Ask Slashdot: Dealing With the Business Software Alliance?

Kagetsuki writes "We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software. The thing is... we're not using illegally copied software. We have licenses for all the commercial software we are using. Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway. So we now need a lawyer to deal with their claims and we don't have the money — this will surely be the end of the company into which I've sunk all my savings and three years of my life. Has anybody dealt with the Business Software Alliance before? What action should I take? Is there any sort of financial recourse, or at least a way cover our legal fees?"

Yeah.

Everything I've heard about the BSA is that they employ our now corporate police departments to force audits/etc.

If they don't find shit, they don't have shit.

With that in mind, do your own audit first .

You have licenses for everything? Really? Even the software that wanker down in the mail room installed on his PC? Not yours? Not for work? Wasn't you, was just the employee?

Doesn't matter.

Re:Yeah.

[Kagetsuki]

Actually I just spent it poorly and I have bad organizational and management skills. It wasn't until the money ran out that I realized most of my team was so into what we were doing they'd do it with me for free in exchange for a fair portion of the profits - which is a great deal for everyone.

And only one of the 6 of us uses any commercial software in the first place, and we purchased his software over a year ago. I even did the audit on my workstation and I realized how little I used Windows - the installed software list was 2 pages, easliy less than a page if you exclude the Windows Live components and various updates/drivers. Everything else I have an appropriate license for/is free. Linux on the other hand, my installed package list is 2637 lines long, which is about 32 pages printed. I'm considering sending that list just to fuck with them.

Get legal representation

[mysidia]

Don't agree to any BSA demands or requests. Find a lawyer experienced with dealing with the BSA.

If you agree to an audit, it's highly probable they will find something illegal, regardless of whether you did anything illegal or not. You need a proof of purchase for every copy of an installed software product. If you use a Windows environment, you need proof that you had sufficient CALs for everything, on effective audit date.

If anything's not in order, or you can't find one proof of purchase for 1 license of XXX, the BSA will insist the software is pirated (even if you bought it good and legal), tack on huge fines, etc

"We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee)"

Be prepared to sue that former employee, for all damages and costs your business incurred as a result of their allegation, If they made a frivolous/false claim that hurt your business, and you can show who it is, take them to court. Maybe they (and others) will think twice, before making false reports to the BSA racket people.

The BSA needs their evidence to sue you, make sure you force the BSA to divulge the identity of the person reporting. Again, you will need legal counsel to help you with this

Re:Audit? - Hell no

[haus]

My guess is that if you let them in the door you will be screwed.

Keep in mind that while they like to act as if they are a government / law enforcement agency they are merely a private party that is hoping that people will be impressed enough with their act to hand over enough information to hand themselves.

Re:TIme to PANIC NOW!!!

[UnknowingFool]

While you would think that being reasonable and cordial is the right thing to do, you've given the BSA a letter they can use against you. If they find even one copy of software which you can't find the receipt, they'll use the letter. Get a lawyer first which will advise you of what to do. Remember, the BSA has started out with a threat not a cordial letter themselves. From that stance I would surmise that even if they are wrong, they don't care.

Re:But first, get a lawyer.

[PCM2]

Not really. That's why the GP pointed out that this is a civil, rather than a criminal matter. In criminal cases we have the principle of "innocent until proven guilty," but that's not true in civil cases. For civil cases, the judgment is supposed to go to the party that offers the preponderance of evidence in favor of their argument. If the BSA comes in and says it has an affidavit from a former employee that says he was eyewitness to license violations, and you come in with "no, we're fine"... well, that might not cut it. You'll want to provide some evidence in your favor.

Do you have a receipt for every copy of Photoshop or Office your company is using? Do you have the original media with the label showing the serial number? No? Well how did you get those serial numbers, then?

If it gets to the point that you're going to trial and you allow the BSA to determine the terms and nature of the audit, you will probably lose. What company doesn't have a few license violations here and there? Whether the violations are intentional or not, if you come before a judge and swear you are in absolute compliance and you have no reason to deal with the BSA, and the BSA shows proof of license violations, it will look bad for you.

