http://blawg.bsadefense.com/ en Copyright 2010 Thu, 22 Jul 2010 21:13:43 +0000 http://www.sixapart.com/movabletype/ http://blogs.law.harvard.edu/tech/rss The Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) pursue copyright infringement claims against companies accused of installing unauthorized copies of software. Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems. This audit process often is arduous and involves collecting all available license-purchase documentation for the BSA- or SIIA-member software product installations discovered during the investigation. However, unlike the IRS’ retention requirement of 7 years for business records, the BSA and SIIA will not recognize license-credit in favor of the businesses they target without dated proof of proper licensing for every installed software product, regardless of when it was purchased. More troubling for many businesses is the fact that, even if they are able to produce purchase documentation for software installed on their systems, they may receive no credit for that documentation if it appears to have been received from a software vendor that is not an authorized dealer. Purchasing software from some web sites, such as Amazon.com’s Amazon Marketplace, eBay, or Craigslist, can be risky, especially when the quoted price for a product is less than 80% of its MSRP value. Many of these heavily discounted software products licenses are offered without the authorization of the software publisher and could end up being useless to the business purchasing them, in the event of an audit. The cost can be magnified when, following settlement, the affected companies are required to re-purchase the same software from a reputable vendor. In rare instances, the BSA and SIIA sue unauthorized resellers. In June, the SIIA worked with the LAPD to bring criminal charges against two individuals accused of pirating SIIA member software and selling it on Craigslist. However, while the BSA and SIIA pursue unauthorized retailers with civil and criminal charges, they are unable to expose all potential unauthorized retailers. Therefore, as a prudent practice, prior to making any software purchases, a company should investigate whether a vendor is an authorized seller of properly licensed software. Additionally, a company should beware of heavily discounted software. http://blawg.bsadefense.com/2010/07/unauthorized_software_costly_t.html http://blawg.bsadefense.com/2010/07/unauthorized_software_costly_t.html BSA business software alliance SIIA software audit software information and industry association Thu, 22 Jul 2010 21:13:43 +0000 Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor. Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses’ software license-compliance status as of the audit effective date – the date on the first letter those entities send to a targeted business. The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date. Because computer networks may change rapidly, the auditors need to identify a moment in time for which they can ask the audited business, “Did you have all of the licenses for the software installed on your computers?” If the answer is yes, the auditing entity will typically close its file. If the answer is no, the auditing entity will claim the business engaged in copyright infringement on the effective date. The business’ representation that it was compliant after the effective date has no bearing on whether the business engaged in copyright infringement on the effective date. If the matter proceeds to a lawsuit, the auditor likely would claim that the business infringed its or its members’ copyrights on the effective date. The auditing entity typically demands proof of purchase documentation that demonstrates the ownership of a sufficient number of licenses on or before the effective date. Software purchased after the effective date is not relevant to the audit. Locating, reviewing, and compiling the proof of purchase documentation is a collective effort that often requires coordination among various individuals and departments within an organization. In addition, identifying and listing all of the software on the company’s computers as of the effective date may be made doubly difficult when computers contain large amounts of software irrelevant to the audit. It is also important to keep in mind that software environments change as computers are added, decommissioned, and rebuilt with the ebb and flow of HR turnover. If you have been contacted by an auditing entity such as the BSA, the SIIA, or a software publisher, you should proceed with caution and should familiarize yourself with the typical process for such software audits. Experienced counsel can help to guide you through that process and to avoid unnecessarily large expenses. http://blawg.bsadefense.com/2010/05/effective_dates_in_software_au.html http://blawg.bsadefense.com/2010/05/effective_dates_in_software_au.html Autodesk audit BSA business software alliance Microsoft Audit SIIA software & information industry association software audit Thu, 13 May 2010 22:17:14 +0000 The Business Software Alliance (“BSA”), and the Software & Information Industry Association (“SIIA”) pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others. Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products. In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities’ members’ software products are properly licensed. It is not unusual for a company to discover during the audit process that its current or former employees installed software on company computers without authorization. Unfortunately, this oversight may lead to substantial financial penalties from the BSA or SIIA for any allegedly unauthorized installations. During the course of settlement negotiations, the BSA and SIIA routinely fine companies three times the MSRP value of each allegedly unlicensed product. While no written policy is foolproof against employees installing unauthorized software, a proactive approach includes guidelines and policies to outline proper use of a company’s computers. This may include provisions banning installing, using, or accessing software unless specifically authorized by the company. Educating employees to have a better understanding of how to use a company’s resources and technology properly may help to prevent costly penalties in the future. In addition to a written policy, it also is advisable for a company to routinely conduct an internal audit of its computers to help ensure software compliance. Once the BSA or the SIIA gets involved, it is typically too late to avoid paying a penalty. http://blawg.bsadefense.com/2010/05/adopting_software_use_policies.html http://blawg.bsadefense.com/2010/05/adopting_software_use_policies.html BSA business software alliance SIIA software & information industry association software audit Thu, 13 May 2010 22:15:26 +0000 Software copyright infringement litigation (sometimes called software anti-piracy claims) comes in an array of varieties. Frequently, it is functionally indistinguishable from disputes involving literary or audio-visual works and centers on claims that an infringer copied a copyright owner’s work and then sold that work as the infringer’s own in pursuit of an undeserved profit. Software licensing and counterfeiting disputes comprise the majority of such claims and are very common in light of large publisher and trade group initiatives aimed at enforcement in these areas. Moving across the spectrum of complexity, because software is almost universally distributed under a licensing regime, rather than sales of copies, many other actions involve claims that a defendant used software outside the scope of the relevant license and thereby infringed the copyright. These matters usually require a more nuanced approach by a reviewing court, because they require a determination of whether the actions or omissions at issue constituted use outside the scope of the license – and therefore copyright infringement – or merely breaches of independent license terms, for which the plaintiff must seek damages, if any, in contract law. However, a third class of software copyright litigation – what might be labeled “competing works litigation” – typically requires substantially more effort from the parties and the tribunal than either of the above types of disputes. In these cases, the developer or owner of one program complains that a different product created or distributed by the defendant consists, in whole or in part, of the work in which the plaintiff holds the copyright. These cases on average involve significantly higher stakes than other software copyright disputes, in that they can threaten the defendant with elimination of an entire line of business or even, in some cases, with the cessation of business operations altogether. The legal analyses and factual development in such matters can approach the level of complexity usually associated with patent disputes, and, indeed, many of the considerations in such matters likely would be familiar to dedicated patent law practitioners. http://blawg.bsadefense.com/2010/05/litigating_copyright_infringem.html http://blawg.bsadefense.com/2010/05/litigating_copyright_infringem.html copyright infringement Thu, 13 May 2010 22:14:46 +0000 Business owners and managers whose companies have been targeted by IBM for a compliance audit often express surprise at the complex method IBM uses to determine the licensing requirements for many of its server software products, such as WebSphere and Tivoli. Many software vendors employ server software licensing frameworks that would be familiar to most anyone with experience purchasing software licenses: for every installation of a software product on a computer, the owner of that computer must purchase a corresponding license allowing use on that machine. There are some common variations on that general theme used by some publishers – notably, Microsoft – involving connections to server software by other computers on the network. With Microsoft SQL Server, for example, the computer owner must purchase either an appropriate number of client access licenses (CALs) for each user or device accessing the server software or else a “processor” license for each physical processor in a given computer, allowing use by an unlimited number of remote users or devices. (Processor licenses are typically significantly more expensive that CAL-based software licenses, but they may represent a good value for servers with a high number of remote connections.) IBM previously employed a processor-based licensing formula for its server products, but in 2006 it moved to a licensing model using what it calls “processor value units” (PVUs). Under this model, each server processor is assigned a per-core PVU number that depends on the manufacturer and specifications for that processor. (IBM maintains a chart of per-core PVU numbers here.) That PVU number then is multiplied by the number of physical processor cores embodied in the processor to determine the processor value for the physical processor. For servers with multiple processors, that processor value then is multiplied by the number of processors to determine the server value. It is this final PVU number that reflects the licensing required for each computer, as follows: Server Description: Dual processor, quad-core Dell PowerEdge SC1435 Server value = 50 PVUs/core x 4 cores/processor x 2 processors = 400 PVUs IBM terms the formula described above “capacity licensing.” For machines employing virtualization technologies, under which a virtual server hosted on a physical machine may utilize less than all of the physical machines resources, IBM allows its customers