If you are a small or medium-sized business in the United States, one of the major hassles you might find yourself involved in is a BSA or SIIA licensing audit. This blog will help you understand one way to respond. Call us at (877) 276-5084 for a free consultation if you receive a letter.
July 2022 Update: It appears the BSA is back auditing small and medium-sized businesses looking for software licensing compliance violations and seeking to collect large sums of money on behalf of their software publisher members (see list below).
2018 Update – We have been informed by one BSA counsel that Business Software Alliance Audits (at least those featuring Microsoft) are NOT VOLUNTARY in nature, and if you used Microsoft products (have them installed) then you are bound by their audit clause. This means that if Microsoft knows you have windows installed (uh yeah, that's a ton of people), and assuming they believe one or more copies are not licensed, they can send you an audit demand letter per the audit clause in the product (ex. Windows 10) and shift the burden to your company to prove up a license. Yes, it's that simple to put your company under a Microsoft-authorized software license investigation brought on by one of the BSA's regional IP law firms. Amazing.
Introduction
There is a battle going on over unlicensed software use in corporate America. From what we have seen, the epicenter is largely focused on small to medium-sized businesses (often targeting companies that may be perceived as not having the financial means to hire a copyright counsel. Keep in mind that they usually have lawyers on their end, and it is probably a good feeling for some of these compliance lawyers to try to bully your company around and force them to submit to a “voluntary” audit, often at the threat of a $150,000 copyright lawsuit as the letter will usually point out in no uncertain terms.
If you recently received a letter, here are the top five things to do:
- Print out this incredibly valuable software audit checklist. This has 30 questions every business owner MUST be thinking about.
- Once you review the checklist, call us to discuss your case with a lawyer. We offer a free initial strategy session to discuss your case, and to discuss our affordable flat rate legal fees that is the best in the industry. Be careful to just pick up the phone and start talking to their lawyers. They are tough, and this is their playing field. Prominent IP firms like Donahue Fitzgerald, Klemchuk, Weir-Johnson, Troutman Sanders, Saul Ewing, The Venable, and others know how to handle these cases and may use your words against you in future negotiations or a future lawsuit.
- If you decide to handle a compliance audit yourself without hiring a lawyer, make sure to review our free legal guide to the unrepresented business.
- Assess your estimated license ownership position (proofs you can produce to justify your installations), and weigh that against the potential damages and penalties for the missing licenses. Decide if you want to engage or refuse to participate in the audit.
- Try to limit the scope of the audit, obtain FRE 408 confidentiality protection, engage in audit, and negotiate a settlement and software settlement.
These are some of the main steps. In step #4 above, you may also want to consider who the informant might be. Many of these cases are initiated by a whistleblower informant seeking a financial reward to report software piracy. Sometimes they are flat out lying in the hope of retaliating against the company. This could raise defamation claims and may actually breach employment, severance, or trade secret agreements.
Based upon an alleged “informant” (I say alleged informant because the attorneys for the software companies will not give you their names), your business might receive a letter asking you to “voluntarily” audit your computer networks, laptops, iPads (for all company locations) and anything else for a number of software installs for popular software programs such as Microsoft Office, Microsoft CAL license, Autodesk (AutoCAD), Symantec, IBM, SAP, Oracle, Ansys, Bentley, Vero, Rosetta Stone, and other software packages. We can help you defend these cases.
When you receive the “love letter,” as I jokingly call it, this is where the action unfolds, nerves are tested, and you wonder what, if any, liability your business will have if you cannot find your receipts or you have missing licenses (i.e., shortages). Will the BSA or SIIA, or another individual software company sue you for copyright infringement in federal court? Will you be able to settle your issues for a fair and reasonable amount? Is this just a shake-down, extortion, or violation of Civil RICO statutes? These are good questions. This blog discusses one possible response and a sample response letter that might be appropriate depending upon your case.
CLICK HERE FOR A POWERPOINT DISCUSSING HOW TO RESPOND TO BSA AUDIT LETTER
CLICK HERE FOR A VIDEO ON HOW TO RESPOND TO AN AUTODESK AUDIT LETTER
Software publisher members of the Software Alliance
Here are some of the software companies that are members of the Business Software Alliance. Technically, any of these companies and their software products can be the subject of a compliance audit.
- Adobe
- Alteryx
- Atlassian
- Cisco
- Crowdstrike
- Siemens (will file lawsuits in Texas federal court)
- Docusign
- Informatica
- Intel
- Mastercam
- Okta
- Oracle
- Prokon
- Autodesk (check your AutoCAD, Revit, Maya, Inventor, and other products)
- Dropbox
- MathWorks
- PTC
- Salesforce
- Shopify
- Maxon
- Twilio
- Graphisoft
- Servicenow
- Prokon
- Bentley
- Box
- IBM
- Microsoft (check your Office products, Word, Excel, Powerpoint, etc., and Windows)
- SAP
- Zoom
- Unity
- Trimble
- Trend Micro
- Zendesk
- Workday
- Splunk
If you received an audit demand letter from any of these companies, or others such as Hexagon, Dassault, VB Conversion, Ansys, or others, give us a call to discuss your case.