Usual "asking legal advice on Slashdot" post

[Dogtanian]

Posting near the top to state the bleeding obvious- 99% of Slashdotters are IANALs and many will offer advice that sounds sensible to them, but may turn out to be woefully misguided and possibly have unintended consequences and land you in hot water (e.g. advice like this). This is because the legal system does not always actually work like geeks think it does (regardless of whether it *should* work that way).

Bottom line- unless the person is a lawyer, or has actual experience of having gone through this (and the consequences that ensued), you should not be taking their advice. And as I said in the post linked above, the problem is sorting out the ones who *actually* know what they're talking about from the armchair lawyers arrogant enough to think that they do.

Re:Usual "asking legal advice on Slashdot" post

[smpoole7]

And I can't miss this opportunity to point out that THIS is a perfect example -- PERFECT -- of why everyone, liberal or conservative, should support loser-pay legislation. Or better yet, a rock-solid amendment to the US Constitution guaranteeing that "the party prevailing in any dispute, public or private, shall be entitled to reasonable compensation for expenses incurred."

To the original poster: as others here have said, you'd better dig in the sofa for change and scrape up the money to hire a lawyer, then hope for the best. But if the United States ever gets solid "loser pays" legislation, things like this won't be the terrifying things that they are. (Or for that matter, getting that dread "letter" from the RIAA or MPAA.) There are entirely too many stories of people who've finally prevailed in court, but who were bankrupted by the experience. That's just WRONG.

Re:Usual "asking legal advice on Slashdot" post

[Stiletto]

"Loser pays" means only the rich and big corporations would dare file a lawsuit. Joe Public injured by a company's negligence? He won't risk suing for damages since if he were to lose he'd have to pay for the corporation's team of lawyers.

Congratulations, you just cut the little guy out of the legal system, except as a target.

Re:Usual "asking legal advice on Slashdot" post

[LrdDimwit]

This is not quite true. The system does have lots of serious problems. But many of the arcane crazy rules you're complaining about serve essentially the same function as security patches: closing a loophole that any jackass can use to totally screw over people who actually try to use the system as intended. The thing with the law is that every part of it it is roughly analogous to the most hostile kind of IT security environment: a public internet facing server. Absolutely anyone who wants to can, will, and often already has messed with it to see what they can pull.

Remember the 54 Million Dollar Pants lawsuit? The "logic" behind that absurd amount: He claimed the 'Satisaction Guaranteed' sign meant they had to give him literally anything he wanted. Failing to do so was a violation of the Consumer Protection and Procedures Act at $1K per violation. And since the law was nebulous about how a "violation" extends over time, he claimed that each day was a new violation. (There were other tricks involved.) That works out to millions of dollars because the store didn't live up to its "promise" to guarantee satisfaction no matter what.

Similarly, there are all kinds of arcane legal restrictions on when you're allowed to make various types of arguments. If you have even a 100% valid claim ... but you don't assert it at the proper time? Too bad, you waived your right to assert it. This seems really unfair at first. But it is designed to prevent a specific type of gamesmanship, that would otherwise be trivially easy: Stalling.

Consider how many different ways there are to express even a very simple idea: the number 4. 4, 2+2, 2*2, the square root of 16, the list continues. To infinity; there are an unlimited number of ways to say "four". Many of which are complicated to parse out and determine that, in fact, it means four.

If you were allowed to revise your assertions into a law case at any time, you could stall any case, at any time, indefinitely by playing the same game, except with words. Each time you revise your filing, the judge and the other side have to review it, which necessarily introduces a delay. By doing this continually, you bury your opponent in paperwork so long as you can pay your lawyers.

This would turn any lawsuit into death by attrition: whoever has more money spends their opponent into the ground with stalling tactics. No one thinks the rules should permit this, and so the law has introduced mechanisms to prevent this sort of gamesmanship.

Which is an interesting point: One of the big criticisms of our legal system is how unbalanced it is, and how being on the less-well-funded side of a lawsuit is a terrible disadvantage. And that's with rules in place designed to thwart it. Imagine how well the system would work without these safeguards.

