Slashdot Mirror
Shakedown: How the Business Software Alliance Operates
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
If you want others to respect the license of your software, please at least respect other's software licenses...
Some big organization needs to do this in response to a BSA audit request.
Why should an organization be peanalized for personally owned computers? Yes, IT can set rules and what not but how many users actually follow IT rules?
Note to self, don't bring laptop to work if company is being audited by gestapo...err, BSA.
I would suggest that you 'lawyer up'.
You absolutely need your legal counsel involved in this. An IT department is generally unsuited to handle these type of business/legal affairs.
By sucking in the legal folks you turn it from an IT problem to a 'university as a whole' problem.
Do not let them strong arm you into anything. Play hardball. Tell them you are doing an internal review that could take months.
Remember, they will be very reluctant to force the issue into a courtroom. It is very bad PR for them to take an impoverished college to court. A jury would be filled with people who all have 'unlicensed' software on their home PCs.
But in the end, you will have to make a reasonable effort to be in compliance and generally pay for the software you use. That, my friend, will be unavoidable. Unless, you switch IT platforms to a free or close-to-free software environment.
Good luck.
nuclear iraq bioweapon encryption cocaine korea terrorist
If you have a company who is grossly out of whack with licenses, they will grant you a "grace period". Kind of nice to know that not everybody is out to screw you.
Just my $.02
The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist...
:p
Seriously, why hasn't someone taken up these bozos on racketeering charges or something? And if your answer is that the bozos bought the government and it's too late, don't bother posting... Every story I hear about the BSA, including their own commercials sounds like something out of a gangster movie.
Bleh. More IP doom stories. What a waste of time.
--- this comment is presented in WIDE SCREEN STEREO!!!
That's called barratry and it's actually illegal: If you threaten groundless legal action to blackmail or intimidate, you are abusing the legal system in an unsavoury way and I believe in most Western nations you can face criminal or civil punishment.
[the obligitory IANAL here]
we did some research here at our company. my CEO and i were discussing it (i'm the CTO), and he told me he had done some leg work on the subject when the BSA first started their "scare tactic" TV/radio campaign.
the BSA is a software reseller. they have NO LEGAL AUTHORITY. they are not the "Software Police". they can't come to you and demand anything. you have to (stupidly, actually) ask them to come and perform an audit. then, when they find non-compliance, they offer to sell the company the licenses at a "special price".
they're vampiric...if you don't invite them in, they have no power.
of course, now that the ball has started rolling, they can probably bring some legal action. i'm not sure what legal recourse the SPA has (for example). subpoenas/warrants/etc, possibly. i imagine that there is a goverment agency to which they can appeal for such. and the BSA only has to pick up the batphone to them to start the ball rolling.
i know that doesn't help now, since they've already gotten a foot in the door. but it may help others.
Quidquid latine dictum sit, altum sonatur.
Welcome to hell, ergo98. It's time for a reality check.
1) The U.S. government is currently controlled by decidedly conservative people with big-business connections. These people are not inclined to prosecute the BSA.
2) It costs lots of money and lots of time to sue an organization composed of some of the largest software companies in the world. You will run out of money and die long before you become even a tiny irritation to them.
There's a name for this and it's called extortion. Here's how it works. I am the extorter and you are the extortee. I come up to you and say, "A little birdie told me that you are/have performed xxx criminal act. If you don't pay me off, I'll tattle on you." Note: Even if even you do pay me, you still have committed a criminal offense. Paying the extorter cannot change that. If they have legitimate knowledge that you are committing a criminal offense, taking hush money is a crime.
The BSA uses the same tactics. They allege that if you don't comply, you'll be busted. However, they're not acting on behalf of the government. In fact, with only the evidence of "I got an anonymous tip," they shouldn't be able to get a Judge to sign off on a search warrant. After all, for them to get a search warrent, the cops need to have probable cause. I don't see how a third party, who has an anonymous tip from some other third party is probable (it's heresay). Without a search warrant, there's no phyiscal evidence of criminal conduct.
In short, consult your legal professional. Don't forget that you can sue them, too.
