Scott Technology Attorneys

Software Audit Blog


Autodesk License Upgrades Soon to be Extinct

One venerable software license model that many companies have utilized in the past has been the license upgrade, under which a licensee could acquire the right to deploy the newest version of a product at a much-reduced price, provided that the licensee also owns a full license for a qualifying, earlier version of the same product. However, with the increasing focus on recurring revenue and hosted software solutions, such licensing models apparently are approaching antiquation in the eyes of many software publishers, with the most recent being Autodesk.

Read more


Non-Disclosure Agreement Misconceptions

The name itself sounds so powerful: Non-Disclosure Agreement. How could anything be disclosed without repercussion if you have one of these? So you execute your NDA, and voila -- you’re all protected and can hand over the farm without a worry. Not really. Before letting someone take free reign into your facility for information, consider a few misconceptions about NDA’s:

Read more


Software Licenses: When Termination is Too Severe

As software license customers, we’re all familiar with license fees, maintenance fees, support fees, and access fees. If a licensee doesn’t pay, then a publisher may have an option to prevent a licensee from using the software. On the surface, it only seems reasonable that a licensee has to pay to play. And when a customer doesn’t pay, a publisher may seek to invoke its’ “termination” rights – effectively shutting down the use of the software.

Read more


Know the Publisher’s Audit Rights: Notice

When companies receive an audit notice, many are surprised when they realize that the notice is so short. Companies want to know if they are receiving a reasonable notice based on the industry norms. That often prompts the question: How much notice is normal for audit matters?

Read more


Don’t Wait For a Settlement Demand to Hire an Attorney for Copyright Infringement

Software publishers have increasingly identified software audits as potential revenue-generating exercises, which has led to a rise in the number of companies targeted.  Small, medium, and large companies all need to be aware that a software audit can result in extensive time and unbudgeted financial expenditures.

Read more


Software Audit Risks – What Are the Chances Your Company will be Next?

There is a set of related questions our software-audit clients frequently ask us that boil down to variations on one or more of the following: Why am I being audited? What if anything did I do to cause this? How can I avoid it in the future?

Read more


Customer Access Under Microsoft MSDN Developer Licenses

Microsoft’s MSDN subscription licenses often create license compliance problems. These problems arise because it is extremely easy to over deploy Microsoft software using MSDN media because it includes a vast array of Microsoft products with limited deployment controls. In addition, the licensing rules related to MSDN are often misunderstood. One often overlooked aspect of Microsoft MSDN licensing is customer access to development projects for purposes of testing, quality assurance, or feedback. 

Read more


Windows Desktop Licensing Can Be As Perilous As Any Other Microsoft Product

In any software audit, there are two over-arching categories of information that must be collected: data regarding what products are deployed on a business’ computers and records demonstrating the licenses that the business has acquired to use those products. With regard to the entitlements, some kinds of licenses often are relatively easy to document. For example, in Microsoft audits, entitlement records for server applications like SQL Server or Exchange Server often do not require significant effort to locate, simply because they either were expensive (and, thus, were saved in the ordinary course of business with records regarding other significant purchases) or were acquired through one of Microsoft’s volume licensing channels, resulting in purchase records being available either from Microsoft or from the business’ reseller.

Read more


Know the Publisher’s Audit Rights: Cooperation

When a publisher sends an audit notice, many companies wonder why they have to cooperate with the audit. In almost all cases, if anyone in the company has installed the software, the company has granted the publisher audit rights that can’t simply be ignored. In fact, many license agreements expressly state that an end-user must cooperate with an audit. And, cooperation doesn’t just mean reports. Being cooperative may sometimes mean providing access to facilities, systems, and records. In most instances, the audited company has to actively participate in the audits.

Read more


Know the Publisher’s Audit Rights: Frequency

When it comes to software license compliance, being compliant with the publisher’s licensing rules can be daunting enough. But compliance won’t stop a software audit.   When a company receives an audit notice, the first stop should be the end-user license agreement (EULA). There are some key themes to look for, and they may not always be so obvious – such as a specific Audits section. It’s important to find an answer to the question: How Often Can the Publisher Audit? 

Read more


Management’s Ignorance Is Not a Defense to Copyright Infringement Claims

Software publishers, acting alone, or through a proxy such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”), regularly audit customers or potential customers to ensure license compliance and deter against copyright infringement.

Read more


Microsoft’s Auditors Are Not Infallible

Microsoft licensing is a complex, multi-faceted undertaking, with different rules and license metrics applying to different products. In the context of software audits initiated by Microsoft, it is important to keep in mind the fact that the auditors hired to perform those investigations are fallible human beings and that they can (and do) make mistakes in their audit analyses.

Read more


BSA/SIIA Audits and Software Publisher-Initiated Audits Differ in Important Ways

While the over-arching concept underlying a software audit initiated by a publisher like Microsoft or IBM is the same as that in an audit initiated by the BSA | The Software Alliance or the Software & Information Industry Association (SIIA) – a comparison of software entitlements to software deployments in an effort to identify any licensing gaps – the similarities between those two types of audit investigations mostly ends there. Here are three important differences:

Read more


Unlimited License Agreements for Oracle Products

Technology departments are continuously looking for ways to reduce costs related to software. Many larger enterprises are considering licensing software products on an enterprise-wide basis. For Oracle products, an unlimited license agreement (“ULA”) approach can be beneficial in terms of license management, but the transition from a ULA back to limited licenses can present problems for some companies.

Read more


Be Wary of Requests for Mystery Data

Software auditors such as KPMG, Deloitte and PriceWaterhouseCoopers like to have things their way. It’s an understandable impulse – with likely hundreds of audits pending at any one time, the natural inclination is to standardize the process around a single set of tools and processes with which the auditors are most familiar. However, those tools and processes often are a poor fit for an audited business for any number of reasons, some technical and some legal.

Read more


Data Concerns in Outsourced Applications

Outsourcing information technology functions that are not mission critical can seem like an attractive proposition. E-mail, productivity applications, and hosted creative bundles can ensure that in-house staff can focus on those functions that contribute directly to revenue or customer service. But, companies that are considering outsourcing should carefully review the terms of service for the prospective vendor to ensure that the vendor will keep the data secure.

Read more


Retaining and Recovering Software Licenses

When a consumer or a business purchase software, it is critical to retain the software license as proof of the rights conveyed as part of the license.  One of the issues that arises during a software audit is that a) companies are using software that is many years old; b) it is difficult for the company to find the physical copy of its licenses; and c) older licenses are not always readily available online.     

Read more


Autodesk Settlement Agreements: Beware Restrictive Superseding License Terms

A software audit typically resolves in one of three ways: a dismissal, a settlement, or litigation. The most common path to resolution is a settlement between the parties for potential copyright infringement stemming from allegedly unlicensed software. Software publishers sometimes authorize entities such as the Business Software Alliance (“BSA”) or Software & Information Industry Association to pursue copyright infringement claims on its behalf, while other publishers prefer to pursue potential copyright claims directly.

Read more


SQL Server Licensing Strategies for SPLA

Licensing Microsoft server products in any environment can be a challenging undertaking, given the complexity of some of Microsoft’s licensing rules. However, licensing Microsoft products for commercial hosting environments under a Services Provider License Agreement (SPLA) can be especially daunting, due to the different use rights and license metrics available under that model. Licensing SQL Server is perhaps the best example.

Read more


Microsoft SPLA Audit Look-Back Periods

In a typical Microsoft audit of software licensed under perpetual licenses, the auditors usually will compare installations of Microsoft products against licenses owned, and Microsoft will require the audited business to purchase additional licenses required to cover any gaps discovered by the auditors. An audit under a Services Provider License Agreement uses a similar framework, but the analysis is complicated by the fact that SPLA is a monthly, pay-as-you-go arrangement, where the audited company may have been reporting SPLA licenses to its reseller for many years.

Read more


Autodesk Audits: Managing Independent Contractors

Autodesk, Inc. uses a variety of resources to identify potential audit targets. Many of these targets are small architecture or engineering firms that employ independent contractors in lieu of full time employees as CAD operators.A typical Autodesk software audit letter requests information regarding any installations of Autodesk products on company machines. The following are three possible scenarios involving independent contractors that have differing licensing implications.

Read more


Microsoft Audit Roadmap

Microsoft offers an array of software licensing options for its business customers. However, during an audit, the timing and course of the project typically follows a fairly well-worn path. 

Read more


Software Escrow Provisions in Agreements

Most technology-related contracts have provisions that seek to protect the seller or licensor’s intellectual property rights. These provisions usually contain clauses prohibiting reverse engineering, derivative works, or copying software.  It is generally true that most software is not sold; it is simply licensed to the licensee to use for some certain amount of time. What happens if the licensee relies on the software to run its business and the licensor breaches the agreement (due to, for example, insolvency, willfulness, or some other reason beyond its control)?

Read more


Considerations When Upgrading Your Software

Organizations considering whether to upgrade to the latest software versions sometimes fail to take into account one important component–license terms.  It is not uncommon for companies to invest several months in testing interfaces, interoperability, and regression to ensure the new version will work. They may even ensure they have the appropriate licensing for installing and running the newer version, but an often ignored area is the actual license terms.

Read more


Outsourcing Technology Law

Businesses have various reasons for outsourcing legal work. Reasons companies outsource general legal work include: increased revenue generation by helping the company to transact business more quickly, managing confidentiality by moving the matter outside the local company environment, and avoiding liability. Some important reasons companies outsource technology law related transactions include the following.

Read more


Changes for Microsoft Fail-Over and Disaster Recovery Rights

With the April 2014 versions of the Product Use Rights (PUR) (for volume licensees) and the Services Provider Use Rights (SPUR) (for services providers under SPLA), Microsoft has implemented significant changes to several usage rights associated with fail-over or disaster-recovery (DR) installations of its server products.

Read more


Microsoft SPLA - Access Misunderstandings

As part of its Microsoft Service Provider License Agreement (“SPLA”) obligations, a SPLA provider must report monthly usage, however Microsoft and SPLA providers do not always agree on the interpretation of the contract language. The Service Provider User Rights (“SPUR”) includes language that is much broader than what the licensee may understand.  Below is an excerpt from the 2013 SPUR for a commonly licensed Microsoft Product, the Remote Desktop SAL.

Read more


Non-Traditional License Documentation – Save Everything!

Whenit comes to keeping records demonstrating how and when your company acquiredsoftware licenses, you can never have too much of a good thing. Businessestypically have good procedures in place to track things like invoices andlicense certificates, but those kinds of documents do not always tell the wholestory. Even if they did, having some backup can be helpful when purchases fallthrough the cracks.

Read more


The Benefits of Software Self-Audit

Many companies faced with software compliance issues will choose to perform their own audit in advance of a formal audit by the publisher and/or include self-audit as a regular part of their risk management and internal control policies.  Some of the benefits to doing this are as follows.

Read more


The Kaiser Breach Case-What You Can Learn

Just recently, California Attorney General Kamala Harris filed suit against Kaiser Foundation Health Plan, Inc. (“Kaiser”) because of an alleged 2011 data privacy incident. It seems as though a simple accident led to sensitive data being accessed by unauthorized third parties, and ultimately exposed Kaiser to legal and financial risk. In this case, an external hard drive containing the sensitive personal information of Kaiser’s patients was sold to a retail thrift shop.

Read more


When an Audit is Not an Audit, Think Twice About Participating

In the software licensing world, all audits are not created equal. On one hand are the “true,” contractual audits. Here, the applicable license agreement gives the software publisher the right, usually upon notice and sometimes limited in frequency or scope, to demand access to the systems where its products are installed or a report of data demonstrating usage of those products. In many cases, a third party, like Deloitte or KPMG, is hired to review and validate the raw data. At the end, the audited business typically is required to purchase licenses to cover any unlicensed usage discovered as a result of the exercise. Penalties may be required as well.

Read more


What I Learned in the Last 10 Years Defending BSA -The Software Alliance Audits

I am an intellectual property attorney in Southlake, Texas who has handled more than 230 Business Software Alliance audit matters for small to medium-sized companies. For the last ten years, I have been representing end-user companies nationally in software audit matters initiated by major software publishers including Microsoft, Adobe, Autodesk, IBM and their trade groups including the BSA | The Software Alliance. Here is what I learned over the years.  

Read more


Responding to an Audit from the BSA-The Software Alliance

 If your company has received a letter from the BSA | TheSoftware Alliance requesting a software audit, you are probably wondering whether you should cooperate or ignore the request. I have been handling BSA cases for almost a decade and advise my clients to cooperate but to do so in a manner that will not jeopardize their legal position in the event that cooperation does not result in an acceptable out-of-court settlement. After handling over 230 BSA cases I have learned that business clients almost universally seek a resolution that has the lowest total costs and the most predictability.

Read more


Surprising Twist in Target's Data Breach Inquiry

In a recent article concerning the Target data breach, it was reported that the hackers used stolen credentials from one of Target’s third party vendors to gain access to Target’s systems. New information just released indicates that the third party was not a technology service provider, but rather an HVAC company (heating, ventilation, and air conditioning). While it may be surprising to the average consumer that an HVAC provider was given network access to Target’s systems, there may be a reasonable explanations for this. 

Read more


Beware IBM Acquisitions and Product Transitions

IBM software licensing can be a very complex knot to untie. While IBM does develop new products in house, many of its most popular offerings (Cognos, Tivoli and ILOG, to name a few) are the result of its active history of acquiring smaller publishers and then continuing to offer their products under the IBM brand. As a result, those publishers’ licensing metrics sometimes are incorporated (at least for a time) among the myriad other IBM metrics under which IBM licenses its products. (A description of different IBM license types is available here.)

Read more


Avoiding Spoliation of Evidence Claims in Software Audits

A software audit is a complex, arduous, and time-consuming process for the average company. Software auditing entities like the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) initiate software audits on behalf of software publishers to pursue potential copyright infringement claims arising out of software compliance issues.

Read more


Personal Data Privacy and Security Act of 2014

Companies conducting business in highly regulated industries will often select our firm to assist with evaluating privacy compliance. Companies are often required to comply with privacy obligations from outside counsel, the Gramm Leach Bliley Act (“GLBA”) or the Health Insurance Portability and Privacy Act (“HIPAA”). The GLBA and HIPAA regulate the financial and health care industries respectively, and beyond these types of industry-specific regulations, there is not a nation-wide standard of rules governing the handling of personally identifiable information (“PII”).

Read more


Using Vendor Agreements to Protect Against Data Breaches

The recent Target data breach, one of the largest breaches in history, appears to have been initiated after intruders used stolen vendor credentials to access Target’s point-of-sale system and install malware. Even if Target had no issues with its internal security, the trust it placed on one of its vendors has already yielded federal criminal investigations, and will likely result in millions of dollars of remedial measures to protect customers’ identities after the data breach.

Read more


For Hosting Providers Running Microsoft Products, “Dedicated” Means “Dedicated”

As discussed previously, providers of software hosting services may deploy on their servers Microsoft products licensed by their customers under two different scenarios, one of those being where the hosting provider has dedicated a physical server for use by the customer providing the licenses. However, providers thinking of taking advantage of this option need to tread carefully.

