Shakedown: How the Business Software Alliance Operates 954
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
Scared of audits? (Score:1, Insightful)
Go open source (Score:4, Insightful)
Some big organization needs to do this in response to a BSA audit request.
Peanalized for personal computers (Score:4, Insightful)
Why should an organization be peanalized for personally owned computers? Yes, IT can set rules and what not but how many users actually follow IT rules?
Note to self, don't bring laptop to work if company is being audited by gestapo...err, BSA.
Requests a Court order. (Score:2, Insightful)
As a CIO myself... (Score:5, Insightful)
You absolutely need your legal counsel involved in this. An IT department is generally unsuited to handle these type of business/legal affairs.
By sucking in the legal folks you turn it from an IT problem to a 'university as a whole' problem.
Do not let them strong arm you into anything. Play hardball. Tell them you are doing an internal review that could take months.
Remember, they will be very reluctant to force the issue into a courtroom. It is very bad PR for them to take an impoverished college to court. A jury would be filled with people who all have 'unlicensed' software on their home PCs.
But in the end, you will have to make a reasonable effort to be in compliance and generally pay for the software you use. That, my friend, will be unavoidable. Unless, you switch IT platforms to a free or close-to-free software environment.
Good luck.
At least they're somewhat fair... (Score:2, Insightful)
Just my $.02
Re:City of Virginia Beach (Score:5, Insightful)
Someone should take a TCO analysis from someone in the BSA (probably MS), add an estimate of audit cost, and then compare to the same company's TCO analysis for Linux/Unix systems.
But seriously... (Score:2, Insightful)
Seriously, why hasn't someone taken up these bozos on racketeering charges or something? And if your answer is that the bozos bought the government and it's too late, don't bother posting... Every story I hear about the BSA, including their own commercials sounds like something out of a gangster movie.
Bleh. More IP doom stories. What a waste of time.
Re:Scared of audits? (Score:3, Insightful)
Re:Legality in doing this? (Score:4, Insightful)
bloody good marketing campaign by the BSA. (Score:3, Insightful)
we did some research here at our company. my CEO and i were discussing it (i'm the CTO), and he told me he had done some leg work on the subject when the BSA first started their "scare tactic" TV/radio campaign.
the BSA is a software reseller. they have NO LEGAL AUTHORITY. they are not the "Software Police". they can't come to you and demand anything. you have to (stupidly, actually) ask them to come and perform an audit. then, when they find non-compliance, they offer to sell the company the licenses at a "special price".
they're vampiric...if you don't invite them in, they have no power.
of course, now that the ball has started rolling, they can probably bring some legal action. i'm not sure what legal recourse the SPA has (for example). subpoenas/warrants/etc, possibly. i imagine that there is a goverment agency to which they can appeal for such. and the BSA only has to pick up the batphone to them to start the ball rolling.
i know that doesn't help now, since they've already gotten a foot in the door. but it may help others.
Re:Scared of audits? (Score:1, Insightful)
Re:Go open source (Score:5, Insightful)
While the idea of a campus that's totally open source is cute, the idea is totally unworkable and not a feasible solution. That is the reason noone will respond this way. People spend money on software because some software is only legally available when you spend money. If I was still in high school, it would be a no-brainer to decide not to go to any school that didn't use any proprietary software.
We'd all like free software. However, with very rare exceptions, the best (or all) software in most domains is closed. Why? Because I can't find enough chemistry people and programmers who will cooperate to make me specialized software of superb quality unless I unload a big pile of cash.
Re:Legality in doing this? (Score:1, Insightful)
1) The U.S. government is currently controlled by decidedly conservative people with big-business connections. These people are not inclined to prosecute the BSA.
2) It costs lots of money and lots of time to sue an organization composed of some of the largest software companies in the world. You will run out of money and die long before you become even a tiny irritation to them.
extortion (Score:5, Insightful)
The BSA uses the same tactics. They allege that if you don't comply, you'll be busted. However, they're not acting on behalf of the government. In fact, with only the evidence of "I got an anonymous tip," they shouldn't be able to get a Judge to sign off on a search warrant. After all, for them to get a search warrent, the cops need to have probable cause. I don't see how a third party, who has an anonymous tip from some other third party is probable (it's heresay). Without a search warrant, there's no phyiscal evidence of criminal conduct.
