Shakedown: How the Business Software Alliance Operates

An anonymous source writes: "I'm a faculty member at a public university which the Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.

The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:

• auditing software *will* be installed on every campus machine;
• the license for every program, on every machine, must be produced upon demand;
• failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
• and this includes computers *personally* owned by faculty."

Sounds like they are spouting off.

[Clay+Mitchell]

While I'm of course not a lawyer, but what right does this organization have to come in and put anything on the computers that are privately owned? I think they are trying to make you THINK that they have right and you'll give them the go ahead because they've convinced you they do... while in reality you could tell them to go to hell and they couldn't do a thing about it.

Beware

[dreamchaser]

Once the BSA has its sights set on an organization, then that organization had better have either the licenses or the money to pony up FAST to buy them. I have seen cases where the BSA isn't satisfied with responses and comes back with Federal agents (yes, guys armed with subpoenas and guns.)

If you are reasonably sure that your licensing is OK, then you could probably stave them off. It would be a unique Uni that licenses all of the software being used though, based on my experiences.

Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.

Re:Legality in doing this?

[bstrahm]

That is very simple... The legal system. I am a private organization/person. I want you to do something - I simply say Do it, or I will get a court to make you do it, and by the way it will cost you a lot of money cause you will have to pay your lawyers, my lawyers, and the damages

If you aren't breaking any licencing agreements, it just costs money to fight... But much like speeding - No large organization is perfect and someone, somewhere, will have some software that the licensing documentation isn't perfect on... The BSA is willing to bet for that (So you have to pay their legal bills, discovery, etc) are you willing to bet against it ???

As a CIO myself...

[Argyle]

I would suggest that you 'lawyer up'.

You absolutely need your legal counsel involved in this. An IT department is generally unsuited to handle these type of business/legal affairs.

By sucking in the legal folks you turn it from an IT problem to a 'university as a whole' problem.

Do not let them strong arm you into anything. Play hardball. Tell them you are doing an internal review that could take months.

Remember, they will be very reluctant to force the issue into a courtroom. It is very bad PR for them to take an impoverished college to court. A jury would be filled with people who all have 'unlicensed' software on their home PCs.

But in the end, you will have to make a reasonable effort to be in compliance and generally pay for the software you use. That, my friend, will be unavoidable. Unless, you switch IT platforms to a free or close-to-free software environment.

Good luck.

Re:As a CIO myself...

[dschuetz]

The CIO here is absolutely right -- talk to your lawyers, and above all, do what they tell you. I don't need to describe what the career path might be for someone who ignores the lawyers and opens their employer to a million-dollar settlement.

I had some thoughts about all this while out getting lunch, and now that I've posted my idealogical rant about "innocent until proven guilty" obviously not applying in the civil world, I'll try to be, like, constructive for a moment.

First, any lawyer (and most of the posters here today) is going to tell you that it's cheaper to simply buy all new licenses (or whatever the BSA is demanding). Rifle every likely file cabinet for existing licenes, then buy the difference. Either way, you still need to do your own audit.

On the other hand, if you're at a school with a strong reputation, lots of prestige, and even more money, and if your president believes there's a moral victory worth fighting (and paying) for, then I have some thoughts that I at least find intriguing:

• An early response might be "Oh, wow, this could be bad. Okay, we'll work with you. Here's how we'll do it. Here's exactly how we'll do it. And it'll take some time. But we'll be with you all the way, show you what we've done, give you monthly updates, etc." Look for documentation on your internal hardware inventory process (I'm sure you've got one, when I worked at UMCP I had my PC inventoried by like 5 different departments in one year), and use that as a starting point to justify the length of time you're expecting the audit to take. [I think this is the best response, since, ultimately, you'll probably need to do an audit eventually, anyway. Cooporate, but on your own terms.]
  
• Refuse (in legal terms) to deal with BSA. You haven't got any software from BSA (you can't, they don't sell software). Offer to deal with Microsoft, if they send you a letter from their legal team on their letterhead.
  
