Slashdot Mirror
Shakedown: How the Business Software Alliance Operates
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
While I'm of course not a lawyer, but what right does this organization have to come in and put anything on the computers that are privately owned? I think they are trying to make you THINK that they have right and you'll give them the go ahead because they've convinced you they do... while in reality you could tell them to go to hell and they couldn't do a thing about it.
The BSA holds Power of Attorney to act for the manufacturers in these matters. So, if you have software from a BSA member then the BSA asking to see the license IS like the manufacturer asking for the license.
Ask them for the Search Warrant. They should at least have to have a reasonable belief that you have software on your computer that is not licensed. Arbitrary demands to search your computer are unreasonable, they cost you both time and money, no court should uphold a part of a license that subjects anyone or any institution to unreasonable searches or demands, no matter what the licensing. Notice in all EULAs they put that little clause in there that says, "If any part of this license should be found unenforceable, then the rest of the license shall remain in full effect..." That's because the EULAs have not been thoroughly tested in a court of law, and they know they are going to lose on some parts. Without some kind of evidence they're going to have a pretty weak case.
...and that word is "outrageous." If your administration does not step in and put a halt to this egregious evasion, then you can tell them I told you they are a bunch of pussies.
Seriously: Where's the search warrant? How enforceable is a EULA with such broad contractual provisions that it forces a licensee to waive all rights to due process and freedom from illegal searches? (Before you naysayers tell me the Constitution has no bearing in this, check the facts: In many cases, BSA shows up at the doorstep with their very own law enforcement escort.)
There is a legal concept known as "blue-lining" in which a judge has the legal authority to water down, modify, or even eliminate certain portions of a previously-agreed-upon contract. I learned about this after I found myself the unwitting signatory to a capricious and completely illegal legal document. The state recognized the document as legally binding; however, the state also found the terms of the agreement were overly-reaching, capricious, and without legal standing, effectively nullifying the contract.
The reason why companies continue to write obviously unenforceable contracts is that they know the number of people willing to fight in court is very low. Most will simply roll over, expose their underbellies, and submit to being raped rather than fight.
Also, my 2c on this: There are a few angles. Clearly, a private institution is innocent until proven guilty under US law. So, the scare tactics the BSA is using on your University take a couple of prongs:
- For the legally not so savvy, it says "We'll sue if there's even a hint that you might not own some software! Put our software on your computers to keep us from suing."
- For the legally more savvy, it says "We can make your life sufficiently annoying that it will be cheaper to just let us put this software on your system." Then we'll go away.
To address this for both audiences at your university, you'd like to be able to prove:- Your university is not, in fact, legally liable to the BSA, and that it in general isn't responsible for what people do with their personal computers.
- It will be significantly more expensive to install the software they require, than it will be to get legal counsel to tell them to go away.
My guess is both those things are true: A nicely backed up presentation proving both those points would probably quelly our nightmares. Good luck! Post back and tell us what happened.At this point, the only leverage that they really have is fear - they're trying to intimidate you. This is what they've done to hundreds of other companies. They come in, use your "acceptance" of a software product's EULA as a hammer, and either force an audit (which, with the criminal penalties they throw at you, gets to be scarily expensive) or force you to pay upfront and forget about the audit.
:)
Yeah, some people call it legalized extortion. IANAL.
For something like this, they should really go through your university's legal department. If the legal department hasn't gotten involved yet, then get them involved now! Get some counsel. They are the folks that were hired to protect you from this sort of thing (among many others).
This sounds just like pure intimidation to me. Especially once you mentioned that the audit includes personally owned computers. If they want to audit my personal laptop, which I bring into the office sometime, they would not send the notice to my employer. They would send it to me. Like I said before, talk to a lawyer. A lawyer, not the Slashdot crowd, can give you the best advice.
--
Welcome to the land of the easily amused...