Common Software Piracy Compliance Violations
Here are some of the top software EULA and compliance violations I have seen over the years defending these cases:
- Using pirated software (ex. crack codes)
- Overinstalling copies without the legal right to do so
- Simultaneously accessing software in violation of EULA (usually means two or more people are using one licensed copy)
- Downloading hacked software over the internet (sometimes paying a small fee for a copy of AutoCAD, for example)
- Setting up the organization with software installed off a thumb drive (ex. unlicensed Microsoft Office products or Operating System software)
- Downloading, installing, and using unlicensed software downloaded off the BitTorrent protocol
- Sharing software with consultants without a proper license
Sample response letter to a request for a “voluntary” software compliance audit by the BSA or its representatives
This is a sample letter we have used (slightly modified) when responding to a BSA software audit letter from a representative of the BSA. Do not use or rely on this.
October 1, 2014
Software Audit Law Firm
455 Embarcadero Street
San Francisco, CA
94111
THIS IS JUST A SAMPLE. DO NOT USE WITHOUT FIRST OBTAINING LEGAL ADVICE.
VIA FACSIMILE:
RE: Software licensing audit
Dear Software Compliance Attorney,
My firm represents Software Licensing Client XXX in regard to the federal copyright software licensing matter (“BSA audit”) referenced in your letter to my client dated January 1, 2014. Please direct all future communications to our San Francisco office address set forth below. You may also email me directly at XXXXX.
At this time, I would like to request you provide me with the following:
- A copy of any documentation that you have that provides “probable cause” evidence that my client is believed to be using unlicensed copies of Microsoft or Adobe software (insert other brands that may be at issue for example, Autodesk, IBM, Corel, Symantec, Attachmate, Rosetta Stone, etc.). Surely you would be willing to share this information with us so that we can confirm that your request to interrupt my Client's business (at great cost and expense to my Client, not to mention the legal distraction) is legitimate and warranted.
- We also hereby demand you provide a copy of any and all software licensing agreements you believe provide you and your clients with the legal right to request a “voluntary” self-audit of their software installs. If you are requesting that we audit my Client's networks for all of the pieces of software listed in your letter, please provide us with a clear, complete, and legible copy of all licensing agreements that you believe to be operative and in effect. If these licenses have been amended from time to time, we hereby request all copies of each license agreement from its original draft and including all amendments or alterations that were made. You may send this to my Sansome Street San Francisco address provided below.
- I am also hereby requesting to know the name and identity of any “informants” you may be relying on to support a right to audit my client's software installs. My client deserves to know the identity of the person that has allegedly obtained information about software piracy. We will need 14 days to examine the situation and determine if the ex-employee, consultant, or other person is in violation of the company policies and procedures, trade secret agreements, confidentiality agreements, or otherwise. If we find that the ex-employee has engaged in improper conduct while on the job and/or off the job, we hereby reserve the legal right to cross-sue them should any legal action become necessary. In that event, the witness will be required to submit to a deposition if grounds for cross-claim exist.
We are willing to look at this issue in good faith, but we would like to understand the grounds for requesting a time-consuming audit that will expend valuable internal time and resources of my client. I am sure you can understand and appreciate this request.
In addition, I would like to request in advance a stipulation that all of our conversations, communications, letters, and the exchange of any other documents or writings be deemed confidential under Federal Rules of Evidence as documents pertaining to settlement or the potential resolution of this case. My client may have protected trade secrets and/or other proprietary information that they consider confidential and proprietary, and these should be protected at this stage of our discussions. Please confirm if your firm and, specifically your client(s) are willing to agree to this. If so, I can forward you an FRE Rule 408 agreement. Of course, any discoverable information will be fair game.
If you have any other questions at this time, I can be reached at (877) 276-5084. Please suffice it to say if there is no evidence to support your claims (i.e., this is a legal “shake-down” or “fishing expedition”), we reserve all rights to file a federal CIVIL RICO action against all appropriate parties. All other claims and legal defenses are hereby reserved.
Should you wish to discuss this, I can be reached directly at XXX-XXX-XXXX.
Very truly yours,
Steven C. Vondran
This is just one sample letter that might be appropriate in a given software compliance case. Do not rely on this letter or use this letter without first speaking with a software compliance lawyer.
Contact our Copyright Infringement Law Firm
2022 UPDATE: Unicourt.com has identified Vondran Legal® as the #1 copyright defense law firm in the UNITED STATES for both 2020 and 2021 in terms of the number of cases handled. We are poised to THREE-PEAT in 2022. We have handled HUNDREDS of software compliance cases and copyright infringement matters since our inception in 2004. In this niche area of software law, there is no substitute for experience, and wise corporate counsel will outsource the dispute to our law firm.
If your business or organization is facing receipt of a law firm “love letter” asking you to submit to a voluntary compliance audit, contact us to review your case and discuss your legal rights.
Remember, officers and directors of a company can be held liable for copyright infringement. This surprises many, especially since there is a "corporate veil," but many times, when a software company files a piracy lawsuit, they will name the company as a Defendant and an officer or director(s), which then puts you are risk of personal liability.
We have represented hundreds of other companies, and we will fight to protect your legal rights and to help you avoid an unjustified fishing expedition under the guise of a “software piracy investigation.”
Call us at (877) 276-5084 or fill out the contact form below, leaving your name and phone number, and one of our intellectual property lawyers or another representative will contact you, normally within the hour. We handle cases across the United States and international companies (ex., Canada, UK, Australia, France, Sweden, etc.) facing an audit or a federal lawsuit in the United States.
Comments
There are no comments for this post. Be the first and Add your Comment below.
Leave a Comment