Attorney Steve® Software Law Essentials - illegal use of DTC's ESPRIT modular suite of software (“ESPRIT”) by downloading and using unlicensed, pirated copies of ESPRIT.
November 2021 Software Lawyer Updates: There are still companies hitting hard on compliance issues. Those companies include Vero (Hexagon) through their law firm Kutak Rock in Washington, Autodesk in California, Solidworks and a couple others. The Business Software Alliance ("BSA") has largely been quite this past year.
Here is another company we are seeking in the software compliance enforcement arena, D.P. Technology Corp. (“DTC”). According to their website:
"ESPRIT® is a high-performance CAM system for CNC programming, optimization and simulation — supporting any class of CNC machine via one common user interface and workflow. Using a digital twin of the CNC to simplify the programming process, ESPRIT delivers edit-free G-code. Combined with ESPRIT's ability to solve workflow challenges with individually tailored automation solutions, ESPRIT is the smart manufacturing solution for any machining application.........
ESPRIT supports every conceivable configuration of CNC machine, covering a full spectrum of machine types from large gantry machines to small part Swiss-type lathes, machining processes from 2- to 5-axis, and markets from medical to aerospace and beyond.
- 2- to 5-axis milling
- 2- to 22-axis turning
- 2- to 5-axis wire EDM
- Swiss-type, millturn, and B-axis multi-tasking machines
- High-speed simultaneous 3-, 4-, and 5-axis toolpath
- On-machine inspection (probing)
- Additive direct energy deposition"
The DTC Software License Agreement (“SLA”) grants customers limited rights to install ESPRIT and to access and use specific ESPRIT modules. In accordance with the SLA, the number of simultaneous users may not exceed the number of licenses purchased. Additionally, the number of ESPRIT modules used by a licensee may not exceed those licensed
ESPRIT also contains Piracy Detection and Reporting Security Software (“PDRSS”) within the software application. When a pirated, or “cracked,” version of the software is obtained, installed, and used, the PDRSS is triggered, and begins to collect and transmit information regarding the identity and location of each instance of infringing usage, including machine, network, and application information
These cases may be brought by the McInnes law firm in Massachusetts. In one case, we saw a lawsuit filed in California federal court through the law firm of MILORD & ASSOCIATES, P.C..
Sample allegations in copyright (software) infringement lawsuit
Plaintiff is a corporation that has been registered to do business in California since 1982.
The company is an industry leader in Computer Aided Manufacturing (CAM) software used for a full range of machine tool applications.
13. Plaintiff's flagship product, ESPRIT, has grown to become one of the most recognizable brands in the CAM software market today. ESPRIT is used across a wide variety of industries, including aerospace and aviation, transportation, electronics, construction and other industries.
14. Plaintiff licenses ESPRIT to its customers. Customers may purchase single user licenses or multi-user licenses. In either case, the number of simultaneous users or end-users may not exceed the number of licenses purchased. Plaintiff prevents the unauthorized access of ESPRIT through the use of a Security Mechanism. Plaintiff's license agreement states that customers are not allowed to use ESPRIT without the Security Mechanism, and that the software can detect the installation or use of illegal copies of ESPRIT and collect and transmit data about those illegal copies.
15. Piracy of software occurs when users access software for which they have not purchased a valid license. The ease of digital replication of software lends itself to illegal copying of software, where users may make multiple copies of a software program, and then distribute the copies to users who have not made a legal purchase of the software (i.e., either distributing the software for free, or selling the copies of the software at deeply discounted prices). The licensing associated with the ESPRIT software limits how many licensed versions of the ESPRIT software can be used at once, but Plaintiff allows those licensed organizations to install the ESPRIT software on an unlimited number of computers.
16. In an effort to reduce the use of illegally copied software, software providers implement license verification technology where the software will not function unless a license has been legally purchased. The license verification technology may be a software mechanism or a physical mechanism to be attached to a single computer. The license verification technology may be in the form of a key (i.e., a series of numbers and letters) that a user types in during the software installation process, or a hardware device, where the software will only operate correctly when the hardware device is attached to the computer executing the software. The license verification technology is provided by the software provider to the buyer when the software is purchased legally. Users who have not made a legitimate purchase of the software will not have access to the key or hardware device provided by the software provider, and therefore the software will not function properly. Plaintiff provides license verification technology as a component of the above-mentioned Security Mechanism.
17. Software hackers reverse engineer the security mechanism and then provide processes and utilities to bypass the license enforcement in order to allow unauthorized use of the software. These processes and utilities mimic the license verification technology (i.e., keys, hardware devices, etc.) as a means to allow pirated software to function fully as legally purchased software. Software utilities that mimic the license verification technology are often referred to as “cracked” licenses. Software hackers may also create hacked versions of the software such that a license is not needed during installation.
