Slashdot Mirror
Shakedown: How the Business Software Alliance Operates
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
While I'm of course not a lawyer, but what right does this organization have to come in and put anything on the computers that are privately owned? I think they are trying to make you THINK that they have right and you'll give them the go ahead because they've convinced you they do... while in reality you could tell them to go to hell and they couldn't do a thing about it.
Perhaps I'm not 100% informed in what the BSA does, but how can they just march in and start installing software and demanding licensing documentation? They are not a government organization, right? It looks like they operate Internationally, so where do they get their jurisdiction to start making demands?
Some big organization needs to do this in response to a BSA audit request.
Once the BSA has its sights set on an organization, then that organization had better have either the licenses or the money to pony up FAST to buy them. I have seen cases where the BSA isn't satisfied with responses and comes back with Federal agents (yes, guys armed with subpoenas and guns.)
If you are reasonably sure that your licensing is OK, then you could probably stave them off. It would be a unique Uni that licenses all of the software being used though, based on my experiences.
Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
Why should an organization be peanalized for personally owned computers? Yes, IT can set rules and what not but how many users actually follow IT rules?
Note to self, don't bring laptop to work if company is being audited by gestapo...err, BSA.
I would suggest that you 'lawyer up'.
You absolutely need your legal counsel involved in this. An IT department is generally unsuited to handle these type of business/legal affairs.
By sucking in the legal folks you turn it from an IT problem to a 'university as a whole' problem.
Do not let them strong arm you into anything. Play hardball. Tell them you are doing an internal review that could take months.
Remember, they will be very reluctant to force the issue into a courtroom. It is very bad PR for them to take an impoverished college to court. A jury would be filled with people who all have 'unlicensed' software on their home PCs.
But in the end, you will have to make a reasonable effort to be in compliance and generally pay for the software you use. That, my friend, will be unavoidable. Unless, you switch IT platforms to a free or close-to-free software environment.
Good luck.
nuclear iraq bioweapon encryption cocaine korea terrorist
The BSA isn't all bad. First, haggles over license increase the total cost of ownership for commercial software, which makes free (as in speech) software more attractive.
:)
Second, I used them to shut down a competing software retail store once. The place was selling Microsoft OEM software off the shelf. A call each to the BSA and to Microsofts Piracy line and the place was out of business in 4 months.
...and that word is "outrageous." If your administration does not step in and put a halt to this egregious evasion, then you can tell them I told you they are a bunch of pussies.
Seriously: Where's the search warrant? How enforceable is a EULA with such broad contractual provisions that it forces a licensee to waive all rights to due process and freedom from illegal searches? (Before you naysayers tell me the Constitution has no bearing in this, check the facts: In many cases, BSA shows up at the doorstep with their very own law enforcement escort.)
There is a legal concept known as "blue-lining" in which a judge has the legal authority to water down, modify, or even eliminate certain portions of a previously-agreed-upon contract. I learned about this after I found myself the unwitting signatory to a capricious and completely illegal legal document. The state recognized the document as legally binding; however, the state also found the terms of the agreement were overly-reaching, capricious, and without legal standing, effectively nullifying the contract.
The reason why companies continue to write obviously unenforceable contracts is that they know the number of people willing to fight in court is very low. Most will simply roll over, expose their underbellies, and submit to being raped rather than fight.
It seems to me that there's no way they can force the university to fire people over licensing issues. *Especially* professors. Most of those people have tenure, you know. Professors with tenure at my university have gotten away with embezzling grant money and sleeping with undergraduate students. Depending on the tenure contract at your school, it is probably *illegal* for the university to fire professors over this issue. BSA can't possibly wield a big enough stick for this to hold any water.
As such, it seems to me like they're protesting too much. The scenario they paint is patently ridiculous.
Read Bujold. Free (as in
Also, my 2c on this: There are a few angles. Clearly, a private institution is innocent until proven guilty under US law. So, the scare tactics the BSA is using on your University take a couple of prongs:
- For the legally not so savvy, it says "We'll sue if there's even a hint that you might not own some software! Put our software on your computers to keep us from suing."
- For the legally more savvy, it says "We can make your life sufficiently annoying that it will be cheaper to just let us put this software on your system." Then we'll go away.
To address this for both audiences at your university, you'd like to be able to prove:- Your university is not, in fact, legally liable to the BSA, and that it in general isn't responsible for what people do with their personal computers.