Read more


Google Announces a New Cloud Platform

Google recently announced new and improved Cloud platform offerings. For businesses regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or Gramm Leach Bliley Acts (“GLBA”), moving data to the Cloud is not something to be taken lightly. HIPAA and GLBA place a heavy emphasis on the protection of sensitive customer or patient information.

Read more


Data Breach Notice Statutes

For businesses regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or the Gramm Leach Bliley Act (“GLBA”), the amount of effort required to be compliant can be staggering. Those entities handling the personally identifiable information (“PII”) or non-public information for their customers have affirmative notice obligations and duties to protect PII under federal rules such as HIPAA and GLBA.

Read more


Software Audits: The Importance of Timely Completion of Post-Settlement Obligations

Software audits initiated by software publishers or representative entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), are often resolved by an out-of-court settlement. The carefully crafted settlement agreements release an audited company from liability, contingent on the following obligations.

Read more


Additional Considerations for Bring Your Own Device

A previous blog outlined many of the risks associated with increasingly prevalent bring your own device (“BYOD”) policies. While the previous discussion focused on I.T. governance concerns such as security, administration and device management, there are additional legal risks regarding BYOD.

Read more


Software Publishers Use Internet Posts to Aid in Infringement Claims

Companies should be aware of what they are posting regarding their services on the Internet. Software publishers and audit associations are reviewing web sites and on-line profiles in an effort to aid in copyright infringement enforcement. In situations where a software publisher has initiated an audit of the company’s software licensing, the representations made on web sites and professional networking profiles has at times been cited to refute the argument that the audit target either does not have the software publisher’s products installed or that it does not use any of the software products.

Read more


Timing is Key for Software Audit Settlements

More than 90 percent of software audits initiated by software publishers or representative entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), are settled out of court after negotiating a final settlement payment and terms. Although there are a number of factors that affect an ultimate resolution, timing of settlement is often important.

Read more


Hosting Providers Have Two Options For Customer-Supplied Licenses

Like any good business, many providers of hosted IT solutions prefer to demonstrate flexibility in offering services to their customers. For example, a company that offers hosted Exchange services may want to allow their customers to use perpetual licenses the customers purchased to support deployments on the service provider’s servers. While Microsoft’s licensing rules permit this under some circumstances, there are important restrictions on how the Microsoft software may be deployed that can result in severe penalties for the unwary.

Read more


Contract Provisions Concerning Privacy & Security Compliance

Managing data security and privacy is becoming an increasingly larger part of a company’s risk portfolio, especially as it relates to transactions with third parties. These third-party transactions may include the outsourcing of technology services, hosted data, or software as a service (“Saas”), and as an example, consumer information privacy is an area garnering a lot of attention.  From data breach notice reporting to class action lawsuits, companies who handle the non-public personal information of individuals have possession of high-risk information, and entities regulated by HIPPA and the Gramm Leach Bliley Act need to ensure they are compliant with the statutory requirements.

Read more


Releases of Liability as Part of Licensing Deals – How Hard to Push?

Software publishers know that the vast majority of their customers are, to varying degrees, out of compliance with the terms of license agreements governing their use of the publishers’ software products. Especially in larger enterprises, managing and maintaining a company’s license position is a daunting and maybe even impractical task, especially given the increasingly complex architectures utilized in today’s IT environments and the correspondingly complex licensing metrics that go along with them. The choice often comes down to increased licensing exposure due to lax monitoring or the lost productivity that may arise from systems that are centrally managed by IT teams with insufficient resources.

Read more


The Challenges of Compliance

This firm often assists regulated entities with compliance-related concerns such as information security, due diligence, software licensing, and data breach notifications. As the universe of compliance obligations expands, so too does a company’s exposure portfolio. This increase in liability may result from a software publisher audit, failure to provide notice to customers about a data breach, or governmental agency fines. Compliance, like many other aspects of the business world, is a balance of risks.

Read more


The Managed Services Provider Contract

Service providers are often surprised by the fact that they need more than one agreement to govern the relationship with their clients. There will usually be some sort of master agreement, often referred to as a business services agreement or master services agreement. This agreement will typically contain the terms and conditions governing all of the related transactions between the parties. There will likely be provisions concerning confidentiality, intellectual property, termination, and warranties, among many others.

Read more


Software Audits: Proving Ownership of Software Licenses

Often the single most arduous and time-consuming task facing companies who are the subject of software audits is collecting entitlement information to prove ownership of licenses for software installed on its networks. Once a company receives an official audit letter from a software publisher, or one of its representative entities such as The Software Information & Industry Association (“SIIA”), or Business Software Alliance (“BSA”), the first step is to conduct an analysis of software installed on its network.

Read more


Compliance May Remain a Concern Even in the Cloud

For many businesses, the allure of moving their software platforms, applications and/or databases to The Cloud lies substantially in the promise of ridding themselves of license-compliance concerns. The pitfalls of a Cloud-based architecture are worth accepting for many businesses that do not want to expose themselves to the risks of hefty penalties or compliance purchases that may be required to resolve audits or other licensing disputes associated with having third-party software installed on their computers.

Read more


Software Audits: Surviving Settlement

Software auditing entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), initiate software audits of businesses that more often than not result in a settlement agreed to and negotiated by both parties. It is infrequent that a software publisher or auditor initiates against a company copyright infringement damages arising out of software compliance issues.

Read more


Risks of Bring Your Own Device

More companies are faced with a workforce that wants to bring their own devices (“BYOD”) to work. One on-line journal cites a poll that finds that younger workers actually see bring your own device as a right rather than a privilege. For a company considering a BYOD policy, there are risks involved. Some of the risks are as follows:

Read more


Avoid Oracle ULA Termination Risks

Many software publishers recognize that perpetual licenses should be, true to their name, perpetual, and that unless you violate the terms of the licenses they should remain in effect forever. As the licensee, you may not want to use that Microsoft Office 97 license you purchased fifteen years ago. However, if it suits your needs and is compatible with your hardware, you are good to go, even if you might have violated the terms of some other agreement with Microsoft during that 15-year period.  

Read more


Company Policies and Compliance

Compliance and risk management are becoming more important concepts for businesses, and especially those operating in regulated industries. Outside of technical legal concepts such as negligence per se or breach of contract, in the event of a dispute between parties concerning legal liability, the case often turns on whether the conduct of one party was reasonable under the circumstances. If a business deals with the non-public personal information of its clients, for example, a dispute may arise in the event this information is disclosed to an unauthorized third party.

Read more


Oracle ULAs Require Delicate Balancing

Many larger companies feel an understandable desire to move toward, centralized, enterprise-level software licensing agreements. Such frameworks often have the advantage of allowing licensees to spread their license spends more evenly over the term of the agreement and to focus somewhat less intensely on some software asset management (SAM) obligations.

Read more


Buyer Risk Management Strategies During M&A Activities

Depending on which side of a merger transaction a party is on, the strategies for protecting your interests may be different. This is particularly true with respect to intellectual property assets or license agreements. A buyer who is looking to purchase the assets of another entity may consider the following strategies for limiting its risk exposure and ensuring smooth post deal operations.       

Read more


Trust, But Verify with Third-Party Software Vendors

Enterprise-level software solutions often are very complex products requiring a level of expertise that may be outside the experience or skill sets of generalist IT teams. Many businesses therefore rely on the services of independent software vendors and consultants to evaluate their needs for particular solutions, to procure the required licensing, and to deploy and configure the solutions on the businesses’ servers. Many of those vendors may even be recommended by the publishers of those software solutions, and their customers naturally feel as though they can rely on their advice and consultation regarding licensing requirements.

Read more


Key Provisions in Technology Services Agreements

Technology services companies should ensure that their agreements contain provisions designed to protect them in disputes with their customers.

Read more


Seller Risk Management Strategies During M&A Activities

Depending on thestructure of a merger or asset purchase agreement, a seller may inadvertentlyviolate the terms of a license agreement or take on liability to a buyer orsoftware publisher when dealing with software licensing.  Software licensing agreements often haveprovisions that either prevent assignment or transfer of the license completelyor at least require the transferor to seek permission from the publisher beforeany transfer takes place.[1]Sellers may be able to limit their exposure by implementing the risk mitigationstrategies below.   [1] For an analysis on what happenswhen the license agreement is silent see the following :http://www.scottandscottllp.com/main/blogentry.aspx?id=3304 

Read more


Don’t Forget to Raise Equitable Arguments in Software Audits

Most software audits eventually reach a point after all the deployment and license data has been collected when the auditors – often employees of an accounting firm like Deloitte or KPMG, though sometimes the publishers’ own internal audit teams – present their draft audit findings to the audited business. At that stage, the auditors then usually give the business an opportunity to identify any errors in the draft findings before they are presented to the software publisher’s compliance team. However, if the audited company limits its review of the findings to factual errors, it may be missing critical opportunities to mitigate compliance exposure.

Read more


Internal Software Audit Priorities – Where to Start?

Many business leaders who find themselves on the receiving end of software audits targeting their companies vow to never again be caught with significant exposure related to their licensing positions. However, knowing how to act on those resolutions sometimes can be challenging, especially when the company’s software estate is a large or diverse one. Here are some guiding principles to help businesses make decisions about where to start:

Read more


Warning: Read and Understand Social Media Sites’ Terms of Use

Many people, and increasingly more businesses, are utilizing social networking, photo sharing, and cloud storage web sites. Virtually all of these types of sites will require acceptance of terms and conditions when a user or business signs up for an account. The language contained in this fine print likely contains a license grant which grants permission to the photos or other creative works that were uploaded. This is likely true whether these uploads were for personal or commercial reasons.  

Read more


Software Compliance: Finding Authorized Vendors for Hardware with OEM Licenses

Depending on the size of a business, management may choose to purchase company computers ad-hoc through retailers such as Best Buy or Office Depot. Larger companies may have open accounts through vendors like CDW or Dell Computers, while smaller companies sometimes use local vendors that sell hardware with pre-installed Windows operating systems. It may be difficult to prove ownership of these operating systems if faced with a software audit from a publisher or auditing entity, such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”).

Read more


Dangers of Submitting Incomplete or Inaccurate Software Audit Results

Although software compliance can sometimes fall low on a company’s priority list, a software audit typically brings prior software compliance efforts into sharp focus.  An audit, whether initiated by a software publisher, or by one of its representatives such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”), is a complicated and lengthy process, with rules set by the auditor.

Read more


Careful Recordkeeping Key to Software Compliance

Software audits are on the rise and often take the targeted company by surprise. Most audited companies are ill equipped to produce an accurate inventory and records for hardware and software purchases and lack the funding or resources to conduct an accurate analysis of its software compliance.

Read more


First US IP Enforcement Coordinator Named to Head BSA

BSA | The Software Alliance recently announced that it had named Victoria Espinel, who served in the Obama Administration as the first US Intellectual Property Enforcement Coordinator as its new President and CEO. Ms. Espinel’s prior government experience included service during the Bush administration as Senior Counsel in the Office of the US Trade Representative and as the first Assistant US Trade Representative for Intellectual Property and Innovation. Prior to that, Ms. Espinel also practiced law with Covington & Burling, a firm that often represents Microsoft in litigated software-licensing disputes.

Read more


Don't Take Your NDA for Granted During Software Audits

Many businesses expend far too little effort in securing appropriate non-disclosure agreements during software audits. Some businesses even wholly overlook NDAs during the audit process, believing that they have no leverage to demand reasonable protections for the information that the auditors will ask them to provide. This is a mistake that can cost a company millions.  

Read more


Risk Mitigation Strategies for Managed Services Provider Agreements

Typical service provider agreements are usually drafted by the service provider, and at least early during the negotiation phase,will likely try to shift much of the legal risk to the customer. In these types of business transactions, the customer is often seeking a "turn-key" solution for management of its technology needs. Depending on the level of outsourcing contemplated, the service provider may be installing software applications for the end user, and installation of software on computers that is not licensed could expose the end user to significant legal and financial liability.  

Read more


Vendor Due Diligence

Companies that engage technology vendors for various services such as co-location, hosting, cloud services, and software licensing often get lost in the negotiation of the monetary and non-monetary terms of the agreement, and fail to consider the threshold question–is the vendor capable of performing? The terms and conditions of the contract spell out the rights and the obligations of the parties to the transaction, but ideally, companies should select vendors that have a low probability of breaching. A key to mitigating this risk is conducting due diligence before selecting the vendor.

Read more


Managing Risk for Licensing Agreements During Merger Activities

Merger and Acquisition activities can have a significant impact on existing software license agreements. Many license agreements specifically prevent assignability, transferring, or sub-licensing of the rights under the agreement, so if a buyer is acquiring the assets of an organization or is involved in some other type of merger, it may find itself in the position of defending a copyright infringement claim from the original licensor. An inadvertent transfer of the license may result in significant penalties, including but not limited to relicensing the software already licensed by the original licensee or copyright damages into the Millions of dollars.

Read more


Software Audits: Securing a Release of Liability with Settlement

Software auditing entities, such as the Business Software Alliance and Software & Information Industry Association, typically set forth a complex set of requirements for software audits that can be confusing, time-consuming, and expensive. Many businesses faced with software audits are eager to resolve these matters, and choose to pay to settle out of court. Often companies are so focused on the final settlement payment, that they do not spend as much energy on the non-monetary provisions in final settlement agreement.

Read more


Control Software Audit Disclosures By Keeping an Eye on the Audited Entity

In many cases where we are retained to assist companies targeted for software audits after software-deployment data already has been submitted to the auditing entities, we have the regrettable obligation to let our clients know that they have disclosed too much. Over-disclosure can cost a company millions of dollars, and it is typically very difficult or impossible for us to “un-ring” the disclosure bell by convincing the auditing entity that it needs to disregard audit data previously provided by our client.

Read more


Tame Complexity in Enterprise IT Services Agreements

Many large enterprises have made the decision to transition the support and management of their information technology assets and networks to third-party service providers, such as IBM or HP. Such arrangements can help companies to focus their internal efforts more on driving business with their customers, and less on internal work that may represent a distraction from core objectives. However, such contracts can be fraught with challenges, one of the most notable of which being the danger of unmanageable complexity.

Read more


Top Three Tips to Ensure Software Compliance

Companies facing copyright infringement claims from software publishers or their representatives have few options to navigate an audit and resolve the matter out of court. The costly nature of a software audit has prompted companies to take pre-emptive steps to avoid expensive audits by utilizing three key strategies.

Read more


Know When to Say When in Response to Auditors’ Requests for Information

Software audits can be intensely frustrating ordeals for businesses to navigate. Many publishers will go to great lengths to cajole their customers with assurances of amicability and license-optimization opportunities, but most IT managers know that the reality of audits in almost all cases is anything but friendly and fraught with pitfalls. However, the first things that audited companies can do to mitigate their exposure is review the applicable software licenses and gain an understanding regarding just what the auditing entity is in a position to demand.

