Tags:

2007 was an exciting and dynamic year for the software asset management industry.
As we enter a new year, the software industry will continue to evolve. Here are my predictions for what will happen in 2008.

Tags:

The Business Software Alliance (“BSA”), a trade association representing a number of software publishers, is launching a new campaign to attract would-be informants to its reward program. The BSA’s new Know it / Report it / Reward it campaign will attempt to attract a larger number of informants through a coordinated effort involving online advertisements, radio advertisements, research reports, and other tools.

The program continues the BSA’s practice of offering rewards of up to one million dollars for qualifying reports of software piracy. Individuals allegedly possessing knowledge about a business’ software compliance practices report information to the BSA which may become the basis of a legal engagement.

Issuance of a Software Policy can also provide the education and training employees need to help the business maintain compliance. Management should clearly delineate the company’s software asset philosophy and process to ensure compliance across the organization. Companies that receive audit letters from the BSA should contact experienced counsel for assistance.

Tags:

One of the most common mistakes I encounter in BSA audits is what I call the post-effective date software buying spree. The buying spree occurs in response to a letter from the BSA’s attorney’s requesting a self audit. Many clients are discouraged to learn that software purchases made after the date of the BSA’s initial letter have no impact in a BSA audit matter. For this reason, I advise my clients against scrambling to acquire software in response to a BSA audit.

The first thing a target of BSA audit needs to do is preserve the evidence of BSA member software products installed on the company’s computers as of the audit effective date. Second, the software installed needs to be reconciled against proofs of purchase information to determine whether there is gap between licenses owned and software installed. Third, a decision needs to be made regarding whether to purchase or uninstall any unlicensed software. The BSA audits only those products installed as of the audit effective date, and accepts only proofs of purchase dated on or before that date.

I advise my clients that regardless of what was installed on the audit effective date, they only need to purchase software licenses for products that they need to use going forward. Although it will not resolve past liability, companies may choose to uninstall unlicensed BSA member products at the conclusion of the audit matter, rather than purchase unnecessary software simply because it was installed on the effective date. At the conclusion of a BSA matter, the target must certify that it has come into compliance through the combination of buying and\or uninstalling.

Tags:

One of the most controversial tactics the BSA uses when calculating its settlement demands is its practice of unbundling software suites such as Microsoft Office and Adobe Creative Suite. Unbundling occurs when the target of a BSA audit is unable to provide acceptable proof of purchase for one or more installation of a software suite.

Tags:

One of the top ten questions asked by my clients is “How long does the BSA self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical BSA audit.

Tags:

Tags:

Tags:

Software auditors almost always try to find ways to maximize the number of allegedly infringing software “copies” at issue in an audit engagement. It is typical for the Business Software Alliance (BSA), the Software & Information Industry Association (SIIA), and other software publishers to demand that their small-to-medium-sized business targets disclose all installations of relevant software products on all of the computers owned by the target, which number the auditors then use in determining how much money they are going to demand in settlement to keep the matter from going to court. This is perhaps unsurprising behavior by the auditors, because it clearly gives them more leverage during settlement negotiations. However, according to more than one federal court, it may not be a correct interpretation of federal law.

In FM Industries, Inc. v. Citicorp Credit Services, Inc., the United States District Court for the Northern District of Illinois determined the existence and extent of infringement of a software program by a business whose license to use the program had expired. In the case, the business at issue claimed that it its use was non-infringing because it initially installed the software with the consent of the publisher. The court rejected this argument, holding that “a user reproduces a program stored in his computer's hard drive merely by launching that program, thereby causing the computer to copy it to Random Access Memory.” The court also cited to a Ninth Circuit opinion in the case of MAI Systems Corp. v. Peak Computer, Inc., where the court there stated:

The district court's grant of summary judgment on MAI's claims of copyright infringement reflects its conclusion that a “copying” for purposes of copyright law occurs when a computer program is transferred from a permanent storage device to a computer's RAM. This conclusion is consistent with its finding, in granting the preliminary injunction, that: “the loading of copyrighted computer software from a storage medium (hard disk, floppy disk, or read only memory) into the memory of a central processing unit (“CPU”) causes a copy to be made. In the absence of ownership of the copyright or express permission by license, such acts constitute copyright infringement.” We find that this conclusion is supported by the record and by the law.

These opinions are at odds with the standard tactics employed by the BSA, the SIIA, Autodesk, and other software auditors. For example, when presented with information that a design firm has repurposed a CAD workstation to a reception desk or, in a perhaps more stark example, decommissioned the machine to a storage closet, the BSA would argue that any design or CAD software remaining on the machine’s hard drive remains relevant for audit purposes, and they would use any such installations as factors in calculating a settlement demand. However, according to the FM Industries and MAI Systems opinions, this methodology is flawed. A correct damages model would not count as “copying” the mere presence of copyrighted software on a hard drive. The relevant inquiry is whether that software is being used by loading it into a computer’s RAM.

When faced with a software audit demand from the BSA, the SIIA, or any other software publisher or industry representative, before disclosing any information regarding the software in use in your business’ computer network, it is important to consult with counsel to determine what is and what may not be within the scope of the audit.
 

Tags:

Tags:

Targeted by the BSA? Almost all of my clients wonder how the Business Software Alliance got their name. Have you heard the BSA’s radio campaign offering rewards of up $1,000,000 dollars to disgruntled employees? The BSA entices disgruntled employees to rat on their employers in exchange for the promise of reward money. If you have been contacted by the BSA, a former or current disgruntled employee likely heard the Business Software Alliance’s Blow the Whistle campaign on the radio.

Click the link below to listen to the Business Software Alliance’s Radio Campaign as reported by ABC News:
Business Software Alliance Report

Tags:

Software piracy audits conducted by the BSA and the SIIA threaten small and medium sized businesses. As the economy tightens, software publishers such as Microsoft, Adobe, and Autodesk hide behind software piracy enforcement groups to pursue customers accused of installing more software on corporate computers than they have purchased licenses for. If your company has been accused of software piracy, here’s what you should do:

• Hire an Attorney – BSA and SIIA have experienced software piracy attorneys working for them, you should too.
• Preserve Evidence – do not uninstall or change computer configurations until an accurate inventory of in-scope computers has been gathered.
• Avoid Knee-Jerk Purchases – a natural but counterproductive response to a software piracy audit is to run out and purchase software. I advise my clients to avoid making purchases until a complete inventory and case assessment has been completed.
• Maintain Confidentiality – client prepared audit materials and related documentation may be discoverable in a lawsuit. We conduct attorney-supervised audit reports protected by attorney-client and attorney work-product privileges.
• Condition Audit Disclosure – software piracy audit materials should only be disclosed after an appropriate agreement regarding confidentiality and non-use of the information has been signed by the software piracy enforcement agency.
• Estimate Software Piracy Fines – always review the draft audit materials with your attorney before they are produced to make sure everyone is clear on the potential financial exposure involved. Our software piracy fine calculators are available at: BSA Fine Calculator and SIIA Fine Calculator
• Argue Software Piracy Legal Issues – there are many legal issues involved in software piracy audits including what constitutes infringement, who has the burden of proof, how damages should be calculated, what constitutes proof of ownership and many others. We vigorously argue these legal points in an effort to reduce software piracy settlement demands.
• Negotiate Non-Monetary Terms – software piracy audit settlement agreements are incredibly one-sided and unfair to the targets. I advise my clients to carefully consider important issues like future audit obligations, confidentiality of the settlement terms, the nature and scope of the release being offered.
• Focus on Your Business – the only way to be successful in a software piracy audit is to continue to stay focused on running your business and taking care of your clients.