- It will be significantly more expensive to install the software they require, than it will be to get legal counsel to tell them to go away.
My guess is both those things are true: A nicely backed up presentation proving both those points would probably quelly our nightmares. Good luck! Post back and tell us what happened.At this point, the only leverage that they really have is fear - they're trying to intimidate you. This is what they've done to hundreds of other companies. They come in, use your "acceptance" of a software product's EULA as a hammer, and either force an audit (which, with the criminal penalties they throw at you, gets to be scarily expensive) or force you to pay upfront and forget about the audit.
:)
Yeah, some people call it legalized extortion. IANAL.
For something like this, they should really go through your university's legal department. If the legal department hasn't gotten involved yet, then get them involved now! Get some counsel. They are the folks that were hired to protect you from this sort of thing (among many others).
This sounds just like pure intimidation to me. Especially once you mentioned that the audit includes personally owned computers. If they want to audit my personal laptop, which I bring into the office sometime, they would not send the notice to my employer. They would send it to me. Like I said before, talk to a lawyer. A lawyer, not the Slashdot crowd, can give you the best advice.
--
Welcome to the land of the easily amused...
In talking to a judge friend of mine you have several choices: 1. Tell the BSA to go to hell and hope they don't have probable cause to get a search warrant. If they get one they will come back with the police and then you will have a criminal problem - this is not a likely scenario for a public institution. 2. Let the BSA in and try to deal with them as best possible - however I would have my attorney do the talking to them - most attorneys don't scare too easily. 3.Tell the BSA that you are busy and to come back in a couple of weeks. In that couple of weeks clean up your act and let them in. Personally I would tell them to go to hell and make them come back with the cops. Why? So they have to fight to get into every business. If they have to do this it will eventually stop them as it will become financially impossible for them to continue. As a public institution you have a different problem than private businesses. You have a public relations problem. I'm sure that this is what the powers that be in the university are thinking about. My problem is that the BSA thinks that they are a peace agency (police agency) and they aren't. As far as I am concerned the best solution is to not deal with the software companies that support the BSA!
I'll hit the second one first. If the personally-owned computers are on the network, they're close, maybe, to being able to audit those. Maybe. But that's really grey. I know I, for one, wouldn't let them on, and if they came into my office and said "let me look on that machine," I'd simply disconnect it and say "no."
For the first one, though, I have a much bigger problem. Can anyone cite any other [industry / realm / product space] where one is required to retain all receipts in order to prove ownership? I don't need a receipt to show that I own the shirt I'm wearing. If someone wants to accuse me of stealing it, show some evidence. I don't need a receipt to verify that I own the couch in my living room -- if someone thinks I stole it from my neighbor, fine, prove it. So, why on earth do I need a receipt for software?
I can understand the technical complications that are entailed here -- like when you've got 1 CD for 100 machines. But the legal issues are what I'm more curious about. In no other situation am I, essentially, guilty until proven innocent.
Does anyone know if anyone's fought the software industry on those terms? You can't prove I stole it, so go away. Seems like it should work, but then again, maybe I'm being idealistic.
(Okay, I thought of two examples -- cars and real estate. But those are tracked for me by the government, and if I lose a copy of my title they can send me a new one, for a modest fee.)
Personally, I enclosed a RedHat sticker in their mailing and told them where to stick it....
there are no stupid questions, but there are a lot of inquisitive idiots
If the Gestappo comes by asking if you've seen any Jews, do you ask them to explain what Naziism is all about?
Godwin's Law. Discussion over. Ask a Bosnian Muslim how he feels about your comparison. Or a Hutu.
I've finally had it: until slashdot gets article moderation, I am not coming back.
BSA: We need to see licenses for all your software.
Me: This is an open source shop, but if you tell me which open source license you would like to see...
BSA: We at least need you to run this auditing software.
Me: Hmmm, seems kinda pointless, but what the hell. Do you have a Linux version?
BSA: No. You will have to remove your Linux OS and install an MS based OS that we do support.
Me: You want me to do what?!? Get the !&@$#%*@$%^& outta my sight!
This is my personal encounter - YMMV !
I attended a "seminar" hosted by Autodesk and M$ several years ago. At the entrance, the pretty girls were asking us to fill in info sheets, you know, like names, address, company you work for, et cetera, et cetera.
Since Autodesk and M$ were so kind to provide us with Orange Juice (Morn time, you know), I filled in the blanks.
