Shakedown: How the Business Software Alliance Operates 954
An anonymous source writes: "I'm a faculty member at a public university which the
Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?" Although Slashdot is running this story as from an anonymous reader, we have contacted the source and believe the story is factual and the appeal for help is real. Consider this Slashdot's contribution to National Copyright Awareness Week.
The source continues: "The report that the BSA gave to our administration was filled with scary stories about other schools who tried to resist, so unless there's some hard evidence to the contrary I suspect our university will just roll over. We were told that:
- auditing software *will* be installed on every campus machine;
- the license for every program, on every machine, must be produced upon demand;
- failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession, with penalties that could range from the confiscation of the machine to the firing of the user;
- and this includes computers *personally* owned by faculty."
Sounds like they are spouting off. (Score:5, Informative)
BSA have a history of lunacy. (Score:5, Funny)
The Register's article BSA deploys imaginary pirate software detector vans [theregister.co.uk] explains everything.
- Toby Inkster
Scientology? (Score:3, Funny)
Re:Scientology? (Score:4, Funny)
"No they weren't that was my wallet you took! Come back here you fucking cultist bastards!" *sucking sound "My HOUSE! You fucks took my house. Man, now I am going to have to go and pee on L. Ron Hubbard's grave."
How the cable company catches tappers (Score:4, Interesting)
Yes - but the cable company does not drive around the neighborhood with some kind of scanner. They use an instrument called a Time-Domain Reflectrometer to do a thing called, not suprisingly, Time-Domain Reflectrometry.
How it works is somewhat like this - the TDR instrument must be connected to the cable line feed end. The instrument launches an electrical pulse over the cable then listens for 'echoes' - kind of like a radar. If it hits a tap in the line, hits a load, or hits an open (unconnected) cable, an echo is produced which is detected by the unit. They can measure the echos and see how many feet down the line is the tap.
"Do they actually do this?" Yes again, but it is not as easy as they would like you to believe.
Theoretically, this instrument can detect almost anything that is attached to the cable. In practice, it is a lot harder to catch tappers since the technician doing TDR on the line must distinguish between what is supposed to be on the lines and what is not. He almost has to 'map' the reflections and then come back later and see if the TDR 'profile' has changed to detect a tapper.
TDR is blocked by the line amplifiers they use to boost the signal on the cable lines. It has been almost 20 years since I did any work on cable systems, but at that time it was a real pain to shimmy up a pole, undo the cable from the amplifier and then run the TDR. This disrupted the service for the customers on the branch we were testing, and most of the 'tappers' we caught were in reality people whose cables became disconnected from the set-top boxes or got cut while digging in the garden. They all did not know why their reception suddenly became so poor!!
In the end we limited TDR to analyzing lines that had signal problems, and we generally depended on disgruntled neighbors to find people stealing signal. The TDR could help us find taps, but in a couple cases the tappers were real smart and used a high impedance amplifier piggybacked on our line, which would not show up on TDR. This approach does not produce a nice clean signal one would get from a properly split and terminated cable, but it got the job done.
There was talk of some super TDR system that could be run on the whole system from the head end, but I have not seen or heard of one in use. Remember I am describing the state of the art circa 1982, and much has surely changed, so that doesn't mean it doesn't exist.
As for vans driving around picking up signals - the last I heard of such a thing was from the late '70s when HBO was broadcast over microwave, and various small cable companies and hotels would pick up the signal and distribute it over their systems. One could get downconverter kits and plans to make a box that would let you pick up HBO without a subscription. The box you could mount on your antenna mast had a local oscillator that produced a signal that would downconvert the HBO microwave signal to channel 2 VHF.
The trucks had radio direction finders that homed in on the local oscillator frequency from the downconverter boxes. I had a friend who had one set up and he actually got caught, and received a summons in the mail to appear in court.
He actually showed up in court without an attorney. He was asked to verify where he lived and evidence was produced against him that a certain frequency was radiating from his property, one which could be used to illegaly downconvert HBO. My friend got his turn to testify and much to the suprise of the prosecuting attorney, he produced an Extra class ham radio license. He then submitted a page from the ARRL Handbook showing the RF spectrum priveleges given to different classes of Amateur licenses. The frequency in question was in the broadcast privileges for his class of license! He then said that in this case the evidence against him was circumstantial. He admitted that he was "performing experiments in those range of frequencies" and went on to add that he was soon going to broadcast regularly at that frequency.
Case dismissed.
The Audi Tool is called GASP (Score:4, Informative)
http://www.bsa.org/usa/freetools/gasp/
Check it out, they have an EULA for GASP... I guess they'll want to see the EULA for each machine they install it on too.
http://www.bsa.org/usa/freetools/gasp/gasp_
counterthreats (Score:5, Insightful)
Try this: Tell them you will go on a mad OSS campaign if they don't go away. Show them a proposal to spend X amount of money on OSS advertising and promotion around the campus and elsewhere.
Show them a draft of an article about BSA thuggery and why it is now time for OSS that you plan to publish.
When they send in a representative, have a bunch of Penguins, OSS posters, and Red Hat boxes around your office. Give them a free Penguin T-shirt on their way out.
Re:counterthreats (Score:5, Insightful)
Legality in doing this? (Score:4, Interesting)
Re:Legality in doing this? (Score:5, Interesting)
If you aren't breaking any licencing agreements, it just costs money to fight... But much like speeding - No large organization is perfect and someone, somewhere, will have some software that the licensing documentation isn't perfect on... The BSA is willing to bet for that (So you have to pay their legal bills, discovery, etc) are you willing to bet against it ???
Re:Legality in doing this? (Score:4, Insightful)
Re:Legality in doing this? (Score:5, Interesting)
In practice, if such laws were enforced, the amount of work for lawyers and judges to do would drop drastically, and the money earned by lawyers would also go down.
Laywers (including prosecuting attorneys) and judges decide whether or not barratry cases will be allowed. Do you spot a small conflict of interest? How do you think it will be resolved?
sPh
Groundless?? (Score:5, Interesting)
Let's say on your entire campus, one license is not valid. If the BSA comes knocking at your door, you face a relatively minor penalty for that license, but then you have to pay for your legal counsel, their legal counsel, damages, the auditors, etc. The BSA knows this, and they use it to their advantage.
Now, keep in mind here that they are suggesting a product is not legally licensed if you don't have the paperwork to proove it. Therefor, if you aren't totally pristine in keeping track of the licenses for all your software that is, in fact, 100% legitimate, you can still get screwed by the BSA. Although I do wonder how well that would stand up in court, that is, unless the BSA can proove those copies are pirated, is simply not being able to proove them legitimate enough to get you into hotwater. I'm sure their license provisions make certain statements about this, but I don't know if they would stand up in court.