• Agree to do an audit, but only if BSA pays for it, on a time and materials basis. Present them with a nicely-detailed starting point for the process of actually doing the audit, how long it'll take (see above), how many people it'll take, and how much it'll cost. Tell them that you're pretty sure you're in compliance, but if they want to force an audit, they'll have to pay for it. This is an extension of the comment above, and might be the 'best' out in that you get them to foot the bill. It'd be a victory for both sides, more or less.
  
• Ask them why they've come to your university. Have they had an anonymous tip? Did they see people selling university-stamped materials on eBay? If they simply say that, stastically, there's "probably" piracy happening here, require better justification before you spend any more time with them.
  
• Require them to limit the scope of the search. If their tip came from someone in the Sociology department, limit the audit to only those machines in that department. If they got a tip that "everyone here is copying MS-Office," limit the audit to only look for the most recent version of MS-Office.
  
• If you've gotten this far, then they're probably going to a judge. Ensure that your school is represented at the hearing for the subpoena they'll use to force you to audit. Try to cast the situation in the same light as a search warrant: Police need a specific warrant for a search, showing just cause for the search, and specific targets to be searched, and specific items to search for. No cause, often, no warrant, in my understanding.
  
• Or get it to be treated just like a subpoena for a deposition -- with specific areas of discovery outlined. No judge (I think) would issue a subpoena for a deposition that says "go talk to this guy and ask him anything you want." Instead, the lawers are required to stick to a narrowly-defined scope of questions that directly pertain to some particular action. Try to get the judge to see a parallel between that situation and the BSA audit request.
  
• Ultimately, maybe you can find a lawyer gutsy enough to throw RICO at 'em. Hell, this is just this side of a protection racket on behalf of Microsoft, anyway.
  

Of course, my initial point still stands -- do your own audit, cheaply, and simply pay for the difference. And, most importantly, build a good system (centralized database backed up with a fire-safe holding physical license papers for the whole school) to track this stuff, and re-audit every 6 months. Or even more frequently. (client-side tracking software is obviously going to be in your future....)

Good luck!

The BSA isn't all bad

[larsu]

The BSA isn't all bad. First, haggles over license increase the total cost of ownership for commercial software, which makes free (as in speech) software more attractive.

Second, I used them to shut down a competing software retail store once. The place was selling Microsoft OEM software off the shelf. A call each to the BSA and to Microsofts Piracy line and the place was out of business in 4 months. :)

One word

[pongo000]

...and that word is "outrageous." If your administration does not step in and put a halt to this egregious evasion, then you can tell them I told you they are a bunch of pussies.

Seriously: Where's the search warrant? How enforceable is a EULA with such broad contractual provisions that it forces a licensee to waive all rights to due process and freedom from illegal searches? (Before you naysayers tell me the Constitution has no bearing in this, check the facts: In many cases, BSA shows up at the doorstep with their very own law enforcement escort.)

There is a legal concept known as "blue-lining" in which a judge has the legal authority to water down, modify, or even eliminate certain portions of a previously-agreed-upon contract. I learned about this after I found myself the unwitting signatory to a capricious and completely illegal legal document. The state recognized the document as legally binding; however, the state also found the terms of the agreement were overly-reaching, capricious, and without legal standing, effectively nullifying the contract.

The reason why companies continue to write obviously unenforceable contracts is that they know the number of people willing to fight in court is very low. Most will simply roll over, expose their underbellies, and submit to being raped rather than fight.

Can I suggest MIT?

[watanabe]

There have to be a few, powerful, tech savvy universities that have dealt with this before. What about MIT? Can someone here get this poor AC in touch with the right person at MIT? I'll bet some cash that MIT does not have the BSA's software on their student cluster PCs.

Also, my 2c on this: There are a few angles. Clearly, a private institution is innocent until proven guilty under US law. So, the scare tactics the BSA is using on your University take a couple of prongs:

• For the legally not so savvy, it says "We'll sue if there's even a hint that you might not own some software! Put our software on your computers to keep us from suing."
• For the legally more savvy, it says "We can make your life sufficiently annoying that it will be cheaper to just let us put this software on your system." Then we'll go away.