Read more


Avoid Ambiguity in Microsoft Licensing Agreements

CTOs who have read Microsoft’s volume license agreements and product use rights documentation know that Microsoft has a special place in its heart for contractual “grey area.” To some extent, that fact likely arises from the practical impossibility of trying to accurately capture all of the technical parameters that could affect license rights. Enterprise IT architectures are dynamic, incorporating constantly evolving technologies. A license agreement that is too tech-specific runs the risk of being difficult or impossible to enforce when the industry starts moving to new platforms. However, that does not explain everything when it comes to Microsoft’s contracts.

Read more


Not All Software Audits Protected By Privilege

Companies faced with a demand for a software audit from a software publisher or an entity such as the Business Software Alliance or Software & Information Industry Association are increasingly turning to their own internal IT departments or hiring technology consultants to conduct software audits, the results of which may be discoverable in future litigation. The discovery risks associated with conducting an internal audit or hiring an outside IT firm to conduct a software audit may be mitigated by hiring legal counsel to conduct the audit and prepare a legal analysis.

Read more


Risks Associated With Hosting Data in the Cloud

Scott & Scott’s attorneys are often asked about the legal and compliance risks associated with hosted applications or data in the public Cloud. Depending on the industry, this seemingly transparent choice of where a company hosts its data may actually present significant risks. Given the nature of how data is stored in the Cloud, companies potentially have less control over the management, storage, and access of their data, which results in increased compliance and legal liability challenges.

Read more


Beware the Mandatory SAM Engagement

For several years now, Microsoft has offered some of its customers the “opportunity” to have third-party licensing consultants (selected by Microsoft) review those customers’ Microsoft product deployments and determine whether those customers have all of the licenses needed to support those deployments. Called Software Asset Management, or “SAM” engagements, the reviews are, in theory,optional, financed by Microsoft, and presented as a collaborative benefit to customers in order to maximize the efficiency of their licensing budget. In practice, however, SAM engagements typically are nothing but informal audits conducted by consultants whose loyalties lie with Microsoft.

Read more


Choice of Law Is Not Just Boiler Plate

When reviewing various types of agreements, there is often a small section for choice of law and venue selection included with the fairly routine provisions such as severability and force majeure. Although these choice of law provisions are usually very brief, these provisions can end up having a large impact and should be given consideration during the negotiation and drafting phase.

Read more


Don’t Short-Sheet the Internal Analysis in an IBM Audit

One of the most critical steps of any business faces in any software audit is conducting an internal analysis of deployments to entitlements, preferably before any audit data is shared with the auditors. That internal review serves several purposes, including (1) identifying deployments for which a company's license documentation may be lacking, thereby giving the company an earlier opportunity to locate invoices or other purchasing records, (2) identifying deployments at risk of being counted inaccurately by auditors, and (3) giving finance teams an opportunity to set aside appropriate reserves based on estimated exposure levels.

Read more


Software Licensing in M&A Transactions

Many business owners are familiar with how complex merger and acquisition activities can be. Asset purchase agreements, reverse triangular mergers, and statutory mergers not only sound intimidating, but there is a significant amount of complexity inherent in these deals, even when dealing with smaller entities. These transactions may present legal and financial risks concerning intellectual property license agreements. When a company acquires the assets of another company, they probably assume that they also gain ownership of the assets owned by the company they acquired. Unfortunately, that “asset” may really just be a liability in disguise.

Read more


Adobe Audit Demands Can Be Burdensome

Businesses contacted by Adobe for software audits can be lulled into thinking that those investigations entail less exposure risk than audits by other publishers, like Microsoft or IBM. Adobe audits typically are conducted directly by Adobe representatives, rather than by a third-party auditor like Deloitte or KPMG, and the inventory data usually is provided by the audited business using its own toolsets. In addition, Adobe’s audit team is generally quite genial in its approach, at least at the outset of an engagement.            

Read more


Business Software Alliance (BSA) Adds Dell to its Member List

The Business Software Alliance (BSA) recently announced that Dell has joined the software-industry organization as a new member. It remains unclear at this stage whether the new relationship will have an impact on future BSA software audits. Many BSA members tend not to play very prominent roles in the organization’s license-enforcement efforts and instead work with the BSA mostly on efforts to promote the industry.

Read more


The Costs of Data Breach

As incidents of data breach have become more prevalent, it is important to note what this could actually mean for a company who stores and maintains (or shares) the personally identifiable information (“PII”) of its consumers. Generally speaking, the sources of these legal risks could be broken down into three general categories: federal, state, and common law.

Read more


Running Windows Server in Clustered VMs Carries Risks

Many businesses running virtual servers with shared physical infrastructures have encountered significant audit exposure arising from the fact that, according to Microsoft, the physical machines in a clustered arrangement may be “running” any number of Windows Server instances at any time. Therefore, Microsoft historically has demanded that a number of server licenses be assigned to each physical host sufficient for all VMs running in the cluster.

Read more


Impact of PC Administrator Access on Unlicensed Software Exposure

Operating system level security in the workplace has always been a double-edged sword. Everyone generally recognizes its importance, but internal customers need more, and IT departments are faced with increasing help desk requests while managing with a continuously shrinking number of resources.  In an effort to “resolve” many help desk requests before they come, IT administrators will often leave user accounts either with admin access during deployment or perhaps during some sort of resolution phase of an open trouble ticket.

Read more


Adobe Creative Suite Abandons Your Desktop for The Cloud

On May 6, 2013, Adobe announced that Creative Suite 6 and the component products included in that product line (e.g., Photoshop CS6, Illustrator CS6, etc.) would be the last Creative Suite products to be released under stand-alone, end-user licenses.

Read more


Software Audit Associations in Other Countries

With expanding international economies, it is no surprise that companies outside the United States are facing software compliance challenges. This is true for companies existing solely in the foreign country, or US based companies with subsidiaries or operations outside the US.  Further, it is no surprise that there are audit associations operating in larger foreign countries.Our firm was recently asked how to respond to an inquiry by a South American audit association, Software Legal Argentina, regarding software located at its South American operations. Because of this situation our firm took pause to consider the differences in responding to a “typical” software publisher audit letter in the US and one received in a country outside the US.

Read more


Pay Attention to the Expiration Date

In various types of technology contracts, you often have change orders or separate scope of work agreements (“SOW”), which ultimately refer to or amend some sort of Master Service Agreement (“MSA”). These documents are typically “contracts” however they are often limited in scope and detail as they generally just pertain to the discreet, specific project at hand. Much of the legal verbiage regarding the actual rights and obligations of the parties to the contract are contained in the MSA.

Read more


Client-Licensed Microsoft Software in Hosted Environments

Hosting services customers often want to use licenses that they have acquired to deploy Microsoft software on a service provider’s servers. Those customers need to be wary about such deployments, as applicable license terms may restrict their ability to deploy the products offsite. However, the service provider needs to be doubly cautious. After all, the software is sitting on the provider’s servers – not the customer’s – so the risk of exposure associated with improper licensing is higher.

Read more


New Opportunities for the Business Software Alliance

The Business Software Alliance (“BSA”) commented on a White House announcement indicating its intent to negotiate a new trade agreement with the European Union. The press release quoted former BSA CEO Robert Holleyman as saying “It is also encouraging that the goals include expanding access to government procurement markets and state-owned enterprises, and affirming the shared US-EU objective of high-level IPR protection and enforcement.”

Read more


Are End-User Agreements for Tangible Products on the Horizon?

Recently, Google received substantial press related to the Terms of Service associated with its new “Google Glass” product offering. For the uninitiated, Google Glass is a $1,500 fashion-challenged eyeglass frame that incorporates a tiny, electronic display screen, visible only to the wearer, beaming texts, search results, maps, and assorted other digital content straight to that wearer’s right eyeball. Google is convinced that it is the next New Thing, so much so that the Terms of Service all eager, early Glass adopters must accept incorporate what may be the next New Thing in tangible product sales – restrictive covenants.

Read more


Whose Job Is It To Manage Software Licensing?

Over the past few years, there has been a large increase in the number of publisher-initiated software audits.  The authority for these audits is often a provision in the end user license agreement which entitles the publisher to audit companies’ installations of the software.  Audited companies often spend tens of thousands of dollars responding to the audits. With such costly (and often un-accrued for) liabilities a distinct possibility, the question that is begged to be asked is where does it make sense to apportion this responsibility. In other words, whose job is it to manage audit risk?

Read more


SPLA-Audit Exposure Difficult to Estimate

One of the first steps we typically recommend to businesses facing software audits from any source is to try to estimate the financial exposure related to those audits. Doing so allows a company to allocate its resources more efficiently and to set aside reserves or make other financial preparations in advance of settlement, when auditors often demand quick action in order to secure more favorable terms.

Read more


SPLA Road Map Outcomes

In a past entry, I mentioned the SPLA Qualification Road Map as a helpful document for companies to use when trying to determine the appropriate license model for Microsoft products deployed in connection with hosted services. Again, the road map takes the form of a flowchart, with each step consisting of a question that is relevant to the “commercial hosting” analysis.

Read more


Defending SPLA Audits: Critical First Steps

Many businesses contact Scott & Scott, LLP regarding Services Provider License Agreement (SPLA) audits after providing extensive information to Microsoft’s auditors and receiving compliance demands that would be ruinous for their bottom lines, if paid in full. At that stage, it might be difficult to “un-ring the bell” with respect to the data allegedly underlying the compliance calculations, forcing an audited business to consider other options – including litigation – for reaching a resolution.

Read more


Paying Someone to Take Your Property

When companies contract out to vendors for services, it is commonplace for the vendor to provide at least an initial draft of the agreement under which the services are to be performed. In most cases, these agreements are slanted to protect the interests of the vendor. This often creates a problem when the services contracted for are artistic or creative in nature (including software development).

Read more


SPLA Basics: Who Needs a SPLA?

We write extensively at this site about some of the finer points pertaining to licensing software under Microsoft’s Services Provider License Agreement (SPLA). However, some businesses new to the model often ask us much more basic questions, like: What is SPLA, and is it right for me?

Read more


FTC Releases Report Regarding Mobile App Privacy Disclosures

In a report released by the Federal Trade Commission (“FTC”) in February 2013, the FTC makes recommendations for best practices concerning privacy disclosures in the hope of making them more effective. While noting the proliferation of smart phone usage and accessibility of apps, as well as the increasing amount of transparent personal data being shared across platforms, the report’s focus with regard to its recommendations is disclosure.

Read more


Is it Possible to Short-Circuit a Software Audit?

Companies react in different ways after receiving a letter from the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA) demanding a software audit. Some ignore the letter, assuming it to be some kind of spam or marketing ploy. This is not advisable. Audit demands from the BSA and SIIA generally are very serious matters, and they can result in federal court litigation if they are neglected or if the auditors determine that a company is not cooperating in good faith.

Read more


Significant Changes for External Client Licensing on Microsoft Products

With the release of the 2013 versions of Exchange Server, Lync Server and SharePoint Server, Microsoft is dispensing with the requirement that companies purchase client licensing for “external users.” External users are defined as “users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents.”

Read more


SPLA Audits and Anonymous / Authenticated / Outsourced / Non-Outsourced Windows Server Licenses

Businesses that have endured audits initiated by Microsoft in connection with Services Provider License Agreements (SPLAs) are all too aware that Microsoft’s auditors spare no effort in identifying opportunities to increase the total amount of the compliance purchases demanded to resolve licensing discrepancies. For serviceproviders that have licensed Windows Server operating systems under SPLA for some time, one of the tactics used by Microsoft stems from  the confusing, bifurcated licensing regime that Microsoft previously applied to that product.

Read more


Be Wary of All Factors Affecting Potential Exposure in Software Audits

Most businesses that try to plan for software audits and to estimate the potential exposure they could incur in the event of those audits know that the primary cost components of that exposure typically are the prices associated with any licenses they may have failed to acquire. For example, if a company determines it has ten installations of Adobe Acrobat Professional for which it does not own licenses, then the exposure associated with those installations may be estimated as the price of ten licenses for Adobe Acrobat Professional.

Read more


Microsoft Releases First Full Offering of Hosted Office

On January 29, Microsoft announced the full release of its new, hosted, “Office 365 Home Premium,” service, which makes its popular suite of Office productivity products available to users over the Internet in return for a recurring subscription fee. Other editions in the Office 365 series also are available under “preview releases.”

Read more


BSA Adds IBM to its Member List

The Business Software Alliance (BSA) recently announced that IBM has joined the software-industry organization as a new member. It remains unclear at this stage whether the new relationship will have an impact on future BSA software audits. Many BSA members tend not to play very prominent roles in the organization’s license-enforcement efforts and instead work with the BSA mostly on efforts to promote the industry.

Read more


ISVs Must Attend to Customer Agreements

Independent software vendors and other companies that distribute third-party software products as part of their proprietary solutions often are predictably good at capturing core business terms in their customer agreements, carefully defining the products and scope of services to be delivered. Unfortunately, far fewer are as reliable about including required, third-party license terms in those agreements, which can make an audit particularly uncomfortable if one of those third parties wants to know about software deployed on end users’ computers. And far fewer still include adequate terms in those agreements to address what happens if an auditor finds licensing discrepancies affecting end-user installations.

Read more


MLS Copyright Lawsuits a Sign of Things to Come?

According to a recent article published by Inman News, multiple listing service (MLS) companies – providers of real-estate listing information for brokers and their agents – may be contemplating the formation of an industry group to enforce the owners’ perceived intellectual property rights against third parties who acquire their data and make it available to others without the MLS providers’ permission. The issue apparently is a long-standing one for MLS providers, and it recently has gained more public attention due to copyright lawsuits filed by two regional providers (one from Maryland and one from Minnesota) against the operator of NeighborCity.com, which allegedly used the plaintiffs’ data in the creation of its real estate agent ratings and referrals site.

Read more


BSA Adds Oracle to its Member List

BSA | The Software Alliance recently announced that Oracle had joined the software-industry organization as a new member. It remains unclear at this stage whether the new relationship will have an impact on future BSA software audits. Many BSA members tend not to play very prominent roles in the organization’s license-enforcement efforts and instead work with the BSA mostly on efforts to promote the industry.

Read more


Copyright Alert System – The “Six Strikes” Warning System

The Center for Copyright Information (“CCI”) and its partners, the Recording Industry Association of America (“RIAA”), Motion Picture Association of America (“MPAA”), and leading U.S. Internet Service Providers (“ISPs”) soon will implement a system designed to reduce illegal file sharing of copyrighted works. The Copyright Alert System (“CAS”), also referred to as the “Six Strikes” system, is a subscriber notice system in which the ISPs will monitor Internet traffic to identify illegal downloads of copyrighted works.

Read more


Software Development Licensing Is Not Free

Many businesses develop their own software products, and they understandably want to save on the licensing costs associated with using third-party tools or products in their development environments. However, not all publishers treat development licensing in the same way, and companies that are familiar with one publisher’s practices may end up in hot water if they assume those practices represent some kind of industry standard.

