Last month I wrote a piece talking about the Business Software Alliance’s point of view of software piracy, which is guilty till proven innocent.
As with any good story, there is often an opposing view and I came across one on Mondaq, the legal (among many other things) information publisher.
The article, written by Steven Hellend of the law firm of Fredrikson and Bryon, has a different point of view and I think his point is well taken. Understand, of course, that if you take his strategy you are likely in for a large legal bill, but the situation is messy either way and you need to decide what is the best strategy for your company.
Steven’s point of view is summed up this way, by him:
Imagine that you are accused of shoplifting a pair of Levi’s® jeans by an un-named tipster. The agent for the clothing store demands that you inventory not only your Levi’s® jeans, but every article of clothing in your closet. Next the agent demands that you provide a dated receipt for each article of clothing. No matter how old. And if you can’t find a receipt for a favorite old sweater, the agent is un-interested that your mom will provide an affidavit that she bought it for you as a gift. Absent a dated receipt, all items are deemed shoplifted or stolen. And the agent will demand a settlement payment or threaten to sue you for $150,000 per item.
The inference of shoplifting/theft above is absurd on its face.
The inference of copyright infringement for software under like circumstances is equally absurd.
I think that Steven is not particularly arguing with the guilty until innocent comment, but he thinks that there are many possible defenses, contrary to what the BSA might tell you. Remember, the BSA is a private organization, not a judge, jury or regulatory body.
So, in short summary, here is his take:
- The BSA says you have to have dated receipts. Steven says that you may be able to convince a court that other evidence is sufficient.
- The BSA says if you cannot provide dated receipts you are de facto guilty. Steven says there are many factors and in court (assuming you go that far), things may not be so simple and the burden MAY shift to the BSA. Note I said MAY.
- The BSA says you can be fined up to $150,000 per infringement. Steven says that the BSA forgets to mention that the statute says ordinary or typical damages are between $750 and $30,000 as the court considers just. The $150,000 is the maximum for certain willful infringement. It also says that the court may reduce the fine to no less than $200.
So, I think what Steven is saying is that you should not cave, consider your options and come up with a plan. The result may be much less dire than the BSA suggests.
That being said, as part of your cyber risk management plan, you do need to manage software licenses, manage documentation, enforce the rules, punish violators, etc. Doing this will likely (not guaranteed, but likely) eliminate any chance of willful infringement charges being successful. In that case, your exposure will certainly be a whole lot less than the BSA suggests. However, if you just let it slide or wink while employees copy software, the picture will not look anywhere near as pretty.
Here is an article on software audits that Steven has written on his company’s web site. More information. In this case, information is definitely good for you.