Software Audits

Do you know how many licenses your company owns for Microsoft Word? Do you know how many use it? Does anybody in your company have a good handle on your licensing? If the answers are "no" and "no," you may find yourself paying large penalties for your improper licensing.

The basic rule of software licensing is that when you buy software, you are not actually buying the product outright. Usually, you're only buying a license or right to use the software in a limited way. These terms are spelled out for you in your software license which accompanies the software - you know, the thing you should read, but don't.

For smaller purchases, these terms and limitations are usually written by the software company and are extremely one-sided to favor them. Your choices with these smaller purchases are rather limited. You can either accept the software company's terms, or find another product. On larger purchases, purchases from small software vendors and certainly when you are talking about custom code, your technology attorney can, and should, help you negotiate better license terms.

There is no such thing as a typical license. They're all different and vary with each software company. The variations on where and when you might need a software license to legally use a copy of software are also almost endless. You could possibly need one per computer, one on a server for your entire company to use, one for the server and each desktop using the program, or one for office and home use. The variations are endless.

I should know, I write these licenses.

There are many reasons a company might be using software licenses that they're not properly licensed to use. Let's face it, it's easy to lose track of software licenses if you aren't careful. Even well managed companies can be using unlicensed software through bookkeeping errors or simple mistakes. These mistakes are usually caused by a company mismanaging software assets, or employees misusing software without the proper licenses. And, of course, cases of willful violations happen too.

While some companies are very good at designating a person or section to keep track of the licenses they have, when they might expire, and other valuable information, most are not.

One independent study has shown that up to twenty-two percent of all software used in the United States is not licensed properly. While that may not sound like a big deal, you could be facing severe penalties if caught using unlicensed software.

You should already have your technology attorney conducting intellectual property audits, and I strongly suggest you have your attorney conduct software audits for you too. It’s the type of project where a junior associate can take the lead to reduce the cost.

When I conduct a software audit for one of my clients, I'm taking a close look at the software they are currently using on each computer, server, handheld device, cell phone, and other technologies to ensure they have paid for the right to use each and every piece of software they are using that requires a license.

I'm also going back in time through their paperwork to track the software purchases, looking at dates and number of licenses bought, the initial term and renewal periods, renewal fees, whether my client has kept up to date on their renewals, and any software updates.

If you don't have such a system, you're playing with fire. It only takes one disgruntled employee to turn you in. Then you are really facing a financial hit, and there is a very active industry group out there looking for companies who are not buying the licenses they should.

The Business Software Alliance (BSA) was formed by a number of major players in the software industry, and calls itself the "the voice of the world's commercial software industry and its hardware partners before governments and in the international marketplace." Perhaps you've heard of some of the software companies: Adobe, Apple, Microsoft, McAfee, and SAP to name a few. The BSA's efforts worldwide have brought thousands of companies into software license compliance through their enforcement actions.

The BSA views unauthorized use of computer software as stealing someone else's property. The BSA encourages companies to examine their own software management programs, before enforcement becomes an issue, to ensure companies are using only licensed copies of computer software.

"BSA recommends that all companies and organizations have strong software management policies in place -- including periodic internal audits, guidelines for supervisors, and clear procedures for employees. Companies cannot be too careful about being compliant."

If you don't think they are serious, consider this: the BSA estimates the software industry lost $6.5 billion in revenue in 2003 alone to software theft. And if you are caught using unlicensed software, they consider you a thief.

The BSA is looking at a variety of ways software piracy and theft occurs in business today. For example, they've found cases where end users make copies without authorization, cases of client-server overuse where too many users on a network are using a central copy of the software, cases where companies were using illegal Internet downloads of the software, cases where computer sellers were loading illegal copies onto the hard disks of new computers to make them more attractive to consumers, and straight out software counterfeiting.

Keep in mind that this is not an exhaustive list. As software piracy and theft takes new forms, I'm sure the BSA will be right on its heels, so don't think you've found a new way to get free software.

