Slashdot Mirror


Shakedown: How the Business Software Alliance Operates

An anonymous source writes: "I'm a faculty member at a public university which the Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.

The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:

  • auditing software *will* be installed on every campus machine;
  • the license for every program, on every machine, must be produced upon demand;
  • failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
  • and this includes computers *personally* owned by faculty."

18 of 842 comments (clear)

  1. Legality in doing this? by morhoj · · Score: 4, Interesting

    Perhaps I'm not 100% informed in what the BSA does, but how can they just march in and start installing software and demanding licensing documentation? They are not a government organization, right? It looks like they operate Internationally, so where do they get their jurisdiction to start making demands?

    1. Re:Legality in doing this? by bstrahm · · Score: 5, Interesting

      That is very simple... The legal system. I am a private organization/person. I want you to do something - I simply say Do it, or I will get a court to make you do it, and by the way it will cost you a lot of money cause you will have to pay your lawyers, my lawyers, and the damages

      If you aren't breaking any licencing agreements, it just costs money to fight... But much like speeding - No large organization is perfect and someone, somewhere, will have some software that the licensing documentation isn't perfect on... The BSA is willing to bet for that (So you have to pay their legal bills, discovery, etc) are you willing to bet against it ???

    2. Re:Legality in doing this? by sphealey · · Score: 5, Interesting
      That's called barratry [dictionary.com] and it's actually illegal: If you threaten groundless legal action to blackmail or intimidate, you are abusing the legal system in an unsavoury way and I believe in most Western nations you can face criminal or civil punishment.
      In theory, yes.

      In practice, if such laws were enforced, the amount of work for lawyers and judges to do would drop drastically, and the money earned by lawyers would also go down.

      Laywers (including prosecuting attorneys) and judges decide whether or not barratry cases will be allowed. Do you spot a small conflict of interest? How do you think it will be resolved?

      sPh

    3. Re:Legality in doing this? by nolife · · Score: 5, Interesting

      Can you point to a specific EULA that includes text of this nature? I can not find one. I am interested in how this is worded. I searched Microsoft with Google and MS's own internal search engine and can not find an EULA posted online. I found a eula.txt in the system32 directory on my 2000 machine at work and it mentions nothing about allowing an audit.

      General points to ponder...
      I just walked through the entire process of buying WinXP from shop.microsoft.com and NO WHERE was I given a chance, a link, or even a hint of an EULA that I would be binding too when I open the software. How could they not include this license in the buying process? There is no excuse for not making this a part of the purchasing process.

      Microsoft statements about "piracy" and license agreements

      What is the minimum amount of documentation I should keep to prove my software products are legally licensed?
      All legally licensed Microsoft products should contain an End-User License Agreement (EULA), which is your primary proof that you own a legally acquired product. However, it is also recommended that you keep the original user's manual (or at least the cover and first page of the manual), the product disks, the Certificate of Authenticity, and your purchase receipt.


      This EULA they speak of, is this a hardcopy of some sort? That seems to be all that they require. What is with the should and recommended? Sounds shaky to me.

      --
      Bad boys rape our young girls but Violet gives willingly.
  2. Beware by dreamchaser · · Score: 5, Interesting

    Once the BSA has its sights set on an organization, then that organization had better have either the licenses or the money to pony up FAST to buy them. I have seen cases where the BSA isn't satisfied with responses and comes back with Federal agents (yes, guys armed with subpoenas and guns.)

    If you are reasonably sure that your licensing is OK, then you could probably stave them off. It would be a unique Uni that licenses all of the software being used though, based on my experiences.

    Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.

  3. My two peeves here: by dschuetz · · Score: 5, Interesting
    • failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
    • and this includes computers *personally* owned by faculty

    I'll hit the second one first. If the personally-owned computers are on the network, they're close, maybe, to being able to audit those. Maybe. But that's really grey. I know I, for one, wouldn't let them on, and if they came into my office and said "let me look on that machine," I'd simply disconnect it and say "no."

