In the past few years, the Business Software Alliance (BSA) and the Software and Information Industry Alliance (SIIA) have had great success with their eye-catching offers to potential whistleblowers for tips on enterprises using unlicensed software. These trade groups represent the major software publishers and one of their prominent functions is targeting unauthorized software usage (as well as, in the case of SIIA, unauthorized content usage). They take action against software resellers and end-user organizations that make unauthorized copies and work with law enforcement agencies to coordinate enforcement of criminal copyright laws.
If your company has not been proactive in its software compliance efforts and you have been targeted by one of these organizations, you should expect to pay a substantial settlement.
The BSA and SIIA generally receive their tips from disgruntled or former employees (and just about everyone has at least a few individuals that fit this description). Independent contractors and vendor employees are also an important source of tips. The organizations will pay bounties of approximately 10 percent of the amounts recovered, which can be a significant motivating factor. I have worked with more than one targeted business where we concluded that the tipster, in an ironic and painful twist for the client, was none other than the IT manager responsible for the wholesale unauthorized copying. This fact was unfortunately of no help in avoiding or reducing the company's liability.
As a prophylactic measure, in-house attorneys at all organizations - including non-profits and governments - should ensure that IT departments are regularly undertaking self-audits utilizing automated programs that measure the number of copies of software programs installed and then compare those results to documented licenses purchased. Counsel may then fix any non-compliance (by deleting unauthorized programs and/or purchasing the appropriate licenses) before someone contacts the BSA or SIIA.
Once you have been targeted, the first step will generally be a letter to your CEO asserting that the group has evidence of substantial non-compliance and reciting the potentially enormous damages available to copyright owners in a successful lawsuit. It is critical to involve experienced counsel before responding in any way. The magnitude of the problem, and the size of the potential settlement, can depend significantly on counsel's knowledge of the organization's methods, tactics and expectations.
The letter will also demand a self-audit and the best approach is to be cooperative at this stage. Once you have the results of the audit, the fun begins. If the gap between the installations and the purchased licenses is significant, one must sometimes get creative with legal arguments, while still maintaining a cooperative tone. In most cases, you will also need to dig into the facts and search for documents supporting the licenses purchased. Resolving these factual issues in your favor (rather than making legal arguments denying infringement) is the easier path to lowering your exposure.
Ultimately, settling with the matter will require the payment of a multiple of the unpaid license fees plus legal fees. Failing to settle, however, could lead to a lawsuit alleging copyright infringement under the U.S. Copyright Act, which has provisions and remedies quite favorable to copyright owners. Statutory damages under Section 504(c) of the Act can be as high as $150,000 per program infringed if the infringement is deemed willful. Attorneys fees are also available to prevailing plaintiffs.