Software Piracy Fight Makes Enemies -- Redmondmag.com

Software Piracy Fight Makes Enemies

By The Associated Press
11/26/2007

Michael Gaertner worried he could lose his company. A group called the Business Software Alliance had written him to claim that his 10-person architectural firm in Galveston, Texas, was using unlicensed software.

The letter demanded $67,000 -- most of one year's profit -- or else the BSA would seek more in court.

"It just scared the hell out of me," Gaertner said.

An analysis by The Associated Press reveals that targeting small businesses is a lucrative strategy for the Business Software Alliance, the main global copyright-enforcement watchdog for such companies as Microsoft Corp., Adobe Systems Inc. and Symantec Corp.

Of the $13 million that the BSA reaped in software violation settlements with North American companies last year, almost 90 percent came from small businesses, the AP found.

The BSA is well within its rights to wring expensive punishments aimed at stopping the willful, blatant software copying that undoubtedly happens in many businesses. And its leaders say they concentrate on small businesses because that's where illegitimate use of software is rampant.

But technology managers and software consultants say the picture has more shades of gray than the BSA acknowledges. Companies of all sizes say they inadvertently run afoul of licensing rules because of problems the software industry itself has created. Unable or unwilling to create technological blocks against copying, the industry has saddled its customers with complex licensing agreements that are hard to master.

In that view, the BSA amasses most of its bounties from small businesses because they have fewer technological, organizational and legal resources to avoid a run-in.

In Gaertner's case, some employees had been unable to open files with the firm's drafting software, so they worked around it by installing programs they found on their own, breaking company rules, he said. And receipts for legitimate software had been lost in the hubbub of running his company.

"It was basically just a lack of knowledge and sloppy record-keeping on my part," said Gaertner, who ended up with a settlement that cost him $40,000.

In the U.S., the largest software market, piracy rates have not budged in years. BSA critics say that is because making examples out of small businesses has little deterrent effect, since many company owners like Gaertner don't even realize they're violating copyrights.

"If they were going after actual pirates, that would be a different story, but they're going after hardworking companies," said Barbara Rembiesa, head of the International Association of Information Technology Asset Managers.

She founded the group to educate businesses on how to manage their software because she felt the industry wasn't doing enough of that, even as it was imposing steep penalties for noncompliance.

"If you were driving down the street and you got a speeding ticket, and there was no speed limit sign, it probably would be thrown out of court," she said.

Yet the BSA is getting more aggressive. Its CEO says software licenses aren't as difficult as many users contend. It has dropped an amnesty campaign for businesses. And this year it began dangling rewards of up to $1 million to disgruntled employees who anonymously report their bosses for using counterfeit or unlicensed software.

"The software vendors have every right to collect the license fees they're entitled to," said Tom Adolph, an attorney with Jackson Walker LLP who has defended against BSA claims. "It's the tactics of the BSA that rankle me."

The BSA was founded in 1988 to represent technology companies on many fronts, and its members also include IBM Corp., Hewlett-Packard Co. and Dell Inc. The alliance spends more than $3 million a year on lobbying, prodding Congress on such issues as patent reform and Internet security.

But the most visible element is the BSA's fight against counterfeit software and illegal copying. Not all members are part of that effort; those that are include Microsoft, Adobe, Symantec, Autodesk Inc., Apple Inc. and McAfee Inc.

In countries with the highest piracy rates, the BSA has pushed governments to crack down, arguing that greater respect for intellectual-property laws would stimulate investment in their economies. In July, Chinese police who cooperated with the BSA and the FBI crushed rings that had been selling an estimated $2 billion worth of pirated Microsoft and Symantec software around the world.

These steps seem to work. The percentage of software in China that was not legitimately purchased is 82 percent, but that's down from 92 percent in 2003 and 96 percent a decade ago, according to BSA-commissioned market research.

Overall, the BSA says the worldwide piracy rate is 35 percent, down from 43 percent in 1996. However, the group says that because the industry has grown in that time, software companies' annual piracy losses have quadrupled. The BSA says piracy took a $40 billion bite out of a $246 billion industry in 2006.

In the United States, where the piracy rate is a worldwide-low 21 percent, the BSA's strategy includes working with law enforcement and Web sites like eBay to stop suspiciously cheap software sales online.

Beyond hunting for dicey characters buying and selling counterfeits, the BSA also devotes significant attention to other forms of what it calls piracy by business users. The money harvested in these company-by-company crackdowns is not parceled to its members whose copyrights were infringed; the funds stay with the BSA to fuel its operations. (BSA's worldwide settlements soared 53 percent last year to $56 million.)

