Shakedown: How the Business Software Alliance Operates 954
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
Sounds like they are spouting off. (Score:5, Informative)
City of Virginia Beach (Score:2, Informative)
First, (Score:5, Informative)
Good luck.
BSA's feedback phone number (Score:0, Informative)
Call them and POLITELY explain your thoughts -- it can only help.
Re:EULAs (Score:3, Informative)
Warrant??? (Score:2, Informative)
One word (Score:5, Informative)
Seriously: Where's the search warrant? How enforceable is a EULA with such broad contractual provisions that it forces a licensee to waive all rights to due process and freedom from illegal searches? (Before you naysayers tell me the Constitution has no bearing in this, check the facts: In many cases, BSA shows up at the doorstep with their very own law enforcement escort.)
There is a legal concept known as "blue-lining" in which a judge has the legal authority to water down, modify, or even eliminate certain portions of a previously-agreed-upon contract. I learned about this after I found myself the unwitting signatory to a capricious and completely illegal legal document. The state recognized the document as legally binding; however, the state also found the terms of the agreement were overly-reaching, capricious, and without legal standing, effectively nullifying the contract.
The reason why companies continue to write obviously unenforceable contracts is that they know the number of people willing to fight in court is very low. Most will simply roll over, expose their underbellies, and submit to being raped rather than fight.
Re:City of Virginia Beach (Score:3, Informative)
Can I suggest MIT? (Score:5, Informative)
Also, my 2c on this: There are a few angles. Clearly, a private institution is innocent until proven guilty under US law. So, the scare tactics the BSA is using on your University take a couple of prongs:
Lawyers. (Score:4, Informative)
Yeah, some people call it legalized extortion. IANAL.
For something like this, they should really go through your university's legal department. If the legal department hasn't gotten involved yet, then get them involved now! Get some counsel. They are the folks that were hired to protect you from this sort of thing (among many others).
This sounds just like pure intimidation to me. Especially once you mentioned that the audit includes personally owned computers. If they want to audit my personal laptop, which I bring into the office sometime, they would not send the notice to my employer. They would send it to me. Like I said before, talk to a lawyer. A lawyer, not the Slashdot crowd, can give you the best advice.
Re:You will never escape the BSA ... (Score:4, Informative)
grin and bear it (Score:2, Informative)
That said, my only experience with software audits is with Microsoft. It was quite a galling experience because the company I worked had spent a lot of money and time insuring that only licensed software was running on the machines. After that good faith expense, the BSA comes in and demands an audit. They basically hi jack our hardware people for a week, cause no end of interruptions to the development of our product, install gods knows what on all out machines, and wreak general mayhem. If course we could have avoided the entire thing by paying the "protection" fee. They treat the customers like addicts. It like you get the drug free know, and when you are hooked, we will exact the price.
Actually... (Score:5, Informative)
My personal encounter with Autodesk & M$ (Score:5, Informative)
This is my personal encounter - YMMV !
I attended a "seminar" hosted by Autodesk and M$ several years ago. At the entrance, the pretty girls were asking us to fill in info sheets, you know, like names, address, company you work for, et cetera, et cetera.
Since Autodesk and M$ were so kind to provide us with Orange Juice (Morn time, you know), I filled in the blanks.
Never would I thought that what I filled in ended up in BSA's file, and from then onwards - 6 years already - I and the company I work for, received THREATENING LETTERS, telling us that WE BETTER COUGH UP MONEY TO BUY GENUINE SOFTWARES or they will haul our butts in slammer.
Funny thing is, the Autodesk and M$ software we used (yes, USED, PAST TENSE !) were OFFICIALLY GENUINE, NON-PIRATED COPIES !
I got into troubles with my boss, since I was the one who filled in the blanks.
No matter how we tried to tell BSA that ALL OUR SOFTWARES ARE GENUINE, the threatening letters keep coming.
It got so bad that my boss decided to scrap M$ and all Autodesk softwares, and now we run Unix and NON-Autodesk softwares.
Yes, it actually cost us MORE to change our system, but at least, BSA, with Autodesk and M$, have NO MORE CLAIM ON US.
