Shakedown: How the Business Software Alliance Operates 954
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
Legality in doing this? (Score:4, Interesting)
Click [NEXT] to accept (Score:1, Interesting)
Beware (Score:5, Interesting)
If you are reasonably sure that your licensing is OK, then you could probably stave them off. It would be a unique Uni that licenses all of the software being used though, based on my experiences.
Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
Re:Legality in doing this? (Score:5, Interesting)
If you aren't breaking any licencing agreements, it just costs money to fight... But much like speeding - No large organization is perfect and someone, somewhere, will have some software that the licensing documentation isn't perfect on... The BSA is willing to bet for that (So you have to pay their legal bills, discovery, etc) are you willing to bet against it ???
radio campaign (Score:2, Interesting)
Fire that guy! (Score:3, Interesting)
If the Gestappo comes by asking if you've seen any Jews, do you ask them to explain what Naziism is all about?
Until this IP law is overturned, cower and hide if you're not williong to put your ass on the line to do something about it. In this case, your guy put his ass on the line, it's only natural that he takes what's coming to him. Consider it a form of back-assward martyrdom.
My two peeves here: (Score:5, Interesting)
I'll hit the second one first. If the personally-owned computers are on the network, they're close, maybe, to being able to audit those. Maybe. But that's really grey. I know I, for one, wouldn't let them on, and if they came into my office and said "let me look on that machine," I'd simply disconnect it and say "no."
For the first one, though, I have a much bigger problem. Can anyone cite any other [industry / realm / product space] where one is required to retain all receipts in order to prove ownership? I don't need a receipt to show that I own the shirt I'm wearing. If someone wants to accuse me of stealing it, show some evidence. I don't need a receipt to verify that I own the couch in my living room -- if someone thinks I stole it from my neighbor, fine, prove it. So, why on earth do I need a receipt for software?
I can understand the technical complications that are entailed here -- like when you've got 1 CD for 100 machines. But the legal issues are what I'm more curious about. In no other situation am I, essentially, guilty until proven innocent.
Does anyone know if anyone's fought the software industry on those terms? You can't prove I stole it, so go away. Seems like it should work, but then again, maybe I'm being idealistic.
(Okay, I thought of two examples -- cars and real estate. But those are tracked for me by the government, and if I lose a copy of my title they can send me a new one, for a modest fee.)
Re:Beware (Score:3, Interesting)
If I word for an orginization (University, corporation) I am NOT going to allow some orginization to TOUCH my PERSONAL computer!!!
I don't copy software from my work but it is NONE OF THE BSA'S BUSINESS what I have on my computer (I don't pirate software either).
I think the BSA's demand to see the faculties computers is OUTRAGOUS!!!
single vendor? (Score:1, Interesting)
Do your users install applications themselves (do they have the ability to?) if not, note that as well
As i understand it, the BSA is primarilly concerned with mass piracy either A. a company using multiple copies of say win2k server or windows 2000 professional... and/or B. people installing lots of applications themselves.
just my 2 cents haveing delt with a forced audit from M$ in the past...
if you are sure you are not using lots of pirated software, ie. you buy windows with every computer and you don't let users install software (policies help alot here, in fending of responsibility) then you'll be fine... just give them the info you have...
I do not believe you have to comply with software based auditing software, specifically state that you manage licensing on the purchasing, policy, and physical software installation prevention end NOT at the client... you can probably find millions of documented analysists that would show that such software would prohibitavly increase TCO out of sight...
Re:BSA's feedback phone number (Score:2, Interesting)
They may not have the right to come in, but.... (Score:2, Interesting)
Oh, and so far as them requiring audit software on your computer... NO WAY can they do this! They would have to take you to court, sue you and win with some of the terms being software licensing monitoring.
They tried to force the company my mom worked at to do this. She called me, and we went ahead and just removed MS office from every machine and installed StarOffice.
Followed by a nice letter to the BSA and MS saying that they are going to go open source now b/c of the BS of the BSA
They have no leverage!!! (Score:1, Interesting)
It stems from an EULA which is probably illegal.
They have to show in court that the EULA is legal and that they can invade.
The stories are just marketting to scare you.
Tell them to go fuck themselves and when they try the legal process you go after the EULA they use and have it invalidated. That will piss them off no end, but it will teach them.
Yet another reason to use Open Source Software (Score:3, Interesting)
As far as whether or not they can do this, if anyone (person or organization) who wants to audit you like this is not an official department of a Government Law Enforcement Agency, whether it's federal, state, or city, then tell them to fuck off. Otherwise, you are guaranteed due process and they will need to obtain a search warrant.
Privately owned PC's would be a separate search warrant - as they are not owned by the University they the University is not liable for it's contents.
Too bad the powers that be at the University won't do this. But what they should do is just install the Open Source, Free OS of their choice and tell the BSA jackals to burn in hell.
