More On

Stealing Software

It began covertly. Someone with inside knowledge of Meritage Corp. quietly contacted the Business Software Alliance (BSA), a trade group that represents some of the country's biggest software companies, and reported that the homebuilder was using unlicensed software. BSA then demanded Meritage perform a software audit. The results weren't good.

The company couldn't prove it had purchased licenses for all its installations of Adobe, Microsoft, Sybase and Symantec software. "We clearly established through our audit that we had lots of properly licensed software, but the status of a fraction of our installations was less clear," says Larry Seay, Meritage's CFO. "Rather than spending even more time to conclusively determine the status of this remaining software, BSA and Meritage opted to settle the matter." That settlement cost Meritage $200,000.

Meritage isn't the only company that had to hand money over to BSA in recent months. MediMedia, a New Jersey-based health care company, recently paid $375,000. Wham-O Inc., Burt's Bees, LiveBridge Corp. and Fair Isaac Corp. all recently ponied up sizable amounts of money after audits revealed their computers were running unlicensed software.

"We have seen one hospital reach a $6 million to $7 million settlement," says David Teske, an IP attorney in the Atlanta office of Alston & Bird. "It can be a significant financial event for a business."

Such damages are only one of the burdens imposed on an accused infringer. The company also must confront attorneys fees, the costs of carrying out a hurried software audit and damage to its reputation. But despite these negative effects, companies are still being caught with unlicensed software.

"It remains a significant problem," says Keith Kupferschmid, who heads the enforcement efforts of the Software & Information Industry Association (SIIA), a trade group that represents more than 700 IT companies. "The fact that we have 200 active cases at any given time shows that."

Growing Problem

Twenty-one percent of all software in the U.S. is pirated, according to a 2005 study conducted by IDC, a technology consulting company. Much of this unlicensed software is on businesses computers, though most aren't infringing intentionally.

"Even good, well-managed companies run into issues with software copyright compliance," admits Jenny Blank, director of enforcement for BSA.

If a company has unlicensed software, there's a good chance it will be caught. Software vendors and the trade groups that represent them are constantly on the prowl for companies using unlicensed software. The SIIA even offers rewards of up to $200,000 for tips on unlicensed software use.

If a software organization suspects a company is using pirated software, it will ask the company to undergo an audit, pay a fine and then purchase licensed software. If the company declines to cooperate, the groups sue for infringement. If the company loses, it could face up to $150,000 in statutory damages for each unlicensed software title.

"We would advise companies to get smart and get compliant, because if they don't, we will come knocking on their door," Kupferschmid says.

Keeping Track

The BSA maintains corporate infringement can be stopped relatively easily, so long as managers take the issue seriously. "Many companies just fail to give software sufficient attention," Blank says.

Other experts, however, say the problem is far more complex and is caused by the software companies themselves. "It's 100 percent the responsibility of the software publishers in failing to make compliance easy," says Robert Scott, a Dallas attorney whose firm, Scott & Scott, defends companies accused of software infringement.

The problem starts with the proliferation of software. "The average large corporation has 15,000 to 30,000 unique software titles," Scott says.

Each of the software titles has its own license terms, and these terms can be quite tricky to follow. "For any piece of software, there are tons of complex licensing rules," Scott says. "Moreover, a software license can't be understood just by reading the legal document."

Some licenses, for instance, are tied to specific computers. So if the company replaces one of these computers, it can't just transfer the software, it must buy a new license. Some licenses for server software set limits on allowable processing power, so the company can violate licenses if it upgrades its servers.

Even if a company obeys all the terms of a software license, it can still run into trouble proving it paid for the license.

"My clients always say 'I bought this product, here's the credit card receipt.' But the software companies say that is not sufficient proof of purchase," Scott says.

For software organizations, only detailed invoices and packing slips suffice as proof of purchase. And often, such proof simply isn't available.

Legal's Involvement

To minimize their risk of being caught using unlicensed software, companies need to develop policies that limit how employees add software to their work computers. The policy should come from upper management, and the rules on software use should be included in employees' regular refresher courses on ethics.

Companies may also want to implement processes for managing their software assets. Software used throughout the company, such as operating systems or word processing software, should be purchased and managed as part of a centralized software asset management program. Specialized software that only one division of the company needs should be purchased by the appropriate department. Although that department should be responsible for managing that software, it also should notify the company's central authority about the license, so that it can perform regular audits.

Lastly, the company's legal team should review all software licenses and explain what they mean to the procurement professionals. They also should work closely with the IT department to ensure that users are properly following the license terms and that the company regularly audits its software.

"The number one thing to understand is that this is not an IT problem, this is a legal problem," Scott says. "A company's general counsel has to start taking ownership of this issue."

Join the Conversation

Advertisement. Closing in 15 seconds.