Slashdot Mirror
Is the BSA "Grace Period" a Scam?
An anonymous reader asks: "I work at a small non-profit that has 18 employees plus a 13 seat computer lab. We received a form letter from the Business Software Alliance (BSA) telling us to do a self audit and if we find any unlicensed software to report it during our 'Grace Period' because 'if you organization's software is not licensed, it could become to focus of a BSA investigation'. Now this is obviously a method to scare up some business for the BSA members. If we ignore this, how likely is it that we will be 'investigated'. I know that I cannot produce the original CD's and/or documentation for some of the software that we HAVE paid for."
A Google new search reveals all sorts of interesting articles, including some cases where people were busted.
And this little gem:
Perhaps some pertinent questions:
Supposing the BSA does perform an investigation, I'm wondering what the actual legal procedures are.
Are you required to maintain documentation of every last opened piece of software? I know at the CIT department I worked in for school, we had Windows 95 manuals stacked up in storerooms, even though there was a school wide license. I don't know if this is required though.
Furthermore, what happens if they find you're missing a couple documents, and decide to take you to court. Is any jury going to decide, based on either a "preponderance of the evidence" or "beyond a reasonable doubt" standard that this software was obtained and/or used illegally?
Any legal experts out there?
Some one wrote this the last time the BSA came up on Slashdot- sorry, I saved the quote but not the poster. The conventional wisdom thus far from other posters seems to be 'ignore it,' but if it goes further, consider this:
I know someone that was audited by the BSA and decided to fight it. Basically they countered by stating they wanted full disclosure of who reported them so as to determine the validity of the claim prior to wasting internal resources and dollars. They also argued that the reporting tools are a violation of privacy. Yes, they expected them to place some software on their network which scans their entire network not to mention each machine's registry. Third, they also argued that even if they were in violation of license, the license is between them and the vendor (after all, the license does not allow for the BSA as having legal proxy interests) and unless the vendor in questions decides that they'd like to personally persue the issue, the BSA does not have legal authority or the legal grounds to persue the action. Furthermore, they argued that even if something odd was discovered and they lost, only the government has the right to impose fines on legal matters as such and they would be within their legal rights to simply purchase any outstanding licenses or settle directly with the vendor in question and completely dismiss the BSA altogether thereby eliminating the need to pay any fines or added fees.
Last I heard, even though two ex-employees had turned them in, the BSA simply walked from the issue as, from what I gathered, they really don't have a legal leg to stand on.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
--Mike--
The odds?
0.
Literally.
0.
If they had any intention of "auditing" people (which, btw, is illegal in and of itself! It violates property laws, search & seizure laws, as well as laws against extortion, to name a few) they would have just gone ahead and done so already. Instead, they've put millions into cranking out form letters to people as scare tactics, since they know they're effectively powerless.
If auditing companies produced any meaningful monetary award, they would already be doing so...which they aren't. And even if they did, they sure as hell wouldn't tell you or I about it in advance.
Logic prevails.
Bowie J. Poag
And that's when I tell them "prove I didn't". The burden of proof is on them. The only organization in the US that this DOES NOT apply to is the IRS. The BSA only has as much power as you give them. Has anyone else seen the page on their web site where you can rat your employer/friend/etc. It has a picture of some idiot with an evil *I stuck it to da man* smirk on his face and the whole bit. Gimme a break.
Sure I did. Of course, whether they have any legal basis or not, and if so whether it confers rights on the BSA rather than the software vendor(s), are different questions. The BSA can find out in court, if they really want to know whether I've got any illegal software installed (I haven't) and they're prepared to risk a test case that could destroy their whole threat model (I doubt it).
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
A landlord has the power to enter your "home," and is specifically granted this power under some state laws. At least in my state, they must have a reasonable justification, AND give advance notice; they can't just barge in willy-nilly (IANAL).
Still, even if you rent rather than own, even your local police department needs a search warrant to enter your apartment. Also, if a person legally consents to a search, that consent can be withdrawn at any time. At that point, a search warrant is required. How is some kind of private "trade group" going to bypass that little requirement? Even if you clicked some EULA, I don't see how you can give up your Fourth Amendment rights with the click of a mouse. The police have much more power than some trade group, and if they need a warrant, how can some trade group skate by without one? Any lawyers want to comment?
