Software Litigation Essentials - "Phone Home" Technology Evidence (Software Audits & Accusations).  We offer low flat rate fees for software license compliance matters.  Call (877) 276-5084.

Introduction

Many software vendors now use "phone home technology" to try to protect their intellectual property rights.  We see this with many companies such as VB conversion, CNC Mastercam, Dassault/Solidworks, Hexagon/Vero  (Alphacam, Surfcam, ESPRIT, Visi), Flexera, Ansys, Autodesk, Synopsis and others.  Here are some general things to think about and questions to ask (preferably your software attorney and not the vendors representative).

FIRST LESSON - WHAT NOT TO DO When a company like Hexagon calls you about a software compliance issue

This is important and applies to many companies including Siemens, Ansys, Synopsis, Hexagon, Autodesk, Solidworks and others.

Mastercam software usage policy

One company we have seen using special monitoring technology to stop infringement of their software is CNC Mastercam.  

I found this policy on the Mastercam website.  This can give you an example of how vendors attempt to disclose the use of software monitoring technology:

CNC takes all legal steps to eliminate piracy of their software products. CNC will pursue (both civilly and criminally) those who do so using all legal means available, including public and private surveillance resources. In this context, the Software may include a security mechanism that can detect the installation or use of illegal copies of the Software, or lost or stolen serial numbers, and collect and transmit data about those illegal copies. Data collected will not include any customer data created by using the Software and the data collection is not performed on users of legally licensed software from CNC and its authorized distributors. By using the Software, You consent to such detection and collection of data, as well as its transmission and use if an illegal copy is detected. CNC also reserves the right to use a hardware lock device, license administration software, and/or a license authorization key to control access to the Software. You may not take any steps to avoid or defeat the purpose of any such measures. To the extent Mastercam processes personal data pursuant to this Agreement, any such personal data shall be processed in accordance with our privacy policy (available online at www.mastercam.com/en-us/Company-Info/Legal/PrivacyPolicy).

A couple of notes here:

1.  What do they mean when they say they may pursue public and private surveillance resources?

2.  This means if they catch you with over-installation of software they can report you to the FBI and try to pursue you criminally.  

3.  What is a "hardware lock" - does this means they have the ability to SHUT DOWN a computer when they detect piracy of one or more programs?  if so, this should be considered when you look at the "duty to mitigate" damages (ex. piracy report shows a bunch of infringements going back over several years).  We have seen this with different vendors.  The simple question is, "if you knew they were over-installing software why didn't you do anything when you first learned about it, and instead have let the damages rack up."?

4.  What do they mean to the extent they process any personal data?

You can find more information on Mastercam audits here.

Vero Software

Vero is another company using a tracking technology to monitor and enforce its copyrights.  Here is a piece of their policy which discusses the "Phone home" technology:

Automated technologies or interactions. As you interact with our websites or products, we may automatically collect Technical Data about your equipment, actions and patterns. We collect this information by using cookies and other similar technologies. Please see our cookie policy https://marketing.ps.hexagonmi.com/cookies for further details.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, network and device identification and other technology on the devices you use to access our website.

You can find out more information about Vero audits and litigation here.

Podcast on Phone Home Technology in Software Litigation

VB Conversion

As a final example there is VB conversion.  This company sells a low cost VB.net to C# converter.  However, their EULA states it is for one seat only.  If you over install they may monitor your usage, and then come seek to hold you (possibly officers and directors) liable for willful copyright infringement.  They will likely claim you did not follow the EULA.  When you ask how do you know this, the may point to their EULA which notes:

13. REGISTRATION / USAGE INFORMATION.

When You install, use, register or uninstall the Software Product (and on a periodic basis), the following information about the Software Product and Your computer is transmitted to VBC and/or its authorized agent and recorded into a database maintained by VBC or its agent: Product Name, Version, Registration Key, Computer Name, Computer's Internal and Public IP addresses and host name, Username logged onto Computer, Operating System's Registered Owner, Operating System's Registered Organization, Name, Organization Name, Email Address (as entered on the registration screen of the Software Product), location, and installation date of the Software Product.

After each use of the Software Product to convert a Visual Basic project file, the following information along with that above, is also transmitted to VBC or its agent and recorded in the database: the name of the Visual Basic project file converted, Visual Studio version, the number of lines of Visual Basic source code converted and the number of lines of C# source code created, the CLR version number, the number of lines with compiler errors, the number of compiles, the conversion time, information about the Visual Basic assembly converted (including title, description, company, product, copyright, trademark).

