Thank you for sharing!

Your article was successfully shared with the contacts you provided.
According to a report released earlier this year by the Business Software Alliance, one out of every four business software applications installed in the United States is unlicensed, and thus a potential copyright infringement violation. Numbers like these have turned many businesses into targets in recent years, as software companies have made battling unlicensed software in the workplace a top priority. Armed with the threat of stiff penalties under the copyright law and backed by highly active trade groups, software vendors are increasingly making businesses aware of the unlicensed software problem and requesting that businesses perform a “software audit,” in which the trade group will use an express or implied threat of litigation to ask that a company submit to a determination of whether unlicensed software exists on its computer system. Unlicensed software can make its way onto a company’s desktops and servers in a number of ways, most of them far removed from traditional notions of “software piracy.” Employees may share applications with one another without going through the proper channels or load personal copies of a program onto their work computers, which copies may then, in turn, be shared. Business entities expand and undergo personnel changes, leading to unauthorized copying; often, the rights granted by a software license are not easy to discern. Of course, deliberate corporate cost-cutting exists as well and licenses can be especially burdensome in this economic climate, but the downturn cuts both ways: software companies are facing new pressures to generate revenue, leading perhaps to zealous pursuit of license fees from their customers. Justified or not, software audits can be expensive propositions for companies, especially small or medium sized businesses. They can also be embarrassing. Attorneys and businesses should therefore understand the steps that should be taken to avoid a software audit, as well as what to do if an audit letter does arrive. WHO ARE THE SOFTWARE POLICE? Software companies have banded together to form two powerful watchdog groups to police and enforce their intellectual property rights: the Business Software Alliance (BSA), whose dozen or so members include Microsoft, Symantec, and Adobe Systems; and the Software & Information Industry Association (SIIA), which claims over 1,200 members worldwide. Both groups conduct investigations into allegations of piracy on behalf of their members, and if necessary audit, litigate against or prosecute offending companies with the assistance of law enforcement. Both the BSA and the SIIA receive reports of corporate software piracy through their toll-free hotlines and Web sites. Typically, and with apparent frequency, tips come from disgruntled employees or former employees of a company. But they can come from practically anyone with knowledge of a company’s software, including computer repair personnel or even unhappy customers. Confidentiality is guaranteed to informants, but extensive questions are in place to establish the credibility of a source before an investigation commences. After a tip is received, an agency will attempt to further confirm that piracy exists by contacting the vendors and examining the license agreements in place with the target business. While both the BSA and SIIA are extremely active on behalf of their members, some individual software vendors have their own enforcement divisions that have undertaken letter campaigns to customers requesting software audits. Sometimes the vendor’s right to an audit is part of a software license agreement; however, even where no express right to an audit exists, some software companies have nonetheless made requests to customers for documentation, again with implied or express reference to litigation if the company does not cooperate. WHAT IS A SOFTWARE AUDIT? A software audit usually comes in the form of a letter asking a company to prove that it has the requisite licenses to operate all the specified software on its system. The letter may instruct the company not to delete or de-install any of the specified software, and not to attempt to correct the situation by purchasing or updating licenses from the vendor. Most audits require a company to run a proprietary software program on its system that detects the existence of all the programs that are installed on the system. By a certain date, the company is asked to send the results of the software check, along with supporting documentation demonstrating the company’s right to use the software found on the system. Depending on the results of the audit, the vendor or agency will require the company to delete all unauthorized copies of installed software, pay for unauthorized past use of the software, and then obtain legitimate licenses to cover newly installed software. A settlement agreement will set forth the exact terms and deadlines for the payments. While the SIIA keeps settlements with cooperating companies confidential, the BSA often makes some of the terms of the settlement public. Many of the BSA settlements result in payments of over $100,000. ( See www.bsa.org/usa/press/releases). While federal law provides for injunctive relief in copyright infringement cases, (17 U.S.C. Section 503(a)), and even prejudgment seizures are possible, forced audits usually come only after a more cooperative track is sought. HOW TO RESPOND TO AN INQUIRY If a demand for an audit comes from the BSA or SIIA, swift but measured cooperation is usually the best course, as the agency will probably have enough information at that point, and certainly the resources, to pursue further legal action. It is unlikely that the company can account for each and every software application installed on its system, and the threat of full-fledged copyright litigation or a forcible audit is a severe risk. If an audit demand comes from a vendor, the relevant license should be reviewed to determine the vendor’s right to the audit. Audit clauses are included in most software licenses, but may vary in such details as the frequency with which they are allowed, who bears the cost of the audit, and the time frame that a company has to respond. These issues should be fully understood before a response is given. If no express right to an audit is found to exist, refusal to cooperate is an option, but a more cautious route might be to try to ascertain the vendor’s basis