What it boils down to is that the BSA takes advatange of our legal system to extort businesses and it's about time that something was done to put an end to this. For example, I would propose that any organization that licenses software for more than say 50 computers, they should have certain protections from this sort of action. I would suggest the following protections:
1) Provide protection for good faith effort. If your company makes a good faith effort to license your software (at least say 80% of the value of the software is legitimately licensed), then all you can be held accountable for is the cost of licenses at retail price. No damages, no attorneys fees, no auditing fees. It would still cost you the attorneys fees to fend it off, but at least the expense would be clear and reasonable. If you have more than 90% compliance, then your legal fees would be covered by the suing party (though you'd still have to pay for the licenses). Thus, there's a strong disincentive to go after an organization that's not blatantly violating the law.
2) Receipts or other proof of software purchase should be considered valid proof of legal license. If you buy a thousand copies of a piece of software, you shouldn't have to keep track of a thousand pieces of paper. It would be impossible to proove that a piece of software is pirated, so it makes sense for the purchaser to be required to demonstrate ownership in court, but the burden of what needs to be proven should be much more reasonable.
Re:Groundless?? (Score:3, Informative)
Knowing that a judge will make you pay for the defense in such a bullying lawsuit, can put a pretty quick stop to this type of unethical behaviour. And if you know you're clearly in the right and will likely win, it's worthwhile to float the legal fees until the buggers lose.
Re:Contracts (Score:3, Funny)
They can't conduct an inspection if I don't open the door for them. And they better not try to get in my house without my permission --- that would be breaking and entering, and I could legally shoot them if I catch 'em doing it. I wouldn't shoot a cable guy, of course, but a BSA representative, now, that's different. :-)
Re:Contracts (Score:3, Interesting)
If you own a gun and you're not 100% sure if I'm right or wrong, I'd advise you to look in the Yellow Pages under "Gun Safety" or "Firearms Instruction". They should be able to fill you in on such concepts as the Castle Doctrine and Disparity of Force. The book "In the Gravest Extreme" is also a good idea for a read.
Off-topic? Yeah, but I'm at the karma cap anyway. If burning three worthless points keeps one of you clowns from being victimized twice (intruder & system) then they're well spent.
Chris Beckenbach
Re:Legality in doing this? (Score:5, Informative)
Right. And this is why they CAN NOT just march in wherever they want, whenever they want, and do their raids. They CANNOT demand license documentation, they CANNOT install software, etc. without either a court order or police and a search warrant. I would do exactly what pitcrew suggested -- tell them to go to hell.
From the article: failure to produce licenses for all commercial or shareware software will constitute prima facie evidence of illegal possession
This, IMO, is absolute bullshit. It's like the police going through your refrigerator, making you produce receipts for every gallon of milk in there, and automatically assuming that the milk you can't account for with receipts was stolen from the local grocery store. They are assuming you to be guilty until you can prove yourself innocent. This is not the way our government works (or is supposed to work); the burden of proof is supposed to be on them, not you.
Re:Legality in doing this? (Score:3, Interesting)
Why justify them with a response (Score:3, Informative)
A safer strategy is to pretend you didn't hear them in the first place.
Ever send a registered letter with return receipt, and never get the return receipt? It happens, and it's because the recipient doesn't want to acknowledge the communications.
IANAL, but it seems to me, to haul you into court requires a subpoena or a summons. Those documents require a response. Others could be ignored, as long as you don't intend to do business with the source of the noise.
Re:Legality in doing this? (Score:5, Funny)
Maybe they interpret the U.S. Constitution thusly:
Re:Legality in doing this? (Score:5, Informative)
Re:Legality in doing this? (Score:5, Informative)
Also, they absolutely CANNOT demand to install auditting software on those machines. That's theft in my book. They are forcefully taking away my cycles.
Furthermore, they can't attempt to enforce a EULA that they don't know you accepted. Until they audit they have no way of knowing that you have EULA covered software on your machines, until they know you have EULA protected software on your machines they have no right to audit those machines.
Re:Legality in doing this? (Score:5, Informative)
I think it is high time these damn EULAs get properly tested in court. I have a feeling they will ultimately fail the legal test. It's absurd that you "have" to read more legalese to install a piece of software than to buy a car (assuming you pay cash). It's also absurd that you can't read the legalese until you've purchased the software, opened the packge, and many times broken a stick on the internal CD sleave that reads "Breaking this sticker indicates your acceptance of the EULA"--which you see once you install the software.
Last I heard, ripping a sticker wasn't quite as legally binding as a signature.
The BSA coming charging in would be a perfect opportunity to test a EULA. Unless they come with cops and a warrant, you can tell them to take a hike even if they have a signed contract (which they don't). Tell them to get a court order. They may do that and they way try to sue you: But they'd sue you for violation of a contract, not copyright infringement. You could then argue that the EULA is invalid. Aside from the issue of whether "clicking accept" forms a contract, the EULA is invalid because no contract (in the United States) is enforceable if it abdicates a recognized right of one of the parties--in this case, unreasonable search and seizure.
You, as an adult can sign a contract that says you will never marry, that anyone can search your home and kill your sister--all three of those clauses will not be enforced by a court because they abdicate recognized rights that CANNOT be taken away by a contract. Otherwise many labor laws that protect workers would be useless since workers would just be forced to sign away their rights. You can't do it. You can't sign away your rights (well, you can, but no court will enforce them).
I think it'd be great if a BSA-initiated conflict resulted in the definitive invalidation of EULAs! :)
Re:Legality in doing this? (Score:5, Interesting)
General points to ponder...
I just walked through the entire process of buying WinXP from shop.microsoft.com and NO WHERE was I given a chance, a link, or even a hint of an EULA that I would be binding too when I open the software. How could they not include this license in the buying process? There is no excuse for not making this a part of the purchasing process.
Microsoft statements about "piracy" and license agreements [microsoft.com]
What is the minimum amount of documentation I should keep to prove my software products are legally licensed?
All legally licensed Microsoft products should contain an End-User License Agreement (EULA), which is your primary proof that you own a legally acquired product. However, it is also recommended that you keep the original user's manual (or at least the cover and first page of the manual), the product disks, the Certificate of Authenticity, and your purchase receipt.
This EULA they speak of, is this a hardcopy of some sort? That seems to be all that they require. What is with the should and recommended? Sounds shaky to me.
First, (Score:5, Informative)
Good luck.
Actually... (Score:5, Informative)
since you are a lawyer (Score:4, Interesting)
since you are a lawyer, could you answer the questions raised in the story?
I understand you normally get paid for advice so you don't have to go into details. But some general information from someone with your expertise could be enlightening.