In short, consult your legal professional. Don't forget that you can sue them, too.
BSA within their rights. (Score:2, Insightful)
The other route to go is to use open/free software without such restrictions. Yet still as a corporation/school, it would be foolish to abandon auditing/inventorying your machines. It makes good business sense. If you can show that you have x computers that were orginally purchased for x dollars and are now worth x dollars, this is valuable information to the accountants who can see this as a company asset. If you chose proprietary software, a good audit will show the amount of money that can reported as total computer assets. If you choose free software, you still see the computers as an asset, however, you can show the cost savings of using free software over proprietary software.
Again whatever software you use, you should respect the licensing that comes with it, whether it be Microsoft's or the GPL.
Ain't anonymous (Score:3, Insightful)
HELLO PEOPLE! (Score:1, Insightful)
THEY CAN'T GET ONE, THEY AREN'T LAW ENFORCEMENT!
Stop treating these loser like they have power, they have no more power than you or I...
Have you signed a bulk-license contract? (Score:5, Insightful)
As far as I know, they have no grounds to force you to do ANYTHING unless you have signed a bulk-license or site-license agreement. Those agreements generally give you access to the software for a lot less money, but in return you give up all protection against 'unreasonable search' -- part of the agreement you sign allows them to inspect your systems to make sure you are in compliance.
If you bought your software through normal distribution channels, chances are very good you can tell them to pike off. As far as I know, a click-wrap license DOES NOT allow a search, because they can't know whether you agreed to the license without searching you first. It's only when you signed another agreement, which they have on file, that they have you over a barrel.
I will add my voice to the many others here telling you to get the lawyers involved. The BSA plays serious hardball. These people survive and can continue to exist only by extracting large sums of cash from your organization, and will use any tactic required.
They are not your friends. They are active enemies and you should treat them as such.
Re:Legality in doing this? (Score:2, Insightful)
Re:Go open source (Score:4, Insightful)
I was mistaken before that they were the total proprietary software dicks. They are really rather limited. Tactically choosing to take business away from some members could erode the funding and credibility of the organization should those members choose to leave.
In fact, I would suggest that users don't wait for the BSA to knock on their door. Instead, they contact companies and tell them how many dollars of business they will now loose. Hopefully, enough people will do this that the lost amount will be less than revenues generated by the assholes.
Re:The BSA isn't all bad (Score:2, Insightful)
First, haggles over license increase the total cost of ownership for commercial software, which makes free (as in speech) software more attractive.
Supporting free software doesn't mean that you need to support the harassment of those that use commercial software. In many cases, they may have no choice but to use commercial software. Perhaps that what the bosses want or no free alternative exists. Sign the praises of free software all you want, but don't cheer for these mafioso tactics.
I used them to shut down a competing software retail store once. The place was selling Microsoft OEM software off the shelf. A call each to the BSA and to Microsofts Piracy line and the place was out of business in 4 months.
And you also like them because they bullied your competition? What about when one of your competitors send the BSA to audit you? Even if you're completely legal, you'll spend a good deal of time and money to prove this.
So your basic reasoning is that this is all a good thing because it's happening to people you don't care about. Who rated this so highly anyway?
Search warrants and subpoenas (Score:3, Insightful)
A lot of posters have mentioned search warrants so far, but unless I am sorely mistaken, neither the BSA nor any other private party can ever be issued a search warrant. A search warrant can only be granted to law enforcement agencies in criminal cases; and I think that if the BSA has anything on you at all, it's a civil suit.
(Police can search without a warrant if they have "probable cause", which is evidence of a certain kind that you have or are going to commit a crime right then and there, say within the next thirty seconds. Again, I don't think this applies here.)
