What are the repercussions of a BSA audit?

By Ray Geroski, Tech Republic

In two recent articles, we offered one network admin’s experience with software licensing compliance and then shared member reactions to the article. The responses to these articles indicate a couple of things: Software licensing compliance remains a challenge, and many members don't fully understand the role of the Business Software Alliance (BSA) in protecting software companies’ intellectual property rights or its authority to ensure that business users do not violate licensing agreements. To ensure that your company remains in compliance and doesn’t suffer the consequences of a BSA audit, you need to know the facts about the BSA and the actions it takes to enforce licensing agreements.

History

With offices in the United States, Europe, and Asia, the BSA was established in 1988 to serve the interests of software and e-commerce developers in the international marketplace and currently represents those interests in 65 countries worldwide. Robert Kruger is the BSA’s vice president of enforcement for its North America Anti-Piracy Campaign. He said that the BSA was originally established in response to the concerns of software developers about the lack of protections for commercial products overseas.

“In 1988, these companies looked to Europe and Asia as the next frontier for their commercial operations, and they were rightfully terrified by what they saw. They saw no protections in place for the types of products they sold.”

Thus, the BSA was initially established to develop the kinds of property protections in foreign markets that covered the companies’ products in the United States. It wasn’t until five years later, in 1993, that the BSA actually launched its North American campaign against software piracy.

Roster

The BSA’s biggest strength is perhaps its membership, and two of the companies that were among the original founders remain powerful members: Microsoft and Autodesk.

“Just about every other company has undergone some kind of a change in corporate identity, so that we now have, at least on the face of it, a different roster of members,” Kruger said.

The BSA’s current membership boasts the biggest companies in the computer industry. In addition to Microsoft, it includes Adobe, Apple, and IBM, companies whose presence in international markets demands some kind of protections for their properties. Kruger said that as a result of the BSA’s efforts, most countries in the international marketplace now have laws in place designed to protect the intellectual property rights of software and e-commerce developers.

Enforcement

The strength of its membership has helped the BSA grow into a powerful organization that is increasingly flexing its muscles to fight software piracy and maintain licensing compliance among business users. Kruger said that the BSA is best known today for its efforts to enforce software licensing laws.

“We are viewed by many as the software police, the organization that will, in fact, investigate and pursue instances of infringement that come to its attention.”

Perhaps the most potent action the BSA takes is the auditing of companies under investigation for possible software license infringements. When the BSA has obtained adequate evidence to pursue a case, it will obtain court orders to conduct audits of the software installed on company computers. Kruger emphasized that this occurs only in cases where the BSA has gathered enough evidence to show that a company has violated software license agreements.

“We try very hard here to make sure that we’re only proceeding on the basis of reliable information.”

The investigation

Information on possible violations typically arrives via the BSA’s piracy hotline or its Web site. In most cases, Kruger said, the callers are either current or former employees of the companies they are reporting. He acknowledged that many are former employees who feel they’ve been wronged by the companies in some way.

“We’ve found that there are plenty of employees with an axe to grind who actually have very good, credible, detailed information. The challenge for the BSA, of course, is to separate out the disgruntled employees with good information from the disgruntled employees with bad information.”

Only when the BSA has established that the information is credible does it begin to take action against the targeted company. After the preliminary investigation, which includes obtaining a detailed statement from the caller and checking registration records with the software company whose licenses are being violated, the BSA contacts the company to give it the opportunity to cooperate in the investigation. At this point, however, the BSA has already built a solid case of license infringement against the company and will likely end up levying fines against it.

“If a company is being contacted by the BSA either directly or through our lawyers, it’s usually too late for the company to simply get into compliance; it's too late to do what they should’ve done in the first place.”

The consequences of noncompliance

What can happen if you fail to comply with the licensing agreements for the software you use? Consider the case of Washington, DC-based Adrenaline Group Inc., a software development and Web consulting company. In May 2001, the company agreed to pay $103,000 to the BSA to settle a claim that it was using unlicensed commercial software. A Washington Post article reported that Adrenaline Group was among hundreds of companies that were tipped off to the BSA via its piracy hotline.

After being contacted by the BSA, Adrenaline Group conducted an internal audit and found it was using more copies of particular programs than it had licenses for. Adrenaline said that the software licensing issue was unintentional and arose as a consequence of the company’s rapid growth. According to Kruger, this is the case for many of the companies the BSA has investigated. Companies that run into problems aren't necessarily bad—they just haven't paid enough attention to their software licensing.

When the BSA has established solid evidence of violations and contacted the company, the company must take steps to get into compliance. It will also have to pay fines for the violations.

Kruger said that the violating company must take these actions to resolve the case:

Delete any illegal software after the matter has been resolved.

Legally purchase the needed software in the market.

Pay the BSA to release the company from liability.

“The amount they pay us,” Kruger said, “is what they could’ve saved themselves if they had made sure that they were in compliance. And that amount can be very significant. We’ve had companies pay hundreds and hundreds of thousands of dollars.”

He said that the BSA typically announces settlements in 40 to 50 cases per year in the United States alone, but it doesn't report all settlements.

Changing role

Although the BSA is best known for its enforcement of software licensing agreements, Kruger said the organization now spends as much if not more on education and compliance assistance. The BSA offers free tools that companies can use to track software licenses. Rather than pursue action against companies that are not complying with software licenses, the BSA would much prefer seeing the companies abide by the agreements. To that end, the BSA is taking a number of steps to improve public awareness of software licensing issues and of the value of protecting intellectual property rights.

Final analysis

The BSA has become a powerful organization that works actively to protect the intellectual property rights of software and e-commerce developers. The organization’s goal is to create a better environment where companies can sell their software products without fear of losing money to piracy. It hopes to accomplish this goal by:

Educating users about software copyrights.

Promoting awareness of software’s role in the economy.

Offering tools to track software licenses.

Fighting software piracy through its enforcement program.

Companies need to understand that tracking licenses and abiding by license agreements is an essential part of using the software. They must realize that the consequences of noncompliance can be very costly and that the BSA is ready to take the steps necessary to protect the interests of its members. So if you haven’t taken measures to ensure that the software installed on your network is properly licensed, the time to conduct an audit of those licenses is now. If the BSA contacts you, it’s already too late.

First published April 23, 2002