If you have been accused of software piracy please call Scott & Scott, LLP for a free consultation.

Tags:

A variety of resolution frameworks are available to businesses involved in a software license dispute. An audit is the most common such framework and entails an analysis of the organization’s network for software installations compared against its licenses. The types of audits initiated by software publishers and trade associations include self audits, independent audits, software asset management (“SAM”) engagements, and publisher-staffed audits.

Self Audits
Self audits are the least disruptive of all software audits. They are a mechanism often employed by trade associations acting on behalf of software publishers. The trade associations, and in some instances, the publisher itself, requests that the target company conduct a self audit and report the results of the audit to the trade association or publisher. Companies that agree to conduct a self audit must inventory the applicable software on the computers within the scope of the audit and report the number of installations, the number of licenses, and the number of license deficiencies.

When evaluating whether you should cooperate or litigate after a request for a self audit, you should consider the benefits of a self audit compared to the other types of audits. For instance, in publisher and third-party audits, you usually have a contractual obligation to participate in the audit and provide information to the auditors. When conducting a self audit, you have some control over the timing of the audit and the allocation of resources. That flexibility is not always present in other types of audits.

Additionally, outside auditors are not always required to be impartial and may submit incomplete or inaccurate audit results. For these reasons, regardless of the type of audit requested by the software publisher, companies faced with an audit should request the opportunity to provide a self audit rather than an independent audit, a publisher-staffed audit, or (usually) a SAM engagement.

Independent Audits
An independent software audit involves the use of a third-party auditor to gather the facts
relevant to the dispute. This audit method may be the most costly and time consuming option for the audit target.

Many software licenses incorporate audit provisions allowing the software publisher to request an independent audit. Such provisions must be carefully analyzed to determine the potential business impact of the audit and liability that may result from the audit.

In an independent audit, the organization has no input into the selection of the auditor, how long the audit will last, or the scope of the materials the auditors may review. The target company must also bear the costs of the audit if the auditor finds a licensing discrepancy of more than 5%. If the auditors conclude there is a discrepancy, the publisher has the contractual authority to unilaterally determine the license price for the software necessary to become compliant. Independent audits have significant business impacts and should be avoided if possible. Nonetheless, independent audits are preferred over SAM engagements and publisher-staffed audits because the auditor is usually ethically obligated to remain independent.

SAM Engagements
SAM engagements are also conducted by third-party auditors or consultants, but there is no obligation that the auditor in a SAM engagement be independent. The software publisher requests that the target allow a third party to audit its software installations and report the results directly to the publisher. In these engagements, the publisher pays the auditor, and the target is required to purchase licenses to cover any deficiencies in its software licenses. Microsoft’s SAM engagement has been extensively used in lieu of traditional software audits with mixed reviews from the end user’s perspective.

Participation in a properly managed SAM engagement may be in the client’s best interest
because such engagements typically provide some flexibility and a lower total cost of resolution than self audits and independent audits. In many instances, the publisher seeks no compensation for alleged past infringements in exchange for an agreement to come into compliance on a go-forward basis.

Publisher-Staffed Audits
Publisher-staffed audits are the most intrusive and least impartial of all software audits. In these audits, the publisher’s employees collect information relevant to the dispute. In many instances, publishers request a company’s confidential information or access to a company’s network to conduct the audit. Although a publisher may arguably have a contractual right to request that it be allowed to examine its customers’ computer network, it is never advisable to agree to a publisher-staffed audit without examining all of the alternatives first.

Tags:

Vigilant monitoring of the BSA’s member list can help you protect your business from unneeded expense associated with a BSA-initiated software audit. The BSA member list changes as software publishers are added to and removed from the BSA’s publicly available list of member software publishers.

Most recently, the newest software publisher to join the BSA is Sheba Distribution, a division of Garmin Ltd., producer of the popular Garmin navigation and communication devices. Avid, EMC Corporation, Parametric Technology Corporation (PTC), and Synopsys have been removed from the BSA member list. Avid publishes popular video and media editing software such as Media Composer Mojo and Symphony Nitris. Avid also owns media and graphics software companies Digidesign, Pinnacle Systems, M-Audio, Sibelius, Sundance Digital, and formerly, Soft Image. EMC Corporation is a technology company offering a range of network, data recovery, and information management products and consulting services. EMC also owns virtual machine software company VMWare. PTC publishes the popular engineering design software PRO/Engineer. Synopsys publishes software and offers services used in the semiconductor industry.

A BSA audit can be a costly engagement for any business. Maintaining software license compliance will help prevent your business from exposing itself to the unneeded expense of a lawsuit or settlement with the BSA. Businesses that do not manage their licenses and installations on an ongoing basis by performing self-audits may find themselves performing an audit in the context of a BSA matter. Businesses should strongly consider deploying software audit solutions that manage both their installations and licenses and protect the information under an attorney-client privilege.

To view the current list of BSA members, click http://www.bsa.org/country/BSA%20and%20Members/Our%20Members.aspx.

Tags:

Settlement Agreements with the SIIA, a trade association for the software and digital content industry, often contain provisions requiring the audited company to not only purchase software to satisfy licensing deficiencies it carries going forward after settlement, but also to purchase software from an “authorized reseller.” An authorized reseller is a vendor with permission to sell the software publisher’s products. Software publishers often publish lists of authorized vendors on their websites. Many audited companies looking to rectify past purchasing oversights by buying software from the first reputable vendor they locate may breach their SIIA settlement agreement if the agreement contained the provision requiring that all purchases must be made from an authorized reseller. 

After an SIIA settlement, the audited company must submit a list of software products together with the proof-of-purchase documentation for software it purchased after the date the SIIA sent its initial letter. If the company includes in its list of purchased software any products sold by vendors not authorized to sell an SIIA-member publisher’s software, the SIIA will require the audited company to repurchase the software from an authorized reseller. Companies that do not carefully investigate their vendors’ authorization to sell software may encounter significant unnecessary expenses in repurchasing identical software products. The inability to return most opened software makes purchasing software from unauthorized resellers even more risky.

If your company has been audited by the SIIA, you should contact counsel experienced in guiding companies through the audit matter process to help protect your company from unplanned expenses and unnecessary repurchase of software.

Tags:

Preparing the BSA Audit Materials

The Business Software Alliance’s primary enforcement tool is to send a threatening letter indicating that an investigation has commenced and offering to forego litigation if the target company provides a self-audit. A self-audit consists of a listing of all BSA member software running on a company’s computer networks, appropriate indicia of ownership for the software comprised of dated proofs of purchase for each title. It is important to note that companies are usually under no legal obligation to cooperate with the Business Software Alliance. In most instances, however, cooperation will yield the most cost effective resolution. But, that is not necessarily always the case.

Cooperating Carefully with BSA

I usually advise my clients to cooperate with the BSA, but to do so without compromising any legal rights. Prior to submitting audit materials on behalf of clients we require that the BSA sign a contract protecting the confidentiality of the audit materials and ensuring that the audit materials will not be used in court if the case cannot be settled informally.

BSA Settlement Demands

The Business Software Alliance has developed a standard formula for assessing fines as part of its settlement process. It is important to note that the BSA is not a governmental entity and has no independent authority to levy an enforceable fine. Business Software Alliance fines are therefore merely offered in settlement to avoid litigation and, like all pre-litigation settlement offers, are negotiable with the help of experienced counsel.

The BSA's methodology for calculating fines starts by treating as unlicensed all software products for which there is a lack of adequate documentation, including dated proofs of purchase. All proofs of purchase must be dated prior to the Business Software Alliance's initial letter to be considered valid evidence. Because companies may not always have access to the requisite dated proofs of purchase, the BSA's proposed fines are often based, in part, on software titles that companies legally own and properly acquired.

