Scott Technology Attorneys

Software Audit Blog


Can a Software Publisher Force You to Audit Your Customers?

Many software-solution vendors utilize third-party infrastructure or application programs as frameworks for embedded solutions that they sell to their customers and install on their customers’ computers. Licenses for those third-party products typically can be acquired by a vendor and passed to its customers pursuant to the terms of an Independent Software Vendor (ISV) or Original Equipment Manufacturer (OEM) license agreement. Under those agreements, the third-party publisher often receives a set fee based on the number of licenses for its software that are distributed to the vendor’s customers. This licensing model is a relatively old one in the software world, but it is one that retains a number of pitfalls for unwary solution vendors.

Read more


In Microsoft Audits, Don’t Forget About True-Up Rights

Following the conclusion of a software audit, Microsoft’s standard practice is to require an audited company to purchase licenses associated with calculated “unlicensed use” within a set period of time (typically, 30 days) following receipt of Microsoft’s settlement demand. However, it is important for companies with Enterprise Agreements to keep in mind the fact that their EA enrollments may include true-up rights that could result in deferring certain incremental license purchases either indefinitely or until the next true-up order.

Read more


Important Tips for Resolving an SIIA Audit During or Immediately After a BSA Audit

Sometimes a company receives notices of audits from many publishers or trade associations at the same time. Often this is because multiple agencies have received confidential reports from the same informant.  If a current or previous employee contacts both the Software & Information Industry Association (“SIIA”) and BSA|The Software Alliance (“BSA”), the company may face an audit from both of these entities at the same time, or in close proximity to one another.

Read more


Negotiating Software Contracts – Successfully Negotiating a Warranty Section

A warranty is one of the most important contract provisions in a software contract. The warranty section deals with the performance of the software and what the licensor promises the software will or will not do. In a software contract, these performance warranties should be heavily negotiated, but usually they are overlooked.  Because so many factors can affect the performance of the software, publishers seek to limit their warranty, and provide limited remedies in the event of a breach.

Read more


For SPLA Audits, When Historical Data is Missing, Creativity May Be Required

Most software audits pertaining to products licensed under perpetual licenses (such as licenses acquired under a Microsoft Select Agreement, MPSA or (usually) Enterprise Agreement) incorporate a snapshot-in-time approach, where licenses owned generally are compared to deployments identified through data collected about current-state product deployments. In contrast, audits pertaining to products licensed under a Microsoft Services Provider License Agreement (SPLA) incorporate a strong historical-use element. Since SPLA pricing is based on a monthly reporting model, SPLA audits look at historical usage during the period covered by an audit (often, three years or more), and then compare that historical usage to a licensees’ historical usage reports.

Read more


Avoid Copyright Infringement Claims for Affiliates and Subsidiaries: How to navigate software license agreements for large corporations

Companies with complex corporate structures sometimes encounter difficulties with properly licensing software for all of the related entities, affiliates, and subsidiaries, even if a software asset management program is in place. Even if a company purchases all necessary licenses for its affiliates or subsidiaries, it is possible that a software publisher may make a claim of copyright infringement if the license agreement does not allow sharing or transferring licenses between entities. Even when companies have central procurement departments to acquire and license software, there are still potential risks.

Read more


Are Artificial-Intelligence Software Audits Around the Corner?

Recent weeks have seen a number of news reports and announcements indicating that the Next Big Thing for audits – financial audits, at least, for the time being – is the use of artificial intelligence technologies to facilitate the analysis of large volumes of data in the context of audit-related activities. KPMG’s recent announcement was particularly noteworthy from my perspective, because it indicated that the audit firm would be deploying IBM’s Watson “cognitive computing technology” to KPMG’s professional services offerings.

Read more


Identifying and Understanding Microsoft License Verification Audits

Microsoft, like other software publishers, routinely audits customers to help ensure that it is protecting the value of its intellectual property. Microsoft verifies its customers’ compliance using several methods.

Read more


Be Wary of Changes in New SPLA Contracts

Companies that have long relationships with Microsoft know that the company’s form licensing agreements have steadily evolved over time, and typically for the worse. If software licensing can be said to have any “natural laws,” certainly the First Law could be paraphrased to something like: “If you agree to an inch, be prepared to give a mile.” So it is with Microsoft’s standard-form Services Provider License Agreement (SPLA).

Read more


Vendor Contracting and GLBA’s Safeguards Rule

Transactions between financial institutions and their technology services providers are often regulated by GLBA. GLBA includes both privacy and safeguard rules related to customer information.  These rules require financial institutions to implement adequate administrative, procedural, and technical safeguards designed to safeguard customer information.  

Read more


Negotiating Software Contracts – Successfully Negotiating a Limitation of Liability

Limitation of Liability ranks as one of the most important contract provisions in a software contract. The limitation of liability limits each party’s liability for all sorts of harm.  A software provider’s liability is usually limited to the amount of fees paid to the vendor or a fraction thereof. The risk in not negotiating these terms is that the licensee is capped at the amount of damages. A “cap” is the aggregate upper limit for direct damages associated with a party’s liability. The cap on liability can be a specific dollar amount, but in many contracts the “cap” is tied to the amounts paid for the products or services purchased. This cap may not equate to the actual amount of harm of the licensee. Therefore, successfully negotiating a limitation of liability becomes the key point in finalizing the contract. But, what exactly are the pitfalls when negotiating a limitation of liability, and how do you successfully navigate them?

Read more


How to Avoid Compliance Gaps with Autodesk Downgrade Rights

Autodesk, like many other software publishers, are now offering subscription based licenses instead of perpetual licenses. Customers tend to find the flexibility of subscription-based licensing appealing because those licenses allow for growth and changing work environments.

Read more


Be Wary of Certain ISV and Embedded Software Agreements

It is common for software solution providers to use third-party products to support the functionalities those providers have developed for their solutions. For example, a network-monitoring solution may incorporate IBM Cognos functionality, or an accounting solution may incorporate a Microsoft SQL Server database. Increasingly, in today’s market, those solutions are hosted over the Internet, and many software publishers maintain licensing models targeted to solution providers operating in that space (such as Microsoft’s Services Provider License Agreement, or SPLA).

Read more


A Software Settlement Is Not Complete Until All Obligations Are Met

The majority of copyright infringement claims against consumers using copyrighted software are resolved by settlement rather than litigation, for a multitude of reasons. In some instances, the settlement agreements contain post-settlement obligations that can affect the release of liability for all copyright infringement claims. The following are the most common examples of the settlement obligations that must be completed in order to secure the release of liability.

Read more


Negotiating Software Contract Risks – The Three Riskiest Provisions

Software and service contracts come with many potential risks, and businesses should be mindful when initiating a new contract or a renewal. It’s considered a best business practice to negotiate the terms in a software or service contract before agreeing to the initial terms a vendor provides in the contract. There are many contract provisions that can be negotiated, but the major risk provisions found in most contracts are the following: (1) Limitation of Liability, (2) Indemnification, and (3) Warranty

Read more


Even in The Cloud – Keep an Eye on Software Licensing

 There are many good reasons that businesses often cite in seeking to transition their IT operations to a vendor-delivered Cloud environment. It’s scalable. It’s more reliable and secure than what the business may be able to deliver for itself. It’s (often) cheaper than keeping the environment in-house. Then there’s this one: “All I have to do is pay a monthly fee, so no stressing over software-licensing rules.”Not quite.  

Read more


GLBA Compliance Considerations in Technology Transactions

As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) requires financial institutions under its jurisdiction to safeguard customer records and information. This requirement is known as the Safeguards Rule.

Read more


Treat Audit Demands Like A Litigation Hold Letter

Software publishers are regularly auditing customers to ensure compliance with license agreements, and may initiate audits directly, or through entities such as BSA|The Software Alliance, and the Software & Information Industry Association (“SIIA”). These entities send a letter that asks the customer to conduct a full audit of its network or potentially face copyright infringement claims for noncompliance with the license agreements.

Read more


Arguments Against ILMT – What Does and Doesn’t Work?

Each of the major software publishers has one or two tricks up its sleeve – tricks that often are missed by licensees – affecting how its server products may be used in virtualized environments. For example, Microsoft SQL Server requires a minimum of four core licenses per vCPU, even if the actual number of vCPUs allocated to a VM is less than four. Oracle offers even more pitfalls for the unwary, in that it strictly – some would say unreasonably – limits and defines the specific virtualization technologies that may be used to license its products based on virtual resources (as opposed to host resources).  Falling somewhere between those two extremes is IBM.

Read more


Forming a Texas Series LLC

Owners who are planning to form new business entities in the future may want to consider a Texas Series LLC.  A Series LLC is helpful for investors who would like to pool their assets into several classes of investment interests, such as those used in corporate restructurings and buyouts, with an added extra layer of protection from liability.

Read more


Customers Using Software Recently Acquired by IBM Should Proceed with Caution

In 2015, IBM acquired no fewer than 11 software and services companies.  Many software customers are surprised that after IBM purchases a company, IBM often significantly changes the license terms of the products.  For some customers that have purchased unlimited or site licensing with the prior software publishers, IBM’s changes can be surprising and expensive.

Read more


Black Friday for Software Copyright Infringement Settlements

As the year comes to a close, many software publishers and trade associations with calendar year accounting are resolving as many outstanding software audits as possible. Companies currently engaged in a software audit may be able to negotiate favorable resolutions to their audit matters.   The following are a few tips to reach an amicable resolution by the end of the year.

Read more


Beware Audit Terms in Microsoft’s New MPSA

Microsoft is in the process of transitioning many of its volume-licensing customers from the Select Plus Agreement to the new Microsoft Products and Services Agreement (MPSA). (More information on the transition framework is available here.)