to apply “sub-capacity” licensing rules to reduce the number of PVUs required for compliance. However, the sub-capacity rules entail a number of significant requirements, including use of IBM’s License Metric Tool, which reports information about hardware configurations and software deployments directly to IBM. IBM software licensing involves a significant financial cost, and IBM’s products typically function in business-critical capacities in a company’s network. Companies that find themselves engaged in IBM audits are well advised to discuss their IBM licensing status with knowledgeable outside counsel before disclosing any information to IBM or making any changes to their IBM software deployments. http://blawg.bsadefense.com/2010/04/ibm_software_audits_involve_co.html http://blawg.bsadefense.com/2010/04/ibm_software_audits_involve_co.html IBM audit processor value unit PVU software audit Tue, 20 Apr 2010 21:09:51 +0000 The Business Software Alliance (BSA) is an organization that pursues copyright infringement claims on behalf of many software publishers against companies it accuses of violating its members’ software license agreements. Because the cost of litigation in most cases outweighs the cost to settle out of court, the BSA often is able to force businesses to comply with an arduous and often arbitrary software audit process that typically culminates in a negotiated settlement entailing a significant settlement payment to the BSA. Due to the nature of the process and the possibility that a settlement may be misconstrued to reflect misconduct on the part of a company, many companies that settle with the BSA seek to keep the existence and terms of settlement confidential. However, the BSA disfavors confidentiality provisions, because they interfere with its efforts to publicize the results of its license enforcement program. Therefore, the BSA typically demands a higher settlement payment to include such a provision. Absent a confidentiality provision in the settlement agreement, the BSA generally is free to issue a press release detailing the terms of settlement and name of the company. The BSA often then seeks to publish the release in media outlets relevant to the targeted business’ industry or geographic location, in addition to publishing the press release on its web site. There are many considerations for a company contemplating a demand for confidentiality. Some larger, more recognizable companies seek confidentiality provisions to offset potentially negative publicity associated with their brand. Under those circumstances, the additional penalty amount may represent an acceptable cost. However, smaller companies often choose to pay a lower settlement amount not inclusive of confidentiality, based on a determination that damage to their brands, if any, likely would be less significant. This is a decision in which a company’s upper management should be given an opportunity to contribute. Finally, on rare occasions, some companies seek to issue their own press releases, detailing the settlement terms, and exposing the BSA’s software auditing process as a warning for other businesses. Regardless of the strategy a company chooses regarding confidentiality, it is important to be aware of the implications of failing to include a confidentiality provision in the final settlement agreement. When in doubt, it is beneficial to seek counsel from an attorney familiar with the BSA process. http://blawg.bsadefense.com/2010/04/life_after_a_software_audit_ke.html http://blawg.bsadefense.com/2010/04/life_after_a_software_audit_ke.html BSA business software alliance software audit Fri, 02 Apr 2010 20:23:51 +0000 In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation. NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI. NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs. The court rejected NEI’s request for damages for each separate work and concluded that “a plaintiff should not receive a windfall recovery by inflating the number of works infringed from its own compilation.” The court determined that “when a plaintiff compiles assorted copyrighted products into a new product, the compilation constitutes one work for purposes of copyright infringement.” NEI’s focus on “whether each item (in a compilation) has an independent economic value and is, in itself, viable” did not sway the court. Rather, the Court held that “adopting such a test would be to make a total mockery of Congress' express mandate that all parts of a compilation must be treated as a single work for purposes of computing statutory damages.” The court also declined to apply rulings from cases NEI presented in which defendants, rather than plaintiffs, created compilations of the plaintiff’s works. If you have been contacted by the Business Software Alliance (BSA), Software & Information Industry Association (SIIA), or another software industry auditing entity, you should contact counsel experienced in negotiating with auditing entities regarding bundled software suites that resemble compilations. http://blawg.bsadefense.com/2010/04/judge_rejects_copyright_damage.html http://blawg.bsadefense.com/2010/04/judge_rejects_copyright_damage.html BSA copyright infringement SIIA software audit Fri, 02 Apr 2010 20:22:30 +0000 The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish. In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements. In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses. The audit process is lengthy and arduous and often is affected by costly mistakes. One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process. It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit. The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions, Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives. However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA. Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit. Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product. The BSA then typically applies a multiplier for each product included in its settlement offer calculations. For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA. If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity. http://blawg.bsadefense.com/2010/03/costly_software_audit_mistakes.html http://blawg.bsadefense.com/2010/03/costly_software_audit_mistakes.html BSA copyright infringement SIIA software audit Thu, 18 Mar 2010 00:10:38 +0000 http://www.iipa.com/2010_SPEC301_TOC.htm]]> http://blawg.bsadefense.com/2010/03/bsasupported_organization_adop.html http://blawg.bsadefense.com/2010/03/bsasupported_organization_adop.html BSA business software alliance software audit Thu, 18 Mar 2010 00:08:55 +0000 Many companies choose to pursue an internal audit of software systems after receiving a request from the Business Software Alliance (BSA). When it comes to deciding how to proceed with an audit, there are multiple considerations, including, but not limited to, the size of the company, amount of computers, type of software at issue, IT support, and accuracy of a company’s records. A small company with few computers is better suited than a larger corporation to conduct its own audit either manually or to take advantage of one of the many free software scan tools available on the internet. There are still risks of inaccuracy involved. One danger is that a company may submit information regarding a free download that may be mislabeled, and inaccurately reported to the BSA as unlicensed software. This risk is amplified for larger companies with many computer systems and multiple users. If a large company seeks to conduct its own audit, the free scanning tools are still an acceptable choice, as manually checking each computer is both tedious and can lead to mistakes. An alternative is to seek a consultant who specializes in software infringement issues and who can assist with network inventory and sorting through software purchasing invoices and receipts. However, it is important to keep in mind that, unless that consultant is an attorney, he or she may have no duty of confidentiality to the company. Therefore, it is wise either to obtain a comprehensive confidentiality agreement from the consultant or to retain a knowledgeable attorney to assist with the inventory. In addition to collecting an inventory of software installations, it is important to gather purchasing information to provide to the BSA. If receipts and invoices are not provided for all software installations reported, the BSA will assume the software is unlicensed and will increase its settlement demand. Regardless of the size of a company, if there are concerns about the ability to scan software, locate purchasing information or evaluate audit results, it is advisable to seek outside assistance with the process from an expert. http://blawg.bsadefense.com/2010/03/when_to_seek_help_for_a_bsa_au.html http://blawg.bsadefense.com/2010/03/when_to_seek_help_for_a_bsa_au.html BSA business software alliance internal audit network inventory Fri, 05 Mar 2010 23:50:43 +0000 The Business Software Alliance (BSA) regularly targets small-to-medium sized businesses for expensive software audits to determine whether those businesses are in compliance with their BSA-member software licenses. In furtherance of that effort, the BSA offers cash rewards to disgruntled current or former employees who provide information about allegedly unlicensed software installed on their employers’ computers. However, in many cases, businesses targeted by the BSA discover that there appear to be significant discrepancies between the information apparently provided by the BSA’s confidential informants and the actual license-compliance status of those businesses. Many businesses suspect that the cause of the discrepancy is the informants’ desire to profit from the BSA’s reward program. Regardless of the cause, however, when the audit materials submitted in an audit matter do not conform to the information supplied by the confidential informant, the BSA typically disputes the results. The business then ends up incurring additional legal fees in an effort to authenticate those results and move the matter forward to a resolution. Worse, though, even when the BSA discovers that its informant may have provided false information, it typically will not stop pursuing the copyright infringement claims. The BSA’s loose definition of “unlicensed” software covers any software with no proof of purchase. Therefore, even though business records are only required to be kept for seven years for tax purposes, because the BSA requires dated proof of purchase in order to credit a business with license ownership, it effectively expects its business targets to keep their invoices for software license purchases forever. The BSA thus justifies its continued pursuit of businesses, even in the face of an apparently unreliable informant, based less on principles of copyright law than on potentially inadequate accounting practices. There is usually little recourse against the BSA or the informant for initiating legal action based on false information. In some cases, a company may consider suing the informant on a breach of contract or breach of confidentiality claim, depending on the existence of any prior agreements with the informant, but the expense of such an action would be prohibitive for most businesses. For these reasons and others, it is important for all companies, regardless of whether they are faced with a BSA audit, to be prepared to document their license ownership, to keep confidential all information relevant or potentially relevant to an audit, and to seek the assistance of counsel. http://blawg.bsadefense.com/2010/03/bsa_pursues_software_audits_de.html