Crying Foul At the BSA's "Nauseating" Anti-Piracy Tactics

Barence writes "The Business Software Alliance (BSA) has been accused of heavy-handed tactics that could drive small companies to incriminate themselves. The Microsoft-backed piracy watchdog generates a quarter of its cases by offering employees cash rewards for informing on their own employer. 'It is basically harvesting allegations from disgruntled employees and farming them out to expensive law firms,' one small business owner told PC Pro, who said he was 'nauseated' by the tactics. The BSA then sends out a letter demanding the business owner fill out a software audit, or potentially face court action — even though the BSA has no power to demand such an audit and hasn't pursued a court case in five years. 'It's designed to scare the recipient into thinking that they're obliged to provide certain information when, in fact, it's difficult to see that they are,' said a leading IT lawyer."

Use Linux

[bgman]

One of many, many reasons my small business uses linux.

Re:Use Linux

[Tablizer]

And open-source software in general. Yeah, this kind of scaring will just scare organizations right into the lap of OSS. Keep it, suits! You are doing an outstanding job!

Re:Use Linux

[Krishnoid]

This case happened a while ago; any comparable non-tech companies that have a similar story to tell?

Re:Use Linux

[GoblinKing]

I have been running a small business since 2001 and have only ever used open source software for just this reason. No restrictive licenses equals no legal fees for software piracy.

I think, however, that Microsft and the BSA should be MORE aggressive in their pursuit of these heinous villains of industry. Maybe it will drive more businesses towards using F/OSS tools and ditch their shackles. Something very Marxian about it ....

Re:Use Linux

[cpu6502]

Using linux doesn't protect your business from a disgruntled employee claiming you have stolen software, and the MS-BSA sending you a scary software audit letter "or else we will drag you to a court of law".

BTW these megacorps use government regulations in the same fashion -- to harass small business citizens.

Re:Use Linux

[RsG]

Doesn't really help, what with the whole false accusations from disgruntled employees angle. Replying "no thanks, I use Linux" to them isn't going to do you much good. Replying at all isn't going to do you much good. It shows them that you're listening.

A better approach is to simply ignore the BSA on principle. Threatening letters are cheap, subpoenas are expensive, and they do their business in bulk (meaning they can't actually sic their lawyers on most of their targets).

Also, try not to have disgruntled employees. A big company can't avoid a few bad apples, but smaller businesses can vet new hires better and treat existing employees less like disposable resources. If nothing else, the BSA isn't the only recourse for a pissed off ex employee to screw his former boss. I once worked at a restaurant that got hit with a surprise health inspection shortly after a round of layoffs - the people running the place treated employees and health code rules about equally well and almost got shut down as a result (I would have said good riddance if they had, but it would have meant looking for a new job myself).

Re:Use Linux

[MightyMartian]

No response at all is dangerous. A better response is "We are not in violation of any licenses. Please direct all further correspondence to our attorney. Find his contact information attached."

I have a feeling in most cases it will end there.

Re:Use Linux

[houstonbofh]

It does, however, prevent you from funding them. I know it is only a drop in the bucket, but it is my drop damn it!

Re:Use Linux

[BuckaBooBob]

Windows is not free.. Its built into the price... Saying Windows comes free with your pc for free is like saying the CPU and memory are also come free with your PC..

Re:Use Linux

[houstonbofh]

No response to a letter is not dangerous. No response to a certified letter or subpoena is dangerous...

Re:Use Linux

[Sponge+Bath]

Is that the same guitar guy who has been raided twice, because he's using imported wood (all of which is legal, but they still shut him down)? If it's not RIAA or the BSA, then it's your own government. The owner believes he's being harassed because he gave multi-million dollar donations to the Republicans, but not one penny to Obama in 2008.

The best I can tell, you are talking about the Gibson raid. It was Fox News that baselessly speculated CEO Henry Juszkiewicz was being targeted for his political leanings. From FEC records, Juszkiewicz contributed $52K to Republicans and $39K to Democrats over 10 years. That's quite a different story from the one you are telling.

Re:Use Linux

[OhSoLaMeow]

That was Gibson guitars and the feds came in with guns and shut them down twice over some bogus claims.

Re:Use Linux

[Gadget_Guy]

Yeah, this kind of scaring will just scare organizations right into the lap of OSS. Keep it, suits! You are doing an outstanding job!