Read more


Negotiating Limitations of Liability in Technology Transactions

I am a lawyer in a boutique law firm that specializes in technology law matters. I support some of the world’s largest legal departments on IT procurement projects. The one inescapable trend I have seen in technology transactions is the prominence of risk balancing provisions in contracts. One of the most notable risk-balancing provisions is the limitations of liability. Historically, IT services and software were offered “as-is” or on a “best-efforts” basis with sweeping limitations of liability in favor of the vendor.  For software purchased for on-premises deployment, such limitations of liability were generally accepted by customers. Today, the risk profile of most technology transactions has changed due to increased legal regulation of customer data.

Read more


Benefits of Negotiating a Source Code Escrow Agreement in a Software Vendor Contract

Many businesses have software licenses that are tailored to the business’ needs, and are for business operations on a day-to-day basis. But what happens if the software provider goes out of business or discontinues support for the software? In short, the business may not have meaningful access to necessary software after it is no longer offered or supported by the publisher.  That is, unless the business negotiated a source code escrow agreement.

Read more


Proving Ownership of Underlying Licenses for Adobe Upgrades in Software Audits

Software publisher Adobe Systems Inc. actively investigates its existing customers to determine whether each customer has properly licensed Adobe software, or is committing copyright infringement. Adobe often pursues its customers directly, but sometimes grants a power of attorney for BSA| The Software Alliance to pursue copyright infringement claims on its behalf. In each instance, Adobe requires its customers to prove ownership for each and every license for all copies of Adobe products installed on a customer’s computers, or face harsh monetary penalties.

Read more


Oracle’s Aggressive Audit Tactics Draw Increasing Media Attention

“In hindsight, I should have involved our legal team immediately, since they were requesting information that had nothing to do with Oracle.” Wise words.

Read more


Benefits of Forming an LLC or an Asset Protection Trust in Nevada

Many individuals and businesses are considering whether to protect their assets through the formation of an LLC or an Asset Protection Trust.  Many people fail to address this need until after liability occurs, and by that time, it is too late.

Read more


Understanding the Scope of a Software Audit

Software publishers regularly audit their customers to help ensure that the customers are properly licensing their software. Some software publishers conduct audits directly, but many choose to audit through companies such as the BSA| The Software Alliance (“BSA”), or the Software & Information Industry Association (“SIIA”).  The first step in addressing the software audit is to understand the scope of the audit. The following are some key points to identify the scope of the audit.

Read more


Hosting Oracle Software Carries Risks

The software-as-a-service (SaaS) solution-delivery model is becoming more and more widespread. Developers of all kinds of software solutions – products covering everything from office productivity, design, accounting, CRM, business intelligence and more – increasingly are realizing that it is often more feasible and profitable to offer those solutions to customers via the Internet under a subscription model than it is to provide them as on-premise software for installation on customers’ computers. However, the SaaS model also carries risks, and among the principal sources of those risks are the license terms associated with third-party products used to deliver those solutions.

Read more


Oracle Minimum License Requirements

For many Oracle products, like Database, the license agreement or ordering documents contain minimum license requirements. Often, quantities of licenses necessary to satisfy the minimum licensing terms varies based on the edition of the license in question. For instance, customers are required to purchase additional Oracle Database Standard One Edition and Standard Edition Named User licenses in increments of 5. Database Enterprise Edition requires customers to purchase 25 Named User licenses in increments of 25 per processor.

Read more


Negotiating Online Services Terms with Microsoft

Microsoft’s 365 and Azure offerings are very compelling to prospective business purchasers.  Why not ask the publisher of the software to host your applications in a secure cloud environment?  The answer for many of my clients is that Microsoft’s standard Online Services Terms and Conditions are incredibly one sided and put too much of the risk on the customer.  For regulated entities, the basic terms and conditions do not address the requirements of major federal regulations such as HIPAA and GLBA.   Nevertheless, with the proper communication and negotiation strategy, Microsoft’s online terms can often be amended to provide adequate protection for even the most regulated entities including enterprise financial services firms and healthcare providers.  Here is how we help our clients get it done.

Read more


License Restrictions

A broad license grant is often limited by license restrictions. These restrictions may include clarifications on the license grants as well as prohibitions. A typical set of license restrictions would prohibit licensees from:a. Distributing, sublicensing, renting, leasing, loaning, or granting any third party to access the software;b. Creating derivative works, modifying, translating, or altering the software;c. Exploiting or using the software other than for internal business purposes;d. Reverse engineering, decompiling, decoding, decrypting, disassembling, or deriving the source code; ore. Using the software for any purpose not expressly granted in the agreement.Although the above list is generally a reasonable and standard list of restrictions that a licensor may include with a license grant, the licensee should understand the prospective uses of the software to determine whether one of these restrictions may prevent the intended use of the software. Additional restrictions that usually require a more critical evaluation before acceptance include:a. Non-transferrable;b. Revocable;Without an express provision allowing transferability, licensees may not transfer licenses.  If a license is non-transferrable, then the software license cannot be resold. It is typical that even a perpetual license is not transferrable, but licensees often overlook this restriction where the licensee sells the license to another party after the licensee no longer intends to use the software. In such cases, it is possible that the buyer could be liable for copyright infringement even if paid a fair value for the software.Licensees may be surprised to see a term that allows a perpetual license to be revoked. If a license is revocable, the particular circumstances in which the license would be revoked should be addressed. Acceptable reasons may be that the government no longer permits the licensing of the software or that the licensee has misused the software in a manner that is inconsistent with the agreement.When selling or acquiring software, it can be helpful to consult an attorney familiar with software licenses to ensure that the grant and restrictions are appropriate. Conveying or obtaining an inappropriate license can be very costly or even a violation of copyright law.

Read more


The True Cost of Defending Against Copyright Infringement Litigation

Software publishers and entities like the BSA| The Software Alliance and the SIIA regularly audit companies to investigate copyright infringement claims. These entities seek monetary penalties if any infringement is discovered, and in the majority of cases, reach an out of court settlement for an agreed upon sum.

Read more


Microsoft Updates Volume Licensing Use Rights Documents

In the past, business consumers of Microsoft’s products and services have needed to reference at least two documents – the Product List and the Product Use Rights – to help determine the purchasing requirements and licensing rules applicable to those products and services. Both documents were incorporated by reference into Microsoft’s volume licensing agreements and were updated periodically by Microsoft on its website. While that basic incorporation-by-reference model remains in place, beginning in July 2015 Microsoft combined the Product List and the Product Use Rights into a unified document.. 

Read more


Why Enterprise Clients Should Choose User-based Software Licensing Metrics

I am a technology attorney in Texas specializing in software license transactions and disputes with the major software publishers including Microsoft, Adobe, Oracle and IBM. I represent some of the world’s largest corporations in enterprise software license transactions. I have been involved in more than 600 software license disputes in the last 10 years and during that time I have discovered that device- based licensing leads to many compliance problems that could be easily avoided. I have been encouraging my clients to move toward user-based metrics for many years, and the market trends are moving in that direction.

Read more


How to Accept SaaS

In many software development agreements, the customer has to accept the software before the contract is complete.  If the product is not acceptable, the parties have a contractually described way to address issues before final payment is due.  However, in software-as-a-service (SaaS) transactions, SaaS providers often argue that the SaaS is available upon execution of an agreement and software delivery and acceptance is not required.

Read more


Bad Advice That Can Get You Sued for Software Copyright Infringement

In recent years, many software publishers began using software audits as a means to increase revenue by penalizing customers for perceived compliance issues.  Software publishers often conduct direct audits, or audit through companies such as the BSA | The Software Alliance (“BSA”), or the Software & Information Industry Association (“SIIA”).  Although many software users take advice about their audits from software vendors, authorized resellers, or other purported experts, the practice is not always recommended.  Unfortunately, often these “certified partners” offer poor advice, costing businesses precious time and money. A growing number of businesses have learned the hard way to trust only an expert specializing in software copyright infringement to assist with software licensing and resolve software audits.

Read more


Top Three Early Strategic Steps in Enterprise Software Audits

No one likes to be audited. In most cases, there is little that a business can do at the outset of an audit to avoid licensing exposure, if that business has historically inadequate software asset management processes. However, there are steps that all audited companies usually can take – regardless of which publisher is conducting the audit – to help contain the risks and introduce a little predictability into the audit process.

Read more


Customer Indemnity

Software publishers that try to require an indemnification clause from their customers for use of the publisher’s software are often met with resistance. Providing software generally creates a risk to the customers that buy the software. But there are several occasions where an indemnity provision indemnifying the publisher for the end-user’s use of software may be appropriate because it creates a risk to the publisher or supplier.

Read more


Litigation Risks of Ignoring Software Audits

Software audits are a means for software publishers to enforce and regulate use of their copyrighted software, and publishers regularly outsource enforcement of their copyrights to law firms or entities such as the BSA| The Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”).

Read more


Top Three Revisions to Request in Software License Audit Clauses

Large companies that invest heavily in software licensing are familiar with the extremely one-sided nature of most software license audit clauses. It is a pleasant surprise when such clauses do not give software publishers rights to conduct audits at any time and for any reason, and when they do not require the audited companies to make punitive payments upon findings of even nominal or inadvertent usage in excess of licensed limits. It is therefore not surprising that those clauses often are among the most heavily negotiated sections of enterprise-level license agreements, especially when the licensee is a business with sufficient bargaining power to demand fairer terms. 

Read more


How to Find the Best Lawyer for Your BSA Audit Case

I am a partner in Scott & Scott, LLP a firm that focuses on technology law matters in Southlake, Texas.  We represent companies accused of software piracy by industry trade groups such as the Business Software Alliance and Software Information and Industry Association.  I had my first encounter with the BSA in 2004 when they sent a company that I advised an audit unfounded letter alleging that the company had installed copies of BSA member software without licenses.  We all had a sinking feeling when reading the letter from the attorney in Washington, D.C.

Read more


Be Mindful of Historical Usage When Licensing Microsoft Products Under SPLA

The Services Provider License Agreement (SPLA) is Microsoft’s preferred licensing option for businesses wanting to use Microsoft products in support of hosted software solutions made available to end users over the Internet. For many companies, SPLA is a good fit, in that it incorporates a monthly reporting mechanism, rather than an up-front license purchase, and allows hosting providers to float their usage up or down as demand for the hosted solutions increases or decreases.

