Are Software Auditors ‘Shake-Down Artists’?
Scott responds to a reader’s call to action against the “black shirts.”
- By Scott Braden
My article "Software Raids: Surviving an Audit," published in the
January 2006 issue of Redmond
magazine (read it online here
apparently struck a nerve. Micah B. Haber from Nashua, N.H., wrote in to say:
"I am stunned that Redmond's advice to those threatened with
software audits is to roll over for these thugs. The BSA and SIIA are shake-down
organizations, lacking the force of law. The proper response to such gross
intrusions of privacy is to fight them tooth and nail. If the software audit
‘black shirts’ start harassing you, quickly move to open source
software. Better to have an open source transition plan ready to go the moment
a threatening letter appears in your mailbox then to have to deal with the
likes of the BSA and SIIA marauders. Make it as costly as possible for them
to audit you, and ensure that you move to products whose vendors are respectful
of the fact that violated customers don't buy twice."
I suspect that many IT professionals agree with him. But they're wrong on several
assumptions. And in this area, being wrong could be very bad for your career.
"The BSA and SIIA are shake-down organizations, lacking the force
Let's take the second point first: "lacking the force of law." Actually,
the BSA and SIIA, while not law enforcement agencies of the government, do have
the law on their side. They are (to oversimplify a bit) acting as attorneys
for the publishers. Their mission is to help the publishers protect their copyrighted
property, which we as the IT pros have licensed (or not). So their activities
are, in fact, fully legal, having been tested in court many times. Generally
speaking, it's a bad idea to assume that a BSA or SIIA audit "lacks the
force of law.” It's also a bad idea to say that to your company's executives.
So, they have the force of law with them, but are they shake-down artists?
I guess that depends on your point of view. Mine is that people and corporations
are responsible to honor their contracts and obey the law. If you don't, then
you run the risk of audits, penalties and other unpleasant things.
If you don't pay your credit card bills, do you call the collection agent a
shake-down artist? How about the cop that gives you a ticket for running a stop
sign? The simple fact is that the creator of the software owns the rights to
its use. When you “license” a product, you’re not buying the
control of the product; you’re only buying the specific rights granted
to you in the license terms.
"The proper response to such gross intrusions of privacy is to fight
them tooth and nail."
Now this one, we're closer to agreement than Micah might think. Any good attorney
will tell you that whether you're "in the right" or "in the wrong,"
you still need to mount an aggressive defense. So don't handle it yourself:
This is a legal matter, so get the lawyers involved.
Is a BSA audit a gross intrusion of privacy? As long as the auditors follow
the terms of your license agreement, which your company willingly agreed to,
who can complain?
"If the software audit ‘black shirts' start harassing you,
quickly move to open source software. Better to have an open source transition
plan ready to go the moment a threatening letter appears in your mailbox then
to have to deal with the likes of the BSA and SIIA marauders."
Also good advice, but by the time an audit notification arrives in your mail,
it's too late to move to open source ( in order to wriggle out of the audit).
But it's always a good idea to investigate alternatives to your current vendors,
applications and toolsets. So don't wait for an audit to look at open source
-- do it because of all the other good reasons.
Oh by the way, the BSA recently announced
a few more audit settlements, with penalties up to $110,000.
What’s your take on software audits? Are you feeling a bit concerned
about your compliance situation? Send me a note or post below and let me know!
Confused? Frustrated? Well, help is on the way. You see, I'm speaking at the upcoming TechMentor conference in March, and I want to make sure you get the info you want. Take a minute to tell me what topics you'd most like to see me cover in a three-hour "Crash Course in Microsoft Licensing" session by clicking here and taking a quick, three-question survey. I'll send you a free “thank-you” gift.
Scott Braden has helped more than 600 companies negotiate Microsoft volume
license deals. For a free case study, "How a Mid-size Company Saved over
$870,000 on a $3 million Microsoft Enterprise Agreement, in Less Than Three
Weeks," visit www.MicrosoftCaseStudy.com.