While unintentional in most cases, small businesses can often fail to purchase (or at least properly document) all licenses required for their expanding collection of hardware and software. Furthermore, few if any have implemented even the most basic software asset management policies.
As software companies and emerging consortiums pursue more aggressive infringement claims, these seemingly minor oversights have potentially costly consequences.
The problem comes to light in the form of a “self-audit” letter to the business owner that is deceptive in its simplicity. Consortiums such as the Business Software Alliance (BSA) are using such letters to vet tips from current and former employees, vendors and authorized software resellers about the installation of unlicensed software.
Although copyright owners have legal rights to take infringement on their products seriously, these copyright violation tipsters are usually motivated by the promise of cash rewards for outing noncompliant businesses.
Before this type of letter arrives, small-business owners can do several things to protect against the likely demands for settlement fees, attorney costs and additional licensing payments. Even if a letter arrives, there are best practices for a legal and proactive response.
Prevention first
In most cases, once a business has received an audit letter from the BSA or other group, the likelihood of resolution without a significant settlement payment is virtually nil. It is clearly preferable from a legal and financial standpoint to address the issue of software asset management proactively.
While there is no one-size-fits-all solution, there are a multitude of resources available to assist with the process, and many companies offer free tools and advice. At an absolute minimum, small businesses need to recognize software licensing as an area of potentially significant liability. They should purchase the proper version of any required software with an appropriate number of licenses, and retain a dated proof of purchase, certificate of authenticity and any corresponding registration information for the life of the product.
Furthermore, small businesses should adopt clear policies prohibiting the installation and use of unlicensed software by employees and, if possible, restrict the ability of employees to download software or updates to existing software without authorization.
Ideally, responsibility for installation and updates of software should fall to an experienced IT professional inside or outside the business. While there is some cost associated with software asset management, the cost of that process pales in comparison to the cost of settlement if and when the BSA or a copyright owner comes calling.
Next, a cure
Letters from copyright owners or consortiums like the BSA threaten damages of up to $150,000 for each unlicensed product, together with attorneys’ fees. The BSA would have the target business believe they are willing to resolve the matter “amicably” by providing the business with an “opportunity” to conduct its own company-wide investigation involving a self-audit of all of the software published by the BSA member companies.
For businesses that receive such a letter, they are faced with the choice of either responding (in which case the copyright owners will almost certainly find some level of infringement), or not responding with the hope the issue will simply go away. In most cases, a non-response elicits an even more aggressive response, and may result in greater liability.
Before making any decision regarding a potential response, the best first step is to contact an attorney with experience responding to and negotiating copyright infringement claims. The business should then consider performing a preliminary audit to assess the scope of the infringement, if any, and the potential liability. This step should be taken cautiously and only with the direct involvement of legal counsel.
Regardless of the results of this process, the business should not rush to purchase licenses for any infringing products. This action would not correct the infringement and could actually result in additional liability under various claims and causes of action, including spoliation of evidence.
If the target business elects to respond to the letter and participate in the self-audit process, be aware of what comes next. In recent instances, the BSA typically requires completion of a matrix identifying, among other items: 1, the total number of computers, including laptops and servers, used by the business; 2, a list of all software products published by the BSA member companies installed on those computers and the total number of computers on which each product is installed; and 3, the number of licenses owned as of the date of the initial audit-letter — with supporting documentation as proof of ownership of each license.
After receipt of this information, the BSA will calculate the number of unauthorized copies of the software products installed by the target business. This list may even include products the business believes were lawfully purchased, and in some cases for which they have supporting documentation, but for which the BSA unilaterally determines an infringement has occurred.
The BSA then makes a settlement demand based on its list of infringing products by applying a multiple of MSRP or manufacturer’s suggested retail price (typically 3 times) for those products, which can run into the tens or even hundreds of thousands of dollars. The BSA also increases its settlement demand through the practice of “unbundling” software products that are normally sold as part of a suite, and seeking recovery based on the full MSRP of each separate software product.
In addition to this payment and other terms and conditions of the settlement, the BSA will also demand the targeted business remove all unlicensed software and purchase the requisite number of licenses to ensure legal use.
Before this situation happens, every small business should conduct an inventory of all hardware and software products currently used, by following these steps:
- Perform an inventory of all computer hardware and software within the organization.
- Reconcile inventory results with purchasing records.
- Monitor software usage to determine overutilization and underutilization.
- Reallocate or reclaim underutilized licenses.
- Remove unauthorized or unlicensed programs.
- Re-evaluate software asset management policies and procedures regularly and modify as necessary.
- Create a policy for managing new software purchases and upgrades.
Conscientious software asset management is another tool for a growing business to ensure a productive and profitable future.