To address this for both audiences at your university, you'd like to be able to prove:

1. Your university is not, in fact, legally liable to the BSA, and that it in general isn't responsible for what people do with their personal computers.
2. It will be significantly more expensive to install the software they require, than it will be to get legal counsel to tell them to go away.

My guess is both those things are true: A nicely backed up presentation proving both those points would probably quelly our nightmares. Good luck! Post back and tell us what happened.

Re:Can I suggest MIT?

[ckd]

What about MIT?

I can see it now...the BSA auditor shows up, sees a Dell box, and walks up to it to start his Win32 auditing tools.

Then he says "what's this freaking owl doing on the login screen?"

My two peeves here:

[dschuetz]

• failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
  
• and this includes computers *personally* owned by faculty

I'll hit the second one first. If the personally-owned computers are on the network, they're close, maybe, to being able to audit those. Maybe. But that's really grey. I know I, for one, wouldn't let them on, and if they came into my office and said "let me look on that machine," I'd simply disconnect it and say "no."

For the first one, though, I have a much bigger problem. Can anyone cite any other [industry / realm / product space] where one is required to retain all receipts in order to prove ownership? I don't need a receipt to show that I own the shirt I'm wearing. If someone wants to accuse me of stealing it, show some evidence. I don't need a receipt to verify that I own the couch in my living room -- if someone thinks I stole it from my neighbor, fine, prove it. So, why on earth do I need a receipt for software?

I can understand the technical complications that are entailed here -- like when you've got 1 CD for 100 machines. But the legal issues are what I'm more curious about. In no other situation am I, essentially, guilty until proven innocent.

Does anyone know if anyone's fought the software industry on those terms? You can't prove I stole it, so go away. Seems like it should work, but then again, maybe I'm being idealistic.

(Okay, I thought of two examples -- cars and real estate. But those are tracked for me by the government, and if I lose a copy of my title they can send me a new one, for a modest fee.)

Re:Fire that guy!

[scrytch]

If the Gestappo comes by asking if you've seen any Jews, do you ask them to explain what Naziism is all about?

Godwin's Law. Discussion over. Ask a Bosnian Muslim how he feels about your comparison. Or a Hutu.

Re:Go open source

[Derkec]

Yeah, that's a great plan if you don't need to use any software. Seriously, a chemistry friend of mine works on commericial software running in the 10K per seat range. No quality open source alternitive. Oh, and it runs on Windows. Language classes use language tutoring software. Graphic art classes use photoshop. Computer science runs on donated equipment. It might be hard to get Sun to keep sending you free boxen when you remove solaris from every box you get so you can go free.

While the idea of a campus that's totally open source is cute, the idea is totally unworkable and not a feasible solution. That is the reason noone will respond this way. People spend money on software because some software is only legally available when you spend money. If I was still in high school, it would be a no-brainer to decide not to go to any school that didn't use any proprietary software.

We'd all like free software. However, with very rare exceptions, the best (or all) software in most domains is closed. Why? Because I can't find enough chemistry people and programmers who will cooperate to make me specialized software of superb quality unless I unload a big pile of cash.

My personal encounter with Autodesk & M$

[Taco+Cowboy]

This is my personal encounter - YMMV !

I attended a "seminar" hosted by Autodesk and M$ several years ago. At the entrance, the pretty girls were asking us to fill in info sheets, you know, like names, address, company you work for, et cetera, et cetera.

Since Autodesk and M$ were so kind to provide us with Orange Juice (Morn time, you know), I filled in the blanks.

Never would I thought that what I filled in ended up in BSA's file, and from then onwards - 6 years already - I and the company I work for, received THREATENING LETTERS, telling us that WE BETTER COUGH UP MONEY TO BUY GENUINE SOFTWARES or they will haul our butts in slammer.

Funny thing is, the Autodesk and M$ software we used (yes, USED, PAST TENSE !) were OFFICIALLY GENUINE, NON-PIRATED COPIES !

I got into troubles with my boss, since I was the one who filled in the blanks.