And to any member of the BSA who might be reading this: I run Red Hat Linux 7.1 at home. Go away. Kapisch?
Re:single vendor? (Score:4, Interesting)
Whoa! Isn't that like submitting to being searched by John Doe at the side of the road just because you're certain you have nothing to hide from him? Please, please, please heed every else's advice here and stock up on some copyright/software/IT lawyers. Repeat after me, "the BSA is a private interest group", "the BSA is not an elected or state-imposed authority", etc...
Re:Legality in doing this? (Score:5, Interesting)
In practice, if such laws were enforced, the amount of work for lawyers and judges to do would drop drastically, and the money earned by lawyers would also go down.
Laywers (including prosecuting attorneys) and judges decide whether or not barratry cases will be allowed. Do you spot a small conflict of interest? How do you think it will be resolved?
sPh
BSA: All Bark and No Bite BSA: All Bark and No Bit (Score:4, Interesting)
Despite the radio and television commercials suggesting that he'd get fined up the ying yang, nothing happened. I have since concluded that the BSA is all bark and no bite. Here is my story [osopinion.com].
File your own complaints... (Score:1, Interesting)
Fight fire with fire. Its just as trivial for the BSA to accuse you of copyright violations as it is for you to accuse the BSA of employing felons. Get as much information as you can on the employees of the BSA and pass them on to your local law enforcement agency. It should be job #1 for your administration to protect the health and welfare of their students. Having non-investigated members of a third party organization on campus seems irresponsible. Even if they are not felons, they may hold memberships in violent hate groups or organizations that discriminate against others based on their sexuality, race, gender or disability. Your school could lose federal funding by having a business relationship with a company that promotes discrimination through the practice of hiring bigots. But you will never know unless you audit the auditors.
Sorry, I posted this under anon. Just don't feel like F-in' with the BSA this month. I have real work to do. Bless you open source.
Not BSA necessarily, but like it.. (Score:5, Interesting)
Now, we were mostly in compliance as far as we knew due to our large per-seat volume licensing through dynamic pooling, but we were pretty sure that we'd come up short in the end. Given that we weren't running any auditing software on the PCs it was difficult to impossible to know what was on every machine. So we called Microsoft and told them we needed time. They agreed to grant us two months, but then went on to specify exactly what software we were to use to perform the audting. We replied that we were going to choose our own that was less expensive, but were told that we must use this particular software, because they knew it to be honest and compatible with Access. (Like that should make a shit bit of difference) In the end we just bent over and took it rather than deal with the auditors showing up, and purchased this lame auditing software. It had to be deployed manually from machine to machine. Almost 2000 computers later, we had our audit. We wound up ponying up some pretty serious bucks for our machines. It slaughtered our entire budget for the next three quarters.
Point is: Microsoft probably didn't have the right to just announce that they were coming, but we knew that, as a public institution, we couldn't afford the battle to fight.
No one ever totaled up how much money we lost on that piece-of-shit software and in man-hours for manual deployment, but if you add it to the big fat check we wrote in the end to keep Microsoft off our campus, it was a hell of a lot of wasted grant money intended for student use.
You can pontificate for days on replacing Windows with *nix, or killing Office for StarOffice. God knows I went to the shared governance committee more than once trying to get them to see the light. In the end, however, everyone winds up signing a fat-check.
Cynical perhaps, but a truism all the same
Re:I wonder... (Score:1, Interesting)
Re:The BSA isn't all bad (Score:4, Interesting)
If that's the case and I am correct in my understanding (Being right up front I might very well be mistaken) then wouldn't his competitor in all likelyhood be selling OEM copies of this software far cheaper than he could sell retail versions? Following then what's the real problem with busting someone who is undercutting you by doing something outside the lines?
Personally I think the guy creatively used the system to smack down an unethical competitor to his own advantage assuming all of this was true of course. The other guy was trying to work the angle and got caught. Tough shit.
I just can't find anything wrong with that.
Re:Go open source (Score:5, Interesting)
Most of the major Chemistry commercial software out there is available to run under Linux. Sure, it ain't free. But it doesn't imply you have to run Windows to use it.
*Gaussian runs under Linux (although they are pretty draconian about licensing in their own rights).
*QChem runs under Linux (hell, Martin Head-Gordon's research group only has one Windows box, and they only use it for the occasional PowerPoint presentation).
*CHARMM runs under Linux.
Furthermore most of the major commercial chemistry packages don't contract out with the BSA. Most of the people I know in theoretical chemistry don't run Windows. Why? Because if your jobs take months to run, you sure as hell don't want an uptime that is order days. Sure, you can't go totally open source (yet). But you can evade the juggernaut.