The BSA has been doing this practice since 1988. It doesn't appear to have scared many organizations to OSS.

I am sure that a few have made the switch to OSS, but I imagine that the number would be insignificant compared to the organizations who change their practices to pay for all the software they use. It is still going to be worth it for the BSA and its member companies.

Besides, it is not much of a threat to say that if you get audited then you will stop pirating commercial software and start using open source.

Re:Use Linux

[Opportunist]

If I don't have a spot of their software on the premises, I don't give half a shit about how they word their agreements. You want into my company? Why? Oh, you accuse me of copyright infringement? Wait right here while my lawyer finishes that "false accusation" stuff he's writing about. And no, of course you can not come in while you're waiting.

Re:Use Linux

[cpu6502]

Most times a PC with windows is cheaper than a PC without, because of the adware subsidizing the PC. I'm not going to buy a PC w/o windows if it actually cost 50-100 dollars more.

Re:Use Linux

[cpu6502]

Thanks for the info. I researched it and it wasn't just FOX news saying it. Quote: Henry Juszkiewicz, the chief executive officer of Gibson Guitar Corp., tells National Review Online that President Obama, a "big liberal," has done "untold damage to business" and should not be applauded for his jobs speech. "He's a government fan," he says. "He has a problem with successful businesses. He thinks they're the problem, that they shouldn't be quite as successful."

"He is using the levers of government to not only redistribute, but to penalize," he adds. "I see a difference between what he said and what he's doing."

"Gibson has been under federal investigation in recent months, reportedly for its importation practices. Juskiewicz blames the Obama administration for causing his company, an iconic American brand, to lose money and lawyer up."

Re:Use Linux

[EdIII]

The guys here can live in their perception bubbles and go "herp derp use Linux" which is so completely fantasy island i don't even know where to start,

That is so shortsighted, uninformed, and unfair, I don't know where to begin.

If Linux don't have the software they need to work its pointless, which 99 times out of 100 DOES NOT EVEN EXIST on Linux

Untrue. With the exception of a few specialized applications there are equivalents for nearly everything.

Quickbooks/Quicken, photoshop, vegas, etc. And NOOOO Gimp is NOT a substitute, its a kid's class project. no really, not being snarky, it actually IS a kid's class project, look it up,

First off, not every machine needs to be Linux, and not every machine needs to be Microsoft.

Quickbooks and Quicken have online editions. Considering how it is backed up, and the client can be anything, not such a bad idea to look into. In any case, providing accounting with some Windows PCs is not a big deal.

YOU don't think GIMP is a substitute. It works just fine for a lot of people, including myself. I still have Photoshop and I am used to it, but I can use GIMP just as easily to get something done. It's not black and white. Sure, there are going to be some hardcore people that really do need Photoshop for the stuff they do. Is that representative of everybody? No.

A Linux admin with the skills to troubleshoot all the problems with a couple of dozen desktops or more will cost a MINIMUM of $75,000 IF you can even find one, whereas MCSEs are cheap as dirt and just as plentiful

Later on you rail about how IT is treated like shit and now you advocate hiring MCSEs "cheap as dirt"? Sounds a bit contradictory to me.....

If you are a medium sized business with 50 employees you better damn well be paying somebody $75,000 a year to take care of your business regardless.

MCSEs are not worth a fucking shit. That is the most worthless certification I have seen in my life. It does not mean you are qualified to handle a Microsoft based network and infrastructure by itself. It means, at most, that you can be trained on the job for a year or two with experienced people.

It tells you nothing about that person's real skills.

You can compare an experienced Microsoft admin and a Linux admin and they will cost about the same. In fact, the ones that are really good have overlapping skill sets.

I can work with Linux environments just as handily as I can with Microsoft environments.

Since 99 out of 100 software they need does NOT exist you are talking about hiring a development team to build it, that's a good $60,000+ for each software of any complexity and that is IF you don't get sued for stepping on the patents of company whom you are ripping off.

You're wrong about the 99/100 anyways, but if you are a medium sized company chances are you already have a development team. So you are being disingenuous to say the least. Whether or not your team codes with Microsoft based technologies or platforms or Open Source is not relevant to the risks of software patents. Do you think just because you coded it in .NET and it runs on SQL Server that you are somehow immune to patents?