Read more


California Becomes Third State to Regulate Employer Access to Social Media

Last month, California Governor Jerry Brown signed Assembly Bill 1844 into law, making California the third state, behind Maryland and Illinois, to create statutory privacy protections for social media users from their employers. Senate Bill 1349 applies the same prohibitions on the state’s colleges and universities.

Read more


Second-Hand Software OK in the EU

A flurry of attention surrounded the recent legal saga of Timothy Vernor and his protracted fight against Autodesk to re-sell software via eBay. In the end, it was decided by the Ninth Circuit Court of Appeals that the “first sale” doctrine applicable to other kinds of copyrighted works does not apply to software licenses and that software publishers may use copyright law to prevent the development of a market in second-hand software packages. (More information on the Vernor outcome is available here.)

Read more


State Data Breach Laws Continue to Evolve/Diverge

While data privacy and compliance professionals clamor for a single, Federal data breach notification statute, states have continued to establish and amend their own medley of breach notification statutes. As of September, 2012, 46 states and the District of Columbia have enacted some version of consumer data breach notification requirements. This disparate environment makes compliance under these evolving and sometimes divergent state notification frameworks both technically and logically challenging for organizations that find themselves cleaning up after a data breach.

Read more


Using IBM Software in Clusters May Be Less Risky Now…But Tread Carefully Anyway

In the past, when deploying IBM software licensed on a Processor Value Unit (PVU) basis on servers that are configured in clusters for fail-over or load-balancing reasons, it generally has been necessary to license all servers in the cluster for that product. (Read more here.) Thus, for example, though a business may only be deriving limited functionality from an installation of DB2 Enterprise on one server, if that server is in an 8-unit cluster where each of the physical servers is identical to the one where DB2 is installed, the IBM customer could incur a DB2 Enterprise licensing charge equal to 8 times the amount to license the single host machine.

Read more


Proper Microsoft Licensing in Hosted Environments is a Two-Part Question

Businesses wanting to license Microsoft products for use in connection with solutions delivered to customers over the Internet need to remember proper licensing involves answering two questions:• Are users “accessing” the software?• Is that access “commercial hosting”?Many companies skip to question two, but the answer to question one may keep you from having to address it at all.

Read more


Preventing Bad Press Associated With SIIA Software Audits

The Software & Information Industry Association (“SIIA”) is an organization that pursues copyright infringement claims on behalf of many software publishers against companies it accuses of violating its members’ software license agreements. Although many companies have properly licensed software, many are unable to produce the receipts from software purchased years prior to the audit. In many instances, it is better for innocent companies to settle the SIIA’s claims instead of litigating them.  Because a settlement may be misconstrued to reflect misconduct on the part of a company, many companies insist on a confidentiality provision to keep the existence and terms of settlement confidential. Without a confidentiality provision in the settlement agreement, the SIIA generally is free issue to a press release or publish on its web site details of the terms of settlement and name of the company. It is beneficial to seek counsel from an attorney familiar with the SIIA process to provide proper guidance for the implications regarding a confidentiality provision.

Read more


Making SIIA Settlements Affordable With Payment Terms

Legal fees and expenses can quickly add up defending against a Software & Information Industry Association (“SIIA”) audit and potential software copyright infringement claims. The SIIA typically demands a penalty based on some multiple of the MSRP of each product alleged to have been infringed, in addition to the SIIA’s attorney’s fees and a sometimes requests an additional payment to keep the existence and terms of the settlement confidential. By the time settlement is reached, it may be difficult for a company to pay a large settlement fee related to the alleged copyright infringement.  

Read more


Locating Entitlements for SIIA Software Audit

Once the Software & Information Industry Association (“SIIA”) sends a letter to a company questioning the authenticity of software licensing status and demanding a self audit, it is very important to have proofs of purchase for the licenses in question. Unless a company is able to provide sufficient documentation proving all of the SIIA-member software installed was legally purchased, the SIIA will assume that the SIIA-member software installations are unlicensed and will demand that the company pay a penalty to resolve claims of alleged copyright infringement.

Read more


Seeking Help for an SIIA Audit

After receiving a request from the Software & Information Industry Association (“SIIA”), many companies choose to conduct an internal audit of software installed on their networks. There are multiple considerations regarding the strategy for conducting an audit, including, but not limited to, the nature of the company’s record-keeping, the size of the company, the size of the network, the type of software at issue, and the IT support.

Read more


Data Breach Insurance Coverage Lawsuit Highlights Necessity for Cyber Liability

In August of 2012, the Sixth Circuit ruled on a case that determined who is responsible for the costs associated with loss of data arising from a hacking incident in Retailer Ventures, Inc. v. Nat’l Union Fire Ins. Co., -- F.3d --, 2012 WL 3608432 (6th Cir. Aug. 23, 2012). In this matter, DSW Shoe Warehouse was targeted by computer hackers who successfully accessed their systems and harvested the credit card and checking account information for more than 1.4 million DSW customers. In its efforts to conduct thorough investigations into the incident and comply with the numerous state and federal data breach notification requirements, DSW incurred expenses of more than $5M.

Read more


Beware the Convenient “Intent” of Software Publishers

Most software license agreements used by major publishers like Microsoft and IBM are in many ways vague with respect to license restrictions and metrics. This leaves licensees in the position of having to interpret the agreements based on whatever guidance may be available from the publisher or, often, simply based on the licensees’ own experience and understanding. Unfortunately, that often lands companies in trouble in the context of an audit.

Read more


What is Really Driving the BSA’s “Record Period of Settlements”?

The Business Software Alliance recently issued a breathless press release touting what it characterizes as a “recent wave of high-value unlicensed software cases.” The release goes on to describe eight recent software-audit settlements ranging in amounts from $120,000 to $625,000, with some settling businesses identified by name and others identified only by industry (likely to avoid breaching confidentiality clauses in the corresponding settlement agreements). The implication of the release appears to be that the “significant uptick in high-value cases of unlicensed software” correlates to some increase in the actual incidence rate of “piracy.” 

Read more


Google Alters Search Rankings in Response to Pressure from Media Companies

In a blog post on August 10th, Google announced that it will add a new ranking parameter, or “signal,” to its ever evolving search ranking algorithm: the number of valid copyright removal notices it receives for a given site. Google says that websites with high numbers of “valid copyright removal notices” may result in a lower ranking within search results. Google specifically refers to copyright owners such as NPR, Hulu, and Spotify, when it claims that the new results should benefit legitimate media companies by raising their potential ranking in search results.

Read more


What is a “Hosting” Violation Really Worth?

Using third-party software as components of business solutions delivered to customers over the Internet can be risky. Almost all major software publishers include terms in their license agreements prohibitions or restricting the use of their products for “hosting services” or in connection with “hosted environments.” However, what is level of exposure associated with violating the anti-hosting terms in a software license.

Read more


All License Breaches May Not Constitute Copyright Infringement

At the conclusion of software audits where it appears that software products were installed and used without adequate licensing, many companies find themselves confronting two challenges. First, there is the fact that the software publisher likely is demanding that the company pay penalties or otherwise steep rates to obtain the previously un-purchased licenses, upon threat of license termination. In addition, however, in most cases the publisher also will bellow that its intellectual property rights have been violated and will threaten the company with copyright-infringement exposure. Both can be serious threats for most companies.

Read more


Beware of IBM's “Blue Washing”

Fans of Star Trek likely are familiar with the dreaded Borg – an alien race of cyborgs that survives and swells its ranks primarily by conquering other races and then absorbing them into the collective through brainwashing and physically altering them with Borg-y bionic body parts. Their creepy, trademark greeting to new races is always: “You will be assimilated.”  And so it goes with IBM software. Big Blue grows its business lines as an organization just as much (if not more) through acquiring other companies as it does through originating its own products internally.

Read more


Don’t Buy Software Twice—Ensure Licenses Come from Authorized Resellers

For many small to medium-sized businesses, software license procurement may involve little more than an Internet search for the lowest price. Budgeting constraints often demand it, and especially in the wake of costly software audits by organizations like the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA), companies may be bordering on desperate to find the best deal available. Unfortunately, that impulse can lead to trouble if the company ends up giving its money to a vendor that is not authorized to resell valid licenses.

Read more


Connecticut Amends Data Breach Notification Statute

On June 15, 2012, Connecticut amended the state’s security breach notification law. The amendment will go into effect on October 1, 2012, and requires businesses to notify the state Attorney General when notice of a security breach is provided to state residents—with such notice to affected residents to be provided “without unreasonable delay.” Connecticut follows Vermont as the second state this summer to amend its data breach statute to require notice to be given to the state’s Attorney General.

Read more


Be Wary of Audit Tools Promoted by Software Auditors

Most companies with more than a handful of computers in their IT environments rely on the results of network-inventory tools to gather the deployment data needed for accurate software audits. Without the tools, a business would be required to assign valuable resources to manually looking at the titles installed on each machine. Therefore, it should not be surprising when a vendor requesting an audit suggests or even requires the use of an automated tool to assist with the discovery process

Read more


OCR’S HIPAA Audit Protocol

On June 26th, the Office for Civil Rights (OCR),the federal agency that enforces the privacy and security regulations underHIPAA, published theprotocol it uses to conduct the audits required by the 2009 HITECH Act. Accordingto OCR, the protocol is designed to analyze the “processes, controls, andpolicies” of covered entities in an effort to measure compliance under theHIPAA mandate. OCR set out three different areas that will be analyzed underthis audit protocol: 1) privacy; 2) security; and 3) breach notification.

Read more


A Global Definition for Software “Hosting”

I previously have discussed what “commercial hosting” means when it comes to Microsoft software, but the universe of problems created by the “hosting” ambiguity obviously is bigger than just Microsoft. Almost all software publishers restrict or prohibit – to varying degrees – their customers’ ability to use the software products they license in connection with solutions delivered to end users over the Internet.

Read more


Five Key Provisions to Consider When Negotiating Software Licenses

The form and structure of software licenses and use agreements have changed substantially over the past ten years. From the advent of estate or enterprise-based licensing models to software-as-a-service (SaaS), licenses and agreements come in a variety of forms to address a wide range of circumstances. Although the terms and forms change for these agreements, the following key provisions remain more-or-less consistent across all types:

Read more


Technical Challenges Associated with “Hosting” Restrictions in License Agreements

Most software publishers put limits on (or under some circumstances simply prohibit) the use of their products in connection with solutions delivered over the Internet to third-party end users. The license terms imposing such restrictions often can be difficult to interpret (as discussed previously). However, even in cases where the controlling language is relatively clear, it can remain difficult for CIOs to determine how to accurately and correctly track "hosted" deployments and "non-hosted" deployments for licensing purposes. 

Read more


IT Procurement Negotiations – The Importance of Setting Expectations

Negotiation of product and services contracts should include more than just the business terms, but many times the "standard terms and conditions" or "boilerplate" is glossed over by the vendor and ignored by the procurement team. For IT-related products and services, it is the language in these "boilerplate" provisions that often control which party shoulders the principal risks associated with the transaction-particularly the data privacy and security, intellectual property infringement, and confidentiality risks-so negotiation of all of the language contained in the vendor's contracts is critical.  

Read more


Autodesk Audits: How to Effectively Scan Your Network and Prepare Accurate Results

Conducting a self-audit while facing potential copyright infringement claims from Autodesk or any other software publisher often is complicated and time-consuming. Nevertheless, it is critical to choose an appropriate method to ensure the audit results are accurate.

Read more


IBM’s Standard Audit Clause is a Time Bomb

It is standard practice for software vendors to include clauses in their license agreements giving the vendors the right to invoke audits or some other mechanisms to ensure that the licensed products are used in a way that is consistent with agreed licensing restrictions. Most software consumers would agree – perhaps grudgingly – that such provisions make sense. After all, a software vendor’s life blood is its products, and if it allows those products to be used without adequate licensing, it risks both financial loss and damage to the value of its intellectual property.

Read more


What If I Discover Unlicensed IBM Software on My Servers?

Software license compliance is a task that typicallyrequires constant vigilance. Despite a CIO’s best efforts, it is almost inevitablethat software will be deployed on a company’s computers at some point withouthaving the necessary licenses to permit such use. For most software, theresponse to such a discovery will be to simply remove any unlicensed, unneededproducts and to purchase licenses for whatever is left. However, with IBMsoftware, that solution may not resolve all liability associated with theunlicensed deployments. 

Read more


What Is “Commercial Hosting” When It Comes To Microsoft Software?

Many companies using Microsoft products to deliver services to their customers are familiar with the “commercial hosting” prohibition included in most Microsoft license agreements:You may not host the products for commercial hosting services.Most CIOs reading that prohibition also are familiar with the feeling of deep confusion that can arise when they notice that Microsoft has utterly failed to include any definitions or guidance in its license agreements regarding what “host” or “commercial hosting services” means.

Read more


Cyber Intelligence Sharing and Protection Act Bill Passes House

On April 26, 2012, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). According to the bill sponsors, CISPA is an essential update to the National Security Act of 1947 that adds provisions allowing for information about “cyber threats” to be shared between the government and private industry.

Read more


Varicent Customers Should Plan for Audits by IBM

In April 2012, IBM announced that it had reached an agreement to acquire Varicent Software, Inc., an Ontario-based publisher of analytics software for compensation and sales performance management. According to the announcement, Varicent’s customers include Starwood Hotels, Covidien, Dex One, Manpower, Hertz, Office Depot and Farmers.

Read more


Warning: Business Software Alliance Reorganization May Affect You

The Business Software Alliance announced in a press release late last week that they are reorganizing the organization into two operating units: one focused on increasing its focus on software anti-piracy and the other on global advocacy around key emerging issues for the technology industry including privacy and security and intellectual property protection.

Read more


Avoid Pitfalls When Deploying ILMT for IBM Software

IBM software is expensive. In some cases, very expensive. While this may represent a necessary cost of doing business for many companies with mission-critical software solutions developed on or using IBM applications, all IBM customers clearly are incentivized to maximize the value of their software expenditures with Big Blue.

Read more


Top Three Decisions for Microsoft Enrollment for Application Platform

An increasing number of enterprises are considering the value of Microsoft’s enterprise-level licensing models. The model with which companies are most familiar likely is the Enterprise Agreement (“EA”), under which a business licenses all of its desktops for Windows, Office and/or client access licenses, with the cost of those licenses being payable in three installments over the term of an EA enrollment (usually three years). During that term, the company can upgrade to the most current version of the licensed software and can deploy additional desktops without first purchasing licenses in advance, all subject to annual true-up orders.

Read more


White House Outlines Consumer Privacy Bill of Rights

In late February 2012, the White House outlined a consumer data privacy framework that includes a “Consumer Privacy Bill of Rights” in a report entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” In it, the administration sets out a plan for a four-element approach to protection of consumer privacy: 1) enumerate the consumer privacy rights; 2) encourage industry developed of codes of conduct; 3) strengthen FTC enforcement power; and 4) ensure interoperability with international privacy rules and regulations.