You acknowledge that unauthorized activity directed at the software product is subject to the right and ability of VBConversions to identify and locate the computer that is being used to gain access to the Program.

VBC and its agent will exercise reasonable efforts to store and maintain the information collected by VBC and its agent. By installing and/or registering and/or using this software, you agree that VBC and its agent shall not be held liable if the security of this information is compromised in any manner whatsoever. To the extent not prohibited by law, in no event will VBC, its agents and licensors be liable for any lost revenue, profit or data, or for special, statutory, indirect, consequential, incidental or punitive damages, however caused regardless of the theory of liability, arising from the collection, maintenance and security of this information. Only install this software, if You 

So, it looks like they want to be able to snoop around, but not liable if any damage is caused.  Does this seem a bit strange to anyone?  Did you consent to this?  Did you read the EULA?  Did you know you would be monitored by this technology?  They also go on to discuss copyright:

14. COPYRIGHT INFRINGEMENT

You agree not to infringe VBC's copyright of this software. Reproduction, preparation of derivative works (adaptation), distribution or display of the software is prohibited, except to the extent permitted by this license. Your continued usage of the program is expressly conditioned upon your adherence to the terms and conditions of this license. Any activity which exceeds the scope of the license is deemed to infringe the copyright of VBC and will result in revocation of the license and may subject you to civil liability. Unauthorized reproduction, adaptation, distribution, or display and exceeding license counts represent examples of prohibited conduct. Using illegally generated keys to unlock the software is also a violation of VBC's rights. You agree to only use registration keys generated online from VBC's website, only use registration keys emailed to you by VBC or our third party order processing company. You agree that using an illegal or fraudulent registration key to register or unlock the software or reverse engineering, decompiling or disassembling the software makes that software copy illegal and unauthorized and in violation of VBC's rights pursuant to 17 U.S.C.§§501,1201,et seq. In the event of a copyright violation, you acknowledge and agree you are liable for actual damages, statutory damages, reasonable attorney fees, lost profits, diminution of value of the software, lost license fees, any or all of the aforementioned, including, but not limited to all other costs and expenses incurred by VBC for the loss.

Attorney Steve® Tip - Each of these companies can be EXTREMELY AGGRESSIVE in enforcing its intellectual property rights.  If you get a copyright infringement notice it makes sense to contact a software piracy defense lawyer.  We have dealt with each of these companies and we can help you negotiate the best settlement, or raise your best defenses if forced to litigate in federal court.

Here is a link to an article that discusses how to see what type of outgoing tracking may be going on.

We discuss VB Conversion demand letter cases more in depth here.  You may have received a letter from Gindy Law Firm.

PODCAST: Did you get a demand letter from the ITCA?

Negotiating your EULA

You might want to consider trying to negotiate terms with your software vendor when you first start doing business with them.  This is not to say the software company will not say "sorry its a take it or leave it EULA" but it can be worth a try. Not for the purposes of trying to "pirate" or over-install software, but rather to try to prevent leaks of confidential information from within the organization or worse, opening up a security breach (obviously the data on the company server has to find its way back to the software company) creating a potential security hole.  A clause you might want to try to negotiate before installing the software is:

"Software warrants and indemnifies company in the event any confidential, proprietary or trade secret information is improperly disclosed to software vendor, or any other security breach or data loss occurs due to the use of the IP monitoring or "phone home technology."  Furthermore, software vendor represents and warrants that only the following data will be collected:

• Installation of vendor's software program
• Instances of access between M-F during the hours of 12-3pm PST
• Browsers used
• MAC addresses where software is installed
• Local IP address
• Computer name

This information may only be used internally, for the sole purpose of monitoring and enforcing companies intellectual property rights, copyrights, and this information may not be shared with any third party for any reason (including law enforcement) unless subject to a lawful subpoena.

Contact a software license defense law firm 

We can help you examine your defenses and mitigating factors where you or your company is being accused of infringement.  We have represented both small and large companies being threatened with federal copyright litigation and companies exercising their EULA "audit rights" clauses and also direct vendor audits as well as those from the BSA (Business Software Alliance, who represents many different publishers such as Autodesk, Adobe, and Microsoft).  In this niche area of IP law there is no substitute for experience.  We get many referrals from in-house counsel.  We have appeared in over 150 federal court cases in both California (all districts including CA Northern Dist. and Central Districts) and select districts in Texas and New York.

 Call us at (877) 276-5084 or fill out the contact form for more information.  You can see out past client Avvo reviews here.