Furthermore, choosing Microsoft as a platform for your developers can have significant added costs that are not present in Open Source platforms.

Ultimately, it comes down the needs of your project, the vendors and 3rd parties you have to deal with, etc. All of that needs to be factored in when you choose.

Hell you still don't even have a substitute for Access, Excel, Exchange and Sharepoint yet, not that works

Wrong again. Sooooo Wrong. Wrong.

There is no fucking substitute for Access. If you are using it, just kill yourself. Save yourself from the pain. I have

Why call out "Microsoft-backed" and not others?

[sed+quid+in+infernos]

The Microsoft-backed piracy watchdog generates a quarter of its cases by offering employees cash rewards for informing on their own employer.

I don't like the BSA, and I'm pretty neutral about Microsoft, but what is the point of saying the BSA is "Microsoft-backed"? They're also Adobe-, Apple-, and Dell- backed, among many others.

Re:Why call out "Microsoft-backed" and not others?

[MobileTatsu-NJG]

I don't like the BSA, and I'm pretty neutral about Microsoft, but what is the point of saying the BSA is "Microsoft-backed"? They're also Adobe-, Apple-, and Dell- backed, among many others.

The real reason is everybody hates Microsoft. It grabs eyeballs and gets a good debate going.

What people will claim the 'real reason' is is that Microsoft is a high profile target and if you focus on them it'll cause them to change and everybody else will magically fall into line. The same thing happened with Apple and Foxconn. So far it has proven to be an effective way to cause short-term change with one company, but you'll notice that there hasn't been any real hubub on Slashdot about the Chinese workers there. That died down, so the other companies can merrily go about their routine. Looks like there's a downside to focusing all that rage on one target.

So, yes, maybe a little more attention should be directed at everybody backing the BSA.

Re:Why call out "Microsoft-backed" and not others?

[Penguinisto]

The answer is simple for many of them:

* Apple doesn't really care (each copy of OSX/iOS runs on Apple-sold hardware, and Apple is mostly consumer-oriented these days anyway, so...)
* What does Dell have software-wise that would get the BSA all hot and bothered? PERC raid card drivers? ...now Adobe, Oracle, and those boys? Oh yeah, they'd get hot and bothered about business copying, but how ubiquitous are these apps in the business world? Photoshop is mostly restricted to marketing and graphic arts departments. Oracle is mostly big enterprise-level stuff, where folks use RFP/RFQs to purchase the things. Nearly every other member of the BSA is similarly a niche player.

On the other hand, Microsoft has their fingers in (nearly) the entire business world, and most cases (IIRC) are instigated over Microsoft software. So it stands to reason that the biggest beneficiary (and most likely the biggest backer) is, well, Microsoft.

Dear BSA

[FudRucker]

Everything runs on Linux over here, you are not even allowed in the door, and if you try to enter you will be escorted out by a HUGE man that hates authority figures, (i hired him because he is the type that hates authority figures)

Re:Dear BSA

[TapeCutter]

i hired him because he is the type that hates authority figures

That would make you his boss. Are you sure you thought that through properly?

They should be investigated for racketeering

It pretty much fits the definition...

I had a one man consulting company once. In order to appear larger, I often filled out web forms and indicated I had 50 to 100 employees. The BSA sent my company letter with their racketeering scam. I laughed because at the time I was a purely Linux and Mac environment. I wish I had kept that letter.

Re:They should be investigated for racketeering

[evil_aaronm]

How is this -not- racketeering? If the mob were behind this, instead of a "legitimate" business, wouldn't the FBI investigate it?

Why is anyone surprised?

[Weaselmancer]

The BSA then sends out a letter demanding the business owner fill out a software audit, or potentially face court action — even though the BSA has no power to demand such an audit and hasn't pursued a court case in five years. 'It's designed to scare the recipient into thinking that they're obliged to provide certain information when, in fact, it's difficult to see that they are,' said a leading IT lawyer."

We've seen this tactic over and over. Any time someone is trying to make a revenue stream off of anything that can be digitally copied. MPAA, RIAA, BSA. Illegally gather information, pretend you're the police, then extort with the threat of a lawsuit.

It's the system that's broken. That's the bigger problem. The parasites that get fat off the system are a symptom. Fix the system.