A private party does get the power to subpoena during the discovery phase of a civil suit, and then both parties do have rather broad powers to demand evidence from each other. But for that, they have to sue you first, and there a lot of procedures to go through before you get there.
For certain kinds of civil suits, such as for copyright violations, a plaintiff can request a judge in secret for powers to search the defendant (there's a Latin name for that, but I can't remember it). This is the case when there is a risk that the defendant can destroy evidence before discovery can begin, like destroying the illegally copied material. The Church of $cientology did this once to one of its Internet critics.
I suppose the BSA may have grounds such a request, but it's a pretty outrageous mechanism, the kind of thing only $cientologists would do, and you ought to raise an enormous public stink if they try. God help us all if the BSA is granted that kind of power.
Re:First, (Score:2, Insightful)
Why? The staff's just as capable of saying "screw you" as an IP lawyer would be, and they're a heckuva lot less expensive.
1. All non-miniscule universities have an Office Of General Counsel who is paid to handle these sorts of disputes. So there's no additional cost.
2. Doing your own lawyering is even cheaper than doing your own dentistry, but significantly more painful in the long run.
Re:The BSA isn't all bad (Score:4, Insightful)
Re:Go open source (Score:4, Insightful)
You can do taxes over the web from Linux and other free operating systems just fine. But taxes are a special case anyway (highly legalistic, highly time constrained, of no independent interest to scientists or programmers). Scientific and educational software is about as different as you can get.
True, you can get lots of programs from the open source world, but the more specialized the programs get, the less likely you will find a free alternative.
There are plenty of very specialized programs that you can only get for free. In fact, most research software starts out that way before some company picks it up, makes it closed source, and generally ends up making it much less useful.
These programs normally take a higher expertise level (ie, you need to be a chemistry expert to design a feasible chemistry app), and the open source need just isn't there.
Scientists who develop software as part of publically funded grants, or who want to publish results related to their software, should be required to make the software available for free: it's necessary for experimental reproducibility, and why should the tax payer fund private software companies anyway?
Many scientists appreciate those reasons. And many scientists don't want to become software entrepreneurs anyway and publish their software even if they could commercialize it.
And your average unversity isn't going to spend tens of thousands of dollars in salary to develop a complex app and then give it away for free to their competitors (ie, other universities).
Universities generally don't spend money on developing science-related software; funding agencies do. Universities are trying to get into the act by asserting rights to software they didn't pay for, but we shouldn't let them get away with that. In fact, these days, it's often the universities that try to close source against the wishes of researchers and funding agencies.
Go on the offensive (Score:4, Insightful)
The way to deal with bullies is to go on the offensive. Sue back. Perhaps the most promising avenue in that direction would be to sue the BSA consituents for distributing software they know is insecure, yet laid claims to it being secure. There's a hundred years of rulings on health claims for food and other consumables that show that you're not allowed to claim something is healthful, even if you later state in fine print that it isn't. Those should make some good precedents. Be sure to quote the security specialist from Microsoft who quit recently and publicly sounded off that he couldn't understand why Microsoft still has buffer-overflow vulnerabilities. You might be able to use the precedent from some of the automotive cases in which manufacturers were proved to have released faulty products. If it can be shown that Microsoft knowingly releases a faulty product, you could turn the tables. Another point to bring up could be that Windows allows pretty much anybody with a floppy disk to install software. To me, that's faulty. Drum it into the head of everyone who will listen that insecure software opened you to unauthorized software installations.
Next, claim that the insecure software violates the DMCA by assisting in the distribution of copyrighted material... I'm sure you can find one installation of Back Orifice on your campus to back up your claim. Sound ridiculous? It's not as ridiculous as having to submit to warrantless search.
Be sure not to go on the offensive against law enforcement... on the contrary, get law enforcement angry at the BSA for wasting their time hurting the sweet little local colleges. Make sure everyone is clear that the agents could have been out fighting drug dealers. That sort of tactic worked for the tobacco lobby who convinced the California legislature that it was a waste of taxpayer money to run anti-smoking ads when the money could be put towards birth-defect research. There's always something more worthy out there.