As others have mentioned most of it is all in the EULA. While I don't necessesarily agree with their practices, if your school/company/home decides to use proprietary software, you have an ethical obligation to meet the licensing requirements imposed by those companies.
The other route to go is to use open/free software without such restrictions. Yet still as a corporation/school, it would be foolish to abandon auditing/inventorying your machines. It makes good business sense. If you can show that you have x computers that were orginally purchased for x dollars and are now worth x dollars, this is valuable information to the accountants who can see this as a company asset. If you chose proprietary software, a good audit will show the amount of money that can reported as total computer assets. If you choose free software, you still see the computers as an asset, however, you can show the cost savings of using free software over proprietary software.
Again whatever software you use, you should respect the licensing that comes with it, whether it be Microsoft's or the GPL.
People here keep saying "hope they don't have probably cause to get a search warrant.."
THEY CAN'T GET ONE, THEY AREN'T LAW ENFORCEMENT!
Stop treating these loser like they have power, they have no more power than you or I...
Caveat: IANAL.
As far as I know, they have no grounds to force you to do ANYTHING unless you have signed a bulk-license or site-license agreement. Those agreements generally give you access to the software for a lot less money, but in return you give up all protection against 'unreasonable search' -- part of the agreement you sign allows them to inspect your systems to make sure you are in compliance.
If you bought your software through normal distribution channels, chances are very good you can tell them to pike off. As far as I know, a click-wrap license DOES NOT allow a search, because they can't know whether you agreed to the license without searching you first. It's only when you signed another agreement, which they have on file, that they have you over a barrel.
I will add my voice to the many others here telling you to get the lawyers involved. The BSA plays serious hardball. These people survive and can continue to exist only by extracting large sums of cash from your organization, and will use any tactic required.
They are not your friends. They are active enemies and you should treat them as such.
As I understand it, this is a civil case, not a criminal one. The whole "innocent until proven guilty" doesn't apply here, nor do they need to prove their case beyond a "reasonable doubt". Just convince the judge/jury that you probably didin't have a license for that software.
Your reasoning is just impeccable...
:)
First, haggles over license increase the total cost of ownership for commercial software, which makes free (as in speech) software more attractive.
Supporting free software doesn't mean that you need to support the harassment of those that use commercial software. In many cases, they may have no choice but to use commercial software. Perhaps that what the bosses want or no free alternative exists. Sign the praises of free software all you want, but don't cheer for these mafioso tactics.
I used them to shut down a competing software retail store once. The place was selling Microsoft OEM software off the shelf. A call each to the BSA and to Microsofts Piracy line and the place was out of business in 4 months.
And you also like them because they bullied your competition? What about when one of your competitors send the BSA to audit you? Even if you're completely legal, you'll spend a good deal of time and money to prove this.
So your basic reasoning is that this is all a good thing because it's happening to people you don't care about. Who rated this so highly anyway?
ich muß mehr Kuhglocke haben
To all those who think the parent is a bad person forturning the competitor. NO, this is exactly what the BSA SHOULD be doing, busting professional pirates, because anyone selling OEM liscensed software on retail shelfs is exactly that. OEM liscensing is a volume discount/ get em hooked pricing model, it is not meant to be bought off of retail shelves, when you get an OEM liscensed copy you are supposed to get all support from the company selling the software, not the authors, but people who buy OEM copies retail do not realize this and call the support line of the authors, not the now out of business fly by night shop they bought the software from!
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
The way to deal with bullies is to go on the offensive. Sue back. Perhaps the most promising avenue in that direction would be to sue the BSA consituents for distributing software they know is insecure, yet laid claims to it being secure. There's a hundred years of rulings on health claims for food and other consumables that show that you're not allowed to claim something is healthful, even if you later state in fine print that it isn't. Those should make some good precedents. Be sure to quote the security specialist from Microsoft who quit recently and publicly sounded off that he couldn't understand why Microsoft still has buffer-overflow vulnerabilities. You might be able to use the precedent from some of the automotive cases in which manufacturers were proved to have released faulty products. If it can be shown that Microsoft knowingly releases a faulty product, you could turn the tables. Another point to bring up could be that Windows allows pretty much anybody with a floppy disk to install software. To me, that's faulty. Drum it into the head of everyone who will listen that insecure software opened you to unauthorized software installations.
