Archived News Article
It is alarmingly easy for an IT leader to unwittingly exceed the scope of a software licence, and the chances of being caught out have never been greater, as technology lawyers Mark Weston and Paul Gershlick explain
Written by Mark Weston and Paul Gershlick
Computing, 09 Feb 2010
Let’s assume you’ve worked hard to build up your business. Let’s assume you needed extra employees to service your growing needs and that you trust the people you took on. And let’s assume that you would never consider using pirated or unlicensed software. None of these assumptions is far-fetched and they reflect the reality for thousands of businesses. So why did you end up having to pay substantial damages as a result of being reported by one of your staff to your software licensor, the Business Software Alliance (BSA) or the Federation Against Software Theft (Fast)? This has happened to many businesses, with the numbers being “caught” during the ongoing recession growing ever larger.
First, some background. Both Fast and the BSA are not-for-profit trade associations. Fast’s members include software publishers, resellers, distributors and law firms. Indeed, the Fast Legal Action Group (Flag) is a legal lobby within Fast that lobbies for greater legal protection for the software industry. The BSA’s members include many of the largest names in the IT industry, such as Adobe, Apple, Intel and Microsoft. Both organisations seek to protect their members’ interests through education, and through enforcement action against transgressors. Their enforcement letters are tenacious, can be aggressive and often create much hassle for recipients. More on this below. Fast and the BSA also set the tone for much of the remainder of the industry which is not a member of either – usually smaller software licensors.
Using the BSA as an example, being on the receiving end of one of its enforcement letters is a scenario faced by an increasing number of businesses. Every year, the BSA investigates hundreds of British businesses for using unlicensed software and many are threatened with legal proceedings. In 2009, the BSA received increased software piracy leads, which resulted in investigations. These leads are usually reports from inside businesses. For reasons we will see, there are many incentives that explain why the number of leads – and the number of successful recoveries of damages – has been increasing; but there are also good reasons why the number of successful recoveries may start going down.
New research from Forrester shows that software users faced increased software audits from software licensors in 2009 as licensors sought to collect as much money as possible. After all, there is a recession on and software businesses that are selling less software are looking to compensate for diminished revenue streams. Audits are possible because most software licences provide licensors with a right to check that users are complying with the licence agreements.
Are you a software pirate?
Returning to our scenario, that may be fine for the “illegal” businesses but how does this affect you, the legitimate user of software? You think you are a legitimate business that has nothing to do with software piracy. However, the BSA and Fast may take a different view.
Look at the BSA web site home page. You may unwittingly be what it, the software industry as a whole and the law, call a “software pirate”.
The BSA says:
“Software piracy is the unauthorised copying or distribution of copyrighted software…What a lot of people don’t realise or don’t think about is that when you purchase software, you are actually purchasing a licence to use it, not the actual software. It is that licence that tells you how many times you can install the software, so it’s important to read it. If you make more copies of the software than the licence permits, you are pirating.”
What may have originally started as a lawful right to use software may subsequently have become unlawful as your business has moved on. This often happens when a business experiences rapid growth and omits to update its software licences. If Microsoft’s software licence said you could permit 100 users to use it, that was fine when you had 80 employees. But when you had 101 employees, you breached the software licence.
Or take another common scenario. You may have decided to outsource some of your IT function, even if that has meant keeping your computers inhouse but having non-employed consultants coming onto your premises and using your computers. If you did not seek prior written consent for the use of the software licences by the outsourced service provider, you may well be in breach of the licence. Licences usually prohibit sub-licensing to third parties (which would usually include outsourcing service providers) without the licensor’s prior written consent.
Ensuring proper compliance is not always top of the agenda when a business is trying hard to achieve revenue-growth and cost-cutting targets. But it’s still important. Not only could failure to keep software licences up to date cost in terms of hard cash, but business reputation could be damaged if it is tarred with the label “software pirate”.
The return of “stiffing”
During the last recession, many software licensors were accused of a practice known as “stiffing”. This involved software licensors taking a strict construction of a software licence. For example, a piece of software may have been licensed for use on 20 processors (CPUs) at a time when one “desktop computer” had only one processor within it. However, when dual-core (and now quad-core) CPUs started to become available, people doing the “stiffing” sought further licence fees if more than 10 desktop computers (using dual core CPUs) or five desktop computers (for quad-core CPUs) were being used. This was viewed by licensees, and by the mainstream computer press, as a disreputable practice.
However, the recession is seeing more legitimate “stiffing”. It is now less about a disreputable reading of what a software licence may or may not provide and more about software licensors actively enforcing rights that they clearly have under a software licence.
Rich pickings for snitchers
So the BSA and Fast, acting on the instructions of their members, are actively pursuing a policy of discovering legitimate software which is being used outside the terms of the licence on which that software was originally supplied. The way they identify the businesses on which they turn the investigation spotlight is (if you excuse the pun) quite illuminating.
One primary method that the BSA and Fast use to discover which businesses have neglected to keep their licences up to date is encouraging the staff of the business to snitch on the business. Most companies would like to believe that none of their staff would be so disloyal. But there’s a recession on and it’s amazing what people do for money. And the BSA evidence backs this up.
The BSA’s rewards policy usually pays up to £10,000 for a tip-off that leads to a successful judgment or settlement. Staff are shopping the business they work for as a side earner. The BSA even offered a nice little extra Christmas bonus for the snitching employees, by doubling that reward in the weeks leading up to 31 December 2009. A business will probably never find out that it has been reported, because the BSA promises confidentiality to give employees incentives to come forward.