And the threatening letters still keep coming...
Talk about insanity.
And what happened above happened OUTSIDE of the good ol' U. S. of A.
Don't think you guys in the States suffer alone.
Countersue (Score:5, Informative)
Information at
http://slashdot.org/article.pl?sid=02/01/15/0
Be proactive. Fight back. A good tactic might be to develop an open source policy predicated on the cost of compliance with commercial software licenses being too high since even the companies don't understand their EULAs it's just impossible to do so and therefore the university will outlaw commercial software on their network.
The BSA is funded by MS, adobe, etc. If the BSA generates net positive income, they will continue storm trooping around. If it becomes a liability to have one's names associated with the organization, the underwriters will pull their support. This is a political as well as legal battle and if you don't fight, you'll be screwed, as will the next organization.
A good way to stay out of all this (Score:2, Informative)
Our office is in San Francisco, the city most effected by the BSA's tacticts. Lots of people I know got those letters. We did not. I attribute that to the above. Just a little plain old Sun-Tzu deception goes a long way.
Re:City of Virginia Beach (Score:2, Informative)
Also interesting: their website runs on open-source software, see Netcraft [netcraft.com]
Re:Legality in doing this? (Score:5, Informative)
Right. And this is why they CAN NOT just march in wherever they want, whenever they want, and do their raids. They CANNOT demand license documentation, they CANNOT install software, etc. without either a court order or police and a search warrant. I would do exactly what pitcrew suggested -- tell them to go to hell.
From the article: failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession
This, IMO, is absolute bullshit. It's like the police going through your refrigerator, making you produce receipts for every gallon of milk in there, and automatically assuming that the milk you can't account for with receipts was stolen from the local grocery store. They are assuming you to be guilty until you can prove yourself innocent. This is not the way our government works (or is supposed to work); the burden of proof is supposed to be on them, not you.
Re:Can I suggest MIT? (Score:2, Informative)
I graduated from MIT in EECS without seeing ONE wintel box
Most software companies will give MIT software for free anyhow so that future engineers will demand it in the workplace. The servers are chucked full of engineering packages, MATLAB, and such.
Re:Legality in doing this? (Score:5, Informative)
Re:well within their rights (Score:4, Informative)
if you don'thave any illegal or pirated software, what have you to hide?
This kind of thinking is precisely what the BSA is looking for. If you are stopped by a cop and you consent to a search of your vehicle, then anything illegal that the cop finds can be used against you, because you consented to the search. For example, say you go out of state and purchase a bottle of liquor and you put it in your trunk (out of plain view), on your way back, you get pulled over for speeding in your home state. The cop asks you to search the car, you say yes, and BAM! In addition to a speeding ticket, you are also busted for illegally importing alcoholic beverages (in many states, this is a crime). Yes, you may not have had any idea this is illegal, but you are nonetheless responsible for it because you consented to the search. Unless the cop has actual probable cause to believe you have comitted a crime (e.g., your car/license plates match the description of a vehicle used to commit a crime), they cannot forcibly search your vehicle.
Given this context, and how the BSA is strictly out to get you (whereas the cops are not), they most likely have ways of finding "illegal" things (that you did not know were illegal) and nailing you for them. The only way to prevent this is to not cooperate with them. Bring in the lawyers and make the BSA prove its case against you.
BSA members: (Score:3, Informative)
"BSA members represent the fastest growing industries in the world. Worldwide members include
Adobe, Apple, Autodesk, Bentley Systems, Borland, CNC Software/Mastercam, Macromedia,
Microsoft, Symantec, and Unigraphic Solutions. Additional members of BSA's Policy Council
include Compaq, Dell, Entrust, IBM, Intel, Intuit, Network Associates, Novell, and Sybase"
My War Story (Score:1, Informative)
Re:My personal encounter with Autodesk & M$ (Score:3, Informative)
>SOFTWARES ARE GENUINE, the threatening letters
>keep coming.
File a TRO to stop the threatening letters.
The threats will continue, then you nail them for
violating the restraining order.