No matter how we tried to tell BSA that ALL OUR SOFTWARES ARE GENUINE, the threatening letters keep coming.

It got so bad that my boss decided to scrap M$ and all Autodesk softwares, and now we run Unix and NON-Autodesk softwares.

Yes, it actually cost us MORE to change our system, but at least, BSA, with Autodesk and M$, have NO MORE CLAIM ON US.

And the threatening letters still keep coming...

Talk about insanity.

And what happened above happened OUTSIDE of the good ol' U. S. of A.

Don't think you guys in the States suffer alone.

Re:Legality in doing this?

[sphealey]

That's called barratry [dictionary.com] and it's actually illegal: If you threaten groundless legal action to blackmail or intimidate, you are abusing the legal system in an unsavoury way and I believe in most Western nations you can face criminal or civil punishment.

In theory, yes.

In practice, if such laws were enforced, the amount of work for lawyers and judges to do would drop drastically, and the money earned by lawyers would also go down.

Laywers (including prosecuting attorneys) and judges decide whether or not barratry cases will be allowed. Do you spot a small conflict of interest? How do you think it will be resolved?

sPh

Countersue

Tortuous interference with prospective economic advantage is a crime. They have no real basis for assuming anyone has committed a criminal act and no intrinsic authority to prosecute. Contact your local prosecutor immediately and explain the situation - that your institute is in good faith compliance with copyright law, that these people are attempting to extort from you significant financial gain and that while it is your institute's expectation and intent to comply with copyright law, these people have no right to subject you to the cost burden, nor any right to access to your systems. Get the law on your side now, because if you refuse they will attempt to get a warrant with the federal marshals. Refusing access to a borderline RICO organization is not a crime. Also get some sympathetic local press coverage immediately.

Information at
http://slashdot.org/article.pl?sid=02/01/15/07 3257 &mode=thread&tid=10.5

Be proactive. Fight back. A good tactic might be to develop an open source policy predicated on the cost of compliance with commercial software licenses being too high since even the companies don't understand their EULAs it's just impossible to do so and therefore the university will outlaw commercial software on their network.

The BSA is funded by MS, adobe, etc. If the BSA generates net positive income, they will continue storm trooping around. If it becomes a liability to have one's names associated with the organization, the underwriters will pull their support. This is a political as well as legal battle and if you don't fight, you'll be screwed, as will the next organization.

extortion

[ikeleib]

There's a name for this and it's called extortion. Here's how it works. I am the extorter and you are the extortee. I come up to you and say, "A little birdie told me that you are/have performed xxx criminal act. If you don't pay me off, I'll tattle on you." Note: Even if even you do pay me, you still have committed a criminal offense. Paying the extorter cannot change that. If they have legitimate knowledge that you are committing a criminal offense, taking hush money is a crime.

The BSA uses the same tactics. They allege that if you don't comply, you'll be busted. However, they're not acting on behalf of the government. In fact, with only the evidence of "I got an anonymous tip," they shouldn't be able to get a Judge to sign off on a search warrant. After all, for them to get a search warrent, the cops need to have probable cause. I don't see how a third party, who has an anonymous tip from some other third party is probable (it's heresay). Without a search warrant, there's no phyiscal evidence of criminal conduct.

In short, consult your legal professional. Don't forget that you can sue them, too.

BSA have a history of lunacy.

The Register's article BSA deploys imaginary pirate software detector vans explains everything.

- Toby Inkster

Re:Legality in doing this?

[AntiNorm]

They are not a government organization, right?

Right. And this is why they CAN NOT just march in wherever they want, whenever they want, and do their raids. They CANNOT demand license documentation, they CANNOT install software, etc. without either a court order or police and a search warrant. I would do exactly what pitcrew suggested -- tell them to go to hell.

From the article: failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession

This, IMO, is absolute bullshit. It's like the police going through your refrigerator, making you produce receipts for every gallon of milk in there, and automatically assuming that the milk you can't account for with receipts was stolen from the local grocery store. They are assuming you to be guilty until you can prove yourself innocent. This is not the way our government works (or is supposed to work); the burden of proof is supposed to be on them, not you.