Never would I thought that what I filled in ended up in BSA's file, and from then onwards - 6 years already - I and the company I work for, received THREATENING LETTERS, telling us that WE BETTER COUGH UP MONEY TO BUY GENUINE SOFTWARES or they will haul our butts in slammer.
Funny thing is, the Autodesk and M$ software we used (yes, USED, PAST TENSE !) were OFFICIALLY GENUINE, NON-PIRATED COPIES !
I got into troubles with my boss, since I was the one who filled in the blanks.
No matter how we tried to tell BSA that ALL OUR SOFTWARES ARE GENUINE, the threatening letters keep coming.
It got so bad that my boss decided to scrap M$ and all Autodesk softwares, and now we run Unix and NON-Autodesk softwares.
Yes, it actually cost us MORE to change our system, but at least, BSA, with Autodesk and M$, have NO MORE CLAIM ON US.
And the threatening letters still keep coming...
Talk about insanity.
And what happened above happened OUTSIDE of the good ol' U. S. of A.
Don't think you guys in the States suffer alone.
Muchas Gracias, Señor Edward Snowden !
if you are sure you are not using lots of pirated software... then you'll be fine... just give them the info you have...
Whoa! Isn't that like submitting to being searched by John Doe at the side of the road just because you're certain you have nothing to hide from him? Please, please, please heed every else's advice here and stock up on some copyright/software/IT lawyers. Repeat after me, "the BSA is a private interest group", "the BSA is not an elected or state-imposed authority", etc...
Tortuous interference with prospective economic advantage is a crime. They have no real basis for assuming anyone has committed a criminal act and no intrinsic authority to prosecute. Contact your local prosecutor immediately and explain the situation - that your institute is in good faith compliance with copyright law, that these people are attempting to extort from you significant financial gain and that while it is your institute's expectation and intent to comply with copyright law, these people have no right to subject you to the cost burden, nor any right to access to your systems. Get the law on your side now, because if you refuse they will attempt to get a warrant with the federal marshals. Refusing access to a borderline RICO organization is not a crime. Also get some sympathetic local press coverage immediately.
7 3257 &mode=thread&tid=10.5
Information at
http://slashdot.org/article.pl?sid=02/01/15/0
Be proactive. Fight back. A good tactic might be to develop an open source policy predicated on the cost of compliance with commercial software licenses being too high since even the companies don't understand their EULAs it's just impossible to do so and therefore the university will outlaw commercial software on their network.
The BSA is funded by MS, adobe, etc. If the BSA generates net positive income, they will continue storm trooping around. If it becomes a liability to have one's names associated with the organization, the underwriters will pull their support. This is a political as well as legal battle and if you don't fight, you'll be screwed, as will the next organization.
There's a name for this and it's called extortion. Here's how it works. I am the extorter and you are the extortee. I come up to you and say, "A little birdie told me that you are/have performed xxx criminal act. If you don't pay me off, I'll tattle on you." Note: Even if even you do pay me, you still have committed a criminal offense. Paying the extorter cannot change that. If they have legitimate knowledge that you are committing a criminal offense, taking hush money is a crime.
The BSA uses the same tactics. They allege that if you don't comply, you'll be busted. However, they're not acting on behalf of the government. In fact, with only the evidence of "I got an anonymous tip," they shouldn't be able to get a Judge to sign off on a search warrant. After all, for them to get a search warrent, the cops need to have probable cause. I don't see how a third party, who has an anonymous tip from some other third party is probable (it's heresay). Without a search warrant, there's no phyiscal evidence of criminal conduct.
In short, consult your legal professional. Don't forget that you can sue them, too.
The Register's article BSA deploys imaginary pirate software detector vans explains everything.
- Toby Inkster
Despite the radio and television commercials suggesting that he'd get fined up the ying yang, nothing happened. I have since concluded that the BSA is all bark and no bite. Here is my story.
I'm pink therefore I'm Spam
Just nuke your machines across the board, backing up the important data, and reinstall everything after they leave. Tell them you use MSDOS Edit to write your papers in LATEX by hand. This process, while a huge hassle, is probably less hassle than the BSA will give you, and when you're done, you'll have cleared out hundreds of gigs of useless crap, reinitialized your Windows registries and effective defragmented everything in one fell swoop. Also a good time to do some software upgrades.
I know this idea is unfeasible, but I'd love to see the look on their faces when a dual processor 1.5 ghz machine boots to a dos prompt.