Re:Why is anyone surprised?

[MightyMartian]

I've told the story here before but about three or four years ago the company I was working for went through a SAM review. So far as we could tell, it was because the company had bought out a previous organization, including software licenses, and then we had decided not to renew the very expensive Software Assurance agreement.

I get this very pleasant email from a Microsoft business partner telling me that they were going to conduct the audit, with a spreadsheet for me to fill out. I did my thing, even working with the reseller who had sold the previous company most of the licenses, got it all tickety-boo, and then the fun began. The guy kept coming back with more requests for clarification, with more issues, and finally, as this dragged on to three weeks, I finally lost my cool and sent the guy an angry email, CCed to the reseller, telling him that as far as I was concerned we were in full compliance, we had shown we had licenses for everything, and that this process was going to wrap up now.

A few days later, the guy sent me an email saying that 5 CALs on one of our Server 2003 installs wasn't a proper match, and to bring us into compliance I would have to convert them from user CALs to device CALs. I sent an email back saying "Sure thing" and that was that. Never did convert them to device CALs either, fucking assholes. So far as I could tell, the whole process was designed to try to trip me up so that I would have to buy more licenses of something... anything. I'm sure the business partner would get a cut from that. My boss felt like sending the company a bill for the time wasted.

Reply letter

[nbauman]

They were sending out this letter years ago. If I got a letter like that, I would send them the following reply:

Dear Mr./Ms. xxxxxxxx:

I am in receipt of your letter dated yyyymmdd. I have reviewed our software and it is all in compliance with the licensing. I would like to invite you to our office but we are too busy to accommodate visitors. Thank you for your concern.

Sincerely,

nbauman

I'm not sure how they would respond. I expect they would either forget about it, send a threatening but bluffing letter, or send a real threatening letter. I wouldn't let them into my premises unless I thought they could back it up with a court order.

The defense would be, "The only person who installed illegal software was the ratxxx disgruntled employee who rattedxxxxxx informed on us to you."

Of course if I really did have a lot of expensive illegal software, I'd check with my lawyer to figure out the most prudent response.

I wonder how they could legally force you to let them investigate.

They might bring a civil suit and force disclosure. Lawyers are extremely reluctant to commit perjury for their clients in discovery.

Its all a Business Model

[dryriver]

In many developing countries, the software industry deliberately allowed piracy to run wild for a few years. This ensured that even small/poor companies would buy PCs and install the very best/latest/most expensive commercial tools on them, and get used to doing business with these tools. Then the BSA (backed diplomatically by the U.S./Canada/EU - or in other words "the ever-altruistic Western Powers") lobbied/armwrestled many developing world governments into letting the BSA raid companies with their lawyers. So one minute you were in an environment where nobody cared what software your company installed. The next minute, the BSA knocked your front door down with a threatening-sounding court order and a small army of lawyers, and demanded that you "pay up" for every bit of software installed on various PCs around the office. This was a few years before most open source tools became good enough to use. In the long-term, this has backfired mightily, because the scathing experience of having your office raided by BSA droids/lawyers has driven lots of businesses in the developing world to look seriously at Open Source tools.

Ok, an honest answer

[Weaselmancer]

Since you say you're not trolling I'll take you at your word and give you my best answer.

It's not the "what", it's the "how".

The "what" is someone getting fairly paid for their work. Which they have every right to do. Microsoft, the artists represented by the RIAA, everyone. You produce something of value and ask a price for it, you deserve to be paid. Or not be paid if the price is too high. Let the market decide. But either way you deserve to be in that marketplace and not sidestepped illegally.

The "how" is the problem.

What these organizations are doing is criminal. Pretending to be the police is illegal. Threats are illegal. Extortion is illegal. Racketeering is illegal. And lobbying for our rights to be taken away because they diminish their ability to monitor what everyone - guilty and innocent alike - are up to is wrong. The cure is worse than the disease.

To illustrate my point, I'm pretty sure we both would agree that unregistered guns are used in a lot of violent crime. So do you think it would be reasonable to have a local group of concerned citizens search your house looking for some? Hand you some forms demanding you list what weapons you do have, and tell you that if you have any guns that aren't properly registered, you'll be in trouble? Offer bribes to people you know and offer them cash if they can recall seeing you with a gun?