Re:since you are a lawyer (Score:5, Informative)
It's hard to say what rights the BSA has, since those rights will typically stem from the terms of the license agreements to which the University has agreed. Where enterprise or site licenses apply, they may or may not contain negotiated terms that vary from the off-the-shelf EULAs. If there is not a negotiated "umbrella" agreement, the click-wrap/shrink-wraps will probably govern, and I'd venture to guess that those give the vendors (and the BSA) some audit rights. However, many courts remain skeptical of the enforceability of what are known as "adhesionary" (think "overreaching") terms of a click-wrap EULA. Vendors are aware of this, as is the BSA. This diminishes the BSA's audit rights, and gives the University a foothold to prevent an audit. This is just one example of an approach to defeat this type of threat. There are *always* leverages to be exploited. Good lawyers do their homework and read all the facts and all the license terms and find a way. That's what makes them good lawyers.
Go open source (Score:4, Insightful)
Some big organization needs to do this in response to a BSA audit request.
Re:Go open source (Score:5, Insightful)
While the idea of a campus that's totally open source is cute, the idea is totally unworkable and not a feasible solution. That is the reason noone will respond this way. People spend money on software because some software is only legally available when you spend money. If I was still in high school, it would be a no-brainer to decide not to go to any school that didn't use any proprietary software.
We'd all like free software. However, with very rare exceptions, the best (or all) software in most domains is closed. Why? Because I can't find enough chemistry people and programmers who will cooperate to make me specialized software of superb quality unless I unload a big pile of cash.
Re:Go open source (Score:5, Interesting)
Most of the major Chemistry commercial software out there is available to run under Linux. Sure, it ain't free. But it doesn't imply you have to run Windows to use it.
*Gaussian runs under Linux (although they are pretty draconian about licensing in their own rights).
*QChem runs under Linux (hell, Martin Head-Gordon's research group only has one Windows box, and they only use it for the occasional PowerPoint presentation).
*CHARMM runs under Linux.
Furthermore most of the major commercial chemistry packages don't contract out with the BSA. Most of the people I know in theoretical chemistry don't run Windows. Why? Because if your jobs take months to run, you sure as hell don't want an uptime that is order days. Sure, you can't go totally open source (yet). But you can evade the juggernaut.
And for reference purposes, the next generation of theoretical chemists is pretty geek-happy. Give us another twenty years, and I'm sure you'll start seeing GPLed versions of molecular modeling programs. Hey, I'd consider doing it. The point of all this is that you *can* do things in stages. You can run whatever commercial software you want, scientifically, under Linux. And it's only going to get better. Why? Well, I know people who have license credits on Gaussian/QChem. And you know where they get their thrills? It sure ain't from the royalty check. It's from the fact that *everyone* who uses their software cites them in their articles. Citations are power in the academic world. Money is nothing.
Re:Go open source (Score:4, Insightful)
Wow, I *am* sensitive about this! =-)
-Paul Komarek
Re:Go open source (Score:3, Insightful)
a university has an obligation to train people to use commercial software
Unless the student takes a class to specifically learn to use a particular piece of software the school is under absolutely no obligation to train them on commercial software, and in fact I would argue that the school is doing the student a disservice if the do so.
For example; when I take a class in C++ I expect to be taught the C++ language, and the skills I learn in that class should be portable to whatever environment I then choose to use. If I'm forced to use only MS VisualC++ when I would prefer to use Borland Builder or vi/gcc my education is being limited. I'm not suggesting that the school should be forced to provide me with alternatives, merely that I shouldn't be restricted from using them if I so desire.
It comes down to this; the business of the University is education, the teaching of concepts which can be applied within the given field regardless of the tools available. Training on a particular tool is process-oriented job training, best left to trade schools or employers.
Now, obviously, there are situations where this doesn't apply. If I'm taking a class in Visual Basic I'm going to use MS Visual Basic because it's the only game in town. I imagine that's likely the case with some highly specialized scientific software as well. However, I would still argue that the university has no obligation to train the student on that particular software, but rather the obligation is to teach the student what they need to know in order to understand and interpret what that software does. I was never trained in using Mathematica, but I was taught enough algebra and calculus that I figured out how to use it, and how to interpret the results it gave me, without too much difficulty.
Anyway, I don't want this to seem like a flame. Other than that one point I wholeheartedly agree with you and find the examples you give encouraging.
On the CAD front, rumor has it (rumors are treason. Trust the Computer) that Pro-Engineer runs on Linux. I haven't verified that, though. I suspect AutoCAD might also as they used to have a Unix version, though I'm not sure if they still do. If you're just doing 2D CAD I hear QCAD is a viable alternative.
All the graphics folks I know swear by Photoshop of course (except one, who prefers Corel for some reason), but I suspect it's largely because that's what they were taught. I admit that I am not a graphics guy, but the GIMP seems perfectly capable to me.
Re:Go open source (Score:4, Insightful)
I was mistaken before that they were the total proprietary software dicks. They are really rather limited. Tactically choosing to take business away from some members could erode the funding and credibility of the organization should those members choose to leave.
In fact, I would suggest that users don't wait for the BSA to knock on their door. Instead, they contact companies and tell them how many dollars of business they will now loose. Hopefully, enough people will do this that the lost amount will be less than revenues generated by the assholes.
BSA members: (Score:3, Informative)
"BSA members represent the fastest growing industries in the world. Worldwide members include
Adobe, Apple, Autodesk, Bentley Systems, Borland, CNC Software/Mastercam, Macromedia,
Microsoft, Symantec, and Unigraphic Solutions. Additional members of BSA's Policy Council
include Compaq, Dell, Entrust, IBM, Intel, Intuit, Network Associates, Novell, and Sybase"
Re:Go open source (Score:4, Informative)
That would be great except that the MS site licenses for universities require you to purchase licenses for every machine on your campus, wether it runs windows or not.
Re:Go open source (Score:4, Insightful)
You can do taxes over the web from Linux and other free operating systems just fine. But taxes are a special case anyway (highly legalistic, highly time constrained, of no independent interest to scientists or programmers). Scientific and educational software is about as different as you can get.
True, you can get lots of programs from the open source world, but the more specialized the programs get, the less likely you will find a free alternative.
There are plenty of very specialized programs that you can only get for free. In fact, most research software starts out that way before some company picks it up, makes it closed source, and generally ends up making it much less useful.
These programs normally take a higher expertise level (ie, you need to be a chemistry expert to design a feasible chemistry app), and the open source need just isn't there.
Scientists who develop software as part of publically funded grants, or who want to publish results related to their software, should be required to make the software available for free: it's necessary for experimental reproducibility, and why should the tax payer fund private software companies anyway?
Many scientists appreciate those reasons. And many scientists don't want to become software entrepreneurs anyway and publish their software even if they could commercialize it.
