The Software Piracy Police: IP Protectors Or Shakedown Artists?4:00 PM EST Mon. Oct. 22, 2012
In April 2005, David Kellogg received a strange letter from a law firm representing the Software & Information Industry Association. He had never heard of the organization, but the letter immediately grabbed his attention, thanks to two simple words written in bold at the top of the letter: "Copyright Infringement."
The letter went on to detail allegations against Kellogg and his company, Solers Inc., a government-focused solution provider in Arlington, Va., regarding the use of unlicensed or pirated software.
"SIIA has evidence that Solers Inc. is engaged in the unlawful copying and use of software," the letter read, with more than three dozen software vendors listed, including Symantec, Adobe Systems and Apple. The letter did not detail the evidence.
"Although we are prepared to seek remedies available under the Copyright Act, we prefer to work with companies to reach a resolution that is quick, fair and out of the public spotlight," the letter stated. The choices outlined by the SIIA were clear: fight the allegations in court and risk up to a $150,000 fine per violation, public embarrassment and potential jail time or take the SIIA's recommended settlement. The letter described the four-step settlement process, which included submitting the company to an SIIA-sanctioned software audit, furnishing the SIIA with all proper software licenses and/or receipts, and paying the SIIA Copyright Protection Fund "a negotiated amount based on a multiple of the manufacturers' suggested retail price of each copy of unlicensed software."
After reading the letter, Kellogg was furious. To him, the letter read like more of a guilty verdict than an accusation. "The allegations were false," he said, "and I knew they were false because we didn't even use Symantec or Norton Antivirus."
Kellogg refused the SIIA's settlement offer, but the organization kept pressing. The question was never about whether or not Solers committed copyright infringement, Kellogg said. The question was how much Solers was willing to pay to make the case go away.
"The SIIA basically said, 'Submit to our software audit or pay up,' " he said. "It was nothing short of shakedown. It's basically extortion."
Kellogg decided to fight the SIIA and took the battle to court. But what seemed like a relatively simple matter quickly unraveled into a byzantine legal battle that's still in court seven years later. While industry associations such as the SIIA say they're fighting a tide of software piracy in the corporate world, Solers' experience and others like it have led to questions about the tactics the groups use to investigate and prevent piracy.
NEXT: The Piracy Police
THE PIRACY POLICE
In North America, the effort to curb commercial software piracy is driven primarily by trade organizations and nonprofit industry groups, the two largest being the SIIA and the Business Software Alliance (BSA).
The SIIA calls itself "the principal trade association for the software and digital content industries." And arguably its biggest function is to protect its members from the ills of software piracy.
"All forms of piracy are becoming a bigger problem today because the technology is out that makes it so easy for just about anyone," said Keith Kupferschmid, general counsel and senior vice president of Intellectual Property Policy & Enforcement at the SIIA.
The organization was founded in 1984 by Ken Wasch as the Software Publishers Association. The group later merged with the Information Industry Association in 1999 to become one of the largest IT trade organizations in the U.S.
But a year later, the SIIA experienced an ugly breakup with its biggest member -- Microsoft. The organization publicly supported the U.S. Department of Justice's antitrust case against Microsoft and even had penned a controversial white paper in 1999, titled "Addressing The Microsoft Challenge: Restoring Competition To The Software Industry," which explored the benefits of breaking up Microsoft.
As a result, Microsoft resigned from the SIIA, costing the organization a key ally and a significant amount of clout. Still, the SIIA boasts more than 500 members today, and its anti-piracy division has become one of the most well-known organizations in the industry for policing corporate software piracy; it even introduced its own Certified Software Reseller Program in 2007, which recognizes legitimate VARs authorized to sell software.
The SIIA's chief counterpart in the anti-piracy movement is the BSA (recently rebranded as the BSA| The Software Alliance). The BSA was founded in 1988 and, like the SIIA, the nonprofit has built up a long and distinguished list of members over the years, including Microsoft, Adobe, Intuit and Apple. The organization rose to prominence in the late 1990s with its "Nail Your Boss!" campaign, which encouraged current and former employees to report illegal software use to the BSA, offering cash rewards to potential informants (the campaign was put into high gear again in 2009).
In recent years, the BSA has become well known for its annual Global Software Piracy Study, which has generated some eye-popping numbers, not to mention spirited debate. The BSA's 2011 report claimed the losses from pirated commercial software reached a record $63.4 billion in 2011, up from $58.8 billion the year before. "It tells you people are still pirating software more than ever," said Peter Beruk, senior director of compliance marketing at the BSA.