Read more


Defining Software

When drafting or negotiating software agreements, it is important to understand the definition of “Software.” How software is defined will affect many of the important clauses in an agreement. It is not likely that the software definition will take on a technical or dictionary-like definition such as, “a set of instructions used to control a computer or how to operate a computer or computer programs.”

Read more


Anatomy of a Traditional License Grant

The traditional license grant is used to clearly define the rights conveyed for payment of a software license. A typical license grant may contain a string of adjectives to explain the type of license granted. In the alternative, it may be a very simple license grant followed by a list of restrictions. There are differing opinions about how a license grant should be drafted, but that may be because there are so many different license models. Sellers of software licenses may tend to solely work with their own license model (i.e. how the licensed is structured for their own product(s)). Purchasers of software tend to encounter a wide variation of software models from many different suppliers. How the license are granted seem to be less important than understanding the grant – however it is constructed.

Read more


Identifying Legitimate Software from Authorized Vendors to Avoid Copyright Infringement Claims

The International Data Corporation (“IDC”) reports that more than one-third of all software sold is counterfeit, despite often being marketed as authentic or legitimate by a third-party reseller. In addition to counterfeit software, some vendors sell heavily discounted software that is legitimate, but is sold in violation of its license agreement. The Copyright Act shifts the burden to the end user to prove he or she owns a legitimate license for the software, or risk facing monetary penalties for potential copyright infringement from software publishers or auditing entities such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”).

Read more


Is Hosting Microsoft Products via Third Parties a Good Option?

Most providers of hosted software solutions traditionally have delivered those solutions over the Internet from their own servers. However, an increasing number of businesses are interested in outsourcing not only their internal-use IT infrastructure but also the systems used to host their client-facing solutions. Doing so may allow a business to focus more on product development than datacenter maintenance, with new servers added at the push of a button.

Read more


Which is Better: Microsoft SPLA or Microsoft Self-Hosted Applications?

Many businesses that identify a need to acquire “commercial hosting rights” in connection with hosted solutions incorporating Microsoft software have two options for acquiring them: through a Services Provider License Agreement (SPLA) with Microsoft or through the Self-Hosted Application (SHA) benefit that is included with Software Assurance under an Enterprise Agreement or other volume-licensing agreement. For service providers whose offerings make them eligible to opt for either of those alternatives, it sometimes can be difficult to decide which path to choose. Here are some points to keep in mind:

Read more


Start Resolving Future Software Support Problems

During the software acquisition process, the parties are often ready to move past the terms of the contract and implement the software to start recognizing the benefits. Even before an agreement is reached, both parties usually expect that there will be some problems in all phases from implementation, configuration, testing, and operation of the software. So, it’s important that both parties determine how future software support problems will be handled.

Read more


Get the Support You Need

When licensing software, there may be an opportunity to buy support services as well. Support can be defined very differently among agreements. Support may even be defined in several ways in the same agreement because the support may be offered in tiers, or levels (e.g. Platinum Level Support). So, it is important to know what the business needs and the associated costs. Here are some issues to consider when thinking about how support should be defined in the software agreement:

Read more


Prioritizing and Resolving Multiple Software Audits

A software audit may come in many forms, ranging from an offer for a free Software Asset Management (SAM) engagement to a direct audit from a software publisher or its representative organization, such as the Business Software Alliance (BSA) or Software & Information Industry Association (SIIA).

Read more


Licensing Non-Employees to Access Microsoft Products on Your Servers

Many businesses have teams of third-party vendors to assist with their business operations or to provide independent services – like software development or website design – that require access to company servers. For Microsoft products like Windows Server that require additive licensing (usually, Client Access Licenses, or CALs) to support all such client access, the question sometimes arises: How do we license our non-employees to access our servers?

Read more


Disguised Software Audit Clauses

Agreements often contain clauses allowing the parties to review books and records, “Books and Records” clauses. These are often boilerplate clauses included agreements without much consideration from the contracting parties. When a Books and Records clause is used in a software agreement without a software audit clause, it can lead to serious consequences. It is not likely that a major software publisher will use an agreement without a software audit clause, but it is always recommended to review the software audit clause from any publisher.

Read more


Microsoft Enterprise Agreements May Be a Poor Choice for Many Companies

Microsoft Enterprise Agreements may represent attractive licensing options for larger companies with dynamic IT environments for which steady growth can be projected over a three-year term. However, smaller or mid-size companies with relatively static IT environments may experience more burdens than benefits under an EA, with increased costs and audit risks being significant disadvantages to participating in the program.

Read more


Copyright Infringement Implications for Mergers & Acquisitions

During a merger, divestiture or acquisition, the surviving entities may have a struggle with resulting ownership of software assets. Many companies include transfer language in their transaction documents to identify potential software and hardware assets to be transferred. Provisions in transaction documents may not definitively determine the ownership of the software assets in future license reviews.

Read more


Confidentiality and Privacy

Confidentiality and privacy clauses are important, but what is the difference and when are these clauses necessary? At first glance these clauses may seem appropriate and helpful. After all, shouldn’t every company want to protect its information? However, there are some important distinctions and considerations when reviewing these clauses.

Read more


Mesmerizing Multiples

When software publishers determine that a business has installed its software without a license, they typically demand that the business stop using the unauthorized software and usually demand that the business pay the publisher a penalty. The puzzling part of the monetary demand is figuring out where the publishers come up with these figures.

Read more


Prudent Preparation for Data Breach

Data breaches are becoming more common among even the most secure organizations. Just like most of us prepared for storms or fires in school by following a well-scripted plan, it is also prudent to prepare for the storm that will likely occur if data is breached from a business. Even a small business can take some simple steps to prepare for a data breach.

Read more


Autodesk Follows Adobe’s Shift to Subscription Only Cloud Offerings

In May 2013, Adobe announced that CS6 would be the last version of its CreativeSuite software product line that would be available under traditional,stand-alone, perpetual licenses. Instead, all releases of Creative Suiteproducts since then have been available exclusively through Adobe’s CreativeCloud solution, with users paying a monthly subscription fee to access CreativeSuite products.  

Read more


Campaign for Clear Licensing Turns its Sights to IBM and SAP

Having shone its spotlight on Oracle’s notoriously complex licensing policies and often adversarial audit practices, the Campaign for Clear Licensing (CCL), a UK-based organization advocating reforms to software-licensing practices, now has shifted its attention to what it believes to be the silver and bronze medalists among enterprise software licensing’s worst offenders: IBM and SAP.

Read more


Ongoing Obligations in Autodesk Settlements

An Autodesk settlement agreement contains the typical payment and release language, but sometimes the agreements also contain non-monetary provisions that audit targets must follow. 

Read more


Top Copyright and Trademark Infringement Mistakes Small Businesses Make (Part 3 of 3)

While copyright infringement is a significant concern for many businesses, it is important that trademark infringement is not overlooked. The third and final most common mistake in this 3-part series about the most common copyright and trademark infringement mistakes is outsourcing advertising to third parties without proper oversight or using trademarked phrases on marketing or advertising materials.

Read more


Top Copyright and Trademark Infringement Mistakes Small Businesses Make (Part 2 of 3)

While there are many industries that rely on computers and software to conduct business operations, some have computers or tablets for non-essential tasks. Regardless of how each computer is used, a company is responsible for any software installed on that machine, even the operating system. For example, one of my former clients was an auto repair company that owned tablets issued for free by a car manufacturer to keep track of service repairs. The tablets had Microsoft Windows operating systems pre-installed and no other software.

Read more


Top Copyright and Trademark Infringement Mistakes Small Businesses Make (Part 1 of 3)

 Managing a business is a complex task, and copyrights and trademarks are often at the bottom of a long list of concerns. However, a seemingly minor concern can quickly devolve into potential infringement that can cost a company thousands of dollars in penalties and legal fees, in addition to hundreds of business hours. This is the first of a 3-part series that discusses the top three copyright and trademark mistakes small businesses make.

Read more


Large Enterprises Need to Think Outside the Box When Licensing Software

Software publishers utilize myriad different license metrics to determine what kind and quantity of particular licenses their customers are required to purchase. Some are relatively straightforward, such as “one license per server” or “one license per user.” Others can be more complex, such as “one license per each virtual processor core…Subject to a four-core minimum…With licenses sold only in ‘packs’ of two…And you better make sure you’re purchasing the right software edition.” Most of these metrics – especially the more complex ones – make lots of sense if you are the publisher, usually less so if you are the licensee.

Read more


Avoid Oracle ULA Termination Risks

Many software publishers recognize that perpetual licenses should be, true to their name, perpetual, and that unless you violate the terms of the licenses they should remain in effect forever. As the licensee, you may not want to use that Microsoft Office 97 license you purchased fifteen years ago. However, if it suits your needs and is compatible with your hardware, you are good to go, even if you might have violated the terms of some other agreement with Microsoft during that 15-year period. Most publishers, like Microsoft, typically separate the terms of paid perpetual licenses from the terms of unrelated purchasing or services agreements.

Read more


Oracle ULAs Require Delicate Balancing

Many larger companies feel an understandable desire to move toward, centralized, enterprise-level software licensing agreements. Such frameworks often have the advantage of allowing licensees to spread their license spends more evenly over the term of the agreement and to focus somewhat less intensely on some software asset management (SAM) obligations.

Read more


Unlimited License Agreements for Oracle Products

Technology departments are continuously looking for ways to reduce costs related to software. Many larger enterprises are considering licensing software products on an enterprise-wide basis. For Oracle products, an unlimited license agreement (“ULA”) approach can be beneficial in terms of license management, but the transition from a ULA back to limited licenses can present problems for some companies.

