Slashdot Mirror
A Look Inside the BSA
die_jack_die writes: "SFGate is running this article about the Business Software Alliance. I'm sure the BSA loves when they get scary stories of their tactics into the press, but this piece does quote the EFF's Fred Von Lohman making the point that companies who don't want to deal with the BSA can always use Open Source software. Most telling quote: 'every cent of those massive settlements stays within the BSA -- member software organizations receive only the licensing fees.'"
...making the point that companies who don't want to deal with the BSA [suing them for pirating software] can always use Open Source software
Well, sure, you can use open source or free software whenever you'd like.
You could also simply pay for the proprietary software that you need to use rather than stealing it. If I had my own company, I would make certain that we ran things properly, which would involve, among other things, not pirating software.
If you celebrate Xmas, befriend me (538
From the article:
The BSA estimates that pirated software was responsible for about $3 billion in lost revenues to software publishers in the U.S. in 2000 -- although, to be strictly fair, that number assumes that every copy of stolen software would have been bought if it weren't stolen, which inflates the number somewhat.
It's good to see someone in the press finally taking those numbers with a grain of salt. Somehow I don't think evry kid who downloads Photoshop and Illustrator would have purchased a copy.
SONY. Because caucasians are just too damn tall.
How hard would it be for a disgruntled employee to knowingly install software without proper licenses, then call BSA? No where is it mentioned that individuals will suffer, only the company. Of course the company can then take action against the employee if they can find them.
Even if your comapny does pay for all its software, being forced to audit yourself costs money. Unless people making false reports are held liable, this system can and probably will be abused.
"Those who make peaceful revolution impossible, make violent revolution inevitable" - JFK
Trying to draw on group expertise here - can someone tell me what provisions of which law(s) lay the burden of proof on the the businessman, and not on the accusor?
This sounds like a provision that got slipped through when no one was looking, and the BSA has managed to keep it off the agenda ever since. I imagine the US Chamber of Commerce would get some support from their members to make this law a little more balanced. It's not that I support IP abuse, but the sheer arrogance of a guilty until proven innocent presumption in any piece of legislation is too galling to let pass .
If someone can get me the information (preferably original bill and USC reference) I will happily see it to a place where it can do some good.
THE YEAR WAS 2081, and everybody was finally equal...
I'm not pissed off that the BSA can sue a company for using unlicensed software. That's fine. Go after them on your own time, with all the legal resources you can afford.
What pisses me off is that they can get the assistance of the US government (in the form of US Marshals) to "raid" companies suspected of using that software.
Why doesn't it work the other way? Why don't we have the US Marshals raid Microsoft when they produce security-hole-ridden software that causes a small business to lose millions? Why should our government always be on the side of the big business?
I didn't realize the Boy Scouts of America were so evil.
"People that quote themselves in their signatures bother me" - athakur999
when you have 100 or so employees milling about, you would be amazed what kind of stuff they will drag in and install when you aren't looking.
And yes, I know all about policy editors and drive imaging and a lot of other things you can do to try to keep them from messing around with the systems or clean up after them when they leave for the day.
The bottom line is, like a lot of other companies, we spend a measurable amount of time and money on compliance issues every year even though we have never pirated software. If it weren't for the BSA, or more precisely our ties to products made by their member companies (thanks AutoDesk), this would be much less of an issue for us.
Which is a reason enough for most companies to switch vendors. Once this starts happening on a widespread basis, open source software will be a much easier sell to business.
Trust me, if the BSA contacted my company on behalf of a software vendor, that vendor would lose his account with my company. Though I do as much as I can to ensure license compliance, I will not do business with a company that has an adversarial attitude toward me. If a vendor believes that I am running unlicensed or underlicensed copies of software, it would be better for them to ask if they can perform an audit at their own expense rather than sending the BSA after me.
On a lighter note, it is the mere existence of the BSA which encourages me to use and recommend open source software as much as possible. I believe the BSA is hurting vendors more than helping them.
The society for a thought-free internet welcomes you.
I don't think there's any other group in the world that can promote free software as well as the BSA can. I mean, the more BSA extortional "warning letters" that are sent or jack-booted thugs that come raiding into offices, the more that IT organizations are going to look for alternatives.
It's been argued on Slashdot before that more people would take free software seriously if they had to pay for all the stuff they use already. I agree. I say, good, make them pay up (plus penalties!), then they'll get a clue and stop using M$.
I don't think there should be anyone on Slashdot that's one bit against the BSA. Go BSA, go!
-Russ
Me
According to Blank and Kruger, the burden of proof is on the targeted company.
When did I stop living in America?
If it ain't broke, it doesn't have enough features yet.