When I worked as a SysAdmin for our local University, we received a letter from Microsoft that basically amounted to the same thing. "We're coming, we're auditing, be ready"
Now, we were mostly in compliance as far as we knew due to our large per-seat volume licensing through dynamic pooling, but we were pretty sure that we'd come up short in the end. Given that we weren't running any auditing software on the PCs it was difficult to impossible to know what was on every machine. So we called Microsoft and told them we needed time. They agreed to grant us two months, but then went on to specify exactly what software we were to use to perform the audting. We replied that we were going to choose our own that was less expensive, but were told that we must use this particular software, because they knew it to be honest and compatible with Access. (Like that should make a shit bit of difference) In the end we just bent over and took it rather than deal with the auditors showing up, and purchased this lame auditing software. It had to be deployed manually from machine to machine. Almost 2000 computers later, we had our audit. We wound up ponying up some pretty serious bucks for our machines. It slaughtered our entire budget for the next three quarters.
Point is: Microsoft probably didn't have the right to just announce that they were coming, but we knew that, as a public institution, we couldn't afford the battle to fight.
No one ever totaled up how much money we lost on that piece-of-shit software and in man-hours for manual deployment, but if you add it to the big fat check we wrote in the end to keep Microsoft off our campus, it was a hell of a lot of wasted grant money intended for student use.
You can pontificate for days on replacing Windows with *nix, or killing Office for StarOffice. God knows I went to the shared governance committee more than once trying to get them to see the light. In the end, however, everyone winds up signing a fat-check.
Cynical perhaps, but a truism all the same
..cage goes into salsa. Shark's in the salsa. Our shark.
Caveat: IANAL.
As far as I know, they have no grounds to force you to do ANYTHING unless you have signed a bulk-license or site-license agreement. Those agreements generally give you access to the software for a lot less money, but in return you give up all protection against 'unreasonable search' -- part of the agreement you sign allows them to inspect your systems to make sure you are in compliance.
If you bought your software through normal distribution channels, chances are very good you can tell them to pike off. As far as I know, a click-wrap license DOES NOT allow a search, because they can't know whether you agreed to the license without searching you first. It's only when you signed another agreement, which they have on file, that they have you over a barrel.
I will add my voice to the many others here telling you to get the lawyers involved. The BSA plays serious hardball. These people survive and can continue to exist only by extracting large sums of cash from your organization, and will use any tactic required.
They are not your friends. They are active enemies and you should treat them as such.
if you don'thave any illegal or pirated software, what have you to hide?
This kind of thinking is precisely what the BSA is looking for. If you are stopped by a cop and you consent to a search of your vehicle, then anything illegal that the cop finds can be used against you, because you consented to the search. For example, say you go out of state and purchase a bottle of liquor and you put it in your trunk (out of plain view), on your way back, you get pulled over for speeding in your home state. The cop asks you to search the car, you say yes, and BAM! In addition to a speeding ticket, you are also busted for illegally importing alcoholic beverages (in many states, this is a crime). Yes, you may not have had any idea this is illegal, but you are nonetheless responsible for it because you consented to the search. Unless the cop has actual probable cause to believe you have comitted a crime (e.g., your car/license plates match the description of a vehicle used to commit a crime), they cannot forcibly search your vehicle.
Given this context, and how the BSA is strictly out to get you (whereas the cops are not), they most likely have ways of finding "illegal" things (that you did not know were illegal) and nailing you for them. The only way to prevent this is to not cooperate with them. Bring in the lawyers and make the BSA prove its case against you.
In case of fire, do not use elevator. Use water!
If licenses are really contracts (like everyone from RMS to Bill Gates say they are), then why do they need to see them? It would be like your landlord demanding to see your rental agreement, or your insurance agent going all nasty on you and demanding to see your insurance policy.
If it's a legally valid contract, then the manufacturer will already have a copy of the license and already possess proof of your assent. It seems to me that if they even have to ask to see the license, then it can't be contract.
p.s. Can you be in breach of contract for not agreeing to the contract?
A Government Is a Body of People, Usually Notably Ungoverned
I go to great pains to make sure all the software on all of my companies computer is legal, and paid for. And, if a law enforcement agency had somehow gotten a suspicious that we were breaking the law, I would have no problem cooporating with them.
But the BSA is not law enforcement. It bugs the heck out of me that they can do what they do. If they sent us a letter, the first thing I'd do is write up a proposal with an estimate of hours billing rate for them to sign before we would do business with them, another private business.