The Business Software Alliance also unbundles the products in software suites such as Microsoft Office and Adobe Creative Suite. So instead of proposing a fine based upon one copy of Microsoft Office, the BSA proposes a fine for Microsoft Outlook, Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. The result is a proposed fine of $1,126 for a product that retails for $339.

After disallowing credit for valid software without dated proofs of purchase and unbundling all software suites, the Business Software Alliance then applies an arbitrary multiple of three times the full retail price for each software title. Accordingly, one allegedly unlicensed copy of Microsoft Office will carry a proposed fine of $ 2,252.

To add insult to injury, the Business Software Alliance’s proposed fine will include a line item for $3,500 to pay the BSA’s attorney’s fees. While this is not usually a large number as a percentage, it should be taken into account when considering potential exposure. To calculate your potential exposure, use our Business Software Alliance Fine Calculator, http://www.bsadefense.com/resources-fine-calculator.asp.

Tags:

The Business Software Alliance (BSA) hunts down and audits companies when it receives information that those companies may have software products that are not properly licensed. If a company audited by the BSA is found to have more installations of software products than is reflected in its licensing documentation, it is generally more cost effective to settle than to bring the fight to court. Scott & Scott, LLP represents hundreds of companies and assists in defense against these audits. 

A key part of reaching a settlement agreement is to resolve the potential liability arising from the BSA’s allegations of copyright infringement, so that the BSA cannot later file claims against the company for alleged violations that occurred prior to the settlement agreement. Before the BSA will agree to release its claims, however, the targeted company will need to negotiate an agreed settlement payment to the BSA. The negotiations process can vary in length, depending on the nature of claims, the BSA’s alleged damages, and whether or not the company wants to include certain provisions, such as a confidentiality clause, in the settlement agreement. After the parties reach an agreement on the payment amount, the BSA will propose a written agreement, which include its release of liability. The release is typically contingent on certain actions by the company, as defined in the settlement agreement. These include the company’s certification of present compliance, accompanied by up-to-date proof-of-purchase documentation, and a warranty that the company will continue to comply with licensing agreements in the future, among others. 

It is important to note that if the BSA subsequently learns that a company did not fully disclose all information during the audit process, or that it later did not comply with applicable licensing requirements, it may hold the company in breach of the settlement agreement and pursue legal action. In order to prevent this, it is vital that a targeted company consult with knowledgeable, experienced counsel to assist it with mitigation strategies, settlement negotiation and compliance advice.

Tags:

Use terms of Microsoft server products can be complex and difficult to interpret.  Microsoft SQL Server licensing rules for use in virtual environments demonstrate that a careful review of the use terms is necessary to avoiding copyright or contract violations.

The current licensing rules for Microsoft SQL Server Enterprise provide that when licensed under a per-processor licensing structure, the licensee may install and run an unlimited number of instances of SQL Server Enterprise in a virtual environment as long as each physical processor in the computer is assigned a processor license. If a server has two processors, for example, assignment of one unique processor license to each processor allows the licensee to run an unlimited number of virtual SQL Server installations. This licensing feature of SQL Server Enterprise is particularly useful for businesses that need multiple installations of SQL Server and have computers with the processing power to support multiple virtual operating systems each with an installation of SQL Server. Additionally, the pricing structure of SQL Server Enterprise under a processor license may provide a business with more value if enough virtual installations are used on one multiple-processor server.

The processor-based licensing rules for SQL Server Standard, however, do not permit the licensee to operate an unlimited number of SQL Server installations in virtual operating systems. A SQL Server Standard processor license is required for each physical or virtual processor on which an installation of SQL Server operates.  Purchasing SQL Server standard under a processor licensing structure may be a less advantageous decision for businesses that want to license SQL Server on a per-processor basis but also anticipate running multiple SQL Server installations in virtual environments.

If you have questions regarding Microsoft SQL Server licensing or are considering purchasing SQL Server for your environment, you should consult counsel and professionals with the experience to help you interpret Microsoft licensing rules and select the right product for your business.

Tags:

Part of negotiating a settlement for alleged software licensing violations with the Business Software Alliance (BSA) involves certain provisions that have far-reaching implications.  A key to understanding those provisions involves carefully reading and dissecting each subsection. 

Often, one of the most important provisions, aside from the sections resolving a company’s alleged liability for copyright infringement, consists of language (if any) pertaining to confidentiality.  Unless a company requests a confidentiality provision to be included in the settlement agreement, the BSA often will issue a press release detailing the investigation of the company and the terms and cost of settlement.  Many businesses understandably seek to avoid this type of publicity.  If included in the settlement agreement, the confidentiality provision provides protection from the public release of information and prohibits the BSA from disclosing the terms of the settlement.  However, it is important to note that this provision does not protect against court-ordered subpoenas or against the release of information by the BSA to the software companies it represents. 

It is also important to note that this provision often comes at a cost.  The BSA regularly significantly increases the settlement price if a company seeks confidentiality. Companies therefore often choose not to include a confidentiality provision, but they should be prepared for the press release detailing each alleged violation of licensing agreements and the amount paid to the BSA in fines. If the company chooses not to purchase confidentiality, the BSA often will allow the business to review a proposed release prior to publication and to provide a quote to include with the release.

Businesses negotiating the resolution of a BSA-initiated audit matter should carefully consider with counsel whether the benefits of a confidentiality provision outweigh its cost, in light of that business’ location, industry, market share, and financial situation.  

Tags:

Generally when purchasing new software online, or upgrading existing software, a box pops up on the computer that says “Agree to Terms”.  Most people simply check the appropriate box and click next without reading the fine print.  This can be troublesome when the Business Software Alliance (BSA), which represents major software companies such as Microsoft, decides to conduct an audit of software licenses.

The Microsoft Licensing Agreement is a complex document.  Properly reading and understanding the type of license granted by Microsoft is important.  Some licenses may allow installation on two computers as long as they are not used concurrently.  Other licensing agreements allow users to install a backup or archive copy of the software on another computer.  Knowing the difference between OEM, retail, or open licenses enables the user to operate within the confines of the license agreement.

Moreover, with regard to Microsoft server products such as Exchange, SQL Server and Windows Server, businesses are facing a greater demand for remote access capabilities to enable individuals to work outside the office.  Accessing a network and software remotely by VPN may require a Windows Server CAL and a Terminal Services CAL license in addition to the proper license for each installation of software on the computers on the network.

If you believe you have a good grasp on Microsoft licensing terms and requirements, it may be a good idea to consult with an attorney with experience in software licensing matters to help ensure compliance and avoid the exposure that can be associated with the BSA and other audit engagements.

Tags:

When a company receives a letter from the Business Software Alliance (BSA) questioning the authenticity of software licensing status and demanding an in-house audit, it is very important to have proofs of purchase for the licenses in question. Absent sufficient proof of purchase, the BSA will assume that the associated software installations are unlicensed and will demand that the company pay a penalty to resolve claims of alleged copyright infringement. It is also important to note that the BSA requires specific types of proof of purchase in its evaluation of a company’s compliance status.  For example, a serial number, installation CD, or an empty box in which software was sold likely will not be acceptable to the BSA to establish proof of license.

Therefore, it is an important to keep records of all software purchased, regardless of the vendor or the date purchased. Typical forms that are acceptable to the BSA include receipts of purchase and invoices from authorized vendors. If software is pre-installed on a computer, a company may be able to obtain documentation from the manufacturer showing all such software on that computer.