It's an astonishing figure -- imagine every copy of Microsoft Office 2010 downloaded without payment and it’s still not close. But some experts feel the number is grossly exaggerated.
Julian Sanchez, a research fellow at The Cato Institute, covers Internet policy and technology at the libertarian think tank and takes issue with the BSA's research. "Their piracy numbers are probably the worst of them all. It's pure 'Alice in Wonderland' fantasy," Sanchez said. "The tendency here is that the BSA tries to estimate both the amount of pirated software in circulation, and then estimate the loss revenue, which they base on inflated Western prices."
In other words, a small business in Southeast Asia can't afford to pay thousands of U.S. dollars for Microsoft licenses. Furthermore, Sanchez argues, you can't assume that a college student who downloads Adobe Photoshop represents a lost sale because a college student isn't going to spend $400 on anything, let alone expensive photo editing software.
Beruk knows there are a number of skeptics like Sanchez out there who believe that figure is far too high, and it doesn't bother him. "The figure is an estimated number of the loss to the commercial software market from piracy worldwide," he said. "If you don't believe it, that's OK. But the data is out there."
To be sure, there's no doubt that a significant amount of commercial software piracy is taking place; a quick scan of popular BitTorrent sites such as The Pirate Bay will show of bevy of applications and operating systems available to download. And both the SIIA and BSA are waging war on corporations that use unlicensed software by eliciting anonymous tips about software copyright infringement and threatening legal action if a business doesn't comply with a full software audit.
But critics argue the SIIA and BSA use overly aggressive and unfair tactics. Scott & Scott LLP, a law firm based in Southlake, Texas, specializes in technology cases and has defended a number of small and midsize businesses from software audit cases brought by these groups. Managing Partner Rob Scott said the organizations typically rely on disgruntled ex-employees willing to implicate their former bosses in exchange for cash rewards.
"The process is not transparent," Scott said. "They offer lucrative rewards to disgruntled ex-employees and anonymous tipsters to make accusations against these businesses. These sources never have to appear in court, and there's no penalty if they're wrong."
It's exactly this kind of scenario that reared its ugly head with Solers.
NEXT: Solers Fights Back
SOLERS FIGHTS BACK
From the moment Kellogg received the letter from the SIIA, he knew he was going to decline the SIIA's software audit and contest the allegations. He immediately contacted his attorney, Daniel Tobin of Ballard Spahr in Bethesda, Md., and after corresponding with the SIIA's legal team, Kellogg and Tobin learned that the SIIA's "evidence" against Solers was a confidential informant.
Kellogg's first question was simple: Who was this unnamed informant? The second, of course, was how could this person be a credible source if he or she was citing software that Solers didn't even use?
While pondering these questions, Solers performed its own software license audit and found nothing. "We're a federal defense contractor, and we tell our clients not to download pirated software off the Web, so it would be pretty stupid for us to do that," Kellogg said.
Tobin made several inquiries about the allegations to the SIIA's law firm, Holland & Knight LLP of Chicago, but he received little information as the group continued to pressure Solers to comply with its investigation. The SIIA declined to provide any details about the John Doe informant and cited its policy of guaranteeing confidentiality for all informants -- unless compelled by a court order such as a subpoena. That's when Kellogg decided to take the matter to court. Instead of filing a suit directly against the SIIA -- a move Kellogg said he did consider -- the company instead sued John Doe for making defamatory statements against Solers and issued a subpoena on the SIIA to obtain the informant's identity.
A year later, the case was in court, and while the SIIA eventually dropped its claims against Solers, Kellogg didn't let up. "I thought the Fifth Amendment gave me the right to face my accuser," Kellogg said. "And I was determined to find out who had accused us [of software piracy]."
The case bounced around like a ping-pong ball for several years. At one point the Superior Court of the District of Columbia granted the SIIA's motion to quash the subpoena and dismissed the case, but the District of Columbia Court of Appeals concluded both rulings were made in error and remanded the case back to Superior Court.
Amazingly, it wasn't until 2010 that Solers obtained at least some of the information about the SIIA's informant -- and none of it was good. After serving a set of interrogatories to the SIIA, Solers learned that the scope of the SIIA's communications with John Doe was extremely small and consisted of just three instances -- the initial submission to the SIIA's online piracy reporting system on March 9, 2005, and two follow-up emails, the last of which was received on May 14 of that year.
