http://blawg.bsadefense.com/ en Copyright 2010 Fri, 05 Mar 2010 23:50:43 +0000 http://www.sixapart.com/movabletype/ http://blogs.law.harvard.edu/tech/rss Many companies choose to pursue an internal audit of software systems after receiving a request from the Business Software Alliance (BSA). When it comes to deciding how to proceed with an audit, there are multiple considerations, including, but not limited to, the size of the company, amount of computers, type of software at issue, IT support, and accuracy of a company’s records. A small company with few computers is better suited than a larger corporation to conduct its own audit either manually or to take advantage of one of the many free software scan tools available on the internet. There are still risks of inaccuracy involved. One danger is that a company may submit information regarding a free download that may be mislabeled, and inaccurately reported to the BSA as unlicensed software. This risk is amplified for larger companies with many computer systems and multiple users. If a large company seeks to conduct its own audit, the free scanning tools are still an acceptable choice, as manually checking each computer is both tedious and can lead to mistakes. An alternative is to seek a consultant who specializes in software infringement issues and who can assist with network inventory and sorting through software purchasing invoices and receipts. However, it is important to keep in mind that, unless that consultant is an attorney, he or she may have no duty of confidentiality to the company. Therefore, it is wise either to obtain a comprehensive confidentiality agreement from the consultant or to retain a knowledgeable attorney to assist with the inventory. In addition to collecting an inventory of software installations, it is important to gather purchasing information to provide to the BSA. If receipts and invoices are not provided for all software installations reported, the BSA will assume the software is unlicensed and will increase its settlement demand. Regardless of the size of a company, if there are concerns about the ability to scan software, locate purchasing information or evaluate audit results, it is advisable to seek outside assistance with the process from an expert. http://blawg.bsadefense.com/2010/03/when_to_seek_help_for_a_bsa_au.html http://blawg.bsadefense.com/2010/03/when_to_seek_help_for_a_bsa_au.html BSA business software alliance internal audit network inventory Fri, 05 Mar 2010 23:50:43 +0000 The Business Software Alliance (BSA) regularly targets small-to-medium sized businesses for expensive software audits to determine whether those businesses are in compliance with their BSA-member software licenses. In furtherance of that effort, the BSA offers cash rewards to disgruntled current or former employees who provide information about allegedly unlicensed software installed on their employers’ computers. However, in many cases, businesses targeted by the BSA discover that there appear to be significant discrepancies between the information apparently provided by the BSA’s confidential informants and the actual license-compliance status of those businesses. Many businesses suspect that the cause of the discrepancy is the informants’ desire to profit from the BSA’s reward program. Regardless of the cause, however, when the audit materials submitted in an audit matter do not conform to the information supplied by the confidential informant, the BSA typically disputes the results. The business then ends up incurring additional legal fees in an effort to authenticate those results and move the matter forward to a resolution. Worse, though, even when the BSA discovers that its informant may have provided false information, it typically will not stop pursuing the copyright infringement claims. The BSA’s loose definition of “unlicensed” software covers any software with no proof of purchase. Therefore, even though business records are only required to be kept for seven years for tax purposes, because the BSA requires dated proof of purchase in order to credit a business with license ownership, it effectively expects its business targets to keep their invoices for software license purchases forever. The BSA thus justifies its continued pursuit of businesses, even in the face of an apparently unreliable informant, based less on principles of copyright law than on potentially inadequate accounting practices. There is usually little recourse against the BSA or the informant for initiating legal action based on false information. In some cases, a company may consider suing the informant on a breach of contract or breach of confidentiality claim, depending on the existence of any prior agreements with the informant, but the expense of such an action would be prohibitive for most businesses. For these reasons and others, it is important for all companies, regardless of whether they are faced with a BSA audit, to be prepared to document their license ownership, to keep confidential all information relevant or potentially relevant to an audit, and to seek the assistance of counsel. http://blawg.bsadefense.com/2010/03/bsa_pursues_software_audits_de.html http://blawg.bsadefense.com/2010/03/bsa_pursues_software_audits_de.html BSA business software alliance software audit Fri, 05 Mar 2010 23:49:53 +0000 Business Software Alliance (BSA) and the software companies it represents. Most people understand software piracy to involve the intentional copying and, in many cases, distribution of