Once all of the information related to installations and licenses is gathered, it is submitted to the BSA for review. The review may be a lengthy process, usually ultimately culminating in a settlement offer, which is typically negotiated downward. It is therefore key to submit all information proving proper licensing to decrease the total settlement. By obtaining a lower opening settlement offer, a company can reduce total exposure in negotiations.

Tags:

Recent, high-profile damages awards in the two online-music-sharing copyright lawsuits that have gone to trial – involving defendants Joel Tenenbaum in Massachusetts and Jammie Thomas-Rasset in Minnesota – leave unanswered questions regarding just how high copyright damages can go in copyright actions under other circumstances.

On July 31, 2009, the Tenenbaum jury returned its verdict that the defendant (a Boston University graduate student) should pay $675,000 in statutory damages to several different record labels for sharing copyrighted songs over the Internet on peer-to-peer networks. The Thomas-Rasset jury’s verdict was even higher, ordering the defendant there – a natural resources coordinator for the Mille Lacs Band of Ojibwe Indians – to pay $1.92 million to several labels under similar factual circumstances. Each defendant has vowed to pursue a reduction in damages or to appeal the verdicts based on the Supreme Court’s suggestion in other circumstances that punitive damages awards greater than 10 times actual damages are unconstitutional. In each of these cases, the damages awarded are many times higher than the amounts the defendants claim to be able to pay without filing for bankruptcy protection. The Recording Industry Association of America (RIAA) certainly is aware of this, undoubtedly making the magnitude of the awards most valuable to it and its member music distributors as useful examples to help coerce other, potential defendants into accepting settlement on the RIAA’s terms.

Many businesses are justifiably concerned regarding the implication of these recent awards, to the extent that software companies and their representatives – such as the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA) – might attempt to use them in the context of settling claims of software copyright infringement. In fact, the attorneys at Scott & Scott already have noticed that attorneys for software publishers and trade groups have begun to reference the awards in the music download cases in order to force their clients’ points at settlement. From this perspective, the cases are a good reminder of the importance of implementing solid software asset management practices in order to prevent the significant exposure that could result from a BSA or SIIA software audit.

However, it is also important to keep in mind that the circumstances surrounding allegations of software copyright infringement often depart substantially from the circumstances in the music cases. In many cases, business owners and managers may be wholly unaware of any unlicensed software use in their organization, and in some cases, the fault for any non-compliance may rest in the hands of the individuals who are acting as the confidential sources of the BSA’s or SIIA’s information. Every case is different, and a business’ attorneys should be prepared and able to distinguish the facts at hand in a dispute from the facts of cases that a claimant may use to argue for excessive settlement amounts.

It is also important to keep in mind that these high-profile music cases may serve as catalysts for judicial or legislative action on the issue of the maximum damages available for copyright infringement. It will be very interesting to watch development in this area.

Tags:

In Solers, Inc. v. Doe, 2009 WL 2460862 (D.C. 2009), Solers, Inc. (“Solers”) filed an action against “John Doe” defendant, alleging defamation and tortious interference with prospective advantageous business opportunities based on a report to the SIIA alleging that Solers was using unlicensed software.  Solers served a subpoena on the SIIA to learn the informant’s identity. The Superior Court granted SIIA’s motion to quash the subpoena and dismissed the action for failure to state a claim. However, on appeal the District of Columbia Court of Appeals vacated the order and remanded the case to the Superior Court, holding, among other things, that a court should apply a five-step test when presented with a motion in a defamation action to quash or to enforce a subpoena which seeks the identity of a defendant who speaks anonymously over the Internet.  This decision represents a significant development for businesses accused of copyright infringement based on reports of informants to software trade associations regarding alleged software copyright infringement. At least one court now recognizes the necessity, in some cases, of permitting businesses to learn the identity of a confidential informant in a trade association software audit.

The case began in May of 2005 when Solers filed a complaint against “John Doe” alleging one count of defamation and one count of tortious interference with prospective advantageous business opportunities. The complaint requested injunctive relief, compensatory damages, and punitive damages. Solers then issued a subpoena to SIIA seeking production of all documents related to the identity of Doe, Doe's initial report and his ensuing correspondence with SIIA, and all documents believed to be “evidence” of Solers' alleged copyright infringement. SIIA, which is not a party to the underlying suit, filed objections to the subpoena, and, in response, Solers moved to enforce the subpoena. SIIA then filed a motion to quash.  The Superior Court asked Solers to demonstrate financial or economic harm so that it could withstand a motion to dismiss on its claim of defamation. Solers was unable to identify any financial or economic harm at that time without the informant’s identity and the content of the informant’s report. The court dismissed the suit in its entirety for failure to state a claim upon which relief can be granted.

On appeal, the court established that speech on the Internet must be protected as any other speech but that such protection is limited. The right to speak anonymously, on the Internet or otherwise, is not absolute and does not protect speech that otherwise would be unprotected. Tests from other jurisdictions evaluating free speech rights in Internet defamation claims did not satisfy the court’s desire to fairly evaluate Solers’ interest in pursuing its defamation claim, SIIA’s interest in protecting Doe’s identity and, more generally, free speech rights for Internet communication. The court opted instead to develop a hybrid tests based on tests from other jurisdictions faced with the same issue.

When presented with a motion to quash (or to enforce) a subpoena seeking the identity of an anonymous defendant, the D.C. Court of Appeals stated that a court should:

(1) Ensure that the plaintiff has adequately pleaded the elements of the defamation claim,

(2) Require reasonable efforts to notify the anonymous defendant that the complaint has been filed and the subpoena has been served,

(3) Delay further action for a reasonable time to allow the defendant an opportunity to file a motion to quash,

(4) Require the plaintiff to proffer evidence creating a genuine issue of material fact on each element of the claim that is within its control, and

(5) Determine that the information sought is important to enable the plaintiff to proceed with his lawsuit. The court’s test does not require a separate balancing test at the end of the analysis, nor does it require a showing that the plaintiff has exhausted alternative sources for learning the information.

SIIA argued the court’s test would have a chilling effect on informant reports and that such speech would disappear. The court dismissed SIIA’s claims as hyperbole and stated that the test takes SIIA’s concerns into account.

The court determined that Solers need not demonstrate entitlement to judgment in its favor at this stage in the proceedings. Rather, Solers merely must show that it has a viable claim of defamation.  In other words, Solers must show that there is a genuine issue of material fact on each element of the claim that does not depend on knowledge of the defendant's identity. The court vacated the judgment of the Superior Court and remanded the case to give Solers an opportunity to present evidence supporting its claim of defamation.

This case, though not a carte blanche for businesses seeking to obtain the identity of informants who reported the business to the SIIA, BSA, or other software auditors, may prove helpful in recovering damages against informants who breached employment or confidentiality agreements signed with the business.  Alternatively, as in Solers’ case, business may elect to file defamation or interference with contract claims against the informants.

If you have been contacted by a software trade association alleging that your business engaged in copyright infringement, you should contact counsel experienced both in resolving software audit matters and pursuing other forms of relief to which you may be entitled.

Tags:

In August 2009, i4i, Inc., a Canadian development company, won a $290 million judgment against Microsoft Corporation for willfully infringing on a 1998 patent for a custom XML editing feature used in Microsoft Office Word software. Microsoft’s software allows users to edit XML, a computer code that controls the way content is displayed in the document.  i4i had alleged that Word’s XML editor constituted an infringement of its patent.

Microsoft appealed the judgment, the injunction against selling Word, the jury award and the enhancement of damages.  During the trial, Microsoft had denied its knowledge of the existence of i4i’s patent and also had alleged the patent was invalid.  However, the appellate court confirmed the findings of the jury, noting the evidence presented by i4i of an e-mail exchange between Microsoft employees discussing i4i marketing material and the patent number for the custom XML editor.  These e-mails purportedly claimed Microsoft’s custom XML editor would render i4i’s technology obsolete.