Read more


Software-Audit Compliance Demands Often Include “Fuzzy Math”

In defending against software audits initiated by publishers such as Microsoft or IBM, many businesses make the mistake of assuming that those publishers or their designated auditors know what they are talking about when it comes to determining what licenses need to be purchased in order to achieve compliance. After all, the companies that wrote the license rules certainly know how and intend to apply them fairly, right?

Read more


Software-Audit Compliance Demands Often Include “Fuzzy Math”

In defending against software audits initiated by publishers such as Microsoft or IBM, many businesses make the mistake of assuming that those publishers or their designated auditors know what they are talking about when it comes to determining what licenses need to be purchased in order to achieve compliance. After all, the companies that wrote the license rules certainly know how and intend to apply them fairly, right?

Read more


New IBM Passport Advantage Agreement Drastically Changes Support Requirements

One of the major changes in the latest version of IBM’s Passport Advantage Agreement is the requirement that customers maintain subscription and support (S&S) on either all of the licenses that are installed and in service or none of the licenses. Customers can no longer maintain subscription and support on only some of the licenses in use.

Read more


Effective Audit-Response Policies Can Be Vital in Responding to Software Audits

Businesses often have close relationshipswith software vendors, and that close-ness usually is in direct proportion tothe extent and importance of those vendors’ software products in thebusinesses’ network environments. However, despite their best marketingefforts, software vendors’ interests always will remain aligned primarily withtheir own bottom line, and that often means that information shared with themcan and will be used against licensees in future transactions or, worse, in thecontext of an audit.

Read more


Big Changes for Microsoft System Center Licensing

Business software buyers increasingly are aware of the significant changes that Microsoft will be implementing to the license metrics for SQL Server when version 2012 of the popular database solution is released this April. However, of potentially equal or even greater significance for some companies is the fact that Microsoft also is planning big changes for the license rules applicable to System Center when version 2012 of the network-management line of products is released, likely in April alongside SQL Server.

Read more


Judge Allows Sales of “Used” MP3 Files to Continue

On February 6, 2012, a judge for the U.S. District Court for the Southern District of New York ruled that ReDigi – an upstart, online marketplace for “used” MP3 files – can continue operating pending the outcome of copyright-infringement litigation initiated by Capitol Records. ReDigi went live in October 2011 with a business model that uses proprietary technology to verify, transfer and delete instances of digital music content from a user’s computer for inclusion in an online library of MP3 files available for download by others.

Read more


Windows Server Licensing Under SPLA

Licensing under Microsoft’s Service Provider License Agreement (SPLA) often is not a simple process. There are monthly true-ups to process, user management policies to follow, and the specter of increasingly frequent audits looming large. To complicate things further, licensing rules for Microsoft server products vary significantly. Some products, such as Exchange, can only be licensed on a per user basis, while other products give the partner the choice of whether to license using a per-user or per-processor modelWindows Server Licensing Under SPLA

Read more


Top Five Important Provisions In Technology Vendor Agreements

Although technology spending has made up a significant chunk of company’s yearly budgets for some time, many organizations have been slow to develop the expertise necessary to review and negotiate the associated technology agreements—and I’m talking about both the customers and the vendors. Many of these agreements appear to be based on outdated templates that were customized by someone with an incomplete understanding of the unique risks associated with the technology, the industry trends with respect to specific provisions, or the law.

Read more


BSA Secures Half-Million Dollar Settlement with Texas Software Firm

The Business Software Alliance (BSA) announced on February 6, 2012 that it has signed a settlement with PCS-CTS, a Houston-based company providing supply-chain software solutions. Under the settlement, PCS-CTS agreed to pay the BSA a total settlement of $500,000.00 to settle claims that the company had unlicensed copies of Adobe, Filemaker, Microsoft, and Symantec software installed on its computers. The BSA’s announcement indicates that the amount of the settlement is the largest ever reached with a Texas-based business.

Read more


Copyrighting Web-Based Software Applications

There are a number of ways to protect the intellectual property in software, but by far, the most commonly used method for protecting software IP is to register the software code as a literary work with the Copyright Office. The process is generally pretty straightforward: gather the code, print it to PDF, and send it off to the copyright office with a note that you would like to register the code as a literary work. While there are some specific instructions regarding the deposit and how to protect any portions of the code that may be trade secrets (hint, stock up on markers), the process typically is not much more complicated than that.

Read more


Courts May Refuse to Compel the BSA and SIIA to Identify Their Informants

On January 12, 2012, the D.C. Court of Appeals held that the Software & Information Industry Association (SIIA) would not be required to disclose the name of one of its confidential informants in a civil case for defamation. Solers, Inc. had filed its lawsuit against a John Doe defendant for defamation after it resolved a software-audit investigation initiated by the SIIA. The SIIA had alleged, based on information that it previously had received from the anonymous defendant, that Solers was using a number of copies of SIIA-member software products in excess of the number of licenses it had purchased for that software. Solers had attempted to force the SIIA to disclose the name of its informant in order to proceed with the defamation action.

Read more


Getting More Value from the Microsoft Enterprise Agreement - Top Five Amendments to Consider

The “off-the-shelf” Microsoft Enterprise Agreement provides considerable flexibility for both Microsoft and its customers to construct a deal that is a good fit for both parties. That being said, there are some fundamental limitations at the core of the agreement that may prevent the customer from extracting maximum value from the EA. Below is a list of five important revisions to make to the contractual language in the EA in order to unlock the potential value stored within its pages.

Read more


Tips to Improve the Enforceability of Click-Wrap License Agreements

A very significant portion of Internet commerce today depends on the use and enforceability of “click-wrap” license and service agreements – legal terms that typically are presented to a customer during the service-ordering or software-installation process and that usually do not allow for any negotiation or modifications by the customer. Click-wrap agreements represent the evolution of “shrink-wrap” agreements, which for many years have been attached to the packaging of software products purchased in stores. As with shrink-wrap terms, the use of click-wrap agreements is not surprising, given the fact that most consumers of software or other products and services delivered over the Internet do not want or expect to sign more traditional contracts in order to use those products and services.

Read more


Compliance Documentation After BSA and SIIA Settlements – Three Top Tips

In a previous post, I introduced the concept of post-settlement compliance following the settlement of audits initiated by the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA). As noted before, the first step to completing the compliance review process is setting a baseline to determine what software is installed compared to what licenses are owned by the business.

Read more


Software Compliance After BSA and SIIA Settlements

Your business has just finished spending the last year of its corporate life responding to a software audit demanded by the Business Software Alliance (BSA) or the Software &Information Industry Association (SIIA). It has devoted substantial time and internal resources in an effort to gather an accurate inventory of software installations, together with all available documentation of license purchases. It also has incurred legal fees in order to obtain counsel regarding the audit process and to protect its rights during settlement negotiations. Management understandably is ready to move on.

Read more


Microsoft Enterprise Agreements - The Fine Print

Any Microsoft Enterprise Agreement (EA) negotiation should involve not only the organization’s IT budgeting, compliance, and forecasting groups, but also in-house or outside counsel for analysis of the legal and business risks that are not necessarily front-and-center during the negotiation process. A significant obstacle in the way of fully understanding the applicable rights and obligations under the EA is knowing which agreements apply, and in which order. Many times, decision makers review only a portion of the agreements during an EA negotiation and do not appreciate how the entire document set integrates to establish the parties’ respective rights and obligations.

Read more


Your Adobe Software May Be Phoning Home Without Your Knowledge

Increasingly, software publishers are looking for new tools and processes to assist them in their license-enforcement programs. While such efforts are understandable to a degree, they sometimes can include methods that are somewhat dubious at least from a customer-relations perspective, if not from a legal perspective. One provision from Adobe’s most recent end-user license terms provides a good example. (The full EULA is available here

Read more


Accurate Inventory Information Crucial to Audit Outcome

Obvious though it may sound, in almost every software audit the most crucial element contributing to a positive outcome is an accurate inventory of what software is deployed. Unfortunately, far too many businesses faced with an audit end up receiving grossly overinflated compliance-purchase demands, because the inventory data received by the auditors and used to calculate a license position is faulty. Here are three top tips for taming the inventory beast:

Read more


Software Audits Increase in 2012: What To Do

The number of software audits requested by software publishers and their trade groups including the Business Software Association (BSA) and Software & Information Industry Association (SIIA) will increase dramatically in 2012.

Read more


Business Software Alliance Runs Contest for Software Piracy Leads

The Business Software Alliance (BSA), the enforcement and lobbying arm of a private trade organization of approximately 100 members including Adobe, Autodesk, IBM, Microsoft, and Symantec, recently introduced the BSA Anti-Piracy Lead Generation Drawing offering a chance to win $1,000 cash for making anonymous reports of software piracy. As part of its new No Piracy Campaign, the BSA has established a web site Report Piracy Now that includes a recorded interview with an actual BSA informant—an IT consultant who reported a client’s alleged software piracy.

Read more


Kaspersky Parts Ways With BSA For Supporting SOPA

Kaspersky Lab, a past member of theBusiness Software Alliance (“BSA”), which enforces copyrights on behalf ofsoftware publishers, announced recently that it has disassociated itself from theBSA in opposition of the BSA’s support for the controversial “Stop OnlinePiracy Act” (“SOPA”).

Read more


Virtualization Rights Under The Enrollment For Core Infrastructure

We have previously examined the Enrollment for Core Infrastructure (ECI) program, a relatively recent “add-on” under the Microsoft Enterprise Agreement. ECI provides for volume licensing of Core Infrastructure Server Suite (CIS Suite), a server operating systems and management software bundle. ECI offers three flavors of the CIS on a per-processor basis: Standard, Enterprise, and Datacenter. The main benefit of the ECI aside from its potential costs savings is the simplification of server licensing for virtualization.

Read more


Server-Client Assessments in Microsoft Audits are Complex Undertakings

Microsoftaudits – especially for larger companies – often are resource-intensive andexhausting undertakings even for the most well prepared IT teams. However,certain aspects of such audits often present more challenges than others. Inour experience, the most difficult data to inventory and analyze accuratelyusually are those related to server clients.

Read more


Written SPLA Licensing Procedures Can Be Helpful Assets During an Audit

The Microsoft Services Provider License Agreement (SPLA), together with the Business Agreement (MBA) or Businesses and Services Agreement (MBSA) to which it almost always is attached, is a complex set of legal documents that demand careful consideration in order to avoid unnecessary licensing exposure. However, many businesses that license Microsoft products under a SPLA (typically in order to provide hosted software services to their customers over the Internet) often do not pay adequate attention to all of the restrictions and obligations contained in those agreements. All too often, in the event of an audit, such past inattention to these issues can result in substantial penalties for non-compliance.

Read more


Microsoft Server Licensing Under Enrollments for Core Infrastructure

We have covered Microsoft enterprise licensing options in detail, but have yet to discuss the changes that Microsoft has made to the server-side of the Enterprise Agreement. The traditional Microsoft Enterprise Agreement focuses on enterprise-wide desktop deployments and does not address server platform licenses as comprehensively. To account for this, Microsoft introduced the Enrollment for Core Infrastructure (ECI) addition to the standard EA that provides customers with the flexibility available under the EA to deploy core server platform software across their organizations.

Read more


BSA Advocates Revisions to SOPA

The Business Software Alliance ("BSA"), an organization that represents software publishers in efforts to combat software piracy and copyright infringement, voiced concerns in a November 21 blog entry regarding the current Stop Online Piracy Act ("SOPA") pending before a House of Representatives committee.

Read more


Qualified Desktops and Industry Devices in Microsoft Enterprise Agreements

As we’ve discussed herebefore, Microsoft Enterprise Agreements ("EA") can offer significant opportunities for large companies to enjoy both IT asset and management cost savings. However, many enterprise-level customers that fit into the target market for an EA have complex corporate environments that make a single one-size-fits-all agreement difficult to squeeze into. One of the tightest fits that complex corporate customers experience is when attempting to apply the standard EA definitions of Qualified Devices and Industry Devices (also referred to as Line-of-Business Devices) to their organizations. Essentially, the standard EA requires a business to purchase the same licenses for every desktop computer in the organization, unless that desktop computer meets the narrow definition of an Industry Device.

Read more


Pros and Cons of Major Server-Software Licensing Models

Today, businesses have more options and more flexibility in acquiring licensing to accommodate their software needs. However, with that flexibility often come complex software asset management (SAM) obligations, the neglect of which can prove to be extremely costly.

Read more


Attempts to Transfer Microsoft Licenses May be Ineffective

Like most software publishers, Microsoft includes terms in its standard license agreements to restrict a licensee’s ability to resell or otherwise assign to another party the right to install or use software. Increasing the level of difficulty for IT groups trying to manage their software assets, different types of Microsoft licenses come with different transfer restrictions. For retail off-the-shelf products, known as "full packaged product" or "FPP," and pre-installed software, called "original equipment manufacturer" or "OEM," licenses usually may be transferred without Microsoft’s consent, but these transfers are subject to limitations on the number of transfers (usually just one) and requirements that the transfer must be made along with the hardware on which it was originally installed. However, attempting to assign or transfer Microsoft software purchased under a volume license agreement often is considerably more difficult.

Read more


Challenges of Microsoft Server-Client Licensing

The basic model for licensing Microsoft server software – both for operating systems and for applications – is to purchase a license permitting the installation of the software on a server and a number of client-access licenses (CALs) equal to the number of users or devices that will be accessing that software over a network. Most IT teams are familiar with the basic server + CAL model. However, there are a number of complicating factors to keep in mind when analyzing licensing needs for these products in order to ensure that licensing requirements are met without overspending.

Read more


Enterprise Software Licensing vs. Self-Hosting – Top Three Things to Remember

Most business managers looking to license software in a large organization are interested in two key goals: cost reduction and flexibility. Cost reduction is an obvious goal. Flexibility is another matter, however. Retail licensing for large enterprises usually is a non-starter – retail licenses generally are more expensive per seat, are more difficult to track against software installations, and require a company to accurately forecast its software needs into the future, with a large up-front capital expenditure. Therefore, at a certain size, many companies start looking for alternatives, and those alternatives (for Microsoft products, at least) often take the form of either an Enterprise Agreement (EA) or a "self-hosting" solution under a Services Provider License Agreement (SPLA). Here are some of the most important things to keep in mind when trying to decide between them:

Read more


Office for Civil Rights to Begin HIPAA/HITECH Audits

On November 8, the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services notified members of its HIPAA Privacy Rule listserv that it will begin conducting a pilot program of the audit requirement under Section 13411 of the HITECH Act. In the communication, OCR indicated that it will perform approximately 150 audits of covered entities in order to assess the protocols established for conducting the audits as well as to uncover any additional risks or vulnerabilities in the privacy and security rules themselves. The targeted covered entities will be notified of the request for their participation sometime this month, with OCR’s goal to conclude these pilot program audits by the end of next year.