Granted, we are not a big company, they would probably ignore my proposal, and we don't have the money or the resources to fight them in court, so chances are I'd end up having to comply. But it really chaps my hide that a private orginization, with no real authority, can go around enforcing the law.
What somebody really should do is start an orginzation called 'Citizens for a drug free workplace', contact the BSA, and say that there is quite a bit of suspicion that BSA executives are in possession of, and regular uses of crack. You have one month to get off the crack, because then we're going into your offices, disrupting your business, and piss testing every one of your employees. While we have no legal right to do this, we're going to do it anyways or you're going down.
The Internet is generally stupid
The way to deal with bullies is to go on the offensive. Sue back. Perhaps the most promising avenue in that direction would be to sue the BSA consituents for distributing software they know is insecure, yet laid claims to it being secure. There's a hundred years of rulings on health claims for food and other consumables that show that you're not allowed to claim something is healthful, even if you later state in fine print that it isn't. Those should make some good precedents. Be sure to quote the security specialist from Microsoft who quit recently and publicly sounded off that he couldn't understand why Microsoft still has buffer-overflow vulnerabilities. You might be able to use the precedent from some of the automotive cases in which manufacturers were proved to have released faulty products. If it can be shown that Microsoft knowingly releases a faulty product, you could turn the tables. Another point to bring up could be that Windows allows pretty much anybody with a floppy disk to install software. To me, that's faulty. Drum it into the head of everyone who will listen that insecure software opened you to unauthorized software installations.
Next, claim that the insecure software violates the DMCA by assisting in the distribution of copyrighted material... I'm sure you can find one installation of Back Orifice on your campus to back up your claim. Sound ridiculous? It's not as ridiculous as having to submit to warrantless search.
Be sure not to go on the offensive against law enforcement... on the contrary, get law enforcement angry at the BSA for wasting their time hurting the sweet little local colleges. Make sure everyone is clear that the agents could have been out fighting drug dealers. That sort of tactic worked for the tobacco lobby who convinced the California legislature that it was a waste of taxpayer money to run anti-smoking ads when the money could be put towards birth-defect research. There's always something more worthy out there.
Lobby your congresspeople. If applicable, mention that the people who would profit from the search are from out of state. Remember, pork runs congress, and it's not pork if it gets diverted out of your congressperson's district. You may win this through lobbying.
They're not being nice to you, don't be nice to them.
Miko O'Sullivan
If it were completely groundless, then yes it would be illegal. The problem here is that in these situations, there's no way for the university to 100% license everything they use. Even if they make a concerted best try effort to license everything a few licenses will slip through the cracks. The university knows this, the BSA knows this, and that is why the BSA, to the best of my knowledge, has never been challenged when these audits come up.
Let's say on your entire campus, one license is not valid. If the BSA comes knocking at your door, you face a relatively minor penalty for that license, but then you have to pay for your legal counsel, their legal counsel, damages, the auditors, etc. The BSA knows this, and they use it to their advantage.
Now, keep in mind here that they are suggesting a product is not legally licensed if you don't have the paperwork to proove it. Therefor, if you aren't totally pristine in keeping track of the licenses for all your software that is, in fact, 100% legitimate, you can still get screwed by the BSA. Although I do wonder how well that would stand up in court, that is, unless the BSA can proove those copies are pirated, is simply not being able to proove them legitimate enough to get you into hotwater. I'm sure their license provisions make certain statements about this, but I don't know if they would stand up in court.
What it boils down to is that the BSA takes advatange of our legal system to extort businesses and it's about time that something was done to put an end to this. For example, I would propose that any organization that licenses software for more than say 50 computers, they should have certain protections from this sort of action. I would suggest the following protections:
1) Provide protection for good faith effort. If your company makes a good faith effort to license your software (at least say 80% of the value of the software is legitimately licensed), then all you can be held accountable for is the cost of licenses at retail price. No damages, no attorneys fees, no auditing fees. It would still cost you the attorneys fees to fend it off, but at least the expense would be clear and reasonable. If you have more than 90% compliance, then your legal fees would be covered by the suing party (though you'd still have to pay for the licenses). Thus, there's a strong disincentive to go after an organization that's not blatantly violating the law.
2) Receipts or other proof of software purchase should be considered valid proof of legal license. If you buy a thousand copies of a piece of software, you shouldn't have to keep track of a thousand pieces of paper. It would be impossible to proove that a piece of software is pirated, so it makes sense for the purchaser to be required to demonstrate ownership in court, but the burden of what needs to be proven should be much more reasonable.