After interest and fees, the judgment against Microsoft totals nearly $300 million. In addition, the injunction against Microsoft went into effect January 11, 2010, and bans sales for Word 2003 and Word 2007.  It is expected to affect the 2007 Office Suite as well.  In anticipation of losing the appeal, Microsoft already had removed the infringing code from Word 2010, and has plans to do the same for Word 2007.  The injunction will not apply to sales of Word products that do not contain the code, and Microsoft will be able to continue to offer technical support to users who currently own the affected software.

However, at this time it is unclear if the judgment will affect the Business Software Alliance (“BSA”)’s pursuit of alleged copyright violations of affected Word and Office products through software audits. In light of the judgment, if your business has been targeted by the BSA for a software audit, you should work with counsel to determine an appropriate strategy relevant to any installations of Word for which you are unable to locate proofs of purchase in the form demanded by the BSA.

Tags:

The Business Software Alliance (BSA) regularly targets small-to-medium sized businesses for expensive software audits to determine whether those businesses are in compliance with their BSA-member software licenses. In furtherance of that effort, the BSA offers cash rewards to disgruntled current or former employees who provide information about allegedly unlicensed software installed on their employers’ computers.

However, in many cases, businesses targeted by the BSA discover that there appear to be significant discrepancies between the information apparently provided by the BSA’s confidential informants and the actual license-compliance status of those businesses. Many businesses suspect that the cause of the discrepancy is the informants’ desire to profit from the BSA’s reward program. Regardless of the cause, however, when the audit materials submitted in an audit matter do not conform to the information supplied by the confidential informant, the BSA typically disputes the results. The business then ends up incurring additional legal fees in an effort to authenticate those results and move the matter forward to a resolution.

Worse, though, even when the BSA discovers that its informant may have provided false information, it typically will not stop pursuing the copyright infringement claims.  The BSA’s loose definition of “unlicensed” software covers any software with no proof of purchase. Therefore, even though business records are only required to be kept for seven years for tax purposes, because the BSA requires dated proof of purchase in order to credit a business with license ownership, it effectively expects its business targets to keep their invoices for software license purchases forever.  The BSA thus justifies its continued pursuit of businesses, even in the face of an apparently unreliable informant, based less on principles of copyright law than on potentially inadequate accounting practices.

There is usually little recourse against the BSA or the informant for initiating legal action based on false information.  In some cases, a company may consider suing the informant on a breach of contract or breach of confidentiality claim, depending on the existence of any prior agreements with the informant, but the expense of such an action would be prohibitive for most businesses.  For these reasons and others, it is important for all companies, regardless of whether they are faced with a BSA audit, to be prepared to document their license ownership, to keep confidential all information relevant or potentially relevant to an audit, and to seek the assistance of counsel.

Tags:

“Software piracy” is a favorite catch-phrase used by the Business Software Alliance (BSA) and the software companies it represents.  Most people understand software piracy to involve the intentional copying and, in many cases, distribution of copyrighted software to third parties without permission of the copyright owner.  Understandably, the term has extremely negative connotations, and most businesses will go to great lengths to avoid behavior that could reasonably be branded as “piracy.”

Unfortunately, the BSA’s definition of software piracy is considerably more broad than the common understanding and may be confusing to companies audited by the BSA who have never knowingly copied unlicensed software.  During a BSA-initiated software audit, the BSA requires the businesses it targets to provide dated proofs of purchase for each software product installed on their computers.  There are specific types of documentation the BSA accepts, and it usually rejects purchases from E-bay, Amazon, or similar Internet-based re-sellers.  Therefore, if a company unknowingly purchases software from an unauthorized retailer or simply is unable to find receipts for products it purchased, the BSA will penalize the company as though it intentionally violated copyright law and “pirated” the software.

Worse, typically after an audit the BSA will enter into settlement agreements with the companies it accuses of copyright infringement.  Unless a provision for confidentiality is included in a settlement agreement (usually only in return for a significant additional amount to be paid at settlement), there is nothing to prevent the BSA from publishing a press release identifying the targeted company, the software products involved, and the settlement amount, and otherwise making express or implied statements that the company is guilty of “software piracy.”

As a general rule, companies should keep all receipts from software purchases indefinitely, and they should purchase software only from authorized dealers.  Additionally, recipients of letters from the BSA should seek experienced legal counsel to assist with the audit and to help negotiate a resolution that may prevent the unnecessarily negative publicity that can result from the BSA’s overzealous application of the “pirate” label.

Tags:

Many businesses targeted for software audits initiated by the Business Software Alliance (BSA) often make the decision as a result of the audit process to forego the expense and risk associated with using BSA-member software and instead transition to open-source software (OSS) solutions. While OSS may entail some challenges related to hardware and software compatibility, in many cases, those products do not entail any licensing fees, are subject to much less stringent licensing requirements, and may be upgraded at will to the latest versions without the purchase of any support subscriptions or product upgrades. As a result, they present a tempting and cost-effective alternative to other solutions, especially in light of the fact that expensive BSA settlements typically do not include the acquisition of any software licenses that a business may require in order to achieve compliance. However, through the International Intellectual Property Alliance (IIPA) – an IP trade organization of which the BSA and other content-oriented groups like the Motion Picture Association of America and Recording Industry Association of America are members – the BSA appears to be subscribing to the position that the use and endorsement of OSS is the equivalent of software “piracy.”

The IIPA’s position was reflected recently in comments it submitted to influence U.S. trade policy. Each year, the Office of the U.S. Trade Representative (USTR) conducts a review of foreign IP laws – called the Special 301 review – to identify those nations believed to have unacceptably lax copyright policies. Negative treatment in the review can lead to trade sanctions and is intended to exert pressure on foreign nations to adopt more stringent copyright policies. During the review process, the USTR accepts recommendations from interested parties regarding countries they believe should be added to the “blacklist” of poor copyright enforcers.  In its 2010 recommendations to the USTR, the IIPA named among the countries to be “watched,” among others, Indonesia, Brazil and India, at least in part, it seems, for endorsing the use of OSS in governmental agency offices. This is in spite of the fact that some nations – Indonesia notable among them – adopted those recommendations in order to curb the use of unlicensed software.

A person could be forgiven for adopting a cynical assessment of the BSA’s motivations in the wake of such an apparent policy endorsement. Under the guise of protecting its members’ valuable copyright interests, the BSA has targeted hundreds of small-to-medium-sized businesses for software audits under the threat of federal court litigation and has labeled many of those businesses “pirates” upon failure to meet the BSA’s unnecessarily strict requirements for proving ownership of software licenses. However, the IIPA’s position with regard to OSS seems to indicate that copyright enforcement may be less of a concern to the BSA than is driving sales of its members’ products.

The BSA has not historically objected to businesses transitioning to OSS in the wake of software audits, but the IIPA’s recommendations to the USTA may be cause for concern. All businesses that have been contacted by the BSA for such audits should consult with counsel to work toward the most reasonable available resolution.

The full text of the IIPA’s recommendations is available here:

http://www.iipa.com/2010_SPEC301_TOC.htm

Tags:

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish.  In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements.  In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses.

The audit process is lengthy and arduous and often is affected by costly mistakes.  One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process.  It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit.  The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions,  Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives.

However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA.  Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit.  Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product.  The BSA then typically applies a multiplier for each product included in its settlement offer calculations.

For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA.  If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity.

Tags:

In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation.  NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI.   NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs.

