A Look Inside the BSA

die_jack_die writes: "SFGate is running this article about the Business Software Alliance. I'm sure the BSA loves when they get scary stories of their tactics into the press, but this piece does quote the EFF's Fred Von Lohman making the point that companies who don't want to deal with the BSA can always use Open Source software. Most telling quote: 'every cent of those massive settlements stays within the BSA -- member software organizations receive only the licensing fees.'"

Or, vice-versa...

[ekrout]

...making the point that companies who don't want to deal with the BSA [suing them for pirating software] can always use Open Source software

Well, sure, you can use open source or free software whenever you'd like.

You could also simply pay for the proprietary software that you need to use rather than stealing it. If I had my own company, I would make certain that we ran things properly, which would involve, among other things, not pirating software.

Re:Or, vice-versa...

[cmowire]

That's not the big problem here. The big problem is when the BSA goes after a company who is careful about their software licensing, but who didn't keep good enough records.

Do you keep every single receipt? Remember what the article said, the box is not enough. The license often gets tossed out and only the manuals and maybe the box kept. And the receipt gets thrown out after some time.

Does Fry's or Radio Shack visit my house on occasion to make sure that I can prove to them that every little piece of electronics in my house hasn't been stollen? Do the grocery stores inspect my fridge to make sure I didn't some sausages down my pants last time I shopped?

Re:Or, vice-versa...

[cpt+kangarooski]

Okay, to put it another way, does Stephen King come to your house to make sure you don't have pirated copies of his books?

Regarding 'software should be free,' I don't agree that there should be a total lack of copyright, but the value of an _ideal_ copyright scheme does not legitimize all copyright schemes.

Re:Or, vice-versa...

[RickHunter]

Logical fallacy #1: Copyright infringement is a HELL of a lot less severe than rape or piracy. (The later of which used to result in a death penalty without trial. The only reason it still does not is because we've killed all the pirates.)

Logical fallacy #2: Using RMS' philosophy to support one part of your argument, while directing another part towards knocking out the foundations of said argument. Software should be free to redistribute because making an additional copy has zero marginal cost.

Logical fallacy #3: Exactly what damage is done by copyright infringement of software? My having a copy doesn't mean that you have fewer copies. Does my having a copy of your software do more damage to you than my stealing a truckful of electronics from Radio Shack does to them?

Logical fallacy #4: If said applications did not exist, and there was a need felt for them, someone would provide them. (Under contract, if necessary) If they did not exist and no need was felt for them, they are unnecessary.

Re:Or, vice-versa...

[indiigo]

Yes... we keep excellent records. Were we to be audited, I could say with 100% certainty that we are 100% compliant. We keep track of all software before and after it is purchased. Users do not have permissions to load software on their own machines, from partners down to clerks.

Games are not allowed on the network not because they screw with company time, but because in most cases we don't have the accompanying license to ensure it's legal.

User's home machines that connect to our network are under a policy that states that we have not supplied them with any unlicensed software.

Yes we pay for the closed-source software.

No we don't spend a lot of money. We skip lots of versions and upgrade for truly functional reasons.

We are evaluating open source software--as the MS "upgrade advantage" is not a route we want to be going.

But it's very easy to stay compliant...

Can you tell what kind of company we are?

An intellectual property/patent law firm.

Love us or hate us... we practice what we preach.

Re:Or, vice-versa...

[Anthony+Boyd]

I would build on your post, and add one more problem with BSA's methods. That is, the company I work for was threatened with an audit, and, although we had licenses and came out unscathed, management was freaked out enough that they had to move two employees off their current tasks and onto documenting & proving our innocence. Aside from the fact that we had to spend money to prove we were good, there is the fundamental constitutional issue. In a US court of law, the burden is on the accuser to prove our guilt. I hate that the BSA's strong-arm tactics have cowed not just companies, but the US citizens working at those companies, who apparently don't understand their own rights. The burden of proof should be on the accuser.

Re:Or, vice-versa...

[WNight]

I agree with the other poster. Post the name of your company and we'll get the BSA to audit you. We'll tell them you think their mothers are ugly, just to warm them up a bit.

I'm sure that somewhere, on some old computer, is something they'll take offense to. Don't forget that if you ghost a drive onto a larger one, you're infringing. MS doesn't permit that. And even if they did, you'd need an extra license because for a while two copies exist.

