Software Audits

Top Four Terms to Remember when Purchasing Autodesk Software

2011-07-20T15:21:35Z

Software-license compliance can be a difficult task, and understanding the standard Autodesk Software License Agreement may present challenges. Here are four of the most important terms in that agreement to remember for compliance purposes:

1. License Terms Vary Regarding Installations.

a. Multi-seat license. Although Autodesk generally restricts software installations to one installation per license, the license agreement provides exceptions based on the product in question. Some licenses are multi-seat licenses, which allow installations up to the number of seats the license specifies, which may vary.

b. Network license. Unlike other licenses, a network license enables users to access the software by several computers on a network, up to the number of concurrent users specified by the network license.

c. Education Institution and Student Version licenses. This type of license allows multiple installations of the software exclusively for educational purposes up to the number of installations permitted by the individual license.

d. Evaluation (Trial) Version. Autodesk offers potential buyers the opportunity to test a product before purchasing the full version by downloading a trial version. This version may only be installed for a maximum of thirty (30) days and must be uninstalled at the expiration of that period. Importantly, the software also may be used only for evaluation purposes, and not for production or testing.

2. Four-Month Grace Period To Remove Old Versions.

The Autodesk license agreement requires any product that has been upgraded or updated with a new version to be uninstalled or otherwise destroyed within 120 days of upgrading. Additionally, Autodesk may require the consumer to show proof of the destruction or removal of the product.

3. Licenses Cannot Be Transferred Without Written Consent.

Autodesk does not allow a license to be transferred to another user without written consent. This may work to restrict an employee from purchasing a product and receiving a reimbursement from the company for the product to transfer ownership.

4. Autodesk Reserves the Right to Audit.

Perhaps the most important provision regarding software compliance is the auditing provision. Autodesk expressly reserves the right to audit the installations of Autodesk products with reasonable notice. This provision enables Autodesk to conduct the inspection on-site and to assess a fee for any unlicensed installations.

It is important to review and understand the entire license agreement, and specifically the above terms. If facing an audit by Autodesk, it also is important to seek legal counsel with experience in defending against such matters.

Top Three Challenges in Standard IBM License Agreements

2011-07-20T15:11:00Z

IBM software licensing can present an array of interpretive and compliance challenges for even the most sophisticated licensees. Here are three of the most important things to keep in mind when planning to license IBM products under the company's standard-form agreements (which, for the vast majority of IBM customers, are essentially the company's only agreements, since IBM generally is loathe to deviate from them).

Document Soup. The first thing to know about IBM license agreements is that there is no single license of any single software program. Instead, IBM places applicable license terms within at least two - and sometimes more - documents. The two forms that apply in almost all cases are the International Program license Agreement (IPLA) (available here) and a program-specific License Information document (LI) (you can search for the LI pertaining to a specific product here). However, other documents may apply depending on how a product is being licensed. For example, most businesses that acquire IBM software do so under IBM's Passport Advantage volume-licensing program, which entails a separate license agreement (the PAA, available here). Further, if a company wants to license IBM software on virtual servers, it may want to consider doing so under IBM's sub-capacity licensing option. That option requires acceptance of yet another set of license terms (available here). Just keeping track of which agreements apply to which products can be a daunting task, and it is one that demands strict attention to detail if the customer wishes to avoid exposure from unlicensed or under-licensed software deployments.

Mandatory Full-Capacity Licensing by Default. Many businesses want to run IBM software on virtual servers in order to reduce costs and to maximize the use of available processing resources. Many of those businesses also are aware that IBM offers a sub-capacity licensing option that can substantially reduce costs in instances where a product is to be deployed on one or more virtual servers with substantially less processing capacity than the physical server where they are hosted. However, the LIs applicable to sub-capacity-eligible products typically contain no mention of sub-capacity licensing, requiring instead that the software be licensed based on the capacity of the physical server where it is installed. In order to be eligible to license products on a sub-capacity basis, a business therefore must agree separately to the terms of the sub-capacity licensing attachment to the PAA (referenced above). Failure to do so (and to jump through the other, mandatory, sub-capacity licensing hoops) can result in substantial, unanticipated license and compliance-related costs in the event of an audit.

