BSA's Tactics and Motives Questioned

_Hellfire_ sends us over to Baseline Magazine for a longish article entitled After 20 Years, Critics Question the BSA's Real Motives, which paints the Business Software Alliance in the same colors as the RIAA. "A recent Associated Press story highlighted the fact that 90 percent of the $13 million collected by the BSA in 2006 came from small businesses. Since 1993 the group has collected an estimated $89 million in damages from businesses on behalf of its members, every penny of which it keeps. 'I don't know of a business where you can get away with raiding a customer with armed marshals and expect them to continue to do business with you...' said [Sterling] Ball, who shifted his company to open source software after the raid."

BSA?

[Geoffrey.landis]

I have to say, I read the headline and really wondered why slashdot was interested in the Boy Scouts of America.

Same again

[Wowsers]

It's the same situation in the UK, the little guys get screwed over software licenses that for example, may have expired and nobody keeping an eye on things, whilst the big companies have big lawyers to get away with it.

Should make Linux a bit more of an interesting proposition.

Re:Same again

[Chris+Burke]

Therefore a big company is likely to have an IT department that does a good job of making sure it has licenses for everything and doesnt cut corners to save a few bucks here and there.

Yes, that's very true, the big company can afford to pay people solely to look after their licensing.

It also has to do with the kinds of licensing small business vs large ones can afford. A large corporation can afford site licenses or bulk-licenses where a large number of users are covered by a single license. It's much easier to keep track of, and to know whether any particular user of the software is legal (either they all are, or any machine that can get a license from the license server is), and easy to know when it expires (there's one date).

Whereas a small company that has to buy individual licenses (especially in the form of shrink-wrapped boxes which means the license is in paper form) has a lot more to keep track of, like when each piece of software was purchased and thus when it expires, and more documentation to dig up when the BSA comes knocking. Plus the BSA is notorious for going after technical violations of licenses where things like moving a hard drive from one machine to another is against the terms, so even though Software In Use == Legal Software Licenses and thus the software vendor got all the money they deserve, the BSA will still force them to pay a fine.

Him again?

[Otter]

...said [Sterling] Ball, who shifted his company to open source software after the raid.

Perhaps a more accurate title would be "After Eight Years, We've Found a Second Person to Put In a Story With Sterling Ball"?

Admittedly, the new guy, who seems to have been knowingly using unlicensed software, isn't the most sympathetic figure, but at least it's a break from extrapolating Sterling Ball to the entire business world.

I have been in an Audit once

[QuantumRiff]

We got "anonymously tipped" a week after I took over the job of an incompetent admin, who was in charge of all the licensing, and kept telling everyone it was fine to install this and that, when it wasn't. The fun thing was that even if/when you pay the fine, you have to get back into compliance. I remember calling around to MS about some licensing issues for SQL server. Talked to 3 different people, got 3 totally different answers about how many licenses we would need. I read the info from a script, to make sure I was keeping it the same. If the company that SELLS the damn software can't understand their own licensing, how can they expect us to? We ended up having our lawyers and the BSA lawyers figure it out.

adversaries

[SoupGuru]

Is it only in the technology world where it seems that vendors and their customers are more like adversaries? Is there any other realm where the manufacturer demonizes the very people that buy the products that pay the rent? I'm sure the fact that 0s and 1s are easy to replicate makes this standoff easy to achieve but it's to point where a valid business model would include giving something away and then suing everyone to pay the bills. Of course, it already is a business model, I suppose. When it comes to patent trolls, the music and movie industry, and software producers it just seems like they are able to get away with treating their customers like dirt more than anywhere else.

Re:adversaries

[Todd+Knarr]

But what happens when I do buy a TV from Best Buy. I hand them my credit card, the charge is approved, it shows up on my bill and I pay it, in short I bought and paid for that TV. 2 years later, Best Buy comes around demanding that I prove to them that I really did pay for that TV, and if I can't they're going to charge me with theft. I show them my credit-card statement showing their charge for the price of the TV, and they say "Not enough. You need to show us a printed store receipt for it.". Now, after 2 years the warranty's expired. The credit-card charge is long since paid and history. The TV's not something I can take as a deduction on my taxes or anything. Why in the world would I have the receipt still around? But Best Buy still says that they'll charge me with theft if I can't cough up that receipt.

Now, should Best Buy be demonizing me, calling me a thief? Or should I be demonizing them as clueless nut-cases?

