Slashdot Mirror
Ask Slashdot: Dealing With the Business Software Alliance?
Kagetsuki writes "We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software. The thing is... we're not using illegally copied software. We have licenses for all the commercial software we are using. Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway. So we now need a lawyer to deal with their claims and we don't have the money — this will surely be the end of the company into which I've sunk all my savings and three years of my life. Has anybody dealt with the Business Software Alliance before? What action should I take? Is there any sort of financial recourse, or at least a way cover our legal fees?"
We sent an affidavit stating that we had appropriately licensed software, detailed the number of employees, provided ****'d out license numbers, etc.
They then said they wanted to put a laptop on our network to verify all our license numbers. We told them to f@ck off, that we'd provided them more than enough information, and that we'd be happy to speak to the police if they thought a crime had been committed.
We never heard back from them.
Google is your friend, turning up this 2008 advice column.
Abstracted:
- 1. Retain a lawyer, don't go it alone.
- 2. Cooperate—carefully, the BSA's attorneys stay on retainer by maintaining a high recovery rate.
- 3. Don't let the BSA's rhetoric intimidate you.
- 4. Don't rush out and buy any software.
- 5. Preserve evidence with confidentiality.
- 6. Find your allies.
- 7. Create a compliance plan.
- 8. Negotiate non-monetary aspects.
Luke, help me take this mask off
We had a lawyer and had him draft a letter requesting information on what they claimed was illegal. Then we offered to show them the results of an internal audit. We also offered to submit to a third party audit that BSA would have to pay for. After lots of meetings and lots of legal wrangling the BSA went away empty handed. One small difference was we were running non-licensed software and were in violation. It was a web design house with 8 graphic designers and not one legal copy of Photoshop, Illustrator, etc. Since the BSA provided us with the list they claimed was illegal, we scrubbed it from the offending boxes so as to appear legal. Then over the span of the next 2-years we bought all of the licenses needed to cover our butts. This cost over $120,000 in software licenses. Far cheaper than what the BSA wanted. But the lawyer was key. Check with the Bar in your area for a probono lawyer. Perhaps you can find someone willing to work on a sliding scale. Also check with the Small Business Administration for ideas for legal help. Good luck.
Carpe Scrotum - The only way to deal with your competition.
NO! NEVER SAY ANYTHING YOU HAVEN'T RUN THROUGH YOUR OWN ATTORNEY TO AN ATTORNEY ON THE OTHER SIDE. There are so many problems with it. Anything you say can be twisted by them. At a minimum, the "Thank you for bringing this matter to our attention so we can put it to rest," could be construed as an admission that you thought you may have had piracy. Thereby negating any counterclaim and potentially surviving different motions to get rid of it earlier.
Short answer: don't say anything until you get an attorney.
We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software.
Reply to the letter like this:
We are in receipt of your correspondence reference ____ dated _____. Could you please advise details of the claim. What software is claimed to be in breach?
Send the reply by registered mail and then do nothing more until you receive a reply.
Engage a lawyer who is experienced with the BSA.
As soon as you are done with your BSA nightmare, I advise you to stop using proprietary software. If Ernie Ball can do it, so can you.
Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway.
First off, do not despair. That's not going to do you any good.
Don't be afraid to tell the lawyer that you don't have any money during your free initial 30 minutes consultation (assuming you're in the US, call your local State bar association for a referral). I'm sure that you'll be able to work something out with him or her.
For now, read the article quoted below. The point of that article is that you can do a lot of this work yourself, but that you should still hire a lawyer to at least "supervise" the self-audit process and act as a go-between.
Now the article doesn't mention it, but if I were you I'd check that any old computer laying around the closet has current valid licenses. Whatever happens, make sure you do not get penalized for super old hardware that you're not even using anymore. Also, start inspecting any computer the disgruntled employee has had access to. You never know what he may have installed on there without your knowledge. It's good to go in this with your eyes wide-open.
And then, try contacting the same types of companies in the same niche industry as yours, chances are that they're not just targeting you -- since they recently increased their volume of enforcement letters. So if you can find others within the same jurisdiction as yours, with a similar predicament, you may be able to band together and pool resources.
http://www.baselinemag.com/c/a/Projects-Management/What-to-Do-When-You-Receive-a-BSA-Audit-Letter/
Let's face it, software asset management (SAM) might be a best practice, but there are still plenty of organizations out there who haven't instituted SAM due to a lack of resources or initiative. If your organization is one of them and the Business Software Alliance (BSA) hasn't come calling yet, there's still time to get your house in order. But once that BSA threat letter hits the mailbox, the ballgame changes.
