A posse of federal marshals, attorneys, and software piracy auditors turned up one morning last December at the offices of Southern Benefits Consulting in Dallas. Acting on behalf of plaintiffs Microsoft Corp. and Novell Inc., the party was armed with a court order allowing a surprise on-site audit of the insurance company’s computers. U.S. District Court Judge Sidney A. Fitzwater had granted the order after Microsoft and Novell filed a sealed complaint alleging massive copyright infringement. Completed in just half a day, the audit of about 100 PCs turned up enough evidence to produce a $110,000 out-of-court settlement.
How were these distant software titans privy to the internal workings of a Texas insurance company? Like so many other software piracy cases, this one was instigated by a tip from a former employee. The charge: systematic and widespread copying of such programs as Microsoft’s Excel and Novell’s WordPerfect. (Southern Benefits did not return calls from PC Week.)
Tips like these helped industry anti-piracy groups like the Software Publishers Association (SPA) and the Business Software Alliance (BSA) ring up some substantial settlements last year. In North America alone, BSA collected more than $4 million from organizations that had more copies of programs than they had licenses. SPA collected $2.7 million worldwide.
For IT executives, audits and fines are mostly a nuisance. Enterprises negotiate site licenses for major software purchases. Yet despite the best intentions, a certain amount of illegal copying is bound to happen. The problem? Individual users buy single-copy software with petty cash, and that’s tough to monitor. However, IT executives who have faced audits say the embarrassment is bad enough to warrant keeping an eye on the problem.
For managers tempted to orchestrate or simply overlook the copying of software, two lessons emerge. One: Some employees are troubled by the morality and/or legality of such acts. Two: Don’t mix software piracy with layoffs. Laid-off workers often find the issue of copyright infringement a convenient weapon of revenge. Robert Kruger, BSA director of enforcement and one of the auditors in the Southern Benefits case, says the vast majority of anti-piracy cases are initiated by hot-line calls from current or former employees. Of these, 80 percent or more are former employees.
Reinhold Blaettner is manager of data processing at Enterprise Products, a Houston petrochemicals processor that recently agreed to pay BSA $160,000 to settle piracy claims. For Blaettner, the BSA’s claims of copyright infringement were painful. Blaett-ner says he’d already begun working on identifying and eliminating unauthorized programs: “We knew we had a problem. We were working on it.” But the BSA, acting on a tip, wrote to Enterprise Products, essentially giving them the option of performing an audit on their own computers or facing litigation. “We received a letter in the mail from a law firm that someone had turned us in,” recalls Blaettner. Could the tip have come from one of the employees laid off last year by Enterprise Products? Perhaps, allows Blaettner, though he admits he doesn’t really know. “We don’t know, and they won’t tell us.”
It’s understandable that anti-piracy groups are not going to identify their sources: Callers receive no reward, but the information they provide has created a substantial revenue stream for the non-profit software police. Almost 30 times a day, SPA’s anti-piracy hot line rings up a new tip. SPA initiated action against 447 organizations in 1994; the $14 million it has collected in recent years has been poured back into anti-piracy campaigns. Currently, the SPA is expanding its copyright enforcement efforts on the Internet and overseas.
The SPA is an 1,100-member trade group. The BSA was established primarily to focus on software piracy. If both groups seem aggressive in their anti-piracy crusades, it’s because software piracy costs vendors plenty. The SPA put 1994 revenue losses from software piracy at $1.05 billion in the U.S., and at $8.08 billion worldwide.
A recent case illustrates how the SPA proceeds. A hot-line call charged considerable piracy at the New Jersey facility of a major multinational chemicals manufacturer. SPA litigation coordinator Erin Isselmann held several meetings with the source to flesh out details on which specific programs were routinely copied. The source was then asked to detail the claim in writing, and the SPA contacted several of its member companies to gather information on the number of licenses granted to the firm.
Once the SPA is convinced there are grounds to proceed, it can move in one of three ways. Where the copying problem is perceived as minor, it might simply send a “cease- and-desist” letter asking the company to look into the problem and report back within two weeks. If the situation is deemed more serious, the SPA will offer the company the option of conducting an audit of all the programs installed on its computers. The audit is described in an SPA letter as “an alternative to litigation.” If the company is unwilling to cooperate with the audit, the SPA makes it clear it will take the matter to court.
What’s it like to receive a letter from the SPA? “Surprise. It’s the thing that happens to the other guy,” says a systems manager at the New Jersey company, which spoke to PC Week on condition that the names of the company and managers be withheld. After a random internal check of the company’s estimated 300 personal computers and half a dozen file servers revealed the presence of unlicensed copies, management decided to cooperate fully with the SPA, actually hiring an outside firm to conduct the audit. Mu ch of the copying, emphasizes an IT manager, was not done maliciously. Employees would, for example, switch departments, making copies of their software without bothering to erase what they left behind: “The stuff was a bit like an amoeba. It was sort of splitting every now and then.”
Once an audit is completed and the SPA has examined the directories of all disks, it asks the company to provide documentation of all its software purchases. Where there are discrepancies, the company is assessed the Manufacturers Suggested Retail Price for each unlicensed copy. (The BSA might also tack on a penalty if it deems the copyright infringement to be “willful,” according to enforcement director Kruger.) The user must destroy all unlicensed copies and then purchase the replacement programs it requ ires.
So what did the SPA find in New Jersey? Scattered throughout the company were 29 programs of the Norton Commander. “But we couldn’t find any authorized copies,” reports Isselmann. There were 59 copies of Laplink Version 5, but just four were licensed. More than 50 unauthorized After Dark for Windows screen savers were also identified. The company settled with the SPA for just under $49,000.
The SPA and BSA are present at some–but not all–audits. So if they’re not, what’s to prevent the self-auditor from erasing the incriminating copies? “People could theoretically do that,” allows Blaettner of Enterprise Products. “But our legal department said we should leave everything the way it was.”
There is compelling leverage for the anti-piracy group working with information from a current or former employee: The offender often doesn’t know just how much information and documentation the software police might have. And besides, as Isselmann notes: “I think we’d find out if they erased. Someone would call us.”