This sig has been temporarily disconnected or is no longer in service
(* This is who the BSA *really* is: [big software companies] *)
Try this: Tell them you will go on a mad OSS campaign if they don't go away. Show them a proposal to spend X amount of money on OSS advertising and promotion around the campus and elsewhere.
Show them a draft of an article about BSA thuggery and why it is now time for OSS that you plan to publish.
When they send in a representative, have a bunch of Penguins, OSS posters, and Red Hat boxes around your office. Give them a free Penguin T-shirt on their way out.
Table-ized A.I.
Their audit software is called GASP and it's not available for Non-Windows or Non-Mac users. Darn!
c .phtml
http://www.bsa.org/usa/freetools/gasp/
Check it out, they have an EULA for GASP... I guess they'll want to see the EULA for each machine they install it on too.
http://www.bsa.org/usa/freetools/gasp/gasp_
"Arg! Your crawling with Body Thetans! Some body get a e-meter over here QUICK!" *sucking sound "GOT EM! You're luck those little alien spirits were weighing your spirit down"
"No they weren't that was my wallet you took! Come back here you fucking cultist bastards!" *sucking sound "My HOUSE! You fucks took my house. Man, now I am going to have to go and pee on L. Ron Hubbard's grave."
Interesting idea for a EULA case..
Ask the IP holder to produce the EULA that you specifically agreed to. Request proof that it was you/your institution that accepted the EULA, and not the OEM, shipper, independant IT person who installed the software, etc..
Not only can they not prove who exactly accepted the EULA, they can't even prove the EULA was presented in the first place.
"No your honour. Nothing that said click to proceed came up on my screen. Could be a bug in this copy of their software I guess, I dunno, I didn't make it."
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
By gum, I sure do hope I didn't offend anyone! It would be so utterly un-politically correct to exaggerate a little in making a point.
No you cretin, it has more to do with the fact that the nazi comparison is
so
utterly
treadworn
That it has no coinage any more. Every god damned thing you don't agree with, well just shout "Nazi". The quips about other folks who got massacred had more to do with the idea that yes Virginia, there really are people who get systematically killed in this world who don't give two shits about software licensing.
Get some perspective. Jesus.
I've finally had it: until slashdot gets article moderation, I am not coming back.
An awful lot of people are either complaining about how the BSA ignored their past employers for violations, or how the BSA went after them for "lots of money." Bah. Wait until you hear my story.
I work as a Sr. UNIX Administrator for a very large (Fortune 100) company that shall remain nameless for all the obvious reasons. I plan to leave soon, just as quickly as I settle upon a new opportunity in this less-than optimal job market.
Microsoft is currently auditing us. Granted, that is not what Microsoft or we are calling it; rather, Microsoft is "helping us to determine our licensing needs" but that is just a sugary title for what is really going on.
What is really going on is this: this company has long made an unofficial policy of pirating software. Factual, verified (by me) examples include:
* A single MSDN subscription CD of Office 2000 being installed on virtually every PC in a particular department (over one hundred machines)
* Remote sites throughout the United States being sent CD-R copies of software such as Microsoft Project and being told that it is OK to deploy it on all their PCs
* Numerous Windows Terminal Servers being setup for use by Sun workstation clients, each running Office, Project, and Visio - with at best only a handful (read: less than five) of licenses apiece, with no CALs at all - and definitely not enough licenses to cover the 300+ workstations that use them
* Mass upgrades of PCs from Windows 9x to Windows 2000, with nary a license in sight
* Another department, supposedly responsible for license compliance documentation, cannot now seem to lay their hands on any more than a third of the licenses that supposedly exist - thus leading to a deficit of more than 2,000 unlicensed copies of Office, Project, Visio, and Acrobat.
In my department alone, which is one of the smaller ones at this company, I estimated that we are looking at an easy $400,000 to "true up." Nevertheless, the departments are busy engaged in a finger-pointing battle, each blaming responsibility for license compliance on someone else. Upper management has completely ignored the issue, and as the deadline of July 31 draws ever closer, it is becoming rapidly apparent that this debacle may prove of truly colossal proportions.
When you say personal machines, do you mean machines that are actually owned by the primary user?