Read more


Sweat the Small Stuff When Licensing Oracle Software

Enterprise-level software solutions often entail complex licensing challenges. Many of the thorniest questions often center on how to license software in virtualized environments, especially if the goal is to use something less than the full processing power of the hosting infrastructure. IBM licensees should be familiar with Big Blue’s requirement (in most cases) to deploy its IBM License Metric Tool (ILMT) in order to track the usage of products licensed on a sub-capacity basis.

Read more


Oracle Faces Withering Criticism of Its Licensing Practices

Licensing software at the enterprise level is rarely a simple undertaking. Unless your company is big enough to demand custom licensing terms, most businesses will face the prospect of contending with license metrics that may work great for the software publishers, but that are difficult or impossible for the licensee to apply in a resource-effective way. In addition, the cost of mistakes in this area can be very high, taking the form of audit fees and unanticipated license expenditures. 

Read more


Not Necessarily in that Order

Businesses habitually send license agreements, services agreements, and other standard agreements to their legal counsel to review, revise, and explain the risks associated with proposed deals. However, there are several attachments that should be included for review but are routinely left out; orders are among the most important.

Read more


Copyright Infringement Implications for Commercial Restrictions in Software Licensing

Copyright infringement relating to software licensing is a complex issue. The Copyright Act allows software publishers to pursue copyright infringement claims against consumers who fail to adhere to specific terms of the license agreements, even if the consumer purchased a license.

Read more


Understanding Software License Agreements to Avoid BSA or SIIA Software Audits

Recent trends indicate that software publishers are increasingly initiating direct software audits instead of outsourcing the auditing process to entities such as the BSA | The Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”). However, the BSA and SIIA continue to actively target companies of all sizes to determine whether the company is committing copyright infringement by failing to comply with software licenses.

Read more


IBM’s Audit Rights Take a Turn for the Worse

The software-audit language contained in IBM’s standard license agreements never has been anything that anyone would mistake for customer-focused or even very fair contract terms. However, in August 2014, IBM released a new version of its Passport Advantage Agreement (PAA) that applied immediately to all new business that now is in the process of being incorporated into IBM’s legacy relationships by virtue of the rights that IBM conveniently retains to implement unilateral contract changes.

Read more


Avoid Mixed-Mode Microsoft Licensing Whenever Possible

Most Microsoft software products – especially server produces – can be licensed under multiple different models and metrics. SQL Server probably is the best example of a product that presents companies with multiple decision layers when analyzing new use cases.

Read more


Injecting SPLA into Customer Agreements

A business providing products to its customers under the Microsoft Services Provider License Agreement (“SPLA”) should be aware of the End User Agreement (“EUA”) requirements and consider managing the requirements through its customer agreements. If a business fails to comply with the EUA requirements, then Microsoft can hold the business responsible for the unauthorized use by the business’s customers.

Read more


The Evolution of Software Asset Management: Include SaaS

Businesses may struggle with where Software as a Service (“SaaS) belongs when it comes to Software Asset Management (“SAM”). One may assert that SaaS is a service by name and has no place in the asset management lifecycle because it’s merely a service and not an asset to be managed. Here’s why companies should include SaaS in their SAM reviews.

Read more


Consider Microsoft’s Enterprise Cloud Suite with Eyes Wide Open

Companies licensing Microsoft software under Enterprise Agreements (EAs) likely have familiarity with the default requirement to true up EA Enterprise Products based on any increase either in the number of “Qualified Devices” (generally, workstations capable of running or accessing the licensed Microsoft products) or in the number of “Qualified Users” (employees who use Qualified Devices). While the EA incorporated user counts as a relevant licensing metric, it nevertheless has been a device-centric one that worked solely to Microsoft’s benefit (i.e., if the number of Qualified Devices remained stable while the number of Qualified Users grew, licensees still had to submit a true-up order).

Read more


Audits in the Cloud

Traditionally, software audits were conducted by gaining access to software installations and reviewing entitlements. Theoretically, if a customer is using a cloud product accessed by login credentials, then audits wouldn’t be an issue because the software publisher would be in complete control of the customers’ access to its systems. But, audits can still be a concern for software customers even if they are using a cloud application.

Read more


Farms, Lakes, and Other Places for Your Data

There are many serene places that your data can reside such as lush farms, large lakes, and different kinds of clouds. When licensing software applications, it’s important to know all of the places where the data may reside and how the data may get there. Data has to live somewhere, and businesses should be familiar with the data real estate market.

Read more


Not If, But When

Software audits are on the rise. Recent reports by industry experts show that software audits by major publishers are reaching new heights. And to make matters worse, the complexity of software license arrangements are increasing at the same time.

Read more


Right to Use SaaS

Software delivered by a vendor as a service can help reduce costs related to software acquisition. Although businesses may find it easier to find the budget to acquire software as a service (SaaS) instead of purchasing software outright, it may be less clear as to what kind of license is appropriate.

Read more


Sweat the Small Stuff When Licensing Oracle Software

Enterprise-level software solutions often entail complex licensing challenges. Many of the thorniest questions often center on how to license software in virtualized environments, especially if the goal is to use something less than the full processing power of the hosting infrastructure. IBM licensees should be familiar with Big Blue’s requirement (in most cases) to deploy its IBM License Metric Tool (ILMT) in order to track the usage of products licensed on a sub-capacity basis.

Read more


Innovative Solutions to Circumvent Burdensome SPLA Requirements

Many online service providers are well aware that Microsoft’s Services Provider License Agreement (SPLA) entails a licensing framework that can be difficult to manage. SPLA may be a great model for businesses seeking to “float” their license expenditures from month to month based on usage. However, what Microsoft considers “usage” and what most companies and individuals consider “usage” can be very different. The result is that monthly SPLA-reporting obligations can be very burdensome, especially for products licensed on a per-user basis under Subscriber Access Licenses (SALs).

Read more


Contemplating Data

The Big Data world transcended the Information Age. As a result, businesses should now think about how data relates to information, how data can be used, and whether data is properly cared for as a part of its technology contracts.

Read more


Autodesk License Upgrades Soon to be Extinct

One venerable software license model that many companies have utilized in the past has been the license upgrade, under which a licensee could acquire the right to deploy the newest version of a product at a much-reduced price, provided that the licensee also owns a full license for a qualifying, earlier version of the same product. However, with the increasing focus on recurring revenue and hosted software solutions, such licensing models apparently are approaching antiquation in the eyes of many software publishers, with the most recent being Autodesk.

Read more


Non-Disclosure Agreement Misconceptions

The name itself sounds so powerful: Non-Disclosure Agreement. How could anything be disclosed without repercussion if you have one of these? So you execute your NDA, and voila -- you’re all protected and can hand over the farm without a worry. Not really. Before letting someone take free reign into your facility for information, consider a few misconceptions about NDA’s:

Read more


Software Licenses: When Termination is Too Severe

As software license customers, we’re all familiar with license fees, maintenance fees, support fees, and access fees. If a licensee doesn’t pay, then a publisher may have an option to prevent a licensee from using the software. On the surface, it only seems reasonable that a licensee has to pay to play. And when a customer doesn’t pay, a publisher may seek to invoke its’ “termination” rights – effectively shutting down the use of the software.

Read more


Know the Publisher’s Audit Rights: Notice

When companies receive an audit notice, many are surprised when they realize that the notice is so short. Companies want to know if they are receiving a reasonable notice based on the industry norms. That often prompts the question: How much notice is normal for audit matters?

Read more


Don’t Wait For a Settlement Demand to Hire an Attorney for Copyright Infringement

Software publishers have increasingly identified software audits as potential revenue-generating exercises, which has led to a rise in the number of companies targeted.  Small, medium, and large companies all need to be aware that a software audit can result in extensive time and unbudgeted financial expenditures.

Read more


Software Audit Risks – What Are the Chances Your Company will be Next?

There is a set of related questions our software-audit clients frequently ask us that boil down to variations on one or more of the following: Why am I being audited? What if anything did I do to cause this? How can I avoid it in the future?

Read more


Customer Access Under Microsoft MSDN Developer Licenses

Microsoft’s MSDN subscription licenses often create license compliance problems. These problems arise because it is extremely easy to over deploy Microsoft software using MSDN media because it includes a vast array of Microsoft products with limited deployment controls. In addition, the licensing rules related to MSDN are often misunderstood. One often overlooked aspect of Microsoft MSDN licensing is customer access to development projects for purposes of testing, quality assurance, or feedback. 

Read more


Windows Desktop Licensing Can Be As Perilous As Any Other Microsoft Product

In any software audit, there are two over-arching categories of information that must be collected: data regarding what products are deployed on a business’ computers and records demonstrating the licenses that the business has acquired to use those products. With regard to the entitlements, some kinds of licenses often are relatively easy to document. For example, in Microsoft audits, entitlement records for server applications like SQL Server or Exchange Server often do not require significant effort to locate, simply because they either were expensive (and, thus, were saved in the ordinary course of business with records regarding other significant purchases) or were acquired through one of Microsoft’s volume licensing channels, resulting in purchase records being available either from Microsoft or from the business’ reseller.

Read more


Know the Publisher’s Audit Rights: Cooperation

When a publisher sends an audit notice, many companies wonder why they have to cooperate with the audit. In almost all cases, if anyone in the company has installed the software, the company has granted the publisher audit rights that can’t simply be ignored. In fact, many license agreements expressly state that an end-user must cooperate with an audit. And, cooperation doesn’t just mean reports. Being cooperative may sometimes mean providing access to facilities, systems, and records. In most instances, the audited company has to actively participate in the audits.

Read more


Know the Publisher’s Audit Rights: Frequency

When it comes to software license compliance, being compliant with the publisher’s licensing rules can be daunting enough. But compliance won’t stop a software audit.   When a company receives an audit notice, the first stop should be the end-user license agreement (EULA). There are some key themes to look for, and they may not always be so obvious – such as a specific Audits section. It’s important to find an answer to the question: How Often Can the Publisher Audit? 