Next, claim that the insecure software violates the DMCA by assisting in the distribution of copyrighted material... I'm sure you can find one installation of Back Orifice on your campus to back up your claim. Sound ridiculous? It's not as ridiculous as having to submit to warrantless search.
Be sure not to go on the offensive against law enforcement... on the contrary, get law enforcement angry at the BSA for wasting their time hurting the sweet little local colleges. Make sure everyone is clear that the agents could have been out fighting drug dealers. That sort of tactic worked for the tobacco lobby who convinced the California legislature that it was a waste of taxpayer money to run anti-smoking ads when the money could be put towards birth-defect research. There's always something more worthy out there.
Lobby your congresspeople. If applicable, mention that the people who would profit from the search are from out of state. Remember, pork runs congress, and it's not pork if it gets diverted out of your congressperson's district. You may win this through lobbying.
They're not being nice to you, don't be nice to them.
Miko O'Sullivan
It will not "become financially impossible for them to continue" because if they find a single instance of a single product that you can't produce a license for they make you pay their legal fees or pony up the $$ (at a severe markup) for the license. This isn't even about having an illegal copy, even. This is about being able to produce the physical piece of shiny holographic paper with the word 'license' on it. Failure to do so will result in you funding their next attack.
This space intentionally left blank
(* This is who the BSA *really* is: [big software companies] *)
Try this: Tell them you will go on a mad OSS campaign if they don't go away. Show them a proposal to spend X amount of money on OSS advertising and promotion around the campus and elsewhere.
Show them a draft of an article about BSA thuggery and why it is now time for OSS that you plan to publish.
When they send in a representative, have a bunch of Penguins, OSS posters, and Red Hat boxes around your office. Give them a free Penguin T-shirt on their way out.
Table-ized A.I.
>I have seen cases where the BSA isn't satisfied with responses and comes back with Federal agents (yes, guys armed with subpoenas and guns.)
...
> Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
If you're remotely close to satisfying (a) and (b), find a lawyer who can say the word "racketeering."
Treble damages.
Has anyone ever thought to try and get a Grand Jury investigation against the BSA under the RICO statute?
Wanted: One witty yet thought provoking
"I'm a faculty member at a public university which the Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private)."
Tell them the guy who invited them in wasn't authorized to do so. They'll just have to resubmit their request. "Please send it in triplicate and don't forget to include return postage. Also, please include a detailed description of what this so-called 'explanation' involves, and while you're at it, a description of previously achieved benefits of this kind of 'explanation' would be appreciated. We can't waste our time watching another silly dog and pony show."
Briefly, you need to take back control of your gameboard and, for god's sake, man, stop acting like a kid who has been caught with his hand in the cookie jar. They're trying to sucker you. They seem to think that you're a bunch of ivory tower intellectuals (possibly true) who don't have enough real world experience to realize it. From what I can tell from the incomplete description of the original mailing, it was deceptive at least and a bold-faced lie at most. These characters know this. They are banking on what all school-yard bullies bank on--you don't have the balls to call them. Beyond this, do not talk to them. They do not have your interests nor the interests of any other educational institution at heart. They are a bunch of greedy bastards with the morals of a mafia don. Treat them as such.
If they want to make jackasses of themselves, let them sue a public educational institution. These are the same guys who give away free computers to school kids to make themselves look good. Maybe they *are* that stupid. I doubt it.
Hic iacet Arthurus, rex quondam rexque futurus.
You are a dipshit and have obviously never worked in a large scale IT department.
By gum, I sure do hope I didn't offend anyone! It would be so utterly un-politically correct to exaggerate a little in making a point.
No you cretin, it has more to do with the fact that the nazi comparison is
so
utterly
treadworn
That it has no coinage any more. Every god damned thing you don't agree with, well just shout "Nazi". The quips about other folks who got massacred had more to do with the idea that yes Virginia, there really are people who get systematically killed in this world who don't give two shits about software licensing.
Get some perspective. Jesus.
I've finally had it: until slashdot gets article moderation, I am not coming back.