And your average unversity isn't going to spend tens of thousands of dollars in salary to develop a complex app and then give it away for free to their competitors (ie, other universities).
Universities generally don't spend money on developing science-related software; funding agencies do. Universities are trying to get into the act by asserting rights to software they didn't pay for, but we shouldn't let them get away with that. In fact, these days, it's often the universities that try to close source against the wishes of researchers and funding agencies.
Beware (Score:5, Interesting)
If you are reasonably sure that your licensing is OK, then you could probably stave them off. It would be a unique Uni that licenses all of the software being used though, based on my experiences.
Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
Re:Beware (Score:3, Interesting)
If I word for an orginization (University, corporation) I am NOT going to allow some orginization to TOUCH my PERSONAL computer!!!
I don't copy software from my work but it is NONE OF THE BSA'S BUSINESS what I have on my computer (I don't pirate software either).
I think the BSA's demand to see the faculties computers is OUTRAGOUS!!!
Re:Beware (Score:3, Insightful)
...
> Basically, you are screwed if you a) don't comply with them and b) don't have your licensing in order.
If you're remotely close to satisfying (a) and (b), find a lawyer who can say the word "racketeering."
Treble damages.
Peanalized for personal computers (Score:4, Insightful)
Why should an organization be peanalized for personally owned computers? Yes, IT can set rules and what not but how many users actually follow IT rules?
Note to self, don't bring laptop to work if company is being audited by gestapo...err, BSA.
As a CIO myself... (Score:5, Insightful)
You absolutely need your legal counsel involved in this. An IT department is generally unsuited to handle these type of business/legal affairs.
By sucking in the legal folks you turn it from an IT problem to a 'university as a whole' problem.
Do not let them strong arm you into anything. Play hardball. Tell them you are doing an internal review that could take months.
Remember, they will be very reluctant to force the issue into a courtroom. It is very bad PR for them to take an impoverished college to court. A jury would be filled with people who all have 'unlicensed' software on their home PCs.
But in the end, you will have to make a reasonable effort to be in compliance and generally pay for the software you use. That, my friend, will be unavoidable. Unless, you switch IT platforms to a free or close-to-free software environment.
Good luck.
Re:As a CIO myself... (Score:5, Informative)
I had some thoughts about all this while out getting lunch, and now that I've posted my idealogical rant about "innocent until proven guilty" obviously not applying in the civil world, I'll try to be, like, constructive for a moment.
First, any lawyer (and most of the posters here today) is going to tell you that it's cheaper to simply buy all new licenses (or whatever the BSA is demanding). Rifle every likely file cabinet for existing licenes, then buy the difference. Either way, you still need to do your own audit.
On the other hand, if you're at a school with a strong reputation, lots of prestige, and even more money, and if your president believes there's a moral victory worth fighting (and paying) for, then I have some thoughts that I at least find intriguing:
Of course, my initial point still stands -- do your own audit, cheaply, and simply pay for the difference. And, most importantly, build a good system (centralized database backed up with a fire-safe holding physical license papers for the whole school) to track this stuff, and re-audit every 6 months. Or even more frequently. (client-side tracking software is obviously going to be in your future....)
Good luck!
The BSA isn't all bad (Score:5, Funny)
Second, I used them to shut down a competing software retail store once. The place was selling Microsoft OEM software off the shelf. A call each to the BSA and to Microsofts Piracy line and the place was out of business in 4 months.
Re:The BSA isn't all bad (Score:4, Interesting)
If that's the case and I am correct in my understanding (Being right up front I might very well be mistaken) then wouldn't his competitor in all likelyhood be selling OEM copies of this software far cheaper than he could sell retail versions? Following then what's the real problem with busting someone who is undercutting you by doing something outside the lines?
Personally I think the guy creatively used the system to smack down an unethical competitor to his own advantage assuming all of this was true of course. The other guy was trying to work the angle and got caught. Tough shit.
I just can't find anything wrong with that.
Re:The BSA isn't all bad (Score:4, Insightful)
One word (Score:5, Informative)
Seriously: Where's the search warrant? How enforceable is a EULA with such broad contractual provisions that it forces a licensee to waive all rights to due process and freedom from illegal searches? (Before you naysayers tell me the Constitution has no bearing in this, check the facts: In many cases, BSA shows up at the doorstep with their very own law enforcement escort.)
There is a legal concept known as "blue-lining" in which a judge has the legal authority to water down, modify, or even eliminate certain portions of a previously-agreed-upon contract. I learned about this after I found myself the unwitting signatory to a capricious and completely illegal legal document. The state recognized the document as legally binding; however, the state also found the terms of the agreement were overly-reaching, capricious, and without legal standing, effectively nullifying the contract.
The reason why companies continue to write obviously unenforceable contracts is that they know the number of people willing to fight in court is very low. Most will simply roll over, expose their underbellies, and submit to being raped rather than fight.
Firing of users? (Score:4, Funny)
It seems to me that there's no way they can force the university to fire people over licensing issues. *Especially* professors. Most of those people have tenure, you know. Professors with tenure at my university have gotten away with embezzling grant money and sleeping with undergraduate students. Depending on the tenure contract at your school, it is probably *illegal* for the university to fire professors over this issue. BSA can't possibly wield a big enough stick for this to hold any water.
As such, it seems to me like they're protesting too much. The scenario they paint is patently ridiculous.
Can I suggest MIT? (Score:5, Informative)
Also, my 2c on this: There are a few angles. Clearly, a private institution is innocent until proven guilty under US law. So, the scare tactics the BSA is using on your University take a couple of prongs:
- For the legally not so savvy, it says "We'll sue if there's even a hint that you might not own some software! Put our software on your computers to keep us from suing."
- For the legally more savvy, it says "We can make your life sufficiently annoying that it will be cheaper to just let us put this software on your system." Then we'll go away.
To address this for both audiences at your university, you'd like to be able to prove:- Your university is not, in fact, legally liable to the BSA, and that it in general isn't responsible for what people do with their personal computers.
- It will be significantly more expensive to install the software they require, than it will be to get legal counsel to tell them to go away.
My guess is both those things are true: A nicely backed up presentation proving both those points would probably quelly our nightmares. Good luck! Post back and tell us what happened.Re:Can I suggest MIT? (Score:5, Funny)
I can see it now...the BSA auditor shows up, sees a Dell box, and walks up to it to start his Win32 auditing tools.
Then he says "what's this freaking owl doing on the login screen [mit.edu]?"
Fire that guy! (Score:3, Interesting)
If the Gestappo comes by asking if you've seen any Jews, do you ask them to explain what Naziism is all about?
Until this IP law is overturned, cower and hide if you're not williong to put your ass on the line to do something about it. In this case, your guy put his ass on the line, it's only natural that he takes what's coming to him. Consider it a form of back-assward martyrdom.