In other words, SIIA investigators had never met or even spoken with the John Doe informant. Plus, the SIIA had no way of knowing if the name John Doe supplied on the piracy report was his real name because the online report didn't include a mailing or home address. Worst of all was that, according to court documents, the SIIA later discovered that the telephone number supplied by John Doe was inactive; when SIIA law firm Holland & Knight attempted to email John Doe about the subpoena from Solers, the message was returned undeliverable.
John Doe had vanished.
NEXT: The Business Of Anti-Piracy
THE BUSINESS OF ANTI-PIRACY
The BSA typically gets around 2,500 leads a year through its piracy prevention hotline and confidential online reporting system; Beruk said the "vast majority" of these leads confirm the existence of "at least some unlicensed software" within a company. But the BSA online reporting system doesn't even have a field for the submitter's name, address or telephone number; in fact, supplying an email address is optional as well. The SIIA uses an almost identical online submission form for piracy tips that only requires information about the business, such as an address and phone number, the number of employees, and the type of software used, while requiring no personal or contact information.
Then there's the matter of cash incentives, which is a crucial part of both anti-piracy operations. Both organizations offer rewards of up to $1 million for a qualified lead, depending on the amount of pirated or unlicensed software found and the settlement fee collected by either the BSA or SIIA. For example, the SIIA states that a $10,000 settlement will qualify an informant for a $500 reward, while the BSA states that a settlement of $15 million or more will result in a $1 million reward.
Most payments appear to be at the lower end of the scale. The SIIA reported that it paid a total of $35,000 in rewards to five informants during its 2011 fourth quarter. The organization claims that since starting its rewards campaign in 2003, no other trade association has given out more rewards for anti-piracy efforts. The BSA, meanwhile, reported in 2007 that it had paid out nearly $2 million to informants since reintroducing the official rewards program in 2005.
The stretching of the actual definition of piracy also is helping their efforts. While the organizations pursue companies that actively download software from BitTorrent sites and other sources, they also investigate and punish companies for "under-licensing." In other words, a small business may have 10 licenses for an application but the software is found on 15 systems.
But unlike outright illegal downloading, under-licensing may be the simple result of a lack of oversight and proper asset management. For example, used computers may be handed down to new employees with existing applications that haven't been properly deleted. Similarly, a user may have his PC backed up and transferred to a brand-new system -- but the old system, which may be collecting dust in a utility closet, still has software on it. Even if the software isn't actively being used, it's still considered copyright infringement.
Both organizations consider under-licensing to be a form of piracy, even if there's no explicit intent to circumvent copyright law. In fact, the SIIA's Kupferschmid said under-licensing is actually the norm for corporate piracy cases. "The vast majority are inadvertent infringement [cases] that involve bad oversight and cutting corners," he said, "with the minority being willful pirating and downloading."
Scott, the attorney, questions why the BSA and SIIA spend so much time and effort going after businesses that aren't intentionally pirating software. "It's no coincidence that even the most well-intentioned companies aren't 100 percent compliant, and you have to ask yourself, ‘Why?’ " Scott said. "Who's benefiting from this situation? Follow the money."
A typical software audit will result in a settlement fee of several thousand dollars that goes to the SIIA and BSA. The company will agree to destroy all unlicensed software and replace it with legitimate purchased licenses. The settlements, therefore, are mutually beneficial to both the trade groups and their respective software vendor members.
But how much money do these settlements generate? CRN examined the 990 tax return forms for both the SIIA and BSA, and documents show that by and large these organizations are powered by settlement fees from bringing copyright infringement cases against various businesses.
The SIIA reported $10.4 million in revenue for its fiscal 2010 year ended June 30, 2011. But beyond membership fees, which start at $770 a year and are based on companies' gross revenues, the biggest source of income for the SIIA is software piracy settlements. The SIIA recorded more than $1.9 million in settlement fees for its fiscal 2010, according to its 990 form.
That may seem like a large number, but it's nothing compared to the settlement fees collected by the BSA, which recorded $62.6 million in revenue for 2010 -- with a staggering $52.2 million coming from software piracy settlements, according to its tax returns.
Then there's the matter of salaries for these nonprofits, which are significant. BSA President and CEO Robert Holleyman earned $784,137 in 2010, according to the tax returns obtained by CRN; Holleyman and 10 other top executives together pulled down $3.8 million in compensation at an average annual salary of $348,000 for more than 6 percent of the total $62 million in revenue.