While the BSA takes an active role in hunting down cases of theft and piracy, they use a variety of proven methods to encourage public involvement. They've set up over sixty-five hotlines worldwide (1-800-NoPiracy in the U.S.) where anyone can call in and report cases of software piracy and unauthorized use. Alternatively, people can use BSA's Online Reporting Form on their Web site at www.bsa.org. They also use radio commercials, direct mail, and other advertising efforts to get the word out. They have also been known to offer rewards.

If you are using unlicensed software, can you trust your employees not to turn you in? What about the disgruntled ones, the employees you've fired who did not take it well, or just an aggressive competitor? Any one of these people could turn you in just for their own personal satisfaction, and the BSA's radio spots play on this by saying that, "Unless you have no current or former unhappy employees, you're only one phone call away from a BSA investigation."

As the BSA notes, just because someone is unhappy with your company does not mean they don't know about the truth about your software misuse. Sometimes people give the BSA very detailed information accessed through company computer systems.

Most of the BSA's investigations start through phone and website reports, and then the enforcement process begins. Once the BSA determines the information they have received is credible, you can expect a warning letter from their attorneys requesting you to conduct a voluntary audit of your company's software licenses and report your findings to the BSA. Even if you've invested in a software audit before being contacted by the BSA, now would be a good time to call your technology attorney. Do it before you conduct your own internal audit. AND DO NOT RESPOND TO THE BSA IN ANY WAY. LET YOUR TECH LAWYER DO YOUR TALKING. OFTEN, THE LESS SAID, THE BETTER. If we conduct your software audit and can prove you are in total compliance, you have nothing to worry about other than some time and effort showing the BSA you have all the licenses you should. However, effectively, you will have the burden of proving your compliance.

Most companies cooperate and conduct internal audits after being contacted by the BSA. Uncooperative companies could face an unannounced raid by the BSA accompanied by U.S. Marshals after the BSA starts civil or criminal process. However, since most companies comply, these types of raids rarely happen.

Once the letter or the Marshals arrive, it is too late to change your ways - BSA is not interested in hearing you are "working on compliance." They are looking to get the software licensing fees you should have paid in the first place (these fees are then passed along to the software companies). Then the BSA suggests an initial settlement figure, and most companies enter into negotiations to settle since it is usually easier and cheaper than fighting the BSA in court.

When settling, the BSA also wants companies to agree to delete any unlicensed copies of software from their computer systems, purchase replacement software, and strengthen their software management practices.

Penalty settlements often range from $50,000 to $100,000 and even higher - money that the BSA uses to fund their education and enforcement programs. Settlements over the last year have reached as high as a single company paying $275,000. Last year, the BSA announced three companies in Florida settled claims that unlicensed software was installed on their company computers, for a combined total of $210,000. Individually, the settlements were for $25,000, $35,000, and $150,000.

Moreover, as if paying a large settlement was not enough, your settlement with the BSA is likely to be announced to the world in one of their press releases. Oh joy.

While large settlements and bad press sounds bad, not settling with the BSA could really cost you. If the company holding the copyright in the software you are using without a license were to sue you, you could face damages in the six figures and possible criminal fines and jail time. All because you made a simple mistake, or worst case, were trying to be cute and use software without a license.

A major part of your license management strategy should be to educate your employees about software licenses, and include strong language in your employee Computer Use Policy detailing your position. You have to eliminate your employee's unauthorized use and/or piracy.

So ask your technology lawyer to conduct a software audit on your company. Your audit can help bring you into compliance with the licenses you already have, and hopefully avoid potentially expensive penalties and bad press. It is more expensive to use unlicensed copies of software than to have your technology attorney conduct an internal software audit.

If you are ever contacted by BSA or anyone regarding your software licensing, call your tech lawyer before you respond. You're walking into a minefield and going it alone is a bit like doing your own surgery. Bad idea.