And have you really bought a new license when you change hardware? Don't forget that OEM Win 95 isn't allowed to be used as an upgrade unless you run it on the same hardware. It's really a clever way of making upgrades useless. Sure, upgrade to XP, but you won't be able to run it on your old hardware and you're not authorized to run it on the new stuff...

I'm sure you intend to stay 100% within the law, and if intent mattered, you'd be safe. But there are so many provisions in EULAs that if you were to try to follow them all you basically wouldn't be able to compute.

So come on, post your name, your company name, and preferably your boss's name, it'll save time in setting this up. Oh, a telephone number would save me the directory charges.

Re:Or, vice-versa...

[WNight]

There's an advanced trolling technique. It involves saying "I know this is an unpopular opinion on Slashdot, home of the (software thieves/democratic babies/libertarian freak) but it needs saying ..."

No matter the value of the message they'll get modded up for "being brave enough to be unpopular" and modded down for saying whatever it is they say, in such an inflamatory way. Thus they get their little shitstorm they wanted.

You left out the "unpopular opinion here of Slashdot" part of your message, but it was otherwise exactly the same.

People are rightly offended at having jack-booted thugs come with armed US marshals and force them to prove the ownership of all their software. You make it sound like only a thief would mind it, so of course you get called a troll.

Imagine if the police raided your business and forced you to prove the ownership of all their furniture. It'd be just as ridiculous, but you wouldn't get trolls mouthing off about how if you're not a chair thief you obviously wouldn't mind a extra month or two of employee time tracking down receipts and matching them to furniture. So why do you feel the need to troll just because the topic is software?

Cost of pirating

[murphj]

From the article:

The BSA estimates that pirated software was responsible for about $3 billion in lost revenues to software publishers in the U.S. in 2000 -- although, to be strictly fair, that number assumes that every copy of stolen software would have been bought if it weren't stolen, which inflates the number somewhat.

It's good to see someone in the press finally taking those numbers with a grain of salt. Somehow I don't think evry kid who downloads Photoshop and Illustrator would have purchased a copy.

Good sell for open source

[gillbates]

receiving such a letter can cause both stress and monetary losses as the company attempts to chase down software-purchase information.

Which is a reason enough for most companies to switch vendors. Once this starts happening on a widespread basis, open source software will be a much easier sell to business.

Trust me, if the BSA contacted my company on behalf of a software vendor, that vendor would lose his account with my company. Though I do as much as I can to ensure license compliance, I will not do business with a company that has an adversarial attitude toward me. If a vendor believes that I am running unlicensed or underlicensed copies of software, it would be better for them to ask if they can perform an audit at their own expense rather than sending the BSA after me.

On a lighter note, it is the mere existence of the BSA which encourages me to use and recommend open source software as much as possible. I believe the BSA is hurting vendors more than helping them.

Re:Good sell for open source

[vekotin]

I've got some first hand experience and comparisons from around here. Especially a few years back, Microsoft over here in Finland made it their policy to talk about licensing instead of letting BSA do the work. They'd ask people from your company to come over, they offer a meal, demonstrate some programs and do some usual advertisement tricks. Then they talk about licenses, licensing methods and they've usually done some background work on your company, helping to find a licensing solution. After a little talk, they'll get back to you and you'll usually find some good way to arrange licenses. "But I don't have all licenses in order now" you might tell them, and they'll respond kindly and suggest that maybe you should check them out now.

In comes BSA - everyone's doomed, everyone goes to hell and nobody passes go, but BSA certainly collects more than $200. You show them licenses, they'll claim you're hiding something. You show them invoices, they ask you are they forged. In the end, they're never saying it's okay, they're never wanting to solve things - they're just SO certain that every company is an evil pirate, or perhaps at least a place to turn into an incident.

I don't like a LOT of things about microsoft, including their customer service most of the time, their programs and their 72 million IIS bugs, but I won't lie to myself here - they want to make solutions, BSA wants to make war. BSA uses aggression, fear and often, VERY rude and offensive language. Of course they have nice people there too but it seems they're a minority. I -really- hope this is all just me seeing a number of bad days for them.

So, who do you want talk to about licenses today?

Re:Good sell for open source

[rgmoore]

I suspect that a big chunk of this is the difference between being a software vendor and a gobetween. Microsoft believes that they're going to keep doing business with you in the future. Screwing up their relationship with you will cost them more in lost business than the immediate benefit of the increased licensing money, so they play reasonably nice. The scariest thing they can imagine is somebody looking for good alternatives to their software, and obnoxious licensing audits are one such thing.