Re:Fire that guy! (Score:5, Funny)
Godwin's Law. Discussion over. Ask a Bosnian Muslim how he feels about your comparison. Or a Hutu.
Re:Fire that guy! (Score:4, Insightful)
No you cretin, it has more to do with the fact that the nazi comparison is
so
utterly
treadworn
That it has no coinage any more. Every god damned thing you don't agree with, well just shout "Nazi". The quips about other folks who got massacred had more to do with the idea that yes Virginia, there really are people who get systematically killed in this world who don't give two shits about software licensing.
Get some perspective. Jesus.
Lawyers. (Score:4, Informative)
Yeah, some people call it legalized extortion. IANAL.
For something like this, they should really go through your university's legal department. If the legal department hasn't gotten involved yet, then get them involved now! Get some counsel. They are the folks that were hired to protect you from this sort of thing (among many others).
This sounds just like pure intimidation to me. Especially once you mentioned that the audit includes personally owned computers. If they want to audit my personal laptop, which I bring into the office sometime, they would not send the notice to my employer. They would send it to me. Like I said before, talk to a lawyer. A lawyer, not the Slashdot crowd, can give you the best advice.
My two peeves here: (Score:5, Interesting)
I'll hit the second one first. If the personally-owned computers are on the network, they're close, maybe, to being able to audit those. Maybe. But that's really grey. I know I, for one, wouldn't let them on, and if they came into my office and said "let me look on that machine," I'd simply disconnect it and say "no."
For the first one, though, I have a much bigger problem. Can anyone cite any other [industry / realm / product space] where one is required to retain all receipts in order to prove ownership? I don't need a receipt to show that I own the shirt I'm wearing. If someone wants to accuse me of stealing it, show some evidence. I don't need a receipt to verify that I own the couch in my living room -- if someone thinks I stole it from my neighbor, fine, prove it. So, why on earth do I need a receipt for software?
I can understand the technical complications that are entailed here -- like when you've got 1 CD for 100 machines. But the legal issues are what I'm more curious about. In no other situation am I, essentially, guilty until proven innocent.
Does anyone know if anyone's fought the software industry on those terms? You can't prove I stole it, so go away. Seems like it should work, but then again, maybe I'm being idealistic.
(Okay, I thought of two examples -- cars and real estate. But those are tracked for me by the government, and if I lose a copy of my title they can send me a new one, for a modest fee.)
I wonder... (Score:4, Funny)
Personally, I enclosed a RedHat sticker in their mailing and told them where to stick it....
Yet another reason to use Open Source Software (Score:3, Interesting)
As far as whether or not they can do this, if anyone (person or organization) who wants to audit you like this is not an official department of a Government Law Enforcement Agency, whether it's federal, state, or city, then tell them to fuck off. Otherwise, you are guaranteed due process and they will need to obtain a search warrant.
Privately owned PC's would be a separate search warrant - as they are not owned by the University they the University is not liable for it's contents.
Too bad the powers that be at the University won't do this. But what they should do is just install the Open Source, Free OS of their choice and tell the BSA jackals to burn in hell.
And to any member of the BSA who might be reading this: I run Red Hat Linux 7.1 at home. Go away. Kapisch?
my vision of talking with the BSA (Score:4, Funny)
Me: This is an open source shop, but if you tell me which open source license you would like to see...
BSA: We at least need you to run this auditing software.
Me: Hmmm, seems kinda pointless, but what the hell. Do you have a Linux version?
BSA: No. You will have to remove your Linux OS and install an MS based OS that we do support.
Me: You want me to do what?!? Get the !&@$#%*@$%^& outta my sight!
Re:my vision of talking with the BSA (Score:4, Funny)
> Me: This is an open source shop, but if you tell me which open source license you would like to see...
> BSA: We at least need you to run this auditing software.
> Me: Hmmm, seems kinda pointless, but what the hell. Do you have a Linux version?
> BSA: No. You will have to remove your Linux OS and install an MS based OS that we do support.
> Me: You want me to do what?!? Get the !&@$#%*@$%^& outta my sight!
You left out a part...
BSA: "Step away from the computer. We're installing our auditing tool. Huh? Linucks? What's this gear doing where the Start menu should be?" (power-cycles machine)
You: "Hey, what are you doing with that DOS boot floppy?"
BSA: FDISK... FORMAT C: /S...
~ two hours later ~
BSA: Finally, I've installed Windows ME. Now I can install and run the audit tool.
You: YOU BASTARD! YOU JUST REFORMATTED MY DEVELOPMENT WORKSTATION WITH TWO WEEKS OF MY WORK ON IT!
BSA: Relax, Mr. Willow, your audit was pretty clean. Everything seems to be in order on your network, except you have one unlicensed copy of Windows ME. Please pay $10,000 in fines or face one criminal charge of copyright infringement.
Re:my vision of talking with the BSA (Score:5, Funny)
Me: This is an open source shop, but if you tell me which open source license you would like to see...
BSA: We at least need you to run this auditing software.
Me: Hmmm, seems kinda pointless, but what the hell. Do you have a Linux version?
BSA: No. You will have to remove your Linux OS and install an MS based OS that we do support.
To continue:
Me: Ok, fine. (Installs Windoze on a machine not currently being used)
BSA: Where did you get that copy of Windows?
Me: It came with the PC. See the sticker?
BSA: You mean you have a licensed PC but are not running Windows on it?
Me: Yes. We don't run Windows here. We're a linux shop.
BSA: According to MS's license policy, the license must remain installed on that PC.
Me: Ummm..... what?
BSA: And as for the rest of these PCs..
Me: I'm calling the cops.
BSA: We're giving you a grace period to reinstall Windows on all of them to meet compliance requirements. You have 5 days.
Me: But.. But...
BSA: Good Day.
bloody good marketing campaign by the BSA. (Score:3, Insightful)
we did some research here at our company. my CEO and i were discussing it (i'm the CTO), and he told me he had done some leg work on the subject when the BSA first started their "scare tactic" TV/radio campaign.
the BSA is a software reseller. they have NO LEGAL AUTHORITY. they are not the "Software Police". they can't come to you and demand anything. you have to (stupidly, actually) ask them to come and perform an audit. then, when they find non-compliance, they offer to sell the company the licenses at a "special price".
they're vampiric...if you don't invite them in, they have no power.
of course, now that the ball has started rolling, they can probably bring some legal action. i'm not sure what legal recourse the SPA has (for example). subpoenas/warrants/etc, possibly. i imagine that there is a goverment agency to which they can appeal for such. and the BSA only has to pick up the batphone to them to start the ball rolling.
i know that doesn't help now, since they've already gotten a foot in the door. but it may help others.