Audits are Awful. The IPLA includes one of the most onerous audit-rights provisions that we see in standard-form license agreements. It requires the customer "to create, retain, and provide to IBM and its auditors accurate written records, system tool outputs, and other system information" intended to provide a basis for conducting compliance audits. It gives IBM the right to "verify Licensee's compliance," either directly or through the third-party auditor of its choice, without any limitation on frequency or timing, provided that the notice of the audit is "reasonable" and that the audit is conducted "in a manner that minimizes disruption to Licensee's business" (though, IBM audits almost always are significantly disruptive to varying degrees). Finally, if software use in excess of license rights is discovered, the customer may be required to pay the "charges that IBM specifies" for: "1) any such excess use, 2) support for such excess use for the lesser of the duration of such excess use or two years, and 3) any additional charges and other liabilities determined as a result of such verification." That essentially boils down to: "You will pay what we tell you to pay."

Companies that license IBM software typically do so for mission-critical business purposes, which makes addressing these and other pitfalls associated with IBM software licensing both inevitable and vitally important. It may not be possible to negotiate away most (or any) of the terms giving rise to those pitfalls, but at the very least a business must be familiar with the obligations it is undertaking when acquiring IBM program licenses. For this reason, it makes a lot of sense to work with experienced licensing counsel at the outset of the license-procurement process.

Online Software Purchases - The Good, The Bad and The Ugly

2011-07-20T15:02:58Z

Businesses understandably want to reduce both the time spent shopping for software licenses and the amount to be paid to acquire those licenses. However, efforts to minimize license spends online can have negative unintended consequences. If you are shopping at a software publisher's own online marketplace (such as Adobe's or Autodesk's stores), then you usually can rest assured that you at least have the tools available to purchase the correct kind and quantity of genuine licenses. However, the pricing available at those stores often is higher than the pricing available through third-party resellers.

Unfortunately, the further you stray from the publishers' stores in a search for lower prices, the more likely it is that you may make a costly error in your purchasing decisions. Here are three big reasons why:

1. You may not realize what you are getting. Those high prices and the publishers' stores come with benefits, one of which usually is assistance with available license types and an assessment of license needs, especially if you are contemplating a higher-cost transaction. If you purchase through third-party sites with lower prices (like Amazon) or through auction or "marketplace" sites (like eBay or, in some cases, Amazon), then you often are on your own in assessing your needs. As a result, some businesses end up purchasing incorrect licenses - such as academic-edition licenses for prohibited commercial purposes or upgrade licenses without a valid, qualifying, full-version license - usually on non-refundable terms.

2. You may not be getting anything at all. In some cases - especially at the auction and "marketplace" sites - the advertising sellers may have no right whatsoever to resell the software licenses they are offering, making those licenses worthless to the purchaser. Autodesk in particular is well known for challenging such sales, because its standard license agreement expressly prohibits the transfer of software licenses without its consent. In the event of an audit, invoices from such sales typically not only are rejected as proof of license-ownership but also may damage a business' credibility in attempting to negotiate a resolution, especially if the price identified on the invoice is far below MSRP.

3. You may be getting more than you expected. In the worst cases, and again, most commonly when purchasing software through marketplaces or auction sites, what you receive may actually result in damage to your files or computer systems. It is not unheard-of for software shipped following such sales to consist of unauthorized, corrupted copies or whole-cloth counterfeits of the advertised products. Such software can result in loss of data that may be significantly more valuable than full-price licenses for the software in question. In those situations, businesses may find themselves without the license-proof they need in the event of an audit and without the files they need to service their customers and make money.

This is not to say that all online license transactions are a bad idea or that business should not attempt to manage their licensing costs when possible and appropriate. However, it is a good, general rule of thumb that the further you get from full MSRP for a software license offered on the Internet, the more cautious you should be before proceeding. In close cases, it also may be worth the effort to get an opinion from your attorney.

Who Gets Sued for Software Compliance Violations?

2011-07-20T14:34:58Z

A recent Northern District of Idaho case should shed some light on how to apportion legal liability for copyright infringement damages related to business software usage.

In Brasher's vs. The Software & Information Industry Association, Adobe, Corel, McAfee, Symantec, Idaho Auto Auction, ADP, and Robert Gillespie, plaintiff Brasher's, the target of an SIIA software audit, filed suit asking the court to determine who is legally responsible for unlicensed software found on its computers during the audit. Brasher's sues Gillespie, a former IT administrator and presumed informant for his role in installing the software and seeks indemnity from Idaho Auto Auction the company it acquired assets from which included computers with unlicensed software.

This lawsuit provides some valuable lessons.

(1)The plaintiff claims it had no knowledge that the computers contained allegedly infringing software when it acquired the computers. Lack of knowledge or intent is usually not a good defense to a copyright infringement claim when liability attaches without regard to fault or knowledge.