The BSA, OTOH, is not in the business of selling software themselves. They don't have to worry about doing business with you in the future, so they have no incentive to be nice about things. They just want to beat you upside the head and extract money out of you, so predatory and obnoxious behavior that makes you hate them is no problem. In many ways, a reputation for ruthlessness is beneficial for their business, since it means they can extort money from future victims even more easily.

Re:mad at the BSA

[SweetAndSourJesus]

"Why should our government always be on the side of the big business?"

because big business owns your government.

What a wonderful organization

[rbeattie]

I don't think there's any other group in the world that can promote free software as well as the BSA can. I mean, the more BSA extortional "warning letters" that are sent or jack-booted thugs that come raiding into offices, the more that IT organizations are going to look for alternatives.

It's been argued on Slashdot before that more people would take free software seriously if they had to pay for all the stuff they use already. I agree. I say, good, make them pay up (plus penalties!), then they'll get a clue and stop using M$.

I don't think there should be anyone on Slashdot that's one bit against the BSA. Go BSA, go!

-Russ

Re:What a wonderful organization

[Carter+Butts]

Running OSS won't stop them. Running obviously non-intel hardware won't stop them. They don't care, and due to the wonderful aegis of the 'anonymous tipster,' they don't need a legitimate reason.

Yes, but they still need "weight of evidence" to make the accusation stick in court. I'd guess that simply not helping them, letting them run up costs in a battle they cannot win, and then filing a massive counter-suit for harrassment (with additional punative damages, of course) could be a very effective deterrent to future action. (Then again, IANAL, and perhaps this would be too expensive to be a reasonable strategy (even given the high probability of a payoff in the end).)

One almost envisions OSS firms acting like little tar pits...every one the BSA crosses could cost it vast sums of money, in addition to undermining its credibility. How many of these could the BSA afford to attack, I wonder?

-Carter

Guilty until proven innocent?

[sid_vicious]

According to Blank and Kruger, the burden of proof is on the targeted company.

When did I stop living in America?

Sounds like extortion to me

[da_Den_man]

Most companies come back with a different settlement number, and we negotiate," says Jenny Blank, the BSA's director of enforcement. "I'm not going to say they're cheerful about it, but they recognize that this is probably easier and less expensive than taking the case to court."

This is just amazing that they can organize a settlement without even investigating the actual accounting of the licenses. If I have a license and no receipt, does that mean I stole the software? I would think just the opposite. It means I legally purchased the software and did not keep the receipt.

My question has to be, if they are judging the settlement on how long the software has been in use, who's to say it was loaded and EVER used? I have a ton of software that I NEVER use, but it is still loaded on the system. Mostly because I am waiting on an update, or patch, or Service Pack for it before I devote any type of time to running it.

BSA = Extortion, plain & simple.

Great hidden quote

[rgmoore]

It's amazing how it takes them several pages before the article stops looking like a press release from the BSA, but there are actually some interesting comments when you get a bit deeper into the article. I thought that the following was very interesting:

The BSA estimates that pirated software was responsible for about $3 billion in lost revenues to software publishers in the U.S. in 2000 -- although, to be strictly fair, that number assumes that every copy of stolen software would have been bought if it weren't stolen, which inflates the number somewhat.

That's the first time I can ever remember a news outlet that didn't buy the "every copy would have been paid for" line of crap from the BSA. Even here, though, it's pretty weak. Assuming that every copy would have been paid for inflates the numbers more than "somewhat". If the BSA isn't careful, though, the news is going to stop telling just their side of the story soon.

Re:Protect Open Source licenses? If not, Die.

[Zeio]

I'd hardly call the linux kernel kid's play. It may not be the best kernel ever conceived or written, but it would be foolish to think that there is nothing meritorious about it. Also, Apache - again, hardly kid's play. Oh, and Mozilla? Sendmail, BIND, gcc, MYSQL? TCP/IP? I certainly think that the intellectual property holders of these things are entitled to have their usage licenses and property right protected.

Most innovation seems to be done in academia first, then stolen by dishonest corporations (not all are dishonest) and touted as their own creations.

Re:Use Dual Boots

[LWolenczak]

The BSA has the pratice of getting an injunction against you before they go knocking at your door. With that, they get to have the cops there, and the cops are forced to be on their side.

the bsa only works because 90% cave in

[Lumpy]

If EVERYONE told the BSA to shove it up their ass and forced the BSA to file court papers, get a judge to issue a search warrent and use police forces to gain access they would cease to exist in less than 12 months.

but everyone caves instantly and quietly pay's their extortion... this is pure Bullcrap and we all know it. this needs to end and it needs to end now.. Make them pay through the nose like everyone else has to.