Makes me think of the following war story: I worked at a company that hired a few consultants who brought their own machines in. On the day of a BSA audit, one of the contractors left his laptop unattended for a couple of hours, during which one of the auditors started going through it. The auditor was still on when the consultant came back, and needless to say, he wasn't pleased.
Consultant: Get off my notebook.
Auditor: I see you have X, Y, and Z. Do you have licenses for these packages?
[note: we hired consultants who have software that we don't - they should be responsible for their own machines]
Consultant: I know who you bastards are, and I don't have to answer to you. Nobody touches my notebook but me. Get out of my cubicle.
Auditor: Sir, you are interfering with an official BSA audit. Please be patient while I finish installing this monitoring software...
[Other auditors and employees start homing in on the disturbance.]
Consultant: I won't warn you again.
[Moment of silence, then...]
[Cursing, sounds of something tearing, loud scuffle, followed by a dull *thud*.]
At this point, I tried to see what had happened, but the crowd outside his cubicle was too tight for me to get a good view. Moments later, the consultant emerged from the crowd, into the open arms of security guards, but with a strange look of triumph on his face and notebook computer clutched under his arm. A dented metal curtain rod followed shortly after (now in my possession, which I affectionately call my "BSA Stick").
I never saw the consultant again.
"Twice half-assed makes an ass whole." --Solomon K. Chang
See the CAW logo license and then my homepage.
"Does anyone know if this works?"
Yes - but the cable company does not drive around the neighborhood with some kind of scanner. They use an instrument called a Time-Domain Reflectrometer to do a thing called, not suprisingly, Time-Domain Reflectrometry.
How it works is somewhat like this - the TDR instrument must be connected to the cable line feed end. The instrument launches an electrical pulse over the cable then listens for 'echoes' - kind of like a radar. If it hits a tap in the line, hits a load, or hits an open (unconnected) cable, an echo is produced which is detected by the unit. They can measure the echos and see how many feet down the line is the tap.
"Do they actually do this?" Yes again, but it is not as easy as they would like you to believe.
Theoretically, this instrument can detect almost anything that is attached to the cable. In practice, it is a lot harder to catch tappers since the technician doing TDR on the line must distinguish between what is supposed to be on the lines and what is not. He almost has to 'map' the reflections and then come back later and see if the TDR 'profile' has changed to detect a tapper.
TDR is blocked by the line amplifiers they use to boost the signal on the cable lines. It has been almost 20 years since I did any work on cable systems, but at that time it was a real pain to shimmy up a pole, undo the cable from the amplifier and then run the TDR. This disrupted the service for the customers on the branch we were testing, and most of the 'tappers' we caught were in reality people whose cables became disconnected from the set-top boxes or got cut while digging in the garden. They all did not know why their reception suddenly became so poor!!
In the end we limited TDR to analyzing lines that had signal problems, and we generally depended on disgruntled neighbors to find people stealing signal. The TDR could help us find taps, but in a couple cases the tappers were real smart and used a high impedance amplifier piggybacked on our line, which would not show up on TDR. This approach does not produce a nice clean signal one would get from a properly split and terminated cable, but it got the job done.
There was talk of some super TDR system that could be run on the whole system from the head end, but I have not seen or heard of one in use. Remember I am describing the state of the art circa 1982, and much has surely changed, so that doesn't mean it doesn't exist.
As for vans driving around picking up signals - the last I heard of such a thing was from the late '70s when HBO was broadcast over microwave, and various small cable companies and hotels would pick up the signal and distribute it over their systems. One could get downconverter kits and plans to make a box that would let you pick up HBO without a subscription. The box you could mount on your antenna mast had a local oscillator that produced a signal that would downconvert the HBO microwave signal to channel 2 VHF.
The trucks had radio direction finders that homed in on the local oscillator frequency from the downconverter boxes. I had a friend who had one set up and he actually got caught, and received a summons in the mail to appear in court.
He actually showed up in court without an attorney. He was asked to verify where he lived and evidence was produced against him that a certain frequency was radiating from his property, one which could be used to illegaly downconvert HBO. My friend got his turn to testify and much to the suprise of the prosecuting attorney, he produced an Extra class ham radio license. He then submitted a page from the ARRL Handbook showing the RF spectrum priveleges given to different classes of Amateur licenses. The frequency in question was in the broadcast privileges for his class of license! He then said that in this case the evidence against him was circumstantial. He admitted that he was "performing experiments in those range of frequencies" and went on to add that he was soon going to broadcast regularly at that frequency.
Case dismissed.