The court rejected NEI’s request for damages for each separate work and concluded that “a plaintiff should not receive a windfall recovery by inflating the number of works infringed from its own compilation.”  The court determined that “when a plaintiff compiles assorted copyrighted products into a new product, the compilation constitutes one work for purposes of copyright infringement.”

NEI’s focus on “whether each item (in a compilation) has an independent economic value and is, in itself, viable” did not sway the court.  Rather, the Court held that “adopting such a test would be to make a total mockery of Congress' express mandate that all parts of a compilation must be treated as a single work for purposes of computing statutory damages.”  The court also declined to apply rulings from cases NEI presented in which defendants, rather than plaintiffs, created compilations of the plaintiff’s works.

If you have been contacted by the Business Software Alliance (BSA), Software & Information Industry Association (SIIA), or another software industry auditing entity, you should contact counsel experienced in negotiating with auditing entities regarding bundled software suites that resemble compilations.

Tags:

The Business Software Alliance (BSA) is an organization that pursues copyright infringement claims on behalf of many software publishers against companies it accuses of violating its members’ software license agreements.  Because the cost of litigation in most cases outweighs the cost to settle out of court, the BSA often is able to force businesses to comply with an arduous and often arbitrary software audit process that typically culminates in a negotiated settlement entailing a significant settlement payment to the BSA.

Due to the nature of the process and the possibility that a settlement may be misconstrued to reflect misconduct on the part of a company, many companies that settle with the BSA seek to keep the existence and terms of settlement confidential.  However, the BSA disfavors confidentiality provisions, because they interfere with its efforts to publicize the results of its license enforcement program. Therefore, the BSA typically demands a higher settlement payment to include such a provision.

Absent a confidentiality provision in the settlement agreement, the BSA generally is free issue to a press release detailing the terms of settlement and name of the company. The BSA often then seeks to publish the release in media outlets relevant to the targeted business’ industry or geographic location, in addition to publishing the press release on its web site.

There are many considerations for a company contemplating a demand for confidentiality.  Some larger, more recognizable companies seek confidentiality provisions to offset potentially negative publicity associated with their brand.  Under those circumstances, the additional penalty amount may represent an acceptable cost. However, smaller companies often choose to pay a lower settlement amount not inclusive of confidentiality, based on a determination that damage to their brands, if any, likely would be less significant. This is a decision in which a company’s upper management should be given an opportunity to contribute. Finally, on rare occasions, some companies seek to issue their own press releases, detailing the settlement terms, and exposing the BSA’s software auditing process as a warning for other businesses.

Regardless of the strategy a company chooses regarding confidentiality, it is important to be aware of the implications of failing to include a confidentiality provision in the final settlement agreement.  When in doubt, it is beneficial to seek counsel from an attorney familiar with the BSA process.

Tags:

Microsoft’s Services Provider License Agreement (“SPLA”) is a popular licensing framework for businesses delivering hosted or rented software solutions to their customers. However, as with many software license agreements pertaining to resale or other business channel partnership programs, the SPLA typically includes audit rights language giving Microsoft the ability to review a SPLA partner’s records regarding software deployments and entitlements and to demand compensation – usually at a mark-up over standard reseller pricing levels – for any deployments found to be excess of the business’ past monthly SPLA reporting.

Businesses that deploy software under one or more SPLAs should strongly consider working with an attorney experienced in publisher-initiated software audits before disclosing any information to Microsoft in response to a SPLA audit engagement. Many businesses discover during the course of a SPLA audit that in the past they have either under-licensed or over-licensed some or all of their deployments based on an incomplete grasp of Microsoft’s complex distributed software licensing rules. Learning this information before disclosing any audit results to Microsoft can help to avoid a protracted dispute over past licensing discrepancies. In addition, a third-party software audit taking place at a company’s offices may represent a significant disruption to business activities. For others businesses, unprotected access to or disclosure of company information regarding software deployments and entitlements entails confidentiality concerns that are greater in scope and significance than the concerns that all businesses should keep in mind when disclosing information to a party that could, in some cases, end up on the other side of the aisle in a litigated dispute.

Experienced counsel should have a familiarity with both the substantive licensing rules under SPLA and with the audit procedures Microsoft typically uses in these matters. They also should have a good idea of the various alternative procedures to which Microsoft may be willing to agree in order to resolve the audit request in a way that minimizes adverse impacts on a company’s business operations. Especially in light of the financial exposure that SPLA audits can entail and the business-critical nature of the software products often licensed under a SPLA, attorney consultation in these matters often is vital to achieving a mutually agreeable outcome.

Tags:

IBM has begun a comprehensive program of compliance audits of its software clients. Scott & Scott’s clients have begun receiving letters from IBM Software Compliance demanding cooperation with a “routine assessment” of the client’s deployment of IBM software. According to the letter, IBM employs the services of Deloitte, LLP to conduct these audits and states that it is performing the audits to:

“confirm licensing requirements, determine actual deployment and usage, verify compliance with IBM applicable agreements and enhance IBM’s understandings of the challenges…in managing their IBM software deployments.”

According to IBM, these audits are part of a broad initiative to audit all of its clients. This is one of the most audacious compliance moves we have seen in the software industry. While most major publishers have compliance programs, we are not aware of any software company who plans to audit all of its customers. Here, however, IBM appears to be invoking its right to “conduct a routine assessment” under licensing provisions without prior suspicion of software licensing noncompliance.

These audits can entail significant financial exposure, and the software products at issue often form the lynch pins of whole lines of business. A company targeted by an audit of this type should seek experienced counsel to identify and defend its rights under the software license agreements. There may be significant rights pertaining to the audit contained within licensing agreements that could strengthen the target company’s position throughout the audit process.

Tags:

The Software & Information Industry Association (SIIA) and the Business Software Alliance (BSA) routinely sends letters to businesses on behalf of many software publishers, including Microsoft, to investigate potential copyright infringement claims based on allegedly unlicensed software.  The software audit process can be long and expensive, in part due to the fact that the SIIA and BSA typically require a targeted company to produce dated proofs of purchase for licenses for every software product installed on its computers as of the effective date of the audit, regardless of how many years have passed since the license purchase.  Although the IRS generally requires businesses to maintain records for only seven years, the SIIA and BSA allow no such limitation in demanding invoices or receipts for all software license purchases.  Businesses often are unable to find the documentation for the purchase of each product, which typically results in a higher payment demanded by the SIIA or BSA to settle the matter.

The notion that a business could legitimately purchase software only to be required to re-purchase it following a software audit – in addition to having to pay a penalty to the SIIA or BSA – leads some businesses to seek open source alternatives.  For many of the BSA-member products most commonly found to be at issue during a third-party audit – such as Microsoft Office and Adobe Photoshop – there are analogous open-source alternatives – such as OpenOffice or GIMP – that are available at little or no cost to license.  Although the functionality of these alternatives is not identical to that of the SIIA- or BSA-member products, many consumers determine that those differences are less compelling than the advantage of cutting costs and avoiding future exposure related to third-party audits. However, it is important to keep in mind that, while it may cost nothing to deploy open-source software, the installation and use of those products are still subject to copyright laws and governed by the terms of license agreements (such as the GNU General Public License). The terms of those licenses can have a significant impact on a business’ ability to host, modify or redeploy open-source software products. Therefore, businesses should make an effort – if necessary, with the advice of counsel – to familiarize themselves with the terms of those licenses.

