December was a bad month for software pirates. Nathan Peterson, accused of selling millions of dollars' worth of vastly discounted software via the Web, pleaded guilty to two counts of copyright infringement and agreed to pay more than $5 million in restitution to nearly two dozen companies, including CA, Symantec Corp., and Yahoo Inc. And eight companies in Los Angeles and Houston settled with the Business Software Alliance (BSA), an industry watchdog group, and agreed to pay from $50,000 to $153,000 to settle claims that they possessed unauthorized copies of software from Microsoft, Adobe, Apple, Autodesk, and other vendors.
Such settlements may become more common, because the BSA also announced a program in which it will pay up to $50,000 to anyone who blows the whistle on a company that is found to have unauthorized software somewhere within the organization.
And that, claims attorney Robert Scott, should concern pretty much everyone. "I can tell you that 100 percent of the Fortune 1,000 are at risk for this," he says. Scott, whose firm, Dallas-based Scott & Scott LLP, often represents companies in settlements with the BSA, argues that the BSA's definition of "piracy" goes too far when it includes companies that unknowingly use unauthorized copies of software. A large enterprise, he says, may have 15,000 to 30,000 unique software titles within its walls, a number far too great to document and match to purchasing records. While various kinds of "discovery" software can scour a network and report on how many copies of what software are installed, Scott says that such programs are far from foolproof. They cost an average of $20 per seat for basic capabilities, and two to three times that for a sophisticated IT asset-management suite. Add to that the human costs, which can run in the millions of dollars for a large company, says Scott, and in effect you have a "compliance tax" that is far too onerous.
BSA director of enforcement Jenny Blank says that the organization rarely litigates a case, opting instead to negotiate a settlement that is "less than we think is right but more than the company wants to pay." She says that the BSA makes available a number of free tools and information resources on its Website (www.bsaaudit.com), but acknowledges that the costs of adequate compliance efforts at a large company are not trivial. "Sarbanes-Oxley should really help this, though," she says, "because it often includes IT asset management, which is what this is largely about." While she says that piracy has been reduced in recent years, "we aren't about to put our feet up yet."
Scott counters that software companies help create the very problems that the BSA then investigates. How? By devising complex licensing rules; failing to implement copy-protection technology or coding that would make it easier to link a copy of a product to its purchase or licensing documentation; and facilitating large customers' desire to get new desktop machines up and running quickly with a common "build" or "image," knowing that such a focus on efficiency might compromise compliance efforts.
While the companies cited by the BSA in December tended to be small, Scott says that large companies face plenty of enforcement pressure. "One key difference," he says, "is that their lawyers are good at securing confidentiality agreements." Whether to satisfy Sarbox or keep enforcement bodies at bay, Scott says companies have little choice but to document everything they have, routinely conduct internal audits, make license compliance part of their business process — and, when necessary, pay up. — S.L.