And for reference purposes, the next generation of theoretical chemists is pretty geek-happy. Give us another twenty years, and I'm sure you'll start seeing GPLed versions of molecular modeling programs. Hey, I'd consider doing it. The point of all this is that you *can* do things in stages. You can run whatever commercial software you want, scientifically, under Linux. And it's only going to get better. Why? Well, I know people who have license credits on Gaussian/QChem. And you know where they get their thrills? It sure ain't from the royalty check. It's from the fact that *everyone* who uses their software cites them in their articles. Citations are power in the academic world. Money is nothing.
Re:Legality in doing this? (Score:3, Interesting)
We were audited (Community College) (Score:5, Interesting)
The deal was, "cooperate or face draconian penalties", with a tie-in to a vendor selling auditing software. We install the auditing app, use it in demo mode or something to comply with the auditing demand, and then possibly purchase the auditing software to use from then on. It wasn't clear whether any settlement would be based on an agreement to purchase the app.
My first reaction was, "Not on my net!" We had auditing software already, which put us in a great position. They didn't provide an online list of executables to search for, so we collected info on every executable we had. They had a list of something like 20,000 apps, much of it from the tiniest, least significant software vendors around. If we were playing hardball, we could have submitted an undigested count - something like 70,000 unique executables on just under 1000 machines. "Here's everything we have - let us know if there's a problem." But instead we played nice. We sent them a report on audited and identified applications, a report on identified
It was full and cooperative disclosure, without installing an alien app we had no control over. I think cooperating was important- I don't think we had escalation dominance in this situation. They could push it farther than we could, to a place we didn't want to go.
My recommendation? For those not in the situation already, pretend you are! Then if you are audited, you send them the report you've already done if you are chicken, or tell them to fuck off *knowing* you are in compliance. If you don't do the audit, you don't *know*, and you may find that someone slipped up and included an app that went out to too many machines. It wouldn't take many rogue installs to give them the ability to hose you.
Incidentally, they apparently can get marshalls to show up with them. Marshalls probably can't crack passwords though. And the BSA can't fire you, but they can include your firing as part of a settlement agreed to by the people who can fire you.
since you are a lawyer (Score:4, Interesting)
since you are a lawyer, could you answer the questions raised in the story?
I understand you normally get paid for advice so you don't have to go into details. But some general information from someone with your expertise could be enlightening.
Re:EULAs (Score:5, Interesting)
If it's a legally valid contract, then the manufacturer will already have a copy of the license and already possess proof of your assent. It seems to me that if they even have to ask to see the license, then it can't be contract.
p.s. Can you be in breach of contract for not agreeing to the contract?
What about good software? (Score:2, Interesting)
I'm sure there are a lot of other closed-source software packages out there that are hands down superior to open source options. Probably for the reason that they require far more manpower and organization to produce than any open source network has yet to accomplish.
this article was bait (Score:3, Interesting)
Of course, in reality this is about privacy, but most people don't realize that.
Anti-BSA strategy (Score:1, Interesting)
Now that Linux is becoming competitive on the desktop, my staff is actively trying to roll out a non-M$ PC configuration, to be deployed wherever our people can get the job done with nothing but open source. For those cases we can't go totally open-source, we are evaluating Crossover Office project, which allows us to simply pull the plug on Win2K and keep the apps we need.
We use auditing software on our PCs and try to do a good job of license management. I say "try" because it is nearly impossible to make it work in a decentralized/mobile environment.
If BSA wants to do an audit, I would say something like: "Come on in, do the audit. However, be advised that we will phasing-out of all BSA products. At the end of the audit, we'll ask you how few licenses we need going forward, since it will be far less than what we now have. We would like to invite CNN to film us as we put the extra licenses into the dumpster. Please send someone who will be able to talk to the local media about the dire consequences of license non-compliance."
No business in law enforcement. (Score:4, Interesting)
But the BSA is not law enforcement. It bugs the heck out of me that they can do what they do. If they sent us a letter, the first thing I'd do is write up a proposal with an estimate of hours billing rate for them to sign before we would do business with them, another private business.
Granted, we are not a big company, they would probably ignore my proposal, and we don't have the money or the resources to fight them in court, so chances are I'd end up having to comply. But it really chaps my hide that a private orginization, with no real authority, can go around enforcing the law.
What somebody really should do is start an orginzation called 'Citizens for a drug free workplace', contact the BSA, and say that there is quite a bit of suspicion that BSA executives are in possession of, and regular uses of crack. You have one month to get off the crack, because then we're going into your offices, disrupting your business, and piss testing every one of your employees. While we have no legal right to do this, we're going to do it anyways or you're going down.
Solution (Score:3, Interesting)
(2) Archive all raw data.
(3) Wipe all of your machines -- that is, write over all data with zero's. To be safe, wipe the hard-drives a few times.
(4) Install GNU/Linux or *BSD on all of your systems, using all Office/spreadsheet/etc equivalents.