Tags:

Business owners and managers whose companies have been targeted by IBM for a compliance audit often express surprise at the complex method IBM uses to determine the licensing requirements for many of its server software products, such as WebSphere and Tivoli. Many software vendors employ server software licensing frameworks that would be familiar to most anyone with experience purchasing software licenses: for every installation of a software product on a computer, the owner of that computer must purchase a corresponding license allowing use on that machine. There are some common variations on that general theme used by some publishers – notably, Microsoft – involving connections to server software by other computers on the network. With Microsoft SQL Server, for example, the computer owner must purchase either an appropriate number of client access licenses (CALs) for each user or device accessing the server software or else a “processor” license for each physical processor in a given computer, allowing use by an unlimited number of remote users or devices. (Processor licenses are typically significantly more expensive that CAL-based software licenses, but they may represent a good value for servers with a high number of remote connections.)

IBM previously employed a processor-based licensing formula for its server products, but in 2006 it moved to a licensing model using what it calls “processor value units” (PVUs). Under this model, each server processor is assigned a per-core PVU number that depends on the manufacturer and specifications for that processor. (IBM maintains a chart of per-core PVU numbers here.) That PVU number then is multiplied by the number of physical processor cores embodied in the processor to determine the processor value for the physical processor. For servers with multiple processors, that processor value then is multiplied by the number of processors to determine the server value. It is this final PVU number that reflects the licensing required for each computer, as follows:

Server Description: Dual processor, quad-core Dell PowerEdge SC1435
Server value = 50 PVUs/core x 4 cores/processor x 2 processors = 400 PVUs

IBM terms the formula described above “capacity licensing.” For machines employing virtualization technologies, under which a virtual server hosted on a physical machine may utilize less than all of the physical machines resources, IBM allows its customers to apply “sub-capacity” licensing rules to reduce the number of PVUs required for compliance. However, the sub-capacity rules entail a number of significant requirements, including agreement with the terms of a Sub-Capacity Licensing Attachment and use of IBM’s License Metric Tool, which generates software deployment reports that must be maintained for at least two years and provided to IBM in the event of an audit.

IBM software licensing involves a significant financial cost, and IBM’s products typically function in business-critical capacities in a company’s network. Companies that find themselves engaged in IBM audits are well advised to discuss their IBM licensing status with knowledgeable outside counsel before disclosing any information to IBM or making any changes to their IBM software deployments.

Tags:

Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor.  Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses’ software license-compliance status as of the audit effective date – the date on the first letter those entities send to a targeted business.  The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date.

Because computer networks may change rapidly, the auditors need to identify a moment in time for which they can ask the audited business, “Did you have all of the licenses for the software installed on your computers?”  If the answer is yes, the auditing entity will typically close its file.  If the answer is no, the auditing entity will claim the business engaged in copyright infringement on the effective date.  The business’ representation that it was compliant after the effective date has no bearing on whether the business engaged in copyright infringement on the effective date.  If the matter proceeds to a lawsuit, the auditor likely would claim that the business infringed its or its members’ copyrights on the effective date.

The auditing entity typically demands proof of purchase documentation that demonstrates the ownership of a sufficient number of licenses on or before the effective date.  Software purchased after the effective date is not relevant to the audit.  Locating, reviewing, and compiling the proof of purchase documentation is a collective effort that often requires coordination among various individuals and departments within an organization.  In addition, identifying and listing all of the software on the company’s computers as of the effective date may be made doubly difficult when computers contain large amounts of software irrelevant to the audit. It is also important to keep in mind that software environments change as computers are added, decommissioned, and rebuilt with the ebb and flow of HR turnover.

If you have been contacted by an auditing entity such as the BSA, the SIIA, or a software publisher, you should proceed with caution and should familiarize yourself with the typical process for such software audits.  Experienced counsel can help to guide you through that process and to avoid unnecessarily large expenses.

Tags:

The Business Software Alliance (“BSA”), and the Software & Information Industry Association (“SIIA”) pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others.  Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products.  In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities’ members’ software products are properly licensed.

It is not unusual for a company to discover during the audit process that its current or former employees installed software on company computers without authorization.  Unfortunately, this oversight may lead to substantial financial penalties from the BSA or SIIA for any allegedly unauthorized installations.  During the course of settlement negotiations, the BSA and SIIA routinely fine companies three times the MSRP value of each allegedly unlicensed product.

While no written policy is foolproof against employees installing unauthorized software, a proactive approach includes guidelines and policies to outline proper use of a company’s computers.  This may include provisions banning installing, using, or accessing software unless specifically authorized by the company.  Educating employees to have a better understanding of how to use a company’s resources and technology properly may help to prevent costly penalties in the future.  In addition to a written policy, it also is advisable for a company to routinely conduct an internal audit of its computers to help ensure software compliance.  Once the BSA or the SIIA gets involved, it is typically too late to avoid paying a penalty.

Tags:

The Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) pursue copyright infringement claims against companies accused of installing unauthorized copies of software.  Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems.

This audit process often is arduous and involves collecting all available license-purchase documentation for the BSA- or SIIA-member software product installations discovered during the investigation.  However, unlike the IRS’ retention requirement of 7 years for business records, the BSA and SIIA will not recognize license-credit in favor of the businesses they target without dated proof of proper licensing for every installed software product, regardless of when it was purchased.

More troubling for many businesses is the fact that, even if they are able to produce purchase documentation for software installed on their systems, they may receive no credit for that documentation if it appears to have been received from a software vendor that is not an authorized dealer.  Purchasing software from some web sites, such as Amazon.com’s Amazon Marketplace, eBay, or Craigslist, can be risky, especially when the quoted price for a product is less than 80% of its MSRP value. Many of these heavily discounted software products licenses are offered without the authorization of the software publisher and could end up being useless to the business purchasing them, in the event of an audit. The cost can be magnified when, following settlement, the affected companies are required to re-purchase the same software from a reputable vendor.

In rare instances, the BSA and SIIA sue unauthorized resellers. In June, the SIIA worked with the LAPD to bring criminal charges against two individuals accused of pirating SIIA member software and selling it on Craigslist. However, while the BSA and SIIA pursue unauthorized retailers with civil and criminal charges, they are unable to expose all potential unauthorized retailers. Therefore, as a prudent practice, prior to making any software purchases, a company should investigate whether a vendor is an authorized seller of properly licensed software.  Additionally, a company should beware of heavily discounted software.

Tags:

On July 22, 2010, software publisher AccuSoft sued Northrop Grumman Systems in federal court for breach of contract, copyright infringement and trademark infringement related to Northrop’s use of AccuSoft’s ImageGear and ImageTransport software. Northrop allegedly used and integrated AccuSoft’s products in the development of a paperless records information system it developed for the U.S. military. According to AccuSoft, Northrop failed, in particular, and in violation of applicable software license agreements, to provide the required periodic reporting regarding the number of end-user licenses for the AccuSoft products that Northrop had distributed. AccuSoft did not specify a damages claim in its complaint, though it did state that the unauthorized software distributions number in the “hundreds of thousands,” meaning that a decision in its favor potentially could entail a multi-million dollar penalty against Northrop.

Northrop has yet to answer or to respond to the lawsuit, so its position with regard to AccuSoft’s factual claims has yet to be determined. However, the facts presented in the complaint appear to reflect the kind of dispute that often arises when one or both parties to a software licensing relationship do not have an accurate grasp of controlling license agreements. Especially with many larger enterprises, the business units responsible for software license negotiation and acquisition may lack sufficiently open lines of communication with production departments, resulting in internal confusion regarding what agreements have been signed, what agreements remain in effect, and what those agreements mean for the company’s day-to-day operations.