Read more


Management’s Ignorance Is Not a Defense to Copyright Infringement Claims

Software publishers, acting alone, or through a proxy such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”), regularly audit customers or potential customers to ensure license compliance and deter against copyright infringement.

Read more


Microsoft’s Auditors Are Not Infallible

Microsoft licensing is a complex, multi-faceted undertaking, with different rules and license metrics applying to different products. In the context of software audits initiated by Microsoft, it is important to keep in mind the fact that the auditors hired to perform those investigations are fallible human beings and that they can (and do) make mistakes in their audit analyses.

Read more


BSA/SIIA Audits and Software Publisher-Initiated Audits Differ in Important Ways

While the over-arching concept underlying a software audit initiated by a publisher like Microsoft or IBM is the same as that in an audit initiated by the BSA | The Software Alliance or the Software & Information Industry Association (SIIA) – a comparison of software entitlements to software deployments in an effort to identify any licensing gaps – the similarities between those two types of audit investigations mostly ends there. Here are three important differences:

Read more


Unlimited License Agreements for Oracle Products

Technology departments are continuously looking for ways to reduce costs related to software. Many larger enterprises are considering licensing software products on an enterprise-wide basis. For Oracle products, an unlimited license agreement (“ULA”) approach can be beneficial in terms of license management, but the transition from a ULA back to limited licenses can present problems for some companies.

Read more


Be Wary of Requests for Mystery Data

Software auditors such as KPMG, Deloitte and PriceWaterhouseCoopers like to have things their way. It’s an understandable impulse – with likely hundreds of audits pending at any one time, the natural inclination is to standardize the process around a single set of tools and processes with which the auditors are most familiar. However, those tools and processes often are a poor fit for an audited business for any number of reasons, some technical and some legal.

Read more


Data Concerns in Outsourced Applications

Outsourcing information technology functions that are not mission critical can seem like an attractive proposition. E-mail, productivity applications, and hosted creative bundles can ensure that in-house staff can focus on those functions that contribute directly to revenue or customer service. But, companies that are considering outsourcing should carefully review the terms of service for the prospective vendor to ensure that the vendor will keep the data secure.

Read more


Retaining and Recovering Software Licenses

When a consumer or a business purchase software, it is critical to retain the software license as proof of the rights conveyed as part of the license.  One of the issues that arises during a software audit is that a) companies are using software that is many years old; b) it is difficult for the company to find the physical copy of its licenses; and c) older licenses are not always readily available online.     

Read more


Autodesk Settlement Agreements: Beware Restrictive Superseding License Terms

A software audit typically resolves in one of three ways: a dismissal, a settlement, or litigation. The most common path to resolution is a settlement between the parties for potential copyright infringement stemming from allegedly unlicensed software. Software publishers sometimes authorize entities such as the Business Software Alliance (“BSA”) or Software & Information Industry Association to pursue copyright infringement claims on its behalf, while other publishers prefer to pursue potential copyright claims directly.

Read more


SQL Server Licensing Strategies for SPLA

Licensing Microsoft server products in any environment can be a challenging undertaking, given the complexity of some of Microsoft’s licensing rules. However, licensing Microsoft products for commercial hosting environments under a Services Provider License Agreement (SPLA) can be especially daunting, due to the different use rights and license metrics available under that model. Licensing SQL Server is perhaps the best example.

Read more


Microsoft SPLA Audit Look-Back Periods

In a typical Microsoft audit of software licensed under perpetual licenses, the auditors usually will compare installations of Microsoft products against licenses owned, and Microsoft will require the audited business to purchase additional licenses required to cover any gaps discovered by the auditors. An audit under a Services Provider License Agreement uses a similar framework, but the analysis is complicated by the fact that SPLA is a monthly, pay-as-you-go arrangement, where the audited company may have been reporting SPLA licenses to its reseller for many years.

Read more


Autodesk Audits: Managing Independent Contractors

Autodesk, Inc. uses a variety of resources to identify potential audit targets. Many of these targets are small architecture or engineering firms that employ independent contractors in lieu of full time employees as CAD operators.A typical Autodesk software audit letter requests information regarding any installations of Autodesk products on company machines. The following are three possible scenarios involving independent contractors that have differing licensing implications.

Read more


Microsoft Audit Roadmap

Microsoft offers an array of software licensing options for its business customers. However, during an audit, the timing and course of the project typically follows a fairly well-worn path. 

Read more


Software Escrow Provisions in Agreements

Most technology-related contracts have provisions that seek to protect the seller or licensor’s intellectual property rights. These provisions usually contain clauses prohibiting reverse engineering, derivative works, or copying software.  It is generally true that most software is not sold; it is simply licensed to the licensee to use for some certain amount of time. What happens if the licensee relies on the software to run its business and the licensor breaches the agreement (due to, for example, insolvency, willfulness, or some other reason beyond its control)?

Read more


Considerations When Upgrading Your Software

Organizations considering whether to upgrade to the latest software versions sometimes fail to take into account one important component–license terms.  It is not uncommon for companies to invest several months in testing interfaces, interoperability, and regression to ensure the new version will work. They may even ensure they have the appropriate licensing for installing and running the newer version, but an often ignored area is the actual license terms.

Read more


Outsourcing Technology Law

Businesses have various reasons for outsourcing legal work. Reasons companies outsource general legal work include: increased revenue generation by helping the company to transact business more quickly, managing confidentiality by moving the matter outside the local company environment, and avoiding liability. Some important reasons companies outsource technology law related transactions include the following.

Read more


Changes for Microsoft Fail-Over and Disaster Recovery Rights

With the April 2014 versions of the Product Use Rights (PUR) (for volume licensees) and the Services Provider Use Rights (SPUR) (for services providers under SPLA), Microsoft has implemented significant changes to several usage rights associated with fail-over or disaster-recovery (DR) installations of its server products.

Read more


Microsoft SPLA - Access Misunderstandings

As part of its Microsoft Service Provider License Agreement (“SPLA”) obligations, a SPLA provider must report monthly usage, however Microsoft and SPLA providers do not always agree on the interpretation of the contract language. The Service Provider User Rights (“SPUR”) includes language that is much broader than what the licensee may understand.  Below is an excerpt from the 2013 SPUR for a commonly licensed Microsoft Product, the Remote Desktop SAL.

Read more


Non-Traditional License Documentation – Save Everything!

Whenit comes to keeping records demonstrating how and when your company acquiredsoftware licenses, you can never have too much of a good thing. Businessestypically have good procedures in place to track things like invoices andlicense certificates, but those kinds of documents do not always tell the wholestory. Even if they did, having some backup can be helpful when purchases fallthrough the cracks.

Read more


The Benefits of Software Self-Audit

Many companies faced with software compliance issues will choose to perform their own audit in advance of a formal audit by the publisher and/or include self-audit as a regular part of their risk management and internal control policies.  Some of the benefits to doing this are as follows.

Read more


The Kaiser Breach Case-What You Can Learn

Just recently, California Attorney General Kamala Harris filed suit against Kaiser Foundation Health Plan, Inc. (“Kaiser”) because of an alleged 2011 data privacy incident. It seems as though a simple accident led to sensitive data being accessed by unauthorized third parties, and ultimately exposed Kaiser to legal and financial risk. In this case, an external hard drive containing the sensitive personal information of Kaiser’s patients was sold to a retail thrift shop.

Read more


When an Audit is Not an Audit, Think Twice About Participating

In the software licensing world, all audits are not created equal. On one hand are the “true,” contractual audits. Here, the applicable license agreement gives the software publisher the right, usually upon notice and sometimes limited in frequency or scope, to demand access to the systems where its products are installed or a report of data demonstrating usage of those products. In many cases, a third party, like Deloitte or KPMG, is hired to review and validate the raw data. At the end, the audited business typically is required to purchase licenses to cover any unlicensed usage discovered as a result of the exercise. Penalties may be required as well.

Read more


What I Learned in the Last 10 Years Defending BSA -The Software Alliance Audits

I am an intellectual property attorney in Southlake, Texas who has handled more than 230 Business Software Alliance audit matters for small to medium-sized companies. For the last ten years, I have been representing end-user companies nationally in software audit matters initiated by major software publishers including Microsoft, Adobe, Autodesk, IBM and their trade groups including the BSA | The Software Alliance. Here is what I learned over the years.  

Read more


Responding to an Audit from the BSA-The Software Alliance

 If your company has received a letter from the BSA | TheSoftware Alliance requesting a software audit, you are probably wondering whether you should cooperate or ignore the request. I have been handling BSA cases for almost a decade and advise my clients to cooperate but to do so in a manner that will not jeopardize their legal position in the event that cooperation does not result in an acceptable out-of-court settlement. After handling over 230 BSA cases I have learned that business clients almost universally seek a resolution that has the lowest total costs and the most predictability.

Read more


Surprising Twist in Target's Data Breach Inquiry

In a recent article concerning the Target data breach, it was reported that the hackers used stolen credentials from one of Target’s third party vendors to gain access to Target’s systems. New information just released indicates that the third party was not a technology service provider, but rather an HVAC company (heating, ventilation, and air conditioning). While it may be surprising to the average consumer that an HVAC provider was given network access to Target’s systems, there may be a reasonable explanations for this. 

Read more


Beware IBM Acquisitions and Product Transitions

IBM software licensing can be a very complex knot to untie. While IBM does develop new products in house, many of its most popular offerings (Cognos, Tivoli and ILOG, to name a few) are the result of its active history of acquiring smaller publishers and then continuing to offer their products under the IBM brand. As a result, those publishers’ licensing metrics sometimes are incorporated (at least for a time) among the myriad other IBM metrics under which IBM licenses its products. (A description of different IBM license types is available here.)

Read more


Avoiding Spoliation of Evidence Claims in Software Audits

A software audit is a complex, arduous, and time-consuming process for the average company. Software auditing entities like the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) initiate software audits on behalf of software publishers to pursue potential copyright infringement claims arising out of software compliance issues.