Groundless?? (Score:5, Interesting)
Let's say on your entire campus, one license is not valid. If the BSA comes knocking at your door, you face a relatively minor penalty for that license, but then you have to pay for your legal counsel, their legal counsel, damages, the auditors, etc. The BSA knows this, and they use it to their advantage.
Now, keep in mind here that they are suggesting a product is not legally licensed if you don't have the paperwork to proove it. Therefor, if you aren't totally pristine in keeping track of the licenses for all your software that is, in fact, 100% legitimate, you can still get screwed by the BSA. Although I do wonder how well that would stand up in court, that is, unless the BSA can proove those copies are pirated, is simply not being able to proove them legitimate enough to get you into hotwater. I'm sure their license provisions make certain statements about this, but I don't know if they would stand up in court.
What it boils down to is that the BSA takes advatange of our legal system to extort businesses and it's about time that something was done to put an end to this. For example, I would propose that any organization that licenses software for more than say 50 computers, they should have certain protections from this sort of action. I would suggest the following protections:
1) Provide protection for good faith effort. If your company makes a good faith effort to license your software (at least say 80% of the value of the software is legitimately licensed), then all you can be held accountable for is the cost of licenses at retail price. No damages, no attorneys fees, no auditing fees. It would still cost you the attorneys fees to fend it off, but at least the expense would be clear and reasonable. If you have more than 90% compliance, then your legal fees would be covered by the suing party (though you'd still have to pay for the licenses). Thus, there's a strong disincentive to go after an organization that's not blatantly violating the law.
2) Receipts or other proof of software purchase should be considered valid proof of legal license. If you buy a thousand copies of a piece of software, you shouldn't have to keep track of a thousand pieces of paper. It would be impossible to proove that a piece of software is pirated, so it makes sense for the purchaser to be required to demonstrate ownership in court, but the burden of what needs to be proven should be much more reasonable.
I believe in Canada this is not legal (Score:2, Interesting)
The lawyers came back and said no, companies have no Common Law Right to enter property and demand inspection. They could however, request the number of computers in use with Microsoft software and examnine the licenses for these computers.
The important difference was that Microsoft cannot enter private property and inspect the computers and software of that company. This is apparently a very specific legal right in Canada, party from our Common Law and partly from court decisions regarding our Charter of Rights.
Re:Legality in doing this? (Score:2, Interesting)
This step gives them cause to act on behalf of their clients (microsoft, macromedia, adobe, symantec, etc).
The Internet is a community right? (Score:3, Interesting)
Re:EULAs (Score:5, Interesting)
Ask the IP holder to produce the EULA that you specifically agreed to. Request proof that it was you/your institution that accepted the EULA, and not the OEM, shipper, independant IT person who installed the software, etc..
Not only can they not prove who exactly accepted the EULA, they can't even prove the EULA was presented in the first place.
"No your honour. Nothing that said click to proceed came up on my screen. Could be a bug in this copy of their software I guess, I dunno, I didn't make it."
Re:Legality in doing this? (Score:5, Interesting)
General points to ponder...
I just walked through the entire process of buying WinXP from shop.microsoft.com and NO WHERE was I given a chance, a link, or even a hint of an EULA that I would be binding too when I open the software. How could they not include this license in the buying process? There is no excuse for not making this a part of the purchasing process.
Microsoft statements about "piracy" and license agreements [microsoft.com]
What is the minimum amount of documentation I should keep to prove my software products are legally licensed?
All legally licensed Microsoft products should contain an End-User License Agreement (EULA), which is your primary proof that you own a legally acquired product. However, it is also recommended that you keep the original user's manual (or at least the cover and first page of the manual), the product disks, the Certificate of Authenticity, and your purchase receipt.
This EULA they speak of, is this a hardcopy of some sort? That seems to be all that they require. What is with the should and recommended? Sounds shaky to me.
Don't REMOVE offending software (Score:1, Interesting)
licensed/unlicensed software from a computer
when you're threatened with an audit.
They'll treat this as a violation.
I know I had to prove that a version
of Office had been removed 7 months
prior to the audit notice and wasn't
an attempt to foil the audit.
We STILL GOT PENALIZED!!!!
Alternatives... (Score:2, Interesting)
Software audits are becoming more and more common. The BSA announces targeted cities and conducts audits of businesses of differing sizes and industries. One of the ways to avoid a BSA investigation (audit) is to take a pro-active approach to software management practices.
Auditing all of your software and reviewing all of your licenses is the only way to ensure compliance with BSA standards.
The unfortunate truth of this is that it requires a very attentive IS department and/or an outside audit. This is what it sounds like the university in question is in need of (both, not either/or).
To date $68 million has been collected from companies (mostly through settlement) that failed to comply with BSA standards. As the problem of software piracy continues to grow the BSA will increasingly take a zero tolerance approach to this issue.
We know of no other firm that offers complete software management services on a cost-effective basis as well as the protection of Attorney-Client priveledge.