Most companies come back with a different settlement number, and we negotiate," says Jenny Blank, the BSA's director of enforcement. "I'm not going to say they're cheerful about it, but they recognize that this is probably easier and less expensive than taking the case to court."
This is just amazing that they can organize a settlement without even investigating the actual accounting of the licenses. If I have a license and no receipt, does that mean I stole the software? I would think just the opposite. It means I legally purchased the software and did not keep the receipt.
My question has to be, if they are judging the settlement on how long the software has been in use, who's to say it was loaded and EVER used? I have a ton of software that I NEVER use, but it is still loaded on the system. Mostly because I am waiting on an update, or patch, or Service Pack for it before I devote any type of time to running it.
BSA = Extortion, plain & simple.
You keep going until you die..."Me".
Actually, your argument implies precisely the opposite: since the act of unauthorized copying does not remove the initial item being copied, such an act clearly does less damage in any conventional sense of the term than theft (i.e., the illegal removal of tangible goods). Indeed, unauthorized copying (in the context being discussed) can do only hypothetical damage to anyone, since the "damage" claim rests entirely on the hypothetical counterfactual that the copier would have purchased a copy if he/she had not instead resorted to unauthorized means.
In any event, this is a non-sequiteur: the amount of "damage" which could, in principle, be done by unauthorized copying does not legitimately motivate the pre-emptive search of businesses or individuals for which there is not already reasonable grounds to suspect unauthorized copying. One does not have the authority to arbitrarily search others on the grounds that they may have committed some infraction against you; that firms have allowed the BSA to get away with such behavior is IMHO quite scandalous.
-Carter
Ever notice how both "organizations" hide behind that term usually reserved for not-for-profit aid groups, or otherwise innoxious group?
Ever notice how both groups generally exist for the seemingly sole purpose of badgering people with an army of lawyers behind a veil of "good"?
Ever notice the striking similarity between L Ron and Bill Gates?
Coincidence? I think not.
The previous post was meant as humor, and in no way meant liabel towards the BSA, The Church of Scientology, the ghost of L Ron, or Bill Gates' stupid grin (tm). All of my software is legitimate Microsoft(tm) software!
If you want to find out if I own the software, fine. YOU find out. Am I really obligated to show you evidence that I purchased software?
I know a police raiding looking for stolen equipment runs checks on the serial numbers. If the serial numbers come back clean, I'm not obligated to prove to them that I legally purchased it. They have to prove that it was stolen property to begin with or they have no case. Granted, having a box of receipts for everything gets them out the door faster as well as making your life a whole lot easier in the case of a mistake.
But for the BSA, who by the way is not a law enforcement agency, to require evidence of ownership does not extend to being provided with purchasing records. The certificate of ownership should be sufficient. Of course, I could stockpile those in case I fear they're coming, but I could just as easily format the harddrives.
In fact, that might not be a bad idea. Force all data, and I mean ALL data to be stored on network servers running free software, and only use proprietary boxes as workstations. Ghost those machines and nuke them every night. Receiving a command from the network completely wipes all machines on the network (except the fileservers).
I don't condone piracy, but I also don't endorse nazi style tactics. There is NO reason that a company that acts in good faith in purchasing software licenses who makes an honest mistake should be raked over the coals because some errant employee installed an extra copy of office in the wrong place.
-Restil
Play with my webcams and lights here
Ah, the BSA. I love these guys - their tactics help free (libre) software more than they may realize.
In my former life as a contract sysadmin I had several clients who specifically requested free software be used to build new systems or to replace licensed commmercial software with equivalent functionality. One major reason I got, especially in the latter case, was the desire to be rid of licensing hassles. The lower upfront cost helped, but this was usually less significant as they were already paying $$$ to contract me to implement whatever.
License compliance creates not just paperwork hassles but can shut down a business when, e.g. a license server fails/license key is accidentally deleted by clueless admin/clueless admin forgets to renew licenses/vendor goes under without a way to extend licenses or purchase additional keys. And this doesn't even cover security problems - did you hear the one about MS Office for Mac OS X? By spoofing product keys one can shut down every copy on the network, blocking use and causing unsaved work to be lost.
Now I'm a law student who salivates at the thought of the BSA getting its comeuppance - one of these days, I would not be surprised to learn that the BSA had organized a raid that shut down business at a company that turned out to be fully compliant. (Yes, I know full compliance with commercial licenses is virtually impossible in a large organization, but let me dream!) I can imagine hefty lawsuits arising... actually, this might have already happened. The BSA could have settled such a case with a settlement agreement that required confidentiality. I wonder, though, if one day a BSA raid will cause sufficient monetary damages (or a sufficiently cranky CEO) to make settlement impossible and allow a messy and public trial to go forward.
