US Navy is Liable for Mass Software Piracy, Appeals Court Rules (torrentfreak.com) 72
The United States Navy is liable for a mass copyright infringement. The Court of Appeals for the Federal Circuit sided with the German software company Bitmanagement, which accused the Navy of copying software without permission. Bitmanagement claimed more than $500 million in damages, but the final amount has yet to be determined. From a report: The dispute started when the US Navy decided that it would like to run the software across its entire network. This meant that it would be installed on hundreds of thousands of computers, with "Flexera" software keeping track of the number of simultaneous users. Bitmanagement didn't offer such a license by default, so the Navy requested this option separately. These requests took place through a reseller, Planet 9 Studios, which complicated matters. After several back and forths, the Navy was convinced that it had permission, but Bitmanagement later disagreed. The problem for the Court was that the Navy and Bitmanagement didn't sign a contract, so there was no direct permission given. This meant that the Court had to review the conversations and exchanges that took place, to determine which side was right.
After reviewing all evidence, the Federal Claims court eventually sided with the US Navy, dismissing the copyright infringement claim. However, this wasn't the end of it. Bitmanagement maintained that the Navy clearly committed mass copyright infringement and the company took the matter to the US Court of Appeals for the Federal Circuit, with success. In an order issued a few days ago, the Appeals Court agrees with pretty much all conclusions of the Federal Claims Court. The evidence indeed shows that Bitmanagement 'authorized' the U.S. Navy's copying of BS Contact Geo across its network. While this wasn't formalized in an official contract, the Navy had an "implied license."
After reviewing all evidence, the Federal Claims court eventually sided with the US Navy, dismissing the copyright infringement claim. However, this wasn't the end of it. Bitmanagement maintained that the Navy clearly committed mass copyright infringement and the company took the matter to the US Court of Appeals for the Federal Circuit, with success. In an order issued a few days ago, the Appeals Court agrees with pretty much all conclusions of the Federal Claims Court. The evidence indeed shows that Bitmanagement 'authorized' the U.S. Navy's copying of BS Contact Geo across its network. While this wasn't formalized in an official contract, the Navy had an "implied license."
So... which is it? (Score:3, Insightful)
The evidence indeed shows that Bitmanagement 'authorized' the U.S. Navy's copying of BS Contact Geo across its network. While this wasn't formalized in an official contract, the Navy had an "implied license."
So what is the navy liable for?
Re:So... which is it? (Score:5, Informative)
TFS left this crucial part out:
"“The implied license was conditioned on the Navy using a license-tracking software, Flexera, to ‘FlexWrap’ the program and monitor the number of simultaneous users. It is undisputed that the Navy failed to effectively FlexWrap the copies it made,” the Court adds."
So -- all the Navy had to do was TRACK where they installed it, and they would've been OK. But they didn't, so now they're out of compliance with the "handshake" agreement. If only they did what they said they would ...
say the we tack with our own software and can't us (Score:2)
say the we tack with our own software and can't use an 3rd vendors call home software.
Re: (Score:2)
say the we tack with our own software and can't use an 3rd vendors call home software.
Then you don't get the license.
Re: (Score:1)
Re: (Score:3, Informative)
Wouldn't that money be better spent on locally produced software?
Mercantilism/Juche [wikipedia.org] is an idiotic economic policy. The Navy should use the software that fits its needs and is most cost-effective. Whether it is German or American is irrelevant.
Re: (Score:3, Interesting)
China is doing fantastically well with mercantilism. South Korea is doing fantastically well with mercantilism. Japan is doing fantastically well with mercantilism. Germany is doing fantastically well with mercantilism. Most of the EU is doing fantastically well with mercantilism.
When the US and other developed countries sent all out manufacturing to China, etc, the economists all assured us that this would improve global efficiency, and create new high-paying jobs for the former factory workers. But
Re: (Score:1)
Regardless of the economics, depending on potential adversaries for your military supplies isn't exactly wise.
Re: (Score:2)
Regardless of the economics, depending on potential adversaries for your military supplies isn't exactly wise.
Is only Germany a potential adversary? Or all of NATO?
Re: (Score:1)
Everybody outside the border. Keep the military stuff domestic for best security.
Re:say the we tack with our own software and can't (Score:4, Insightful)
Begs the question: Why is the US Navy paying hundreds of millions of dollars for German software? Wouldn't that money be better spent on locally produced software?
There's nothing wrong with using software or products developed by military allies. Our forces use weapons that are made by allies, for example, the Carl Gustaf 8.4cm.