Meanwhile, Fast had a campaign last year to encourage employees to report employers who illegally use software. It wanted to reassure employees that they would be protected for whistleblowing the illegal activity under the Public Interest Disclosure Act 1998 – although the position is not certain as to whether employees would be protected under that Act, as the Act protects against reporting internal wrongdoing to a regulator and it is not clear whether Fast would count as a regulator.
The recession is therefore providing a particularly fertile ground for attracting employees to report employers, especially with the financial rewards on offer. Many businesses have made people redundant, who then find it hard to get new jobs. Where can they turn if they want to supplement their redundancy packages? The BSA cites disgruntled ex-employees as a primary reason for its increase in leads.
Recent research conducted by YouGov for the BSA showed that seven in 10 British workers are willing to “shop” their bosses for improper business practices and one in six would be even more amenable to do this if cash incentives were on offer. An additional 38 per cent would be more willing to snitch if they had been made redundant, and 31 per cent cited big salary rises for the board as being enough to lead them to take action. Some 49 per cent of British staff believe their boss should face legal action for using illegal software.
Returning to our scenario, are you still 100 per cent confident that you are not using software illegally and that your employees are totally loyal to you?
When the watchdogs come sniffing
Most legitimate businesses would not dream of doing anything intentionally unlawful. The experience of most companies being reported for using software “outside scope of licence” is rather like the feeling someone gets for parking his car on a yellow line during a time he genuinely believed was permitted – only to find that it was illegal after all and then being clobbered with a £60 fine. However, for using software outside licence scope, the “fines” are much larger.
Most of our clients who receive a BSA audit letter as a result of a report from inside their business expect to be dealt with sympathetically by the BSA. They rarely are. When our clients have been “unfairly” dealt with, we have had practical experience of the aggressive tactics used by the collecting agencies.
If the report made to the BSA is wrong and alleges use of software that is not in fact being used, then a business can actually refuse an audit if it chooses to. This is sometimes, but not always, the best tactic. However, if software is being used, albeit outside scope of licence, then the licensor may have a contractual right in the licence to demand an audit. To refuse would be a breach of contract.
If a business has breached a software licence inadvertently and a report has been made to the BSA, the first letter from the BSA usually details that a report of unlicensed software has been made (with no details as to the identity of the reporter) coupled with a request for an audit. Most legitimate businesses will not have a problem with carrying out an audit of software used and checks on licences for that software, although they may struggle with resources as it is usually a time-intensive and time-consuming process.
Often, for software acquired more than a year or two in the past, licences or invoices for that software are not always easily available, if at all. Some are shoved to the bottom of a cupboard or into “the round filing bin”. However, assuming a genuine effort is made to produce accurate information and there is no hint of intentional infringement, such as using “cracked” software, if the report is accurate, it is usually possible to negotiate a reasonable compensatory sum for unlicensed use. That negotiation is an art, not a science. Depending on the size of the business and scope of unlicensed use, this can often be a four or five-figure sum.
However, if there is a hint of intentional infringement, then that sum is higher – sometimes much higher. The ferocity of a BSA/Fast investigation much depends on the strength of the original report made to the enforcing organisation. The enforcing organisation would ultimately have to rely on that report in a court if some negotiated figure cannot be reached. The negotiations themselves are usually a careful balancing act based on what the audit reveals, the strength of any evidence from that audit, the cost of the software involved, any factors that might suggest intentional infringement – which understandably is something the vendors need to crack down on and which can severely adversely affect a business’ reputation – and the strength, or believed strength, of the report that led to initial investigation.
A report which is believed by a business to have come from an employee who has been fired for gross incompetence may well (but may not) be believed by that business to carry far less weight as a credible report, than if no one has been “let go”. It may not be possible, though, for the business to know for sure who made the report.
Ironically though, as reports increase because employees have been made redundant, the actual use of software outside scope (in cases where the accusation is that software has been used by more people than have been licensed) is due to fall – because businesses have fewer people working for them. For example, if a business is licensed for 100 people to use software and has been in breach – for example, 105 people have been using it, during this recession it may dismiss 10 people. Some of those 10 people may make a report to the BSA. However, the company will now only have 95 people using the software, thus bringing it back within scope of licence. Although it will of course be liable for the historical period when it was using software outside scope.
So what can you do?
The simple answer would be to pre-empt the problem and ensure you keep up to date with your software licences. This may sound hard when you have been growing quickly and have other priorities. But keeping an inventory of licensed software, the number of permitted users and locations against each software item listed, and checking that list periodically are easy steps. Appointing someone to take responsibility rather than allowing the issue to slip into a black hole can also help.
However, if you are in the position of having the software licensor coming after you, then you cannot ignore the problem. You need to face up to it. Where necessary, you should meet fire with fire. You may need to pay up for their claims in full. More likely, though, through a tough exchange of letters, you may be able to reach a negotiated settlement for less.
Mark Weston and Paul Gershlick are partners advising on IT legal issues at Matthew Arnold & Baldwin LLP
Welcome, You have found the home of SofTrack, your first choice for Desktop Auditing, Control, Inventory, Metering and License Compliance.
For the past 27 years SofTrack has provided world-class software metering.
Today's version of SofTrack includes features and benefits that meet and exceed your daily demands of managing and controlling workstation compliance.
SofTrack > Simplifying IT Asset Management
©1987:2019 Integrity Software, Inc. | Contact