Well, one option is to uninstall everything

[Illserve]

Just nuke your machines across the board, backing up the important data, and reinstall everything after they leave. Tell them you use MSDOS Edit to write your papers in LATEX by hand. This process, while a huge hassle, is probably less hassle than the BSA will give you, and when you're done, you'll have cleared out hundreds of gigs of useless crap, reinitialized your Windows registries and effective defragmented everything in one fell swoop. Also a good time to do some software upgrades.

I know this idea is unfeasible, but I'd love to see the look on their faces when a dual processor 1.5 ghz machine boots to a dos prompt.

Not BSA necessarily, but like it..

[salsashrk]

When I worked as a SysAdmin for our local University, we received a letter from Microsoft that basically amounted to the same thing. "We're coming, we're auditing, be ready"

Now, we were mostly in compliance as far as we knew due to our large per-seat volume licensing through dynamic pooling, but we were pretty sure that we'd come up short in the end. Given that we weren't running any auditing software on the PCs it was difficult to impossible to know what was on every machine. So we called Microsoft and told them we needed time. They agreed to grant us two months, but then went on to specify exactly what software we were to use to perform the audting. We replied that we were going to choose our own that was less expensive, but were told that we must use this particular software, because they knew it to be honest and compatible with Access. (Like that should make a shit bit of difference) In the end we just bent over and took it rather than deal with the auditors showing up, and purchased this lame auditing software. It had to be deployed manually from machine to machine. Almost 2000 computers later, we had our audit. We wound up ponying up some pretty serious bucks for our machines. It slaughtered our entire budget for the next three quarters.

Point is: Microsoft probably didn't have the right to just announce that they were coming, but we knew that, as a public institution, we couldn't afford the battle to fight.

No one ever totaled up how much money we lost on that piece-of-shit software and in man-hours for manual deployment, but if you add it to the big fat check we wrote in the end to keep Microsoft off our campus, it was a hell of a lot of wasted grant money intended for student use.

You can pontificate for days on replacing Windows with *nix, or killing Office for StarOffice. God knows I went to the shared governance committee more than once trying to get them to see the light. In the end, however, everyone winds up signing a fat-check.
Cynical perhaps, but a truism all the same

Have you signed a bulk-license contract?

[Malor]

Caveat: IANAL.

As far as I know, they have no grounds to force you to do ANYTHING unless you have signed a bulk-license or site-license agreement. Those agreements generally give you access to the software for a lot less money, but in return you give up all protection against 'unreasonable search' -- part of the agreement you sign allows them to inspect your systems to make sure you are in compliance.

If you bought your software through normal distribution channels, chances are very good you can tell them to pike off. As far as I know, a click-wrap license DOES NOT allow a search, because they can't know whether you agreed to the license without searching you first. It's only when you signed another agreement, which they have on file, that they have you over a barrel.

I will add my voice to the many others here telling you to get the lawyers involved. The BSA plays serious hardball. These people survive and can continue to exist only by extracting large sums of cash from your organization, and will use any tactic required.

They are not your friends. They are active enemies and you should treat them as such.

Re:Legality in doing this?

[Waffle+Iron]

but how can they just march in and start installing software and demanding licensing documentation? They are not a government organization, right?

Maybe they interpret the U.S. Constitution thusly:

• The government is not permitted to perform unreasonable searches and seizures.
• All rights not expressly given to the government are reserved for the people.
• Therefore: Private parties have the express right to perform unreasonable searches and seizures!

Re:Legality in doing this?

[DeputySpade]

It amazes me that no matter how many times this comes up, people still don't get it. READ the EFFEN UELA! When you accept the EULA from MS, Oracle, or whatever closed min^H^H^H source software, BSA participating company you purchase from, you agree to let the copyright holder _OR_ANY_DESIGNATED_ASSIGNEE_ come in and audit your system for license violations. And as for the idea every seems to have about simply making a quick switch to OSS, DON'T! if the BSA comes back tomorrow and can't find ANY software under their jurisdiction on ANY machine, they will assume that you blew it all away to cover up the fact that you were using it illegally. They will then want you to prove that you didn't try to destroy evidence! Trust me. I've been through this before.