In this case, 'public institution' == state funded + grants
It all works out to the same thing though. As anyone can attest that's worked for the state, or a state-funded school, that translates to "never enough money to do anything correctly"
There probably was an oppurtunity to fight back there, but the bottom line was the bottom dollar. When it comes down to it, the governance committee (or exec. board if you prefer) always goes for the lowest risk with the smallest check. This holds true in any mid-size to mega-corp business. Ideology rarely figures into it.
..cage goes into salsa. Shark's in the salsa. Our shark.
OK, mostly true. Here's something to consider, though.
You're a university. You have 30,000 undergrad students, faculty, staff, grad students, post-docs, etc., etc., etc.. There is, on average, one PC for every three people (just to pull a number out of a hat--it's probably more) on campus, and most of the individuals with their own machines (or even without!) have the ability to install software locally.
Are you going to guarantee me that every single copy of every single commercial software package on every one of those 10-15 THOUSAND computers is properly licensed? If a machine with Office95 has a hard drive blow up, are you sure that Office98 didn't get installed? Are you willing to gamble a few hundred thousand dollars on it, and incur an invasive three-month search to win that gamble?
While proper licensing for software is unquestionably a legal (and moral) necessity, it doesn't excuse the BSA's behaviour. They're thugs, plain and simple.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I'm sorry to inform you that, while you have some rights in theory, in practice none of them will do you any good, and for all intents and purposes, you are, and have been from the moment you first installed commercial software, the BSA's ass toy.
All the frightened whining and speculation aside, it comes down to this; if you don't do what they demand, they'll sue you, and you can't afford the kind of sueing they can dish out. Not by a long shot. Don't be too comforted by any supposed "relucance" on the part of the BSA to test their authority in court. That authority has already been tested quite adequately by others. Not that your college administrators (one of the more notoriously spineless subspecies of human beings) would even consider standing up to them.
No, my friend, what you have here is an example of the real cost of commercial software. It's part of why Richard Stallman is so incoherenly pissed off all the time. When you chose to use Windows instead of Linux, and Word instead of Emacs, you chose wrong. And this is just one of the many, many very good reasons why.
-David
We're on the road to Tycho.
bad example: the landlord owns the property and can kick people off it. Why not just tell the BSA that unless they show up with a warrant, to fuck^H^H^H^Hleave.
There's no requirement to allow people to even look at your machine, never mind what may or may not be on it. And wouldn't auditing software, by decoding bytes that sit on your hard drive, be illegal under the DMCA? (Finally, a use for the damn thing).
Here's my understanding of how this works: they *don't* threaten to walk into your office. They simply say this: "Show us that all your software is legitimate. If you don't, that indicates you have something to hide. In that case, we pass your name onto the companies we represent and they may investigate you." You can't "own" software anymore - you can only rent it - that's a reality of all the EULA's you find nowadays. The people you rent it from have the right to take you to court if you're using their property without paying for it. All the BSA does is act like the thugs they are and harrass you, and if you resist or put up a stink, they pass your name on to the people that pay their bills, the software manufacturers. I think it stinks, make no mistake, but my understanding of this is that this is the equivalent of a private citizen saying to you "That white powder you're carrying looks like cocaine. Prove to me it's just flour, or I'm calling a cop." You don't have a leg to stand on if it's cocaine, because you're breaking the law. They're not blackmailing you because they aren't taking anything from you. If it is flour, you can still refuse to cooperate, and the cops will do nothing - you go on your way. The only difference in my analogy is that it is a criminal offence - the BSA deals in legal contracts. Pathetic, but unfortunately legal.
Big difference. The house demonstrably belongs to the landlord. This is easily demonstrated to the police. All I have to do is show my copy of the contract to the police and I am fine.
But Microsoft, Sun, Apple, Sybase, IBM and all the rest have no way of demonstrating to the police that I actually hold any of their properties within my residence. They must first demonstrate reasonable evidence that I have their stuff in an illegal format before they can obtain a search warrant. And that search warrant must specifically (unless they are the US Treasury Department) list exactly what they are searching for.
Just as a landlord can't randomly pick a house and say, I think that's one of my properties, officer, go evict the residents, Microsoft can't randomly pick a person and say "He looks like a Windows user, go search his residence."