. One of the reasons the settlement demands often are so high is the fact that the auditing entities frequently base their demands, in part, on the “unbundled” price of software suites. Thus, where a company may expect to pay a fine based on the MSRP of, for example, one undocumented installation Microsoft Office Professional 2007 ($679), it likely will end up receiving a settlement demand based on the combined MSRPs of each of the components of that undocumented suite: Word ($229), Excel ($229), PowerPoint ($229), Outlook ($110), Publisher ($169), and Access ($229), all totaling $1195. In a typical case these difference add tens of thousands of dollars to the amount in controversy.
Another way in which publishers or auditing entities raise the amount in controversy in software audits is the attempt to assess separate “fines” for each allegedly infringing installation of a software product. Thus, a company reporting just ten undocumented installations of Office Professional 2007, with no other licensing shortfalls, may receive a settlement offer based on the combined, “unbundled” MSRPs of the component products totaling just shy of $12,000. Moreover, that is before the auditing entity applies any multipliers to that figure (yet another common tactic) or makes any assessments for their claimed legal fees, both of which factors may drive the opening settlement offer in the above example to $40,000 or more.
It is not difficult to see how owners of small to medium businesses who think that they have a handle on their financial exposure in a software audit matter often end up with truly unpleasant surprises after submitting audit materials to the BSA or SIIA that they may have believed would be negotiating on a more equitable basis.
If your business has been accused of software “piracy” and is responding to a software audit demand either from a software publisher like Autodesk or from the BSA or the SIIA, an experienced attorney can give you visibility into the process and help you avoid unpleasant surprises.
| | Tags: BSA SIIA Software & Information Industry Association business software alliance software audit | | |
| | Business Software Alliance Report by ABC News | The Business Software Alliance is aggressively targeting businesses accusing them of software piracy. Businesses around the world are facing off with the BSA as the media continues to raise questions about its questionable enforcement tactics such as offering up to one million dollars in reward money. This ABC News report contains the Business Software Alliances’ Blow the Whistle campaign as well as interviews with BSA officials and me. If you have been targeted in an investigation by the Business Software Alliance, you should seek the advice of an experienced attorney.
Click the link below to listen to the Full Report on Business Software Alliance by ABC News:
Business Software Alliance Report | | Tags: BSA business software alliance | | |
| | BSA Audit Procedures | Most BSA Audits begin with a report from a disgruntled employee or former employee. The Business Software Alliance maintains telephone hotlines and a web site to encourage disgruntled employees and vendors to make anonymous reports against companies of all sizes. The BSA dedicates a substantial portion of its revenue marketing on radio stations and the internet to these "rats," promising them confidentiality and the ability to make an anonymous complaint. The current ad on Google reads:
BSA - Official Site
www.BSA.org/reportpiracy Earn up to $1 million for Reporting Pirated Software - All Confidential
The Business Software Alliance investigates all reports of software piracy without confirming the veracity of the information provided or the motive of the person making the complaint.
Once a report is received, the Business Software Alliance makes a decision about whether to request a self-audit or to immediately file suit. In the overwhelming majority of cases, the Business Software Alliance pursues the self-audit approach. Acting either through an internal enforcement attorney or an outside law firm, the BSA will send a letter to the target company requesting a self-audit. The request for an audit is a critical stage in the process, and the time when an experienced attorney can help your business the most. | | Tags: BSA business software alliance | | |
| | BSA Member List Changes | Vigilant monitoring of the BSA’s member list can help you protect your business from unneeded expense associated with a BSA-initiated software audit. The BSA member list changes as software publishers are added to and removed from the BSA’s publicly available list of member software publishers.
Most recently, the newest software publisher to join the BSA is Sheba Distribution, a division of Garmin Ltd., producer of the popular Garmin navigation and communication devices. Avid, EMC Corporation, Parametric Technology Corporation (PTC), and Synopsys have been removed from the BSA member list. Avid publishes popular video and media editing software such as Media Composer Mojo and Symphony Nitris. Avid also owns media and graphics software companies Digidesign, Pinnacle Systems, M-Audio, Sibelius, Sundance Digital, and formerly, Soft Image. EMC Corporation is a technology company offering a range of network, data recovery, and information management products and consulting services. EMC also owns virtual machine software company VMWare. PTC publishes the popular engineering design software PRO/Engineer. Synopsys publishes software and offers services used in the semiconductor industry.
A BSA audit can be a costly engagement for any business. Maintaining software license compliance will help prevent your business from exposing itself to the unneeded expense of a lawsuit or settlement with the BSA. Businesses that do not manage their licenses and installations on an ongoing basis by performing self-audits may find themselves performing an audit in the context of a BSA matter. Businesses should strongly consider deploying software audit solutions that manage both their installations and licenses and protect the information under an attorney-client privilege.
To view the current list of BSA members, click http://www.bsa.org/country/BSA%20and%20Members/Our%20Members.aspx. | | Tags: BSA business software alliance software audit software dispute | | |
| | Most U.S. Businesses Should Co-Operate With BSA Audit Demands…To A Point | A recent article published by a U.K. business journal suggested that U.K. businesses should refuse to co-operate with demands by the Business Software Alliance (BSA) for information regarding BSA-member software installations and licenses.