This case highlights the importance of due diligence and properly documenting asset transactions involving the sale of computers with software installed.

(2) The plaintiff alleges that the former IT administrator installed unlicensed software in violation of company policies. He was subsequently terminated and thereafter informed SIIA that Brasher's had pirated software on their computers. The plaintiff alleges a very common fact pattern: IT administrator is terminated and makes a software piracy complaint against the former employer to the SIIA.

It will be interesting to see how receptive the court is to Brasher's claim that Gillespie should be individually liable for software he installed in violation of the company's policy. The case against the informant is always a tough call. Most unemployed IT guys are not viable defendants.

(3)The plaintiff alleges that the SIIA repeatedly made demands for payment several times the total retail price of the software and far in excess of any damages suffered by SIIA's members. Brasher's claims that they repeatedly offered to settle with the SIIA, including an offer of $12,500, despite the fact that the retail price of the software allegedly infringed is less than half that amount and that the SIIA rejected their settlement offers.

The SIIA's multiple of MSRP approach to software audits is under direct attack. I think the court will be receptive to Brasher's claims that an arbitrary multiple of MSRP is not appropriate for calculating damages in software copyright infringement cases.

Microsoft Certificates of Authenticity May Not Constitute Proof of Licensing

2011-06-20T15:17:09Z

The Business Software Alliance ("BSA") and Software Industry & Information Association ("SIIA") work on behalf of their members (the lists of which include Microsoft (for the BSA), Adobe, and Autodesk, among others) to enforce copyrights and the terms of end user license agreements ("EULAs") pertaining to those members' software products. The BSA and SIIA typically initiate software audits against companies in a stated effort to determine whether the software installed on those companies' computers is properly licensed according to the terms of the relevant EULAs.

The audit process usually requires the audited company to produce specific kinds of proof-of-purchase documentation for any software licenses that the company claims to own. Failure to provide that kind of proof - typically in the form of a dated invoice or other document showing when the company purchased the license - most often results in the BSA's or SIIA's refusal to credit license ownership for any reported software deployments.

In BSA audits, companies often mistakenly believe that production of a Microsoft "Certificate of Authenticity," activation key or packaging and installation disc constitutes sufficient license proof. However, the BSA almost never recognizes license credit for those kinds of materials. Product keys may be a result of cracked codes or multiple installations, and Certificates of Authenticity are not dated and therefore may be purchased after the effective date of the audit demanded by the BSA.

It is crucial for companies to retain all receipts for software-license purchases for as long as any of those software products are installed on company computers. In addition, when facing a BSA or SIIA software audit, it is important to seek counsel with experience in defending against such matters and in helping audited companies to exhaust all options for demonstrating license ownership.

Autodesk Targets Architects In Software Audits

2011-05-20T15:19:33Z

Autodesk routinely conducts software audits to determine whether businesses have unlicensed copies of its software installed on their computers. Architecture firms typically represent a significant portion of the targets of such audits - many such firms are heavily reliant on Autodesk software due to Autodesk's dominance in the market for computer-aided design software and due to file-format compatibility requirements for architecture bids and client projects.

It is customary for Autodesk (or a software-industry representative, such as the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA)) to send a letter requesting that the targeted firm conduct an audit of the Autodesk software installed on its network and that the firm then report the results of the audit, including the software installed, the serial numbers for the products, the nature of the use of the products, and the number of personnel using the products.

Many firms encounter problems when they discover that an employee has installed several copies of Autodesk software on multiple computers, in excess of the license-rights previously purchased. The Autodesk license agreement sometimes allows for Autodesk software to be installed both on a workstation computer and on a second computer (typically a laptop) for use away from the principal work location, but these computers must not be used concurrently. Multiple, concurrent-use installations often constitute breaches of the license agreement, which, in turn, may constitute copyright infringement. Firms may face additional exposure if their employees use license-key generators or other software or hardware to circumvent the licensing controls in Autodesk software. The Digital Millennium Copyright Act (DMCA) includes significant penalties that a court may impose if a business is found to have employed any such techniques in order to install and use a software product.

It is important for architecture firms - and any other businesses using Autodesk software - to review and understand applicable license agreements in order to mitigate exposure arising from potential copyright-infringement claims. Appropriate software use policies and routine, in-house audits often represent the best preventative measures that businesses may take to accomplish those ends. It also often is helpful for firms to seek legal counsel in the event of an audit or when confronting more complicated software-licensing issues.