You see, it's not what they are doing but how they are going about it that is the problem.

We refer you to the reply given in the case of

[ChipMonk]

Arkell v. Pressdram:

"We acknowledge your letter of 29th April referring to Mr J. Arkell. We note that Mr Arkell's attitude to damages will be governed by the nature of our reply and would therefore be grateful if you would inform us what his attitude to damages would be, were he to learn that the nature of our reply is as follows: fuck off."

Ob. Letter (sent - and responded!)

[Tastecicles]

Dear BSA,

It has been a subject of much hilarity in this office that we should be sent a threatening letter from yourselves, a self-authority in software licensing with little to no legal authority to follow through on your threat.

However, for your records it should be noted that as a registered company of Legal Advocates (Company #07248227), one of the things we tend to do is ensure that we operate completely legally. As software goes, this means the purchase of license keys as and when necessary. While we are not at liberty to discuss details for reasons of client information security and more to the point, national security, we can assure you and your employers at Microsoft and Adobe that our licenses are copasetic. When you can show the following, we would gladly participate in a full audit, at your expense and on your time:

1. SCI-5 clearance signed by the Minister for Defence and the Home and Foreign Secretaries;
2. Written Royal assent for the potential of disclosure of information which could affect the safety and security of Royal members, Crown properties and/or Subjects;
3. A commitment to Non-Disclosure under Section 4 of the Official Secrets Act 1989, by persons thereto authorised to carry out the audit;
4. Assent by the Lord Chief Justice of England and Wales to cover the potential disclosure of information pertaining to live in camera proceedings;
5. Reference to the Authority of Law by which the BSA operate;
6. Reference to the Authority of Law which compels ourselves as individuals and the Company as a Legal entity to co-operate with a private concern whose singular purpose seems to be the extraction of money from legitimate businesses and individuals with zero return.

When (not before) all the above conditions are met, shall we even consider further correspondence.

Good Day to you, Sir.

-

Their response:

Sir,

We acknowledge receipt of your counteroffer, and hereby inform you that no further action shall be taken.

Faithfully,

pp.

Information from a BSA opponent

[ODBOL]

While hunting for material on BSA, I found the most concentrated anti-BSA material here: http://www.bsadefense.com/main/index.aspx

This is a law firm that makes money defending businesses against BSA, so you can be as skeptical as you like. As far as I read, their claims agree with what I have learned elsewhere.

Evasion vs Mitigation

[Wolfling1]

Any business owner should have a detailed register of their assets soft and hard. The register should be up to date, and it should be readily auditable. If you're serious about your business, the response to the BSA should be:

Here is our register - showing the dates that we have regularly internally audited it. Oh, and from a software perspective, here is our policy regarding workstation rebuilds to obliterate non-company software - and our log of workstation rebuilds. Oh, and here is our staff policy that makes employees responsible for any illegal/unlicensed software on their workstations. Feel free to come and audit our register at your own expense.

Any business that is not in a position to make this statement is not serious about being a business. I own a thriving software house and we have such a register, policies, etc. Let's face it folks - we're in IT. This kind of thing is almost trivial to set up - and it is relatively easy to maintain.

BSA is a total fuck up, period

[Taco+Cowboy]

Ever since its inception, BSA is nothing but crap

Back in the 1990's, they have sent me threatening emails and letters - without even haven't proven that I have pirated anything

Back then I attended some CAD/CAM seminars offered by Audodesk - and in those events they handed out forms in which we filled in our names, company names, email address, snailmail address and so on

Before I attended those seminars, I got no threatening email nor letters filled with legalese jargons, threatening to take me to court for "using unauthorized software"

I mean, it's a total fuck

I attended those seminars to learn more about CAD/CAM, it does not mean I own any CAD/CAM software, but of course, BSA doesn't care

They just took the name list from the seminar organizers and mass-mailing the threatening letters

After those encounters, I stopped attending any Autocad seminar and in a few years, those threatening letters also stopped coming

BSA's way of handling their customers, even potential customers, is totally ridiculous

Re:BSA is a total fuck up, period

[charlieo88]

BSA's way of handling their customers, even potential customers, is totally ridiculous

Customer? Where did you get the idea you are their customer? Autodesk, and Adobe, and Microsoft... THOSE are their customers. You? You are the product they sell.