Plenty of cases originate when a whistleblower reports that a company is intentionally cheating -- copying one program onto multiple PCs. In extreme cases, the BSA will get court approval to raid companies in search of evidence.

However, there are ways to get in trouble that do not begin with counterfeits or downloads. Companies sometimes legitimately buy software and fail to follow the letter of the licensing agreements that accompany the programs.

For example, computers often get handed down. Newer, faster machines go to employees who perform intensive technical work, and their old PCs go to colleagues with lesser needs.

Commonly an employee can transfer a copy of, say, expensive drafting software to a new machine. But many companies forget or don't realize that the software should be deleted from the old machine if the company has only one license for it -- even if the receptionist who gets the hand-me-down PC never uses drafting software.

The situation is further complicated because software licenses vary greatly. Some programs can be shared on multiple computers in an organization, or used by the same person on a home and office computer.

Multiply such oversights by dozens of software programs, and suddenly a BSA audit can lead to a charge of big-time piracy.

"They call it something awful, but sometimes you grow so fast, you can't keep control of everything," said Mike Lozicki, president of MediaLab Ventures LLC of Tampa, Fla., which paid the BSA $125,000. Lozicki said 12 percent of MediaLab's software was deemed out of compliance, much of it sitting unused. "It was some really obscure stuff," he said.

The BSA enforcement director, Jenny Blank, wouldn't comment on his case.

BSA audits zing companies for software that came with used computers they bought to save money. The BSA considers software pirated if a company can't produce a receipt for it, no matter how long ago it was purchased. Software boxes or certificates of authenticity are no help, because the BSA argues the software could have been obtained from an illegitimate source.

No wonder, then, there are companies that exist mainly to help other businesses track and comply with their software licenses.

Robert Holleyman, who has headed the BSA since 1990, countered by saying a lot of companies have figured out how to get their software licenses in order.

"I don't agree with the assumption that license management is necessarily a complex task," he said. "I think that to suggest that it's impossible to do -- which is not your word, but is your inference -- would belie the heroic efforts of the vast majority of software users."

Yet it's safe to say the software industry has not exactly handed its customers a product that is easy to manage. That's one reason why Britain's Federation Against Software Theft -- an industry group that, like the BSA, pursues scofflaw companies -- has a sister division that educates companies, for a fee, on how to stay compliant.

John Lovelock, the British group's director, said that if it undertook enforcement without the education program, "it would be half of a virtuous circle. It would give us only half of a solution."

The BSA does have some software-management tools and advice on the Web. And this summer, it partnered with the federal Small Business Administration to develop and publish educational materials about software compliance.

However, software-management gurus say the BSA could be far more active in assisting companies -- which are, after all, its members' customers.

"Instead of just being the software police, be the police in the sense of helping old ladies across the street," said Barbara Scott, a software consultant for Redemtech Inc. "The BSA could become more of a partner with organizations that they're hammering as well."

Rather than a helping hand, BSA targets say they feel a stinging slap.

After an audit, the BSA generally demands at least twice the retail price of software deemed out of compliance. It also seeks the "unbundled" price of software that is sold together. So if a company loaded too many copies of a $300 package of Microsoft Office, the BSA might tally the retail value of every element in the package -- Word, PowerPoint, Excel, etc. -- which totals more than $1,000, and then at least double that.

Rob Scott, an attorney with Scott & Scott LLP who specializes in defending against BSA claims, argues that by charging the unbundled rate, the alliance misrepresents U.S. copyright law, which counts product compilations as single works when it comes to assessing damages. (The BSA says Scott's reading misdefines "compilation.")

The BSA accurately points out that under copyright law, it could collect up to $150,000 per infringed work if it prevailed in a lawsuit, or $30,000 if the incident was unintentional. Neil MacBride, the group's head of legal affairs, calls the law's figures "draconian" and says that by seeking less, the BSA gives violators a break.

Another way the BSA used to rebut accusations that its copyright crackdown was all stick and no carrot was through occasional "grace periods" or "software truces." In those periods, the BSA would air ads in certain cities, reminding companies of software copyright rules and giving them 30 days to buy new licenses without penalty.

But the group no longer offers such amnesties.

"We just moved on to something different," Blank said. "You just don't do the same thing all the time or it gets old."

Lately, there's been another change in BSA tactics.