Most of the seemingly-illogical arcane details of the law are this sort of safeguard. The problem is, people who don't know the law are helpless. They've never heard of these rules, and even if they try to look it up, they won't navigate them as well as someone who knows what they're doing.

This is why you need to talk to a lawyer whenever you have any non-trivial interaction with the legal system. At all. Non-lawyers don't know how the system works, any more than non-programmers can debug a kernel panic.

Re:Usual "asking legal advice on Slashdot" post

[smpoole7]

It doesn't work that way elsewhere. One of the strongest arguments for loser pay is the fact that most nations have it. The United States is somewhat unique in that respect. Did you know that?

Apparently, a whole bunch of other nations don't feel that it "cuts out the little guy." They think it's basic fairness.

It means that you can go into a lawyer's office with some hope that he/she will take your case, IF you have a good case, even if you don't have the money. It helps people like the OP here against the BSA, it helps grandma sue the landlord when he won't fix the air conditioner, it helps the guy who gets that stupid letter from the RIAA.

Don't take my word for it. Look into it. The ONLY people who are opposed to it the USA are those with a vested interest in keeping the system the way it is. This includes lazy lawyers who, just like the BSA, send a letter knowing that the recipient will probably try to haggle and settle, rather than go through the expense of a court trial, precisely BECAUSE that "little guy" doesn't have the time or resources to fight the suit.

A far more common scenario is the the Big Guy will take on the Little Guy. Little Guy scrapes together the money to fight the case for a while, but all Big Guy has to do is wait him out. Eventually, Little Guy runs out of money and has to take the best settlement he can afford.

If you don't realize that this happens every day, everywhere in the United States, and that "little guys" are in fact getting TRAMPLED in the current system, well ... again, you need to actually look into it, instead of just reflexively opposing it because of some ideological predisposition.

Re:Usual "asking legal advice on Slashdot" post

[demonlapin]

"Loser pays for frivolous suit" and "loser pays, period" are two very different propositions. Don't forget that most European countries have laws based on French law of the Napoleonic era and (ultimately) Roman law. Law in the English-speaking countries is based on common law, and in the US is further modified by the fact that any common-law decisions made after 1776 have no formal weight in our courts.

Re:Usual "asking legal advice on Slashdot" post

[schwinn8]

When a judge tells me "I'm not so concerned with who lied about what" in a consumer fraud case I brought up in small claims court, and then finds for the company that screwed me, and then goes on to take away fines against the company... I have a problem with that... and I have no faith in a system that claims to be impartial or even capable of basic logic. How can a company that claims I had a signed contract with them, and then can't produce it (because they really didn't have one and continued to lie about it IN COURT) get away with winning such a case?! It just doesn't make sense. Yet I lost?

I realize IANAL, but SUPPOSEDLY this is why small claims is supposed to make this process easier for non-lawyers on "small cases". In my case, no lawyer would even take the case because $700 wasn't enough of a fine to get involved with. Obviously, the system does not care about justice, but more about money... and if you don't have enough, you will get screwed, just like I did.

I realize that there are safeguards in the system for bigger issues, as you describe. However, this was a simple case, with clear information... yet they got it wrong because they just didn't listen to me, and clearly refused to hear about the documented lies I was showing them. How can a judge ignore a lying defendant? Particularly in a consumer protection case, where lying is the POINT of the case in the first place?!

Damn Glad We're on Linux

[Alpha+Prime]

I'm really glad the software shop I'm working with is on Linux. No Windows crap in sight. We could get one of those BSA letters and all have a good laugh.

I feel sorry for anyone that has to deal with the BSA. My condolences, but you should have chosen software without licensing issues. The idea of keeping track of the sales receipts as well as the licenses themselves is ridiculous. What would they do if you paid cash for the licenses? The source of the license does not matter as long as the license itself is not a forgery.

Re:Damn Glad We're on Linux

[drooling-dog]

I feel sorry for anyone that has to deal with the BSA. My condolences, but you should have chosen software without licensing issues.

