Defending SIIA Audits

Unauthorized Software: Costly to Your Bottom Line

Tue, 28 Sep 2010 17:56:37 +0000

The Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) pursue copyright infringement claims against companies accused of installing unauthorized copies of software. Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems. This audit process often is arduous and involves collecting all available license-purchase documentation for the BSA- or SIIA-member software product installations discovered during the investigation. However, unlike the IRS’ retention requirement of 7 years for business records, the BSA and SIIA will not recognize license-credit in favor of the businesses they target without dated proof of proper licensing for every installed software product, regardless of when it was purchased. More troubling for many businesses is the fact that, even if they are able to produce purchase documentation for software installed on their systems, they may receive no credit for that documentation if it appears to have been received from a software vendor that is not an authorized dealer. Purchasing software from some web sites, such as Amazon.com’s Amazon Marketplace, eBay, or Craigslist, can be risky, especially when the quoted price for a product is less than 80% of its MSRP value. Many of these heavily discounted software products licenses are offered without the authorization of the software publisher and could end up being useless to the business purchasing them, in the event of an audit. The cost can be magnified when, following settlement, the affected companies are required to re-purchase the same software from a reputable vendor. In rare instances, the BSA and SIIA sue unauthorized resellers. In June, the SIIA worked with the LAPD to bring criminal charges against two individuals accused of pirating SIIA member software and selling it on Craigslist. However, while the BSA and SIIA pursue unauthorized retailers with civil and criminal charges, they are unable to expose all potential unauthorized retailers. Therefore, as a prudent practice, prior to making any software purchases, a company should investigate whether a vendor is an authorized seller of properly licensed software. Additionally, a company should beware of heavily discounted software.

Adopting Software Use Policies to Protect Against Copyright Infringement Claims

Tue, 28 Sep 2010 17:55:54 +0000

The Business Software Alliance (“BSA”), and the Software & Information Industry Association (“SIIA”) pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others. Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products. In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities’ members’ software products are properly licensed. It is not unusual for a company to discover during the audit process that its current or former employees installed software on company computers without authorization. Unfortunately, this oversight may lead to substantial financial penalties from the BSA or SIIA for any allegedly unauthorized installations. During the course of settlement negotiations, the BSA and SIIA routinely fine companies three times the MSRP value of each allegedly unlicensed product. While no written policy is foolproof against employees installing unauthorized software, a proactive approach includes guidelines and policies to outline proper use of a company’s computers. This may include provisions banning installing, using, or accessing software unless specifically authorized by the company. Educating employees to have a better understanding of how to use a company’s resources and technology properly may help to prevent costly penalties in the future. In addition to a written policy, it also is advisable for a company to routinely conduct an internal audit of its computers to help ensure software compliance. Once the BSA or the SIIA gets involved, it is typically too late to avoid paying a penalty.

Effective Dates in Software Audits Are Critically Important

Tue, 28 Sep 2010 17:54:50 +0000

Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor. Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses’ software license-compliance status as of the audit effective date – the date on the first letter those entities send to a targeted business. The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date. Because computer networks may change rapidly, the auditors need to identify a moment in time for which they can ask the audited business, “Did you have all of the licenses for the software installed on your computers?” If the answer is yes, the auditing entity will typically close its file. If the answer is no, the auditing entity will claim the business engaged in copyright infringement on the effective date. The business’ representation that it was compliant after the effective date has no bearing on whether the business engaged in copyright infringement on the effective date. If the matter proceeds to a lawsuit, the auditor likely would claim that the business infringed its or its members’ copyrights on the effective date. The auditing entity typically demands proof of purchase documentation that demonstrates the ownership of a sufficient number of licenses on or before the effective date. Software purchased after the effective date is not relevant to the audit. Locating, reviewing, and compiling the proof of purchase documentation is a collective effort that often requires coordination among various individuals and departments within an organization. In addition, identifying and listing all of the software on the company’s computers as of the effective date may be made doubly difficult when computers contain large amounts of software irrelevant to the audit. It is also important to keep in mind that software environments change as computers are added, decommissioned, and rebuilt with the ebb and flow of HR turnover. If you have been contacted by an auditing entity such as the BSA, the SIIA, or a software publisher, you should proceed with caution and should familiarize yourself with the typical process for such software audits. Experienced counsel can help to guide you through that process and to avoid unnecessarily large expenses.