God, that would be sweet!
And yes, I have proof of valid license/purchase for every shred of commercial software on my machines. (Which is not much - just Win98SE, MS Office 2000, and Half-life/CS on my windows partition.)
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
This has got to be the biggest puff piece I've seen in quite some time.
Oh, of course they don't. Only absolutely non-frivolous investigations costing perfectly innocent companies time and lost profits.
So how do we know it isn't frivolous?
In other words... they only want to target companies with a good credit rating. Remember the first rule of lawsuits: only sue people with money!
It's amazing how it takes them several pages before the article stops looking like a press release from the BSA, but there are actually some interesting comments when you get a bit deeper into the article. I thought that the following was very interesting:
That's the first time I can ever remember a news outlet that didn't buy the "every copy would have been paid for" line of crap from the BSA. Even here, though, it's pretty weak. Assuming that every copy would have been paid for inflates the numbers more than "somewhat". If the BSA isn't careful, though, the news is going to stop telling just their side of the story soon.
There's no point in questioning authority if you aren't going to listen to the answers.
I'd hardly call the linux kernel kid's play. It may not be the best kernel ever conceived or written, but it would be foolish to think that there is nothing meritorious about it. Also, Apache - again, hardly kid's play. Oh, and Mozilla? Sendmail, BIND, gcc, MYSQL? TCP/IP? I certainly think that the intellectual property holders of these things are entitled to have their usage licenses and property right protected.
Most innovation seems to be done in academia first, then stolen by dishonest corporations (not all are dishonest) and touted as their own creations.
Legalize the constitution. Think for yourself question authority.
The BSA has the pratice of getting an injunction against you before they go knocking at your door. With that, they get to have the cops there, and the cops are forced to be on their side.
We received a BSA audit notice. We replied, yeah good luck, and told them they could go climb a tree. We received a note saying that the BSA was authorized by our software suppliers to perform this audit and refusal was a violation of our software license. We called several software suppliers and informed them that we were changing companies due to BSA interference, M$ was one of the companies contacted. Within 48 hours the BSA went away and we've not heard back. Their tactics are low and barely legal, you have all kinds of recourse in regards to this kind of issue.
errr....umm...*whooosh* *whoosh* Is this thing on ?
(posting anon for obvious reasons)
Well, that's exactly what happened to us. I was asked to to a software inventory by my employer. I sent out an email warning employees to remove any personal applications or software that didn't belong to the company. When I went around and did the inventory I determined we were compliant with our licensing.
Next thing I know my boss tells me the BSA is demanding either a $25,000 payment. They totally discounted our software inventory that we did because of a tip from an ex-employee. So even though we were totally compliant, they refused to let our company off. Either pay the $25,000 now, or go to court and risk paying all legal fees plus $150,000 for each piece of software the BSA manages to "prove" we stole.
My boss didn't want to go through all that. He succumbed to the intimidation, and cut the BSA a $25,000 check. FOR NOTHING.
This is a true story. I wish I was making this up, but sadly, its reality.
If EVERYONE told the BSA to shove it up their ass and forced the BSA to file court papers, get a judge to issue a search warrent and use police forces to gain access they would cease to exist in less than 12 months.
but everyone caves instantly and quietly pay's their extortion... this is pure Bullcrap and we all know it. this needs to end and it needs to end now.. Make them pay through the nose like everyone else has to.
Do not look at laser with remaining good eye.
>
> Then weep as they reformat your boxes, install Windows, and run their network software finders.
"Yes, Your Honor. When we came in, all 20 FOOCORP employees were running Linux on their workstations. Our agents had to reformat their hard drives and install Windows on them to run our Windows-based network software finders. The software-finders discovered 20 copies of Windows in the office. FOOCORP admit to having no Windows licenses. Please find FOOCORP guilty of 20 counts of infringment."
Pan to coffee shop.
Geek1: Hey we are having a BSA party this weekend wana come?
Geek2: Huh, what's a BSA party?
Geek3: Just remember to act scared at first, it makes it more fun
Geek1: I'll make the call this time
Geek1 picks up cell phone and starts dialing.
Flash to new scene, big server room all three geeks sitting behind Internet terminals. Zoom to door view. A loud bang insues. Voice behind door: "US Martials open up, we have a warrant."
Geek 1: comming
Geek 1 walks to door and opens it cops and serious looking guys in black suits run inside and start connecting laptops to hubs and switches.
BSA Agent: We've got you now scumbag, BSA!
BSA Agent2: We recieved anonymous tip, we understand you haven't bought a single software licence for any of these computers!