copyrighted software to third parties without permission of the copyright owner. Understandably, the term has extremely negative connotations, and most businesses will go to great lengths to avoid behavior that could reasonably be branded as “piracy.” Unfortunately, the BSA’s definition of software piracy is considerably more broad than the common understanding and may be confusing to companies audited by the BSA who have never knowingly copied unlicensed software. During a BSA-initiated software audit, the BSA requires the businesses it targets to provide dated proofs of purchase for each software product installed on their computers. There are specific types of documentation the BSA accepts, and it usually rejects purchases from E-bay, Amazon, or similar Internet-based re-sellers. Therefore, if a company unknowingly purchases software from an unauthorized retailer or simply is unable to find receipts for products it purchased, the BSA will penalize the company as though it intentionally violated copyright law and “pirated” the software. Worse, typically after an audit the BSA will enter into settlement agreements with the companies it accuses of copyright infringement. Unless a provision for confidentiality is included in a settlement agreement (usually only in return for a significant additional amount to be paid at settlement), there is nothing to prevent the BSA from publishing a press release identifying the targeted company, the software products involved, and the settlement amount, and otherwise making express or implied statements that the company is guilty of “software piracy.” As a general rule, companies should keep all receipts from software purchases indefinitely, and they should purchase software only from authorized dealers. Additionally, recipients of letters from the BSA should seek experienced legal counsel to assist with the audit and to help negotiate a resolution that may prevent the unnecessarily negative publicity that can result from the BSA’s overzealous application of the “pirate” label.]]> http://blawg.bsadefense.com/2010/03/what_is_the_bsas_definition_of.html http://blawg.bsadefense.com/2010/03/what_is_the_bsas_definition_of.html BSA business software alliance copyright infringement software audit Thu, 04 Mar 2010 21:56:12 +0000 here. The article’s sources appear to base their suggestions on a combination of personal experience and, perhaps, assumptions about the BSA’s operating procedures in U.K.-based software audit matters. One source is cited as suggesting that “companies being chased to complete audits should only do so if the BSA is willing to disclose why they are being targeted, which is something it would have to do as part of any litigation process.” However, at least in U.S.-based audit matters, the BSA is generally unwilling in any circumstances short of a federal lawsuit to disclose any information regarding the source of its information. In addition, the BSA in the U.S. operates under powers of attorney signed by the software publisher-members it represents, and it has, in the past, shown itself to be willing to pursue software audit matters in court, in the event that business targets either refuse to co-operate with its audit demands or provide information that materially and significantly diverges from the information obtained from its confidential sources. Notwithstanding the understandable reservations many businesses may have – and should have – regarding disclosing otherwise confidential information to third parties, businesses confronted by the BSA with allegations of software copyright infringement should, at the very least, engage knowledgeable counsel in an effort to evaluate the advisability of co-operating with such demands based on all of the facts. For most businesses in that situation, it will make more sense to co-operate with the BSA in reaching an out-of-court resolution. Such an informal process allows a business to control the flow of information to the BSA and to preserve the confidentiality of any negotiated resolution. Costs and expenses associated with co-operation also generally are significantly less than those associated with a federal lawsuit, and the potential for a lower agreed settlement amount usually will be greater as well. There are exceptions, of course, and it is equally important to keep in mind that it may make more sense, for any number of reasons, either to refuse to co-operate or, possibly, to file a pre-emptive lawsuit, usually in the form of a request that a court issue a declaratory judgment regarding the absence of copyright infringement. Again, however, these are decisions that businesses must make only after consulting with an attorney who is knowledgeable regarding the issues presented and the potential for exposure. ]]> http://blawg.bsadefense.com/2009/05/most_us_businesses_should_coop.html http://blawg.bsadefense.com/2009/05/most_us_businesses_should_coop.html bsa bsa audit bsa software audit business software alliance audit Thu, 07 May 2009 22:11:57 +0000 Business Software Alliance Report]]> http://blawg.bsadefense.com/2009/05/how_the_bsa_got_your_name.html http://blawg.bsadefense.com/2009/05/how_the_bsa_got_your_name.html bsa business software alliance Thu, 07 May 2009 22:10:22 +0000 here. ]]> http://blawg.bsadefense.com/2009/05/bsa_member_list_changes.html http://blawg.bsadefense.com/2009/05/bsa_member_list_changes.html bsa bsa members business software alliance business software alliance members Thu, 07 May 2009 22:08:50 +0000 Most BSA Audits begin