A noble public service, but it's like telling hard-core smokers that cigarettes are bad for them. They bought the high-priced license-encumbered crapware-packed proprietary stuff because the salesman told them it was the best and they have no choice. They're locked in now, and will continue to use it even if it drops runny poops on their shoes every time it runs.

There aren't any salesmen out there selling FOSS, and no slick ads for it on the teevee, so they'll never even know they had alternatives.

Re:Damn Glad We're on Linux

[terjeber]

Sigh. This is a ridiculously naive posting and giving it a score of "insightful" is just plain dumb.

you should have chosen software without licensing issues

How was he supposed to do that? Is there software out there of this kind for all the types of software a business needs? How would you, for example, find software with similar features to Photoshop? Gimp? Don't make me laugh. How about Illustrator or Premiere Pro? Anything that is not license encumbered?

People acquire software to complete tasks. Software like Vegas Video, After Effects, Illustrator, Lightroom is essential to some business (that was just software for a business I know some things about) for which there are no real alternatives without licensing issues. Saying that people should have chosen other software is like saying they should find another field of work. There simply isn't any kind of software available for Linux, for example, that can do what this type of commercial software can do. Neither is anybody working on projects that will make the software available any time in the future.

The idea of keeping track of the sales receipts as well as the licenses themselves is ridiculous

You can't be serious. Not keeping track of what you legally purchase, as a business, is ridiculous. You have clearly never run a business of any kind. Of course you keep all the receipts, it's the law!, besides, not keeping them will cost you money since your accountant will not be able to deduct those expenses from your operating costs.

Re:Same Thing Happened To Us

[ragarwal]

Send and *affidavit* AND quoted *license numbers* to the BSA upon a request.
I am not wearing a tin-foil hat, but, you sir, you seem like someone who works for the BSA.

This sort of a letter will be the single most damaging piece of evidence against the victim in the court.

A bit more.

[www.sorehands.com]

I agree with the above, but I would go further.

Ask that they state which software package is being used without proper licensing and on which machines so that you may properly investigate it yourself.

If the police come to your door and say, "I know you are breaking the law because of an unnamed snitch, please allow me to look around to see what I can find to use against you...and by the way, I get a commission from convictions." Would you allow them in?

Re:But first, get a lawyer.

[PCM2]

Of course. Example: I used to run IT at a graphic design firm, where the designers were always hungry for more memory and faster CPUs. Each time they got a new Mac, I'd set it up with all their software and maybe swap it out while they were on lunch. As soon as I did that, I was in violation -- two Macs had copies of the same software with the same serial on them! Technicality? The vendor would probably give you a break for it? Sure. But what does "give you a break" mean if it's already heading for court?

Thinking about graphic design firms again, just suppose you were completely on top of it and had all your licenses for Photoshop, Illustrator, etc. in order. (We were actually pretty good about this.) What about fonts? Every font is a copyrighted piece of software. Is every computer in your shop with a copy of a font on it licensed for that font? Are you sure? Suppose one of your partners, clients, or a contractor e-mailed one of your designers some files and included the fonts in a Zip: violation. In fact, I'd wager if you don't have a site license from Adobe then you're almost certainly in violation -- and sometimes even then.

What about servers? Is your server software licensed based on the number of clients? Does it have a hard control over how many clients can connect to it? If it doesn't, are you sure you're in full compliance? Have you hired anyone lately?

There are countless examples, and most of them happen without actual malice. Unfortunately, nobody has to prove malice.

Re:Prima facie evidence?

[Oxford_Comma_Lover]

This is both a question and a point but don't US courts require at least basic evidence before a suit can be brought?

Not generally, no. They require that the "pleading" or "complaint" state a claim on which relief can be granted, but they do not require evidence before you bring the suit. Evidence is produced through a process called "discovery" after the courts are formally involved (although they don't really do anything during discovery, and asking them to because you're in a fight about whether something is discoverable usually gets them mad at you. They don't like to get down in the mud, as it were). If there is no evidence after discovery, the matter will be dismissed, but if there is conflicting evidence, it will go to trial (usually).