    For the first one, though, I have a much bigger problem. Can anyone cite any other [industry / realm / product space] where one is required to retain all receipts in order to prove ownership? I don't need a receipt to show that I own the shirt I'm wearing. If someone wants to accuse me of stealing it, show some evidence. I don't need a receipt to verify that I own the couch in my living room -- if someone thinks I stole it from my neighbor, fine, prove it. So, why on earth do I need a receipt for software?

    I can understand the technical complications that are entailed here -- like when you've got 1 CD for 100 machines. But the legal issues are what I'm more curious about. In no other situation am I, essentially, guilty until proven innocent.

    Does anyone know if anyone's fought the software industry on those terms? You can't prove I stole it, so go away. Seems like it should work, but then again, maybe I'm being idealistic.

    (Okay, I thought of two examples -- cars and real estate. But those are tracked for me by the government, and if I lose a copy of my title they can send me a new one, for a modest fee.)
  4. Re:single vendor? by dstone · · Score: 4, Interesting

    if you are sure you are not using lots of pirated software... then you'll be fine... just give them the info you have...

    Whoa! Isn't that like submitting to being searched by John Doe at the side of the road just because you're certain you have nothing to hide from him? Please, please, please heed every else's advice here and stock up on some copyright/software/IT lawyers. Repeat after me, "the BSA is a private interest group", "the BSA is not an elected or state-imposed authority", etc...

  5. BSA: All Bark and No Bite BSA: All Bark and No Bit by osOpinion.com · · Score: 4, Interesting
    I actually tried to send the BSA after my old employer screwed me over.

    Despite the radio and television commercials suggesting that he'd get fined up the ying yang, nothing happened. I have since concluded that the BSA is all bark and no bite. Here is my story.

    --
    I'm pink therefore I'm Spam
  6. Not BSA necessarily, but like it.. by salsashrk · · Score: 5, Interesting

    When I worked as a SysAdmin for our local University, we received a letter from Microsoft that basically amounted to the same thing. "We're coming, we're auditing, be ready"

    Now, we were mostly in compliance as far as we knew due to our large per-seat volume licensing through dynamic pooling, but we were pretty sure that we'd come up short in the end. Given that we weren't running any auditing software on the PCs it was difficult to impossible to know what was on every machine. So we called Microsoft and told them we needed time. They agreed to grant us two months, but then went on to specify exactly what software we were to use to perform the audting. We replied that we were going to choose our own that was less expensive, but were told that we must use this particular software, because they knew it to be honest and compatible with Access. (Like that should make a shit bit of difference) In the end we just bent over and took it rather than deal with the auditors showing up, and purchased this lame auditing software. It had to be deployed manually from machine to machine. Almost 2000 computers later, we had our audit. We wound up ponying up some pretty serious bucks for our machines. It slaughtered our entire budget for the next three quarters.

    Point is: Microsoft probably didn't have the right to just announce that they were coming, but we knew that, as a public institution, we couldn't afford the battle to fight.

    No one ever totaled up how much money we lost on that piece-of-shit software and in man-hours for manual deployment, but if you add it to the big fat check we wrote in the end to keep Microsoft off our campus, it was a hell of a lot of wasted grant money intended for student use.

    You can pontificate for days on replacing Windows with *nix, or killing Office for StarOffice. God knows I went to the shared governance committee more than once trying to get them to see the light. In the end, however, everyone winds up signing a fat-check.
    Cynical perhaps, but a truism all the same

    --
    ..cage goes into salsa. Shark's in the salsa. Our shark.
  7. Re:The BSA isn't all bad by Anonymous Coward · · Score: 4, Interesting

    Everyone else replying to this called the guy a scumbag and wished him a similar fate. I would like to know something though. Just to be sure I understand this correctly isn't OEM software all marked clearly with something along the lines of "Not for resale" or "not to be sold seperatly"?