for making the demand and then respond accordingly. At the same time, the company should take steps to ascertain its compliance, and if noncompliance is found, then negotiation with the vendor for an increased license right might be the wisest course regardless of the vendor’s right to an audit. If counsel will be involved in the audit, then the audit letter should of course be turned over to an attorney immediately. Steps should then be taken to preserve the attorney-client privilege over the audit to the extent possible, keeping in mind the possibility of future litigation. Care should be taken to minimize the risk that reports are disclosed within the company without regard to the privilege. If cooperation is undertaken, this should be communicated to the auditing entity swiftly, to avoid the threat of further action and to keep the situation as amicable as possible. Depending on the structure of the company and other considerations, it may or may not be a good idea to send an e-mail or other communication advising all employees of the audit. On the one hand, employees may be able to alert counsel and management to possible violations at the outset, thus facilitating the audit. On the other hand, employees may get the wrong message and attempt to hide or destroy copies in a way that may further complicate the company’s efforts. Whether or not the workforce at large is informed of the audit, it is critical that everyone involved understands their obligation not to destroy records or remove software in response to the audit. Such impulsive reactions may compound any existing problems, as software audit software programs such as the one used by the BSA can easily detect erased programs. Before any action is taken in response to an audit, it is important to define its scope. Depending upon the terms of the licenses at issue, a company may have responsibility for the compliance of affiliated businesses as well. If the audit comes at the request of a particular software vendor, such as Microsoft, it will be clear enough what applications need to be checked and documented. But an audit undertaken by a trade group should be limited to vendors represented by that group, and the company should make clear that it will be reporting and documenting only those covered applications. Informal negotiation with the auditing entity can be key throughout the process. The company may be able to exclude certain types of software, such as unlicensed computer games downloaded without permission onto employees’ computers, from the audit. While stiff penalties are often unavoidable, there is certainly room for negotiation. AN OUNCE OF PREVENTION There are of course a number of steps that companies can take to avert the threat of a software audit. Foremost is good software management practices that are ingrained in the operation of the business. Purchase and record keeping procedures should ensure that copies of licenses and invoices and proof of payment for each software product loaded onto all computers are maintained in a central place and kept current. An inventory of all software applications should be taken periodically. Smaller companies may be able to take inventory manually, but larger companies may want to consider more advanced audit and management tools. The BSA offers a free software audit tool for companies wishing to conduct self-audits. According to the BSA, its new GASP Version 6.2 allows an organization to conduct audits of up to 100 computers for up to 60 days after the download. GASP helps to identify and track licensed and unlicensed software and other files installed on a company’s computer systems including desktops, laptops and network servers. Although some may balk at entering any information about one’s company in order to download the software, BSA’s privacy policy restricts its use of this information. ( See www.bsa.org/usa/about/privacypolicy/.) Many other commercial products and consultant services are available to assist companies not only with auditing their computer systems, but also for more general management of their software assets. It is also important to keep on top of the organization’s software needs. Regular surveys allow employees to communicate their software needs and allow the company to meet these needs in a compliant fashion. When employees’ software needs go unmet by the organization, the chances increase that unauthorized channels will be pursued, and licenses will go untracked. Highly publicized internal policies against unauthorized copying serve two functions: they make the company’s stance against unauthorized copying clear to all levels of the company, and they can serve to demonstrate good faith in the event that unauthorized copying is uncovered and a settlement needs to be negotiated. The policy should come from a high level of management, be signed by each employee and should communicate some or all of the following points, among others: � The company’s software licenses create a right to use software, not ownership of it. � The company has zero-tolerance for unauthorized copying of software, and such copying can result in termination. � Employees should not bring their own personal copies of software to work without authorization from the company. (Note that the BSA takes the view that the company benefits from software it did not purchase, and if such use violates a license it will be viewed as piracy.) � All software installations should be done by authorized personnel. This includes the downloading of software onto home or personal computers, which may or may not be allowed under a particular license. Samples of effective policies are available from the SIIA at www.siia.net/piracy/policy/corp_soft.asp, and from the BSA at www.bsa.org/usa/freetools/business/appc. SOFTWARE TRUCES Every several months, the BSA will offer businesses in several selected cities the opportunity to obtain licenses for all unauthorized software on their systems. Participation will immunize the business from all charges of piracy occurring during or before the “Grace Period.” See www.bsagrace.comfor details of this program. Richard Raysman and Peter Brown are partners at Brown Raysman Millstein Felder & Steiner LLP (www.brownraysman.com)in New York. Peter Scher, an associate in the firm, assisted in the preparation of this article. If you are interested in submitting an article to law.com, please click herefor our submission guidelines.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.