At least, that is true in theory. In reality, the VAST majority of cases are settled.

They do require a little more than they used to--pleading standards were raised within the last few years--but they are not terribly high. The higher they are, the harder it is to sue someone who really deserves it but tries to hide evidence; the lower they are, the worse one can be harassed and the more someone can use lawsuits to reveal private company information.

Still, if you have absolutely no evidence--not even the testimony of someone who knows something happened--it would be highly inadvisable and possibly criminal to file a lawsuit. YMMV, IANAL, and consult an attorney if this is any way relevant to you, rather than purely academic.

Re:We had this happen at a previous job

[BitterOak]

you're suggesting that leaving the invalidly licensed software on the machines is a better course of action? LOL

Yes, don't USE the unlicensed software, but be aware that deleting it, once an investigation has started or been promised, could be a crime. Most important advice: talk to your lawyer, not Slashdot!

Re:As someone who turned in another

[gnasher719]

Instead of doing the right thing--giving them your advice, and when they refused to follow it, politely saying you could no longer work for them--you administrated the illegal software, took their money for doing do, then turned right around to the BSA and took their money (offer) for ratting out your co-conspirators. You probably put an engineering company employing over 30 people out of business and got paid for doing so.

The company was advised they needed licenses, they were advised that not having the licenses would make the employee liable, and they said they didn't care. Frankly, at that point any moral obligations that an employee should have towards his employer have just disappeared in a puff of smoke.

At that point the employee has no moral reason to quit immediately, without having another job lined up, but is free to do what is best for him or her. That is make sure to avoid any liability, possibly by ratting, appear to be doing the job, take the salary, and look for another job. He can be sure that his boss is doing the same thing.

No agreement? Then no authority. No deal!

[fnj]

I don't happen to find any other post that mentions the elementary fact that unless you signed an agreement somewhere that gives the BSA the right to make an audit, you can just tell them to STFU and GTFO. If you bought everything at retail, for example, Best Buy, Provantage, PC Connection, etc, no such agreement would apply. It's when you buy site licenses or have to sign an agreement to make the purchase that you get roped in.

If there's something in the shrink wrap somewhere, then it gets murky. That's where they can claim that you "agreed" to something you never did, just by opening the package.

So step one is to ask them for their explicit basis of authority in your case.

Re:As someone who turned in another

[Mr.+Freeman]

What morons rated this up to +5 insightful?

He didn't just turn the company in one day for shits and giggles, he was told by management that he was liable if anyone ever found out that they were using pirated software. The company put him in a position to be thrown under the bus should anything happen in the future, and this was long before he did anything to hurt the company.

The proper solution in this case (both legally and ethically) was to inform the BSA (or at least someone) that this was going on. It would have been illegal and unethical of him to continue to use the software it would be equally wrong of him to simply leave the company knowing full well what was happening. Furthermore, if he didn't report them and simply left the company he could still be liable in the future if the company claimed that he caused these problems before he left.

They're something to be said for being loyal to your employer, but this loyalty ends when your employer isn't loyal to you. This loyalty ends even faster when your employer tells you straight out that they aren't loyal to you, as they did in this case.

Re:The BSA is great advertising for the FSF.

[drooling-dog]

Freetards are always great for a good laugh.

Laughs are great, but it looks like the freetards get the last one, doesn't it?

That 20-page license agreement for your superior closed-source $oftware pretty much sets you up for this kind of invasive nonsense, and you have very little recourse. Be sure to factor that in when you're doing your comparative "cost of use" estimations. If you actually did anything like that, of course...

snitching would have saved Christa McCauliffe

[decora]

if someone at NASA and Thiokol had 'snitched' on their management to the media, then the Challenger would never have gone up in cold weather, the o-rings wouldn't have failed, the gas wouldn't have erupted into the main tank, the tank wouldn't have ruptured, and 7 people would be alive.

but hey. i guess 'not snitching' is more important than the lives of seven people.

glad you have your principles in the right place.