Judge Rejects Copyright Damages Compilation Components

Tue, 28 Sep 2010 17:54:12 +0000

In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation. NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI. NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs. The court rejected NEI’s request for damages for each separate work and concluded that “a plaintiff should not receive a windfall recovery by inflating the number of works infringed from its own compilation.” The court determined that “when a plaintiff compiles assorted copyrighted products into a new product, the compilation constitutes one work for purposes of copyright infringement.” NEI’s focus on “whether each item (in a compilation) has an independent economic value and is, in itself, viable” did not sway the court. Rather, the Court held that “adopting such a test would be to make a total mockery of Congress' express mandate that all parts of a compilation must be treated as a single work for purposes of computing statutory damages.” The court also declined to apply rulings from cases NEI presented in which defendants, rather than plaintiffs, created compilations of the plaintiff’s works. If you have been contacted by the Business Software Alliance (BSA), Software & Information Industry Association (SIIA), or another software industry auditing entity, you should contact counsel experienced in negotiating with auditing entities regarding bundled software suites that resemble compilations.

Costly Software Audit Mistakes

Tue, 28 Sep 2010 17:53:46 +0000

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish. In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements. In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses. The audit process is lengthy and arduous and often is affected by costly mistakes. One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process. It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit. The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions, Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives. However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA. Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit. Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product. The BSA then typically applies a multiplier for each product included in its settlement offer calculations. For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA. If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity.

Software Information Industry Association (SIIA) Settlement Agreement Provision Regarding Purchase of Software

Tue, 28 Sep 2010 17:52:20 +0000

Settlement Agreements with the SIIA, a trade association for the software and digital content industry, often contain provisions requiring the audited company to not only purchase software to satisfy licensing deficiencies it carries going forward after settlement, but also to purchase software from an “authorized reseller.” An authorized reseller is a vendor with permission to sell the software publisher’s products. Software publishers often publish lists of authorized vendors on their websites. Many audited companies looking to rectify past purchasing oversights by buying software from the first reputable vendor they locate may breach their SIIA settlement agreement if the agreement contained the provision requiring that all purchases must be made from an authorized reseller. After an SIIA settlement, the audited company must submit a list of software products together with the proof-of-purchase documentation for software it purchased after the date the SIIA sent its initial letter. If the company includes in its list of purchased software any products sold by vendors not authorized to sell an SIIA-member publisher’s software, the SIIA will require the audited company to repurchase the software from an authorized reseller. Companies that do not carefully investigate their vendors’ authorization to sell software may encounter significant unnecessary expenses in repurchasing identical software products. The inability to return most opened software makes purchasing software from unauthorized resellers even more risky. If your company has been audited by the SIIA, you should contact counsel experienced in guiding companies through the audit matter process to help protect your company from unplanned expenses and unnecessary repurchase of software.

Unpleasant Surprises In BSA & SIIA Software Audits

Tue, 28 Sep 2010 17:51:32 +0000

Many companies who comply with a demand by a software publisher or industry association (such as the BSA or the SIIA) for an internal software audit end up facing significant settlement demands after forwarding their audit materials to the other side. One of the reasons the settlement demands often are so high is the fact that the auditing entities frequently base their demands, in part, on the “unbundled” price of software suites. Thus, where a company may expect to pay a fine based on the MSRP of, for example, one undocumented installation Microsoft Office Professional 2007 ($679), it likely will end up receiving a settlement demand based on the combined MSRPs of each of the components of that undocumented suite: Word ($229), Excel ($229), PowerPoint ($229), Outlook ($110), Publisher ($169), and Access ($229), all totaling $1195. In a typical case these difference add tens of thousands of dollars to the amount in controversy. Another way in which publishers or auditing entities raise the amount in controversy in software audits is the attempt to assess separate “fines” for each allegedly infringing installation of a software product. Thus, a company reporting just ten undocumented installations of Office Professional 2007, with no other licensing shortfalls, may receive a settlement offer based on the combined, “unbundled” MSRPs of the component products totaling just shy of $12,000. Moreover, that is before the auditing entity applies any multipliers to that figure (yet another common tactic) or makes any assessments for their claimed legal fees, both of which factors may drive the opening settlement offer in the above example to $40,000 or more. It is not difficult to see how owners of small to medium businesses who think that they have a handle on their financial exposure in a software audit matter often end up with truly unpleasant surprises after submitting audit materials to the BSA or SIIA that they may have believed would be negotiating on a more equitable basis. If your business has been accused of software “piracy” and is responding to a software audit demand either from a software publisher like Autodesk or from the BSA or the SIIA, an experienced attorney can give you visibility into the process and help you avoid unpleasant surprises.