BSA Agent3: We have you now, there must be hundreds of servers here.
Geek2:(looking scared) Busted...
Geek 3:We will cooperate fully.
clock hands spin around
zoom back to scene... everyone is standing around a large screen . Geek 1 is playing with some cool themed desktop
BSA Agent2: I've never seen anthing like it...
Cop 1:It's so cool
flash to next scene, all the cops and agents are playing first person shooters and yelling at each other. A big LAN party.
Flash to next scene, big nurf war some cops are drinking beer in the corner with their shirts open. The drinking cops and geek 3 are singing together...
Flash to next scene. Things are quiet, Police and men are slowly walking towards the door, heads down.
BSA Agent2: (looks up)That was great. I'm really sorry, you are such nice guys. I quit!
BSA Agent 1:(looking very sincere he puts his hand on geek 1's shoulder) Sorry. We were wrong.
Everybody walks out. Door closes behind him geek 3 turns to geek 2.
Geek 3: They lose more guys that way.
pause blinking servers are visible in background
Geek 2: (confused) OK... How did you do that? play catchy song, fade out...
write across black screen "Linux"
Novel theory: Modern Man evolved from psychopath
(1) Companies should be warned of an audit ahead of time.
(2) Should a "raid" be conducted on a company, the BSA should not be present. The BSA is not the government and has no business on official law business.
(3) The closeness of the BSA to federal law agencies is troubling. It seems like they say "Check them out" and the Feds check them out. A money-gribing organization shouldn't have that much influence on federal law enforcement.
(4) Companies shouldn't have to prove anything. They shouldn't have to prove they have legit software. The BSA should have to prove -- beyond a reasonable doubt -- that the companies don't have legit software. The principle of beyond a reasonable doubt shouldn't be disconsidered just because its a civil suit and not a criminal case. The reason we assume innocence until proven otherwise in a crminal case is because the state has vastly more resources than the individual, and its difficult to "prove" your innocent. The same should be true in lawsuits (where the filing party has vastly more resources, at least).
(5) Companies found to have pirated software should only have to pay the cost of the software, OR should have the option of forfeiting the software (that is, removing it from their system). Lets face it, in hard money, no software company loses ANYTHING when a someone pirates their software if they weren't going to buy it otherwise.
(6) I'm not a fan of intellectual property anyways. I think all current types of IP should be scaled back to five years, and their scope should be drastically reduced; but that's another story.
social sciences can never use experience to verify their statemen
Here is the lines from the MS EULA that say you can't sue them for their products being buggy or insecure, no matter how much gets destroyed in the process:
"CUSTOMER REMEDIES. Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option, either (a) return of the price paid, if any, or (b) repair or replacement of the SOFTWARE PRODUCT that does not meet Microsoft's Limited Warranty and that is returned to Microsoft with a copy of your receipt. "
Meaning that if Windows messes up and destoys all your data, MS, *at their option* may refund your money. In addition,
"LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF MICROSOFT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, MICROSOFT'S ENTIRE LIABILITY UNDER ANY PROVISION OF THIS EULA SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE SOFTWARE PRODUCT OR U.S.$5.00;"
Meaning that no matter how much damage a MS product causes and no matter what it does, they have the option of refunding your money or giving you $5 -- I have no idea where that number came from. Moreover EVEN IF YOU TELL THEM THAT THEIR SOFTWARE HAS A FLAW THAT CUOLD DESTROY ALL YOUR DATA AND THEY DON'T FIX IT, YOU STILL CAN'T SUE THEM!
This type of EULA does not come with bridges and is why you can't sue MS for buggy software. If a Boeing plane were running MS sofware in its navigation system and that system messed up causing the plane to crash no one could sue MS, however if an engineering firm designed a new, let's say rudder for a Boeing jet and it failed causing the plane to crash its most likely the engineering firm can be sued.
Its all about monopoly -- if there was competition, people would not have to accept this implied consent EULA.
What needs to happen is some company that has their licenses in order should tell the BSA to screw off. When BSA comes storming in with a court order the company should obviously comply. The BSA will find nothing. They should then sue the BSA for wrongful prosecution, sue for damages (lost productivity due to having to deal with them), treble damages, and hopefully get the process itself checked on constitutionality.
The BSA has the right to sue. But the courts shouldn't be dishing out court orders for these kind of raids unless there's evidence of violation. A tip is heresey unless the tip comes with evidence--copies of email sent within the companying that acknowledge the presence of pirated copies, etc.
Consider their acknowledged source of tips: disgruntled employees. Sure, they may have knowledge of violations. Or they might just be getting back at their ex-employer. They might not have any pirated copies, but the disgruntled employee will at least cause his ex-employer some headaches.