Lobby your congresspeople. If applicable, mention that the people who would profit from the search are from out of state. Remember, pork runs congress, and it's not pork if it gets diverted out of your congressperson's district. You may win this through lobbying.
They're not being nice to you, don't be nice to them.
Re:You will never escape the BSA ... (Score:2, Insightful)
Re:Go open source (Score:4, Insightful)
Wow, I *am* sensitive about this! =-)
-Paul Komarek
Re:Go open source (Score:2, Insightful)
Oh, and paying $10K per seat for chemistry software is not unloading a big pile of cash?
Just how many licences do they have? Ten seats at $10K/seat is $100K, which is enough to two professional programmers full-time, or ten graduate students part-time, for a WHOLE YEAR to develop a free (hopefully GPL'd) alternative.
counterthreats (Score:5, Insightful)
Try this: Tell them you will go on a mad OSS campaign if they don't go away. Show them a proposal to spend X amount of money on OSS advertising and promotion around the campus and elsewhere.
Show them a draft of an article about BSA thuggery and why it is now time for OSS that you plan to publish.
When they send in a representative, have a bunch of Penguins, OSS posters, and Red Hat boxes around your office. Give them a free Penguin T-shirt on their way out.
Re:Beware (Score:3, Insightful)
...
> Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
If you're remotely close to satisfying (a) and (b), find a lawyer who can say the word "racketeering."
Treble damages.
RICO... speaking of... (Score:2, Insightful)
Duh, sorry, our mistake... (Score:3, Insightful)
Tell them the guy who invited them in wasn't authorized to do so. They'll just have to resubmit their request. "Please send it in triplicate and don't forget to include return postage. Also, please include a detailed description of what this so-called 'explanation' involves, and while you're at it, a description of previously achieved benefits of this kind of 'explanation' would be appreciated. We can't waste our time watching another silly dog and pony show."
Briefly, you need to take back control of your gameboard and, for god's sake, man, stop acting like a kid who has been caught with his hand in the cookie jar. They're trying to sucker you. They seem to think that you're a bunch of ivory tower intellectuals (possibly true) who don't have enough real world experience to realize it. From what I can tell from the incomplete description of the original mailing, it was deceptive at least and a bold-faced lie at most. These characters know this. They are banking on what all school-yard bullies bank on--you don't have the balls to call them. Beyond this, do not talk to them. They do not have your interests nor the interests of any other educational institution at heart. They are a bunch of greedy bastards with the morals of a mafia don. Treat them as such.
If they want to make jackasses of themselves, let them sue a public educational institution. These are the same guys who give away free computers to school kids to make themselves look good. Maybe they *are* that stupid. I doubt it.
Re:WHy not just be legal? (Score:2, Insightful)
Re:Go open source (Score:3, Insightful)
a university has an obligation to train people to use commercial software
Unless the student takes a class to specifically learn to use a particular piece of software the school is under absolutely no obligation to train them on commercial software, and in fact I would argue that the school is doing the student a disservice if the do so.
For example; when I take a class in C++ I expect to be taught the C++ language, and the skills I learn in that class should be portable to whatever environment I then choose to use. If I'm forced to use only MS VisualC++ when I would prefer to use Borland Builder or vi/gcc my education is being limited. I'm not suggesting that the school should be forced to provide me with alternatives, merely that I shouldn't be restricted from using them if I so desire.
It comes down to this; the business of the University is education, the teaching of concepts which can be applied within the given field regardless of the tools available. Training on a particular tool is process-oriented job training, best left to trade schools or employers.
Now, obviously, there are situations where this doesn't apply. If I'm taking a class in Visual Basic I'm going to use MS Visual Basic because it's the only game in town. I imagine that's likely the case with some highly specialized scientific software as well. However, I would still argue that the university has no obligation to train the student on that particular software, but rather the obligation is to teach the student what they need to know in order to understand and interpret what that software does. I was never trained in using Mathematica, but I was taught enough algebra and calculus that I figured out how to use it, and how to interpret the results it gave me, without too much difficulty.