Countersue (Score:5, Informative)
Information at
http://slashdot.org/article.pl?sid=02/01/15/0
Be proactive. Fight back. A good tactic might be to develop an open source policy predicated on the cost of compliance with commercial software licenses being too high since even the companies don't understand their EULAs it's just impossible to do so and therefore the university will outlaw commercial software on their network.
The BSA is funded by MS, adobe, etc. If the BSA generates net positive income, they will continue storm trooping around. If it becomes a liability to have one's names associated with the organization, the underwriters will pull their support. This is a political as well as legal battle and if you don't fight, you'll be screwed, as will the next organization.
extortion (Score:5, Insightful)
The BSA uses the same tactics. They allege that if you don't comply, you'll be busted. However, they're not acting on behalf of the government. In fact, with only the evidence of "I got an anonymous tip," they shouldn't be able to get a Judge to sign off on a search warrant. After all, for them to get a search warrent, the cops need to have probable cause. I don't see how a third party, who has an anonymous tip from some other third party is probable (it's heresay). Without a search warrant, there's no phyiscal evidence of criminal conduct.
In short, consult your legal professional. Don't forget that you can sue them, too.
BSA: All Bark and No Bite BSA: All Bark and No Bit (Score:4, Interesting)
Despite the radio and television commercials suggesting that he'd get fined up the ying yang, nothing happened. I have since concluded that the BSA is all bark and no bite. Here is my story [osopinion.com].
Chump Change? No wonder the BSA ignored you. (Score:5, Interesting)
I work as a Sr. UNIX Administrator for a very large (Fortune 100) company that shall remain nameless for all the obvious reasons. I plan to leave soon, just as quickly as I settle upon a new opportunity in this less-than optimal job market.
Microsoft is currently auditing us. Granted, that is not what Microsoft or we are calling it; rather, Microsoft is "helping us to determine our licensing needs" but that is just a sugary title for what is really going on.
What is really going on is this: this company has long made an unofficial policy of pirating software. Factual, verified (by me) examples include:
* A single MSDN subscription CD of Office 2000 being installed on virtually every PC in a particular department (over one hundred machines)
* Remote sites throughout the United States being sent CD-R copies of software such as Microsoft Project and being told that it is OK to deploy it on all their PCs
* Numerous Windows Terminal Servers being setup for use by Sun workstation clients, each running Office, Project, and Visio - with at best only a handful (read: less than five) of licenses apiece, with no CALs at all - and definitely not enough licenses to cover the 300+ workstations that use them
* Mass upgrades of PCs from Windows 9x to Windows 2000, with nary a license in sight
* Another department, supposedly responsible for license compliance documentation, cannot now seem to lay their hands on any more than a third of the licenses that supposedly exist - thus leading to a deficit of more than 2,000 unlicensed copies of Office, Project, Visio, and Acrobat.
In my department alone, which is one of the smaller ones at this company, I estimated that we are looking at an easy $400,000 to "true up." Nevertheless, the departments are busy engaged in a finger-pointing battle, each blaming responsibility for license compliance on someone else. Upper management has completely ignored the issue, and as the deadline of July 31 draws ever closer, it is becoming rapidly apparent that this debacle may prove of truly colossal proportions.
Well, one option is to uninstall everything (Score:5, Funny)
I know this idea is unfeasible, but I'd love to see the look on their faces when a dual processor 1.5 ghz machine boots to a dos prompt.
Re:Well, one option is to uninstall everything (Score:3, Informative)
Not BSA necessarily, but like it.. (Score:5, Interesting)
Now, we were mostly in compliance as far as we knew due to our large per-seat volume licensing through dynamic pooling, but we were pretty sure that we'd come up short in the end. Given that we weren't running any auditing software on the PCs it was difficult to impossible to know what was on every machine. So we called Microsoft and told them we needed time. They agreed to grant us two months, but then went on to specify exactly what software we were to use to perform the audting. We replied that we were going to choose our own that was less expensive, but were told that we must use this particular software, because they knew it to be honest and compatible with Access. (Like that should make a shit bit of difference) In the end we just bent over and took it rather than deal with the auditors showing up, and purchased this lame auditing software. It had to be deployed manually from machine to machine. Almost 2000 computers later, we had our audit. We wound up ponying up some pretty serious bucks for our machines. It slaughtered our entire budget for the next three quarters.
Point is: Microsoft probably didn't have the right to just announce that they were coming, but we knew that, as a public institution, we couldn't afford the battle to fight.
No one ever totaled up how much money we lost on that piece-of-shit software and in man-hours for manual deployment, but if you add it to the big fat check we wrote in the end to keep Microsoft off our campus, it was a hell of a lot of wasted grant money intended for student use.
You can pontificate for days on replacing Windows with *nix, or killing Office for StarOffice. God knows I went to the shared governance committee more than once trying to get them to see the light. In the end, however, everyone winds up signing a fat-check.
Cynical perhaps, but a truism all the same
Have you signed a bulk-license contract? (Score:5, Insightful)
As far as I know, they have no grounds to force you to do ANYTHING unless you have signed a bulk-license or site-license agreement. Those agreements generally give you access to the software for a lot less money, but in return you give up all protection against 'unreasonable search' -- part of the agreement you sign allows them to inspect your systems to make sure you are in compliance.
If you bought your software through normal distribution channels, chances are very good you can tell them to pike off. As far as I know, a click-wrap license DOES NOT allow a search, because they can't know whether you agreed to the license without searching you first. It's only when you signed another agreement, which they have on file, that they have you over a barrel.
I will add my voice to the many others here telling you to get the lawyers involved. The BSA plays serious hardball. These people survive and can continue to exist only by extracting large sums of cash from your organization, and will use any tactic required.
They are not your friends. They are active enemies and you should treat them as such.
Have proof of internal auditing (Score:3)
A company or organisation that cannot show any proof of such policy beforehand is more likely to get the goons in.
A search warrant of some sort is always required and the authority issuing it will be far more prudent when you have such a policy in place and are able to show you enact it.
We were audited (Community College) (Score:5, Interesting)
The deal was, "cooperate or face draconian penalties", with a tie-in to a vendor selling auditing software. We install the auditing app, use it in demo mode or something to comply with the auditing demand, and then possibly purchase the auditing software to use from then on. It wasn't clear whether any settlement would be based on an agreement to purchase the app.
My first reaction was, "Not on my net!" We had auditing software already, which put us in a great position. They didn't provide an online list of executables to search for, so we collected info on every executable we had. They had a list of something like 20,000 apps, much of it from the tiniest, least significant software vendors around. If we were playing hardball, we could have submitted an undigested count - something like 70,000 unique executables on just under 1000 machines. "Here's everything we have - let us know if there's a problem." But instead we played nice. We sent them a report on audited and identified applications, a report on identified
It was full and cooperative disclosure, without installing an alien app we had no control over. I think cooperating was important- I don't think we had escalation dominance in this situation. They could push it farther than we could, to a place we didn't want to go.