The BSA is known to be a persistent enforcement agency which rarely grants clemency to organizations once it begins settlement proceedings. The following eight tips are offered by two attorneys who specialize in BSA defense cases; they give advice on what to do once your business receives a letter requesting a BSA audit.
1. Retain a lawyer.
The BSA is an efficient organization when it comes to extracting punitive damages from companies found to be in a non-compliant licensing situation—its experts and lawyers know copyright laws inside and out because that is all that they do. For that reason, Scott recommends seeking legal counsel as soon as an audit request is received from the BSA.
"Whether the attorney is working in-house or outside the firm, don't go it alone," you have an audit," said Rob Scott, partner at Houston-based Scott and Scott. Scott said. "The BSA has very experienced attorneys working for it and this is a very complicated process. It involves not only the legal issues related to copyright law, but also it subsumes with it all of the software licensing rules because the copyright claim that lies underneath the BSA audit matter is related to the software licensing rules."
2. Cooperate—carefully.
As much as a business person would love to screw up their eyes and wish the BSA away, the trouble will only multiply through inaction. Though the BSA is not a law enforcement agency it is acting on the behalf of the software companies and it will take matters to civil court if a business does not cooperate with the self-audit process and settlement negotiations.
"When you get a letter from the BSA do not throw it away," said Steve Helland, partner at the Minneapolis-based law firm of Fredrikson and Byron. "That is a serious tip, because some people think that 'Oh if I ignore this it will just go away, but the cases where the BSA is most likely to file in court are where they think there has been infringement and they don't get any response
First order of business, pull up information on the lawyer that initiated contact with you to determine how much experience they have at the firm. If you're a small company they may have someone with limited experience, say three years, and if so, argue as much as possible and you may distract them from one of my other points.
Secondly, forget anything you believe to be true about software licensing and forget about license agreements included with software. What Microsoft, Autodesk, Adobe, etc. licensing department tell you on the phone and what they state in their licensing terms is not true and will not hold up legally unless you have more money than the fines to afford lawyers to fight the big guns. It's not a legitimate license unless you have a receipt. This is important, I repeat, you do not have a legitimate license unless you have a receipt for it. It doesn't matter if it's past 7 years, you have product keys on the side of your chassis, or you have discs; you must have it on the receipt.
Thirdly, do not provide information unless you're specifically asked for it. Read what they've requested, interpret it as literally as possible and if that allows you to include some information and not include other information. This point may not seem relevant to you and I'm not going to get into detail, but I want you to consider this point for at least an hour as the outcome may have a huge monetary difference.
Fourth, you can't buy stuff now and attempt to pass it off as something you'd purchased before they served you. Don't even consider back-buying software you didn't own before. Date of receipt ties into point number two.
Fifth, consider how they obtained this information and how much the person who provided it really knows. I won't give you advice on what to do with the software this person may not be aware of but I'd ensure your file servers are Linux and if you've ever made a transition from Windows to Linux, hopefully it was a transparent process to the users.
I won't get into details over our case as it cost us a tremendous amount of money, five figures, and at the same time, they may have missed a lot of stuff (the site is certainly fully legal now). If you have any other questions, feel free to fire them off and I'll try to answer as well as possible. The best advice I can give you is to consider this a logic problem.
In order to pass the BSA's version of an audit, you don't just need receipts. You need receipts that:
1. Show retail purchases. In spite of the fact that it is perfectly legal to sell and purchase used software, the BSA pretends it's not. If you have a not-retail receipt, it's worthless.
2. Show a date prior to the first contact from the BSA. If you have an un-dated receipt, it is worthless.
3. Show the title of each piece of software purchased, on its own line item (quantities of identical titles are fine), with a line item price. You likely can't provide this for the copy of Windows that came with your PC.
4. Show the name of the company being audited. Did one of your employee's buy it and get reimbursed? Worthless. Do you have company cards that show employee names? Worthless. Did the retailer not print the billing information on the receipt? Worthless. Was is purchased by a company you bought or merged with? Worthless
If you're incensed enough by now to invite the auditor's in, knock them on the head and bury them in the hill, good for you. But you'll likely want to pursue a more subtle response. An attorney is absolutely necessary, if for no other reason than that the lack of one will make you look like easy pickings. Winning this game is about paperwork, stalling, bluffing and bargaining. Once you retain an attorney, their advice will probably be to not respond outwardly until forced to. The BSA doesn't necessarily follow up on every nastygram they send. Responding when you don't have to is acting like a mark.
If the process does progress, remember at all times that what you are involved in, more than anything else, is a long, drawn-out negotiation. The BSA is out to scare people and fund itself. You want them to believe that you are worth very little and come with a big price tag attached. Everything is negotiable, every decision is mercenary.