with a report from a disgruntled employee or former employee. The Business Software Alliance maintains telephone hotlines and a web site to encourage disgruntled employees and vendors to make anonymous reports against companies of all sizes. The BSA dedicates a substantial portion of its revenue marketing on radio stations and the internet to these "rats," promising them confidentiality and the ability to make an anonymous complaint. The current ad on Google reads: BSA - Official Site www.BSA.org/reportpiracy Earn up to $1 million for Reporting Pirated Software - All Confidential The Business Software Alliance investigates all reports of software piracy without confirming the veracity of the information provided or the motive of the person making the complaint. Once a report is received, the Business Software Alliance makes a decision about whether to request a self-audit or to immediately file suit. In the overwhelming majority of cases, the Business Software Alliance pursues the self-audit approach. Acting either through an internal enforcement attorney or an outside law firm, the BSA will send a letter to the target company requesting a self-audit. The request for an audit is a critical stage in the process, and the time when an experienced attorney can help your business the most. http://blawg.bsadefense.com/2009/05/bsa_audit_procedures.html http://blawg.bsadefense.com/2009/05/bsa_audit_procedures.html bsa business software alliance Thu, 07 May 2009 22:05:45 +0000 Business Software Alliance Report]]> http://blawg.bsadefense.com/2009/05/business_software_alliance_rep.html http://blawg.bsadefense.com/2009/05/business_software_alliance_rep.html Thu, 07 May 2009 22:01:56 +0000 here. Section 1030 as it currently exists is available here.]]> http://blawg.bsadefense.com/2009/05/software_industry_supports_new.html http://blawg.bsadefense.com/2009/05/software_industry_supports_new.html bsa business software alliance Thu, 07 May 2009 21:57:42 +0000 Many companies who comply with a demand by a software publisher or industry association (such as the BSA or the SIIA) for an internal software audit end up facing significant settlement demands after forwarding their audit materials to the other side. One of the reasons the settlement demands often are so high is the fact that the auditing entities frequently base their demands, in part, on the “unbundled” price of software suites. Thus, where a company may expect to pay a fine based on the MSRP of, for example, one undocumented installation Microsoft Office Professional 2007 ($679), it likely will end up receiving a settlement demand based on the combined MSRPs of each of the components of that undocumented suite: Word ($229), Excel ($229), PowerPoint ($229), Outlook ($110), Publisher ($169), and Access ($229), all totaling $1195. In a typical case these difference add tens of thousands of dollars to the amount in controversy. Another way in which publishers or auditing entities raise the amount in controversy in software audits is the attempt to assess separate “fines” for each allegedly infringing installation of a software product. Thus, a company reporting just ten undocumented installations of Office Professional 2007, with no other licensing shortfalls, may receive a settlement offer based on the combined, “unbundled” MSRPs of the component products totaling just shy of $12,000. Moreover, that is before the auditing entity applies any multipliers to that figure (yet another common tactic) or makes any assessments for their claimed legal fees, both of which factors may drive the opening settlement offer in the above example to $40,000 or more. It is not difficult to see how owners of small to medium businesses who think that they have a handle on their financial exposure in a software audit matter often end up with truly unpleasant surprises after submitting audit materials to the BSA or SIIA that they may have believed would be negotiating on a more equitable basis. If your business has been accused of software “piracy” and is responding to a software audit demand either from a software publisher like Autodesk or from the BSA or the SIIA, an experienced attorney can give you visibility into the process and help you avoid unpleasant surprises. http://blawg.bsadefense.com/2009/05/unpleasant_surprises_in_bsa_si.html http://blawg.bsadefense.com/2009/05/unpleasant_surprises_in_bsa_si.html bsa business software alliance audit siia Thu, 07 May 2009 21:56:11 +0000 The targets of BSA audits frequently believe that they know who reported them to the Business Software Alliance. Justifiably angry, they want to know what legal recourse they have against the informant. Because the informants are frequently out of work, having been fired by the target, I advise my clients about the number one rule governing litigation: never sue poor people. Legally speaking, the most probable cause of action against an informant in a BSA audit would be based upon a breach of an employment agreement containing a confidentiality provision. We have frequently assisted clients in drafting letters to former employees presumed to be the informant, forcefully reminding them of their confidentiality obligations, but have come short of advising clients to file suit against a presumed informant. http://blawg.bsadefense.com/2009/04/suing_the_informant_in_bsa_aud.html http://blawg.bsadefense.com/2009/04/suing_the_informant_in_bsa_aud.html bsa bsa software audit business software alliance audit Tue, 07 Apr 2009 00:40:29 +0000 If your company has