For those of you interested in the legal aspects of license compliance and software audits, here’s an interesting development that took place in the D.C. Court of Appeals just a few weeks ago:  After an anonymous employee filed a bogus piracy claim with the SIIA against his/her company, Solers Inc, the firm filed a defamation lawsuit against the “John Doe” informant and tried to subpoena the SIIA to reveal the defendant’s identity. Unfortunately for Solers (and fortunately for the defendant), the Court of Appeals ruled that because Solers couldn’t provide sufficient evidence that it had suffered economic or other losses as a result of the false accusation, the subpoena would be quashed and the case dismissed.

Although the ruling doesn’t apply to areas outside the District of Columbia, it still potentially serves as a precedent both to businesses and would-be whistle-blowers. First, businesses may be more or less inclined to pursue the identity of a John Doe depending on their ability to furnish evidence of economic damages, and the perceived strength of such “proof.” Perhaps more interestingly, employees considering filing a confidential license infringement claim to the BSA or SIIA may think again if they know that under certain circumstances, particularly when economic harm results, their anonymity may not be protected in the event of a subpoena.

(more…)

An article caught my eye this morning in Manufacturing Business Daily summarizing the results of a recent Ernst & Young survey that focused on software asset management philosophies and practices among software vendors and their customers.  

Before discussing the results, I should point out that I’m pretty skeptical about studies conducted and published by firms with a commercial interest in the topic being explored.  Because Ernst & Young dedicates part of its business to IT governance, internal auditing, and compliance services for large enterprises, it’s virtually impossible for the firm to be objective in its research methodology or interpretation of results–in fact, they offered no information about their approach to the survey.  (For example, is there inherent bias among those selected to participate?  What were the roles with respect to compliance of those individuals or teams that actually completed the survey?  Why did they recruit end-user organizations that averaged over 10,000 desktops [organizations of this size comprise only 0.1 percent of all US companies over 100 employees]?  Is it possible to draw conclusions relevant to the marketplace with so few participants?  The list goes on and on.)

Nevertheless, the results are interesting and at least on the surface validate what we’ve long suspected to be the true motives behind vendor audits; software publishers are far more interested in revenue generation than they are in protecting their intellectual property or helping customers be successful in managing their software estates.  Only four of the eight “major” software publishers surveyed stated that protection of intellectual property rights is an objective of their compliance programs, flying directly in the face of the very legal platform software vendors and the BSA claim as the basis of their actions.  It’s also ironic that only 38% of vendors suggested that their compliance programs, which are generally advertised as “SAM” programs, have customer education and/or process improvement as a stated goal. 

(more…)

I came across this Computerworld article as I did my weekly scour of the news media, and wow, did it ever bring new meaning to “going rogue.”  Companies understandably worry about employees “blowing the whistle” on unlicensed software–a practice promoted (and rewarded) by the BSA that’s become a primary tool for uncovering and combating corporate software piracy.  But this column describes a much more seditious plot by an IT systems administrator, who, as far as I’m concerned, wins the prize for “Most Creative Way to Trigger a Software Audit.” 

In short, a 7-year employee of a $250 million retailer located in Pennsylvania (who shall remain nameless), created and operated a bogus storefront to sell more than half a million dollars worth of Microsoft, Adobe and SAP software to his oblivious employer.  The scam began to unravel when the company received a call from the BSA, informing them of licensing disparities that suggested pirated software was in use.  As it turns out, Microsoft had traced the sale of illegal software back to the above-mentioned sys admin, which apparently set off the investigation in the first place.  To make matters worse, this enterprising chap turned out to be the only person at the entire company who held the administrative passwords to critical systems such as the network router, firewall and switches, the corporate VPN, the email server, Windows AD and desktops, and more.  Because of the obvious retaliatory damage the sys admin could bring upon the company if not confronted carefully, the firm hired a security consultant who designed an elaborate sting operation that would have made even Dragnet’s Sergeant Joe Friday proud.  

(more…)

Imagine your company were forced to pony up $3.3 million in damages for software license infringement.  Unbelievable though it may seem, this was the actual amount of the judgment in a 2007 piracy lawsuit against an unnamed international media firm.  The ruling broke the record for the largest copyright infringement penalty in the BSA’s history–a record that towered far above all others for over three years.

Now, imagine the judgment against your company were for $1.3 BILLION (equivalent to the entire GDP of Belize!).  Inconceivable?  Absolutely–up until last week, when SAP assumed the role of the world’s most ignominious software pirate after being convicted of copyright infringement by a California jury.

The high-profile case involved charges stemming from SAP’s acquisition of TomorrowNow, a company that provided services and support to customers of PeopleSoft and JD Edwards, both of which were acquired by Oracle in 2005.  TomorrowNow, under new ownership of SAP, was accused by Oracle of routinely (and illegally) downloading Oracle software outside the scope of patches and bug fixes to which TomorrowNow’s existing customers were contractually entitled. Initially, Oracle filed ten charges against SAP, among them copyright infringement, unlawful computer access, unfair competition, and breach of contract. 

(more…)

After years of “ho-hum” traditional press releases, research studies, and local radio campaigns, it looks like the BSA has hired fresh blood to breathe some life into its image.  Using YouTube, the BSA is engaging in some rather clever viral marketing in what appears to be an attempt to not only promote but also to modernize its message.  The “Faces of Internet Piracy” campaign evidently launched over a year ago, with videos featuring real-life “bad guys” (software counterfeiters and consumer cheats) and “good guys” (corporate do-gooders who beat back the tide of piracy and spread the virtues of properly licensed software).  Some of the YouTube shorts (like this one) reflect an edgy, reality-TV-inspired production style, which the BSA likely hopes is more apt to reach one of its primary targets: tech-savvy youth.

I do find it interesting that despite the fact that many of the BSA’s efforts are devoted to auditing and meting out punishment to businesses guilty of using unlicensed software, it doesn’t seem like the BSA is allocating proportional resources to educating the business community using similar, culturally relevant mediums. Of the $51 billion of lost ISV and retailer revenues the BSA claims piracy has resulted in, how much of it stems from illegal software use within companies?  It’s always struck me as a bit odd that the annual studies that yield these figures have never made the important distinction between consumer piracy and corporate piracy.  Then again, from the BSA’s perspective, it probably doesn’t hurt for end-users to draw their own conclusions, no matter which category they fall into.

(more…)