Proof of License in SIIA Software Audits

Tue, 28 Sep 2010 17:50:06 +0000

Like all audits, success in a SIIA software audit depends less on what you own and more on what you can prove that you own. Although not required by law, the SIIA takes the position that a target company is out of compliance for each installation of SIIA member software products for which the target company cannot produce a dated proof of purchase. Many clients are dismayed to discover what does and does not constitute valid proof of purchase according to the SIIA.

Not Considered Valid Proof
1. Copies of Checks to Software Vendors
2. Dated Purchase Orders
3. Undated Software Licenses
4. Credit Card Statements Evidencing Software Purchases
5. Certificates of Authenticity
6. Media, Manuals, or Key-Codes
7. Invoices Bearing and Entity Name Other than the Entity Named in the SIIA’s Initial Letter

Valid Proof of Purchase
1. Dated Invoices in the Name of the Audited Entity
2. Soft Records (online account statements) from Recognized Resellers
3. Signed and Dated License Agreements
4. Soft Records from SIIA Member’s such as Microsoft Licensing Statements
5. Cash Register Receipts for Retail Sales where Product, Version, Quantity and Price Paid are Included.

Understanding how the SIIA analyzes software audit materials is critically important to achieving the most favorable outcome. In our experience, it is the most time consuming and difficult part of the process for clients to handle on their own.

Scott & Scott, LLP is not affiliated in any way with the SIIA.

SIIA’s Corporate Content Anti-Piracy Program A New Cause of Concern for Small-to-Medium Businesses

Tue, 28 Sep 2010 17:49:05 +0000

Last month, the Software & Information Industry Association (SIIA) announced the first major settlement reached by its Corporate Content Anti-Piracy Program (CCAPP). The settlement was reached with Knowledge Networks, Inc. (KNI), a market research firm based in Menlo Park, California, with fewer than 500 employees nationwide. The SIIA accused KNI of copyright infringement arising out of KNI’s internal distribution to its employees of written content authored by SIIA members, such as the Associated Press, Reed Elsevier, and United Press International, without securing licenses to copy the content. The SIIA learned about the content distribution through a confidential tip from an informant who later received a $6,000 reward from the SIIA. In order to resolve the matter, KNI eventually agreed to pay the SIIA $300,000 and to send its employees to an SIIA-approved “Certified Content Rights Manager” course. This chain of events – anonymous tip, followed by allegations, negotiation, and, eventually, settlement for money damages – is very similar to what typically occurs in software audit cases initiated by the SIIA, the Business Software Alliance, and some software publishers. What is perhaps more troubling about the SIIA’s new focus on “corporate content” is how small-to-medium businesses, many of whom are completely unaware that any of their actions might constitute copyright infringement, nevertheless could find themselves the targets of SIIA-initiated “content audits.” These companies may be subject to substantial settlements, and become the subject of a widely disseminated press release regarding corporate “piracy.” It appears that a company could targeted if an employee copied and pasted copyrighted text and then hit the “Send” button on an internal e-mail. It is certainly important to develop and maintain awareness of the content that your employees are distributing internally within your organization. However, if your business has been accused of corporate content “piracy” by any industry association like the SIIA, it is equally important that you consult with an attorney who can provide some insight into the legal arguments and strategies typically employed in similar matters.