Meanwhile, the SIIA's Wasch earned more than $494,000 in total compensation for 2010, including a base salary of $395,731 million plus bonuses and nontaxable benefits, which is more than 4 percent of the nonprofit's annual revenue of $10.4 million that year. The top seven executives at the SIIA earned a whopping 19 percent of total revenue, splitting $2 million, or an average of $290,000. And on top of that, the SIIA paid out huge sums to contracted law firms, including $604,000 to Holland & Knight LLP in 2010.
In other words, the business of anti-piracy is a big one -- so big, in fact, that without these settlement fees these organizations could be on the verge of collapse.
The Cato Institute's Sanchez said this is a stark contrast to the MPAA's and RIAA's piracy enforcement approach, which evokes the "whack-a-mole" strategy of going after individual users like college students.
"In those cases, the people don't usually have a lot of income, so there's not a lot of blood to be squeezed from those stones," Sanchez said. "But if you sue a business that has a lot of money for running 'pirated' software, you can imagine it's much easier to get leverage and you can see how enforcement is a much more attractive deal for corporate piracy."
NEXT: Searching For John Doe
SEARCHING FOR JOHN DOE
But in its case against Solers, the SIIA was in a pickle. John Doe was gone, and the organization had no way of contacting or locating its informant. According to court documents, the SIIA never attempted to verify John Doe's identity or locate him until 2010, when Solers' lawsuit against John Doe was returned to Superior Court in Washington, D.C. Tobin, Solers' attorney, was furious. To him, the SIIA's disclosures proved that the organization had no real standard for evaluating the veracity of tips provided by anonymous sources. "It didn't seem the SIIA did any vetting of this source," Tobin said. "It was a 'shoot first, ask questions later' policy."
There were other problems as well; the initial letter from Holland & Knight cited more than 35 software publishers that Solers had allegedly infringed upon, but after repeated queries for more details about the accusations, the number was eventually whittled down to just two software vendors -- Microsoft and Symantec.
Again, Solers claimed it never used or installed Symantec on any of its systems, and Microsoft wasn't one of the software vendors cited in the original letter to Solers. In addition, Solers said it had valid Microsoft licenses through Open Value or Open Business programs.
Solers reviewed its email server to see if John Doe was an employee that had used company infrastructure to contact the SIIA. The investigation yielded no evidence, according to the company. Furthermore, the SIIA never gave any indication that John Doe was an employee at Solers or had any inside knowledge of the company's IT infrastructure.
"Clearly he's an Internet troll," Tobin said of John Doe.
Meanwhile, Solers' lawsuit against was back in Superior Court of the District of Columbia, and this time the company scored a big legal victory: In early 2010, the trial judge allowed Solers to proceed with its subpoena for John Doe and ordered the SIIA to notify John Doe of the pending subpoena.
But it was becoming increasingly evident that even if the SIIA was forced to turn over John Doe's name, it might prove to be a dead end. The name was most likely an alias, and even if it weren't, it would be next to impossible to locate the individual. The informant's email no longer worked, and the phone number on file was out of service. According to court documents, the SIIA had scant information to provide Solers about the identity of John Doe outside the informant's purported name. John Doe had identified one place of employment where he purportedly worked, but in 2009 an investigator from Holland & Knight "unsuccessfully attempted to reach John Doe" at this workplace (it's unclear if the investigator found any evidence that John Doe had actually worked there).
The investigator searched court records and several "proprietary databases" for John Doe and at one point even visited the home of an individual who might be John Doe, but determined the individual was not the informant.
Despite the dead ends, Kellogg was determined to keep pressing the SIIA, if only as a matter of principle. Tobin said every legal avenue Solers explored was designed to get as much information as possible about John Doe and the tip he supplied.
Another point of contention for Kellogg and Tobin was the fact that even though the SIIA had discontinued its investigation of Solers years ago, the organization was still unwilling to concede that Solers was innocent and that the informant's information was false.
An affidavit of an SIIA representative put the matter in simple terms. "The fact that we closed the case against Solers does not mean SIIA concluded that the source's information was false or that Solers was not pirating software," the affidavit read. "Because the confidential nature of our sources' identity is crucial to the success of the program we decided not to further pursue the matter with Solers at that time. Obviously, if SIIA is forced to reveal the source, it may have to re-evaluate its decision about the Solers case."