In talking to a judge friend of mine you have several choices: 1. Tell the BSA to go to hell and hope they don't have probable cause to get a search warrant. If they get one they will come back with the police and then you will have a criminal problem - this is not a likely scenario for a public institution. 2. Let the BSA in and try to deal with them as best possible - however I would have my attorney do the talking to them - most attorneys don't scare too easily. 3.Tell the BSA that you are busy and to come back in a couple of weeks. In that couple of weeks clean up your act and let them in. Personally I would tell them to go to hell and make them come back with the cops. Why? So they have to fight to get into every business. If they have to do this it will eventually stop them as it will become financially impossible for them to continue. As a public institution you have a different problem than private businesses. You have a public relations problem. I'm sure that this is what the powers that be in the university are thinking about. My problem is that the BSA thinks that they are a peace agency (police agency) and they aren't. As far as I am concerned the best solution is to not deal with the software companies that support the BSA!
That said, my only experience with software audits is with Microsoft. It was quite a galling experience because the company I worked had spent a lot of money and time insuring that only licensed software was running on the machines. After that good faith expense, the BSA comes in and demands an audit. They basically hi jack our hardware people for a week, cause no end of interruptions to the development of our product, install gods knows what on all out machines, and wreak general mayhem. If course we could have avoided the entire thing by paying the "protection" fee. They treat the customers like addicts. It like you get the drug free know, and when you are hooked, we will exact the price.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
This is my personal encounter - YMMV !
I attended a "seminar" hosted by Autodesk and M$ several years ago. At the entrance, the pretty girls were asking us to fill in info sheets, you know, like names, address, company you work for, et cetera, et cetera.
Since Autodesk and M$ were so kind to provide us with Orange Juice (Morn time, you know), I filled in the blanks.
Never would I thought that what I filled in ended up in BSA's file, and from then onwards - 6 years already - I and the company I work for, received THREATENING LETTERS, telling us that WE BETTER COUGH UP MONEY TO BUY GENUINE SOFTWARES or they will haul our butts in slammer.
Funny thing is, the Autodesk and M$ software we used (yes, USED, PAST TENSE !) were OFFICIALLY GENUINE, NON-PIRATED COPIES !
I got into troubles with my boss, since I was the one who filled in the blanks.
No matter how we tried to tell BSA that ALL OUR SOFTWARES ARE GENUINE, the threatening letters keep coming.
It got so bad that my boss decided to scrap M$ and all Autodesk softwares, and now we run Unix and NON-Autodesk softwares.
Yes, it actually cost us MORE to change our system, but at least, BSA, with Autodesk and M$, have NO MORE CLAIM ON US.
And the threatening letters still keep coming...
Talk about insanity.
And what happened above happened OUTSIDE of the good ol' U. S. of A.
Don't think you guys in the States suffer alone.
Muchas Gracias, Señor Edward Snowden !
Tortuous interference with prospective economic advantage is a crime. They have no real basis for assuming anyone has committed a criminal act and no intrinsic authority to prosecute. Contact your local prosecutor immediately and explain the situation - that your institute is in good faith compliance with copyright law, that these people are attempting to extort from you significant financial gain and that while it is your institute's expectation and intent to comply with copyright law, these people have no right to subject you to the cost burden, nor any right to access to your systems. Get the law on your side now, because if you refuse they will attempt to get a warrant with the federal marshals. Refusing access to a borderline RICO organization is not a crime. Also get some sympathetic local press coverage immediately.
7 3257 &mode=thread&tid=10.5
Information at
http://slashdot.org/article.pl?sid=02/01/15/0
Be proactive. Fight back. A good tactic might be to develop an open source policy predicated on the cost of compliance with commercial software licenses being too high since even the companies don't understand their EULAs it's just impossible to do so and therefore the university will outlaw commercial software on their network.
The BSA is funded by MS, adobe, etc. If the BSA generates net positive income, they will continue storm trooping around. If it becomes a liability to have one's names associated with the organization, the underwriters will pull their support. This is a political as well as legal battle and if you don't fight, you'll be screwed, as will the next organization.