Businesses Turn to Open Source Software After Software Audits

Tue, 28 Sep 2010 17:48:09 +0000

The Software & Information Industry Association (SIIA) and the Business Software Alliance (BSA) routinely sends letters to businesses on behalf of many software publishers, including Microsoft, to investigate potential copyright infringement claims based on allegedly unlicensed software. The software audit process can be long and expensive, in part due to the fact that the SIIA and BSA typically require a targeted company to produce dated proofs of purchase for licenses for every software product installed on its computers as of the effective date of the audit, regardless of how many years have passed since the license purchase. Although the IRS generally requires businesses to maintain records for only seven years, the SIIA and BSA allow no such limitation in demanding invoices or receipts for all software license purchases. Businesses often are unable to find the documentation for the purchase of each product, which typically results in a higher payment demanded by the SIIA or BSA to settle the matter. The notion that a business could legitimately purchase software only to be required to re-purchase it following a software audit – in addition to having to pay a penalty to the SIIA or BSA – leads some businesses to seek open source alternatives. For many of the BSA-member products most commonly found to be at issue during a third-party audit – such as Microsoft Office and Adobe Photoshop – there are analogous open-source alternatives – such as OpenOffice or GIMP – that are available at little or no cost to license. Although the functionality of these alternatives is not identical to that of the SIIA- or BSA-member products, many consumers determine that those differences are less compelling than the advantage of cutting costs and avoiding future exposure related to third-party audits. However, it is important to keep in mind that, while it may cost nothing to deploy open-source software, the installation and use of those products are still subject to copyright laws and governed by the terms of license agreements (such as the GNU General Public License). The terms of those licenses can have a significant impact on a business’ ability to host, modify or redeploy open-source software products. Therefore, businesses should make an effort – if necessary, with the advice of counsel – to familiarize themselves with the terms of those licenses.

Tracking Down Proofs of Purchase for Software Licenses

Tue, 28 Sep 2010 17:45:58 +0000

When a company receives a letter from the Business Software Alliance (BSA) questioning the authenticity of software licensing status and demanding an in-house audit, it is very important to have proofs of purchase for the licenses in question. Absent sufficient proof of purchase, the BSA will assume that the associated software installations are unlicensed and will demand that the company pay a penalty to resolve claims of alleged copyright infringement. It is also important to note that the BSA requires specific types of proof of purchase in its evaluation of a company’s compliance status. For example, a serial number, installation CD, or an empty box in which software was sold likely will not be acceptable to the BSA to establish proof of license. Therefore, it is an important to keep records of all software purchased, regardless of the vendor or the date purchased. Typical forms that are acceptable to the BSA include receipts of purchase and invoices from authorized vendors. If software is pre-installed on a computer, a company may be able to obtain documentation from the manufacturer showing all such software on that computer. Once all of the information related to installations and licenses is gathered, it is submitted to the BSA for review. The review may be a lengthy process, usually ultimately culminating in a settlement offer, which is typically negotiated downward. It is therefore key to submit all information proving proper licensing to decrease the total settlement. By obtaining a lower opening settlement offer, a company can reduce total exposure in negotiations.

Types of Audits in Software License Disputes

Tue, 28 Sep 2010 17:45:02 +0000

A variety of resolution frameworks are available to businesses involved in a software license dispute. An audit is the most common such framework and entails an analysis of the organization’s network for software installations compared against its licenses. The types of audits initiated by software publishers and trade associations include self audits, independent audits, software asset management (“SAM”) engagements, and publisher-staffed audits. Self Audits Self audits are the least disruptive of all software audits. They are a mechanism often employed by trade associations acting on behalf of software publishers. The trade associations, and in some instances, the publisher itself, requests that the target company conduct a self audit and report the results of the audit to the trade association or publisher. Companies that agree to conduct a self audit must inventory the applicable software on the computers within the scope of the audit and report the number of installations, the number of licenses, and the number of license deficiencies. When evaluating whether you should cooperate or litigate after a request for a self audit, you should consider the benefits of a self audit compared to the other types of audits. For instance, in publisher and third-party audits, you usually have a contractual obligation to participate in the audit and provide information to the auditors. When conducting a self audit, you have some control over the timing of the audit and the allocation of resources. That flexibility is not always present in other types of audits. Additionally, outside auditors are not always required to be impartial and may submit incomplete or inaccurate audit results. For these reasons, regardless of the type of audit requested by the software publisher, companies faced with an audit should request the opportunity to provide a self audit rather than an independent audit, a publisher-staffed audit, or (usually) a SAM engagement. Independent Audits An independent software audit involves the use of a third-party auditor to gather the facts relevant to the dispute. This audit method may be the most costly and time consuming option for the audit target. Many software licenses incorporate audit provisions allowing the software publisher to request an independent audit. Such provisions must be carefully analyzed to determine the potential business impact of the audit and liability that may result from the audit. In an independent audit, the organization has no input into the selection of the auditor, how long the audit will last, or the scope of the materials the auditors may review. The target company must also bear the costs of the audit if the auditor finds a licensing discrepancy of more than 5%. If the auditors conclude there is a discrepancy, the publisher has the contractual authority to unilaterally determine the license price for the software necessary to become compliant. Independent audits have significant business impacts and should be avoided if possible. Nonetheless, independent audits are preferred over SAM engagements and publisher-staffed audits because the auditor is usually ethically obligated to remain independent. SAM Engagements SAM engagements are also conducted by third-party auditors or consultants, but there is no obligation that the auditor in a SAM engagement be independent. The software publisher requests that the target allow a third party to audit its software installations and report the results directly to the publisher. In these engagements, the publisher pays the auditor, and the target is required to purchase licenses to cover any deficiencies in its software licenses. Microsoft’s SAM engagement has been extensively used in lieu of traditional software audits with mixed reviews from the end user’s perspective. Participation in a properly managed SAM engagement may be in the client’s best interest because such engagements typically provide some flexibility and a lower total cost of resolution than self audits and independent audits. In many instances, the publisher seeks no compensation for alleged past infringements in exchange for an agreement to come into compliance on a go-forward basis. Publisher-Staffed Audits Publisher-staffed audits are the most intrusive and least impartial of all software audits. In these audits, the publisher’s employees collect information relevant to the dispute. In many instances, publishers request a company’s confidential information or access to a company’s network to conduct the audit. Although a publisher may arguably have a contractual right to request that it be allowed to examine its customers’ computer network, it is never advisable to agree to a publisher-staffed audit without examining all of the alternatives first.