For years the group implored unhappy employees to report their companies for software piracy. "Nail Your Boss!" the ads said. But beginning in 2005, the BSA sweetened the deal by offering $50,000 rewards to whistleblowers in the U.S. It raised the limit to $200,000 last year, and now it is $1 million.

That matched the top reward of a smaller trade group, the Software and Information Industry Association, which has many of the same members, but not Microsoft. (SIIA also serves as a copyright watchdog for media companies, including The Associated Press, that want to stop their content from being misused online.)

Blank says the high reward is having its intended effect: It is bringing in more leads. However, she also says about half of all tipsters don't want any money.

It's unlikely the BSA will ever pay $1 million. The rewards have a sliding scale, with informants eligible for $1 million only if the resulting case reaps more than $15 million. The BSA's largest case, against what it called an "international media company," pulled in $3.5 million. Most informants collect closer to $5,000.

Even so, having rewards at all raises questions of whether the BSA creates a perverse incentive for employees who discover their organizations out of compliance: Should they help their bosses get squared away or try for a BSA jackpot?

Although whistleblowers aren't revealed to the target company, businesses often suspect the tipster was a technical employee -- even someone who had been responsible for handling software installations.

The BSA says people who intentionally load software improperly at a company are ineligible for rewards. But it can still bring a case sparked by someone who had let the problem fester.

That dynamic, coupled with the fact that software can be hard to manage, is why BSA critics contend the organization can get cash almost anywhere it pokes.

Blank disputes that notion. She said it's not worth the BSA's time to chase "onesy, twosy random noncompliance," so it focuses on the worst offenders.

Yet in 2005, her group pursued Mediaport Entertainment Inc. of Salt Lake City, where an audit revealed two unlicensed copies of Microsoft software. Retail value: $6,500. The BSA pressed for $16,500; the sides settled for an undisclosed amount.

Blank said she didn't recall the case.

When he directed BSA enforcement from 1993 to 2005, former federal prosecutor Bob Kruger didn't make much of grumbling from BSA targets. Mainly, he says, people were rationalizing software copying they knew was wrong.

"It's never fun to be investigated or audited or charged. I think it's human nature to say, `Well, you know it's not all my fault,'" Kruger said. "I don't think BSA was ever above reproach, but I think we always tried hard to run a program we could take pride in."

In particular, Kruger's group enjoyed big gains against piracy. Even in the U.S. it was over 30 percent in the 1990s, but it fell to 22 percent in 2003, according to the BSA-commissioned research.

"People are better now than they used to be. More often, it was the case in the past that BSA would identify organizations trying to get away with something," Kruger said. "More likely these days the disputes are going to center around negligence or sloppiness. It's not across the board, but I think it's a fair general statement. And that's because BSA has been, to some degree, successful in raising awareness."

Yet the campaign no longer shows momentum. The U.S. piracy rate ticked down to 21 percent in 2004, and there it remains.

So does the BSA need a new strategy?

"I think it's a fair question: What exactly is the problem the program is tackling now, as opposed to the problem it was tackling 10 years ago?" Kruger said. "If the problem is the same, that says something about the effectiveness of the program, doesn't it?"

Holleyman acknowledged that the BSA is finding it tough to have its "voice heard for the remaining part of the marketplace where there is piracy." But he said he sees no reason to try a dramatically new approach.

Top antipiracy executives at Microsoft and Autodesk praised the BSA for keeping piracy from rising; Autodesk said its experience supports the notion that smaller businesses have the biggest compliance problems. Other alliance members declined to comment.

They may be overlooking something: BSA targets commonly say they wish they didn't have to buy anything again from the companies that unleashed the alliance on them.

In one case, a BSA raid on musical-instrument maker Ernie Ball Inc. cost the company $90,000 in a settlement. Soon after, Microsoft sent other businesses in his region a flyer offering discounts on software licenses, along with a reminder not to wind up like Ernie Ball.

Enraged, CEO Sterling Ball vowed never to use Microsoft software again, even if "we have to buy 10,000 abacuses." He shifted to open-source software, which lacks such legal entanglements because its underlying code is freely distributed.

For many businesses, open-source has seemed technically daunting or unable to match the proprietary programs seen as essential in some industries. These days, however, the march of technology might be changing that.

That's one hope of Michael Gaertner, the architect who worried his BSA encounter would crush his business. Now he wants to rid himself of the Autodesk, Microsoft and Adobe software involved in the case.

"It's not like they have really good software. It's just that it's widespread and it's commonly used," Gaertner said. "It's going to be a while, but eventually, we plan to get completely disengaged from those software vendors that participate in the BSA."

Featured

Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.