I've always signed our company up for anti-piracy this or that, I signed us up for the MS Freedom to Innovate Network mailing list, I forward blatant "Windows 2000 for only $10!" e-mail to MS piracy police etc. etc. I've even shut down a fairly large pirate serial codes web site a while back because they were providing codes for our software. I don't read the FIN Flash e-mails I get nor do I care about the various other anti-piracy updates I get but I keep asking for them.
Our office is in San Francisco, the city most effected by the BSA's tacticts. Lots of people I know got those letters. We did not. I attribute that to the above. Just a little plain old Sun-Tzu deception goes a long way.
They are not a government organization, right?
Right. And this is why they CAN NOT just march in wherever they want, whenever they want, and do their raids. They CANNOT demand license documentation, they CANNOT install software, etc. without either a court order or police and a search warrant. I would do exactly what pitcrew suggested -- tell them to go to hell.
From the article: failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession
This, IMO, is absolute bullshit. It's like the police going through your refrigerator, making you produce receipts for every gallon of milk in there, and automatically assuming that the milk you can't account for with receipts was stolen from the local grocery store. They are assuming you to be guilty until you can prove yourself innocent. This is not the way our government works (or is supposed to work); the burden of proof is supposed to be on them, not you.
I pledge allegiance to the flag...
of the Corporate States of America...
It amazes me that no matter how many times this comes up, people still don't get it. READ the EFFEN UELA! When you accept the EULA from MS, Oracle, or whatever closed min^H^H^H source software, BSA participating company you purchase from, you agree to let the copyright holder _OR_ANY_DESIGNATED_ASSIGNEE_ come in and audit your system for license violations. And as for the idea every seems to have about simply making a quick switch to OSS, DON'T! if the BSA comes back tomorrow and can't find ANY software under their jurisdiction on ANY machine, they will assume that you blew it all away to cover up the fact that you were using it illegally. They will then want you to prove that you didn't try to destroy evidence! Trust me. I've been through this before.
This space intentionally left blank
if you don'thave any illegal or pirated software, what have you to hide?
This kind of thinking is precisely what the BSA is looking for. If you are stopped by a cop and you consent to a search of your vehicle, then anything illegal that the cop finds can be used against you, because you consented to the search. For example, say you go out of state and purchase a bottle of liquor and you put it in your trunk (out of plain view), on your way back, you get pulled over for speeding in your home state. The cop asks you to search the car, you say yes, and BAM! In addition to a speeding ticket, you are also busted for illegally importing alcoholic beverages (in many states, this is a crime). Yes, you may not have had any idea this is illegal, but you are nonetheless responsible for it because you consented to the search. Unless the cop has actual probable cause to believe you have comitted a crime (e.g., your car/license plates match the description of a vehicle used to commit a crime), they cannot forcibly search your vehicle.
Given this context, and how the BSA is strictly out to get you (whereas the cops are not), they most likely have ways of finding "illegal" things (that you did not know were illegal) and nailing you for them. The only way to prevent this is to not cooperate with them. Bring in the lawyers and make the BSA prove its case against you.
In case of fire, do not use elevator. Use water!
"BSA members represent the fastest growing industries in the world. Worldwide members include
Adobe, Apple, Autodesk, Bentley Systems, Borland, CNC Software/Mastercam, Macromedia,
Microsoft, Symantec, and Unigraphic Solutions. Additional members of BSA's Policy Council
include Compaq, Dell, Entrust, IBM, Intel, Intuit, Network Associates, Novell, and Sybase"
We got a similar letter. MS knew about us because of our purchase of O2K and Win2KSRV through an Open License Agreement. The letter wanted us to audit EVERYTHING, but after reading the EULA from most of our products, we only saw the "audit on demand" clause for stuff bought through the Open License. I talked with our rep and asked if we only had to report on the products that had the "audit on demand" clause, or if we had to audit on everything on their supplied audit sheet. I explained that a full audit in 30 days uses a lot (try all) of our IT resources, and while we audit every year, a full audit when they ask is quite an expense. I said that we would be more than happy to give them the results of our yearly audits for all software, but that from my reading of the EULAs that we had, only certain products fell under the "audit whenever you want to make us scamble for 30 days" clause. After many attempts to get an answer back from them, I just sent them a copy of all my communications with the rep, a letter explaining my view, and the audit sheet with only two of the many products filled out. We have not heard back regarding the audit, although the rep has continued to call and remind me of product launches and other promotions.