Basic Business Law (Score:2, Interesting)
Re:Legality in doing this? (Score:1, Interesting)
One case in particular stands out. One woman had an AT&T Broadband engineer show up at her house at 11pm WITH A UNIFORMED POLICE OFFICER, who told her that she was stealing cable and that they were there to disconnect it. She promptly went and found the bill and cancelled check for the past month and showed them to the officer and technician, who basically shrugged and disconnected her cable. The next day, she called AT&TBB to complain. AT&T said, "Oh gosh, we're sorry, you're right. We'll be out there in a day or two to hook you back up." Within 48 hours, two more police officers showed up at her door with a warrant for her arrest and took her into custody.
Now, the judge threw her case out within 24 hours, and demanded apologies from AT&TBB. Especially since hers wasn't the only case. I believe there were a total of 11 people who were arrested (everything from one lady who had called to have her cable disconnected since the former tenants hadn't, to another person who didn't have cable at all), several of which lost their jobs and who were turned down for new jobs because there was a felony arrest (even though there was no conviction) on their records. I believe they were suing for $25 million or something.
AT&T BB got a huge black eye over the issue, and even the police were rightfully embarrassed for going along with it. Apparently, AT&T was just calling and saying, "We have to go disconnect/arrest somebody, go do it," and the police were doing so with no immediate evidence.
I haven't seen a continuation of the anti-cable theft campaign since that point, because they got caught using random strongarm tactics, and other crazy stuff. (One person even reported the engineer came with a marketing rep who gave a, "Now that you've seen what cable offers you, why don't you sign up with us for $X/month?" pitch while they were disconnecting service)
That's what needs to happen to the BSA, unfortunately. They'll gleefully bluster at everyone who rolls over until they get caught with their pants down and courts/authorities/etc realize how full of crap they are. Only problem is, they're attacking on a far greater range of nebulous things, rather than "Your cable is hooked up".
Re:from that link (Score:2, Interesting)
For example, if I break into your house and steal your stereo you no longer have a stereo. If I steal your wallet, your money is gone. If I copy Microsoft Office, Microsoft "loses" a licensing fee that they might or might not have received in the first place. If you ask 20 people if it's wrong to steal a boxed copy of Office from CompUSA it's quite likely that 19 or 20 of those people will say yes. If you ask 20 people if it's wrong to copy Office from their friend who bought it at CompUSA, I'd be willing to bet 15 to 20 of them will say "no" or "kind of, but it's too expensive to buy."
While I agree it's wrong, I don't really place it in the same category as stealing. I think that software companies will continue to have a hard time being taken seriously on this concept until they come up with a less dramatic and more accurate term. It is not "stealing" or "piracy" it's "unauthorized use" - which is still wrong, but doesn't have the dramatic effect that the BSA would like to promote. They want us to believe that anyone who has ever copied software is the moral equivalent of pickpocket, and I don't think they're going to have much success there.
Also, think about this - people will never feel guilty about ripping off Microsoft or Adobe when they perceive such contempt from these companies for their patronage. When Microsoft, Adobe or other software companies treat their customers like customers instead of potential thieves and "consumers" to have punative and restrictive licensing schemes forced down their throats, they might find people less likely to violate their licensing and be willing to pay for the software. When they charge reasonable prices for software, then people will be likely to just pay it. $400 or whatever for M$ Office is not a reasonable fee. $600 for Adobe Illustrator is not a reasonable fee. Not for the average person. You buy three "professional" packages for your computer and you've already paid more for software than you paid for the computer it runs on - and asking for people to pay more money for an intangible thing than for the tangible thing they run it on is never going to fly.
criminal vs civil (Score:2, Interesting)
Chump Change? No wonder the BSA ignored you. (Score:5, Interesting)
I work as a Sr. UNIX Administrator for a very large (Fortune 100) company that shall remain nameless for all the obvious reasons. I plan to leave soon, just as quickly as I settle upon a new opportunity in this less-than optimal job market.
Microsoft is currently auditing us. Granted, that is not what Microsoft or we are calling it; rather, Microsoft is "helping us to determine our licensing needs" but that is just a sugary title for what is really going on.
What is really going on is this: this company has long made an unofficial policy of pirating software. Factual, verified (by me) examples include:
* A single MSDN subscription CD of Office 2000 being installed on virtually every PC in a particular department (over one hundred machines)
* Remote sites throughout the United States being sent CD-R copies of software such as Microsoft Project and being told that it is OK to deploy it on all their PCs
* Numerous Windows Terminal Servers being setup for use by Sun workstation clients, each running Office, Project, and Visio - with at best only a handful (read: less than five) of licenses apiece, with no CALs at all - and definitely not enough licenses to cover the 300+ workstations that use them
* Mass upgrades of PCs from Windows 9x to Windows 2000, with nary a license in sight
* Another department, supposedly responsible for license compliance documentation, cannot now seem to lay their hands on any more than a third of the licenses that supposedly exist - thus leading to a deficit of more than 2,000 unlicensed copies of Office, Project, Visio, and Acrobat.