    If that's the case and I am correct in my understanding (Being right up front I might very well be mistaken) then wouldn't his competitor in all likelyhood be selling OEM copies of this software far cheaper than he could sell retail versions? Following then what's the real problem with busting someone who is undercutting you by doing something outside the lines?

    Personally I think the guy creatively used the system to smack down an unethical competitor to his own advantage assuming all of this was true of course. The other guy was trying to work the angle and got caught. Tough shit.

    I just can't find anything wrong with that.

  8. Re:Go open source by Fiver-rah · · Score: 5, Interesting
    Your point is taken in terms of people running Photoshop/CAD software/etc. Since a university has an obligation to train people to use commercial software, unfortunately, it may not be avoidable. But as a member of a theoretical chemistry research group which runs only Linux, I want to gripe about your Chemistry comments.

    Most of the major Chemistry commercial software out there is available to run under Linux. Sure, it ain't free. But it doesn't imply you have to run Windows to use it.

    *Gaussian runs under Linux (although they are pretty draconian about licensing in their own rights).
    *QChem runs under Linux (hell, Martin Head-Gordon's research group only has one Windows box, and they only use it for the occasional PowerPoint presentation).
    *CHARMM runs under Linux.

    Furthermore most of the major commercial chemistry packages don't contract out with the BSA. Most of the people I know in theoretical chemistry don't run Windows. Why? Because if your jobs take months to run, you sure as hell don't want an uptime that is order days. Sure, you can't go totally open source (yet). But you can evade the juggernaut.

    And for reference purposes, the next generation of theoretical chemists is pretty geek-happy. Give us another twenty years, and I'm sure you'll start seeing GPLed versions of molecular modeling programs. Hey, I'd consider doing it. The point of all this is that you *can* do things in stages. You can run whatever commercial software you want, scientifically, under Linux. And it's only going to get better. Why? Well, I know people who have license credits on Gaussian/QChem. And you know where they get their thrills? It sure ain't from the royalty check. It's from the fact that *everyone* who uses their software cites them in their articles. Citations are power in the academic world. Money is nothing.

    --
    Read Bujold. Free (as in
  9. Re:EULAs by Arandir · · Score: 5, Interesting

    If licenses are really contracts (like everyone from RMS to Bill Gates say they are), then why do they need to see them? It would be like your landlord demanding to see your rental agreement, or your insurance agent going all nasty on you and demanding to see your insurance policy.

    If it's a legally valid contract, then the manufacturer will already have a copy of the license and already possess proof of your assent. It seems to me that if they even have to ask to see the license, then it can't be contract.

    p.s. Can you be in breach of contract for not agreeing to the contract?

    --
    A Government Is a Body of People, Usually Notably Ungoverned
  10. No business in law enforcement. by interstellar_donkey · · Score: 4, Interesting

    I go to great pains to make sure all the software on all of my companies computer is legal, and paid for. And, if a law enforcement agency had somehow gotten a suspicious that we were breaking the law, I would have no problem cooporating with them.

    But the BSA is not law enforcement. It bugs the heck out of me that they can do what they do. If they sent us a letter, the first thing I'd do is write up a proposal with an estimate of hours billing rate for them to sign before we would do business with them, another private business.

    Granted, we are not a big company, they would probably ignore my proposal, and we don't have the money or the resources to fight them in court, so chances are I'd end up having to comply. But it really chaps my hide that a private orginization, with no real authority, can go around enforcing the law.

    What somebody really should do is start an orginzation called 'Citizens for a drug free workplace', contact the BSA, and say that there is quite a bit of suspicion that BSA executives are in possession of, and regular uses of crack. You have one month to get off the crack, because then we're going into your offices, disrupting your business, and piss testing every one of your employees. While we have no legal right to do this, we're going to do it anyways or you're going down.

    --
    The Internet is generally stupid
  11. Groundless?? by sterno · · Score: 5, Interesting

    If it were completely groundless, then yes it would be illegal. The problem here is that in these situations, there's no way for the university to 100% license everything they use. Even if they make a concerted best try effort to license everything a few licenses will slip through the cracks. The university knows this, the BSA knows this, and that is why the BSA, to the best of my knowledge, has never been challenged when these audits come up.

