Is the BSA "Grace Period" a Scam?

An anonymous reader asks: "I work at a small non-profit that has 18 employees plus a 13 seat computer lab. We received a form letter from the Business Software Alliance (BSA) telling us to do a self audit and if we find any unlicensed software to report it during our 'Grace Period' because 'if you organization's software is not licensed, it could become to focus of a BSA investigation'. Now this is obviously a method to scare up some business for the BSA members. If we ignore this, how likely is it that we will be 'investigated'. I know that I cannot produce the original CD's and/or documentation for some of the software that we HAVE paid for."

I'm not a lawyer,

[sstory]

but as far as I know, a trade group like that cannot demand access to your computers, or your facilities. The BSA has no power to force any sort of audit of your licenses. We have old computers at work, and might not be able to locate proof that we paid for some of this stuff years ago. I manage the computers there, and if the BSA ever contacts me demanding an audit they'll be told to choke on it.

If it's somewhere in a license they can show we bought, that we have to allow access to the installed software, then for every license they can show, I can provide an adequate installation.

Did you register your software recently?

We got one of these...

They called a 'truce' in our town of 500. We are a 2 employee show, run from a basement.

We bought a bunch of stuff, but never sent in the registration cards. We registered some stuff back in '97-'98 probably, and nothing since. We haven't gone out of business, so they figure we're probably pirating something. We are not, but since we haven't registered anything in a while (Microsoft Tech support is sooo valuable!), and are continually considering the move to Linux (just a matter of time...) we come up in their database as a possible pirate. Oh the miracles of databases!

All we did was make a file of receipts and certificates, and they can wade through it if they come a knockin. We're sure it's all there, and we can hopefully sue if they end up siezing a computer, especially since we are legal.

We had to look real hard for the licenses, but we found them. The certificates are useless without a receipt.

Ignore it, it's more like SPAM that a real letter!

[Dave21212]

I work in an enterprise environment. Last year, I registered for one of those free magazine subs and a few weeks later... viola, a letter from the BSA using the same name/address pair.

The BSA must be getting names from those lousy online surveys (company size, whats your position, how much software will you be buying in 6,12,24 months).

Sounds more like SPAM to me !

Re:Ignore it, it's more like SPAM that a real lett

[jumpingfred]

I think you are correct in that they just get a bunch a mail lists and start firing off the letters. We started getting these letters when my wife passed the bar.

No leg to stand on.

[dentar]

I've seen these letter before from clients. If they do not specifically charge you with piracy, stealing or whatever, throw it out and don't bother downloading their spyware.

You have the same rights you always had. They have to have probable cause to get a warrant, and they have to have a warrant before they can come into your office forcibly. A warrantless vampire cannot come in unless you invite them in.

IANAL, but I believe that as long as you have practiced due diligence and can show that you took reasonable steps to not break the law, then no judge with an actual brain would rule against you.

That being said, the BSA is looking for those who buy one copy and load it all across the office. I know of a company that did that, got ratted on by a disgruntled employee. Bottom line: they paid big. These are the fish they want to fry, and there are plenty of them out there.

Now, if you've been pirating software, and get a letter, and throw it out, and they still come after you, you won't get any sympathy from me!

Stole from them?

[smartfart]

You're kidding, right? The BSA doesn't produce any software. They only run this scam (IMHO, the whole thing is a scam, from beginning to end) because they can get cash from Microsoft and other companies that write software by threatening these companies' customers.

Personally, I refuse to play. I will not purchase any software from any company that employs the services of collection agencies such as the BSA. Furthermore, I will do everything in my power to dissuade my clients from purchasing software from these companies.

Re:Stole from them?

[anon*127.0.0.1]

You might want to check out who the BSA members are before you decide you're not going to buy software from any company that employs them. Lets see... Microsoft, Apple, HP, Adobe, Cisco, Novell... quite a collection.

The comparisons to the IRS are pretty apt, though. What generally happens is that the BSA gets a tip from some disgruntled employee/ex-employee that company X is using pirated software. The BSA picks a few of those companies at random (or maybe they have some criteria) and takes 'em to court. Unfortunately, the onus is on Company X to prove that they have licenses for all the software they're using. If they can't, they have to pay for the software and generally get whacked with "punitive damages" as well.

The BSA uses those cases to threaten everyone else into doing those bogus "self-audits" and sending hush money to the BSA.

I don't mind paying for the software my company uses, but keeping track of all the licenses is a major pain in the ass. Every software seller has a different definition of what you have to be able to present to prove that you have a license. A piece of paper? Something with the serial number? The installation CD?

Then they all have different license terms. Some require you to buy one copy for each computer, some let you buy one copy for each concurrent user, some let you uninstall the software from one system and put in on a different one, some make you you buy a fresh copy for each system... it's a HUGE hassle, and the software vendors don't really seem to give a crap about how difficult they're making it for their customers.

From someone who lived through a BSA audit

[TheCabal]

We had the BSA sicced on us by a disgruntled ex-employee. We didn't receive one of those mass mailed letters, we received a bona-fide messenger delivered packet from the BSA, naming specific software titles. Also in the letter was their "gracious" offer to do a self-audit and orders to report the results of the audit to them. Failure to comply with their demands would result in the BSA taking us to court, getting a court order to come in and conduct an audit themselves, with their software and people,and under the eyes of either the State Troopers or US Marshals to make sure that we didn't interfere.

So we did an audit and found out that we were only one copy of a certain software title out of compliance. We sent back the results of our audit, along with copies of our licenses to the BSA, along with an offer to buy the extra license at full retail price. They replied that our licenses and audit results were not good enough, that they also wanted us to produce the receipts for the software.

The receipts. Apparently, having the licenses are not good enough. Or maybe the BSA figured they could strongarm some money out of us, so they leaned a little harder. I had heard that before the BSA sends out these demands, they research the company to see if they have enough cash to make their efforts worthwhile. Having recently completed a series of capital funding, I suppose we looked mighty tempting.

This meant many days of going through three years of financial records. Eventually, we found most of our reciepts and purchase orders, except for a few things from the very beginnings of the company when the records weren't really kept. But we did have the licenses. Of course, the BSA, now really smelling blood, came down with an arbitrary amount to fine us along with a statement that if we did not pay this (ridiculous) sum for basically being one copy out of compliance, they would take us to court and demand far more.

I was never told how much exactly we had to pay the BSA, but I heard it was "not insignificant". It was somewhere in the 5-figure range. All for one copy of Visio, and some tossed receipts from three years ago.

I always argued that the BSA had no right to demand our receipts and financial records since we were able to produce the software licenses. It's a bunch of crap. I can't see how the BSA can legally operate in this country. There is another organization that operates in a similar fashion- it's called the Mafia. Bastards.

Re:BSA learned from the master

[berzerke]

...[BSA] if you don't let them in, how can they prosecute/obtain a warrant/whatever?...

When the BSA does decide to do an audit (as opposed to a mass mailing), it's because they already have some evidence of illegal software use. Most of the time, this is from a former employee, disgruntled employee, or the like (i.e. a contractor you pissed off, former customer, etc.).

If you don't let them in, then they go before a judge and get a warrant, and then US Marshals come in, and you won't refuse the marshals entry (for very long).

I know because a friend of mine got raided. The "tip" came from a business rival. The Marshals found everything was in order and the tipster got billed for the cost of the raid.