In other words, the SIIA still considered Solers a suspect, and it retained the right to revisit its investigation of Solers at any time -- and if Solers kept pursuing John Doe, that's exactly what would happen.
NEXT: Small Businesses Under Fire
SMALL BUSINESSES UNDER FIRE?
While critics take issue with the BSA and SIIA's use of confidential informants, the biggest complaint about the organizations' war on software piracy seems to be their choice of targets -- namely, small businesses.
The SIIA and BSA also have come under fire in recent years for allegedly targeting small and midsize businesses while ignoring larger enterprises that have dedicated legal teams to defend against software audits. "The biggest objection is that they target SMBs with one or two IT guys," Scott, the attorney, said.
Kellogg agrees. Solers has about 200 employees but isn't a large corporation with a lot of muscle, so it was an easy target for the SIIA, he said. "These groups are purposely picking companies that are smaller and don't have deep pockets," Kellogg said. "[They're] not going to go after large companies with big legal teams."
The BSA's Beruk, however, explains there's a perfectly good reason why the BSA tends to investigate more small and midsize businesses than larger enterprises. "In my experience, larger companies have standards and practices in place for software purchasing," he said. "But smaller and midsize businesses, especially fast-growing companies, don't have those same measures in place and play a little looser with software licensing."
To be sure, both the BSA and SIIA have nabbed some big fish recently. The BSA won a $137,500 settlement in March from Andrews International in Los Angeles, one of the largest privately held security firms in the country with more than 4,000 employees. The SIIA, meanwhile, doesn't usually publicize corporate piracy settlements -- instead it announces settlements or lawsuits brought against individual pirates -- but its 2011 Anti-Piracy Year In Review report states that "most corporate cases pursued by SIIA represent midsize companies -- the average number of employees is over 650 with average annual sales of nearly $26 million."
Still, that hasn't stopped the perception that these anti-piracy organizations are unfairly targeting smaller businesses. One such company, Ernie Ball Inc., Coachella, Calif., had arguably the worst imaginable experience in 2000 when the company's headquarters was raided by U.S. marshals looking not for drugs or firearms or fugitives but unlicensed software. The federal agents were acting on behalf of the BSA, which had received an anonymous tip from an ex-employee that Ernie Ball was using unlicensed software.
However, Sterling Ball, owner and president of Ernie Ball, said the agents only found a dozen unlicensed copies of Windows in a company with around 75 desktop PCs. Yet Ball said BSA lawyers pressured him to pay an outrageous settlement fee. In the end, Ball said he agreed to pay the BSA $90,000 (which included $35,000 of legal fees) and swore to never use Microsoft software again; since then, the company has embraced alternatives such as Linux and Apple computers while roundly criticizing anti-piracy organizations like the BSA. The BSA has a policy of not commenting on audit findings or the details of settlements. "I respect IP and copyright protection," Ball said, "but these so-called non-profits are running a racket."
Scott said the vast majority of the companies he defends against software audits have 100 employees or fewer, and very few have 1,000 employees or more. He also believes the entire commercial software market is rigged against small and midsize businesses. Keeping track of numerous applications and operating systems, having the appropriate licensing paperwork and invoices, and then comprehending all of the complex licensing terms is too difficult for a small business with only one or two experienced IT staff.
"I would say in 100 percent of the businesses we've worked with have issues with software licensing," Scott said. "It's next to impossible to be 100 percent compliant."
Several Scott & Scott clients who claimed they had been targeted by the BSA or SIIA described similar scenarios to CRN. All of the clients say they are small businesses and received threatening letters from either the BSA or SIIA. The clients also say they were shocked to learn that software they had paid for had been flagged by BSA or SIIA investigators as improper -- not because the software was counterfeit or had illegitimate activation keys, but because the clients couldn't locate the actual paper invoices or receipts for the purchases.
In other words, showing BSA or SIIA auditors an actual, legally purchased Microsoft Windows box, complete with an official Microsoft hologram seal and a valid activation key, won't clear you of piracy charges. And sometimes, handing over receipts and invoices isn't good enough either; Scott said some of his clients have been punished for legally purchasing software through eBay or other Websites that the BSA and SIIA don't consider to be authorized resellers.
In fact, Scott said that BSA and SIIA investigators don't often perform actual IT audits; rather than scanning hard drives, the groups usually stick to reviewing actual paperwork such as license agreements and invoices.