    Let's say on your entire campus, one license is not valid. If the BSA comes knocking at your door, you face a relatively minor penalty for that license, but then you have to pay for your legal counsel, their legal counsel, damages, the auditors, etc. The BSA knows this, and they use it to their advantage.

    Now, keep in mind here that they are suggesting a product is not legally licensed if you don't have the paperwork to proove it. Therefor, if you aren't totally pristine in keeping track of the licenses for all your software that is, in fact, 100% legitimate, you can still get screwed by the BSA. Although I do wonder how well that would stand up in court, that is, unless the BSA can proove those copies are pirated, is simply not being able to proove them legitimate enough to get you into hotwater. I'm sure their license provisions make certain statements about this, but I don't know if they would stand up in court.

    What it boils down to is that the BSA takes advatange of our legal system to extort businesses and it's about time that something was done to put an end to this. For example, I would propose that any organization that licenses software for more than say 50 computers, they should have certain protections from this sort of action. I would suggest the following protections:

    1) Provide protection for good faith effort. If your company makes a good faith effort to license your software (at least say 80% of the value of the software is legitimately licensed), then all you can be held accountable for is the cost of licenses at retail price. No damages, no attorneys fees, no auditing fees. It would still cost you the attorneys fees to fend it off, but at least the expense would be clear and reasonable. If you have more than 90% compliance, then your legal fees would be covered by the suing party (though you'd still have to pay for the licenses). Thus, there's a strong disincentive to go after an organization that's not blatantly violating the law.

    2) Receipts or other proof of software purchase should be considered valid proof of legal license. If you buy a thousand copies of a piece of software, you shouldn't have to keep track of a thousand pieces of paper. It would be impossible to proove that a piece of software is pirated, so it makes sense for the purchaser to be required to demonstrate ownership in court, but the burden of what needs to be proven should be much more reasonable.

    --
    This sig has been temporarily disconnected or is no longer in service
  12. Re:EULAs by Kwil · · Score: 5, Interesting

    Interesting idea for a EULA case..

    Ask the IP holder to produce the EULA that you specifically agreed to. Request proof that it was you/your institution that accepted the EULA, and not the OEM, shipper, independant IT person who installed the software, etc..

    Not only can they not prove who exactly accepted the EULA, they can't even prove the EULA was presented in the first place.

    "No your honour. Nothing that said click to proceed came up on my screen. Could be a bug in this copy of their software I guess, I dunno, I didn't make it."

    --

    That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze

  13. Chump Change? No wonder the BSA ignored you. by nlindstrom · · Score: 5, Interesting

    An awful lot of people are either complaining about how the BSA ignored their past employers for violations, or how the BSA went after them for "lots of money." Bah. Wait until you hear my story.

    I work as a Sr. UNIX Administrator for a very large (Fortune 100) company that shall remain nameless for all the obvious reasons. I plan to leave soon, just as quickly as I settle upon a new opportunity in this less-than optimal job market.

    Microsoft is currently auditing us. Granted, that is not what Microsoft or we are calling it; rather, Microsoft is "helping us to determine our licensing needs" but that is just a sugary title for what is really going on.

    What is really going on is this: this company has long made an unofficial policy of pirating software. Factual, verified (by me) examples include:

    * A single MSDN subscription CD of Office 2000 being installed on virtually every PC in a particular department (over one hundred machines)
    * Remote sites throughout the United States being sent CD-R copies of software such as Microsoft Project and being told that it is OK to deploy it on all their PCs
    * Numerous Windows Terminal Servers being setup for use by Sun workstation clients, each running Office, Project, and Visio - with at best only a handful (read: less than five) of licenses apiece, with no CALs at all - and definitely not enough licenses to cover the 300+ workstations that use them
    * Mass upgrades of PCs from Windows 9x to Windows 2000, with nary a license in sight
    * Another department, supposedly responsible for license compliance documentation, cannot now seem to lay their hands on any more than a third of the licenses that supposedly exist - thus leading to a deficit of more than 2,000 unlicensed copies of Office, Project, Visio, and Acrobat.

