Defending SIIA Audits

Proof of License in SIIA Software Audits

2011-10-18T16:27:55Z

Like all audits, success in a SIIA software audit depends less on what you own and more on what you can prove that you own. Although not required by law, the SIIA takes the position that a target company is out of compliance for each installation of SIIA member software products for which the target company cannot produce a dated proof of purchase. Many clients are dismayed to discover what does and does not constitute valid proof of purchase according to the SIIA.

Not Considered Valid Proof

1. Copies of Checks to Software Vendors

2. Dated Purchase Orders

3. Undated Software Licenses

4. Credit Card Statements Evidencing Software Purchases

5. Certificates of Authenticity

6. Media, Manuals, or Key-Codes

7. Invoices Bearing and Entity Name Other than the Entity Named in the SIIA's Initial Letter

Valid Proof of Purchase

1. Dated Invoices in the Name of the Audited Entity

2. Soft Records (online account statements) from Recognized Resellers

3. Signed and Dated License Agreements

4. Soft Records from SIIA Member's such as Microsoft Licensing Statements

5. Cash Register Receipts for Retail Sales where Product, Version, Quantity and Price Paid are Included.

Understanding how the SIIA analyzes software audit materials is critically important to achieving the most favorable outcome. In our experience, it is the most time consuming and difficult part of the process for clients to handle on their own.

Scott & Scott, LLP is not affiliated in any way with the SIIA.

Businesses Turn to Open Source Software After Software Audits

2010-09-18T16:29:56Z

The Software & Information Industry Association (SIIA) and the Business Software Alliance (BSA) routinely sends letters to businesses on behalf of many software publishers, including Microsoft, to investigate potential copyright infringement claims based on allegedly unlicensed software. The software audit process can be long and expensive, in part due to the fact that the SIIA and BSA typically require a targeted company to produce dated proofs of purchase for licenses for every software product installed on its computers as of the effective date of the audit, regardless of how many years have passed since the license purchase. Although the IRS generally requires businesses to maintain records for only seven years, the SIIA and BSA allow no such limitation in demanding invoices or receipts for all software license purchases. Businesses often are unable to find the documentation for the purchase of each product, which typically results in a higher payment demanded by the SIIA or BSA to settle the matter.

The notion that a business could legitimately purchase software only to be required to re-purchase it following a software audit - in addition to having to pay a penalty to the SIIA or BSA - leads some businesses to seek open source alternatives. For many of the BSA-member products most commonly found to be at issue during a third-party audit - such as Microsoft Office and Adobe Photoshop - there are analogous open-source alternatives - such as OpenOffice or GIMP - that are available at little or no cost to license. Although the functionality of these alternatives is not identical to that of the SIIA- or BSA-member products, many consumers determine that those differences are less compelling than the advantage of cutting costs and avoiding future exposure related to third-party audits. However, it is important to keep in mind that, while it may cost nothing to deploy open-source software, the installation and use of those products are still subject to copyright laws and governed by the terms of license agreements (such as the GNU General Public License). The terms of those licenses can have a significant impact on a business' ability to host, modify or redeploy open-source software products. Therefore, businesses should make an effort - if necessary, with the advice of counsel - to familiarize themselves with the terms of those licenses.

SIIA's Corporate Content Anti-Piracy Program A New Cause of Concern for Small-to-Medium Businesses

2010-09-18T16:28:54Z

Last month, the Software & Information Industry Association (SIIA) announced the first major settlement reached by its Corporate Content Anti-Piracy Program (CCAPP). The settlement was reached with Knowledge Networks, Inc. (KNI), a market research firm based in Menlo Park, California, with fewer than 500 employees nationwide. The SIIA accused KNI of copyright infringement arising out of KNI's internal distribution to its employees of written content authored by SIIA members, such as the Associated Press, Reed Elsevier, and United Press International, without securing licenses to copy the content. The SIIA learned about the content distribution through a confidential tip from an informant who later received a $6,000 reward from the SIIA. In order to resolve the matter, KNI eventually agreed to pay the SIIA $300,000 and to send its employees to an SIIA-approved "Certified Content Rights Manager" course.