"Almost every case we have involves either a lack of paper receipts or licenses or an issue with the software being purchased through an unauthorized channel," Scott said. "It doesn't matter if you actually bought the software. They can still get you for buying the software from the wrong place like eBay or discount sites or for not having the paper invoices."
Both the BSA and SIIA said they use third-party software programs to run software license audits rather than proprietary software, and that they allow businesses to choose which audit programs they want to run. Both also confirmed that businesses must have the proper paper documentation (license agreements, receipts, authorized reseller contacts, etc.) to back up what the audit software finds. Both groups also said buying software through unauthorized channels such as eBay or online discount retailers is considered a license violation.
"Casting a blind eye to authorizations and just buying the cheapest software on the Web isn't a defense against license violations. It's the business' responsibility to find authorized retailers and resellers and make sure their software is legal," the SIIA's Kupferschmid said. In response to criticism that the groups' tactics are aggressive, Kupferschmid said, "The settlements we seek are significantly less than what copyright law would allow if we went to court."
Beruk compared software auditing to traffic stops and said penalties are necessary to prevent abuse. "If you gave everyone a warning, then there'd be no incentive to stop speeding."
NEXT: Whistleblowers And Anonymity
WHISTLEBLOWERS AND ANONYMITY
Solers had finally broken through with the Superior Court's decision to allow the subpoena for John Doe, but the legal victory was short-lived; the SIIA quickly appealed the court's decision -- with help from the BSA, which filed an amicus brief in support of the SIIA -- and in January the U.S. Court of Appeals ruled in favor of the SIIA.
The appellate court's decision received a great deal of attention, not because of the parties involved or the subject of copyright infringement but because the decision was seen by legal experts as a precedent for protecting anonymous speech on the Internet. The SIIA called the decision a victory for First Amendment speech rights for whistleblowers and informants.
"That was a huge victory for us," Kupferschmid said, adding that the ability to protect informants' identities is crucial to the SIIA's piracy investigation.
The appellate court ruled that Solers failed to show direct damage from John Doe's allegations and alleged defamatory statements. While Solers argued that the company was harmed by having to devote time, energy and company resources into fighting the allegation, the court stated that Solers must show actual damage to its reputation, such as losses of revenue, profits or clients, for a valid defamation claim.
That proved to be a catch-22 for Solers. Since the company had fought John Doe's allegations and forced the SIIA to drop its case, it had successfully defended its reputation. The damages, beyond devoting time, resources and legal fees to fight the accusation, were therefore largely theoretical. In essence, Solers was a victim of its own success. It was a setback for Kellogg's company, but not a total defeat; Solers Inc. v. John Doe is now headed back to Superior Court; a hearing scheduled for late September was postponed.
But Kellogg is still bitter that SIIA never seemed to back down off its allegations that Solers was engaging in software piracy -- even when Tobin said he presented clear evidence the accusation was false -- and that the organization never apologized. "If this was an isolated incident, then fine; mistakes happen," Kellogg said. "But if this is happening on a wider scale, then it's wrong."
To this day, the SIIA objects to classifying Solers as innocent of software piracy. "That's inaccurate [to say Solers was exonerated]," Kupferschmid said. "The investigation didn't yield findings one way or another. Just because we didn't find anything doesn't mean they were innocent. And that's all I can really say about it."
NEXT: Winners And Losers
WINNERS AND LOSERS
For all the criticism that the SIIA and BSA have received, the trade groups still retain an incredible amount of support from their software vendor members.
Mary Joe Schrade, senior attorney at Microsoft, specializes in copyright and IP protection for the software giant, and said the BSA is an important ally in the anti-piracy fight and helps educate businesses with its research and awareness campaigns. "We do depend a lot on [the BSA] and I do think they provide a valuable resource," Schrade said.
But Ball said Microsoft and other software publishers would be better off without these kinds of allies. If not for the heavy-handed approach by the BSA, Ball said he'd still be using Microsoft. "The BSA is Microsoft's henchman," Ball said. "All they had to do was call us and say, 'Please get compliant', but they never called. They just showed up one day and raided our office with armed U.S. marshals."
Ball's case represents a stark contrast to how software publishers themselves tackle piracy directly. For example, Microsoft earlier this year filed a copyright infringement lawsuit against reseller PCExchange, Framingham, Mass., for allegedly selling computers preloaded with illegitimate copies of Windows XP. PCExchange wasn't simply running a few unlicensed copies of Windows in its office; the reseller is accused of actually making money from pirated Microsoft software.