Anyway, I don't want this to seem like a flame. Other than that one point I wholeheartedly agree with you and find the examples you give encouraging.
On the CAD front, rumor has it (rumors are treason. Trust the Computer) that Pro-Engineer runs on Linux. I haven't verified that, though. I suspect AutoCAD might also as they used to have a Unix version, though I'm not sure if they still do. If you're just doing 2D CAD I hear QCAD is a viable alternative.
All the graphics folks I know swear by Photoshop of course (except one, who prefers Corel for some reason), but I suspect it's largely because that's what they were taught. I admit that I am not a graphics guy, but the GIMP seems perfectly capable to me.
Re:Fire that guy! (Score:4, Insightful)
No you cretin, it has more to do with the fact that the nazi comparison is
so
utterly
treadworn
That it has no coinage any more. Every god damned thing you don't agree with, well just shout "Nazi". The quips about other folks who got massacred had more to do with the idea that yes Virginia, there really are people who get systematically killed in this world who don't give two shits about software licensing.
Get some perspective. Jesus.
Re:counterthreats (Score:5, Insightful)
Re:Not BSA necessarily, but like it.. (Score:2, Insightful)
It all works out to the same thing though. As anyone can attest that's worked for the state, or a state-funded school, that translates to "never enough money to do anything correctly"
There probably was an oppurtunity to fight back there, but the bottom line was the bottom dollar. When it comes down to it, the governance committee (or exec. board if you prefer) always goes for the lowest risk with the smallest check. This holds true in any mid-size to mega-corp business. Ideology rarely figures into it.
Re:well within their rights (Score:3, Insightful)
You're a university. You have 30,000 undergrad students, faculty, staff, grad students, post-docs, etc., etc., etc.. There is, on average, one PC for every three people (just to pull a number out of a hat--it's probably more) on campus, and most of the individuals with their own machines (or even without!) have the ability to install software locally.
Are you going to guarantee me that every single copy of every single commercial software package on every one of those 10-15 THOUSAND computers is properly licensed? If a machine with Office95 has a hard drive blow up, are you sure that Office98 didn't get installed? Are you willing to gamble a few hundred thousand dollars on it, and incur an invasive three-month search to win that gamble?
While proper licensing for software is unquestionably a legal (and moral) necessity, it doesn't excuse the BSA's behaviour. They're thugs, plain and simple.
Re:At least they're somewhat fair... (Score:1, Insightful)
Guess What? You're Screwed! (Score:3, Insightful)
All the frightened whining and speculation aside, it comes down to this; if you don't do what they demand, they'll sue you, and you can't afford the kind of sueing they can dish out. Not by a long shot. Don't be too comforted by any supposed "relucance" on the part of the BSA to test their authority in court. That authority has already been tested quite adequately by others. Not that your college administrators (one of the more notoriously spineless subspecies of human beings) would even consider standing up to them.
No, my friend, what you have here is an example of the real cost of commercial software. It's part of why Richard Stallman is so incoherenly pissed off all the time. [gnu.org] When you chose to use Windows instead of Linux, and Word instead of Emacs, you chose wrong. And this is just one of the many, many very good reasons why.
-David
Re:EULAs (Score:1, Insightful)
There's no requirement to allow people to even look at your machine, never mind what may or may not be on it. And wouldn't auditing software, by decoding bytes that sit on your hard drive, be illegal under the DMCA? (Finally, a use for the damn thing).
Re:Legality in doing this? (Score:1, Insightful)
Re:EULAs (Score:1, Insightful)
But Microsoft, Sun, Apple, Sybase, IBM and all the rest have no way of demonstrating to the police that I actually hold any of their properties within my residence. They must first demonstrate reasonable evidence that I have their stuff in an illegal format before they can obtain a search warrant. And that search warrant must specifically (unless they are the US Treasury Department) list exactly what they are searching for.
Just as a landlord can't randomly pick a house and say, I think that's one of my properties, officer, go evict the residents, Microsoft can't randomly pick a person and say "He looks like a Windows user, go search his residence."