Re:Let's say... (Score:2, Informative)
I've got a ton of original CD's, but I've never saved the trash that came with them. I never will.
ehh, not that simple (Score:2, Informative)
First off there is proprietary (non-open source, non GPL, etc) software for Linux and definately for Unix, which still makes that OS fall under the (load of crap) BSA audit system.
Hell, Unix in and of itself is proprietary (last time i checked anyhow), so it falls under this.
TCO generally involves regularly scheduled maintenance, problems with the system, administration etc. An audit is not something that is usually done on any regular basis, the BSA is seemingly random in how it does its audits , its not a reliable factor so itd be hard to factor in to a TCO.
What should be factored in to TCO is not the audit itself, but the time/cost to maintain records of software liscences. If a sysadmin properly records and notes software intsallations, internal auidts should be fairly painless. There is a clear advantage to software without a liscnece here because there is no liscence to keep track of in the auidt database.
Its concievable that if the BSA sees that a company keeps up with thier records and can do a fast auidit, the BSA would back down. They don't get much from successful auidits other than the audit fees, the big money comes from finding the 'illegal installations'.
Re:Go open source (Score:4, Informative)
That would be great except that the MS site licenses for universities require you to purchase licenses for every machine on your campus, wether it runs windows or not.
Re:Legality in doing this? (Score:2, Informative)
Re:Scared of audits? (Score:1, Informative)
Re:Well, one option is to uninstall everything (Score:3, Informative)
Re:Legality in doing this? (Score:5, Informative)
Also, they absolutely CANNOT demand to install auditting software on those machines. That's theft in my book. They are forcefully taking away my cycles.
Furthermore, they can't attempt to enforce a EULA that they don't know you accepted. Until they audit they have no way of knowing that you have EULA covered software on your machines, until they know you have EULA protected software on your machines they have no right to audit those machines.
Re:As a CIO myself... (Score:5, Informative)
I had some thoughts about all this while out getting lunch, and now that I've posted my idealogical rant about "innocent until proven guilty" obviously not applying in the civil world, I'll try to be, like, constructive for a moment.
First, any lawyer (and most of the posters here today) is going to tell you that it's cheaper to simply buy all new licenses (or whatever the BSA is demanding). Rifle every likely file cabinet for existing licenes, then buy the difference. Either way, you still need to do your own audit.
On the other hand, if you're at a school with a strong reputation, lots of prestige, and even more money, and if your president believes there's a moral victory worth fighting (and paying) for, then I have some thoughts that I at least find intriguing:
Of course, my initial point still stands -- do your own audit, cheaply, and simply pay for the difference. And, most importantly, build a good system (centralized database backed up with a fire-safe holding physical license papers for the whole school) to track this stuff, and re-audit every 6 months. Or even more frequently. (client-side tracking software is obviously going to be in your future....)
Good luck!
Re:Legality in doing this? (Score:5, Informative)
I think it is high time these damn EULAs get properly tested in court. I have a feeling they will ultimately fail the legal test. It's absurd that you "have" to read more legalese to install a piece of software than to buy a car (assuming you pay cash). It's also absurd that you can't read the legalese until you've purchased the software, opened the packge, and many times broken a stick on the internal CD sleave that reads "Breaking this sticker indicates your acceptance of the EULA"--which you see once you install the software.
Last I heard, ripping a sticker wasn't quite as legally binding as a signature.
The BSA coming charging in would be a perfect opportunity to test a EULA. Unless they come with cops and a warrant, you can tell them to take a hike even if they have a signed contract (which they don't). Tell them to get a court order. They may do that and they way try to sue you: But they'd sue you for violation of a contract, not copyright infringement. You could then argue that the EULA is invalid. Aside from the issue of whether "clicking accept" forms a contract, the EULA is invalid because no contract (in the United States) is enforceable if it abdicates a recognized right of one of the parties--in this case, unreasonable search and seizure.
You, as an adult can sign a contract that says you will never marry, that anyone can search your home and kill your sister--all three of those clauses will not be enforced by a court because they abdicate recognized rights that CANNOT be taken away by a contract. Otherwise many labor laws that protect workers would be useless since workers would just be forced to sign away their rights. You can't do it. You can't sign away your rights (well, you can, but no court will enforce them).