18. Sophisticated websites exist where illegally obtained software, the software utilities that mimic the license verification technology, and hacked versions of the software may be downloaded and installed by those who do not want to pay for properly licensed software. Each hacked version of the software represents a lost sale and/or license for the company that owns the software and for resellers of the software (who may provide hardware installation and support, and software configuration, customization, and maintenance). A study by the Business Software Alliance reported that properly licensed software has a positive impact on national economic activity that is more than three times the impact of pirated software.1
19. Software that has been hacked or modified to use a cracked license may also contain malware that can damage computer systems, and/or infiltrate the computer network and the data on that network. In a report commissioned by the Business Software Alliance, the higher the pirated software rate in a country, the more malware generally encountered on computers in that country. Software that has been hacked may also not operate properly, negatively impacting the reputation of the software company that now has no oversight or control over the quality of the hacked versions of its software in use, and/or the products produced by that software.
20. Piracy Detection and Reporting Security Software (PDRSS) exists to identify instances of pirated software in use and provides the identity and location of organizations utilizing the pirated software to the software providers. Identification of pirated software allows the software providers to take legal action against intentional software piracy, notify unwitting organizations of the illegal use of the software (and the potential malware problems that can accompany pirated software), and sell valid software licenses in the place of the previously illegally obtained software programs to recoup lost sales. Plaintiff identifies instances of pirated software in use through PDRSS which, along with the license verification technology, is a component of the Security Mechanism.
21. PDRSS providers also identify the means by which software hackers have thwarted the license verification technology (i.e., the aforementioned cracked license) for a particular software program. For example, PDRSS providers may accomplish this by downloading pirated software from the above-mentioned websites and determining how the software hackers were able to bypass the license verification technology. Once the software hackers' methods are identified, the PDRSS providers then work with software providers, such as Plaintiff to map out a plan for determining when pirated software is in use. This includes identifying when the pirated software is using a cracked license.
22. The plan may include a variety of forms for identifying software piracy. The plan may also include defining software use patterns that are indicative of software piracy. PDRSS providers work with software providers to determine various patterns that are indicative of pirated software use and thresholds at which the PDRSS software should begin to gather and report data on the computer using the pirated software. For example, it is common for a potential customer to test out a software program for a short period of time before deciding to purchase the software package legally. However, an organization that continues to use illegally downloaded software for an extended period (i.e., beyond a reasonable test period as defined by the software provider) has breached the threshold of a trial period. Another threshold might be the detection of a cracked license, which is an indication of an anomaly within the software, or other suspicious patterns of use of the software.
23. Software providers such as Plaintiff, embed the PDRSS (according to the plan tailored specifically for that software provider) within their software, validate that the patterns and thresholds will trigger on pirated software (and will not trigger on validly purchased software), and then release the software. The software that contains the embedded PDRSS also provides a clear notice within the End User License Agreement (EULA) or Software License Agreement (SLA) of the existence of the PDRSS within the software. Once new versions of software are released, both legally purchased software and the eventually pirated software will contain the embedded PDRSS that triggers data reporting when suspicious patterns and thresholds are detected.
24. The serial number of the license is a unique identifier and helps in identifying unauthorized versions of the software. Multiple versions of software using the same serial number are indicative of unauthorized versions of software using a cracked license. In some cases, illegal license generators create license files having serial numbers that are inconsistent with the serial numbers generated by the software providers, which is also indicative of a cracked license.
25. The IP address is a unique address used to identify computers on the global network of the internet. An IP address is the numerical sequence by which a computer on the public internet can identify another computer on the public internet. IP addresses are in the form xxx.xxx.xxx.xxx where each xxx must be a number between 0 – 255.
26. The identifying name of a computer is typically a name an organization gives to each computer in the organization for easy identification within the organization. For example, identifying computer names Computer_Lab_1 and Computer_Lab_2 are easy to remember, and help employees within the organization easily reference particular computers, rather than, for example, referring to computers by a serial number associated with the computer hardware.
27. A Media Access Control (“MAC”) address is a unique hardware identifier assigned to network interfaces. Every device that makes a physical connection to the network, whether it is an Ethernet card or port, or wireless connection has a unique and specific address. Thus, a computer with both an Ethernet connection and a wireless connection has two unique MAC addresses. A MAC address is a series of numbers and letters. When a network device is manufactured, it is assigned a MAC address at the factory. The first six digits of a MAC address represent the device manufacturer, which can be looked up on the Internet.
28. Reporting data from the embedded PDRSS includes a variety of information to identify the software that has been pirated and the organizations utilizing the pirated software, such as the version of the software being used, the license serial number, the Internet Protocol (IP) address of the organization where the pirated software is running, the identifying name of the computer, and a MAC address. Through the Security Mechanism, Plaintiff collects the aforementioned identifying information to determine when pirated and unlicensed versions of its ESPRIT software are being utilized.
