Imagine this: your company has grown from the original handful of employees to dozens or even hundreds of employees, all with their own workstations, home computers, and laptops with remote access to your company server. You receive a letter one day from an organization called the “Business Software Alliance” (“BSA”) warning you that your company could be responsible for massive licensing fees and penalties because your employees are using unlicensed or mis-licensed software products. When you begin to internally investigate this claim, you discover you have little or no documentation showing the licensing for the software installed on your company’s computers. You just upgraded your computers and software and added what you needed as the company grew, never suspecting you would one day be called upon to “prove” that you properly purchased, installed and licensed the software at each workstation. And now you are facing an ultimatum that failure to provide proof for each and every license will result in dire consequences. What do you do? This article discusses the steps you can take before ever being contacted by the BSA and what to do after the BSA has sent its demand letter.
The BSA describes itself as “the leading advocate for the global software industry before governments and in the international marketplace.” Businesses that have been on the receiving end of its compliance program, however, usually have less favorable words to describe the BSA. The BSA’s aggressive assertion of its members’ rights stretches the bounds of copyright law and the underlying software licenses at issue. Once the BSA has a company in its sights that it believes has unlicensed or improperly licensed software, the BSA will seek to extract as much in fines from the company as possible and, if a settlement cannot be reached, it has a well-known reputation for taking companies to federal court to enforce its members’ rights.
To add insult to injury, if not handled properly, the BSA will publicly shame companies that have unlicensed software, naming them and the amounts paid. For example, the BSA will publish articles like these naming the company and the amount of the settlement:
In the face of the aggressive tactics employed by the BSA, companies who are facing a demand from the BSA need someone just as aggressive to defend their rights.
What is the BSA?
The BSA is a trade organization representing software companies around the world. Its members include such companies as Adobe, Apple, Autodesk, IBM, Oracle, Microsoft, and Siemens. The BSA lobbies governments around the world, seeking to advance their members’ interest.
Non-member companies, however, mainly know the BSA for its compliance and enforcement efforts. The BSA aggressively seeks out companies who have unlicensed (or mis-licensed) copies of its members’ software. This aggressive approach includes running television and radio commercials offering monetary rewards to workers if they report unlicensed copies of software on their employer’s computers. In a recent case from Australia, the BSA paid its “informant” $10,000 for reporting unlicensed software on his company’s computers. In short, the BSA is using cash rewards as incentives to get employees, especially disgruntled employees, to “rat” on their companies for unlicensed software use.
Once the BSA suspects a company of having unlicensed software, the BSA will send the potentially infringing company a letter demanding to audit the entire company’s software installations and accompanying licenses threatening fines up to $150,000 per violation. The letter will advise that the company should contact them to resolve the issue otherwise litigation may occur. This threat is not an idle one. BSA is well-known for aggressively enforcing its members’ rights and has a well-known reputation for following through with its threats to take an alleged violation to court.
Take Action Now to Avoid Any Encounter with the BSA
As described below, once the BSA is involved, the costs to remedy unlicensed or mis-licensed software increases dramatically. Companies should take immediate action, prior to the BSA becoming involved, to ensure that the software they are using is properly licensed and installed.
This is not as simple a task as it may seem. For example, most software licenses, especially on the server side, are conditioned upon the number of server cores, the number of users, a specific user, or some combination of those three. However, as server virtualization becomes more popular and ubiquitous, determining the number of server cores and particular users on a virtualized server becomes more technical. In addition to the technical issues, there is also the issue of well-meaning employees downloading software that is “free,” without realizing it is only free for personal or education uses and requires a paid license for commercial use. As such, any internal audit needs to include not just legal professionals to review the licenses, but IT professionals to fully understand exactly where and how the software has been installed and is being accessed.
Moreover, a company may wish to enlist the help of legal counsel to conduct this audit through the help of a third-party IT service. Should the company later become involved in copyright litigation resulting from unlicensed software, the use of legal counsel and third-party IT professionals can potentially keep the results of the audit confidential and prevent the right’s holder from using the results of the internal audit against the company.
Once the audit is conducted, the company should ensure that all of its software is properly licensed and, if not, purchase the appropriate licensing or uninstall the software from the company’s systems.
After the system is properly audited and licensed, the company should then create and implement policies and procedures regarding the installation and licensing of software to ensure that all future software installations are reviewed by legal counsel and only installed and accessed in accordance with the license. IT professionals should also be involved in this process to ensure that rules are in place to enforce the terms of the license.
What If I’ve Already Been Contacted by the BSA?
Once the BSA has contacted a company and alleged copyright infringement, that company should seek immediate assistance from legal counsel. The BSA, as stated before, is very aggressive in enforcing its members’ rights and failure to timely and properly act can end up costing the company significantly.