In my department alone, which is one of the smaller ones at this company, I estimated that we are looking at an easy $400,000 to "true up." Nevertheless, the departments are busy engaged in a finger-pointing battle, each blaming responsibility for license compliance on someone else. Upper management has completely ignored the issue, and as the deadline of July 31 draws ever closer, it is becoming rapidly apparent that this debacle may prove of truly colossal proportions.
BSA Authority (Score:2, Interesting)
If I am a business owner, why am I obligated to submit to such nonsense?
Fight Back (Score:3, Interesting)
Re:Contracts (Score:3, Interesting)
If you own a gun and you're not 100% sure if I'm right or wrong, I'd advise you to look in the Yellow Pages under "Gun Safety" or "Firearms Instruction". They should be able to fill you in on such concepts as the Castle Doctrine and Disparity of Force. The book "In the Gravest Extreme" is also a good idea for a read.
Off-topic? Yeah, but I'm at the karma cap anyway. If burning three worthless points keeps one of you clowns from being victimized twice (intruder & system) then they're well spent.
Chris Beckenbach
Destroy the Evidence? (Score:3, Interesting)
Utilities for wiping the contents of PCs matching and exceeding requirements for security in the Department of Defense are freely availible, so I'm thinking, why not just delete your habeas corpus such that no investigators will ever be the wiser?
Of course, destroying evidence might also be a crime, but you could always destroy whatever evidence might have proved that you destroyed evidence.
And so infiniditum...
Windows=>Linux Migration. Windows Free 2003. (Score:3, Interesting)
But if you're a small to mid-sized company, take a long hard look. You can do a quick roll-out, but not to stick it to the SBA. Do it for the RIGHT reasons.
A transition isn't quite as traumatic as it might seem on the face. When we needed to add an additional workstation (KVM switched) to each CSR's desk the rollout was done for about $250 apiece - most of which was for the KVM switch and cables. Each box was only $100, an old refurb. The experiment was nice, but I expected a slew of support calls. Lo and behold, there are a lot fewer!
Oh, there were issues. A little bugginess in KDE 2.2.2, a printer problem here and there. When inquiring about stability (reboot frequency), people bitch about Windows. I asked about Linux and smiled at the replies:
"Oh, I like it. It doesn't crash."
"I've never rebooted it. Am I supposed to?" (3 months+ uptime)
"Huh? Go away, I hate you."
Now I have people asking for Linux. Is this or that available, yadda yadda. It's growing here, and I'll happily replace a 1GHz Pentium III w/256MB RAM running Windows with an old 233MHz Pentium MMX w/64MB RAM running Linux. The 1GHz box becomes a Linux server, the license goes into a filing cabinet, and everyone's happy.
Do a complete IT assessment, soup to nuts. Take a long, hard look at your licensing and TCC (total cost of compliance). Are there tenable replacements for the software you're currently using? Can you improve performance AND save money with a migration to Linux (or BSD or whatever)? If so, where? Servers or workstations or both? Timetable.
I believe that I can get rid of every single Windows box in my company. I've got 2/3 of mission-critical applications running on Linux. One more and it's on like Donkey Kong.
Copyright Awareness Week (Score:4, Interesting)
Previous Ask /. (Score:3, Interesting)
How the cable company catches tappers (Score:4, Interesting)
Yes - but the cable company does not drive around the neighborhood with some kind of scanner. They use an instrument called a Time-Domain Reflectrometer to do a thing called, not suprisingly, Time-Domain Reflectrometry.
How it works is somewhat like this - the TDR instrument must be connected to the cable line feed end. The instrument launches an electrical pulse over the cable then listens for 'echoes' - kind of like a radar. If it hits a tap in the line, hits a load, or hits an open (unconnected) cable, an echo is produced which is detected by the unit. They can measure the echos and see how many feet down the line is the tap.
"Do they actually do this?" Yes again, but it is not as easy as they would like you to believe.
Theoretically, this instrument can detect almost anything that is attached to the cable. In practice, it is a lot harder to catch tappers since the technician doing TDR on the line must distinguish between what is supposed to be on the lines and what is not. He almost has to 'map' the reflections and then come back later and see if the TDR 'profile' has changed to detect a tapper.
TDR is blocked by the line amplifiers they use to boost the signal on the cable lines. It has been almost 20 years since I did any work on cable systems, but at that time it was a real pain to shimmy up a pole, undo the cable from the amplifier and then run the TDR. This disrupted the service for the customers on the branch we were testing, and most of the 'tappers' we caught were in reality people whose cables became disconnected from the set-top boxes or got cut while digging in the garden. They all did not know why their reception suddenly became so poor!!
