Software auditors almost always try to find ways to maximize the number of allegedly infringing software “copies” at issue in an audit engagement. It is typical for the Business Software Alliance (BSA), the Software & Information Industry Association (SIIA), and other software publishers to demand that their small-to-medium-sized business targets disclose all installations of relevant software products on all of the computers owned by the target, which number the auditors then use in determining how much money they are going to demand in settlement to keep the matter from going to court. This is perhaps unsurprising behavior by the auditors, because it clearly gives them more leverage during settlement negotiations. However, according to more than one federal court, it may not be a correct interpretation of federal law.
In FM Industries, Inc. v. Citicorp Credit Services, Inc., the United States District Court for the Northern District of Illinois determined the existence and extent of infringement of a software program by a business whose license to use the program had expired. In the case, the business at issue claimed that it its use was non-infringing because it initially installed the software with the consent of the publisher. The court rejected this argument, holding that “a user reproduces a program stored in his computer's hard drive merely by launching that program, thereby causing the computer to copy it to Random Access Memory.” The court also cited to a Ninth Circuit opinion in the case of MAI Systems Corp. v. Peak Computer, Inc., where the court there stated:
The district court's grant of summary judgment on MAI's claims of copyright infringement reflects its conclusion that a “copying” for purposes of copyright law occurs when a computer program is transferred from a permanent storage device to a computer's RAM. This conclusion is consistent with its finding, in granting the preliminary injunction, that: “the loading of copyrighted computer software from a storage medium (hard disk, floppy disk, or read only memory) into the memory of a central processing unit (“CPU”) causes a copy to be made. In the absence of ownership of the copyright or express permission by license, such acts constitute copyright infringement.” We find that this conclusion is supported by the record and by the law.
These opinions are at odds with the standard tactics employed by the BSA, the SIIA, Autodesk, and other software auditors. For example, when presented with information that a design firm has repurposed a CAD workstation to a reception desk or, in a perhaps more stark example, decommissioned the machine to a storage closet, the BSA would argue that any design or CAD software remaining on the machine’s hard drive remains relevant for audit purposes, and they would use any such installations as factors in calculating a settlement demand. However, according to the FM Industries and MAI Systems opinions, this methodology is flawed. A correct damages model would not count as “copying” the mere presence of copyrighted software on a hard drive. The relevant inquiry is whether that software is being used by loading it into a computer’s RAM.
When faced with a software audit demand from the BSA, the SIIA, or any other software publisher or industry representative, before disclosing any information regarding the software in use in your business’ computer network, it is important to consult with counsel to determine what is and what may not be within the scope of the audit.