According to court documents obtained by CRN, Microsoft claims on two separate occasions in 2009 that PCExchange distributed systems with unauthorized copies of Windows XP to Microsoft investigators. But instead of having its offices raided by armed U.S. marshals, PCExchange experienced a different kind of treatment: a cease and desist letter warning the reseller to stop selling counterfeit Windows software. Microsoft investigators allegedly caught PCExchange a second time in the fall of 2010, and it still took more than a year for the software giant to initiate legal action against the reseller.
So why are the BSA and SIIA so much more heavy-handed than the software companies that are actually having their products pirated or abused?
Scott believes the answer is simple: The software companies can survive without bullying businesses into piracy settlements, whereas the BSA and SIIA cannot because it's their business model. If these organizations simply issued warnings to businesses that were unintentionally infringing upon software copyrights, then the revenue stream would dry up.
Scott also takes issue with the software companies that fund the BSA and SIIA. "The biggest hypocrisy in this whole situation is that the software vendors try to distance themselves from the BSA and SIIA while these groups do their dirty work," he said. "In my opinion, Microsoft and all the other vendors must be held accountable for these organizations."
Others are also critical of the software publishers themselves. Barbara Rembiesa, president and founder of the International Association of Information Technology Asset Managers (IAITAM), a trade group that provides education and certification for IT managers, said it's hard for businesses to navigate the murky seas of cryptic end user license agreements (EULAs) and ever-changing licensing terms.
"I think software licensing is kept intentionally vague. It's in the publishers' best interests to keep these agreements vague because they want to be able to interpret them the way they want," Rembiesa said. "The publishers and the BSA and SIIA have the right to enforce copyright, but my problem is with the education, or lack thereof."
To fill that void, Rembiesa founded IAITAM in 2002 with the message "Educate, Don't Litigate" that ran contrary to the BSA and SIIA. Today IAITAM's membership includes more 7,000 businesses in more than 100 countries across the globe, with three types of certifications and numerous education tracks, some of which advise businesses on how to successfully deal with software audits from software publishers as well as the BSA and SIIA.
Today, Rembiesa sees the BSA and SIIA as "necessary evils" to keep pirated software off the street, but said their audits often catch businesses that have simply gotten lost in the complexities of software licensing rather than thieves downloading cracked software from torrent sites. "I believe most software piracy here is unintentional," she said. "I think under-licensing happens a lot with growing businesses."
Scott Rosenberg, CEO of Miro Consulting, agrees and said unintentional software piracy is primarily a byproduct of IT ignorance within most businesses. Miro Consulting specializes in software licensing consulting and IT asset management, and since 2000 has assisted hundreds of customers with their Oracle and Microsoft software license purchases and compliance. "Piracy is a big concern, especially in China," he said. "But in the Western world, we see most companies trying to do the right thing; they just don't have the knowledge or the tools to stay compliant."
The BSA and SIIA, meanwhile, are more interested in procuring anonymous tipsters than educating businesses on software licensing, he said. "They're protecting the IP, sure, but they're not really helping the issue of under-licensing and the lack of awareness about software licensing," Rosenberg said.
For solution providers, the BSA and SIIA represent a double-edged sword. "They run a lot of campaigns for piracy awareness, and we see them a lot, so that helps," said Mark Lucas, executive vice president of Entre Computer Services. When businesses are scared about getting audited, they're more likely to hire solution providers for IT assessment services or software licenses, he said.
On the other hand, if one of Entre Computer Services' clients were to be audited by the BSA or SIIA, the business could lose tens of thousands of dollars, which could leave the client cash-strapped and unable to invest in new IT solutions. Lucas said Entre Computer Services has never had a client audited or investigated by either organization, and the solution provider likes to keep it that way by advising customers to stay on top of their software licensing.
Then again, solution providers could potentially find themselves getting a letter accusing them of copyright infringement just like Solers did. While Kellogg successfully defended his company against the SIIA's piracy claims, it's been an ongoing battle for the past eight years. And the case against John Doe, which will return to court for yet another hearing, could drag on for several more years.
"It's certainly been an interesting ride," Tobin said. "And the case isn't over."
After all this time, Kellogg is still stinging from John Doe's allegations and isn't planning on letting go anytime soon. "I still don't know who did it," he said. "Was it a competitor? Could someone like that pose as an ex-employee of Solers? I don't know. But I intend to find out."