In the end we limited TDR to analyzing lines that had signal problems, and we generally depended on disgruntled neighbors to find people stealing signal. The TDR could help us find taps, but in a couple cases the tappers were real smart and used a high impedance amplifier piggybacked on our line, which would not show up on TDR. This approach does not produce a nice clean signal one would get from a properly split and terminated cable, but it got the job done.
There was talk of some super TDR system that could be run on the whole system from the head end, but I have not seen or heard of one in use. Remember I am describing the state of the art circa 1982, and much has surely changed, so that doesn't mean it doesn't exist.
As for vans driving around picking up signals - the last I heard of such a thing was from the late '70s when HBO was broadcast over microwave, and various small cable companies and hotels would pick up the signal and distribute it over their systems. One could get downconverter kits and plans to make a box that would let you pick up HBO without a subscription. The box you could mount on your antenna mast had a local oscillator that produced a signal that would downconvert the HBO microwave signal to channel 2 VHF.
The trucks had radio direction finders that homed in on the local oscillator frequency from the downconverter boxes. I had a friend who had one set up and he actually got caught, and received a summons in the mail to appear in court.
He actually showed up in court without an attorney. He was asked to verify where he lived and evidence was produced against him that a certain frequency was radiating from his property, one which could be used to illegaly downconvert HBO. My friend got his turn to testify and much to the suprise of the prosecuting attorney, he produced an Extra class ham radio license. He then submitted a page from the ARRL Handbook showing the RF spectrum priveleges given to different classes of Amateur licenses. The frequency in question was in the broadcast privileges for his class of license! He then said that in this case the evidence against him was circumstantial. He admitted that he was "performing experiments in those range of frequencies" and went on to add that he was soon going to broadcast regularly at that frequency.
Case dismissed.
Re:Legality in doing this? (Score:2, Interesting)
The Microsoft EULAs which supposedly allow audits on demand is the Open License program. You can't get a copy from Microsoft on the web, and they won't email you a copy either. You have to deal with the sales department of Microsoft, or one of their resellers, AND you have to be "pre-qualified for the program" by them, whatever that means. They don't pass out copies to the curious by any means.
And if you happen to work for a company covered by Microsoft's "Open License" program, don't ask Microsoft for a copy to review like I once did, and especially not during license renegotiation time... This may be why that company experienced a BSA audit very shortly thereafter. Simply asking for a copy of the EULA was the single most stupid thing I've ever done at work, and I'm glad I was downsized out of there a few weeks after I made that mistake.
Another storty ... (Score:3, Interesting)
He was chasing some annoying sparky interference out in the country near where he lived, it was being radiated from a power line and he tracked it down to a particular pole
Re:since you are a lawyer (Score:3, Interesting)
Use enlightened software licenses, and support the volunteer developer communities.
Avoid the cults of personality surrounding the conceits of wealthy charlatan narcissists that want to squeeze every dime out of you to support their jackpot lifestyles. In other words, think when you procure goods and services...and rigorously evaluate the suppliers that you engage.
License terms are *always* negotiable.
Re: "Personal" computer meets BSA (Score:1, Interesting)
I remember pirating online with my lowly 14.4 modem that was a real screamer back then, or nearly so; it went hand-in-hand with my 75MHz machine. I was running Microsoft Organic Art as my screensaver; the desktop maxed at 1024x768, and my video card had an amazing meg of RAM. My whole system beat the pack with 40MB. Remember well?
At this point, I was using a local ISP -- tfs.net -- which later merged with Birch Telecom. I'd made some pretty good friends with the SysOps, and they (they meaning Joel) would routinely help me out when I was stealing a particularly large file; to save me the hassle of trying repeatedly to snag a huge file (Quake the first, anyone?), they'd grab it using their T1 and set up a dedicated server from which I could download so I didn't have to content with web traffic. TFSnet had a six-hour time-on session limit, meaning that if I went to 6:00:01, I was disconnected, regardless of idle status. I acquired quite a bit of software in this manner, which was stored on my 100MB Zip disks.
I was a wee lad back then, living with parents and all. I had my own webpage, of course; filled with ostentatious graphics and the horrendous blink tag, my site could choke an ISDN. Of course I had the requisite pages an early teen would -- one of them included a "links" page to various warez sites I frequented around the internet. A favorite was Simon's Hideout -- http://sibervision.com/sh/ back then. Since then, Simon's Hideout (yeah, I remember you, Si) has changed to Mitosis [mitosis.com] and become ugly and member-based.
I remember the W3B, or the original World Wide Warez Board. I created the name; I created the initial graphics for the W3B, a trading board and online warez community. Through the W3B I met a fellow pirate posting under the name of Radiaki; Radiaki (Brandon was his first name -- it's always something mundane like Brandon, isn't it?) had a pretty decent warez page that offered direct downloads. Radiaki's Warez. I visited this site often to check for updates. One such day, I visited to find that Radiaki had run into a plight -- he needed webspace, as his free web provider wasn't too keen on his illicit dissemination of software.