Is a disgruntled employee really a reliable source for determining whether there is justification to violate somebody's (or some company) right to be free of unreasonable search and seizure?
This needs to be tested constitutionally, but I think it'll require 1) A company with their licenses in order. 2) The company snubbing their noses at the BSA. 3) The company subsequently being raided. 4) The company sueing the BSA.
Lots of "ifs" considering most companies are in business to make money, not test constitutionality issues. We can dream, though.
There is no substitute when dealing with bullies like the BSA: make sure you are well-advised. They misrepresent the extent of their powers and advantages in these threatened litigations, wildly mistate their rights under the law and appropriate burdens of proof; but they do have significant advantages that you should never underestimate.
While BSA likes to compare themselves to other licensing enforcement operations, such as ASCAP/BMI, there are fundamental differences, and at the end of the day, these can make substantial differences in the result if you are willing to duke it out.
A truly compliant entity, even poorly documented, can turn the tables powerfully on such a bully. Indeed, even a party who is slightly out-of-compliance can do so, by using a number of devices available at law, such as Offers of Judgment, to turn the tables or test the will of a BSA threat. (Indeed, it may be wise -- again YMMV -- to consider filing a preemptive declaratory judgment action against them for several reasons.)
ASCAP/BMI, when asked, will produce actual opinions of actual cases where they have collected actual damages at trial in comparable enforcement scenarios. Ask a similar question of the BSA -- they will cite to the cases of the Performing Rights Societies and not to those of the BSA.
Ex parte seizures or searches can backfire seriously as well. A 6th Circuit case not too long ago found that a defendant who can show a seizure to have been improper can proceed past a motion to dismiss on a civil rights and trespass claim not only against the overreaching plaintiff, but also against their attorneys. It is a good idea to put them on notice of this fact early in the correspondence.
And from this article, I learned something quite interesting -- their constituents only get the license fees, they retain the multiples they extract. Not so with Performing Rights Societies, who, as understood, are non-profit entities that return their proceeds after costs to the composers and rights owners they represent.
It is therefore essential to get solid representation from someone who knows what they are doing. A stone wall could expose you to substantial liability. On the other hand,
Please do not consider any of the above to be legal advisc beyond the following: get a lawyer who is highly competent in this area to advise you. Specific legal advise is highly fact-dependent, and subtle differences in facts can often necessitate dramatically different strategies. Accordingly, no "cookbook" or single posting can provide you with a clear, definitive solution -- get competent advice and act on it.
Or, are the BSA members willing to accept the same rules for their own activities? Would they accept a Software Consulting Association that can send audit letters out checking for late payments to consultants? If you've paid a consultant more than 30 days late, you get fined $200k. Or an Hourly Workers Association- you have to prove you've never underpaid hourly workers, or its $50k. How about a Pricing Gun Mistake Association- if the grocery store misprices an item, you get $600. Not double the difference, or 10x, but 1,000x for each instance.
No, they wouldn't, because the rules that the BSA use wouldn't work if applied to all of society. Unless a mistake can cause extraordinary harm, you don't usually get to treat mistakes like a felony! What makes the BSA so special? Earlier people wrote about OSHA- at least that affects life and health. We tend to allow bigger fines for that. But is software piracy that much worse than discharging toxic substances into waterways (max fine $125,000)? Misbranding a drug in interstate commerce (max fine $100,000)? Violating the Sherman Antitrust Act (the fine listed in Section 3571 (d) is "not more than the greater of twice the gross gain or twice the gross loss" caused by the conduct...)?
In this Slashdot / Salon / LATimes coverage we saw Microsoft / BSA vs the LA School District, where "hundreds" of unlicensed copies were found. the threat was $150,000 fine for each copy of a $100 per license product. ($100 at best. 1/3 was MSDOS, and schools get very good rates). They "negotiate" down to a $300,000 total fine, and the school district probably felt very grateful for this kindness of the BSA.
This is a 150,000% fine negotiated down to a 1,000% fine. (or 1,500x down to 10x). How does the BSA get to levy fines so out of proportion to actual damages? Yes, illegal copies are a crime (as is speeding), but the LAUSD wasn't running a mass piracy operation. Assuming that "hundreds" = 500 copies found, then the LAUSD had found roughly 1 copy per school, or 1 copy per 120 employees. The BSA got to treat the LAUSD as if it had found widespread felonious behavior rather than a few years worth of a few people deliberately or mistakenly making copies. No proof of bad intentions needed.
never said it wasn't wrong. but you're right. It makes no difference since proprietary software will be completely gone in 10-15 years.