I think it'd be great if a BSA-initiated conflict resulted in the definitive invalidation of EULAs! :)
The Audi Tool is called GASP (Score:4, Informative)
http://www.bsa.org/usa/freetools/gasp/
Check it out, they have an EULA for GASP... I guess they'll want to see the EULA for each machine they install it on too.
http://www.bsa.org/usa/freetools/gasp/gasp_
Why justify them with a response (Score:3, Informative)
A safer strategy is to pretend you didn't hear them in the first place.
Ever send a registered letter with return receipt, and never get the return receipt? It happens, and it's because the recipient doesn't want to acknowledge the communications.
IANAL, but it seems to me, to haul you into court requires a subpoena or a summons. Those documents require a response. Others could be ignored, as long as you don't intend to do business with the source of the noise.
Re:since you are a lawyer (Score:5, Informative)
It's hard to say what rights the BSA has, since those rights will typically stem from the terms of the license agreements to which the University has agreed. Where enterprise or site licenses apply, they may or may not contain negotiated terms that vary from the off-the-shelf EULAs. If there is not a negotiated "umbrella" agreement, the click-wrap/shrink-wraps will probably govern, and I'd venture to guess that those give the vendors (and the BSA) some audit rights. However, many courts remain skeptical of the enforceability of what are known as "adhesionary" (think "overreaching") terms of a click-wrap EULA. Vendors are aware of this, as is the BSA. This diminishes the BSA's audit rights, and gives the University a foothold to prevent an audit. This is just one example of an approach to defeat this type of threat. There are *always* leverages to be exploited. Good lawyers do their homework and read all the facts and all the license terms and find a way. That's what makes them good lawyers.
Re:You will never escape the BSA ... (Score:2, Informative)
Google search says... (Score:4, Informative)
Apparently that Anonymous Coward is trying to get us to harass the poor fellow. The local number is also David Riddle's home phone #. Mod that sucker down to flamebait. Better yet, someone (u listening CmdrTaco?) should get the BSA on that troll's ass.
BSA Organization (Score:2, Informative)
Not! - B.S. phone number (Score:2, Informative)
This comment [slashdot.org] is the same troll.
Re:Groundless?? (Score:3, Informative)
Knowing that a judge will make you pay for the defense in such a bullying lawsuit, can put a pretty quick stop to this type of unethical behaviour. And if you know you're clearly in the right and will likely win, it's worthwhile to float the legal fees until the buggers lose.
Proof of License... (Score:2, Informative)
Get a good lawyer.
BTW -- we settled with a US$25,000. fine and a promise to certify each year for the next 3 years that we were still "clean."
Re:Unless you're doing something illegal... (Score:1, Informative)
Try running a corporation with over 1000 desktop PCs, with various versions of Windows, Office, Autocad, etc.
Let's distribute these PCs across 20 or so locations, including some tiny offices with no direct technical support.
Let's throw in a few oddball utilities: virus protection, PDA synchronization, media player, each with a lengthy EULA that describes rights to upgrade, transfer to another computer, sell to someone else, use on multiple computers, etc, etc. The EULA's vary from product to product and even version to version, so it's anyone's guess as to what is allowed at any given point in time.
Let's include a few power users in the mix, who occasionally purchase software and get reimbursed via the expense account.
Let's include a few dummy users who download crap from the Internet and "agree" to the installation EULA without letting anyone else know what they "agreed" to.
Now it's time to upgrade some of the PCs. Which of the pre-installed packages can be migrated to the new computers? Can we image the hard drives to facilitate the upgrade? Is a motherboard upgrade the same thing as replacing the whole box? How about a hard disk upgrade? How about a repair that isn't an upgrade at all?