29. Software providers may track their own reporting data or may use third party providers to track the reporting data. Once pirated copies of software are identified, software providers can notify the organizations using the software and request that they purchase valid licensed copies of the software instead of using the pirated software.
30. Through the use of PDRSS, Plaintiff has identified Defendants as using unlicensed and pirated ESPRIT software.
31. According to its website, RPI has been working with aerospace companies since 1986, and continues to pursue improvement initiatives and investments in technology to ensure the highest quality cost effective fabrication processes in the industry.
32. Plaintiff has detected at least nine hundred seventy (970) instances of unauthorized access of ESPRIT by Defendants through the use of PDRSS. The PDRSS reported at least two (2) computers located at RPI running an unauthorized version of ESPRIT between March 5, 2018 through November 1, 2019.
33. On October 18, 2019, McInnes and McLane, LLP (“M&M”) sent a letter to Luis on behalf of Plaintiff to inform RPI of the infringing use of the ESPRIT software and to seek a resolution for the matter.
34. Thereafter, M&M communicated with Hernan on several occasions to discuss the unlicensed use and a potential resolution. However, the parties did not come to a resolution for the pirated use of the ESPRIT software by RPI.
It appears the Defendant hired the law firm of Donahue Fitzgerald (in the bay area) to defend.
Some of the affirmative defenses to copyright infringement raised were:
FIRST AFFIRMATIVE DEFENSE (Additional Affirmative Defenses)
51. Defendants reserve the right to assert additional affirmative defenses in the event that additional defenses become apparent during the course of this litigation.
SECOND AFFIRMATIVE DEFENSE (Failure to Mitigate Damages)
52. Plaintiff has failed to mitigate its damages, if any there be, which failure bars Plaintiff from recovery against Defendants.
THIRD AFFIRMATIVE DEFENSE (Waiver)
53. Plaintiff's Claims are barred by its prior waiver thereof.
FOURTH AFFIRMATIVE DEFENSE (Laches)
54. Plaintiff is barred from recovering in whole or in part on the causes of action of the Complaint by the doctrine of laches due to its knowledge of its claims, unreasonable delay in filing its claims, and the prejudice caused to Defendants by the delay.
FIFTH AFFIRMATIVE DEFENSE (Estoppel)
55. Plaintiff, by virtue of its own inequitable conduct, is estopped from recovering against Defendants
SIXTH AFFIRMATIVE DEFENSE (Unclean Hands)
56. Plaintiff's claims are barred in whole or in party by Plaintiff's unclean hands.
SEVENTH AFFIRMATIVE DEFENSE (Statute of Limitations) 57. Plaintiff's claims are barred in whole or in part by the applicable statute(s) of limitations. 17 U.S.C. § 507(b).
EIGHTH AFFIRMATIVE DEFENSE (Fault of Others) 58. The damages, if any, sustained by Plaintiff were either fully or in part the fault of others, whether that fault be the proximate result of negligence, breach of contract, or any type of fault caused by persons, firms, corporations or entities other than Defendants and said fault comparatively reduces the percentage of fault, if any, of Defendants.
NINTH AFFIRMATIVE DEFENSE (Set-Off) 59. As a proximate result of the wrongful acts of Plaintiff, Defendants have has suffered damage in an amount equal to or in excess of the amounts claimed by Plaintiff herein, which damage bars Plaintiff's recovery.
TENTH AFFIRMATIVE DEFENSE (Failure to State a Claim) 60. The Complaint, and each and every cause of action therein, fails to state facts sufficient to constitute a claim for relief, or any claim for relief, against Defendants.
ELEVENTH AFFIRMATIVE DEFENSE (No Respondeat Superior Liability)
61. Any harm caused to Plaintiff was not the fault of Defendants because no respondeat superior liability exists.
CASE CITATION: Case 2:20-cv-06951-VAP-GJS
Contact a Software Infringement Defense Law Firm
If you received a notice of copyright infringement or demand letter (or a summons and complaint regarding a federal court lawsuit), call us for a free initial consultation at (877) 276-5084 or email us through our contact form.
You may have also received a letter or contact from a third party rights organization such as the Software Compliance Group
We have helped 100's of clients (both large and small) defend and represent during software audits, piracy/infringement disputes and settle (most) cases out-of-court. We have defended media companies, technology companies, architects, engineers, designers and other companies across the nation as these are typically pursued as a copyright infringement matter (federal law).
In this area of law, usually your business counsel will feel better advising you to outsource to a software defense firm. Discuss this with your counsel.
In some cases (ex. where there is "advertising injury") there may be insurance coverage. Check with your carrier.