Software Pirates Can Sink Your Ship
GRAND RAPIDS — You take inventory of products, office supplies and employees but have you taken an inventory of your computer software and its license?
If the answer is no, you may be a target for a software audit.
The Business Software Alliance (BSA), SPA Anti-Piracy Division of the Software & Information Industry Association (SIAA) and Microsoft are enforcing software licensing laws, and Microsoft has acknowledged it is targeting 5,000 mid-sized businesses.
In 1999 Michigan had a piracy rate of 26.5 percent, according to Microsoft, resulting in $3.19 billion in lost retail revenue, 107,000 lost jobs, $5.35 billion in lost wages and $1.8 billion lost in tax revenue. While these numbers demonstrate the damage software piracy can do, some think the recent enforcement is simply a way to drive up revenue.
“I can’t say what businesses are doing is OK,” said Janet Knaus, partner at Warner Norcross & Judd. “But in some cases you may have bought a license, you just didn’t comply with the terms. When you get a notice it is too late and now they mean business.”
To prove that point, Microsoft has published results of revenue earned as a result of this recent push. In October 2000, an Atlanta firm paid $108,000 to settle infringement claims. In January 2001, a Chicago technical consulting firm paid $480,000. In August, a Minneapolis commercial printing firm paid $206,000. Over the past eight years BSA has collected over $58 million in settlements.
“There are a lot of misconceptions about software and the different licenses it requires,” Knaus said. “Some businesses may have bought a piece of equipment with software on it. Often they do not realize they can’t take software off of that machine and put it onto another one. Many people don’t know that what comes in a software suite must stay as a software suite. Programs are not allowed to be split up. Also, you can’t buy a program and then install it at work and at home, rationalizing, ‘Well, I only use it at one time.’ That isn’t going to work.”
Currently Microsoft and BSA are sending out letters to businesses and informing them of what may happen. The first letter is the “truce letter.” It informs the business that it can avoid fines by coming clean; however, there are currently no truce letters in effect in Michigan.
The second letter is the “perform an audit and report letter.” This letter requests the business to perform an audit and report the results, purchase a new license or pay a fine. It is often sent when no information of violations is known.
The third letter is what is called the “you have a problem letter.” This letter most likely stems from the BSA’s tip line, where anyone — often a disgruntled employee — can fill in information regarding a company and how it is violating the software licensing law. “There are a bunch of different flavors of their letters floating around; some are a little more serious than others,” Knaus said.
The truth of the matter is that Microsoft has every right to send these letters and follow up on licensed software and unlicensed software situations. It states in the license agreement, “We have the right to verify compliance with any license agreement … during the term of the license agreement and any enrollment period and for a period of one year thereafter.”
The bottom line is, if and when a business receives a letter, it needs to respond.
“It is a good idea to consult with an attorney on how to properly respond to the letter because, again, depending on the form of the letter, your response will vary,” noted Knaus.
There are nine suggested steps a business should follow if it receives a letter from BSA and Microsoft regarding a software piracy violation.
- Immediately send a copy of the notice to the head of your IT department and legal counsel. “Many times we have seen that the first letter goes to someone in the financial department and they thought it was a form letter and crumpled it up,” Knaus said. “They didn’t pay attention to it and they (Microsoft) keep writing you back. They are not going to forget about you.”
- Request, in writing, an extension for completing the audit (60 days to 90 days). “This process can take a long time. You need to pull people from your IT department to do this extra work and what happens when you have a business with at-home work stations and multiple locations? It is going to take a lot longer than the 30 days they give you,” Knaus explained.
- Establish a cross-functional team with IT, procurement, internal audit, legal and business unit contacts.
- Contact Microsoft or BSA and try to reach an agreement on the process to be followed and the scope of the audit. “With some companies that have multiple locations, we are trying to get Microsoft to do the audit on the main location and then if that comes out all right to waive the other locations,” Knaus said.
- Conduct an audit of installed software. “This is a good step to utilize your software asset management program,” said Knaus.
- Take physical inventory.
- Gather all relevant software contracts and licenses, purchasing documents and original diskettes and user manuals.
- Complete the audit form. Revise it with a complete list of products. Annotate if necessary, and include supporting documentation. Do not sign Microsoft’s certification form.
- Perform post-submission negotiations. “With every settlement there are a different set of restrictions and rules the business must follow,” said Knaus. “It also depends on how much you cooperate with them. If you refuse, negotiations get a little bit tougher.”
However, in order to prepare for a letter and double-check yourself, Knaus recommends doing an audit before receiving a letter. “You put yourself in a better position by doing an audit today,” she said. “I tell people, before they come knocking, get your house in order because you have a lot of time to do the audit when you’ve decided to do it rather than when they tell you to do it.”
Knaus suggests businesses set up a software asset management program so it can manage the software programs and licenses. “With a software asset management program a business can load it onto the computer and the program will tell the business exactly what programs are loaded onto the computer,” she said. “From there it is up to the business to cross-reference the programs with existing proofs of purchase and licenses.”
With a program like this, businesses will be able to keep accurate records, which Knaus said should be standard procedure. “You keep accurate payroll records and accurate benefit records, why not keep accurate records of your software and licenses?”
What are the chances your business could be audited?
According to Knaus, over the next year, Microsoft and BSA are planning to target certain vertical segments. This month it will be hospitality/tourism and engineering/architects. In January, the software giant will look at advertising/graphics/public relations followed by finance/insurance/real estate in April.
“Bottom line: get legal,” Knaus said. “If you do that, then there won’t be a problem. And an audit won’t be such a downfall in business.”
For additional resources on asset management and piracy laws check www.microsoft.com and www.bsa.org