Targeted by the BSA? Almost all of my clients wonder how the Business Software Alliance got their name. Have you heard the BSA’s radio campaign offering rewards of up $1,000,000 dollars to disgruntled employees? The BSA entices disgruntled employees to rat on their employers in exchange for the promise of reward money. If you have been contacted by the BSA, a former or current disgruntled employee likely heard the Business Software Alliance’s Blow the Whistle campaign on the radio.

Click the link below to listen to the Business Software Alliance’s Radio Campaign as reported by ABC News:

Business Software Alliance Report

Software piracy audits conducted by the BSA and the SIIA threaten small and medium sized businesses. As the economy tightens, software publishers such as Microsoft, Adobe, and Autodesk hide behind software piracy enforcement groups to pursue customers accused of installing more software on corporate computers than they have purchased licenses for. If your company has been accused of software piracy, here’s what you should do:

• Hire an Attorney – BSA and SIIA have experienced software piracy attorneys working for them, you should too.
• Preserve Evidence – do not uninstall or change computer configurations until an accurate inventory of in-scope computers has been gathered.
• Avoid Knee-Jerk Purchases – a natural but counterproductive response to a software piracy audit is to run out and purchase software. I advise my clients to avoid making purchases until a complete inventory and case assessment has been completed.
• Maintain Confidentiality – client prepared audit materials and related documentation may be discoverable in a lawsuit. We conduct attorney-supervised audit reports protected by attorney-client and attorney work-product privileges.
• Condition Audit Disclosure – software piracy audit materials should only be disclosed after an appropriate agreement regarding confidentiality and non-use of the information has been signed by the software piracy enforcement agency.
• Estimate Software Piracy Fines – always review the draft audit materials with your attorney before they are produced to make sure everyone is clear on the potential financial exposure involved. Our software piracy fine calculators are available at: BSA Fine Calculator and SIIA Fine Calculator
• Argue Software Piracy Legal Issues – there are many legal issues involved in software piracy audits including what constitutes infringement, who has the burden of proof, how damages should be calculated, what constitutes proof of ownership and many others. We vigorously argue these legal points in an effort to reduce software piracy settlement demands.
• Negotiate Non-Monetary Terms – software piracy audit settlement agreements are incredibly one-sided and unfair to the targets. I advise my clients to carefully consider important issues like future audit obligations, confidentiality of the settlement terms, the nature and scope of the release being offered.
• Focus on Your Business – the only way to be successful in a software piracy audit is to continue to stay focused on running your business and taking care of your clients.

If you have been accused of software piracy please call Scott & Scott, LLP for a free consultation.

A variety of resolution frameworks are available to businesses involved in a software license dispute. An audit is the most common such framework and entails an analysis of the organization’s network for software installations compared against its licenses. The types of audits initiated by software publishers and trade associations include self audits, independent audits, software asset management (“SAM”) engagements, and publisher-staffed audits.

Self Audits
Self audits are the least disruptive of all software audits. They are a mechanism often employed by trade associations acting on behalf of software publishers. The trade associations, and in some instances, the publisher itself, requests that the target company conduct a self audit and report the results of the audit to the trade association or publisher. Companies that agree to conduct a self audit must inventory the applicable software on the computers within the scope of the audit and report the number of installations, the number of licenses, and the number of license deficiencies.

When evaluating whether you should cooperate or litigate after a request for a self audit, you should consider the benefits of a self audit compared to the other types of audits. For instance, in publisher and third-party audits, you usually have a contractual obligation to participate in the audit and provide information to the auditors. When conducting a self audit, you have some control over the timing of the audit and the allocation of resources. That flexibility is not always present in other types of audits.

Additionally, outside auditors are not always required to be impartial and may submit incomplete or inaccurate audit results. For these reasons, regardless of the type of audit requested by the software publisher, companies faced with an audit should request the opportunity to provide a self audit rather than an independent audit, a publisher-staffed audit, or (usually) a SAM engagement.

Independent Audits
An independent software audit involves the use of a third-party auditor to gather the facts relevant to the dispute. This audit method may be the most costly and time consuming option for the audit target.

Many software licenses incorporate audit provisions allowing the software publisher to request an independent audit. Such provisions must be carefully analyzed to determine the potential business impact of the audit and liability that may result from the audit.

In an independent audit, the organization has no input into the selection of the auditor, how long the audit will last, or the scope of the materials the auditors may review. The target company must also bear the costs of the audit if the auditor finds a licensing discrepancy of more than 5%. If the auditors conclude there is a discrepancy, the publisher has the contractual authority to unilaterally determine the license price for the software necessary to become compliant. Independent audits have significant business impacts and should be avoided if possible. Nonetheless, independent audits are preferred over SAM engagements and publisher-staffed audits because the auditor is usually ethically obligated to remain independent.

SAM Engagements
SAM engagements are also conducted by third-party auditors or consultants, but there is no obligation that the auditor in a SAM engagement be independent. The software publisher requests that the target allow a third party to audit its software installations and report the results directly to the publisher. In these engagements, the publisher pays the auditor, and the target is required to purchase licenses to cover any deficiencies in its software licenses. Microsoft’s SAM engagement has been extensively used in lieu of traditional software audits with mixed reviews from the end user’s perspective.

Participation in a properly managed SAM engagement may be in the client’s best interest
because such engagements typically provide some flexibility and a lower total cost of resolution than self audits and independent audits. In many instances, the publisher seeks no compensation for alleged past infringements in exchange for an agreement to come into compliance on a go-forward basis.

Publisher-Staffed Audits
Publisher-staffed audits are the most intrusive and least impartial of all software audits. In these audits, the publisher’s employees collect information relevant to the dispute. In many instances, publishers request a company’s confidential information or access to a company’s network to conduct the audit. Although a publisher may arguably have a contractual right to request that it be allowed to examine its customers’ computer network, it is never advisable to agree to a publisher-staffed audit without examining all of the alternatives first.

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish. In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements. In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses.

The audit process is lengthy and arduous and often is affected by costly mistakes. One of those mistakes involves the use of an inadequate tool to conduct the kind of audit called for by the auditing entity. There are many ways a business may tackle the audit process. It may hire a law firm that specializes in software audits to conduct the review, it may hire external IT consultants, or it may proceed with its own in-house software audit. The BSA often suggests a number of tools to assist with a self-audit, sometimes including Novell, Symantec, Frontrange Solutions, Belarc and Spiceworks. Many of those tools are available for little or no licensing fee, making them appear to be attractive alternatives.

However, if a company chooses to conduct a self-audit, it is essential to verify the results produced by the tool deployed prior to submitting any information to the BSA or SIIA. Often, software audit tools are not sophisticated enough to discern between free trial software or remnants from previous installations and full installations of licensable software products within the scope of the audit. Over-reporting can carry significant consequences, because each product mistakenly reported as a full version for which a business is unable to demonstrate license ownership typically entails a penalty at settlement based on the MSRP of that product. The BSA then typically applies a multiplier for each product included in its settlement offer calculations.

For these reasons, it is important when conducting an in-house software audit to carefully look for any mistakes in the audit results and to ensure that those results accurately reflect what was installed as of the effective date of the audit requested by the BSA or SIIA. If there is any doubt regarding the accuracy of those results, it is vital to seek the advice of a knowledgeable attorney or consultant prior to submitting any information to the auditing entity.