Read more


Personal Data Privacy and Security Act of 2014

Companies conducting business in highly regulated industries will often select our firm to assist with evaluating privacy compliance. Companies are often required to comply with privacy obligations from outside counsel, the Gramm Leach Bliley Act (“GLBA”) or the Health Insurance Portability and Privacy Act (“HIPAA”). The GLBA and HIPAA regulate the financial and health care industries respectively, and beyond these types of industry-specific regulations, there is not a nation-wide standard of rules governing the handling of personally identifiable information (“PII”).

Read more


Using Vendor Agreements to Protect Against Data Breaches

The recent Target data breach, one of the largest breaches in history, appears to have been initiated after intruders used stolen vendor credentials to access Target’s point-of-sale system and install malware. Even if Target had no issues with its internal security, the trust it placed on one of its vendors has already yielded federal criminal investigations, and will likely result in millions of dollars of remedial measures to protect customers’ identities after the data breach.

Read more


For Hosting Providers Running Microsoft Products, “Dedicated” Means “Dedicated”

As discussed previously, providers of software hosting services may deploy on their servers Microsoft products licensed by their customers under two different scenarios, one of those being where the hosting provider has dedicated a physical server for use by the customer providing the licenses. However, providers thinking of taking advantage of this option need to tread carefully.

Read more


Google Announces a New Cloud Platform

Google recently announced new and improved Cloud platform offerings. For businesses regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or Gramm Leach Bliley Acts (“GLBA”), moving data to the Cloud is not something to be taken lightly. HIPAA and GLBA place a heavy emphasis on the protection of sensitive customer or patient information.

Read more


Data Breach Notice Statutes

For businesses regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or the Gramm Leach Bliley Act (“GLBA”), the amount of effort required to be compliant can be staggering. Those entities handling the personally identifiable information (“PII”) or non-public information for their customers have affirmative notice obligations and duties to protect PII under federal rules such as HIPAA and GLBA.

Read more


Software Audits: The Importance of Timely Completion of Post-Settlement Obligations

Software audits initiated by software publishers or representative entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), are often resolved by an out-of-court settlement. The carefully crafted settlement agreements release an audited company from liability, contingent on the following obligations.

Read more


Additional Considerations for Bring Your Own Device

A previous blog outlined many of the risks associated with increasingly prevalent bring your own device (“BYOD”) policies. While the previous discussion focused on I.T. governance concerns such as security, administration and device management, there are additional legal risks regarding BYOD.

Read more


Software Publishers Use Internet Posts to Aid in Infringement Claims

Companies should be aware of what they are posting regarding their services on the Internet. Software publishers and audit associations are reviewing web sites and on-line profiles in an effort to aid in copyright infringement enforcement. In situations where a software publisher has initiated an audit of the company’s software licensing, the representations made on web sites and professional networking profiles has at times been cited to refute the argument that the audit target either does not have the software publisher’s products installed or that it does not use any of the software products.

Read more


Timing is Key for Software Audit Settlements

More than 90 percent of software audits initiated by software publishers or representative entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), are settled out of court after negotiating a final settlement payment and terms. Although there are a number of factors that affect an ultimate resolution, timing of settlement is often important.

Read more


Hosting Providers Have Two Options For Customer-Supplied Licenses

Like any good business, many providers of hosted IT solutions prefer to demonstrate flexibility in offering services to their customers. For example, a company that offers hosted Exchange services may want to allow their customers to use perpetual licenses the customers purchased to support deployments on the service provider’s servers. While Microsoft’s licensing rules permit this under some circumstances, there are important restrictions on how the Microsoft software may be deployed that can result in severe penalties for the unwary.

Read more


Contract Provisions Concerning Privacy & Security Compliance

Managing data security and privacy is becoming an increasingly larger part of a company’s risk portfolio, especially as it relates to transactions with third parties. These third-party transactions may include the outsourcing of technology services, hosted data, or software as a service (“Saas”), and as an example, consumer information privacy is an area garnering a lot of attention.  From data breach notice reporting to class action lawsuits, companies who handle the non-public personal information of individuals have possession of high-risk information, and entities regulated by HIPPA and the Gramm Leach Bliley Act need to ensure they are compliant with the statutory requirements.

Read more


Releases of Liability as Part of Licensing Deals – How Hard to Push?

Software publishers know that the vast majority of their customers are, to varying degrees, out of compliance with the terms of license agreements governing their use of the publishers’ software products. Especially in larger enterprises, managing and maintaining a company’s license position is a daunting and maybe even impractical task, especially given the increasingly complex architectures utilized in today’s IT environments and the correspondingly complex licensing metrics that go along with them. The choice often comes down to increased licensing exposure due to lax monitoring or the lost productivity that may arise from systems that are centrally managed by IT teams with insufficient resources.

Read more


The Challenges of Compliance

This firm often assists regulated entities with compliance-related concerns such as information security, due diligence, software licensing, and data breach notifications. As the universe of compliance obligations expands, so too does a company’s exposure portfolio. This increase in liability may result from a software publisher audit, failure to provide notice to customers about a data breach, or governmental agency fines. Compliance, like many other aspects of the business world, is a balance of risks.

Read more


The Managed Services Provider Contract

Service providers are often surprised by the fact that they need more than one agreement to govern the relationship with their clients. There will usually be some sort of master agreement, often referred to as a business services agreement or master services agreement. This agreement will typically contain the terms and conditions governing all of the related transactions between the parties. There will likely be provisions concerning confidentiality, intellectual property, termination, and warranties, among many others.

Read more


Software Audits: Proving Ownership of Software Licenses

Often the single most arduous and time-consuming task facing companies who are the subject of software audits is collecting entitlement information to prove ownership of licenses for software installed on its networks. Once a company receives an official audit letter from a software publisher, or one of its representative entities such as The Software Information & Industry Association (“SIIA”), or Business Software Alliance (“BSA”), the first step is to conduct an analysis of software installed on its network.

Read more


Compliance May Remain a Concern Even in the Cloud

For many businesses, the allure of moving their software platforms, applications and/or databases to The Cloud lies substantially in the promise of ridding themselves of license-compliance concerns. The pitfalls of a Cloud-based architecture are worth accepting for many businesses that do not want to expose themselves to the risks of hefty penalties or compliance purchases that may be required to resolve audits or other licensing disputes associated with having third-party software installed on their computers.

Read more


Software Audits: Surviving Settlement

Software auditing entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), initiate software audits of businesses that more often than not result in a settlement agreed to and negotiated by both parties. It is infrequent that a software publisher or auditor initiates against a company copyright infringement damages arising out of software compliance issues.

Read more


Risks of Bring Your Own Device

More companies are faced with a workforce that wants to bring their own devices (“BYOD”) to work. One on-line journal cites a poll that finds that younger workers actually see bring your own device as a right rather than a privilege. For a company considering a BYOD policy, there are risks involved. Some of the risks are as follows:

Read more


Avoid Oracle ULA Termination Risks

Many software publishers recognize that perpetual licenses should be, true to their name, perpetual, and that unless you violate the terms of the licenses they should remain in effect forever. As the licensee, you may not want to use that Microsoft Office 97 license you purchased fifteen years ago. However, if it suits your needs and is compatible with your hardware, you are good to go, even if you might have violated the terms of some other agreement with Microsoft during that 15-year period.  

Read more


Company Policies and Compliance

Compliance and risk management are becoming more important concepts for businesses, and especially those operating in regulated industries. Outside of technical legal concepts such as negligence per se or breach of contract, in the event of a dispute between parties concerning legal liability, the case often turns on whether the conduct of one party was reasonable under the circumstances. If a business deals with the non-public personal information of its clients, for example, a dispute may arise in the event this information is disclosed to an unauthorized third party.

Read more


Oracle ULAs Require Delicate Balancing

Many larger companies feel an understandable desire to move toward, centralized, enterprise-level software licensing agreements. Such frameworks often have the advantage of allowing licensees to spread their license spends more evenly over the term of the agreement and to focus somewhat less intensely on some software asset management (SAM) obligations.

Read more


Buyer Risk Management Strategies During M&A Activities

Depending on which side of a merger transaction a party is on, the strategies for protecting your interests may be different. This is particularly true with respect to intellectual property assets or license agreements. A buyer who is looking to purchase the assets of another entity may consider the following strategies for limiting its risk exposure and ensuring smooth post deal operations.       

Read more


Trust, But Verify with Third-Party Software Vendors

Enterprise-level software solutions often are very complex products requiring a level of expertise that may be outside the experience or skill sets of generalist IT teams. Many businesses therefore rely on the services of independent software vendors and consultants to evaluate their needs for particular solutions, to procure the required licensing, and to deploy and configure the solutions on the businesses’ servers. Many of those vendors may even be recommended by the publishers of those software solutions, and their customers naturally feel as though they can rely on their advice and consultation regarding licensing requirements.

Read more


Key Provisions in Technology Services Agreements

Technology services companies should ensure that their agreements contain provisions designed to protect them in disputes with their customers.

Read more


Seller Risk Management Strategies During M&A Activities

Depending on thestructure of a merger or asset purchase agreement, a seller may inadvertentlyviolate the terms of a license agreement or take on liability to a buyer orsoftware publisher when dealing with software licensing.  Software licensing agreements often haveprovisions that either prevent assignment or transfer of the license completelyor at least require the transferor to seek permission from the publisher beforeany transfer takes place.[1]Sellers may be able to limit their exposure by implementing the risk mitigationstrategies below.   [1] For an analysis on what happenswhen the license agreement is silent see the following :http://www.scottandscottllp.com/main/blogentry.aspx?id=3304 

Read more


Don’t Forget to Raise Equitable Arguments in Software Audits

Most software audits eventually reach a point after all the deployment and license data has been collected when the auditors – often employees of an accounting firm like Deloitte or KPMG, though sometimes the publishers’ own internal audit teams – present their draft audit findings to the audited business. At that stage, the auditors then usually give the business an opportunity to identify any errors in the draft findings before they are presented to the software publisher’s compliance team. However, if the audited company limits its review of the findings to factual errors, it may be missing critical opportunities to mitigate compliance exposure.