    In my department alone, which is one of the smaller ones at this company, I estimated that we are looking at an easy $400,000 to "true up." Nevertheless, the departments are busy engaged in a finger-pointing battle, each blaming responsibility for license compliance on someone else. Upper management has completely ignored the issue, and as the deadline of July 31 draws ever closer, it is becoming rapidly apparent that this debacle may prove of truly colossal proportions.

  14. Copyright Awareness Week by mlc · · Score: 4, Interesting
  15. How the cable company catches tappers by SonOfFlubber · · Score: 4, Interesting

    "Does anyone know if this works?"

    Yes - but the cable company does not drive around the neighborhood with some kind of scanner. They use an instrument called a Time-Domain Reflectrometer to do a thing called, not suprisingly, Time-Domain Reflectrometry.

    How it works is somewhat like this - the TDR instrument must be connected to the cable line feed end. The instrument launches an electrical pulse over the cable then listens for 'echoes' - kind of like a radar. If it hits a tap in the line, hits a load, or hits an open (unconnected) cable, an echo is produced which is detected by the unit. They can measure the echos and see how many feet down the line is the tap.

    "Do they actually do this?" Yes again, but it is not as easy as they would like you to believe.
    Theoretically, this instrument can detect almost anything that is attached to the cable. In practice, it is a lot harder to catch tappers since the technician doing TDR on the line must distinguish between what is supposed to be on the lines and what is not. He almost has to 'map' the reflections and then come back later and see if the TDR 'profile' has changed to detect a tapper.

    TDR is blocked by the line amplifiers they use to boost the signal on the cable lines. It has been almost 20 years since I did any work on cable systems, but at that time it was a real pain to shimmy up a pole, undo the cable from the amplifier and then run the TDR. This disrupted the service for the customers on the branch we were testing, and most of the 'tappers' we caught were in reality people whose cables became disconnected from the set-top boxes or got cut while digging in the garden. They all did not know why their reception suddenly became so poor!!

    In the end we limited TDR to analyzing lines that had signal problems, and we generally depended on disgruntled neighbors to find people stealing signal. The TDR could help us find taps, but in a couple cases the tappers were real smart and used a high impedance amplifier piggybacked on our line, which would not show up on TDR. This approach does not produce a nice clean signal one would get from a properly split and terminated cable, but it got the job done.

    There was talk of some super TDR system that could be run on the whole system from the head end, but I have not seen or heard of one in use. Remember I am describing the state of the art circa 1982, and much has surely changed, so that doesn't mean it doesn't exist.

    As for vans driving around picking up signals - the last I heard of such a thing was from the late '70s when HBO was broadcast over microwave, and various small cable companies and hotels would pick up the signal and distribute it over their systems. One could get downconverter kits and plans to make a box that would let you pick up HBO without a subscription. The box you could mount on your antenna mast had a local oscillator that produced a signal that would downconvert the HBO microwave signal to channel 2 VHF.

    The trucks had radio direction finders that homed in on the local oscillator frequency from the downconverter boxes. I had a friend who had one set up and he actually got caught, and received a summons in the mail to appear in court.

    He actually showed up in court without an attorney. He was asked to verify where he lived and evidence was produced against him that a certain frequency was radiating from his property, one which could be used to illegaly downconvert HBO. My friend got his turn to testify and much to the suprise of the prosecuting attorney, he produced an Extra class ham radio license. He then submitted a page from the ARRL Handbook showing the RF spectrum priveleges given to different classes of Amateur licenses. The frequency in question was in the broadcast privileges for his class of license! He then said that in this case the evidence against him was circumstantial. He admitted that he was "performing experiments in those range of frequencies" and went on to add that he was soon going to broadcast regularly at that frequency.
    Case dismissed.