Software Piracy

Tue, 28 Sep 2010 17:44:35 +0000

Software piracy audits conducted by the BSA and the SIIA threaten small and medium sized businesses. As the economy tightens, software publishers such as Microsoft, Adobe, and Autodesk hide behind software piracy enforcement groups to pursue customers accused of installing more software on corporate computers than they have purchased licenses for. If your company has been accused of software piracy, here’s what you should do:

Hire an Attorney – BSA and SIIA have experienced software piracy attorneys working for them, you should too.
Preserve Evidence – do not uninstall or change computer configurations until an accurate inventory of in-scope computers has been gathered.
Avoid Knee-Jerk Purchases – a natural but counterproductive response to a software piracy audit is to run out and purchase software. I advise my clients to avoid making purchases until a complete inventory and case assessment has been completed.
Maintain Confidentiality – client prepared audit materials and related documentation may be discoverable in a lawsuit. We conduct attorney-supervised audit reports protected by attorney-client and attorney work-product privileges.
Condition Audit Disclosure – software piracy audit materials should only be disclosed after an appropriate agreement regarding confidentiality and non-use of the information has been signed by the software piracy enforcement agency.
Estimate Software Piracy Fines – always review the draft audit materials with your attorney before they are produced to make sure everyone is clear on the potential financial exposure involved. Our software piracy fine calculators are available at: BSA Fine Calculator and SIIA Fine Calculator
Argue Software Piracy Legal Issues – there are many legal issues involved in software piracy audits including what constitutes infringement, who has the burden of proof, how damages should be calculated, what constitutes proof of ownership and many others. We vigorously argue these legal points in an effort to reduce software piracy settlement demands.
Negotiate Non-Monetary Terms – software piracy audit settlement agreements are incredibly one-sided and unfair to the targets. I advise my clients to carefully consider important issues like future audit obligations, confidentiality of the settlement terms, the nature and scope of the release being offered.
Focus on Your Business – the only way to be successful in a software piracy audit is to continue to stay focused on running your business and taking care of your clients.

If you have been accused of software piracy please call Scott & Scott, LLP for a free consultation.