received a letter from the BSA requesting a software audit, you are probably wondering whether you should cooperate or tell the BSA to pound sand. I advise my clients to cooperate but to do so in a manner that will not jeopardize their legal position in the event that cooperation does not result in an acceptable out-of-court settlement. This advice is predicated on the fact that business clients almost universally seek a resolution that has the lowest total costs and the most predictability. In BSA audits, these costs are software licensing fees, fines payable to the BSA, attorney’s fees, organizational impact, and the potential damage to brand associated with negative publicity. In my experience, a properly handled BSA audit can always be resolved for a lower total cost through cooperation than through litigation. Most importantly, cooperation does not preclude litigation in the future if the BSA is unreasonable in its approach to settlement. In other words, you can always go to court if the out-of-court, lower total cost approach is not satisfactory. However, we have seen audit targets and other lawyers make several mistakes that actually detriment their legal position during negotiations with the BSA. The two critical success factors to properly handling a BSA audit or making sure that the information gathered during the process, which would not otherwise be discoverable in a court proceeding, is protected by attorney work-product and attorney client privileges. In addition, no information should be provided to the BSA unless and until the BSA agrees that the information is governed by Federal Rule of Evidence 408 and therefore will not be admissible in court if an out-of-court resolution is not reached with the BSA. The only time I have deviated from this advice has been where the audited entity was not a viable going concern and the principal(s) were judgment proof. If you have been contacted by the BSA, you should contact an experienced attorney to assist you with strategy. http://blawg.bsadefense.com/2009/04/cooperation_or_litigation_bsa.html http://blawg.bsadefense.com/2009/04/cooperation_or_litigation_bsa.html bsa audit bsa software audit business software alliance audit Tue, 07 Apr 2009 00:39:18 +0000 One of the first things I ask a prospective client is: What is the date on the initial letter you received from the BSA? The date on the initial in a BSA letter is often referred to as the Audit Effective Date. This date is important for many reasons. I like to tell my clients that a BSA audit measures a snap-shot in time – what BSA member software was installed on the company’s computers as of the Audit Effective Date. Once you have an accurate inventory of what was installed on the Audit Effective Date the next step is to determine what proofs of purchase are available to establish purchases prior to the Audit Effective Date. When a BSA audit matter is settled, the target is required to certify that the audit results provided during the course of negotiations are true and correct as of the Audit Effective Date. For this reason uninstalling software that was installed on the effective date, or purchasing software products after the effective date have no impact on the BSA’s calculation of fines in BSA audits. It is critical to obtain an accurate inventory of the software installed on the target company’s computers as quickly as possible following receipt of the initial letter from the BSA. Failure to understand the importance of the Audit Effective Date, has caused companies to go on software buying sprees in response to a BSA audit and to report results to the BSA reflecting the software installed on a date after the Audit Effective Date. I believe that both of these strategies are mistakes that should be avoided. http://blawg.bsadefense.com/2009/04/the_importance_of_the_audit_ef.html http://blawg.bsadefense.com/2009/04/the_importance_of_the_audit_ef.html bsa audit bsa software audit business software alliance audit Tue, 07 Apr 2009 00:37:45 +0000 One of the top ten questions asked by my clients is “How long does the BSA self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical BSA audit. Preparation of Audit Materials (3 to 6 months) A BSA audit is a request, under threat of litigation, to compile a listing of all BSA member software products installed on the audited entity’s computer network as of the Audit Effective Date. The Audit Effective Date is the date on the BSA initial letter requesting an audit. The first step in preparing this information is conducting an automated inventory of the software products installed on all computers owned or leased by the target company. Once an accurate inventory of the BSA member software products is completed, the next step is to reconcile the software inventory information with proofs of purchase dated prior to the audit effective date. While there are various ways to prove ownership of a software license, typically an invoice is considered the best evidence of ownership in a BSA audit. In the typical case, the inventory and reconciliation process takes three to six months. Secure a Confidentiality and Federal Rule of Evidence 408 Agreement (1 week) With very limited exceptions, we advise the targets of BSA audits to cooperate with the self-audit process but to do so in a way that does not compromise their position in the event that an out of court settlement is not possible. We do not disclose any information to the BSA until it signs an agreement regarding the confidentiality of the