I'd like to see these guys try it, quite honestly... just like that rental car company that was levying fines based on their GPS spy-unit speed measurements... they were denied. Private organizations/businesses don't have the power to levy a fine; that power belongs to the State.
If they were bold enough barge into your home unannounced, with no legal authority to do so, it would be at least Breaking and Entering, or even Burglary (if you were home at the time). If they threatened you in the process, it would be Aggravated Burglary, and you might even be justified in some self-defense. Somehow, I suspect a bunch of software-licence-hunting bean counters are not up for that kind of action.
Even if they do have some sort of "compliance inspection" in their EULA, it's just begging for a court challenge if they force the issue.
If you click a button saying "it's OK to shoot me," don't doubt for one minute that somebody would go to prison for a very long time if they actually pulled the trigger.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Non-profit does not mean people do not get paid to work. It means the organization as a whole is not a for-profit organization: It does not exist in order to make a profit for it's owners.
THe goal of the organisation is to reduce software piracy. The fact that the people who work for them get paid has no bearing.
Trouble is, read your EULA. There are some very interesting things in there. You essentially agree to the audit, especially in the case of MS software. They use a shotgun tactic: send out the faxes, or emails to any company they can find a listing, then state, using radio commercials, a company's need to report any pirated software, while at the same time asking for disgruntled employees to produce information. They will give out rewards for information to these employees. For the guy who posted this question originally, you should audit your software to first understand what kind of software you own, what software you've bought but don't have the installation disks, and also what software you might have borrowed inadvertantly. Then consider what kind of real liability you're under and if this software is something they cover. Then consider if they would have any reason to check your particular group. If you're using licensed software from Adobe say, and you're running Wintel boxes, you should really own a real copy or license key for Windows. But, seriously read the EULAs and see exactly what you have agreed to. The Bill of Rights does exactly cover these kinds of contracts and if you've signed it by installing the software you've unfortunately agreed to a binding contract.
Anyone who whines about being modded down should be.
so they "pirated" software. here is the result:
one, it doesn't cost the software companies a thing. you steal a car, it takes steel, rubber, plastic from somewhere. you make a DIGITAL copy, it costs software co. nothing. and many of the "pirates" wouldn't have bought the software.
two, the people using the software are not using a cheaper alternative. why would you use OO.org, when ms office is "free". so, piracy destroys competition. i remember there used to be at least three major office suites. corel, lotus, and office. in fact, office 97 offered wordperfect and lotus 123 keystrokes, BECAUSE THEY HAD TO. but "piracy" reduced the market share of the other two to nil
three, "piracy" promtes sales. as one program and one format becomes the "standard", especially if it is closed, peopole eventually all have to get on board. and not everyone or every business can "pirate".
i am as big a free market economy guy as you can get. i am as low tax and low regulation as you can get. but this whole piracy thing is bullshit. and they know it.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
before you mod me down, really read this post because it fits a theme I've been noticing lately.
Ever notice how everyone tries to be the enforcer? Corperations, media mogules, senators and even your local legislators? It seems these days people want to be in charge, or the authority trying for a power grab they can't achieve and throwing in some new speak to throw off the commoner who isn't educated enough to know the difference between REAL authority and a scam or fake.
The BSA is just another example to me.
Dunno, just my 0.02c. Mod away
If, on the other hand, you have gone out and negotiated and signed a legal agreement with a BSA member, then what a BSA member can do to/around your premises is limited by the terms of the written agreement. A written agreement is far more binding than any click-through agreement might be.
OS Software is like love: The best way to make it grow is to give it away.
There is basicly 3 roads out of this BSA:
* if you have paid for your software, just show them the proof of purcage.
* if you have paid but can't find the documentation, then you can hope that BSA will belive you. You will naturally increase your changes by showing doucmnetaion for all your other software, and telling them freely about your problem.
* if you have stolen the software: dont do the crime, if you can't take the time...
When I go to Best Buy, and give a company like Apple - who is a member of the BSA IIRC - $129 for a copy of MacOSX how is that extortion? How are my rights being violated? Why is that idea so offensive to so many people?
Dude, you're way missing the point here. Sure a lot of people feel strongly enough against non-Free Software that they won't buy it, but this case is different.
The BSA is essentially running a protection scheme. Here's the scenario: Let's say you run a business that's large enough that it's difficult to keep total track of everything on every machine.
