Add Comment / Return
Your Rights - none.
Levels of Compliance - cost vs. risk vs. ethics.
The Consequences - probably way higher than you think.
How Would You Get Caught? - easier than you think.
What is Required - more than just paying for licenses.
The Future of Licensing - from perpetual to lease.
There is an Alternative - to reduce risk and cost.
Licensing enforcement organizations - The BSA and the SPA
Links - supporting data.
Software licensing exempts software publishers from all liability under consumer protection law. There is no product. Not only does the "purchaser" have no rights, no requirements are placed on the publisher, nor any requirement that a program even work.
What you get for your money is the privilege (not right) to use a software package in accordance with the conditions of the license. That privilege may be revoked by the publisher at any time, with or without cause.
If the publisher decides not to support a product any more, or sell more licenses, you have no recourse. If you desperately need two more licenses you only choice is do something illegal and place your business at risk.
This one-way contract is now being coded into law by UCITA which is already law in two states and up for ratification in most others. UCITA further reduces you rights and gives new rights to the software publishers, particularly the right to invade your computers and networks without notice and without your permission, and to disable software for any real or imagined license infraction.
Levels of Compliance
Microsoft has traditionally been lax on license enforcement, so many business have paid little attention to compliance. This was to Microsoft's advantage - if you stole Windows and Office, you wouldn't likely buy OS/2 and SmartSuite, would you? Competitors are no longer a threat, and Microsoft needs the money, badly, so the licensing issue has come home to roost.
Each business must evaluate the ethics of the matter, cost of license compliance and the risks of being found out of compliance in light of its own practices. Anything less than total compliance places your business at risk, perhaps a much higher risk than you realize.
Most larger companies and organizations have found the risks unacceptable and have established strong license compliance policies, so the license enforcement organizations are moving their focus to smaller (and more defenseless) businesses and organizations.
The maximum penalty is $150,000 per license "deficiency". Typically, this is negotiated down, and a company found deficient at around $8,000 will pay a penalty of around $85,000 (and have to buy the $8,000 in software too).
Information services for the city of Virginia Beach, VA were practically shut down for over a month and 50 employees were tied up trying to put its licensing in order to answer a random audit demand by Microsoft. Eventually the city was fined $129,000 for missing licenses the city had probably paid for but couldn't match to paperwork.
Running out and buying licenses when you get notice of an audit won't help. Microsoft and the BSA figure their fines and penalties based on the level of compliance before you received the notice.
How Would You Get Caught?
Employees and associates are the main source of licensing violation information. Two organizations, the BSA and the SPA, advertise widely for disgruntled or discharged employees or others with a grudge. Their ads even imply turning you in is the honorable thing to do. The law requires local law enforcement to cooperate with these organizations even to the extent of mounting a joint raid on a suspected business.
Employees have been known to load up a company's computers with "unlicensed" software, then, when discharged for some reason, they turn their former employer over to the BSA. It doesn't matter one bit they were the ones that loaded on the software, management is responsible.
[ Update - 25-Apr-01 - Microsoft is now offering prizes to computer dealers and system builders who turn in customers who order computers without Windows pre-installed. Get all the dirt in our news article Microsoft: Prizes for Rat Finks!. We expect this program will be expanded to other varieties of license "shortfall". ]
Random audits are another technique used by Microsoft and the BSA. You have to purchase a multiple license through their Open Licensing program for this one (now available to small businesses too). They just figure since you bought a bunch of Microsoft software licenses, they can probably get you for more. This is how Virginia Beach was hit.
Your own computer - If your computer runs Windows, and is attached to the Internet, it carries on a continuing dialog with Microsoft, without your knowledge or permission. Don't believe me? Install something like Zone Alarm and have it monitor outgoing traffic. Microsoft assigns your computer a unique GUID (Globally Unique Identifier), so they know who you are (that's how the guy who wrote the Melissa virus got caught).
Bounty hunters - Not used in the U.S. (yet (I think)), but rewards of up to $10,000 are offered in some countries.
Microsoft says they are not gathering licensing information over the Internet, now, and they might even be telling the truth, now, but as they transition to .NET, they will be expanding the information they exchange with your computer and what they do with it.
Once they have evidence, such as the word of a snitch, Microsoft, the BSA or the SPA can go to a federal district court present the evidence. They tell the court you might destroy the evidence if forewarned. Once they have a court paper they can walk into your place of business accompanied by US Marshalls or the local police. They can seize your computers or any other evidence they think appropriate.
In practice this is rarely done. The mere threat of it is enough that most businesses just let them come in and audit. The consequences of resistance are likely to be the business being shut down.
What is Required?
First and foremost is comprehensive and accurate record keeping. Many businesses and organizations have been penalized tens of thousands of dollars for licenses they have actually paid for, but could not show proof of.
Second, you must actually understand the terms of license, which can be very complex for larger organizations, but are pretty simple for small ones.
Third, you must actually comply. That means buying the number of licenses required by the terms.
Microsoft Licenses are "non concurrent". In other words, if you have 9 computers that run Office, but no more than 4 ever run Office at the same time, you still need to buy 9 licenses. The cost of MS Office doubled for most organizations when Microsoft pulled concurrency. "Suck 'em in cheap, then screw 'em" is standard Microsoft practice. They also banned installing a copy on your home computer, but had to back down on enforcing that.
Some other publishers still allow "concurrent licensing". In other words, if you have 9 computers that run WordPerfect Office, but never more than 4 at one time, then you only need 4 licenses.
Note: OEM Windows licenses (the ones that come with a new computer) are not transferable. When you stop using that computer, that Windows license must be retired. You cannot use it with the new computer you just bought, or any other. If you give the computer to a charity, Microsoft requires they remove Windows, making the computer essentially worthless.
If you got your computer with an OEM license, but you "ghost" the hard disk as most larger companies do to achieve consistency, you have to buy a second Windows license for that computer. Installing this second license voids your OEM license so the OEM no longer provides support. You now have to get that from Microsoft at $350 per incident.
The Future of Licensing
The rest of the software industry will pretty much follow whatever Microsoft does, and Microsoft has made it quite clear where they are going. Microsoft is tired of having to keep coming out with trumped up "upgrades" to their products to keep revenue flowing. They are headed for software by subscription (you must renew your license every year) and "software as a service", delivered over the Internet (.NET Initiative).
Microsoft hoped to move their licensing from "perpetual" to "lease" soon after the release of Windows95, but Win95 didn't take off nearly as fast as they expected, giving competitors time to react. Since then they have pretty much eliminated meaningful competition, so they can do whatever they want to.
Under both these plans, licensing is self enforcing. When your time period expires, if you haven't paid, the software turns itself off. You no longer have use of the software or access to any of your data or business records.
Will users accept these new terms? Yes. Acceptance is the path of least resistance, and the vast majority will take that path.
Our editorial Software Licensing and You has more on other reasons licensing is changing.
There is an Alternative
This licensing thing is a costly mess, but there is an alternative, a way out, and it is practical for a great many businesses. The alternative can save you a huge amount of money, both in cost of licenses and in cost of compliance - and it removes the risk of non compliance entirely.
Moving your computer platform from Windows to Linux and using Open Source software packages in place of commercial software means you don't have to buy licenses, don't have to track them, and nobody is going to come knocking on your door.
To help you decide if this avenue is practical for your company we have published two articles Should Your Business Use Linux and Linux.
Most companies that take this path will have a mix of Open Source and commercial software, but the licensing problems are still greatly reduced, (and if you aren't running any Microsoft software, the BSA won't bother with you).
License Enforcement Organizations
Two organizations, the BSA and the SPA are the primary license enforcement organizations. Beyond them, some software companies also act on their own.
The SPA (Software Publisher's Association) was the original anti-piracy organization, formed and financed by many of the larger software publishers. The SPA is still quite active as the anti-piracy arm of the SIIA (Software & Information Industry Association). The SPA developed a multi-pronged program of education (through advertising), enforcement and legislative lobbying.
Some years ago the SPA started to expand beyond its purely anti-piracy function, evolving eventually into the SIIA. As part of this expansion the SPA formulated a code of ethics for the software publishers themselves.
Being held to ethical behavior of any kind was something Microsoft just could not abide, so they financed the formation of a second anti-piracy organization, the BSA (Business Software Alliance). The BSA, through intense publicity, has become the more prominent organization.
Other software companies now contribute to the BSA for their own protection (early BSA raids tended to leave behind an "all Microsoft" shop regardless of who's software was originally infringed), but it operates essentially as Microsoft's private police force.
Recently Microsoft and the BSA have been running a 1-2 punch program in some cities. First you get a letter from the BSA implying you don't have enough licenses. Then in a day or two, you get a letter from Microsoft on the importance of compliance. The letter also tells you who to buy the missing licenses from (wonder how much they had to kick back to Microsoft to buy that slot).