information disclosed and specifically limiting the BSA’s ability to introduce the information as evidence in court. In the typical case, the BSA will sign our standard agreement within one week. BSA Analyzes Self-Audit Materials and Makes a Settlement Demand (3 to 6 months) After the self-audit materials are submitted by the target of a BSA audit, the Business Software Alliance typically takes three to six months to respond. The BSA’s response provides its interpretation of the self-audit materials and applies a formula for its initial settlement proposal. The BSA’s formula for calculating fines is generally three times the unbundled full retail price of the software products installed on the target’s computers plus $3,500 for BSA’s attorney’s fees. In many instances, the BSA’s settlement proposal is substantially more than the target may have expected due to differences of opinion regarding what constitutes valid proof of ownership. In our experience, the BSA usually takes three to six months to make substantive response following the submission of the self-audit materials. Negotiation of Monetary and Non-Monetary Terms of Settlement (6 to 24 months) After the BSA makes its initial settlement demand, there are various monetary and non-monetary terms that need to be negotiated. The obvious material term in every BSA audit negotiation is the amount of any monetary amount to be paid to the BSA for alleged past infringement. The most significant non-monetary issue is whether the BSA will agree to a confidentiality provision. Such provisions require the BSA to keep the existence and details of the audit confidential and precluded BSA from issuing a press release. Negotiations over confidentiality provisions can be extremely protracted as the BSA agrees to such provisions in only very limited circumstances. Other non-monetary provisions include future obligations such as certifications of compliance, adoption of a software code of ethics, and production of additional proofs of purchase to the BSA for purchases made after the audit effective date. The length of the negotiation process differs from case to case but generally lasts between six months and two years. http://blawg.bsadefense.com/2009/04/bsa_audit_timeline.html http://blawg.bsadefense.com/2009/04/bsa_audit_timeline.html bsa software audit business software alliance audit Tue, 07 Apr 2009 00:36:21 +0000 One of the most controversial tactics the BSA uses when calculating its settlement demands is its practice of unbundling software suites such as Microsoft Office and Adobe Creative Suite. Unbundling occurs when the target of a BSA audit is unable to provide acceptable proof of purchase for one or more installation of a software suite. The effect of unbundling is to dramatically and artificially inflate the monetary component of a BSA settlement because the BSA calculates its fine based upon the MSRP of each component part of the software. In a BSA audit involving Microsoft Office for example, the BSA unbundles the suite by separating Microsoft Outlook, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Access and then calculates its proposed fine on the basis of the MSRP of each component. This practice results in a proposed fine per installation of approximately $2,000 for a product with a market price ranging from $150 to $350, depending on the version. In my opinion, the BSA’s practice of unbundling is completely contrary to law because the software suites of BSA member publishers are compilations under the copyright law and therefore constitute a single work for purposes of calculating statutory damages for infringement. The U.S. Copyright Act 17 U.S.C. § 101(c) defines a compilation as follows: “A "compilation" is a work formed by the collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship. The term "compilation" includes collective works.” The statutory damages provision of the U.S. Copyright Act 17 U.S.C. § 504(c) provides in pertinent part that: For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work. Federal court’s have also interpreted these provisions to preclude recovery of statutory damages for the component parts of a compilation. For example, in XOOM v. Imageline, the Court of Appeals for the Fourth Circuit only made one statutory damage award for each compilation of electronic clip art, even though each compilation included thousands of works because “[a]lthough parts of a compilation or derivative work may be ‘regarded as independent works for other purposes[,]’ for purposes of statutory damages, they constitute one work.” XOOM v. Imageline at 285, citing H.R. Rep. No. 94-1476, at 162 (1976). Similarly, in WB Music Corp. v. RTV Communications Group, 445 F.3d 538 (2d Cir. 2006) the Court of Appeals for the Second Circuit interpreted 17 U.S.C. § 504(c) and discussed the distinction between compilations authorized by the copyright holder that constitute “one work” for statutory damages purposes and collections of separate works compiled by the defendant and never authorized by the copyright holder. Because the software suites implicated in BSA audits involve separately copyrighted works included in a compilation authorized by the copyright owners, section 504(c) applies and prohibits the award of statutory damages for the component parts of the suite. http://blawg.bsadefense.com/2009/04/unbundling_software_suites_in.html http://blawg.bsadefense.com/2009/04/unbundling_software_suites_in.html bsa bsa audit business software alliance audit Tue, 07 Apr 2009 00:32:55 +0000