You don't (purposely) violate any software licenses, and take pains to follow them correctly. However there is significant overhead to keeping track of what you can and can't do with the software you've bought, and violations are sure to occur. There's just too much to do not to make an error.
Some employee you've pissed off (and if you're an employer you will piss off an employee) goes to the BSA and tells on you. They don't need actual evidence. To audit you. They 'nicely' tell you to audit yourself and give them money for anything that might not be compliant.
Let's say that you can't find proof that you purchased some of the software you purchased. You then have to pay for that AGAIN. If you don't pay them for it, and they audit you, you then have to pay for it anyway, plus exorbidant fines because you couldn't proove that you weren't guilty of a crime.
They also use this as a scare tactic to scare people from going to Open Source, or even competitors. If you are looking at not renewing a licence you get a message that you might be audited. Even if you are in total compliance, it's rather expensive and labor intensive to go and make sure. Were my university to be audited, it would cost around $2,000,000 just to double check, and given the number of people using computers (about 10,000) it is virtually guaranteed that someone somewhere either wasn't careful with licensing proof, or just flat out pirated something.
What they are doing is no different than the Mafia vandalizing someone's business and then asking money to make sure such things don't happen again. It's protection money, nothing more nothing less. They just couch it in a slightly less ominous sounding name.
Many Open Source advocates have no problems with paying for software, music, movies or books. What causes problems is when someone tells me I can't do what I want with the media I've bought that I get a little upset.
If I want to make a mix for my car, the law says I have that right. They're trying to stop me. If I want to use software on a different machine, I have that right. Under strict copyright law (may be different under DMCA now), I can put software on any number of machines as long as they aren't being used concurrently. I can copy movies or cd's (as many times as I want) as long as I don't distribute them. As long as I dont' redistribute what I do, I can do whatever I want with what I've purchased.
Under the Constitution of the United States, it is not my responsibility to prove my innocence, it is your responsibility to prove my guilt. If you can't prove my guilt, I am to be considered innocent. The BSA has neatly ignored this, and gotten courts to go along with unconstitutional legislation. Fines are imposed without trial, and without proof of guilt, in direct opposition to the Constitution.
More than a Boycott needs to be done to the members of the BSA. There needs to be a trial that addresses flagrant violations of the constitutional rights of individuals all over the United States, and an appropiate punishment needs to be given.
There is a civil war coming in the United States. Remember which side has most of the guns
IANAL. That said, there is a generally accepted legal theory that two parties cannot enter into a binding agreement if one of them could not be expected to understand that agreement, is not properly represented when entering into that agreement, or the agreement contains "fine print" conditions which defy common sense or expectation, or which are intended to deceive. There are other exceptions as well, but these are the important ones for the moment.
I say all this because the shrink wrap license ("EULA") - through which the BSA claims to derive its authority - is thus on extremely thin legal ice. In fact, I am on a neverending quest to find reference to any (any) case where any of the more onerous terms of a shrinkwrap license have prevailed in court. (UCITA, of course, changes everything - but that's a subject for another post.)
Almost all users of computers never properly understand the "contract" they have supposedly "agreed to" by using their software. They are ignorant of the need to keep and maintain records (as if their word processor was a firearm or motor vehicle), and the idea of granting some organization permission to enter their premises and inspect, demand documentation, and otherwise claim supra-police-like powers just to "insure" that they're not violating their "agreement" must profoundly, breathtakingly, and absolutely fail the test of "reasonable expectation."
In the case of copyright violations, there are criminal and civil penalties. You can sue me for stealing your software. You can also call the police on me, who may choose to arrest me and try me for said same. But enter my place of business uninvited to "inspect" or "audit" on the basis of a shrink wrap license? I don't think it flies.
Let's sum up.
The BSA claims a variety of privileges (from the EULA) which it doesn't really have. It threatens you with actions which are almost certainly illegal. Software users are unaware of their "obligations" under their "licenses" even if you consider them binding (which is asinine), and even when they attempt to follow the rules, there are many cases where it will not be possible to provide documentation "to the satisfaction of the auditor" - whose standard is arbitrary, and purposefully engineered to make it unlikely you can meet it. You are frequently given a very short time in which to reply to the ultimatum - purposefully short, to insure you will not have time to properly inspect your facilities before making a decision. Then there is the oft-cited case of schools and charities which use donated equipment for which the paperwork is not, and probably can never be, in order.