I volunteered. I used about 500K of my few-meg limit, so I offered the rest to Radiaki; I gave him the login and password and ftp address, and off it was. I made sure everything worked correctly -- and then Christmas came.
Christmas that year, I was given a new modem, a 33.6 USR Winmodem. Curse that pile of crap. I installed it that afternoon -- and didn't get it to work until literally months later, after repeated calls to tech support and various visits from friends more tech-savvy than myself. I'd sold my 14.4 the day before Christmas, so reinstallation was out of the question. It was such a frustration, watching the bird-esque beings flit by on the Organic Art screen. . . but not having an internet connection for which I was paying $20 a month!
Finally, it worked. Hallelujah. Online I was, at last! I signed on, checked my Hotmail and TFS.net mail, and signed off to do something else, something possibly productive. A few hours later, the phone rang.
His name was John Wolfe and he didn't believe anything I said. John Wolfe (or was it Woolf?) from the Business Software Alliance, the BSA. They'd caught wind of my page and the site I was hosting, Radiaki's Warez, and just happened to notice that both were in violation of Chapter 17 of the United States code (which deals with copyrighted materials). Shit.
Needless to say, the websites went down fast. The BSA took them down and put a big "BUSTED" logo on my index.htm site. I learned that the BSA was in the process of serving a subpoena to TFS.net to get the user logs.
Of course, my parents were simultaneously terrified and furious. They had no knowledge of this. They had no idea I was pirating software. They had no idea that the copy of Windows on their machine was stolen. . .
Again, I crept away offline for another lengthy hiatus. I continued working after school each day, fretting about the possible ramifications of what had transpired; I was being threatened with jail and a $25,000 fine! I was working at an outdoor garden/nursery making $4.75 an hour!
Life was hell for a while, and it was exacerbated by the fact that I'd never even had internet access to check Radiaki's page or my own.
So, finally, one day I grew tired of everything levied against me. I logged on TFSnet one last time and went directly to Simon's W3B to post a detailed summary of my tribulations. Lengthy it was and detailed it was. I logged off and didn't log back on. I called TFSnet to talk to Joel -- he'd already taken precautionary measures of deleting my radius logs, bless him. Great guy, he was. Six-foot-something, bike-driving, leather-wearing, long-haired SysOp.
A week later, I used a friend's computer to check my e-mail, and in my Inbox was a strange letter from a Russel A. Shorto. He'd seen my post on the W3B and was interested in my story.
Mr. Shorto was a reporter for a major magazine and wanted to do an article on me and the warez underground.
Russel Shorto and I kept in touch via e-mail and eventually telephone; he interviewed me extensively, I provided all sorts of facts and opinions and the ilk.
"And so, behind the cyber-moniker Twisted Ivory, there exists a 15-year-old who works at a nursery after school every day to raise money for his computer habit." and "Are these the criminals that government-subsidized corporations are chasing?"
A spot on page 49 of the November 1997 issue of Swing! Magazine (a magazine about life in your twenties!) landed me some serious publicity. Sympathy flooded in from all over the nation. From what I heard -- by snail-mail, e-mail, etc. -- there was a huge cry against the unfair and unethical movements of the BSA. Letters were sent, phone calls were made.
My case was dropped. I never heard from Radiaki or John Wolfe again.
The BSA has left me alone since, but I'll sure as hell never forget the time I spent when their focus was squarely on me.
I wasn't pirating en masse; I had an installed copy of Photoshop and a couple MP3s (hey, they were very rare back then and WinAmp didn't exist, and when it did, it shadowed WinPlay3). There was no selling involved. I hosted no actual software. I had a webpage and hosted another with links and links alone. I was just a "regular home user" -- and the BSA targeted me. I got away, but was lucky.
That's my story.
--TI
4.25.2
Avoiding BSA Audits (Score:3, Interesting)
If you want your company to be able to avoid any BSA audit, there are a few things you can do.
The first thing is never buy any piece of software that's represented by the BSA, or at any rate don't buy it directly. Buy it through an intermediary.
Second, never register software with the manufacturer. It's hard to demand that you give someone a copy of a contract (the EULA?) if they never know you have one.
Third, set up secure areas in your company. If you have a machine running BSA-audited software in an unsecure area, then have all the licenses available right there. If they want to go further, tell them they need a search warrant, and you'll see them in court.
Fourth, if they decide to do an audit, be sure to have the senior person sign an NDA or something else like that. Be sure that your NDA contains high penalties and that you have the right to search their premises whenever to verify. Be sure to bring up that NDA in court.
Finally, if they did get that audit, and you did get the NDA, be sure to audit the BSA at least once a month. They'll be such happy campers. They know stuff about your company by checking your machines. I'm sure those criminals are selling it.
when I owned a computer store (Score:3, Interesting)