This chain of events - anonymous tip, followed by allegations, negotiation, and, eventually, settlement for money damages - is very similar to what typically occurs in software audit cases initiated by the SIIA, the Business Software Alliance, and some software publishers. What is perhaps more troubling about the SIIA's new focus on "corporate content" is how small-to-medium businesses, many of whom are completely unaware that any of their actions might constitute copyright infringement, nevertheless could find themselves the targets of SIIA-initiated "content audits." These companies may be subject to substantial settlements, and become the subject of a widely disseminated press release regarding corporate "piracy." It appears that a company could targeted if an employee copied and pasted copyrighted text and then hit the "Send" button on an internal e-mail.

It is certainly important to develop and maintain awareness of the content that your employees are distributing internally within your organization. However, if your business has been accused of corporate content "piracy" by any industry association like the SIIA, it is equally important that you consult with an attorney who can provide some insight into the legal arguments and strategies typically employed in similar matters.

Unpleasant Surprises In BSA & SIIA Software Audits

2010-09-18T16:26:59Z

Many companies who comply with a demand by a software publisher or industry association (such as the BSA or the SIIA) for an internal software audit end up facing significant settlement demands after forwarding their audit materials to the other side. One of the reasons the settlement demands often are so high is the fact that the auditing entities frequently base their demands, in part, on the "unbundled" price of software suites. Thus, where a company may expect to pay a fine based on the MSRP of, for example, one undocumented installation Microsoft Office Professional 2007 ($679), it likely will end up receiving a settlement demand based on the combined MSRPs of each of the components of that undocumented suite: Word ($229), Excel ($229), PowerPoint ($229), Outlook ($110), Publisher ($169), and Access ($229), all totaling $1195. In a typical case these difference add tens of thousands of dollars to the amount in controversy.

Another way in which publishers or auditing entities raise the amount in controversy in software audits is the attempt to assess separate "fines" for each allegedly infringing installation of a software product. Thus, a company reporting just ten undocumented installations of Office Professional 2007, with no other licensing shortfalls, may receive a settlement offer based on the combined, "unbundled" MSRPs of the component products totaling just shy of $12,000. Moreover, that is before the auditing entity applies any multipliers to that figure (yet another common tactic) or makes any assessments for their claimed legal fees, both of which factors may drive the opening settlement offer in the above example to $40,000 or more.

It is not difficult to see how owners of small to medium businesses who think that they have a handle on their financial exposure in a software audit matter often end up with truly unpleasant surprises after submitting audit materials to the BSA or SIIA that they may have believed would be negotiating on a more equitable basis.

If your business has been accused of software "piracy" and is responding to a software audit demand either from a software publisher like Autodesk or from the BSA or the SIIA, an experienced attorney can give you visibility into the process and help you avoid unpleasant surprises.

Software Information Industry Association (SIIA) Settlement Agreement Provision Regarding Purchase of Software

2010-09-18T16:25:55Z

Settlement Agreements with the SIIA, a trade association for the software and digital content industry, often contain provisions requiring the audited company to not only purchase software to satisfy licensing deficiencies it carries going forward after settlement, but also to purchase software from an "authorized reseller." An authorized reseller is a vendor with permission to sell the software publisher's products. Software publishers often publish lists of authorized vendors on their websites. Many audited companies looking to rectify past purchasing oversights by buying software from the first reputable vendor they locate may breach their SIIA settlement agreement if the agreement contained the provision requiring that all purchases must be made from an authorized reseller.

After an SIIA settlement, the audited company must submit a list of software products together with the proof-of-purchase documentation for software it purchased after the date the SIIA sent its initial letter. If the company includes in its list of purchased software any products sold by vendors not authorized to sell an SIIA-member publisher's software, the SIIA will require the audited company to repurchase the software from an authorized reseller. Companies that do not carefully investigate their vendors' authorization to sell software may encounter significant unnecessary expenses in repurchasing identical software products. The inability to return most opened software makes purchasing software from unauthorized resellers even more risky.

If your company has been audited by the SIIA, you should contact counsel experienced in guiding companies through the audit matter process to help protect your company from unplanned expenses and unnecessary repurchase of software.

Costly Software Audit Mistakes

2010-09-18T16:24:41Z

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish. In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members' copyrights by failing to satisfy the requirements of applicable software license agreements. In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses.

The audit process is lengthy and arduous and often is affected by costly mistakes. One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process. It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit. The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions, Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives.

However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA. Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit. Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product. The BSA then typically applies a multiplier for each product included in its settlement offer calculations.

