Ask Slashdot: Dealing With the Business Software Alliance?

Kagetsuki writes "We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software. The thing is... we're not using illegally copied software. We have licenses for all the commercial software we are using. Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway. So we now need a lawyer to deal with their claims and we don't have the money — this will surely be the end of the company into which I've sunk all my savings and three years of my life. Has anybody dealt with the Business Software Alliance before? What action should I take? Is there any sort of financial recourse, or at least a way cover our legal fees?"

Get legal representation

[mysidia]

Don't agree to any BSA demands or requests. Find a lawyer experienced with dealing with the BSA.

If you agree to an audit, it's highly probable they will find something illegal, regardless of whether you did anything illegal or not. You need a proof of purchase for every copy of an installed software product. If you use a Windows environment, you need proof that you had sufficient CALs for everything, on effective audit date.

If anything's not in order, or you can't find one proof of purchase for 1 license of XXX, the BSA will insist the software is pirated (even if you bought it good and legal), tack on huge fines, etc

"We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee)"

Be prepared to sue that former employee, for all damages and costs your business incurred as a result of their allegation, If they made a frivolous/false claim that hurt your business, and you can show who it is, take them to court. Maybe they (and others) will think twice, before making false reports to the BSA racket people.

The BSA needs their evidence to sue you, make sure you force the BSA to divulge the identity of the person reporting. Again, you will need legal counsel to help you with this

Stupidest advice ever!

NO! NEVER SAY ANYTHING YOU HAVEN'T RUN THROUGH YOUR OWN ATTORNEY TO AN ATTORNEY ON THE OTHER SIDE. There are so many problems with it. Anything you say can be twisted by them. At a minimum, the "Thank you for bringing this matter to our attention so we can put it to rest," could be construed as an admission that you thought you may have had piracy. Thereby negating any counterclaim and potentially surviving different motions to get rid of it earlier.

Short answer: don't say anything until you get an attorney.

As someone who turned in another

[sregor]

I worked for an engineering company who said they couldnt justify the 25 licenses of autocad civil3d they were pirating (but also said they needed them to maintain the workflow they had) and said that they didnt care about my liability in the matter being the only IT person in the company. I turned them in. The BSA offers a reward, and at first they tell you that if they have to use your testimony they cant give you anything (it would be like paying for testimony) but they tell you that its rare that you ever have to actually use your testimony as the companies generally settle. If it gives you any comfort, the person that turned you in will not get any reward. the BSA find ways to make it so they dont have to pay out the reward for ratting you out. Now as far as your legally obtained software. Scan your PCs for software installed and make sure you have Purchase Records of all software installed that requires a license. this is what any lawyer you hire is going to want. the purchase records are there to prove you had the licenses prior to them coming to you stating that you didnt. the legal group the engineering company I worked for used was Scott and Scott, iirc they are a bit pricey but they will minimize any fines or fees that could hit you from them. I say do your own due diligence first, then see where you stand. just because you didnt authorize the install of software doesnt mean you have not had an employee installing any and everything they could get a serial generator for, which on your machines, means you are responsible for it. Oh also dont go formatting and reinstalling the OS on all of your machines. this looks bad if it goes to court like you were trying to hide something according to the lawyers at scott and scott. I regret doing this to the engineering company myself, but in the end, they are better off for it. Autodesk gave them a huge break on network licenses for their CAD software, and they are now operating 100% legit on the software side for less in fines than it would have cost to buy the stuff out right.

Step by step

[wombatmobile]

We've just gotten a letter from an attorney representing the Business Software Alliance stating someone (we're certain it's a disgruntled former employee) submitted information we are using illegally copied software.

Reply to the letter like this:

We are in receipt of your correspondence reference ____ dated _____. Could you please advise details of the claim. What software is claimed to be in breach?

Send the reply by registered mail and then do nothing more until you receive a reply.

Engage a lawyer who is experienced with the BSA.