Re:adversaries

[Chris+Burke]

The only way that the BSA is going to come after you is if they get tipped off that you are violating your license. If that happens it means that people at your company knew they were infringing.

If you're accused you must be guilty. Yeah, that's a safe assumption.

It couldn't possibly be that it's a disgruntled ex-employee who called in a bogus tip simply to harass their former employer. It couldn't possibly be a disgruntled ex-employee who was themselves responsible for the licensing and thus the lack of compliance, and they were the only ones who knew it.

I'm sorry, but in my world thats not gray, thats black. Having one valid license to a software product that was copied 200 times doesnt make it "gray".

And is having 200 valid licenses to a software product that was installed 201 times because someone forgot to delete one copy off an old computer black as well?

Is having 200 valid licenses to a software product that was installed 200 times, but someone didn't obey the specific terms of the EULA and moved the software from one computer to another also black?

Is having 200 valid licenses to a software product that was installed 200 times in complete accordance with the license terms, but not being able to meet the strict (and poorly specified) accounting to prove this to the BSA when they raid your company also black?

Is there any gray at all in your world?

Re:If you're being raided... (you are a customer)

A) much of the time they get their authority to raid you from the agreements you signed when you became a customer; not being a customer makes you much safer

B) most of the people they get actually had licenses but have no clue how to fulfill the strict audit requirements. No the stickers on the back of your machine are not enough. You must have a purchase agreement for _everything_

C) most of the time the they threaten jail sentences (for the IT managers and staff) and accept money.

People just don't bother to fight because it's not worth it unless you are whiter than white, which is almost impossible in any company actually working and not spending it's entire time preparing for a BSA audit.

In other words, the best way to avoid the BSA is to stop being a Microsoft customer and switch over entirely to free software like Linux. Even if you claim the proprietary stuff is better (which it isn't) is it really worth destroying your life for a few bucks more of your employer's time?

Re:If you're being raided...

[erroneus]

...uhm, According the Sterling Ball, he was only out of compliance by 8%. This would mean he was 92% legitimate. This would seem to indicate that they WERE actually customers.

I find it interesting that there is such a strangle-hold in the software world. It's ridiculously oppressive. It's also amazing to find what people will tolerate. I guess some of the reality is that you rarely know anyone directly who has had the worst of experiences. But it amazes me still that even after a BSA run-in, companies continue to use the software of companies that enable the BSA to operate. In some respects, it seems unavoidable, but it's all about how we got where we are and looking at what it would take to over-throw the systems we have in place now. It would take LOTS to overthrow Microsoft, Adobe, Apple, Autodesk and the rest and switch over to F/OSS or something along those lines. It would lead to better things in the future, but people aren't willing to take short-term, personal hits for long-term, social benefit. Lots of people saw it all coming from far away and long ago, but people wouldn't listen and they still won't listen.

But things seem to be changing... slowly...

Re:If you're being raided...

[Cheerio+Boy]

I'm going to go ahead and guess the violations resulting in a "raid" were far more egregious than your example. More like, say- the company I used to work for that bought a single license of Office 2000 and installed it on 150 users' machines. Had we been busted, I would hardly describe it as a good customer getting screwed because of paperwork. Sorry but in more than one place I've worked the management at the time got info from the other small businesses that got raided. (Customers, suppliers, etc.) The majority of them were raided either because of a disgruntled employee snitching to the BSA or because the business in question was stupid enough to answer one of the BSA's infamous letters and tell told them that they were "in compliance and did not need their services".

Either way in a lot of cases the Bullsh!t Stealing Alliance raided them and hosed them seriously for minor infractions.

The only ones that didn't get hosed were the ones that up and paid a fine outright. Sound familiar?

tell them to go fish

[SuperBanana]

'I don't know of a business where you can get away with raiding a customer with armed marshals and expect them to continue to do business with you...

If the BSA ever shows up at your door, unless they have a court order, tell them to get lost. If they refuse, slam the door in their face and call the police. Write down every license plate number you can see.

For extra giggles, when you call the police, complain that the people who won't leave are dressed like police officers (the BSA guys wear those black nylon rain jackets with big yellow letters to try and look like government agents), and if they're armed, make sure to mention that too. Cops don't take kindly to people pretending to be them.

A heartwarming story

[mattpalmer1086]

I was told this heartwarming story a few years ago by someone involved in creating the system described below. A very large, well known organisation (call them B) was threatened by a visit from either the BSA or FAST (can't remember which), on the grounds that yet another large software house (call them A) thought that B was using far more copies than they were paying for. B was a very large customer of A's software - they literally couldn't run their business without it, and A certainly knew it.