Compounding the confusion is the fact that larger software license transactions often involve the execution of a master license or services agreement, to which other documents specifying discrete product or service orders are attached, as executed, as schedules or exhibits. Over time, the resulting “document soup” can become nearly impossible to manage unless the company’s has been diligent, in the interim, in tracking all material changes or amendments to the master agreement, all exhibits or schedules that have been executed since the beginning of the relationship, and the effects, if any, of those later instruments on earlier agreements.

Where businesses fail to take pro-active, enterprise-wide, contract-management steps at an early stage, disputes such as the Accusoft v. Northrop litigation become almost inevitable, especially in an age where many publishers, such as Microsoft, IBM and Oracle, to name a few, are proceeding with software audit initiatives, in some cases across their entire customer bases, in order to ensure compliant software use and licensing.

Businesses with a heavy reliance on software and technology licensing cannot afford not to work closely with counsel in reviewing the terms of all agreements that may affect their ability to use that software or technology in the way that their customers demand.

Tags:

The Library of Congress and the 5^th Circuit Court of appeals both recently made significant strides in expanding and clarifying the exceptions to the anti-circumvention provisions of the Digital Millennium Copyright Act (“DMCA”).

In its regular 3-year review of exemptions to the DMCA’s anti-circumvention exceptions, the Library of Congress, which includes the U.S. Copyright Office, added to the list so-called “jail breaking” of wireless telephones, most notably Apple’s iPhone. iPhone users are now able to modify, unlock, and use previously unauthorized applications on their cell phones. Apple had argued that modifications to its iPhones constituted unauthorized modification of its software. However, the Library of Congress emphasized that iPhone owners paid for the product and should have the right to modify their phone for their personal use. The new DMCA exceptions also include:

  Circumvention of security measures in DVDs, when short portions of the content is to be used for “educational uses by college and university professors and by college and university film and media studies students
  Circumvention of security measures in video games accessible on personal computers for certain testing and security-related operations
  Circumvention of security measures in computer programs protected by out-of-date hardware-based security accessories (also known as “dongles”)
  Circumvention of security measures in ebooks for the purpose of making the content accessible for readers with disabilities, provided that no other edition of the work allows accessibility-related modifications

In MGE UPS Systems Inc. v. GE Consumer and Industrial Inc., the 5^th Circuit further clarified the overall scope of the DMCA’s anti-circumvention provisions in ruling that bypassing protections on copyrighted software in order to access or use the product does not necessarily trigger a DMCA claim. MGE had sued GE for copyright infringement, claiming GE hacked the software security key to access its copyrighted software. The Court held that simply viewing or using copyrighted software does not constitute unlawfully accessing copyrighted materials in violation of the DMCA, and that a copyright owner’s software security protections must protect against a right specifically granted Act. That holding also might be significant for some companies faced with allegations of unlicensed software use by organizations such as the Business Software Alliance (BSA) or the Software & Information Industry Associations (SIIA).

The DMCA is multi-faceted legislation, with some provisions that historically have been good for small to medium-sized businesses and some that have been less positive. These recent developments represent a net improvement to the effect of the law for most consumers of digital media.

Tags:

Tags:

Tags:

Like all audits, success in a SIIA software audit depends less on what you own and more on what you can prove that you own. Although not required by law, the SIIA takes the position that a target company is out of compliance for each installation of SIIA member software products for which the target company cannot produce a dated proof of purchase. Many clients are dismayed to discover what does and does not constitute valid proof of purchase according to the SIIA.

Not Considered Valid Proof
1. Copies of Checks to Software Vendors
2. Dated Purchase Orders
3. Undated Software Licenses
4. Credit Card Statements Evidencing Software Purchases
5. Certificates of Authenticity
6. Media, Manuals, or Key-Codes
7. Invoices Bearing and Entity Name Other than the Entity Named in the SIIA’s Initial Letter

Valid Proof of Purchase
1. Dated Invoices in the Name of the Audited Entity
2. Soft Records (online account statements) from Recognized Resellers
3. Signed and Dated License Agreements
4. Soft Records from SIIA Member’s such as Microsoft Licensing Statements
5. Cash Register Receipts for Retail Sales where Product, Version, Quantity and Price Paid are Included.

Understanding how the SIIA analyzes software audit materials is critically important to achieving the most favorable outcome. In our experience, it is the most time consuming and difficult part of the process for clients to handle on their own.

Scott & Scott, LLP is not affiliated in any way with the SIIA.

Tags:

 One of the most controversial tactics the software policing agencies use when calculating its settlement demands is its practice of unbundling software suites such as Microsoft Office and Adobe Creative Suite. Unbundling occurs when the target of an agency audit is unable to provide acceptable proof of purchase for one or more installation of a software suite.

The effect of unbundling is to dramatically and artificially inflate the monetary component of an agency settlement because the fines are based upon the MSRP of each component part of the software. In an agency software audit involving Microsoft Office for example, they unbundle the suite by separating Microsoft Outlook, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Access and then calculate its proposed fine on the basis of the MSRP of each component. This practice results in a proposed fine per installation of approximately $2,000 for a product with a market price ranging from $150 to $350, depending on the version.

In my opinion, the practice of undbundling is completely contrary to law because the software suites of an agency's member publishers are compilations under the copyright law and therefore constitute a single work for purposes of calculating statutory damages for infringement. The U.S. Copyright Act 17 U.S.C. § 101(c) defines a compilation as follows:

A "compilation" is a work formed by the collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship. The term "compilation" includes collective works.”

The statutory damages provision of the U.S. Copyright Act 17 U.S.C. § 504(c) provides in pertinent part that:

For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.

Federal court’s have also interpreted these provisions to preclude recovery of statutory damages for the component parts of a compilation. For example, in XOOM v. Imageline, the Court of Appeals for the Fourth Circuit only made one statutory damage award for each compilation of electronic clip art, even though each compilation included thousands of works because “[a]lthough parts of a compilation or derivative work may be ‘regarded as independent works for other purposes[,]’ for purposes of statutory damages, they constitute one work.” XOOM v. Imageline at 285, citing H.R. Rep. No. 94-1476, at 162 (1976).

Similarly, in WB Music Corp. v. RTV Communications Group, 445 F.3d 538 (2d Cir. 2006) the Court of Appeals for the Second Circuit interpreted 17 U.S.C. § 504(c) and discussed the distinction between compilations authorized by the copyright holder that constitute “one work” for statutory damages purposes and collections of separate works compiled by the defendant and never authorized by the copyright holder. Because the software suites implicated in SIIA audits involve separately copyrighted works included in a compilation authorized by the copyright owners, section 504(c) applies and prohibits the award of statutory damages for the component parts of the suite.

Tags:

One of the most common mistakes I encounter in software audits is what I call the post-effective date software buying spree. The buying spree occurs in response to a letter from a publisher or publisher's attorneys requesting a self audit. Many clients are discouraged to learn that software purchases made after the date of the initial letter have no impact in a software audit matter. For this reason, I advise my clients against scrambling to acquire software in response to a software audit.

The first thing a target of a software audit needs to do is preserve the evidence of software products installed on the company’s computers as of the audit effective date. Second, the software installed needs to be reconciled against proof of purchase information to determine whether there is gap between licenses owned and software installed. Third, a decision needs to be made regarding whether to purchase or uninstall any unlicensed software. The auditing entity is only concerned with those products installed as of the audit effective date, and accepts only proofs of purchase dated on or before that date.

I advise my clients that regardless of what was installed on the audit effective date, they only need to purchase software licenses for products that they need to use going forward. Although it will not resolve past liability, companies may choose to uninstall unlicensed products at the conclusion of the audit matter, rather than purchase unnecessary software simply because it was installed on the effective date. At the conclusion of a software audit matter, the target must certify that it has come into compliance through the combination of buying and\or uninstalling the products in question.

Tags: