March 2010
License Compliance, Overuse and Piracy
Despite a commonly held belief that buying software is the same as buying personal property, your rights are actually limited by the terms of the software license you purchased. Software licenses are contracts that govern your rights to install, use, or transfer an application. Since you have experienced teams in IT, Procurement and Legal, you don't need to worry about complying with all the license terms, right? Not necessarily. Here are some of the risks and pitfalls you need to be aware of.
"We paid for it, so we can install it where we want."
Understanding what you paid for is the key issue here. Organizations like FAST IiS (www.fastiis.org) work hard to educate businesses and consumers on this issue, but far too many organizations and individuals remain unaware.
The license agreement tells you how many copies of the application your organization is allowed to install, but as is the case with complex legal documents, it is not always easy to figure this out. Is the number of licenses limited to specific named users or machines, or do you have a floating license that limits use of the application to a specific number of users at any given time? Are there geographic restrictions or can you install the application in any local office? Can you install the application on a virtual machine?
Multiply these simple variables by all the different applications your company licenses and you can see how you could easily and unintentionally fall out of compliance. Documented processes to track the acquisition, installation/uninstallation, use, and status of your software licenses are critical first steps.
Even then, it is often easy for cracked software to be downloaded by overzealous end users for any number of reasons (procurement process takes too long, there's no budget to acquire the "needed" application, etc.). Once inside your corporate walls, it is even easier for unlicensed software to propagate without anyone ever really knowing its source. End user education and policies on the acquisition and use of software are important steps toward compliance.
"No one will know if we install 'one more copy.'"
The overuse of existing licenses and the overt use of unlicensed software are both considered forms of software piracy. Software vendors have a vested interest in uncovering these infringements and recovering lost revenue. They rely upon former and disgruntled employees for information about infringements.
Given the scope and complexity of certain software licenses, it is also common to see audit clauses that give software vendors the right to conduct regularly-scheduled audits and ensure that the customer is in compliance. Other times, vendors' support personnel will uncover infringements in the course of troubleshooting a technical problem or when helping to facilitate larger deployments or upgrades.
Finally, many software vendors are adding software to their applications with the sole purpose of detecting and reporting on piracy. Microsoft Windows Genuine Advantage and Office Genuine Advantage are two of the more familiar examples of this strategy. Here, instead of relying on disgruntled employees to call, software vendors are able to add functionality to their applications that identifies unlicensed usage and alerts the vendor about the infringing organization.
"It's easier to ask forgiveness than permission."
While this may be a good strategy when your teenager "borrows" your car for the evening, it can open your company to considerable risk and penalties. Is your industry regulated under Sarbanes-Oxley? Are you subject to industry standards like PCI (Payment Card Industry) Security Standards? Does your software license include terms for compensatory or punitive damages for unlicensed use?
A recent case involving Autodesk points to the risks of not being acutely aware of license terms. In their case an architectural firm agreed to destroy all its old copies of Autodesk software as part of a discounted upgrade. When the firm later sold the software along with some old office equipment it was eventually named a defendant in a larger case brought by Autodesk against the purchaser of the software who then sold it on eBay.
There are many cases of legitimate businesses knowingly or unknowingly using unlicensed software. Beyond the risk of financial loss, damage to corporate reputation and good will are common consequences, too. Less discussed is the potential legal liability that could ensue when a manufacturer uses tampered software to develop products that have design flaws as a result of that tamper.
At a time when unlicensed software is readily available through peer-to-peer (P2P) networks, file sharing and e-commerce sites with deals that seem too good to be true, it is more important than ever for your organization to be aware of the risks and pitfalls. Well-documented policies and processes for managing your company's software assets, as well as a good understanding of your rights under the licensing terms, are essential steps toward mitigating the risks of using unlicensed software.