Top Tips for Responding to an Autodesk Audit

2011-05-20T15:18:30Z

Autodesk routinely sends letters to businesses that it suspects may be using Autodesk software products without adequate licensing, both in order to confirm those suspicions as well as to address any license-compliance discrepancies. Typically under threat of a federal lawsuit for copyright infringement, Autodesk requires targeted businesses to respond to detailed questions about the Autodesk software installations on company computers, the employees who use those installations, and the licenses owned for those installations. It is Autodesk's position that unlicensed software installations constitute copyright infringement, and businesses that are unable to show full compliance typically face significant penalties on order to obtain Autodesk's release from liability for the alleged infringement.

When facing a software audit from Autodesk, it is usually a good idea for a business to take reasonable steps to cooperate in the audit process. However, that cooperation should come only after the business has taken steps to protect its interests and has conducted an internal review of its potential exposure. It is usually a good first step for company officers to read and familiarize themselves with the Autodesk Software License Agreement, paying special attention to the provisions that may affect the outcome of the audit, such as, for example, the license prohibition against the transfer of licenses without Autodesk's written consent. That prohibition may prevent the company from using licenses purchased by employees in order to demonstrate compliance with regard to software installed on company computers.

In conducting an internal review, it also is important to remember that Autodesk typically will not require that the company product invoices or other receipts from license purchases, as long as the serial number for the software installed on company computers correspond to serial numbers that have been properly registered with Autodesk. If company officers are confident that all software has been purchased from authorized resellers, then submitting the serial numbers can help to avoid the headache of trying to locate invoices or other purchasing documentation.

Finally, prior to supplying any audit information, a business should secure a confidentiality agreement from Autodesk. Autodesk often will agree to ensure that information supplied as part of the audit process or settlement negotiations is kept confidential and to not attempt to use any such audit information in court, if the matter proceeds to litigation.

Companies facing Autodesk audits should consider retaining counsel experienced in handling Autodesk audits. A competent attorney can help navigate the obstacles and pitfalls of the audit process.

One Easy, Preventative Step to Reduce Exposure in Autodesk Audits

2011-05-20T15:15:10Z

In the universe of software-copyright enforcement programs, Autodesk's may be the most active and vigorous. All businesses - even those not running Autodesk software - should take steps early and regularly to identify and eliminate any software-compliance gaps associated with Autodesk and other software installations. It is common for businesses owners to be surprised by the presence of software on their company computers that not only was unauthorized by company management but also unused for company business purposes. Regular, internal software audits can help to avoid those surprises, and in the case of Autodesk software, product serial numbers represent a valuable tool to help determine whether a software installation is licensed.

All properly licensed Autodesk software is associated with an eleven-digit, numeric serial number, in the following format: nnn-nnnnnnnn. During the software installation and registration process, the serial number is recorded by Autodesk and is associated with registration information submitted by the installing user. Unlike similar software identifiers used by other publishers (like key numbers used by Microsoft) Autodesk serial numbers - and associated user-registration information - often can be used to validate reported installations as being properly licensed to an audited businesses. Therefore, with the serial numbers of their Autodesk installations in hand, business owners often can start to get an idea of their audit-related exposure before receiving any audit demands.

It typically is possible to access the serial number for an installation by booting up the software, clicking on the "Help" menu, and then clicking the "About" option. Those numbers typically display as one of the following three options:

Zero-only serial numbers (e.g., 000-00000000), or absent serial numbers, usually reflect the installation of Autodesk software under a limited-time trial license. The software usually becomes inoperable at the end of the trial period, but the Autodesk license terms require the removal of the software after the expiration date. If outside their trial periods, these installations should be removed and, if appropriate, replaced with full-term, licensed software.
Patterned or repeating-digit serial numbers (e.g., 123-45677654 or 444-44444444 or 454-54545454) usually are determined by Autodesk to reflect the installation of unlicensed software. This kind of installation should be destroyed immediately unless the business can demonstrate ownership of a valid license with dated purchase documentation.
Unique, non-repeating serial numbers (e.g., 350-36478235) are most likely to represent correctly licensed software. However, it is possible that the user information associated with those numbers was not entered correctly during the registration process. It also is possible that the numbers have been determined by Autodesk to be associated with pirated products. Therefore, even if a company's Autodesk software installations display serial numbers in this format, it is important to review those numbers with available purchasing records to help ensure that unauthorized software has not been installed.