For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA. If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity.

Effective Dates in Software Audits Are Critically Important

2010-09-18T16:23:35Z

Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor. Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses' software license-compliance status as of the audit effective date - the date on the first letter those entities send to a targeted business. The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date.

Because computer networks may change rapidly, the auditors need to identify a moment in time for which they can ask the audited business, "Did you have all of the licenses for the software installed on your computers?" If the answer is yes, the auditing entity will typically close its file. If the answer is no, the auditing entity will claim the business engaged in copyright infringement on the effective date. The business' representation that it was compliant after the effective date has no bearing on whether the business engaged in copyright infringement on the effective date. If the matter proceeds to a lawsuit, the auditor likely would claim that the business infringed its or its members' copyrights on the effective date.

The auditing entity typically demands proof of purchase documentation that demonstrates the ownership of a sufficient number of licenses on or before the effective date. Software purchased after the effective date is not relevant to the audit. Locating, reviewing, and compiling the proof of purchase documentation is a collective effort that often requires coordination among various individuals and departments within an organization. In addition, identifying and listing all of the software on the company's computers as of the effective date may be made doubly difficult when computers contain large amounts of software irrelevant to the audit. It is also important to keep in mind that software environments change as computers are added, decommissioned, and rebuilt with the ebb and flow of HR turnover.

If you have been contacted by an auditing entity such as the BSA, the SIIA, or a software publisher, you should proceed with caution and should familiarize yourself with the typical process for such software audits. Experienced counsel can help to guide you through that process and to avoid unnecessarily large expenses.

Adopting Software Use Policies to Protect Against Copyright Infringement Claims

2010-09-18T16:22:14Z

The Business Software Alliance ("BSA"), and the Software & Information Industry Association ("SIIA") pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others. Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products. In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities' members' software products are properly licensed.

It is not unusual for a company to discover during the audit process that its current or former employees installed software on company computers without authorization. Unfortunately, this oversight may lead to substantial financial penalties from the BSA or SIIA for any allegedly unauthorized installations. During the course of settlement negotiations, the BSA and SIIA routinely fine companies three times the MSRP value of each allegedly unlicensed product.

While no written policy is foolproof against employees installing unauthorized software, a proactive approach includes guidelines and policies to outline proper use of a company's computers. This may include provisions banning installing, using, or accessing software unless specifically authorized by the company. Educating employees to have a better understanding of how to use a company's resources and technology properly may help to prevent costly penalties in the future. In addition to a written policy, it also is advisable for a company to routinely conduct an internal audit of its computers to help ensure software compliance. Once the BSA or the SIIA gets involved, it is typically too late to avoid paying a penalty.

Unauthorized Software: Costly to Your Bottom Line

2010-09-18T15:02:00Z

The Business Software Alliance ("BSA") and Software & Information Industry Association ("SIIA") pursue copyright infringement claims against companies accused of installing unauthorized copies of software. Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems.

This audit process often is arduous and involves collecting all available license-purchase documentation for the BSA- or SIIA-member software product installations discovered during the investigation. However, unlike the IRS' retention requirement of 7 years for business records, the BSA and SIIA will not recognize license-credit in favor of the businesses they target without dated proof of proper licensing for every installed software product, regardless of when it was purchased.

More troubling for many businesses is the fact that, even if they are able to produce purchase documentation for software installed on their systems, they may receive no credit for that documentation if it appears to have been received from a software vendor that is not an authorized dealer. Purchasing software from some web sites, such as Amazon.com's Amazon Marketplace, eBay, or Craigslist, can be risky, especially when the quoted price for a product is less than 80% of its MSRP value. Many of these heavily discounted software products licenses are offered without the authorization of the software publisher and could end up being useless to the business purchasing them, in the event of an audit. The cost can be magnified when, following settlement, the affected companies are required to re-purchase the same software from a reputable vendor.

In rare instances, the BSA and SIIA sue unauthorized resellers. In June, the SIIA worked with the LAPD to bring criminal charges against two individuals accused of pirating SIIA member software and selling it on Craigslist. However, while the BSA and SIIA pursue unauthorized retailers with civil and criminal charges, they are unable to expose all potential unauthorized retailers. Therefore, as a prudent practice, prior to making any software purchases, a company should investigate whether a vendor is an authorized seller of properly licensed software. Additionally, a company should beware of heavily discounted software.