Re:Go open source

[Fiver-rah]

Your point is taken in terms of people running Photoshop/CAD software/etc. Since a university has an obligation to train people to use commercial software, unfortunately, it may not be avoidable. But as a member of a theoretical chemistry research group which runs only Linux, I want to gripe about your Chemistry comments.

Most of the major Chemistry commercial software out there is available to run under Linux. Sure, it ain't free. But it doesn't imply you have to run Windows to use it.

*Gaussian runs under Linux (although they are pretty draconian about licensing in their own rights).
*QChem runs under Linux (hell, Martin Head-Gordon's research group only has one Windows box, and they only use it for the occasional PowerPoint presentation).
*CHARMM runs under Linux.

Furthermore most of the major commercial chemistry packages don't contract out with the BSA. Most of the people I know in theoretical chemistry don't run Windows. Why? Because if your jobs take months to run, you sure as hell don't want an uptime that is order days. Sure, you can't go totally open source (yet). But you can evade the juggernaut.

And for reference purposes, the next generation of theoretical chemists is pretty geek-happy. Give us another twenty years, and I'm sure you'll start seeing GPLed versions of molecular modeling programs. Hey, I'd consider doing it. The point of all this is that you *can* do things in stages. You can run whatever commercial software you want, scientifically, under Linux. And it's only going to get better. Why? Well, I know people who have license credits on Gaussian/QChem. And you know where they get their thrills? It sure ain't from the royalty check. It's from the fact that *everyone* who uses their software cites them in their articles. Citations are power in the academic world. Money is nothing.

Re:my vision of talking with the BSA

[Lxy]

BSA: We need to see licenses for all your software.
Me: This is an open source shop, but if you tell me which open source license you would like to see...
BSA: We at least need you to run this auditing software.
Me: Hmmm, seems kinda pointless, but what the hell. Do you have a Linux version?
BSA: No. You will have to remove your Linux OS and install an MS based OS that we do support.

To continue:

Me: Ok, fine. (Installs Windoze on a machine not currently being used)
BSA: Where did you get that copy of Windows?
Me: It came with the PC. See the sticker?
BSA: You mean you have a licensed PC but are not running Windows on it?
Me: Yes. We don't run Windows here. We're a linux shop.
BSA: According to MS's license policy, the license must remain installed on that PC.
Me: Ummm..... what?
BSA: And as for the rest of these PCs..
Me: I'm calling the cops.
BSA: We're giving you a grace period to reinstall Windows on all of them to meet compliance requirements. You have 5 days.
Me: But.. But...
BSA: Good Day.

Re:EULAs

[Arandir]

If licenses are really contracts (like everyone from RMS to Bill Gates say they are), then why do they need to see them? It would be like your landlord demanding to see your rental agreement, or your insurance agent going all nasty on you and demanding to see your insurance policy.

If it's a legally valid contract, then the manufacturer will already have a copy of the license and already possess proof of your assent. It seems to me that if they even have to ask to see the license, then it can't be contract.

p.s. Can you be in breach of contract for not agreeing to the contract?

Re:Legality in doing this?

[jgerman]

The BSA has no authority in this matter EULA or no. You cannot sign away your constitutional rights. As far as making a quik change to OSS. Again, I don't care if they swear till they're blue in the face that there was un-licensed software running there yesterday, it isn't today, and that's all that matters.

Also, they absolutely CANNOT demand to install auditting software on those machines. That's theft in my book. They are forcefully taking away my cycles.

Furthermore, they can't attempt to enforce a EULA that they don't know you accepted. Until they audit they have no way of knowing that you have EULA covered software on your machines, until they know you have EULA protected software on your machines they have no right to audit those machines.

Re:Legality in doing this?

[letxa2000]

When you accept the EULA from MS, Oracle, or whatever closed min^H^H^H source software, BSA participating company you purchase from, you agree to let the copyright holder _OR_ANY_DESIGNATED_ASSIGNEE_ come in and audit your system for license violations.