http://blawg.bsadefense.com/2010/03/bsa_pursues_software_audits_de.html BSA business software alliance software audit Fri, 05 Mar 2010 23:49:53 +0000 Business Software Alliance (BSA) and the software companies it represents. Most people understand software piracy to involve the intentional copying and, in many cases, distribution of copyrighted software to third parties without permission of the copyright owner. Understandably, the term has extremely negative connotations, and most businesses will go to great lengths to avoid behavior that could reasonably be branded as “piracy.” Unfortunately, the BSA’s definition of software piracy is considerably more broad than the common understanding and may be confusing to companies audited by the BSA who have never knowingly copied unlicensed software. During a BSA-initiated software audit, the BSA requires the businesses it targets to provide dated proofs of purchase for each software product installed on their computers. There are specific types of documentation the BSA accepts, and it usually rejects purchases from E-bay, Amazon, or similar Internet-based re-sellers. Therefore, if a company unknowingly purchases software from an unauthorized retailer or simply is unable to find receipts for products it purchased, the BSA will penalize the company as though it intentionally violated copyright law and “pirated” the software. Worse, typically after an audit the BSA will enter into settlement agreements with the companies it accuses of copyright infringement. Unless a provision for confidentiality is included in a settlement agreement (usually only in return for a significant additional amount to be paid at settlement), there is nothing to prevent the BSA from publishing a press release identifying the targeted company, the software products involved, and the settlement amount, and otherwise making express or implied statements that the company is guilty of “software piracy.” As a general rule, companies should keep all receipts from software purchases indefinitely, and they should purchase software only from authorized dealers. Additionally, recipients of letters from the BSA should seek experienced legal counsel to assist with the audit and to help negotiate a resolution that may prevent the unnecessarily negative publicity that can result from the BSA’s overzealous application of the “pirate” label.]]> http://blawg.bsadefense.com/2010/03/what_is_the_bsas_definition_of.html http://blawg.bsadefense.com/2010/03/what_is_the_bsas_definition_of.html BSA business software alliance copyright infringement software audit Thu, 04 Mar 2010 21:56:12 +0000 here. The article’s sources appear to base their suggestions on a combination of personal experience and, perhaps, assumptions about the BSA’s operating procedures in U.K.-based software audit matters. One source is cited as suggesting that “companies being chased to complete audits should only do so if the BSA is willing to disclose why they are being targeted, which is something it would have to do as part of any litigation process.” However, at least in U.S.-based audit matters, the BSA is generally unwilling in any circumstances short of a federal lawsuit to disclose any information regarding the source of its information. In addition, the BSA in the U.S. operates under powers of attorney signed by the software publisher-members it represents, and it has, in the past, shown itself to be willing to pursue software audit matters in court, in the event that business targets either refuse to co-operate with its audit demands or provide information that materially and significantly diverges from the information obtained from its confidential sources. Notwithstanding the understandable reservations many businesses may have – and should have – regarding disclosing otherwise confidential information to third parties, businesses confronted by the BSA with allegations of software copyright infringement should, at the very least, engage knowledgeable counsel in an effort to evaluate the advisability of co-operating with such demands based on all of the facts. For most businesses in that situation, it will make more sense to co-operate with the BSA in reaching an out-of-court resolution. Such an informal process allows a business to control the flow of information to the BSA and to preserve the confidentiality of any negotiated resolution. Costs and expenses associated with co-operation also generally are significantly less than those associated with a federal lawsuit, and the potential for a lower agreed settlement amount usually will be greater as well. There are exceptions, of course, and it is equally important to keep in mind that it may make more sense, for any number of reasons, either to refuse to co-operate or, possibly, to file a pre-emptive lawsuit, usually in the form of a request that a court issue a declaratory judgment regarding the absence of copyright infringement. Again, however, these are decisions that businesses must make only after consulting with an attorney who is knowledgeable regarding the issues presented and the potential for exposure. ]]> http://blawg.bsadefense.com/2009/05/most_us_businesses_should_coop.html http://blawg.bsadefense.com/2009/05/most_us_businesses_should_coop.html bsa bsa audit bsa software audit business software alliance audit Thu, 07 May 2009 22:11:57 +0000 Business Software Alliance Report]]> http://blawg.bsadefense.com/2009/05/how_the_bsa_got_your_name.html http://blawg.bsadefense.com/2009/05/how_the_bsa_got_your_name.html bsa business software alliance Thu, 07 May 2009 22:10:22 +0000 here. ]]> http://blawg.bsadefense.com/2009/05/bsa_member_list_changes.html http://blawg.bsadefense.com/2009/05/bsa_member_list_changes.html bsa bsa members business software alliance business software alliance members Thu, 07 May 2009 22:08:50 +0000