My recommendation? For those not in the situation already, pretend you are! Then if you are audited, you send them the report you've already done if you are chicken, or tell them to fuck off *knowing* you are in compliance. If you don't do the audit, you don't *know*, and you may find that someone slipped up and included an app that went out to too many machines. It wouldn't take many rogue installs to give them the ability to hose you.
Incidentally, they apparently can get marshalls to show up with them. Marshalls probably can't crack passwords though. And the BSA can't fire you, but they can include your firing as part of a settlement agreed to by the people who can fire you.
Search warrants and subpoenas (Score:3, Insightful)
A lot of posters have mentioned search warrants so far, but unless I am sorely mistaken, neither the BSA nor any other private party can ever be issued a search warrant. A search warrant can only be granted to law enforcement agencies in criminal cases; and I think that if the BSA has anything on you at all, it's a civil suit.
(Police can search without a warrant if they have "probable cause", which is evidence of a certain kind that you have or are going to commit a crime right then and there, say within the next thirty seconds. Again, I don't think this applies here.)
A private party does get the power to subpoena during the discovery phase of a civil suit, and then both parties do have rather broad powers to demand evidence from each other. But for that, they have to sue you first, and there a lot of procedures to go through before you get there.
For certain kinds of civil suits, such as for copyright violations, a plaintiff can request a judge in secret for powers to search the defendant (there's a Latin name for that, but I can't remember it). This is the case when there is a risk that the defendant can destroy evidence before discovery can begin, like destroying the illegally copied material. The Church of $cientology did this once to one of its Internet critics.
I suppose the BSA may have grounds such a request, but it's a pretty outrageous mechanism, the kind of thing only $cientologists would do, and you ought to raise an enormous public stink if they try. God help us all if the BSA is granted that kind of power.
this article was bait (Score:3, Interesting)
Of course, in reality this is about privacy, but most people don't realize that.
No business in law enforcement. (Score:4, Interesting)
But the BSA is not law enforcement. It bugs the heck out of me that they can do what they do. If they sent us a letter, the first thing I'd do is write up a proposal with an estimate of hours billing rate for them to sign before we would do business with them, another private business.
Granted, we are not a big company, they would probably ignore my proposal, and we don't have the money or the resources to fight them in court, so chances are I'd end up having to comply. But it really chaps my hide that a private orginization, with no real authority, can go around enforcing the law.
What somebody really should do is start an orginzation called 'Citizens for a drug free workplace', contact the BSA, and say that there is quite a bit of suspicion that BSA executives are in possession of, and regular uses of crack. You have one month to get off the crack, because then we're going into your offices, disrupting your business, and piss testing every one of your employees. While we have no legal right to do this, we're going to do it anyways or you're going down.
Go on the offensive (Score:4, Insightful)
The way to deal with bullies is to go on the offensive. Sue back. Perhaps the most promising avenue in that direction would be to sue the BSA consituents for distributing software they know is insecure, yet laid claims to it being secure. There's a hundred years of rulings on health claims for food and other consumables that show that you're not allowed to claim something is healthful, even if you later state in fine print that it isn't. Those should make some good precedents. Be sure to quote the security specialist from Microsoft who quit recently and publicly sounded off that he couldn't understand why Microsoft still has buffer-overflow vulnerabilities. You might be able to use the precedent from some of the automotive cases in which manufacturers were proved to have released faulty products. If it can be shown that Microsoft knowingly releases a faulty product, you could turn the tables. Another point to bring up could be that Windows allows pretty much anybody with a floppy disk to install software. To me, that's faulty. Drum it into the head of everyone who will listen that insecure software opened you to unauthorized software installations.
Next, claim that the insecure software violates the DMCA by assisting in the distribution of copyrighted material... I'm sure you can find one installation of Back Orifice on your campus to back up your claim. Sound ridiculous? It's not as ridiculous as having to submit to warrantless search.
Be sure not to go on the offensive against law enforcement... on the contrary, get law enforcement angry at the BSA for wasting their time hurting the sweet little local colleges. Make sure everyone is clear that the agents could have been out fighting drug dealers. That sort of tactic worked for the tobacco lobby who convinced the California legislature that it was a waste of taxpayer money to run anti-smoking ads when the money could be put towards birth-defect research. There's always something more worthy out there.
Lobby your congresspeople. If applicable, mention that the people who would profit from the search are from out of state. Remember, pork runs congress, and it's not pork if it gets diverted out of your congressperson's district. You may win this through lobbying.
They're not being nice to you, don't be nice to them.
Solution (Score:3, Interesting)
(2) Archive all raw data.
(3) Wipe all of your machines -- that is, write over all data with zero's. To be safe, wipe the hard-drives a few times.
(4) Install GNU/Linux or *BSD on all of your systems, using all Office/spreadsheet/etc equivalents.
The Internet is a community right? (Score:3, Interesting)
I can't believe how evil the Boy Scouts are! (Score:3, Funny)
Duh, sorry, our mistake... (Score:3, Insightful)
Tell them the guy who invited them in wasn't authorized to do so. They'll just have to resubmit their request. "Please send it in triplicate and don't forget to include return postage. Also, please include a detailed description of what this so-called 'explanation' involves, and while you're at it, a description of previously achieved benefits of this kind of 'explanation' would be appreciated. We can't waste our time watching another silly dog and pony show."
Briefly, you need to take back control of your gameboard and, for god's sake, man, stop acting like a kid who has been caught with his hand in the cookie jar. They're trying to sucker you. They seem to think that you're a bunch of ivory tower intellectuals (possibly true) who don't have enough real world experience to realize it. From what I can tell from the incomplete description of the original mailing, it was deceptive at least and a bold-faced lie at most. These characters know this. They are banking on what all school-yard bullies bank on--you don't have the balls to call them. Beyond this, do not talk to them. They do not have your interests nor the interests of any other educational institution at heart. They are a bunch of greedy bastards with the morals of a mafia don. Treat them as such.
If they want to make jackasses of themselves, let them sue a public educational institution. These are the same guys who give away free computers to school kids to make themselves look good. Maybe they *are* that stupid. I doubt it.
courts (Score:3, Funny)
Fight Back (Score:3, Interesting)
Copyright Awareness Week (Score:4, Interesting)
Re:EULAs (Score:3, Informative)
Re:EULAs (Score:5, Interesting)
If it's a legally valid contract, then the manufacturer will already have a copy of the license and already possess proof of your assent. It seems to me that if they even have to ask to see the license, then it can't be contract.
p.s. Can you be in breach of contract for not agreeing to the contract?