Now, I'm not familiar with this particular software manufacturer, but I'm assuming that 1) there's no locally produce software that is equivalent to this product, or 2) this German-made product fits requirements.
Given the existing procurement processes, I'm sure it is one of these two (or both). What I'm surprised is the type of complete idiocy of the Navy when deploying this software. License compliance is a big thing in the armed forces. Someone in IT Sec fucked up big time.
Re: (Score:1, Flamebait)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
under the DMCA the navy can hack software to bypass that as the rules do not apply to them.
Re: (Score:2)
Re: (Score:2)
NMCI-deployable application. must use NMCI tracking.
And maybe they did not like how NMCI tracks licensing.
Or did stuff like if installed on an remote desktop system then must pay for an license for Each user that can log on to that remote system.
Re: (Score:2)
More likely they decided Flexera was a security risk.
Not that government agencies have ever pirated software because they think they can get away with that. /sarcasm
Re: (Score:2)
I don't think FlexWrap does call home. It may talk to some centralized server, but that would be (in this case), owned and operated by the Navy.
Re: (Score:2)
but the Navy also needs systems that may not be able to talk to the centralized server 24/7 or need local site ones.
Re: (Score:2)
I wonder if the plan was to have them talk to localized site servers, then have a batch process that gathered all the stored data from local servers, bot someone decided that it would be too much work to implement that, so now the Navy is on the hook for 1/2B dollars. Will the person who decided not follow the contract and waste $500M of the Navy's budget ever be disciplined for that decision?
Re: (Score:3)
Big Database, Inc. declined to either confirm or deny that they had dispatched a team of lawyers to assert that Bitmanagement is liable for infringing their protected business model.
Re: (Score:2)
Re: (Score:2)
Did you read TFA? Sounds like they bought about 200 licenses total.... but deployed to hundreds of thousands of machines.
The license agreement was per-install, and they got a special version so they could FlexWrap it... but they didn't.
Sloppy on the Navy's part. Wasn't a technicality, seems deliberate to me.
"Hey, your software doesn't work with your license manager." ...
"We'll give you a special unlocked version, without any restrictions, but you agree to FlexWrap it with your license manager."
"OK
Re: (Score:2)
So, you want software that tracks all US navy vessel.s.. I am sure that would be.. very valuable data..
Re: (Score:2)
This sounds really stupid. The last thing a military's organization needs is a piece of software phoning home from every single computer.
Re: (Score:2)
Ships regularly undergo periods where they're not allowed internet access
Like the lower court, the summary stops short: (Score:5, Informative)
You might think the summary doesn't match the headline. That's because the summary omits the entire point of this appellate ruling. From the article:
“We do not disturb the Claims Court’s findings [of an implied license]. The Claims Court ended its analysis of this case prematurely, however, by failing to consider whether the Navy complied with the terms of the implied license,” the Appeals Court writes. “The implied license was conditioned on the Navy using a license-tracking software, Flexera, to ‘FlexWrap’ the program and monitor the number of simultaneous users. It is undisputed that the Navy failed to effectively FlexWrap the copies it made,” the Court adds. “Such unauthorized copying is copyright infringement. We therefore vacate the Claims Court’s judgment and remand for a determination of damages,” the Appeals Court clarifies.
Re: (Score:1)
A stupid trick (Score:5, Interesting)
Some crazy corporate software licenses are reviewed by customers with barely an understanding of the consequences. I've seen even 'per cpu core' fees, and then of course take into account: we got virtualisation where the amount of cpu power is dynamically alotted, hyperthreading, etc. I believe that a vendor should not be able to bill 100s of thousands of dollars unless they do not make their software itself 'aware' of licensing conditions so that it gives CLEAR WARNINGS when an extreme overrun is about to happen.
Re: (Score:1)
Re: (Score:3)
I'm waiting for some intrepid upstart to get the idea that they can charge by the processor tick their software runs or something nuts like that.
Charging for CPU time is ancient. Almost all timesharing systems did that when CPU cycles were truly costly. The CPUs were simple enough that you could divide billed time by processor frequency to compute your per-cycle cost.
Today it would be very difficult to actually bill for "cycles." Modern CPUs either don't make it easy to measure cycles (it's a very tough problem) or where they do it's only through debugging faculties that you won't want or can't have operating in a production system.
Re: (Score:2)
Charging for CPU time is fine, on your CPU. That's what timesharing systems did. Charging people for the CPU time of your software when they run it on their CPU is inherently dishonest, because you're not contributing anything and it's none of your business. And it's not a new copy of the software either so copyrights shouldn't be allowed to be used to impose totally irrelevant sneak pricing.