Usual "asking legal advice on Slashdot" post

[Dogtanian]

Posting near the top to state the bleeding obvious- 99% of Slashdotters are IANALs and many will offer advice that sounds sensible to them, but may turn out to be woefully misguided and possibly have unintended consequences and land you in hot water (e.g. advice like this). This is because the legal system does not always actually work like geeks think it does (regardless of whether it *should* work that way).

Bottom line- unless the person is a lawyer, or has actual experience of having gone through this (and the consequences that ensued), you should not be taking their advice. And as I said in the post linked above, the problem is sorting out the ones who *actually* know what they're talking about from the armchair lawyers arrogant enough to think that they do.

Re:Usual "asking legal advice on Slashdot" post

[schwinn8]

So true... the legal system doesn't believe in logic... I have experienced this myself. Don't mess with it, as logical as your argument may be... you will lose because of some crap that has no bearing on reality or basic intelligence. Consult with a lawyer, and maybe you can countersue or something to help make up for some of the fees. The bottom line is, the system doesn't work and it isn't fair... don't play with it or mess with it.

Maybe pleading with the BSA would work... it might be cheaper as well, but in the end, you will be screwed out of money for this injustice. Welcome to America.

Re:Usual "asking legal advice on Slashdot" post

[LrdDimwit]

This is not quite true. The system does have lots of serious problems. But many of the arcane crazy rules you're complaining about serve essentially the same function as security patches: closing a loophole that any jackass can use to totally screw over people who actually try to use the system as intended. The thing with the law is that every part of it it is roughly analogous to the most hostile kind of IT security environment: a public internet facing server. Absolutely anyone who wants to can, will, and often already has messed with it to see what they can pull.

Remember the 54 Million Dollar Pants lawsuit? The "logic" behind that absurd amount: He claimed the 'Satisaction Guaranteed' sign meant they had to give him literally anything he wanted. Failing to do so was a violation of the Consumer Protection and Procedures Act at $1K per violation. And since the law was nebulous about how a "violation" extends over time, he claimed that each day was a new violation. (There were other tricks involved.) That works out to millions of dollars because the store didn't live up to its "promise" to guarantee satisfaction no matter what.

Similarly, there are all kinds of arcane legal restrictions on when you're allowed to make various types of arguments. If you have even a 100% valid claim ... but you don't assert it at the proper time? Too bad, you waived your right to assert it. This seems really unfair at first. But it is designed to prevent a specific type of gamesmanship, that would otherwise be trivially easy: Stalling.

Consider how many different ways there are to express even a very simple idea: the number 4. 4, 2+2, 2*2, the square root of 16, the list continues. To infinity; there are an unlimited number of ways to say "four". Many of which are complicated to parse out and determine that, in fact, it means four.

If you were allowed to revise your assertions into a law case at any time, you could stall any case, at any time, indefinitely by playing the same game, except with words. Each time you revise your filing, the judge and the other side have to review it, which necessarily introduces a delay. By doing this continually, you bury your opponent in paperwork so long as you can pay your lawyers.

This would turn any lawsuit into death by attrition: whoever has more money spends their opponent into the ground with stalling tactics. No one thinks the rules should permit this, and so the law has introduced mechanisms to prevent this sort of gamesmanship.

Which is an interesting point: One of the big criticisms of our legal system is how unbalanced it is, and how being on the less-well-funded side of a lawsuit is a terrible disadvantage. And that's with rules in place designed to thwart it. Imagine how well the system would work without these safeguards.

Most of the seemingly-illogical arcane details of the law are this sort of safeguard. The problem is, people who don't know the law are helpless. They've never heard of these rules, and even if they try to look it up, they won't navigate them as well as someone who knows what they're doing.

This is why you need to talk to a lawyer whenever you have any non-trivial interaction with the legal system. At all. Non-lawyers don't know how the system works, any more than non-programmers can debug a kernel panic.