The cost of self-defense is borne by the defender in civil court. Knowing one is on the receiving end of a legally specious and improper legal challenge is one thing. Being able to afford your defense against some of the world's richer companies is quite another.
Most victims who receive this have done everything right, but have not retained all their receipts, and/or cannot afford the considerable manpower and expertise it will take to insure "not one single unlicensed copy of anything" exists on any of the machines in their organization. Consider... will even one violation, even when made by an employee in violation of a company policy, result in punitive damages?
Generally the BSA gets what it wants: a "settlement" in which they are paid not to "report" to federal authorities and/or file a questionable lawsuit. The victim pays again (perhaps many times again) for what they already own.
We have come a long way from the simple world of Best Buy which you describe.
The fact that no one understood their options or the consequences of their choices is the very thing at issue here. Extortion, coercion, and foul play describe these practices perfectly.
Groups like the BSA are not a "price to pay for preventing theft." Their tactics are both immoral and unnecessary. They have no place in the enforcement of copyright. The police are the ones whose job it is to handle software thieves. But then there'd be no money in it for anyone, eh?
Want to Know How to Cheat the GPL? Read On!
A brief note about economics is probably in order. The cost of making a physical CD is not what you are paying for when you buy a CD. You are paying for the cost of developing, testing, marketing, researching both that program and future programs.
That means that pirating software costs the developer the chance to recover the costs of making that software in the first place.
And before anyone mods this Flamebait, give a moment's thought to what this means for the (non-BSA member) Linux companies out there: companies with (as a rule) very good chances of going out of business each year. They spend time researching, fixing, improving the OSS software that you use regularly... but since most people download this without actually paying a penny for it, they have to find alternative routes to make money.
Now I think that there are lots of arguments for OSS, but it does make the economics much more complicated for all involved.
And remember, the next time MS gives you that TCO crap, that this hassle, and its attendant expenses, are part of the TCO of using software that falls under the aegis of the BSA.
Just say no.
KFG
And the reason the company is not suing him is?
Seriously though, this person knowingly broke the law. While the company is responsible for that, he is responsible to the company. You should, in no uncertain terms, sue the weasel for all costs incurred in the audit, license purchases, legal fees and damages. Make a precedent out of him, he deserves it.
-Charlie
A man I know as a regular in my local pub owns a chain of estate agents. They have 4 branches and they own about 40 PCs and a server or two. The only BSA related software the agency uses is the Windoze OS and a few copies of MS Office which are only used by secretary's (all 100% legit). The main software used for running the agency is actually a bespoke application, developed locally by a small software house.
He got the letter from the BSA mentioning the grace period, thretening a surprise audit etc. He reponded by informing the BSA if they made any attempt to enter any of his premises he would treat the matter as aggravated tresspass and use whatever means necesary to te remove them. The was followed up with a "We are sorry you are taking this attitude, but we have a right blah, blah" letter, but after that he heard nothing.
The BSA may have a (questionable) contractual right to audit your software, what they don't have is the right to enter buildings and act like they have legal backing. I know someone who was at the sharp end of such and audit and aparently it is not very pleasant. The BSA folks do act as if they are policemen and they are very upfront.
The BSA is just a trade body, the software equivalent of the Taxidermists Association of Scotland or the Charterd Institute of Accountants. They exist only to represnt the interests of MS, Adobe etc. They have no legal powers whatsoever. Their powers of enforcement as an organisation are exactly the same as mine as an individual. If they hassle you, ignore them and tell them to sue you or go away, simple as that.
Whatever your moral stance, legally speaking software piracy is wrong. However there are existing mechanisms in place to deal with piracy. The BSA approach seems to be to squeeze the biggest amount of cash out of the existing customers of its members. What about the many SME's that have never, ever bought legit software? How does the BSA deal with these types, given that the BSA probably doesn't even know they exist? I know of several businesses who don't have one single piece of legit software, the BSA doesn't even know they exist. BTW I won't snitch on these businesses, I live in Northern Ireland and I like having knee caps.
The BSA duses extortion to make money for its members. Its picks on those who are largely 100% legit, but may have made mistakes, these are easy targets. It would seem to ignore those who are serial pirates, those who do not intend to now or ever buy software. This approach is easy for the BSA, they really should sort their priorities out.