Read more


Non-SPLA Licensing for Hosted Microsoft Software

Most businesses seeking to license Microsoft software for the purpose of delivering hosted software solutions over the Internet turn first to the company’s Services Provider License Agreement (SPLA). SPLA is Microsoft’s flagship licensing model for commercial hosting services, and it offers the primary benefit of permitting a licensed hosting company to pay on a month-to-month basis only for the products ordered by its customers. For many businesses, that model may work fine, but others may not want to undertake the expense or hassle of entering into yet another contractual relationship with Microsoft. In those cases, businesses may want to consider the Self-Hosted Applications (SHA) rights that are available for certain products licensed under one of Microsoft’s several other, volume-licensing models (e.g., Open, Select, Enterprise). Some of the notable differences between SHA and SPLA include:

Read more


Pros and Cons of Auto-Entrolling New Affiliates Under an Enterprise Agreement

The basics of Microsoft Enterprise Agreements have been covered here many times before, but in order to understand the subject of post-EA acquisitions, it is helpful to revisit the most fundamental of EA basics: under the Microsoft EA, an organization is required to license a specific desktop bundle across all Qualified Users or Desktops in the Enterprise. So, during the term of an EA, the Enrolled Affiliate is required to pay for a license for all new Qualified Desktops or Users added to the Enterprise. For some companies, increases in Qualified Users or Desktops are due simply to workforce growth. However, for enterprise-level organizations, many increases in Qualified Users or Desktops may come from business-unit or entity acquisitions.

Read more


SOPA Moves To House Committee with Modifications

The U.S. House Judiciary Committee will consider the Stop Online Piracy Act ("SOPA") on November 16, a bill designed to complement the proposed PROTECT IP Act in the Senate in efforts to fight online piracy and copyright infringement.

Read more


Licensing Microsoft Applications in a Citrix Environment

Many organizations allow their users to access desktop applications like Microsoft Office through Citrix, which is often used to control the number of users who can access the software at any one time. These organizations need to carefully evaluate whether they are legally able to install applications on their network for remote-user access and also need to evaluate how many application licenses are required to ensure that all such access through Citrix is proper.

Read more


SPLA in a Supply Chain – Three Important Concerns to Keep in Mind

Many businesses use the rights granted under a Services Provider License Agreement (SPLA) to deliver hosted software solutions or, optionally, rental hardware to their customers. Many other businesses also would like to use a base licensing agreement with Microsoft – like a SPLA – in order to equip resellers or other business partners in a supply chain to deliver hosted solutions or other services to customers with whom those partners have the primary business relationship. SPLA can work under those circumstances, but there are a few very important points to keep in mind:

Read more


Microsoft Enterprise Agreement - True-Up Timing

The Microsoft Enterprise Agreement (EA) provides large organizations with significant licensing and administrative cost savings over traditional off-the-shelf or OEM licenses. Under an EA, a company that has 250 or more desktops can license a standard image (or images, if you know what to ask for), that includes an operating system and productivity suite for every computer in the organization as well as server operating systems, databases, and other software platforms. One of the primary, administrative cost savings under an EA is the yearly true-up process for purchasing new licenses. The true-up process is intended to make it easy to deploy new software over the course of a year without the burden of purchasing the software as it is installed. However, there are differences in the timing of the true up that can complicate the process somewhat

Read more


Can a Laches Defense Help in Defense of Software-Copyright Claims?

Copyright remedies can hurt. A copyright owner can force an infringer to pay damages equal to lost licensing fees and profits derived from infringing activities, or it can opt for an award of statutory damages up to $150,000 per copyrighted work, if the infringement is found to be willful. For many businesses, though, much worse than any of that is the threat of an injunction barring use of a software product, or, outside the context of litigation, simply the loss of a license for software deployed for business-critical purposes. If, for example, your business depends on IBM operating systems, middleware (like WebSphere) and database software (like DB2 or Informix) to deliver your products and services to customers, your loss of licensing for that software can cause a severe disruption to your business, if not the end of your business altogether. IBM in particular knows this, and it will not hesitate to use this fact as leverage in the event of an audit.

Read more


How to Protect Trade Secrets in the Cloud

Although cloud computing often delivers reduced costs and increased flexibility, cloud customers now find themselves storing potentially sensitive data via someone else’s applications, on someone else’s databases, located at someone else’s facilities. What used to be locked up in a filing cabinet in the basement is now…well…who knows where? And this loss of logistical control over company information can be troubling—especially for that most tenuous form of intellectual property: the trade secret.

Read more


Client-Licensing Basics for Microsoft Server Products

Many businesses struggle with the task of determining what kinds and quantities of licenses are needed in order to deploy Microsoft operating systems and client-accessed applications on their servers. The first step in that process often is the most difficult: deciding whether to use “traditional” server + client access licenses (CALs), processor licenses or External Connector licenses (where available), or an appropriate licensing metric under a Services Provider License Agreement (SPLA). Here are some analytical questions to ask when seeking a solution to that question:

Read more


Business Downturn Protections in Microsoft Enterprise Agreements

Many organizations take advantage of the volume discounts offered by software vendors in return for a commitment to purchase a pre-determined number of licenses. Microsoft typically offers these discounts through a number of different licensing programs, including Enterprise Agreement (EA), Enterprise Subscription (EAS), Select, and Services Provider License Agreements (SPLAs). The deepest discounts generally are available for those organizations that qualify for the EA and that and are willing to undertake the true-up requirements of that program. The EA also requires the licensee to maintain licenses at a minimum count regardless of need.

Read more


Cost-Effective SQL Server Client Licensing Can Be A Difficult Target To Hit

Most business owners are familiar with the “traditional” server-plus-client licensing scheme for many Microsoft server software products, such as Windows Server operating systems, Exchange messaging software and SQL Server database software. That is, you purchase one license permitting the installation and operation of the software on a server, and then, in addition, you purchase client access licenses (CALs) in sufficient quantity to allow devices or users on the network to access and use that software. Many business owners also are familiar with the processor-based licensing option for SQL Server, where you purchase a (much more expensive) license for each physical processor running on the server where the software is installed, but then acquire the right to have an unlimited number of users or devices access and use the software. However, determining when it makes sense to move from server + CAL to processor-based licensing is no easy trick, especially as IT environments start increasing in size.

Read more


The Risks of IBM Sub-Capacity Licensing

I am an intellectual property attorney specializing in defending end-users in software audit matters including those initiated by IBM.  We get hired by targets of IBM audits to facilitate the flow of information and protect the client's interest in the audit process.  The most significant compliance claims we have encountered arise under Virtualization Capacity (Sub-Capacity) License terms in IBM's Passport Advantage Licensing offering.  According to IBM, Sub-Capacity licensing "allows flexible software licensing using advanced virtualization capabilities such as shared processor pools, micro-partitioning, virtual machines and dynamic reallocation of resources."  Sub Capacity Licensing is very attractive in data center environments because "it enables customers to license software for only the processor core capacity available to the partition hosting the IBM software."   Although very attractive, Sub-Capacity licensing can create very significant legal liability under two common fact patterns.

Read more


Supreme Court Allows Pro-Autodesk Decision to Remain Intact in Ninth Circuit

On October 3, 2011, the U.S. Supreme Court declined a request to grant certiorari in the case of Vernor v. Autodesk, in which the Ninth Circuit found that Autodesk could use copyright law to prevent an eBay user from re-selling its software products via the popular auction site. The Supreme Court’s refusal to hear the case means that, at least in the Ninth Circuit, software publishers like Autodesk may continue to seek injunctions and other remedies against those who attempt to distribute copies of a copyrighted software product without a license.

Read more


Supreme Court Allows Pro-Autodesk Decision to Remain Intact in Ninth Circuit

On October 3, 2011, the U.S. Supreme Court declined a request to grant certiorari in the case of Vernor v. Autodesk, in which the Ninth Circuit found that Autodesk could use copyright law to prevent an eBay user from re-selling its software products via the popular auction site. The Supreme Court’s refusal to hear the case means that, at least in the Ninth Circuit, software publishers like Autodesk may continue to seek injunctions and other remedies against those who attempt to distribute copies of a copyrighted software product without a license.

Read more


Microsoft Volume Licensing - SPLA and Internal Use

Microsoft offers a number of volume license programs designed for use by organizations with more than 250 desktops. The Microsoft Enterprise Agreement (EA) and Enterprise Subscription (EAS) agreements are for organizations licensing products for internal use only. For companies that have the need to license software for use by their customers – say, for companies offering hosting services – Microsoft developed the Service Provider License Agreement, or SPLA. With the SPLA, organizations that are Microsoft Partners can provide access to Microsoft software by purchasing either Per-Processor or Subscriber-Access Licenses for a number of Microsoft titles. In addition, however, the SPLA also permits these Partners to deploy the software licensed under the SPLA for internal use.

Read more


IBM Software Audit Step Number 1: Read the Contract

When first contacted by IBM for a “compliance review” (read: software audit), many business owners simply assume that the scope of the requested audit is within IBM’s rights under applicable licensing agreements. Alternatively, if they do request that IBM identify the basis for the audit demand, they take it at its word that those rights are described accurately in the current, standard-form license agreements. This is a mistake.

Read more


SIIA’s Corporate Content Anti-Piracy Program Continues Apace

The Software & Information Industry Association (SIIA) is well known for contacting businesses regarding claims of copyright infringement based un unlicensed use of its members’ software. The audit process associated with those matters can be arduous, and fines payable to the SIIA at the conclusion of an audit can be, in some cases, crippling to a company’s bottom line. However, the SIIA does not limit itself to copyright claims related to software.

Read more


Microsoft Enterprise Agreement vs. Enterprise Subscription

Microsoft has long offered the Enterprise Agreement (or, “EA”), a licensing scheme for organizations with 250 or more desktops that consists of a three-year term providing free software upgrades during the term of the agreement and a perpetual license for the software at the expiration of the agreement. In the past few years, Microsoft has added an additional licensing scheme – called the Enterprise Subscription – for organizations that do not necessarily need perpetual licenses. This agreement also has a three-year term and software upgrades, but includes a non-perpetual license that expires at the end of the term.

Read more


Microsoft Company Store Restricts Terms of Use, Leads to Licensing Confusion

Microsoft offers its employees an opportunity to buy discounted software if they agree to restrictive usage terms when purchasing from the Microsoft Company Store. In addition to the online Microsoft Company Store, employees may go to one of a few different physical locations, including one near the Microsoft campus visitor center. The Microsoft Company Store is separate and distinct from the online Microsoft Store, which is aimed at the general public.

Read more


Top Three IBM Software Licensing Challenges

In the past, I have covered some of the most problematic aspects of standard IBM software license agreements. However, IBM software licensing can be a recurring nightmare for procurement teams and IT administrators for reasons that extend beyond the four corners of those agreements. Three of the more “global” challenges associated with correct licensing of IBM software products include the following:

Read more


Microsoft Enterprise Agreement – Understanding Qualified Desktops and Users

Software licensing for medium to large companies is complicated. Not only are the software license agreements often hard to read and understand, but the terms frequently change with little notification to the user. Deploying software across an entire enterprise, therefore, can be exceedingly complex, and it requires both technical expertise and a thorough understanding of the practical application of the terms and conditions of the licenses. Many organizations, relying on their senior IT professional to make software purchasing recommendations, fail to submit the licensing agreements to legal review. For those that do submit the licenses to legal, the lawyers reading the agreements often will understand the typical contract language—the indemnities and limitations of liabilities of the world—but they often will not fully appreciate the practical effect of the license on implementation, deployment, and compliance.

Read more


Brasher’s Idaho Auto Auction

In Brasher’s Idaho Auto Auction vs. Software & Information Industry Association, Adobe Systems, Corel, McAfee, Symantec, Idaho Auto Auction, ADP, and Robert William Gillespie filed in U.S. District court for the District of Idaho (Case #1:11-cv-00310-REB), the plaintiff, a target of an SIIA audit, is asking the court to determine who is legally responsible for the unlicensed software found on its computers during the audit.

Read more


Microsoft Server Licensing – Shared Resources for Internal and External Users

When it comes to Microsoft licensing, we are frequently asked how to license for a situation where a Microsoft server resource is to be accessed both by internal company employees and external non-employee affiliates. Our typical legalese answer to this perfectly reasonable question: “It depends.” The correct answer (read: most-cost-effective-while-still-being-compliant answer) requires an examination of the circumstances surrounding the required access (number of users, manner of access, specific server products implicated) and a grasp of company’s current licensing environment with Microsoft.

Read more


SQL Server Licensing Perils: Free and Paid Components

Correct licensing for Microsoft SQL Server database software can be a complex undertaking, and in light of the prices charged for certain kinds of SQL Server licenses, it also is an undertaking where mistakes can be extremely costly.

Read more


New Texas Healthcare Privacy Law

Starting on September 1, 2012, businesses handling electronic protected health information (ePHI) in Texas will be subject to more stringent data privacy and security regulations and harsher penalties than those imposed by federal HIPAA regulations. Among other things, the new bill, signed into law in June 2011 by Governor Rick Perry, expands on the HIPAA definition of a “covered entity.”

Read more


Overview of Proposed Federal Data Privacy Legislation for 2011

Arguably as a result of the Obama administration’s call for federal data privacy and security legislation, a number of bills have been introduced this year in both the House and Senate to address consumer-data privacy issues. Introduced earlier this spring were the Do Not Track Online Act, discussed here previously, and the comprehensive, Commercial Privacy Bill of Rights Act sponsored by political heavyweights Senators John Kerry and John McCain. A new crop of bills introduced this summer focuses on data-protection procedures and breach-notification requirements. Highlights from these entries, by Senators Leahy and Pryor and Representative Bono Mack, are outlined below.

Read more


Top Four Terms to Remember when Purchasing Autodesk Software

Software-license compliance can be a difficult task, and understanding the standard Autodesk Software License Agreement may present challenges. Here are four of the most important terms in that agreement to remember for compliance purposes:

Read more


Online Software Purchases – The Good, The Bad and The Ugly

Businesses understandably want to reduce both the time spent shopping for software licenses and the amount to be paid to acquire those licenses. However, efforts to minimize license spends online can have negative unintended consequences. If you are shopping at a software publisher’s own online marketplace (such as Adobe’s or Autodesk’s stores), then you usually can rest assured that you at least have the tools available to purchase the correct kind and quantity of genuine licenses. However, the pricing available at those stores often is higher than the pricing available through third-party resellers.

Read more


Who Gets Sued for Software Compliance Violations?

A recent Northern District of Idaho case should shed some light on how to apportion legal liability for copyright infringement damages related to business software usage. In Brasher’s vs. The Software & Information Industry Association, Adobe, Corel, McAfee, Symantec, Idaho Auto Auction, ADP, and Robert Gillespie, plaintiff Brasher’s, the target of an SIIA software audit, filed suit asking the court to determine who is legally responsible for unlicensed software found on its computers during the audit.

Read more


Top Three Challenges in Standard IBM License Agreements

IBM software licensing can present an array of interpretive and compliance challenges for even the most sophisticated licensees. Here are three of the most important things to keep in mind when planning to license IBM products under the company’s standard-form agreements (which, for the vast majority of IBM customers, are essentially the company’s only agreements, since IBM generally is loathe to deviate from them).

