Operating Without A (Software) License
Stephen Rubin, Esquire
This article appeared in the December 2002 issue of Loudounclear, a publication of the Loudoun County Chamber of Commerce.
Next time you are at your computer, click START and then PROGRAMS. Do you have a license to use each program that appears? Now go around your office repeating the steps at each computer. Does your company license each of the programs running on each of these computers? If it does, can it prove it? If it does not, or cannot, then what?
You may soon be hearing from the Business Software Alliance. A trade group whose members include software powerhouses Microsoft, Apple, Macromedia, Symantec, Adobe Systems, Corel, Novell, and Network Associates, BSA applies its considerable resources to root out software piracy. BSA copyright enforcement efforts, including well-publicized business raids and computer seizures, thus far have netted over $68 million in penalties against businesses ranging from Fortune 500 companies to local mom-and-pop stores. BSA has a long way to go. Recent research reveals one out of every four copies of software used in the United States is illegal. Software makers lose an estimated $3.2 billion annually in retail sales of business software applications. Copyright compliance abroad, where BSA also operates, is even worse.
While BSA has educational programs to discourage software theft, its most visible role is as software policeman. Its targets are everywhere. Typically, they are well managed, respected and otherwise law-abiding companies—perhaps just like yours. Robert Kruger, BSA’s vice president for enforcement, wryly observes: “They pay their taxes; they obey OSHA rules. When they need a new PC, they wouldn’t steal one off a truck. Yet when they need software, they see nothing wrong with making illegal copies.”
The Mole In the Next Cubicle
BSA has come up with an effective tool to ferret out these stealth software pirates: disgruntled workers. “Unless you have no current or former unhappy employees and don’t expect to have any in the future,” Kruger says, “you’re one phone call away from a BSA investigation.” BSA widely advertises its whistleblower hotline (1-888-NOPIRACY), and provides piracy report forms on its website (www.bsa.org). Many unsuspecting companies have been caught in BSA’s net as a consequence.
Fuelling BSA’s aggressive enforcement posture is the federal Copyright Act. The Act provides for civil remedies and criminal penalties. Actual damages and profits or statutory damages may be collected in a civil suit at the election of a successful copyright owner. A judge has the discretion to award statutory damages of as much as $150,000 for each copy of the software if intentional infringement is proved. The judge also may award a reasonable attorney’s fee to the prevailing party. Acts of willful copyright violation carry criminal liability as well, and the infringing software is subject to government seizure and forfeiture.
Although BSA has invoked Copyright Act powers to initiate software raids on business offices where it believes flagrant piracy is occurring, most actions commence with a letter from BSA’s lawyers. The letter may say that BSA “recently has been advised” that more copies of specifically identified software have been installed on the company’s computers than it has licenses to support. With detailed information handed to it by the whistleblower, BSA often is right. The letter may request the company conduct an audit of all installed software and the licenses and proof of purchases relating to it, with the results reported to BSA. It also warns against removing any of the software until all issues are resolved.
The results of the self-audit can be a shock. Unwitting violations occur, for example, when a software program that permits a single use is installed on a server that allows multiple users to access the software at the same time. Even multi-user licenses inadvertently may be exceeded as a company expands. Each user who accesses the software is treated as having installed a separate copy on his or her computer. Each use without a documented license constitutes a separate violation under the Copyright Act. In other instances, employees may install their own unlicensed software without the company’s knowledge. Used computers may have been purchased with software installed, but without license documentation. Obsolete programs may reside unnoticed on a computer hard drive, the proof of purchase long ago having been misplaced or discarded. Or record retention procedures are haphazard, resulting in lost licenses and proofs of purchase for software that is properly acquired. The Copyright Act does not excuse these and numerous other permutations of unintended infringement, although the harsher penalties reserved for willful infringement may be avoided.
Once the extent of exposure to copyright damages is determined, BSA will often negotiate a settlement with a cooperative company. Even in these cases, the cost can be significant when the price of expensive business software is multiplied by the number of unlicensed users on even a modest network. Instances of blatant copyright abuse may end in court, where litigation and exposure to crippling damages may place severe strains on a company.
A number of measures should be adopted now to avoid the risk of software copyright infringement.
Undertake a self-audit, just as you would if forced by BSA. Obsolete and employee-installed programs should be deleted. Business software should be inventoried based on the number of installations and the number of users with access. These numbers should then be matched against documented licenses and proofs of purchase. If the documentation is no longer available for whatever reason, there is little protection against a copyright infringement claim. Merely retaining the software disks is not proof of purchase, nor will a single disk support multiple uses.
Develop and adhere to a written software policy. A software “code of ethics” should be promulgated and signed by employees. Installation of software on the company network should be restricted to designated persons knowledgeable about copyright liability and responsible for monitoring compliance. Computers should be inspected periodically to insure that unauthorized programs have not been added and that programs no longer in use are removed.
If not already in place, establish a procedure for the centralized recordation and retention of all software licenses and proofs of purchase. It is good practice to keep the licenses in binders with the software itself. Documentation must be retained as long as the software remains installed, even if it is no longer used. For purposes of proof of copyright infringement, the installation of software on a computer is deemed to constitute use.
Make it a practice to use copyright compliance software at regular intervals to determine whether all of the company’s software applications are properly licensed. BSA offers such a software product without charge. It also offers training videos and a Guide to Software Management at its websites:www.bsa.org/org/usa/antipiracy and www.nopiracy.com.