Actually, having the "authentic" CD is not enough to satisfy Microsoft. You have to have that idiot piece of paper with the holograph. You know, the one that you just threw away along with the other trash that came with the CD.
I've got a ton of original CD's, but I've never saved the trash that came with them. I never will.
You don't have to go completely open source either. Keep a few Windows PCs and Macs with the proprietary stuff and let the BSA worry about those. You can fix the bulk of the problem by converting the bulk of the machines completely to open source software; the BSA can spend as much time as they want crawling around those machines.
That would be great except that the MS site licenses for universities require you to purchase licenses for every machine on your campus, wether it runs windows or not.
People don't read the EULA because it doesn't matter wht the EULA says. If the EULA says that you have to give your first-born child to them, you click yes and don't give them your first-born child. The EULA contains a large amount of shit, most of which is illegible, much of which is illegal, and all of which is usually unenforceable. The only purpose to it is to give the BSA etc. a shred of credibilty when they demand your first-born child.
That comparison is really only valid if you licensed your pants instead of buying them.
FreeDos
Also, they absolutely CANNOT demand to install auditting software on those machines. That's theft in my book. They are forcefully taking away my cycles.
Furthermore, they can't attempt to enforce a EULA that they don't know you accepted. Until they audit they have no way of knowing that you have EULA covered software on your machines, until they know you have EULA protected software on your machines they have no right to audit those machines.
I'm the big fish in the big pond bitch.
I had some thoughts about all this while out getting lunch, and now that I've posted my idealogical rant about "innocent until proven guilty" obviously not applying in the civil world, I'll try to be, like, constructive for a moment.
First, any lawyer (and most of the posters here today) is going to tell you that it's cheaper to simply buy all new licenses (or whatever the BSA is demanding). Rifle every likely file cabinet for existing licenes, then buy the difference. Either way, you still need to do your own audit.
On the other hand, if you're at a school with a strong reputation, lots of prestige, and even more money, and if your president believes there's a moral victory worth fighting (and paying) for, then I have some thoughts that I at least find intriguing:
Of course, my initial point still stands -- do your own audit, cheaply, and simply pay for the difference. And, most importantly, build a good system (centralized database backed up with a fire-safe holding physical license papers for the whole school) to track this stuff, and re-audit every 6 months. Or even more frequently. (client-side tracking software is obviously going to be in your future....)
Good luck!
I think it is high time these damn EULAs get properly tested in court. I have a feeling they will ultimately fail the legal test. It's absurd that you "have" to read more legalese to install a piece of software than to buy a car (assuming you pay cash). It's also absurd that you can't read the legalese until you've purchased the software, opened the packge, and many times broken a stick on the internal CD sleave that reads "Breaking this sticker indicates your acceptance of the EULA"--which you see once you install the software.
Last I heard, ripping a sticker wasn't quite as legally binding as a signature.
The BSA coming charging in would be a perfect opportunity to test a EULA. Unless they come with cops and a warrant, you can tell them to take a hike even if they have a signed contract (which they don't). Tell them to get a court order. They may do that and they way try to sue you: But they'd sue you for violation of a contract, not copyright infringement. You could then argue that the EULA is invalid. Aside from the issue of whether "clicking accept" forms a contract, the EULA is invalid because no contract (in the United States) is enforceable if it abdicates a recognized right of one of the parties--in this case, unreasonable search and seizure.