Bear in mind that many corporations have an "under the radar" culture of IT purchases. Unreasonable purchasing restrictions mean you have "renegade" IT departments. In some cases, people who were unable to buy computers managed to buy spare parts and build the computers. The software gets purchased one package at a time to keep the approvals down to what the office secretary can spend on a toner cartridge. I know of at least one case where the renegade computers were part of a renegade network. It ran on Thinwire because all you needed to add the next node was a piece of coax and a T-connector. It may be stupid, but that's reality.
In modern corporate life, you have to assume a certain percentage infringing software, although nobody can tell who has it or how they got it. It's like killing cockroaches: go ahead and kill as many as you like, but it's a numbers game and the insects have the advantage. It's not like the OS or the software does anything to help.
BSA would not have such a thriving audit business if they didn't know they can walk into just about any company and find enough accidental infringement to generate the revenue it takes to feed the BSA audit machine.
Why this is WONDERFUL... for free software. (Score:3, Informative)
Also... in about two months' time, Microsoft's new license terms will kick in - and in spite of their claims, it appears that these new licenses will be much more expensive than the old ones for many.
So, let's combine steep new licensing fees with a quasi-police force that has the power to both presume guilt unless proven innocence (when certain programs are in use) and levy heavy fines. Suddenly you have offered people a powerful incentive to move away from the software products of the BSA's sponsors. Remember when it was dangerous to use free software? Stuff like "who do I sue?" The answer is now clear: if you use proprietary software, the vendors get to sue you . Now it's more dangerous to use proprietary software - if you lose a few licenses, you might have to pay millions.
Simultaneously with the increased risks of using proprietary software, an alternative has become available! Free software is finally becoming mature enough to use seriously at the desktop. Yes, it would have been better if it was ready earlier. But KDE3 is out, GNOME2 is almost out, Open Office is usable and its few burrs will be off soon, Abiword 1.0 is out (without tables, but that shouldn't take that long to add), KOffice is out (with weak MS Office interoperability, but that will be improved quickly I'm sure), Mozilla 1.0 RC1 is out (with 1.0 soon to come out). Evolution is quite impressive (or use Mozilla's email reader). The programs can be used now, they'll have more polish before the end of 2002, and they'll be quite nice by mid-2003. I particularly like the cross-platform applications, because they make it easier for organizations to "phase in" the replacements. Someone using Mozilla and Open Office on Windows will find it much easier to switch to GNU/Linux or FreeBSD.
No, this is NOT enough to replace proprietary systems everywhere; there are many specialized applications that will require Windows, etc. But it will be much easier to show compliance when there are fewer of those machines.
Of course, this could all be a last gasp. Perhaps Microsoft expects everyone to switch from their products soon, and wants to try to extract as much money as possible while their competitors complete their maturing. Perhaps they expect that in mid-2003 organizations will begin switching quickly, and they want to sell (or re-sell) as much as they can before the alternatives are ready. I doubt they expect to really lose the market, but they certainly want to saturate the market to make it harder for anyone else to enter it.
I would say that "site-wide" licenses for Microsoft's products by companies (as they're usually written), and similar licenses effectively preventing Linux pre-installs by PC manufacturers, should be summarily ruled as illegal. These licenses fundamentally discriminate against competitors, because Microsoft gets money even when a customer chooses to use a competitor in a particular circumstance. IBM originally only leased their computers, instead of selling them, as a way of preventing customers from practically switching to a competitor, and that was ruled illegal. The same should be true for any contract that, when widely applied, prevents competition. Without these competition-preventing contracts, Free Software would probably spread much faster. But if customers continue to be treated as the enemy, they may consider alternatives far more seriously.
Re:Contracts (Score:2, Informative)
Be very careful there, indeed...
Re:Innocent until proven guilty (Score:1, Informative)
This is actually almost correct... the 'burden of proof' as they say, is not that the plaintif must show beyond "Reasonable Doubt" as we often see in capital cases.
Actually they still have a type of 'burden of proof', they must prove a "Proponderence of the Evidence" is against the defendant.
This means that even if they can't prove that they have done it in the case, the plaintiff can show that it is plausible that the defendant did it. But, the instructions the jury recieves are based on motions filed with the judge by presiding counsel.
Re:BSA have a history of lunacy. (Score:1, Informative)