Do not despair

[stephanruby]

Still, according to articles on the BSA, that's irrelevant and they'll end up suing us anyway.

First off, do not despair. That's not going to do you any good.

Don't be afraid to tell the lawyer that you don't have any money during your free initial 30 minutes consultation (assuming you're in the US, call your local State bar association for a referral). I'm sure that you'll be able to work something out with him or her.

For now, read the article quoted below. The point of that article is that you can do a lot of this work yourself, but that you should still hire a lawyer to at least "supervise" the self-audit process and act as a go-between.

Now the article doesn't mention it, but if I were you I'd check that any old computer laying around the closet has current valid licenses. Whatever happens, make sure you do not get penalized for super old hardware that you're not even using anymore. Also, start inspecting any computer the disgruntled employee has had access to. You never know what he may have installed on there without your knowledge. It's good to go in this with your eyes wide-open.

And then, try contacting the same types of companies in the same niche industry as yours, chances are that they're not just targeting you -- since they recently increased their volume of enforcement letters. So if you can find others within the same jurisdiction as yours, with a similar predicament, you may be able to band together and pool resources.

http://www.baselinemag.com/c/a/Projects-Management/What-to-Do-When-You-Receive-a-BSA-Audit-Letter/

Let's face it, software asset management (SAM) might be a best practice, but there are still plenty of organizations out there who haven't instituted SAM due to a lack of resources or initiative. If your organization is one of them and the Business Software Alliance (BSA) hasn't come calling yet, there's still time to get your house in order. But once that BSA threat letter hits the mailbox, the ballgame changes.
The BSA is known to be a persistent enforcement agency which rarely grants clemency to organizations once it begins settlement proceedings. The following eight tips are offered by two attorneys who specialize in BSA defense cases; they give advice on what to do once your business receives a letter requesting a BSA audit.

1. Retain a lawyer.
The BSA is an efficient organization when it comes to extracting punitive damages from companies found to be in a non-compliant licensing situation—its experts and lawyers know copyright laws inside and out because that is all that they do. For that reason, Scott recommends seeking legal counsel as soon as an audit request is received from the BSA.

"Whether the attorney is working in-house or outside the firm, don't go it alone," you have an audit," said Rob Scott, partner at Houston-based Scott and Scott. Scott said. "The BSA has very experienced attorneys working for it and this is a very complicated process. It involves not only the legal issues related to copyright law, but also it subsumes with it all of the software licensing rules because the copyright claim that lies underneath the BSA audit matter is related to the software licensing rules."

2. Cooperate—carefully.
As much as a business person would love to screw up their eyes and wish the BSA away, the trouble will only multiply through inaction. Though the BSA is not a law enforcement agency it is acting on the behalf of the software companies and it will take matters to civil court if a business does not cooperate with the self-audit process and settlement negotiations.

"When you get a letter from the BSA do not throw it away," said Steve Helland, partner at the Minneapolis-based law firm of Fredrikson and Byron. "That is a serious tip, because some people think that 'Oh if I ignore this it will just go away, but the cases where the BSA is most likely to file in court are where they think there has been infringement and they don't get any response

Re:Same Thing Happened To Us

[ragarwal]

Send and *affidavit* AND quoted *license numbers* to the BSA upon a request.
I am not wearing a tin-foil hat, but, you sir, you seem like someone who works for the BSA.

This sort of a letter will be the single most damaging piece of evidence against the victim in the court.

Yes, I've had experience. We lost (& kind of w

[urbanriot]

First order of business, pull up information on the lawyer that initiated contact with you to determine how much experience they have at the firm. If you're a small company they may have someone with limited experience, say three years, and if so, argue as much as possible and you may distract them from one of my other points.

Secondly, forget anything you believe to be true about software licensing and forget about license agreements included with software. What Microsoft, Autodesk, Adobe, etc. licensing department tell you on the phone and what they state in their licensing terms is not true and will not hold up legally unless you have more money than the fines to afford lawyers to fight the big guns. It's not a legitimate license unless you have a receipt. This is important, I repeat, you do not have a legitimate license unless you have a receipt for it. It doesn't matter if it's past 7 years, you have product keys on the side of your chassis, or you have discs; you must have it on the receipt.