You, as an adult can sign a contract that says you will never marry, that anyone can search your home and kill your sister--all three of those clauses will not be enforced by a court because they abdicate recognized rights that CANNOT be taken away by a contract. Otherwise many labor laws that protect workers would be useless since workers would just be forced to sign away their rights. You can't do it. You can't sign away your rights (well, you can, but no court will enforce them).
I think it'd be great if a BSA-initiated conflict resulted in the definitive invalidation of EULAs! :)
Their audit software is called GASP and it's not available for Non-Windows or Non-Mac users. Darn!
c .phtml
http://www.bsa.org/usa/freetools/gasp/
Check it out, they have an EULA for GASP... I guess they'll want to see the EULA for each machine they install it on too.
http://www.bsa.org/usa/freetools/gasp/gasp_
> I would do exactly what pitcrew suggested -- tell them to go to hell.
A safer strategy is to pretend you didn't hear them in the first place.
Ever send a registered letter with return receipt, and never get the return receipt? It happens, and it's because the recipient doesn't want to acknowledge the communications.
IANAL, but it seems to me, to haul you into court requires a subpoena or a summons. Those documents require a response. Others could be ignored, as long as you don't intend to do business with the source of the noise.
As a Management/IT Consultant I have performed Software audits at companies. The BSA is group of 13 software companies (Micro$oft being the biggest) that are trying to use their collective muscle to increase revenues. They use the BSA as a front to scare people into compliance. If you want to ensure compliance, which is not necessarily a bad thing, check out Attest Systems. They have the most reasonably priced software audit tools available. As a Linux Newbie, the better alternative is to go OSS.
--Eric
Knowing that a judge will make you pay for the defense in such a bullying lawsuit, can put a pretty quick stop to this type of unethical behaviour. And if you know you're clearly in the right and will likely win, it's worthwhile to float the legal fees until the buggers lose.
Love many, trust a few, do harm to none.
When a company I worked for elected to comply with the audit, they learned that proof of ownership (license) consisted of Invoices. Retail box didn't count, holographic anti-piracy certificate of ownership didn't count. Field staff purchased software put on expense account didn't count -- couldn't prove it was not actually his personal copy.
Get a good lawyer.
BTW -- we settled with a US$25,000. fine and a promise to certify each year for the next 3 years that we were still "clean."
Denise
Will manage Novell network for money.
That's fine, for your own personal use. Controlling the desktop in front of you is not all that tough for a home user. Of course, when was the last time a home user experienced a BSA audit?
Try running a corporation with over 1000 desktop PCs, with various versions of Windows, Office, Autocad, etc.
Let's distribute these PCs across 20 or so locations, including some tiny offices with no direct technical support.
Let's throw in a few oddball utilities: virus protection, PDA synchronization, media player, each with a lengthy EULA that describes rights to upgrade, transfer to another computer, sell to someone else, use on multiple computers, etc, etc. The EULA's vary from product to product and even version to version, so it's anyone's guess as to what is allowed at any given point in time.
Let's include a few power users in the mix, who occasionally purchase software and get reimbursed via the expense account.
Let's include a few dummy users who download crap from the Internet and "agree" to the installation EULA without letting anyone else know what they "agreed" to.
Now it's time to upgrade some of the PCs. Which of the pre-installed packages can be migrated to the new computers? Can we image the hard drives to facilitate the upgrade? Is a motherboard upgrade the same thing as replacing the whole box? How about a hard disk upgrade? How about a repair that isn't an upgrade at all?
Bear in mind that many corporations have an "under the radar" culture of IT purchases. Unreasonable purchasing restrictions mean you have "renegade" IT departments. In some cases, people who were unable to buy computers managed to buy spare parts and build the computers. The software gets purchased one package at a time to keep the approvals down to what the office secretary can spend on a toner cartridge. I know of at least one case where the renegade computers were part of a renegade network. It ran on Thinwire because all you needed to add the next node was a piece of coax and a T-connector. It may be stupid, but that's reality.