Read more


Microsoft Certificates of Authenticity May Not Constitute Proof of Licensing

The Business Software Alliance (“BSA”) and Software Industry & Information Association (“SIIA”) work on behalf of their members (the lists of which include Microsoft (for the BSA), Adobe, and Autodesk, among others) to enforce copyrights and the terms of end user license agreements (“EULAs”) pertaining to those members’ software products. The BSA and SIIA typically initiate software audits against companies in a stated effort to determine whether the software installed on those companies’ computers is properly licensed according to the terms of the relevant EULAs.

Read more


Approach Third-Party “Solutions” to IT Costs with Caution

Many IT-solution providers develop and sell hardware, software or support services (or some combination of all three) intended to reduce costs associated with deploying someone else’s enterprise-level software products in the licensee’s network environment.  For business owners, the high cost of deploying some industry-standard, server-based software deployments can lead to near-desperation in efforts to remain competitive while keeping associated costs from breaking the bank. In many cases, third-party solutions designed to achieve those ends can seem too good to be true. However, in those cases, a prudent business owner will start with the assumption that they are, in fact, too good to be true, and he or she will conduct a thorough level of due diligence before (1) obligating the company to contractual obligations with a provider that can’t deliver on its promises and, possibly, (2) exposing the company to legal liability.

Read more


Avoid Risks Associated with Software Licensed Through ISVs

Independent software vendors (ISVs) constitute a diverse group of businesses whose core business model typically consists of utilizing third-party software infrastructure and development platforms (such as Microsoft SQL Server or IBM WebSphere Application Server) to create targeted solutions for their customers. ISVs have become a fixture in today’s marketplace for information technology solutions, and most large software companies have programs and licensing models specifically intended for use by ISVs. However, while the return on investment for ISV-delivered solutions is very high in many cases, it is critical for potential ISV customers to be aware of opportunities for legal exposure that can arise when one company’s software products are licensed through in independent vendor.

Read more


Top Tips for Responding to an Autodesk Audit

Autodesk routinely sends letters to businesses that it suspects may be using Autodesk software products without adequate licensing, both in order to confirm those suspicions as well as to address any license-compliance discrepancies. Typically under threat of a federal lawsuit for copyright infringement, Autodesk requires targeted businesses to respond to detailed questions about the Autodesk software installations on company computers, the employees who use those installations, and the licenses owned for those installations. It is Autodesk’s position that unlicensed software installations constitute copyright infringement, and businesses that are unable to show full compliance typically face significant penalties on order to obtain Autodesk’s release from liability for the alleged infringement.

Read more


Renewal Grace Period in Microsoft Enterprise Agreements

The Microsoft Enterprise Agreement renewal process can be a difficult time for many large organizations. The process generally begins with a count of software products, processor cores, and virtualizations. All of these elements are necessary for a thorough evaluation of an organization’s true-up obligations under the EA. Next up is the process of evaluating future needs in order to determine whether the perpetual use rights associated with the licenses purchased under the original EA will satisfy the organization’s needs moving forward. Finally, all of these activities must be conducted under the looming specter of the EA’s expiration date and the associated non-stop communications from the company’s Microsoft account representative.

Read more


Tread Carefully When Deploying IBM Software in Server Clusters

Many businesses are realizing the processing and failover benefits of incorporating clustered servers in their IT environments. Having groups of servers whose processing resources are shared and centrally allocated means that server malfunctions can be remedied without compromising business functions that otherwise might need to be suspended until the appropriate fix can be applied. It also means that the most mission-critical functions can benefit from prioritized allocation of processing power from multiple machines, often resulting in improved overall performance.

Read more


Obtaining Payment Terms for BSA Settlement

Negotiating a settlement with the Business Software Alliance (“BSA”) to resolve a copyright infringement dispute over allegedly unlicensed software can be arduous and costly. The BSA typically demands a penalty based on some multiple of the MSRP of each product alleged to have been infringed, in addition to the BSA’s attorney’s fees and, usually, a premium for confidentiality if the targeted business wants to avoid unflattering press releases regarding the settlement.

Read more


Responding to a License Review Request from Oracle License Management Services

As with many software publishers, Oracle seems to be making a push to audit their customer base in search of revenue streams arising from licensing deficiencies. However, Oracle usually does not like to use the word “audit” and instead tends to ask its customers to engage in a “license review,” courtesy of the Oracle License Management Services (LMS) division.  LMS generally requests that a customer fill out a Server Worksheet, which is essentially an overview of the company’s Oracle deployments.

Read more


The Basics of Sub-Capacity PVU Licensing for IBM Software

A processor value unit (PVU) is a unit of measurement that IBM uses to determine licensing costs based on the kinds of processors deployed on servers where IBM software is installed. A server’s PVU count is defined by the brand, model and number of physical processors running in the server and the number of core chips per processor. In order to calculate the number of PVUs, it also is necessary to refer to IBM’s PVU-per-core ratings for current processor technologies, which are updated on IBM’s website here.

Read more


Autodesk Targets Architects In Software Audits

Autodesk routinely conducts software audits to determine whether businesses have unlicensed copies of its software installed on their computers. Architecture firms typically represent a significant portion of the targets of such audits – many such firms are heavily reliant on Autodesk software due to Autodesk’s dominance in the market for computer-aided design software and due to file-format compatibility requirements for architecture bids and client projects.

Read more


Are Your Microsoft SQL Servers Properly Licensed?

Depending on the size of your organization, Microsoft SQL Server licensing costs easily can be one of the biggest yearly expenditures for an IT department. As multi-core and virtualization technologies have taken hold in nearly every datacenter across the globe, SQL Server spends often consist not only of licensing the SQL Server instances, but also, in many cases, of over-licensing due to a lack of clear understanding of SQL Server licensing models and associated options. Proper licensing of SQL Server depends on, among other things, SQL Server use characterization, access characterization, and developer needs.

Read more


One Easy, Preventative Step to Reduce Exposure in Autodesk Audits

In the universe of software-copyright enforcement programs, Autodesk’s may be the most active and vigorous. All businesses – even those not running Autodesk software – should take steps early and regularly to identify and eliminate any software-compliance gaps associated with Autodesk and other software installations. It is common for businesses owners to be surprised by the presence of software on their company computers that not only was unauthorized by company management but also unused for company business purposes. Regular, internal software audits can help to avoid those surprises, and in the case of Autodesk software, product serial numbers represent a valuable tool to help determine whether a software installation is licensed.

Read more


Five Factors to Consider When Deciding Whether to Renew a Microsoft Enterprise Agreement

For organizations experiencing the resource drain that is the impending expiration of a Microsoft Enterprise Agreement (“EA”), the decision of whether to move forward with renewal is critical. These renewals easily can impart a seven-figure hit on an organization’s IT expenditure, and it is important to understand the full spectrum of the costs and benefits of renewal. Key factors to consider when making an EA renewal decision include the following:

Read more


BSA Settlement a Reminder of Licensing Requirements for Hosting and Development

The Business Software Alliance (BSA) announced on March 28 that it had reached a $100,000 settlement with an advertising agency in Melbourne, Australia, based on the firm’s allegedly unlicensed use of BSA-member software products. However, unlike the majority of BSA settlements, which typically involve claims that a business has more installations of a particular product than its documented licenses permit, this case apparently included allegations that the company “was insufficiently licensed for its development environment and not properly licensed to provide hosting services for its customers.”

Read more


Licensing Old Microsoft Products

Businesses seeking to license older versions of Microsoft products may encounter challenges acquiring valid licenses.  This is a particular concern for some companies that utilize Microsoft products as the basis for their IT infrastructure and that want to avoid a costly migration to new software versions.

Read more


Nokia Launches Second Suit Against Apple for Patent Infringement

Nokia announced on March 29 that it was filing a new round of patent-infringement complaints against Apple for allegedly infringing on patents incorporated in the majority of Apple's cellular phones, portable music players, tablets, and computers. These new complaints follow a string of similar actions filed against Apple in U.S. federal court and in the United States International Trade Commission related to dozens of patents held by Nokia for technologies use in mobile communications devices. It also follows a March 25 ruling by the ITC that Apple had not infringed other patents in claims previously brought to its attention. According to Keli Johnson, an attorney with Scott & Scott, LLP: "While it seems to be busy throwing every available claim at the wall to see what sticks, it is important to keep in mind the fact that the stakes here are very high. Apple and Nokia currently are closely matched in the marketplace, and if Nokia successfully proves patent infringement and wins an injunction preventing Apple from using the technologies at issue, Nokia may see significantly increased market share as a result of the competitive edge." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more


Dept. of Commerce Reiterates Need for Privacy Bill of Rights

Speaking before the U.S. Senate Committee on Commerce, Science and Transportation on March 16, Department of Commerce Assistant Secretary for Communications and Information Lawrence Strickling reiterated the need for Congress to enact a "Privacy Bill of Rights." Stricking's prepared remarks called for key elements of the legislation to include implementation of a Code of Conduct for online businesses and to empower the FTC to enforce the legislation. "This administration continues to make it clear that online privacy is one of its top concerns to be addressed this year," says Andrew Martin, an attorney with the technology law firm Scott & Scott, LLP. "The high priority given to addressing online privacy is overdue-innumerable people are now living their lives online, but in many ways, the current state of online living resembles the lawlessness of the Wild West." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


FTC Enforces 5-year Term for Opt-out Requests

On Tuesday, March 15, the FTC announced the settlement of a complaint against online marketing firm Chitika stemming from allegations that the company deceived consumers by structuring its opt-out mechanism to be effective for a short, ten-day period. In the settlement, the FTC requires Chitika's privacy policy to be revised to allow consumers to opt-out for a minimum of 5 years and also requires the company to destroy all consumer data received during the period that the "defective" ten-day policy was in effect. "This settlement, coming on the heels of the Do Not Track Me Online Act introduced by Jackie Speier last month, may indicate how the proposed legislation will be revised as it moves through the legislature," says Andrew Martin, an attorney with technology law firm Scott & Scott, LLP. "As it stands, Congresswoman Speier's legislation endorses no limits on opt-outs-that is, once a consumer opts-out, they are opted-out until they change their mind. Although the FTC's settlement with Chitika is a step in the right direction for consumer privacy online, it ultimately could serve to weaken the Do Not Track Me Online Act." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


FTC Announces First Monetary Penalty Under Blog Endorsement Rules

The Federal Trade Commission (FTC) announced on March 21st a 30-day public comment period regarding the proposed settlement agreement with Legacy Learning Systems, Inc. and Lester Gabriel Smith for violations of the FTC's "Guides Concerning the Use of Endorsements and Testimonials in Advertisement." The settlement includes the first ever monetary component for a violation of the blogger endorsement rules-a payment of $250,000. "The original complaint alleged that Smith posted reviews for the instructional videos offered for sale by Legacy while failing to mention that Smith, as the endorser, receives financial compensation for the sale of Legacy products," says Andrew Martin, an attorney with the technology law firm Scott & Scott, LLP. "This settlement makes clear that failure to stay abreast of, and invoke the necessary internal controls to comply with, changing online marketing and privacy regulations is a risky strategy for any company doing business online." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


SEO Company Found Liable for Contributory Trademark Infringement

The U.S. District Court for the District of South Carolina entered judgment on March 14 against a search engine optimization firm based on the company's role in helping to create and host a website used to market counterfeit golf clubs. The plaintiff in the case, Roger Cleveland Golf Company, had alleged that the defendant, Bright Builders, knew or should have known that it was hosting and otherwise helping to market a site (under the not-so-subtle domain copycatclubs.com) that was being used illegally to infringe the plaintiff's trademarks, and that Bright Builders should be held liable for damages even without having received actual notice of infringement. "SEO companies and web hosts need to pay close attention to the outcome in this case," says Christopher Barnett, an attorney with Scott & Scott, LLP. "There is no equivalent under U.S. trademark law to the safe harbor provisions of the DMCA in the copyright arena, which means that aggrieved trademark owners do not have to make ISPs aware of trademark infringements before filing suit. The disparate damages awards in this case ($770,750 against Bright Builders, compared to $28,250 against the site owner) should serve as strong incentive for ISPs to maintain a reasonable level of awareness regarding how their services are being used." For more information, please contact Mr. Barnett at 800-596-6176, or cbarnett@scottandscottllp.com.

Read more


Judge Rejects Google Books Settlement

Federal Judge Denny Chin recently rejected the $125 million proposed 2008 settlement between Google and the various book publishers and authors who had alleged that Google's plan to digitize of every book ever published would violate copyright law. Judge Chin cited a multitude of concerns in his opinion rejecting the settlement, while focusing on the underlying anti-trust concerns and copyright infringement issues. "Judge Chin acknowledged that while the public would benefit from the 'creation of a universal digital library,' the proposed agreement went too far," says Andrew Martin, an attorney with the technology law firm Scott & Scott, LLP. "The judge apparently was persuaded by the fact that a significant number of copyright owners opted out of the settlement, a fact that he repeatedly referenced in his opinion. Ultimately, though, Judge Chin reiterated what the Supreme Court already has held: that determinations on how best to pursue and preserve the objectives of the Copyright Clause should be handled by Congress, not by the courts." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


Top Tips to Reduce Exposure From Software Audits

The Business Software Alliance ("BSA") and Software & Information Industry Association ("SIIA") represent the interests of large software companies such as Microsoft, Adobe, and Autodesk, among others. Among other industry-advocacy programs, the BSA and SIIA are well known for demanding software audits from companies based on allegations that those companies are using unlicensed software. Businesses that are unable to produce evidence of license ownership (usually in the form of purchase receipts) for software installed on their computers typically resolve such matters in out-of-court settlements involving fines and enhanced license-compliance obligations. Software audits themselves often are expensive undertakings, especially when coupled with the expense of purchasing licenses for software that is needed for business operations. According to Keli Johnson, an attorney with Scott & Scott, LLP: "Businesses can mitigate software-audit exposure by taking a few critical steps:

Read more


New York Court: File Internet Copyright Lawsuits in Plaintiff's Location

On March 24, the Court of Appeals of New York held that New York-based plaintiffs in Internet copyright-infringement lawsuits may, under New York law, sue infringers in federal courts located in New York, rather than resorting to courts located in the infringers' jurisdictions. The federal trial court in the case previously had reached a different conclusion, holding that New York's long-arm jurisdiction statute did not give New York-based courts jurisdiction to hear Penguin Group's complaint over the unauthorized, online distribution of four books by the Oregon-based defendant. However, the Court of appeals - New York's highest court - disagreed, stating that the "intangible and ubiquitous" nature of the Internet complicates traditional analyses into where tortious injuries occur. "This case represents a significant win for content owners and publishers, since it means that state laws may give them the ability to conduct their rights-enforcement activities at home, rather than in infringers' jurisdictions," says Christopher Barnett, an attorney with Scott & Scott, LLP. "However, the Court of Appeals left it to the trial court to determine whether an exercise of jurisdiction over the defendant would satisfy federal law. It will be interesting to see how Penguin is able to use this holding to its advantage in the litigation (and appeals) sure to follow." For more information, please contact Mr. Barnett at 800-596-6176, or cbarnett@scottandscottllp.com.