Read more


Internal Software Audit Priorities – Where to Start?

Many business leaders who find themselves on the receiving end of software audits targeting their companies vow to never again be caught with significant exposure related to their licensing positions. However, knowing how to act on those resolutions sometimes can be challenging, especially when the company’s software estate is a large or diverse one. Here are some guiding principles to help businesses make decisions about where to start:

Read more


Warning: Read and Understand Social Media Sites’ Terms of Use

Many people, and increasingly more businesses, are utilizing social networking, photo sharing, and cloud storage web sites. Virtually all of these types of sites will require acceptance of terms and conditions when a user or business signs up for an account. The language contained in this fine print likely contains a license grant which grants permission to the photos or other creative works that were uploaded. This is likely true whether these uploads were for personal or commercial reasons.  

Read more


Software Compliance: Finding Authorized Vendors for Hardware with OEM Licenses

Depending on the size of a business, management may choose to purchase company computers ad-hoc through retailers such as Best Buy or Office Depot. Larger companies may have open accounts through vendors like CDW or Dell Computers, while smaller companies sometimes use local vendors that sell hardware with pre-installed Windows operating systems. It may be difficult to prove ownership of these operating systems if faced with a software audit from a publisher or auditing entity, such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”).

Read more


Dangers of Submitting Incomplete or Inaccurate Software Audit Results

Although software compliance can sometimes fall low on a company’s priority list, a software audit typically brings prior software compliance efforts into sharp focus.  An audit, whether initiated by a software publisher, or by one of its representatives such as the Business Software Alliance (“BSA”) or Software & Information Industry Association (“SIIA”), is a complicated and lengthy process, with rules set by the auditor.

Read more


Careful Recordkeeping Key to Software Compliance

Software audits are on the rise and often take the targeted company by surprise. Most audited companies are ill equipped to produce an accurate inventory and records for hardware and software purchases and lack the funding or resources to conduct an accurate analysis of its software compliance.

Read more


First US IP Enforcement Coordinator Named to Head BSA

BSA | The Software Alliance recently announced that it had named Victoria Espinel, who served in the Obama Administration as the first US Intellectual Property Enforcement Coordinator as its new President and CEO. Ms. Espinel’s prior government experience included service during the Bush administration as Senior Counsel in the Office of the US Trade Representative and as the first Assistant US Trade Representative for Intellectual Property and Innovation. Prior to that, Ms. Espinel also practiced law with Covington & Burling, a firm that often represents Microsoft in litigated software-licensing disputes.

Read more


Don't Take Your NDA for Granted During Software Audits

Many businesses expend far too little effort in securing appropriate non-disclosure agreements during software audits. Some businesses even wholly overlook NDAs during the audit process, believing that they have no leverage to demand reasonable protections for the information that the auditors will ask them to provide. This is a mistake that can cost a company millions.  

Read more


Risk Mitigation Strategies for Managed Services Provider Agreements

Typical service provider agreements are usually drafted by the service provider, and at least early during the negotiation phase,will likely try to shift much of the legal risk to the customer. In these types of business transactions, the customer is often seeking a "turn-key" solution for management of its technology needs. Depending on the level of outsourcing contemplated, the service provider may be installing software applications for the end user, and installation of software on computers that is not licensed could expose the end user to significant legal and financial liability.  

Read more


Vendor Due Diligence

Companies that engage technology vendors for various services such as co-location, hosting, cloud services, and software licensing often get lost in the negotiation of the monetary and non-monetary terms of the agreement, and fail to consider the threshold question–is the vendor capable of performing? The terms and conditions of the contract spell out the rights and the obligations of the parties to the transaction, but ideally, companies should select vendors that have a low probability of breaching. A key to mitigating this risk is conducting due diligence before selecting the vendor.

Read more


Managing Risk for Licensing Agreements During Merger Activities

Merger and Acquisition activities can have a significant impact on existing software license agreements. Many license agreements specifically prevent assignability, transferring, or sub-licensing of the rights under the agreement, so if a buyer is acquiring the assets of an organization or is involved in some other type of merger, it may find itself in the position of defending a copyright infringement claim from the original licensor. An inadvertent transfer of the license may result in significant penalties, including but not limited to relicensing the software already licensed by the original licensee or copyright damages into the Millions of dollars.

Read more


Software Audits: Securing a Release of Liability with Settlement

Software auditing entities, such as the Business Software Alliance and Software & Information Industry Association, typically set forth a complex set of requirements for software audits that can be confusing, time-consuming, and expensive. Many businesses faced with software audits are eager to resolve these matters, and choose to pay to settle out of court. Often companies are so focused on the final settlement payment, that they do not spend as much energy on the non-monetary provisions in final settlement agreement.

Read more


Control Software Audit Disclosures By Keeping an Eye on the Audited Entity

In many cases where we are retained to assist companies targeted for software audits after software-deployment data already has been submitted to the auditing entities, we have the regrettable obligation to let our clients know that they have disclosed too much. Over-disclosure can cost a company millions of dollars, and it is typically very difficult or impossible for us to “un-ring” the disclosure bell by convincing the auditing entity that it needs to disregard audit data previously provided by our client.

Read more


Tame Complexity in Enterprise IT Services Agreements

Many large enterprises have made the decision to transition the support and management of their information technology assets and networks to third-party service providers, such as IBM or HP. Such arrangements can help companies to focus their internal efforts more on driving business with their customers, and less on internal work that may represent a distraction from core objectives. However, such contracts can be fraught with challenges, one of the most notable of which being the danger of unmanageable complexity.

Read more


Top Three Tips to Ensure Software Compliance

Companies facing copyright infringement claims from software publishers or their representatives have few options to navigate an audit and resolve the matter out of court. The costly nature of a software audit has prompted companies to take pre-emptive steps to avoid expensive audits by utilizing three key strategies.

Read more


Know When to Say When in Response to Auditors’ Requests for Information

Software audits can be intensely frustrating ordeals for businesses to navigate. Many publishers will go to great lengths to cajole their customers with assurances of amicability and license-optimization opportunities, but most IT managers know that the reality of audits in almost all cases is anything but friendly and fraught with pitfalls. However, the first things that audited companies can do to mitigate their exposure is review the applicable software licenses and gain an understanding regarding just what the auditing entity is in a position to demand.

Read more


Avoid Ambiguity in Microsoft Licensing Agreements

CTOs who have read Microsoft’s volume license agreements and product use rights documentation know that Microsoft has a special place in its heart for contractual “grey area.” To some extent, that fact likely arises from the practical impossibility of trying to accurately capture all of the technical parameters that could affect license rights. Enterprise IT architectures are dynamic, incorporating constantly evolving technologies. A license agreement that is too tech-specific runs the risk of being difficult or impossible to enforce when the industry starts moving to new platforms. However, that does not explain everything when it comes to Microsoft’s contracts.

Read more


Not All Software Audits Protected By Privilege

Companies faced with a demand for a software audit from a software publisher or an entity such as the Business Software Alliance or Software & Information Industry Association are increasingly turning to their own internal IT departments or hiring technology consultants to conduct software audits, the results of which may be discoverable in future litigation. The discovery risks associated with conducting an internal audit or hiring an outside IT firm to conduct a software audit may be mitigated by hiring legal counsel to conduct the audit and prepare a legal analysis.

Read more


Risks Associated With Hosting Data in the Cloud

Scott & Scott’s attorneys are often asked about the legal and compliance risks associated with hosted applications or data in the public Cloud. Depending on the industry, this seemingly transparent choice of where a company hosts its data may actually present significant risks. Given the nature of how data is stored in the Cloud, companies potentially have less control over the management, storage, and access of their data, which results in increased compliance and legal liability challenges.

Read more


Beware the Mandatory SAM Engagement

For several years now, Microsoft has offered some of its customers the “opportunity” to have third-party licensing consultants (selected by Microsoft) review those customers’ Microsoft product deployments and determine whether those customers have all of the licenses needed to support those deployments. Called Software Asset Management, or “SAM” engagements, the reviews are, in theory,optional, financed by Microsoft, and presented as a collaborative benefit to customers in order to maximize the efficiency of their licensing budget. In practice, however, SAM engagements typically are nothing but informal audits conducted by consultants whose loyalties lie with Microsoft.

Read more


Choice of Law Is Not Just Boiler Plate

When reviewing various types of agreements, there is often a small section for choice of law and venue selection included with the fairly routine provisions such as severability and force majeure. Although these choice of law provisions are usually very brief, these provisions can end up having a large impact and should be given consideration during the negotiation and drafting phase.

Read more


Don’t Short-Sheet the Internal Analysis in an IBM Audit

One of the most critical steps of any business faces in any software audit is conducting an internal analysis of deployments to entitlements, preferably before any audit data is shared with the auditors. That internal review serves several purposes, including (1) identifying deployments for which a company's license documentation may be lacking, thereby giving the company an earlier opportunity to locate invoices or other purchasing records, (2) identifying deployments at risk of being counted inaccurately by auditors, and (3) giving finance teams an opportunity to set aside appropriate reserves based on estimated exposure levels.

Read more


Software Licensing in M&A Transactions

Many business owners are familiar with how complex merger and acquisition activities can be. Asset purchase agreements, reverse triangular mergers, and statutory mergers not only sound intimidating, but there is a significant amount of complexity inherent in these deals, even when dealing with smaller entities. These transactions may present legal and financial risks concerning intellectual property license agreements. When a company acquires the assets of another company, they probably assume that they also gain ownership of the assets owned by the company they acquired. Unfortunately, that “asset” may really just be a liability in disguise.