In modern corporate life, you have to assume a certain percentage infringing software, although nobody can tell who has it or how they got it. It's like killing cockroaches: go ahead and kill as many as you like, but it's a numbers game and the insects have the advantage. It's not like the OS or the software does anything to help.
BSA would not have such a thriving audit business if they didn't know they can walk into just about any company and find enough accidental infringement to generate the revenue it takes to feed the BSA audit machine.
Also... in about two months' time, Microsoft's new license terms will kick in - and in spite of their claims, it appears that these new licenses will be much more expensive than the old ones for many.
So, let's combine steep new licensing fees with a quasi-police force that has the power to both presume guilt unless proven innocence (when certain programs are in use) and levy heavy fines. Suddenly you have offered people a powerful incentive to move away from the software products of the BSA's sponsors. Remember when it was dangerous to use free software? Stuff like "who do I sue?" The answer is now clear: if you use proprietary software, the vendors get to sue you . Now it's more dangerous to use proprietary software - if you lose a few licenses, you might have to pay millions.
Simultaneously with the increased risks of using proprietary software, an alternative has become available! Free software is finally becoming mature enough to use seriously at the desktop. Yes, it would have been better if it was ready earlier. But KDE3 is out, GNOME2 is almost out, Open Office is usable and its few burrs will be off soon, Abiword 1.0 is out (without tables, but that shouldn't take that long to add), KOffice is out (with weak MS Office interoperability, but that will be improved quickly I'm sure), Mozilla 1.0 RC1 is out (with 1.0 soon to come out). Evolution is quite impressive (or use Mozilla's email reader). The programs can be used now, they'll have more polish before the end of 2002, and they'll be quite nice by mid-2003. I particularly like the cross-platform applications, because they make it easier for organizations to "phase in" the replacements. Someone using Mozilla and Open Office on Windows will find it much easier to switch to GNU/Linux or FreeBSD.
No, this is NOT enough to replace proprietary systems everywhere; there are many specialized applications that will require Windows, etc. But it will be much easier to show compliance when there are fewer of those machines.
Of course, this could all be a last gasp. Perhaps Microsoft expects everyone to switch from their products soon, and wants to try to extract as much money as possible while their competitors complete their maturing. Perhaps they expect that in mid-2003 organizations will begin switching quickly, and they want to sell (or re-sell) as much as they can before the alternatives are ready. I doubt they expect to really lose the market, but they certainly want to saturate the market to make it harder for anyone else to enter it.
I would say that "site-wide" licenses for Microsoft's products by companies (as they're usually written), and similar licenses effectively preventing Linux pre-installs by PC manufacturers, should be summarily ruled as illegal. These licenses fundamentally discriminate against competitors, because Microsoft gets money even when a customer chooses to use a competitor in a particular circumstance. IBM originally only leased their computers, instead of selling them, as a way of preventing customers from practically switching to a competitor, and that was ruled illegal. The same should be true for any contract that, when widely applied, prevents competition. Without these competition-preventing contracts, Free Software would probably spread much faster. But if customers continue to be treated as the enemy, they may consider alternatives far more seriously.
- David A. Wheeler (see my Secure Programming HOWTO)
You do in Texas!
Be very careful there, indeed...
0 1 - just my two bits
They are assuming you to be guilty until you can prove yourself innocent.
This is actually almost correct... the 'burden of proof' as they say, is not that the plaintif must show beyond "Reasonable Doubt" as we often see in capital cases.
Actually they still have a type of 'burden of proof', they must prove a "Proponderence of the Evidence" is against the defendant.
This means that even if they can't prove that they have done it in the case, the plaintiff can show that it is plausible that the defendant did it. But, the instructions the jury recieves are based on motions filed with the judge by presiding counsel.
Vital Idea
The hinges on laptops(and LCDs?) make a great coupling device. Basically, its still broadcasting whats on the monitor in a form which can be picked up by an (distant)aerial and displayed. I've actually seen this demonstrated (lecture, Cambridge, UK), so don't rely on using a laptop to stop that sort of thing. LCD monitors might be affected as well, I'm not sure...