Read more


LimeWire Ruling Limits Damages on Copyright Infringement Claims

A federal judge ruled on March 11 to limit LimeWire's exposure in pending copyright-infringement litigation by allowing one damages award per each infringed copyrighted work in its lawsuit brought by record companies. The record-label plaintiffs had sought an award for each infringement by individual LimeWire users. Although LimeWire previously settled a similar copyright-infringement suit filed by music publishers for claims arising from its music file-sharing service, it is facing up to $1.5 billion in liability for alleged copyright infringement in the still-pending suit with aggrieved record companies. "Each infringed copyrighted work may result in an award of statutory copyright damages typically ranging from $750.00 to $30,000.00," says Keli Johnson, an attorney with Scott & Scott, LLP. "However, if a claimant can prove that a work was infringed willfully, then the statutory-damages limits increases to $150,000.00 per work, meaning that LimeWire's potential exposure in this case remains significant." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more


U.S. Trade Representative Identifies 'Notorious Markets'

On February 28, the Office of the United States Trade Representative released the first, annual, stand-alone report listing so-called "Notorious Markets" - the most prominent physical and Internet-based markets dealing in pirated or counterfeit goods "that have been the subject of enforcement action or that may merit further investigation for possible intellectual property rights infringements." A copy of the report is available here. The report includes a number of well-known websites in different categories, such as ThePirateBay and torrentz.com in the "Bit Torrent Indexing" category and Baidu - the most visited site in China - in the "Linking" category. According to Christopher Barnett, an attorney with Scott & Scott, LLP: "The Office of the USTR previously published its Notorious Markets list within a larger, annual Special 301 Report, and it made the decision to issue a separate report in order to highlight the problem represented by these Notorious Markets. That action represents one more step in furtherance of the U.S. government's stated interest in curbing IP-rights violations domestically and worldwide." For more information, please contact Mr. Barnett at 800-596-6176 or cbarnett@scottandscottllp.com.

Read more


Supreme Court Grants Certiorari for Copyrighting Public Domain Works

The U.S. Supreme Court granted certiorari on March 7 in the case of Golan v. Holder, which now will be set for hearing to determine whether Congress has the legal authority to restore copyright protection to works long-held in the public domain. The case arose following the 1994 passage and implementation of the Uruguay Round Agreements Act, which purported to restore the copyrights in at least 50,000 foreign works in furtherance of federal trade obligations. Restoration of the copyrights means that included works - such as Prokofiev's Peter and the Wolf, for example, now only may be performed or recorded under licenses that may be cost-prohibitive for many performers. "The outcome of this case will be very interesting to watch," says Keli Johnson, an attorney with Scott & Scott, LLP. "Restoration of the copyrights in question affected not only the ability to perform the covered works in the future, but also the rights of performers who may have created recordings or derivative works based on those covered works in the past. Many performers' rights and livelihoods will hinge on the Supreme Court's decision." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more


Twitter Settles with FTC Over Security Breach

Twitter reached a settlement on March 14 with the Federal Trade Commission regarding data security breaches that exposed users' information to hackers. The FTC had accused Twitter of failing to safeguard user privacy and of misleading its users about its security practices. The settlement does not include monetary damages. However, it does ban Twitter from misleading its users about security and privacy policies, and it also requires the microblogging site to establish and maintain an information-security program that is to be independently audited every two years. "The FTC's settlement with Twitter sends a clear message to online social networking sites about neglecting to secure users' data and implementing inadequate security practices," says Keli Johnson, an attorney with Scott & Scott, LLP. "However, it is equally important for users to be circumspect about sharing personal information online." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more


House Subcomittee Votes to Repeal FCC Net Neutrality Rules

The House Commerce Subcommittee on Communications and Technology voted on March 9 to overturn the FCC's network neutrality rules adopted in December. The net neutrality rules require broadband service providers to allow their users to access all online content, including content from direct competitors. This vote follows an attempt in February by House Republicans to attach an amendment to a spending bill that would bar government funding of the FCC net neutrality program. "The net neutrality rules are disfavored by service providers and communications companies, which have argued that the FCC is exceeding its power to enact such requirements," says Keli Johnson, an attorney with Scott & Scott, LLP. "In addition, MetroPCS and Verizon have filed suit in a federal court to challenge the rules. It will be interesting to see how the pending litigation and legislative attacks on the rules affect their implementation." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more


Proposed Bipartisan Online Privacy Bill of Rights Legislation

On March 10, Senators John McCain and John Kerry introduced legislation that would create an "online bill of rights." As it is currently drafted, this law would become the first comprehensive federal privacy law not governing a specific industry, and it is structured as a series of opt-in or opt-out requirements for data collection, storage, and transfer. "This interest from the federal government in online privacy issues is driven in no small part by the rise of social networking sites like Facebook and Twitter," says Andrew Martin, an attorney with Scott & Scott, LLP. "Although young people may have lived their entire lives online, it has taken older generations joining these social media sites in order for lawmakers to take notice of the potential exposure of personal information online." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


Courtney Love Settles Twitter Defamation Case

On March 3, Courtney Love finalized a settlement agreement with designer Dawn Simorangkir, who had filed a defamation lawsuit against the singer based on a series messages Love had posted to Twitter. Love reportedly agreed to pay Simorangkir $430,000 to settle the case, and many legal watchers are disappointed that this case will not go to trial. "The Love defamation case is the first major celebrity defamation case to be brought based a series of Twitter posts," says Andrew Martin, technology and new media attorney with Scott & Scott, LLP. "The case might have produced guidance on tantalizing legal questions regarding disparaging comments broadcast by influential celebrities on Twitter and how those comments are treated under traditional defamation law. The amount of the settlement seems to speak to uncertainty that both parties felt with respect to the strength of their legal arguments, so it appears these social media questions will remain unanswered for the time being." For more information, contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


Legal Concerns When Running Facebook Promotions

Facebook recently relaxed their requirements for running promotions on the social networking site. Companies that previously were effectively priced out of the Facebook promotions market are now taking advantage of the new policy to run their own sweepstakes or giveaways. However, the following legal issues must be addressed in order to run a successful Facebook promotion:

Read more


Judge Grants Sony Right to Subpoena IP Addresses

A federal magistrate for the Northern District of California granted Sony the right to subpoena information from Google, YouTube, and Twitter consisting of the IP addresses of users who visited web pages operated by an alleged hacker of Sony's PlayStation 3 gaming console. Sony claims that George Hotz, a 21 year-old New Jersey resident, has distributed instructions and other files that allow users to gain control over, or jailbreak, their PlayStation 3 consoles. Sony is claiming that the distribution of these materials constitutes a violation of the Digital Millennium Copyright Act. "The subpoenas permitting Sony to collect the account names and IP addresses of every individual that accessed Hotz's jailbreaking files and instructions may raise the eyebrows of many of us concerned with Internet privacy issues, but it is important to understand that this information is to be used by Sony solely to show that Hotz distributed the instructions and that venue for the lawsuit is proper in the court where it was filed," says Andrew Martin, technology and new media attorney with Scott & Scott, LLP. "Sony and the defendant entered into a confidentiality agreement regarding the subpoenas, and that agreement is intended to prevent Sony from using any of the subpoenaed information for any other purposes, such as pursuing legal action against the downloaders." For more information, contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


New Guidance for Trademark Infringement Based on Search Keywords

On March 8, the Ninth Circuit Court of Appeals issued new guidance for cases involving claims of trademark infringement based on the use of registered marks as Internet search keywords. In its opinion (a copy of which is available here), the Ninth Circuit held that trial courts must evaluate such disputes holistically and not based on any rigid set of factors. Earlier in the case, the trial court had applied the so-called "Internet troika" - a set of three analytical factors including (1) the similarity of the competing marks at issue, (2) the relatedness of the competing goods or services at issue, and (3) the competing parties' simultaneous use of the Web as a marketing channel - to find that the defendant's use of the plaintiff's marks as paid search keywords constituted trademark infringement. The Ninth Circuit specifically rejected that approach, holding instead that the appropriate analytical factors will depend on the facts and context of each case. "This is the latest in a series of appellate decisions reflecting the courts' attempts to provide legal guidance on a very dynamic kind of trademark dispute," says Christopher Barnett, a trademark attorney with Scott & Scott, LLP. "Internet marketing in general - and search engine optimization in particular - can carry with it a diverse set of legal risks, the scope of which may be difficult to predict, as this case demonstrates." For more information, please contact Mr. Barnett at 800-596-6176 or cbarnett@scottandscottllp.com.

Read more


FTC Report Raises Concerns Regarding 'Patent Trolls'

In a 300-page report issued on March 7, the FTC has undertaken the task of trying to evaluate the effects of patent-enforcement remedies on the IP marketplace, especially the effects of so-called "patent trolls" - companies whose business models center on purchasing patents and then enforcing them against infringers. The report (a copy of which is available here) is based on information gathered during a series of hearings that commenced in December 2008, and it includes a number of recommendations intended to align patent-protection mechanisms with the public's interest in innovation and competition. Those recommendations include:

Read more


Senate Creates New Subcommittee on Privacy and Technology

On February 14, Senate Judiciary Committee Chairman Patrick Leahy announced the creation of a new subcommittee called Privacy, Technology and the Law, which will be chaired by Senator Al Franken. Among other things, the committee will oversee laws and policies that govern the collection, protection, use and dissemination of commercial information by the private sector. During the announcement, Senator Franken spoke of a desire to ensure Americans can "reap the rewards of new technologies while also protecting Americans' right to privacy." "Privacy legislation and litigation will continue to lead legal news for 2011," says Andrew Martin, a technology and new media attorney with Scott & Scott, LLP. "This new subcommittee is the latest in a series of reactionary measures related to privacy concerns arising as a result of the recent explosion in social media use. It is high time for careful consideration of online privacy issues." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


Motorola Hit With Trademark Lawsuit on Launch of Xoom

The day before the much-hyped, February 24 launch of its new Xoom tablet, Motorola was sued for trademark infringement by Xoom Corporation - an online payment processor - in the U.S. District Court for the Northern District of California. A copy of the complaint is available here. Xoom is seeking a permanent injunction against Motorola's alleged infringement of the XOOM® trademark along with damages (including treble damages) allegedly incurred as a result of Motorola's activities. "This case appears to involve a calculated risk by Motorola," says Christopher Barnett, a trademark attorney with Scott & Scott, LLP. "Even if it was previously unaware of Xoom's business, Motorola likely knew about Xoom's trademark from an early stage (Xoom owns the www.xoom.com domain name, for example). When Motorola applied to register its XOOM™ trademark with the USPTO, none of Xoom's registrations were identified as obstacles to registration. However, Motorola nevertheless must have been expecting a challenge from Xoom in the form of an opposition proceeding or a lawsuit. It appears to believe that there is sufficient dissimilarity between the products and services associated with the competing marks that its use of the term will be allowed to move forward." For more information, please contact Mr. Barnett at 800-596-6176 or cbarnett@scottandscottllp.com.

Read more


University of Texas Sues Car Wash for Trademark Infringement

In a complaint filed on February 16, the Board of Regents of the University of Texas have alleged that an Austin-area car wash business' replica of the iconic UT tower constitutes an infringement of UT's rights in three trademarks consisting of various depictions of the tower. (A copy of the complaint, with pictures, is available here.) The car wash owner reportedly spent approximately $3 million designing and building his 60-foot replica of the famous 300-foot tower, but he apparently did not expect that undertaking would implicate intellectual property rights held by UT. "This case presents a good example of how trademark disputes can arise from unexpected sources," says Christopher Barnett, a trademark attorney with Scott & Scott, LLP. "High-value projects incorporating pre-existing works in any form need to be accompanied by some measure of due diligence regarding third-party rights. However, UT's likelihood-of-confusion claims seem to be somewhat misplaced, in light of the fact that it is doubtful the defendant is offering educational services at the car wash. It will be interesting to see if the university amends its complaint to emphasize a trademark-dilution theory of liability. For more information, please contact Mr. Barnett at 800-596-6176 or cbarnett@scottandscottllp.com.

Read more


U.S. Announces Internet Freedom Policy

In a speech at George Washington University on February 14, Secretary of State Hillary Clinton laid out a new policy on Internet freedom intended to prevent autocratic governments from using Internet technology to repress dissent. In order to help ensure the broadest protection, the policy will back several different technologies representing multiple tools to fight repressive governments. "The State Department's announcement of this new policy has been construed by some to be at odds with their position on other Internet-based 'freedom initiatives,' such as Wikileaks," says Andrew Martin, a technology and new media attorney with Scott & Scott, LLP. "But the real question is how to reconcile this new policy with the so-called Kill Switch Bill which aims to defend U.S. infrastructure from a cyber-terrorist attack."  For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


Maryland Stops Asking Applicants for Social Media Passwords

The Maryland Department of Public Safety and Correction Services announced on February 22 that it is suspending its a policy of asking potential employees to reveal their social media site user credentials during the application process. Through a spokesperson, the Department stated that its reason for asking for this information was to screen applicants for gang affiliation. "There is no doubt that the Department can claim a legitimate interest in screening its potential employees for gang affiliation, but a social media policy that asks for applicants' credentials is not a good way to pursue that interest," says Andrew Martin, a technology and new media attorney with Scott & Scott, LLP. "No matter the intentions, a social media policy that is overbroad or overreaching can get employers into trouble-as was evidenced recently in well publicized Facebook firing law suit. Companies cannot ignore social media use in the workplace, but they should consult with experienced counsel when addressing it in a policy for all to see." For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Read more


House Seeks to Block FCC's New Net Neutrality Rules

The House of Representatives voted on February 17 in favor of an amendment to a spending bill that prohibits the Federal Communications Commission (FCC) from accessing government money to implement its new "net neutrality" rules, which are intended to ensure fair play among Internet service providers and to guarantee that consumers can access Internet content at prices and speeds that are comparable to those now available. Among other things, the new rules require broadband service providers to allow users access to all online content, including content from direct competitors. "The FCC has been on the receiving end of tough criticism over its claim of authority to implement the new net neutrality rules," says Keli Johnson, an attorney with Scott & Scott, LLP. "The House's proposed amendment, if passed in the final bill, likely will add a new wrinkle to that debate and may affect the course of litigation that already has been filed over the issue." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more


University of Georgia Found Immune from Copyright Damages

A federal court in Georgia ruled in favor of the Board of Regents of the University of Georgia on February 24 in a case involving copyright infringement claims filed by a national pharmacy association. The association claimed the Board of Regents distributed questions from the association's licensing exam to students preparing to take its test. The court ruled that sovereign immunity protected the university from damages claims. "In many cases, state government entities may be held liable for damages only to the extent of waivers of sovereign immunity passed by their state legislatures," says Keli Johnson, an attorney with Scott & Scott, LLP. "Absent an appropriate waiver, damages claims may be impossible to prosecute. However, in this case the pharmacy association apparently intends to continue to pursue breach-of-contract and other claims that may not be so narrowly limited." For more information, please contact Ms. Johnson at 800-596-6176 or KJohnson@scottandscottllp.com.

Read more