BSA Audits

In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation. NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI. NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs.

The court rejected NEI’s request for damages for each separate work and concluded that “a plaintiff should not receive a windfall recovery by inflating the number of works infringed from its own compilation.” The court determined that “when a plaintiff compiles assorted copyrighted products into a new product, the compilation constitutes one work for purposes of copyright infringement.”

NEI’s focus on “whether each item (in a compilation) has an independent economic value and is, in itself, viable” did not sway the court. Rather, the Court held that “adopting such a test would be to make a total mockery of Congress' express mandate that all parts of a compilation must be treated as a single work for purposes of computing statutory damages.” The court also declined to apply rulings from cases NEI presented in which defendants, rather than plaintiffs, created compilations of the plaintiff’s works.

If you have been contacted by the Business Software Alliance (BSA), Software & Information Industry Association (SIIA), or another software industry auditing entity, you should contact counsel experienced in negotiating with auditing entities regarding bundled software suites that resemble compilations.

The Business Software Alliance (BSA) is an organization that pursues copyright infringement claims on behalf of many software publishers against companies it accuses of violating its members’ software license agreements. Because the cost of litigation in most cases outweighs the cost to settle out of court, the BSA often is able to force businesses to comply with an arduous and often arbitrary software audit process that typically culminates in a negotiated settlement entailing a significant settlement payment to the BSA.

Due to the nature of the process and the possibility that a settlement may be misconstrued to reflect misconduct on the part of a company, many companies that settle with the BSA seek to keep the existence and terms of settlement confidential. However, the BSA disfavors confidentiality provisions, because they interfere with its efforts to publicize the results of its license enforcement program. Therefore, the BSA typically demands a higher settlement payment to include such a provision.

Absent a confidentiality provision in the settlement agreement, the BSA generally is free to issue a press release detailing the terms of settlement and name of the company. The BSA often then seeks to publish the release in media outlets relevant to the targeted business’ industry or geographic location, in addition to publishing the press release on its web site.

There are many considerations for a company contemplating a demand for confidentiality. Some larger, more recognizable companies seek confidentiality provisions to offset potentially negative publicity associated with their brand. Under those circumstances, the additional penalty amount may represent an acceptable cost. However, smaller companies often choose to pay a lower settlement amount not inclusive of confidentiality, based on a determination that damage to their brands, if any, likely would be less significant. This is a decision in which a company’s upper management should be given an opportunity to contribute. Finally, on rare occasions, some companies seek to issue their own press releases, detailing the settlement terms, and exposing the BSA’s software auditing process as a warning for other businesses.

Regardless of the strategy a company chooses regarding confidentiality, it is important to be aware of the implications of failing to include a confidentiality provision in the final settlement agreement. When in doubt, it is beneficial to seek counsel from an attorney familiar with the BSA process.

Business owners and managers whose companies have been targeted by IBM for a compliance audit often express surprise at the complex method IBM uses to determine the licensing requirements for many of its server software products, such as WebSphere and Tivoli. Many software vendors employ server software licensing frameworks that would be familiar to most anyone with experience purchasing software licenses: for every installation of a software product on a computer, the owner of that computer must purchase a corresponding license allowing use on that machine. There are some common variations on that general theme used by some publishers – notably, Microsoft – involving connections to server software by other computers on the network. With Microsoft SQL Server, for example, the computer owner must purchase either an appropriate number of client access licenses (CALs) for each user or device accessing the server software or else a “processor” license for each physical processor in a given computer, allowing use by an unlimited number of remote users or devices. (Processor licenses are typically significantly more expensive that CAL-based software licenses, but they may represent a good value for servers with a high number of remote connections.)

IBM previously employed a processor-based licensing formula for its server products, but in 2006 it moved to a licensing model using what it calls “processor value units” (PVUs). Under this model, each server processor is assigned a per-core PVU number that depends on the manufacturer and specifications for that processor. (IBM maintains a chart of per-core PVU numbers here.) That PVU number then is multiplied by the number of physical processor cores embodied in the processor to determine the processor value for the physical processor. For servers with multiple processors, that processor value then is multiplied by the number of processors to determine the server value. It is this final PVU number that reflects the licensing required for each computer, as follows:

Server Description: Dual processor, quad-core Dell PowerEdge SC1435
Server value = 50 PVUs/core x 4 cores/processor x 2 processors = 400 PVUs

IBM terms the formula described above “capacity licensing.” For machines employing virtualization technologies, under which a virtual server hosted on a physical machine may utilize less than all of the physical machines resources, IBM allows its customers to apply “sub-capacity” licensing rules to reduce the number of PVUs required for compliance. However, the sub-capacity rules entail a number of significant requirements, including use of IBM’s License Metric Tool, which reports information about hardware configurations and software deployments directly to IBM.

IBM software licensing involves a significant financial cost, and IBM’s products typically function in business-critical capacities in a company’s network. Companies that find themselves engaged in IBM audits are well advised to discuss their IBM licensing status with knowledgeable outside counsel before disclosing any information to IBM or making any changes to their IBM software deployments.