Re:EULAs (Score:5, Interesting)
Ask the IP holder to produce the EULA that you specifically agreed to. Request proof that it was you/your institution that accepted the EULA, and not the OEM, shipper, independant IT person who installed the software, etc..
Not only can they not prove who exactly accepted the EULA, they can't even prove the EULA was presented in the first place.
"No your honour. Nothing that said click to proceed came up on my screen. Could be a bug in this copy of their software I guess, I dunno, I didn't make it."
Re:BSA's feedback phone number (Score:3, Funny)
Ain't anonymous (Score:3, Insightful)
Re:Ain't anonymous (Score:3, Funny)
Google search says... (Score:4, Informative)
Apparently that Anonymous Coward is trying to get us to harass the poor fellow. The local number is also David Riddle's home phone #. Mod that sucker down to flamebait. Better yet, someone (u listening CmdrTaco?) should get the BSA on that troll's ass.
Re:BSA's feedback phone number (Score:3, Funny)
Re:City of Virginia Beach (Score:3, Informative)
Re:City of Virginia Beach (Score:5, Insightful)
Someone should take a TCO analysis from someone in the BSA (probably MS), add an estimate of audit cost, and then compare to the same company's TCO analysis for Linux/Unix systems.
Re:You will never escape the BSA ... (Score:4, Informative)
My personal encounter with Autodesk & M$ (Score:5, Informative)
This is my personal encounter - YMMV !
I attended a "seminar" hosted by Autodesk and M$ several years ago. At the entrance, the pretty girls were asking us to fill in info sheets, you know, like names, address, company you work for, et cetera, et cetera.
Since Autodesk and M$ were so kind to provide us with Orange Juice (Morn time, you know), I filled in the blanks.
Never would I thought that what I filled in ended up in BSA's file, and from then onwards - 6 years already - I and the company I work for, received THREATENING LETTERS, telling us that WE BETTER COUGH UP MONEY TO BUY GENUINE SOFTWARES or they will haul our butts in slammer.
Funny thing is, the Autodesk and M$ software we used (yes, USED, PAST TENSE !) were OFFICIALLY GENUINE, NON-PIRATED COPIES !
I got into troubles with my boss, since I was the one who filled in the blanks.
No matter how we tried to tell BSA that ALL OUR SOFTWARES ARE GENUINE, the threatening letters keep coming.
It got so bad that my boss decided to scrap M$ and all Autodesk softwares, and now we run Unix and NON-Autodesk softwares.
Yes, it actually cost us MORE to change our system, but at least, BSA, with Autodesk and M$, have NO MORE CLAIM ON US.
And the threatening letters still keep coming...
Talk about insanity.
And what happened above happened OUTSIDE of the good ol' U. S. of A.
Don't think you guys in the States suffer alone.
Re:My personal encounter with Autodesk & M$ (Score:3, Informative)
>SOFTWARES ARE GENUINE, the threatening letters
>keep coming.
File a TRO to stop the threatening letters.
The threats will continue, then you nail them for
violating the restraining order.
Re:Scared of audits? (Score:3, Insightful)
Re:single vendor? (Score:4, Interesting)
Whoa! Isn't that like submitting to being searched by John Doe at the side of the road just because you're certain you have nothing to hide from him? Please, please, please heed every else's advice here and stock up on some copyright/software/IT lawyers. Repeat after me, "the BSA is a private interest group", "the BSA is not an elected or state-imposed authority", etc...
Re:well within their rights (Score:4, Informative)
if you don'thave any illegal or pirated software, what have you to hide?
This kind of thinking is precisely what the BSA is looking for. If you are stopped by a cop and you consent to a search of your vehicle, then anything illegal that the cop finds can be used against you, because you consented to the search. For example, say you go out of state and purchase a bottle of liquor and you put it in your trunk (out of plain view), on your way back, you get pulled over for speeding in your home state. The cop asks you to search the car, you say yes, and BAM! In addition to a speeding ticket, you are also busted for illegally importing alcoholic beverages (in many states, this is a crime). Yes, you may not have had any idea this is illegal, but you are nonetheless responsible for it because you consented to the search. Unless the cop has actual probable cause to believe you have comitted a crime (e.g., your car/license plates match the description of a vehicle used to commit a crime), they cannot forcibly search your vehicle.
Given this context, and how the BSA is strictly out to get you (whereas the cops are not), they most likely have ways of finding "illegal" things (that you did not know were illegal) and nailing you for them. The only way to prevent this is to not cooperate with them. Bring in the lawyers and make the BSA prove its case against you.
Re:well within their rights (Score:3, Insightful)
You're a university. You have 30,000 undergrad students, faculty, staff, grad students, post-docs, etc., etc., etc.. There is, on average, one PC for every three people (just to pull a number out of a hat--it's probably more) on campus, and most of the individuals with their own machines (or even without!) have the ability to install software locally.
Are you going to guarantee me that every single copy of every single commercial software package on every one of those 10-15 THOUSAND computers is properly licensed? If a machine with Office95 has a hard drive blow up, are you sure that Office98 didn't get installed? Are you willing to gamble a few hundred thousand dollars on it, and incur an invasive three-month search to win that gamble?
While proper licensing for software is unquestionably a legal (and moral) necessity, it doesn't excuse the BSA's behaviour. They're thugs, plain and simple.
Re:One helpful suggestion (Score:4, Funny)
Makes me think of the following war story: I worked at a company that hired a few consultants who brought their own machines in. On the day of a BSA audit, one of the contractors left his laptop unattended for a couple of hours, during which one of the auditors started going through it. The auditor was still on when the consultant came back, and needless to say, he wasn't pleased.
Consultant: Get off my notebook.
Auditor: I see you have X, Y, and Z. Do you have licenses for these packages?
[note: we hired consultants who have software that we don't - they should be responsible for their own machines]
Consultant: I know who you bastards are, and I don't have to answer to you. Nobody touches my notebook but me. Get out of my cubicle.
Auditor: Sir, you are interfering with an official BSA audit. Please be patient while I finish installing this monitoring software...
[Other auditors and employees start homing in on the disturbance.]
Consultant: I won't warn you again.
[Moment of silence, then...]
[Cursing, sounds of something tearing, loud scuffle, followed by a dull *thud*.]
At this point, I tried to see what had happened, but the crowd outside his cubicle was too tight for me to get a good view. Moments later, the consultant emerged from the crowd, into the open arms of security guards, but with a strange look of triumph on his face and notebook computer clutched under his arm. A dented metal curtain rod followed shortly after (now in my possession, which I affectionately call my "BSA Stick").
I never saw the consultant again.