I think it is high time these damn EULAs get properly tested in court. I have a feeling they will ultimately fail the legal test. It's absurd that you "have" to read more legalese to install a piece of software than to buy a car (assuming you pay cash). It's also absurd that you can't read the legalese until you've purchased the software, opened the packge, and many times broken a stick on the internal CD sleave that reads "Breaking this sticker indicates your acceptance of the EULA"--which you see once you install the software.

Last I heard, ripping a sticker wasn't quite as legally binding as a signature.

The BSA coming charging in would be a perfect opportunity to test a EULA. Unless they come with cops and a warrant, you can tell them to take a hike even if they have a signed contract (which they don't). Tell them to get a court order. They may do that and they way try to sue you: But they'd sue you for violation of a contract, not copyright infringement. You could then argue that the EULA is invalid. Aside from the issue of whether "clicking accept" forms a contract, the EULA is invalid because no contract (in the United States) is enforceable if it abdicates a recognized right of one of the parties--in this case, unreasonable search and seizure.

You, as an adult can sign a contract that says you will never marry, that anyone can search your home and kill your sister--all three of those clauses will not be enforced by a court because they abdicate recognized rights that CANNOT be taken away by a contract. Otherwise many labor laws that protect workers would be useless since workers would just be forced to sign away their rights. You can't do it. You can't sign away your rights (well, you can, but no court will enforce them).

I think it'd be great if a BSA-initiated conflict resulted in the definitive invalidation of EULAs! :)

Groundless??

[sterno]

If it were completely groundless, then yes it would be illegal. The problem here is that in these situations, there's no way for the university to 100% license everything they use. Even if they make a concerted best try effort to license everything a few licenses will slip through the cracks. The university knows this, the BSA knows this, and that is why the BSA, to the best of my knowledge, has never been challenged when these audits come up.

Let's say on your entire campus, one license is not valid. If the BSA comes knocking at your door, you face a relatively minor penalty for that license, but then you have to pay for your legal counsel, their legal counsel, damages, the auditors, etc. The BSA knows this, and they use it to their advantage.

Now, keep in mind here that they are suggesting a product is not legally licensed if you don't have the paperwork to proove it. Therefor, if you aren't totally pristine in keeping track of the licenses for all your software that is, in fact, 100% legitimate, you can still get screwed by the BSA. Although I do wonder how well that would stand up in court, that is, unless the BSA can proove those copies are pirated, is simply not being able to proove them legitimate enough to get you into hotwater. I'm sure their license provisions make certain statements about this, but I don't know if they would stand up in court.

What it boils down to is that the BSA takes advatange of our legal system to extort businesses and it's about time that something was done to put an end to this. For example, I would propose that any organization that licenses software for more than say 50 computers, they should have certain protections from this sort of action. I would suggest the following protections:

1) Provide protection for good faith effort. If your company makes a good faith effort to license your software (at least say 80% of the value of the software is legitimately licensed), then all you can be held accountable for is the cost of licenses at retail price. No damages, no attorneys fees, no auditing fees. It would still cost you the attorneys fees to fend it off, but at least the expense would be clear and reasonable. If you have more than 90% compliance, then your legal fees would be covered by the suing party (though you'd still have to pay for the licenses). Thus, there's a strong disincentive to go after an organization that's not blatantly violating the law.

2) Receipts or other proof of software purchase should be considered valid proof of legal license. If you buy a thousand copies of a piece of software, you shouldn't have to keep track of a thousand pieces of paper. It would be impossible to proove that a piece of software is pirated, so it makes sense for the purchaser to be required to demonstrate ownership in court, but the burden of what needs to be proven should be much more reasonable.

counterthreats

[Tablizer]

(* This is who the BSA *really* is: [big software companies] *)

Try this: Tell them you will go on a mad OSS campaign if they don't go away. Show them a proposal to spend X amount of money on OSS advertising and promotion around the campus and elsewhere.