Mitigating Negative Publicity from Software Audits

Tue, 28 Sep 2010 17:43:09 +0000

The Business Software Alliance (BSA) recently announced that it entered into a settlement agreement with a small-to-medium-sized motor sports dealer and equipment supplier in Greenville, South Carolina, regarding the dealer’s alleged use of unlicensed, Adobe and Microsoft software. The BSA said that under the settlement, the targeted dealer, which apparently owns only 40 to 50 computers, was required to make a settlement payment of slightly more than $72,000.00 and also to agree “to delete all unlicensed copies of software installed on its computers, acquire any necessary replacement licenses and commit to implementing stronger software license management practices.” There was no statement from the dealer included in the press release, a copy of which is available here. There is also a brief article regarding the matter from a local media outlet here. Businesses that endure software audits initiated by the BSA or by the Software & Information Industry Association (SIIA), often come to the unpleasant realization toward the end of the ordeal that, in addition to the settlement payment, the costs of investigation and diversion of resources, and the legal fees already incurred on the path to reaching a settlement agreement, the auditing entity often demands that it be allowed to publicize the matter in a press release such as the one described above. In the vast majority of cases, the negative value to the business of such publicity is proportionally far greater than any positive value derived from the auditing entity. Nevertheless, the BSA and SIIA both typically demand that businesses pay a high premium to keep the existence of or details regarding an audit settlement from public attention. Businesses that fail to account and plan for such a premium at the outset of an audit engagement may be faced with the grim prospect toward the end of the matter of having to accept terms that include costly negative publicity that, especially in some tech-related industries, can be very damaging to a business’ reputation. It is important to keep confidentiality in mind at the outset of the software audit process and, after a preliminary exposure estimate is calculated, to determine whether the cost of the bad press that audits often entail will be greater than the price to include confidentiality terms in an eventual settlement agreement. In cases where that price is too high, there may be less-expensive alternatives to explore at settlement, such as inclusion of terms that give the business the right to review and contribute to a press release prior to publication or terms that allow the auditing entity the right to publish the existence of the settlement, but not the details. A knowledgeable software audit attorney can provide valuable assistance in considering these and other options to mitigate the lingering effects of a BSA or SIIA software audit.

What Constitutes a “copy” of software under copyright law?

Tue, 28 Sep 2010 17:42:21 +0000

Software auditors almost always try to find ways to maximize the number of allegedly infringing software “copies” at issue in an audit engagement. It is typical for the Business Software Alliance (BSA), the Software & Information Industry Association (SIIA), and other software publishers to demand that their small-to-medium-sized business targets disclose all installations of relevant software products on all of the computers owned by the target, which number the auditors then use in determining how much money they are going to demand in settlement to keep the matter from going to court. This is perhaps unsurprising behavior by the auditors, because it clearly gives them more leverage during settlement negotiations. However, according to more than one federal court, it may not be a correct interpretation of federal law. In FM Industries, Inc. v. Citicorp Credit Services, Inc., the United States District Court for the Northern District of Illinois determined the existence and extent of infringement of a software program by a business whose license to use the program had expired. In the case, the business at issue claimed that it its use was non-infringing because it initially installed the software with the consent of the publisher. The court rejected this argument, holding that “a user reproduces a program stored in his computer's hard drive merely by launching that program, thereby causing the computer to copy it to Random Access Memory.” The court also cited to a Ninth Circuit opinion in the case of MAI Systems Corp. v. Peak Computer, Inc., where the court there stated: The district court's grant of summary judgment on MAI's claims of copyright infringement reflects its conclusion that a “copying” for purposes of copyright law occurs when a computer program is transferred from a permanent storage device to a computer's RAM. This conclusion is consistent with its finding, in granting the preliminary injunction, that: “the loading of copyrighted computer software from a storage medium (hard disk, floppy disk, or read only memory) into the memory of a central processing unit (“CPU”) causes a copy to be made. In the absence of ownership of the copyright or express permission by license, such acts constitute copyright infringement.” We find that this conclusion is supported by the record and by the law. These opinions are at odds with the standard tactics employed by the BSA, the SIIA, Autodesk, and other software auditors. For example, when presented with information that a design firm has repurposed a CAD workstation to a reception desk or, in a perhaps more stark example, decommissioned the machine to a storage closet, the BSA would argue that any design or CAD software remaining on the machine’s hard drive remains relevant for audit purposes, and they would use any such installations as factors in calculating a settlement demand. However, according to the FM Industries and MAI Systems opinions, this methodology is flawed. A correct damages model would not count as “copying” the mere presence of copyrighted software on a hard drive. The relevant inquiry is whether that software is being used by loading it into a computer’s RAM. When faced with a software audit demand from the BSA, the SIIA, or any other software publisher or industry representative, before disclosing any information regarding the software in use in your business’ computer network, it is important to consult with counsel to determine what is and what may not be within the scope of the audit.