Re: (Score:2)
IBM does exactly that in their mainframe business.
IBM beat you to it. (Score:3)
IBM's S/360 and S/390 mainframes had OS licenses that were for a specified number of CPUs. The mainframe itself came with 16 CPUs, but if you used more than your license allowed, you'd be on the hook for the difference in fees.
Incidentally, if you were using less than the maximum number of CPUs in your mainframe, the supervisor program would shift the workload to a spare cpu in case one of them experienced a hardware fault. This reliability was one of the reasons why mainframes beat UNIX for so long -
Re:A stupid trick (Score:5, Interesting)
I'm guessing you mean Oracle here. Oracle's licensing structure is Byzantine, full of obscure gotchas, and administered with an attitude of "never give a sucker (er... *customer*) a break." I actually like the product itself, but the company is so predatory I'd never recommend it.
Re: (Score:2)
Re: (Score:2)
Per-core isn't so bad. It's hard to make a mistake in that kind of licensing. It's per-user that's dangerous, not just because it's easy to add another *person* without realizing you've exceeded the limit (although that's true); it's that by "user" Oracle doesn't mean just human beings. It could be a device or a process on a different computer. This means that a per-user license can appear to be cheaper, but it's easy to miscalculate and Oracle has a policy of not cutting you any slack or giving you any c
Re: A stupid trick (Score:2)
How do you apply 'per core' licensing in virtualized or shared environments? Do you even know how many cores each of the servers/processors in the environment you're renting have? What about cloud hosting?
And you didn't address that it would be very easy for a company like Oracle, which is best placed to understand their own licensing conditions, to put clear warnings in the software BEFORE such massive overruns are near. It's greed stopping them from informing their customers.
Re: (Score:3)
They don't want to put clear warnings on their products. If the customer makes a mistake, Oracle has them over a barrel because their project is almost certainly tied to proprietary Oracle facilities and they have no choice but to pour money into the wrong license model or buy an entirely new license.
I worked for a vertical market app vendor and we had to offer our products on Oracle because some shops are Oracle-only. For practical purposes that meant we had to be an Oracle reseller, which meant someone
must license each core / cpu in the full cluster (Score:2)
With some software you must license each core / cpu in the full VM cluster. To be ok with the licensing conditions.
so for something that you may only need 1-2 VM's you end paying for 20 cpus or 100+ cores.
Re: (Score:2)
Some years ago, I reviewed a license agreement when buying some very expensive software for a small company. I quickly realized that, as written, there was no way to use the software in compliance with the license agreement.
Judging by the way I had to explain the issue to the lawyers working for the supplier, I think that some very large semiconductor companies who were known to have bought the s
Three words: "Ability To Pay" (Score:1)
The bigger computer you use to run it, the bigger your budget must be, which means, you can pay more for the software. That's the logic.
And, if you're fine with it, when it comes to taxes [investopedia.com], what's your problem with the software prices?
Re: (Score:2)
This is why lawyers exist. To review contracts. The Navy isn't a 90 year old falling prey to a scammer. They have the resources to put behind getting a deal and contract they agree with. If they don't do that, whose fault is that?
adobe CC was an way that are permanently offline (Score:2)
adobe CC was an way use it for systems that are permanently offline / can't link back to adobe license check / login systems.
Does this software have that? or did the navy hack past that and now they want to be paid for EACH workstation that the navy has?
just get some Marines to pay in pennies and if the (Score:2)
just get some Marines to pay in pennies and if they don't take them to bad
Your tax dollars at work (Score:2)
It'll take tens if not hundreds of millions of dollars to settle a legal dispute for some shitty 3D Web software that they probably shouldn't be using in the first place.
Re: (Score:2)
software that they probably shouldn't be using in the first place.
Unfortunately there's a lot of that in the Navy.
Re: (Score:1)
In this case the terms of the agreement were subject to interpretation. One org interprets the agreement one way, and another a different way.
There is still more missing in the summary (Score:2)
all users that can login to an system can add up f (Score:2)
all users that can login to an system can add up fast.
let's say 40 installs on remote desktop systems that 100,000 users can login into. = 40X100,000 X software cost per user or 100,000 X per user cost.
Even when very people need or use this app.
Re: (Score:3)
If it's a registered copyright the copyright owner can request $250,000 per violation in damages regardless of actual license cost. This is the statutory damages for copyright violations written into the law. If the copyright isn't registered in the US they can only get the license cost.