Thirdly, do not provide information unless you're specifically asked for it. Read what they've requested, interpret it as literally as possible and if that allows you to include some information and not include other information. This point may not seem relevant to you and I'm not going to get into detail, but I want you to consider this point for at least an hour as the outcome may have a huge monetary difference.

Fourth, you can't buy stuff now and attempt to pass it off as something you'd purchased before they served you. Don't even consider back-buying software you didn't own before. Date of receipt ties into point number two.

Fifth, consider how they obtained this information and how much the person who provided it really knows. I won't give you advice on what to do with the software this person may not be aware of but I'd ensure your file servers are Linux and if you've ever made a transition from Windows to Linux, hopefully it was a transparent process to the users.

I won't get into details over our case as it cost us a tremendous amount of money, five figures, and at the same time, they may have missed a lot of stuff (the site is certainly fully legal now). If you have any other questions, feel free to fire them off and I'll try to answer as well as possible. The best advice I can give you is to consider this a logic problem.

No one is in compliance

In order to pass the BSA's version of an audit, you don't just need receipts. You need receipts that:

1. Show retail purchases. In spite of the fact that it is perfectly legal to sell and purchase used software, the BSA pretends it's not. If you have a not-retail receipt, it's worthless.
2. Show a date prior to the first contact from the BSA. If you have an un-dated receipt, it is worthless.
3. Show the title of each piece of software purchased, on its own line item (quantities of identical titles are fine), with a line item price. You likely can't provide this for the copy of Windows that came with your PC.
4. Show the name of the company being audited. Did one of your employee's buy it and get reimbursed? Worthless. Do you have company cards that show employee names? Worthless. Did the retailer not print the billing information on the receipt? Worthless. Was is purchased by a company you bought or merged with? Worthless

If you're incensed enough by now to invite the auditor's in, knock them on the head and bury them in the hill, good for you. But you'll likely want to pursue a more subtle response. An attorney is absolutely necessary, if for no other reason than that the lack of one will make you look like easy pickings. Winning this game is about paperwork, stalling, bluffing and bargaining. Once you retain an attorney, their advice will probably be to not respond outwardly until forced to. The BSA doesn't necessarily follow up on every nastygram they send. Responding when you don't have to is acting like a mark.

If the process does progress, remember at all times that what you are involved in, more than anything else, is a long, drawn-out negotiation. The BSA is out to scare people and fund itself. You want them to believe that you are worth very little and come with a big price tag attached. Everything is negotiable, every decision is mercenary.

Re:No one is in compliance

[gstrickler]

If they won't accept the purchase order/invoice for you PC showing included software, ask to have the suit amended to include your computer vendor (HP, Dell, Lenovo, etc.) as a co-defendent for selling unlicensed software to you. If you can't get the suit amended, file a separate suit against your computer vendor. The point is to get the computer vendors, who are the biggest sellers of software involved fighting the BSA with you. As the biggest sellers of software, they have a lot of influence with the software vendors, and they have teams of lawyers who won't appreciate being named in a suit because the BSA won't accept their invoice as proof of purchase.

Re:Change the biz name

No, this isn't legally gray. You're describing an attempt to shield assets in a way that is completely illegal ("fraudulent transfer" is the legal term). You can't possibly imagine that this would work for more than a week, can you?

Get legal help, now. The BSA will need to demonstrate that there is a real question about whether your software is "illegal" or not. If you have reasonable records, a judge can (can't promise that, though) grant a motion for summary judgment in your favor, dismissing the lawsuit.

Make it go to trial, and seek punitive damages if you can either from the former employee or the BSA for filing a frivolous lawsuit.

-- Anonymous coward (almost a lawyer)