After retaining counsel, the first step in dealing with a BSA response letter is to discuss mitigating the issues and keeping the burden on the BSA to prove its case should the case end up in court. For example, internal emails regarding potential infringement may be discoverable by the BSA in court. While a manager’s first instinct may be to send an email to the IT department asking about unlicensed software, the IT department’s response may not be something that the company wants the BSA to read. As such, the first communication after receiving the letter should be to an attorney. Any communications with IT (or other) staff, should only be at the direction of that attorney.
Further, now that the company has been put on notice of potential copyright litigation, unless directed to by its attorney, no changes should be made to the underlying system. If the case goes to court, uninstalling or deleting improperly licensed software could be seen as an attempt destroy or alter evidence if the case goes to trial.
Most letters from the BSA will state that they have information that the company is infringing on one of its members’ rights. However, the letter will then demand that the company do an audit of all its computers related to all of the member companies, not just the one the BSA suspects as unlicensed. After making sure that internal mitigation is occurring, the next step is to then limit the scope of the audit. The goal is to limit the audit to only the software owned by the member company for which the BSA believes is having its rights infringed. Otherwise, the company may be providing the BSA with information about unlicensed software that the BSA was unaware of, increasing the scope of the issue and the monetary amount of any settlement or eventual damages award. Thus, if the BSA has reason to believe a company is infringing on Microsoft’s copyrights, the audit should be limited to only Microsoft, and should not include the other member companies.
Once the scope has been limited, an internal audit needs to occur. It is highly recommended that this internal audit be conducted by a third-party IT company at the direction of legal counsel. Should the case be taken to court, these steps will minimize the likelihood that the BSA will be able to discover them. Further, in the case that they do eventually get discovered, the audit should be limited to only the software or company at issue. For example, if the BSA agrees to limit the scope to Autodesk products, the audit should only include Autodesk products.
When a listing of all of the installed products of the member company are complied, then licenses need to be gathered for each of these installations. Moreover, especially as it relates to server-side software, an understanding of where the software is installed and who is accessing it needs to be determined. Once all of this is compiled, the attorney should be able to make an internal determination as to what, if any, software is not properly licensed.
The BSA typically is willing to settle infringement issues for what amounts to four-times the licensing costs. The BSA will usually demand that the infringer pay the BSA three-times the licensing cost as a fine and, if the company wishes to keep the software installed, also purchase a license for the software. So, if it was determined that there were four copies of Microsoft Office, which retails for $250.00, that were installed but not licensed, the BSA would demand that the company purchase a license for these copies ($250 x 4) and then pay a fine equal to three times the licensing amount for each of these copies ($250 x 4 x 3). Thus, the likely cost to settle an infringement issue involving only four copies of Microsoft Office would be around $4,000.00.
Keeping the BSA’s likely settlement position in mind, once the internal audit is concluded, a discussion needs to be held to determine what, if anything, should be turned over to the BSA. The Copyright Act allows a rights holder, assuming other conditions are met, to seek actual damages or statutory damages ranging from $750 to $30,000 per infringement. If it can be shown that the infringement was intentional, those damages can rise to $150,000 per infringement. Further, the court has the authority to award the prevailing party its attorneys’ fees, which, depending on the case, can eclipse the actual damages award.
In addition to damages, the BSA has its own take as to what constitutes infringement and what constitutes proof of a license. Not surprisingly, that take is incredibly favorable to the BSA members and pushes the limit of what a judge or jury may consider infringement. For example, in prior dealings with the BSA, it has taken the position that a 15 year old installation of Microsoft Server 2000 was infringing because the physical license could not be found, despite assurances from the IT department that the license was purchased when it was installed and, due to the timeframes, would have necessarily been physically purchased from a store as opposed to being downloaded as much of the software today is. In any dealings with the BSA, an experienced attorney who is able to push back against these overreaching claims by the BSA is essential.
All of these factors need to be considered when determining how to respond to the BSA. Clearly understanding your rights and the potential risks involved is crucial to making the proper decision on how to respond to the BSA.
Finally, if the decision to settle with the BSA is made, it is important that it be negotiated properly. The BSA is known for publishing settlements and publicly highlighting the infringement and settlement amounts it has recovered for its members to publicly shaming the infringing company. In addition to any other terms, the settlement needs to explicitly make clear that the settlement is confidential and that the BSA will not disclose it or the allegations of infringement to anyone.
The BSA is aggressive defending the rights of its member companies. You deserve attorneys who will be just as aggressive in defending your rights. Whether it is ensuring that your company is in compliance with the applicable licenses or pushing back against the BSA’s overreaching interpretations of copyright law, Smith & Associates can help your company against software copyright infringement claims.
Should you need any assistance or have any questions about these issues, please feel free to give us a call for a free consultation.