They had the usual problems of any large organisation - software would get installed and not removed, people would move desks, jobs, etc. They weren't knowingly in violation, but they couldn't really honestly say how many licenses were in use or where everything was installed.

They decided to write a system that would track all the licenses and software in use across the organisation, and allow it to be fully managed - installed and removed on demand. It could handle many different kinds of licensing for many different bits of software. There was nothing commercially available at the time that could do what they needed.

Anyway, after doing this, they found out that not only had they had been over-buying company A's software licenses, the flexibility of the new management system allowed them to have far fewer licenses anyway. Effectively, they had been buying enough to cover installs in all the remote offices, for their more mobile staff, of which there were a lot. Apparently, it was a very pleasant moment when they told A they didn't need any more licenses for the next year or two.

Re:They tried to shake us down once

[sgt+scrub]

We were in the same situation once. They sent us letters then showed up. The guys head was swinging from side to side looking at peoples monitors. Occasionally he would do a double take because someones shit looked Windowsy. There is a huge bucket in the corner of our build room with Windows95-XP and Windows Server bundles still in wrappers dribbling over the top and two boxes of crap like office, photoshop, AV software, intuit... ad nausium. My boss walked him in front of the heap and asked, "which license do you want? we usually throw shit away but since your an important person help yourself". The guy actually asked if we had any of it documented. I almost fell over. Every desktop he looked at had Solaris, Linux, or OS/X running on it. My boss looked at him all confused. He tried to explain to the guy, again with no luck, that we don't use windows or windows software.

The guy had to be acting ignorant or something. I think they make money off people being to confused, busy, or scared. It sucks you cant ignore them either because they supposedly act with some kind of government authority. I got stuck listing 200+ licenses for a shop that has under 50 employees.

Re:Obligatory:

[ScrewMaster]

Fuck the BSA.

I wouldn't, if I were you. You don't know where they've been.

Re:put BSA out of business

[vux984]

either pay for the software that you use or use open source. Sorry no-one gets my support in this type of issue.

A lot of those BSA audits fine people who have legitimately purchased and licensed software.

I know of a company that got nailed because they'd been with a product a long time and gradually growing. So each time a new version come out they bought x upgrade licenses plus y new licenses. After a decade or so and some 7 or 8 upgrades, their last of which was like 150 upgrades and 20 new licenses they got nailed...

They couldn't properly show that every single license had a proper upgrade trail going all the way back to version 1 some 15 years ago. Some one had long since thrown away the floppies and receipts showing that those had been purchased.

Of course the vendor had changed names and been bought out at some point, and they certainly didn't have any records going back that far either.

So some 50 of their 150 upgrades had been ruled in 'non-compliance' simply because they were upgrades of upgrades of upgrades that could only be traced back 4 or 5 versions, but not back to an original purchase in the early 90's.

So, even if you pay for the software that's not enough. You have to cover your own ass so carefully its absurd.

Even the government doesn't require you to keep records that far back.

The BSA's tactics would be roughly akin to the RIAA showing up in your home, grabbing your ipod full of 5000 songs you ripped from your CD collection and demanding you prove you own it all.

So you confidently walk over to your CD's and start handing them over...but you've only got maybe 100 on hand... you put the rest in storage in your basement and attic. Now its a royal hassle... but you start digging through your boxes of stuff and passing those CDs over too.

And when its all done you've found the original CD for some 4900 songs... but you just can't locate the last 8 CDs. Maybe they were in your previous cars glove box when you sold it? Maybe you lent them to your brother? Maybe you stepped on them, broke them, and tossed them? Who knows... they're gone.

Too bad for you: Only 98% compliance... prepare to be fined big time for the balance...

And that's when they look at the stack of 494 CDs you spent the last several hours digging out when they say, "Now what about these? Do you have receipts?"

Re:If you're being raided... (you are a customer)

[ivan256]

B) most of the people they get actually had licenses but have no clue how to fulfill the strict audit requirements. No the stickers on the back of your machine are not enough. You must have a purchase agreement for _everything_

Keeping certificates is not enough. I worked for a company that got audited once. It was a small business, but run by a pair of lawyers who were sticklers for details. They shredded old paperwork after some number of years, and they got nailed because they had the certificates that came with NT 4.0, but not the receipts.

I honestly believe you could do everything by the book, and they'd still find something to nail you for... Not to mention that the audit costs your business in both time and money.