Re:Use Dual Boots

[Rick+the+Red]

How do they get a warrant without proof that you're using pirated software? What's the level of probable cause needed, or is possesion of a computer defacto "proof" that you must be using Micro$soft software, due to their monopoly?

Constitutionality needs to be tested...

[letxa2000]

One does not have the authority to arbitrarily search others on the grounds that they may have committed some infraction against you; that firms have allowed the BSA to get away with such behavior is IMHO quite scandalous.

What needs to happen is some company that has their licenses in order should tell the BSA to screw off. When BSA comes storming in with a court order the company should obviously comply. The BSA will find nothing. They should then sue the BSA for wrongful prosecution, sue for damages (lost productivity due to having to deal with them), treble damages, and hopefully get the process itself checked on constitutionality.

The BSA has the right to sue. But the courts shouldn't be dishing out court orders for these kind of raids unless there's evidence of violation. A tip is heresey unless the tip comes with evidence--copies of email sent within the companying that acknowledge the presence of pirated copies, etc.

Consider their acknowledged source of tips: disgruntled employees. Sure, they may have knowledge of violations. Or they might just be getting back at their ex-employer. They might not have any pirated copies, but the disgruntled employee will at least cause his ex-employer some headaches.

Is a disgruntled employee really a reliable source for determining whether there is justification to violate somebody's (or some company) right to be free of unreasonable search and seizure?

This needs to be tested constitutionally, but I think it'll require 1) A company with their licenses in order. 2) The company snubbing their noses at the BSA. 3) The company subsequently being raided. 4) The company sueing the BSA.

Lots of "ifs" considering most companies are in business to make money, not test constitutionality issues. We can dream, though.

150,000% penalty = too risky to fight

[geekotourist]

With penalties this high no one except the largest companies can fight it- and that's wrong. You'll fight a traffic ticket because you can afford to lose. What if the original ticket was $100,000, with a "negotiated" fine of $1,000? This is extortion, not a negotiation- you'll accept whatever the court says because you cannot risk losing. Not to mention if *you* had to show that you didn't speed, even a little bit, and lack of evidence = proof of guilt. Extraordinary fines should require extraordinary proof, but instead the BSA has you do all the work, and even if you are entirely innocent you can still get hit.

Or, are the BSA members willing to accept the same rules for their own activities? Would they accept a Software Consulting Association that can send audit letters out checking for late payments to consultants? If you've paid a consultant more than 30 days late, you get fined $200k. Or an Hourly Workers Association- you have to prove you've never underpaid hourly workers, or its $50k. How about a Pricing Gun Mistake Association- if the grocery store misprices an item, you get $600. Not double the difference, or 10x, but 1,000x for each instance.

No, they wouldn't, because the rules that the BSA use wouldn't work if applied to all of society. Unless a mistake can cause extraordinary harm, you don't usually get to treat mistakes like a felony! What makes the BSA so special? Earlier people wrote about OSHA- at least that affects life and health. We tend to allow bigger fines for that. But is software piracy that much worse than discharging toxic substances into waterways (max fine $125,000)? Misbranding a drug in interstate commerce (max fine $100,000)? Violating the Sherman Antitrust Act (the fine listed in Section 3571 (d) is "not more than the greater of twice the gross gain or twice the gross loss" caused by the conduct...)?

In this Slashdot / Salon / LATimes coverage we saw Microsoft / BSA vs the LA School District, where "hundreds" of unlicensed copies were found. the threat was $150,000 fine for each copy of a $100 per license product. ($100 at best. 1/3 was MSDOS, and schools get very good rates). They "negotiate" down to a $300,000 total fine, and the school district probably felt very grateful for this kindness of the BSA.

This is a 150,000% fine negotiated down to a 1,000% fine. (or 1,500x down to 10x). How does the BSA get to levy fines so out of proportion to actual damages? Yes, illegal copies are a crime (as is speeding), but the LAUSD wasn't running a mass piracy operation. Assuming that "hundreds" = 500 copies found, then the LAUSD had found roughly 1 copy per school, or 1 copy per 120 employees. The BSA got to treat the LAUSD as if it had found widespread felonious behavior rather than a few years worth of a few people deliberately or mistakenly making copies. No proof of bad intentions needed.