Tracking can be a real beast though .... (Score:4, Insightful)
I can't speak for this Flexera product and how it might work? But I generally have a strong dislike for software designed to track usage and report it to outside companies.
This inevitably rears its head, every place I work where they sign an agreement with a copier/printer maintenance company. Those people *always* demand they receive automatic page counts from all the devices they support. But they never seem to provide copiers or printers that do that on their own, automatically. So I.T. winds up with a request to install an auditing package on a PC or server to do this reporting for them. Either the software is buggy and the background services quits running after a while on the machine, or it's some clunky UI where you have to specify every network subnet it should scan. Of course, this means it fails to read any of the printers that they supplied that aren't on the corporate LAN, or which exist at remote locations that operate on their own "island" networks.
The "ask" is always the same; Just install another copy of the auditing software at each location. And the answer is usually the same; That's totally impractical, especially when some of these are at sites where there's no designated server at all and where there may be only one printer per location to start with.
The alternative they present is a joke too; just give us the email addresses of everyone who can manually give us monthly meter readings and we'll collect them that way. (Oh yeah.... like all those employees want to religiously check on that for you and email you back regularly.)
Re: (Score:2)
The alternative they present is a joke too; just give us the email addresses of everyone who can manually give us monthly meter readings and we'll collect them that way. (Oh yeah.... like all those employees want to religiously check on that for you and email you back regularly.)
Get them to accept that number as final and consent to stop tracking. Less headaches, and when the meter "busts" they get numbers like 0 copies in total they'll eventually give up.
Never give a supolier who is a headche an even break...
In other news... (Score:5, Funny)
In other unrelated news, a cruise missile test accidentally crashed into the headquarters of a German software firm....
Re: (Score:3)
Omitting the important point (Score:1)
Re: (Score:2)
msmash obviously has either a financial stake in Slashdot or some other influence because any sane boss would have found someone who didn't treat users with passive-aggressive contempt displays and continue to do so despite it being pointed out.
Again with the bullshit logic (Score:2)
Again, they axt like not making money is the same thong as beomg stolen from.
In reality, if there was no other option people would simply NOT make the deal or use it at all.
By the same logic, I could open a food stand, and sue everyone who passes by, doesn't buy, but cooks the same thing at home. Cause you know, "I worked hard for thar money!!11" :-D
If only they actually worked. And didn't just hire employees that ave long been paid off from past income, and won't see a single dime of this money...
why would the navy agree to this licensing? (Score:2)
US Navy to small software vendor: Mr Small Software Company, we want to put your software on up to 500,000 desktops, with an understanding that only a certain percentage of these installations will run at the same time. We will certify to you in writing once per year how many copies of said software are installed, and how many we think are in simultaneous use. We will give you a yearly true-up as necessary based on percentages agreed to in the original agreement.
We will pay you a handsome fee. Maybe m
Re: (Score:2)
I can't imagine why the Navy is wasting time trying to monitor license usage across a network of that size.
Bureaucracy, Contracting rules. Siloed departments. It's not unusual for an agency to have multiple contracts at different price points for the same product; and unused licenses they can't share because of contract requirements and are afraid of getting in a contract dispute because someone in another department messed up.
Well sucks to be on the wrong end of the stick. (Score:2)
Does a DOD App 'Call Home', if so to where? (Score:2)
This is THE US NAVY, not a Starbucks. Why are these systems able to talk to another system outside of a US NAVY or DOD isolated/protected network?
Re: (Score:2)
If phoning home is a requirement of the software licensing terms, then the navy either has to comply with it or not use the software.
Those are the terms, if you don't like it then find or create some software with more agreeable terms.
The US Navy are Pirates (Score:4, Funny)
How funny is that?
Government should pay for FOSS and this is why: (Score:4, Insightful)
Paying for software is fine, but the government is spending tax dollars (money it takes from the people) so the benefits should go to the people and the rest of the world. One of those benefits is freedom for government to do with the code as it wishes within the terms of the license it chooses.
Until then both government and public (for not demanding FOSS for its money) deserve the consequences.
Foreign governments will have to lead the way as some of them may not have been bought off. The US government has corporate owners and will remain beyond reform until public pressure is applied, which may well never happen. Others can learn from its bad example.
Summary contradicts Summary and Title (Score:1)
The Court of Appeals for the Federal Circuit sided with the German software company Bitmanagement,
Really? Because that's not what the summary says:
After reviewing all evidence, the Federal Claims court eventually sided with the US Navy, dismissing the copyright infringement claim.
In an order issued a few days ago, the Appeals Court agrees with pretty much all conclusions of the Federal Claims Court.