Taking the important step of identifying and inventorying Autodesk serial numbers in this way can help to mitigate exposure associated with Autodesk software audits. In the event of an audit, knowledgeable counsel can help to guide a business through the audit process and can help to determine whether and how the company should expect to use its serial numbers during the audit process.

Licensing Old Microsoft Products

2011-04-20T15:20:23Z

Businesses seeking to license older versions of Microsoft products may encounter challenges acquiring valid licenses. This is a particular concern for some companies that utilize Microsoft products as the basis for their IT infrastructure and that want to avoid a costly migration to new software versions.

Microsoft offers a number of options under its Volume Licensing program that many businesses use to meet this kind of need. Microsoft's "Open" licensing model in particular is a popular choice for small to medium sized businesses with 5 or more computers. Licenses acquired under the Open licensing program typically include "downgrade rights," which allow the license holder to run earlier versions of the software in place of the current version. This program generally requires a commitment to a two-year purchasing agreement, payable as the products are acquired at a discounted rate, and it includes a relatively low minimum purchase requirement of 5 licenses. A detailed list of programs eligible for different Volume Licensing programs is available here.

However, it is important to note that not all software eligible for Volume Licensing carries the same kinds of downgrade rights. Unlike licensed purchased in a retail setting, which typically include an end-user license agreement packaged with or embedded in the software, the license terms under Microsoft's Volume Licensing programmed are controlled by a periodically updated document called the Product Use Rights (PUR), the current version of which is available here. It also is important to keep in mind that many Microsoft products, such as Microsoft Office suites, may be downgraded only to the same edition of Office. For example, Microsoft Office Professional Plus 2010 may be downgraded to Microsoft Office Professional 2007, but it may not be downgraded to Microsoft Office Standard 2007.

Businesses running older versions of Microsoft products without a sufficient number or kind of documented licenses need either (1) to uninstall those products and to replace them with current versions, or else (2) to seek to license those existing installations via downgrade rights acquired through Volume Licensing. Microsoft routinely pursues legal action - both on its own and through groups like the Business Software Alliance (BSA) - based on claims that businesses are using unlicensed software. It is important for companies to comply with all terms of applicable software licensing agreements in order to avoid or reduce exposure arising from potential copyright-infringement claims. Experienced legal counsel can help to navigate these issues.

BSA Settlement a Reminder of Licensing Requirements for Hosting and Development

2011-04-20T15:13:27Z

The Business Software Alliance (BSA) announced on March 28 that it had reached a $100,000 settlement with an advertising agency in Melbourne, Australia, based on the firm's allegedly unlicensed use of BSA-member software products. However, unlike the majority of BSA settlements, which typically involve claims that a business has more installations of a particular product than its documented licenses permit, this case apparently included allegations that the company "was insufficiently licensed for its development environment and not properly licensed to provide hosting services for its customers."

Software development and solution hosting both can present unique licensing issues for businesses that may not be accustomed to addressing them. It is not uncommon for businesses to overestimate the rights conveyed with certain license types, which can prove to be costly mistakes in the event of a software audit. Microsoft's licensing rules are a good and fairly prevalent example:

Software Development. Many businesses recognize that a subscription under the Microsoft Developer Network (MSDN) program often represents an excellent value proposition. MSDN subscriptions include perpetual use rights for a vast array of Microsoft software. However, that software must be used exclusively in connection with the design, development, testing, and demonstration of new programs. In addition, and more importantly from a compliance perspective, each subscription must be assigned to a single software developer, with no sharing among team members, and if any software included in the subscription ever is used for any other, non-development-related purpose, then it must be licensed independently.
Solution Hosting. Most Microsoft license agreements do not permit users to host software over the Internet to their customers or to rent any software to third parties. Businesses that fail to heed those restrictions typically discover - in the context of a software audit - that Microsoft or the auditing entity (like the BSA) refuses to recognize licenses any erroneously purchased for those prohibited purposes. The most popular way to obtain valid hosting or rental rights is through a Services Provider License Agreement (SPLA) with Microsoft. However businesses considering SPLA licensing must be prepared for a much more involved contracting process with Microsoft and also for the requirement to submit monthly reports that identify all software deployed to customers under the SPLA.

Businesses concerned about their development or hosting entitlements - as well as businesses with reason to believe that those entitlements may represent a significant aspect of a pending audit investigation - should work with licensing counsel to identify any discrepancies from an early stage. Doing so can help to minimize exposure related to compliance deficiencies.