So true... the legal system doesn't believe in logic... I have experienced this myself. Don't mess with it, as logical as your argument may be... you will lose because of some crap that has no bearing on reality or basic intelligence. Consult with a lawyer, and maybe you can countersue or something to help make up for some of the fees. The bottom line is, the system doesn't work and it isn't fair... don't play with it or mess with it.
Maybe pleading with the BSA would work... it might be cheaper as well, but in the end, you will be screwed out of money for this injustice. Welcome to America.
No, this isn't legally gray. You're describing an attempt to shield assets in a way that is completely illegal ("fraudulent transfer" is the legal term). You can't possibly imagine that this would work for more than a week, can you?
Get legal help, now. The BSA will need to demonstrate that there is a real question about whether your software is "illegal" or not. If you have reasonable records, a judge can (can't promise that, though) grant a motion for summary judgment in your favor, dismissing the lawsuit.
Make it go to trial, and seek punitive damages if you can either from the former employee or the BSA for filing a frivolous lawsuit.
-- Anonymous coward (almost a lawyer)
Unless you signed a contract to that effect, the burden of proof is on the BSA to prove that you in fact are using the software. Unless you have installed and used the software, you have not agreed to the license. Therefore, unless you are using the software, the BSA has no right to audit you. Now, unless the apps you run have a "phone home" feature or use some other online key verification, there are only three ways for the BSA to prove that you are using the software: you can admit to using the software, you can let them come into your place of business and they can observe it, or they can file a lawsuit against you and force you to disclose it during discovery.
If you neither confirm nor deny that you are using any particular piece of software and refuse to let them in, their only option for obtaining proof that they have the right to perform the audit in the first place is to go to court, file a suit, and perform discovery. Thus, unless their evidence is fairly strong, they'll probably back down if the first thing that happens involves your lawyer telling their lawyer to fuck off.
If they do not back down, that's a sure sign that you have some serious compliance problems, and you need to get somebody in there to audit all of your systems ASAP. The folks at BSADefense.com recommend that you have an attorney conduct the audit. This places the results of the audit under attorney-client privilege, meaning that they cannot be obtained by the BSA during discovery. That seems like good advice to me.
As always, the usual caveats apply. IANALBIPOOSD.
Check out my sci-fi/humor trilogy at PatriotsBooks.
A consultation will not cost as much as you expect. Gather up all your licenses, receipts, and certificates and have him send copies to the BSA along with what is euphemisitically called a "robust" response. You'll probably want to threaten to claim vexatious litigation and assert that you will ask that legal expenses be awarded. Don't let them do an "audit".
And in the future, perhaps you might want to consider not doing business with BSA members. There are alternatives. Just a thought...
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Actually I didnt administer it. They fired their IT guy, and hired me in to clean up his mess. when I found out how bad it was and told them and they refused to do anything about it is when I turned them in and no longer worked for them . Gotta love it when idiots on this site draw their own conclusions from data that was never given or implied.
ignore it. my company did and they couldn't do shit.
Stop treating employees like shit. For an ex-employee to goto this trouble. You had to have done something to deserve it.
Not really. Asshole employees are fired regularly, and the BSA has commercials running saying things like "just fired? Report your ex employer and earn a reward!"
Following this advice I downloaded some of the approved audit software and ran it. It's almost a joke how short the Windows list is, and every single piece of software on that list I can confirm I have a license for, including receipts. We're primarily Linux, the only thing that we run in Windows is Adobe software and we own actual licenses for that. On top of that we have almost no money to speak of, and at this point since we're just working on products and have had basically no income (we're indie, currently only one person is considered "employed" and even then that's "part time") I'm no longer so worried. I'm speaking to a lawyer soon, I'll have him handle it, but I think this will end quickly.
There aren't any salesmen out there selling FOSS, and no slick ads for it on the teevee, so they'll never even know they had alternatives.
Here we go again.
For most practical purposes, they do not have alternatives. Need to do payroll? No such thing on Linux. Need to do accounts? Very little choice, and if your local tax authorities demand you submit online (either through a web browser or using software that's been through some sort of certification process) even less choice. Need to do CAD? Give up now. Need to do anything industry-specific? For most industries, not a chance.
Paying a consultant to write something that will suit can easily cost several times more than buying something off-the-shelf and takes months, that's why most companies rely on off-the-shelf software. You can go from nothing to productive work in a matter of hours.
There is a damn good reason a BSA audit hasn't led to a company publicly dropping proprietary software since 2003; it's got nothing to do with slick salesmen and everything to do with practicality.