The article’s sources appear to base their suggestions on a combination of personal experience and, perhaps, assumptions about the BSA’s operating procedures in U.K.-based software audit matters. One source is cited as suggesting that “companies being chased to complete audits should only do so if the BSA is willing to disclose why they are being targeted, which is something it would have to do as part of any litigation process.”
However, at least in U.S.-based audit matters, the BSA is generally unwilling in any circumstances short of a federal lawsuit to disclose any information regarding the source of its information. In addition, the BSA in the U.S. operates under powers of attorney signed by the software publisher-members it represents, and it has, in the past, shown itself to be willing to pursue software audit matters in court, in the event that business targets either refuse to co-operate with its audit demands or provide information that materially and significantly diverges from the information obtained from its confidential sources.
Notwithstanding the understandable reservations many businesses may have – and should have – regarding disclosing otherwise confidential information to third parties, businesses confronted by the BSA with allegations of software copyright infringement should, at the very least, engage knowledgeable counsel in an effort to evaluate the advisability of co-operating with such demands based on all of the facts. For most businesses in that situation, it will make more sense to co-operate with the BSA in reaching an out-of-court resolution. Such an informal process allows a business to control the flow of information to the BSA and to preserve the confidentiality of any negotiated resolution. Costs and expenses associated with co-operation also generally are significantly less than those associated with a federal lawsuit, and the potential for a lower agreed settlement amount usually will be greater as well.
There are exceptions, of course, and it is equally important to keep in mind that it may make more sense, for any number of reasons, either to refuse to co-operate or, possibly, to file a pre-emptive lawsuit, usually in the form of a request that a court issue a declaratory judgment regarding the absence of copyright infringement. Again, however, these are decisions that businesses must make only after consulting with an attorney who is knowledgeable regarding the issues presented and the potential for exposure.
| | Tags: BSA business software alliance copyright infringement | | |
| | Client Access Issues in BSA-Initiated Software Audits | Businesses targeted for software audits by the Business Software Alliance (BSA) often learn that the BSA typically extends the scope of its audit requests to more than just software products and often requests information regarding client access to server products. Before disclosing this information to the BSA, it is important for a targeted business to understand the effect that such a disclosure can have on the resolution of the audit matter.
Questions regarding client access most often arise in relation to installations of certain server-based Microsoft products, such as SQL Server database software, Exchange Server messaging software, and the Windows Server operating system software. License agreements often (though not always) require that business purchase two types of licenses for these products: one license for the server product installation and client access licenses (CALs) for each user or networked device accessing that product. In other words, a Windows-based file server in a network with ten workstations accessing shared files on that server would require one product license for the server installation and ten device CALs to allow the workstations to connect to and access information on the server.
During audit investigations, the BSA usually requests that targeted businesses disclose the number of server product installations, the number of workstations or users accessing those installations, and the number of CALs purchased by the businesses (with proofs of purchase for all licenses claimed). However, that information is essentially inconsistent with the stated aim of most audit engagements, in that a client access instance is not a software product that can be copied – it is, rather, a mechanism that Microsoft uses to increase its revenue from server product licensing based on the nature of a particular product deployment. Unlike the unauthorized installation and use of a software product, which in most cases constitutes copyright infringement, access to a server product without a CAL can only serve as the basis for a claim of copyright infringement to the extent that the CAL rules constitute conditions on the product license or restrictions on the license scope. Were the matter to be litigated, that issue likely would turn into a fact question.
The Ninth Circuit has summarized the legal issue as follows:
Whether this is a copyright or a contract case turns on whether the [license provisions at issue] help define the scope of the license. Generally, a copyright owner who grants a nonexclusive license to use his copyrighted material waives his right to sue the licensee for copyright infringement and can sue only for breach of contract. If, however, a license is limited in scope and the licensee acts outside the scope, the licensor can bring an action for copyright infringement.
Sun Microsystems, Inc. v. Microsoft Corp., 188 F.3d 1115, 1121 (1999).
There is no doubt that the BSA and Microsoft would (and do) argue that the CAL provisions constitute a restriction on the scope of the server product license. However, those arguments likely would not be dispositive at trial, and a court would (or, at least, should) look to other factors, such as the facts that the Microsoft EULAs are essentially one-sided, non-negotiable contracts of adhesion and that the interests protected by the provisions are revenue-oriented, rather than intellectual property-oriented.
However, it is possible that none of those finer legal points will result in significant traction during a BSA investigation and that the BSA will refuse to provide a release at settlement (if necessary) for server product installations without client access information. At this stage, it is essential for a targeted business to carefully weigh the pros and cons of disclosing the CAL information. For larger environments, an absence of documentation for CALs could result in significantly higher exposure at settlement, possibly making a refusal to disclose client access information, even in the face of not receiving a release for the server products, a preferable option. This is an analysis in which the opinion of a knowledgeable and experienced attorney often will be exceptionally valuable. | | Tags: BSA business software alliance | | |
|
|
|