Show them a draft of an article about BSA thuggery and why it is now time for OSS that you plan to publish.

When they send in a representative, have a bunch of Penguins, OSS posters, and Red Hat boxes around your office. Give them a free Penguin T-shirt on their way out.

Re:counterthreats

[Technician]

Tell them you will match the fine in promoting OSS and campaign against corporate raids. The fines and campaign funds all are to be from the budget for new software licenses. They will be killing the golden goose to continue. Part of the promotion is showing the audit cost + penalties are part of the TCO of the Windows Platform.

Re:EULAs

[Kwil]

Interesting idea for a EULA case..

Ask the IP holder to produce the EULA that you specifically agreed to. Request proof that it was you/your institution that accepted the EULA, and not the OEM, shipper, independant IT person who installed the software, etc..

Not only can they not prove who exactly accepted the EULA, they can't even prove the EULA was presented in the first place.

"No your honour. Nothing that said click to proceed came up on my screen. Could be a bug in this copy of their software I guess, I dunno, I didn't make it."

Re:Legality in doing this?

[nolife]

Can you point to a specific EULA that includes text of this nature? I can not find one. I am interested in how this is worded. I searched Microsoft with Google and MS's own internal search engine and can not find an EULA posted online. I found a eula.txt in the system32 directory on my 2000 machine at work and it mentions nothing about allowing an audit.

General points to ponder...
I just walked through the entire process of buying WinXP from shop.microsoft.com and NO WHERE was I given a chance, a link, or even a hint of an EULA that I would be binding too when I open the software. How could they not include this license in the buying process? There is no excuse for not making this a part of the purchasing process.

Microsoft statements about "piracy" and license agreements

What is the minimum amount of documentation I should keep to prove my software products are legally licensed?
All legally licensed Microsoft products should contain an End-User License Agreement (EULA), which is your primary proof that you own a legally acquired product. However, it is also recommended that you keep the original user's manual (or at least the cover and first page of the manual), the product disks, the Certificate of Authenticity, and your purchase receipt.

This EULA they speak of, is this a hardcopy of some sort? That seems to be all that they require. What is with the should and recommended? Sounds shaky to me.

Chump Change? No wonder the BSA ignored you.

[nlindstrom]

An awful lot of people are either complaining about how the BSA ignored their past employers for violations, or how the BSA went after them for "lots of money." Bah. Wait until you hear my story.

I work as a Sr. UNIX Administrator for a very large (Fortune 100) company that shall remain nameless for all the obvious reasons. I plan to leave soon, just as quickly as I settle upon a new opportunity in this less-than optimal job market.

Microsoft is currently auditing us. Granted, that is not what Microsoft or we are calling it; rather, Microsoft is "helping us to determine our licensing needs" but that is just a sugary title for what is really going on.

What is really going on is this: this company has long made an unofficial policy of pirating software. Factual, verified (by me) examples include:

* A single MSDN subscription CD of Office 2000 being installed on virtually every PC in a particular department (over one hundred machines)
* Remote sites throughout the United States being sent CD-R copies of software such as Microsoft Project and being told that it is OK to deploy it on all their PCs
* Numerous Windows Terminal Servers being setup for use by Sun workstation clients, each running Office, Project, and Visio - with at best only a handful (read: less than five) of licenses apiece, with no CALs at all - and definitely not enough licenses to cover the 300+ workstations that use them
* Mass upgrades of PCs from Windows 9x to Windows 2000, with nary a license in sight
* Another department, supposedly responsible for license compliance documentation, cannot now seem to lay their hands on any more than a third of the licenses that supposedly exist - thus leading to a deficit of more than 2,000 unlicensed copies of Office, Project, Visio, and Acrobat.

In my department alone, which is one of the smaller ones at this company, I estimated that we are looking at an easy $400,000 to "true up." Nevertheless, the departments are busy engaged in a finger-pointing battle, each blaming responsibility for license compliance on someone else. Upper management has completely ignored the issue, and as the deadline of July 31 draws ever closer, it is becoming rapidly apparent that this debacle may prove of truly colossal proportions.