Read more


Adobe Audit Demands Can Be Burdensome

Businesses contacted by Adobe for software audits can be lulled into thinking that those investigations entail less exposure risk than audits by other publishers, like Microsoft or IBM. Adobe audits typically are conducted directly by Adobe representatives, rather than by a third-party auditor like Deloitte or KPMG, and the inventory data usually is provided by the audited business using its own toolsets. In addition, Adobe’s audit team is generally quite genial in its approach, at least at the outset of an engagement.            

Read more


Business Software Alliance (BSA) Adds Dell to its Member List

The Business Software Alliance (BSA) recently announced that Dell has joined the software-industry organization as a new member. It remains unclear at this stage whether the new relationship will have an impact on future BSA software audits. Many BSA members tend not to play very prominent roles in the organization’s license-enforcement efforts and instead work with the BSA mostly on efforts to promote the industry.

Read more


The Costs of Data Breach

As incidents of data breach have become more prevalent, it is important to note what this could actually mean for a company who stores and maintains (or shares) the personally identifiable information (“PII”) of its consumers. Generally speaking, the sources of these legal risks could be broken down into three general categories: federal, state, and common law.

Read more


Running Windows Server in Clustered VMs Carries Risks

Many businesses running virtual servers with shared physical infrastructures have encountered significant audit exposure arising from the fact that, according to Microsoft, the physical machines in a clustered arrangement may be “running” any number of Windows Server instances at any time. Therefore, Microsoft historically has demanded that a number of server licenses be assigned to each physical host sufficient for all VMs running in the cluster.

Read more


Impact of PC Administrator Access on Unlicensed Software Exposure

Operating system level security in the workplace has always been a double-edged sword. Everyone generally recognizes its importance, but internal customers need more, and IT departments are faced with increasing help desk requests while managing with a continuously shrinking number of resources.  In an effort to “resolve” many help desk requests before they come, IT administrators will often leave user accounts either with admin access during deployment or perhaps during some sort of resolution phase of an open trouble ticket.

Read more


Adobe Creative Suite Abandons Your Desktop for The Cloud

On May 6, 2013, Adobe announced that Creative Suite 6 and the component products included in that product line (e.g., Photoshop CS6, Illustrator CS6, etc.) would be the last Creative Suite products to be released under stand-alone, end-user licenses.

Read more


Software Audit Associations in Other Countries

With expanding international economies, it is no surprise that companies outside the United States are facing software compliance challenges. This is true for companies existing solely in the foreign country, or US based companies with subsidiaries or operations outside the US.  Further, it is no surprise that there are audit associations operating in larger foreign countries.Our firm was recently asked how to respond to an inquiry by a South American audit association, Software Legal Argentina, regarding software located at its South American operations. Because of this situation our firm took pause to consider the differences in responding to a “typical” software publisher audit letter in the US and one received in a country outside the US.

Read more


Pay Attention to the Expiration Date

In various types of technology contracts, you often have change orders or separate scope of work agreements (“SOW”), which ultimately refer to or amend some sort of Master Service Agreement (“MSA”). These documents are typically “contracts” however they are often limited in scope and detail as they generally just pertain to the discreet, specific project at hand. Much of the legal verbiage regarding the actual rights and obligations of the parties to the contract are contained in the MSA.

Read more


Client-Licensed Microsoft Software in Hosted Environments

Hosting services customers often want to use licenses that they have acquired to deploy Microsoft software on a service provider’s servers. Those customers need to be wary about such deployments, as applicable license terms may restrict their ability to deploy the products offsite. However, the service provider needs to be doubly cautious. After all, the software is sitting on the provider’s servers – not the customer’s – so the risk of exposure associated with improper licensing is higher.

Read more


New Opportunities for the Business Software Alliance

The Business Software Alliance (“BSA”) commented on a White House announcement indicating its intent to negotiate a new trade agreement with the European Union. The press release quoted former BSA CEO Robert Holleyman as saying “It is also encouraging that the goals include expanding access to government procurement markets and state-owned enterprises, and affirming the shared US-EU objective of high-level IPR protection and enforcement.”

Read more


Are End-User Agreements for Tangible Products on the Horizon?

Recently, Google received substantial press related to the Terms of Service associated with its new “Google Glass” product offering. For the uninitiated, Google Glass is a $1,500 fashion-challenged eyeglass frame that incorporates a tiny, electronic display screen, visible only to the wearer, beaming texts, search results, maps, and assorted other digital content straight to that wearer’s right eyeball. Google is convinced that it is the next New Thing, so much so that the Terms of Service all eager, early Glass adopters must accept incorporate what may be the next New Thing in tangible product sales – restrictive covenants.

Read more


Whose Job Is It To Manage Software Licensing?

Over the past few years, there has been a large increase in the number of publisher-initiated software audits.  The authority for these audits is often a provision in the end user license agreement which entitles the publisher to audit companies’ installations of the software.  Audited companies often spend tens of thousands of dollars responding to the audits. With such costly (and often un-accrued for) liabilities a distinct possibility, the question that is begged to be asked is where does it make sense to apportion this responsibility. In other words, whose job is it to manage audit risk?

Read more


SPLA-Audit Exposure Difficult to Estimate

One of the first steps we typically recommend to businesses facing software audits from any source is to try to estimate the financial exposure related to those audits. Doing so allows a company to allocate its resources more efficiently and to set aside reserves or make other financial preparations in advance of settlement, when auditors often demand quick action in order to secure more favorable terms.

Read more


SPLA Road Map Outcomes

In a past entry, I mentioned the SPLA Qualification Road Map as a helpful document for companies to use when trying to determine the appropriate license model for Microsoft products deployed in connection with hosted services. Again, the road map takes the form of a flowchart, with each step consisting of a question that is relevant to the “commercial hosting” analysis.

Read more


Defending SPLA Audits: Critical First Steps

Many businesses contact Scott & Scott, LLP regarding Services Provider License Agreement (SPLA) audits after providing extensive information to Microsoft’s auditors and receiving compliance demands that would be ruinous for their bottom lines, if paid in full. At that stage, it might be difficult to “un-ring the bell” with respect to the data allegedly underlying the compliance calculations, forcing an audited business to consider other options – including litigation – for reaching a resolution.

Read more


Paying Someone to Take Your Property

When companies contract out to vendors for services, it is commonplace for the vendor to provide at least an initial draft of the agreement under which the services are to be performed. In most cases, these agreements are slanted to protect the interests of the vendor. This often creates a problem when the services contracted for are artistic or creative in nature (including software development).

Read more


SPLA Basics: Who Needs a SPLA?

We write extensively at this site about some of the finer points pertaining to licensing software under Microsoft’s Services Provider License Agreement (SPLA). However, some businesses new to the model often ask us much more basic questions, like: What is SPLA, and is it right for me?

Read more


FTC Releases Report Regarding Mobile App Privacy Disclosures

In a report released by the Federal Trade Commission (“FTC”) in February 2013, the FTC makes recommendations for best practices concerning privacy disclosures in the hope of making them more effective. While noting the proliferation of smart phone usage and accessibility of apps, as well as the increasing amount of transparent personal data being shared across platforms, the report’s focus with regard to its recommendations is disclosure.

Read more


Is it Possible to Short-Circuit a Software Audit?

Companies react in different ways after receiving a letter from the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA) demanding a software audit. Some ignore the letter, assuming it to be some kind of spam or marketing ploy. This is not advisable. Audit demands from the BSA and SIIA generally are very serious matters, and they can result in federal court litigation if they are neglected or if the auditors determine that a company is not cooperating in good faith.

Read more


Significant Changes for External Client Licensing on Microsoft Products

With the release of the 2013 versions of Exchange Server, Lync Server and SharePoint Server, Microsoft is dispensing with the requirement that companies purchase client licensing for “external users.” External users are defined as “users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents.”

Read more


SPLA Audits and Anonymous / Authenticated / Outsourced / Non-Outsourced Windows Server Licenses

Businesses that have endured audits initiated by Microsoft in connection with Services Provider License Agreements (SPLAs) are all too aware that Microsoft’s auditors spare no effort in identifying opportunities to increase the total amount of the compliance purchases demanded to resolve licensing discrepancies. For serviceproviders that have licensed Windows Server operating systems under SPLA for some time, one of the tactics used by Microsoft stems from  the confusing, bifurcated licensing regime that Microsoft previously applied to that product.

Read more


Be Wary of All Factors Affecting Potential Exposure in Software Audits

Most businesses that try to plan for software audits and to estimate the potential exposure they could incur in the event of those audits know that the primary cost components of that exposure typically are the prices associated with any licenses they may have failed to acquire. For example, if a company determines it has ten installations of Adobe Acrobat Professional for which it does not own licenses, then the exposure associated with those installations may be estimated as the price of ten licenses for Adobe Acrobat Professional.

Read more


Microsoft Releases First Full Offering of Hosted Office

On January 29, Microsoft announced the full release of its new, hosted, “Office 365 Home Premium,” service, which makes its popular suite of Office productivity products available to users over the Internet in return for a recurring subscription fee. Other editions in the Office 365 series also are available under “preview releases.”

Read more


BSA Adds IBM to its Member List

The Business Software Alliance (BSA) recently announced that IBM has joined the software-industry organization as a new member. It remains unclear at this stage whether the new relationship will have an impact on future BSA software audits. Many BSA members tend not to play very prominent roles in the organization’s license-enforcement efforts and instead work with the BSA mostly on efforts to promote the industry.

Read more


ISVs Must Attend to Customer Agreements

Independent software vendors and other companies that distribute third-party software products as part of their proprietary solutions often are predictably good at capturing core business terms in their customer agreements, carefully defining the products and scope of services to be delivered. Unfortunately, far fewer are as reliable about including required, third-party license terms in those agreements, which can make an audit particularly uncomfortable if one of those third parties wants to know about software deployed on end users’ computers. And far fewer still include adequate terms in those agreements to address what happens if an auditor finds licensing discrepancies affecting end-user installations.

Read more


MLS Copyright Lawsuits a Sign of Things to Come?

According to a recent article published by Inman News, multiple listing service (MLS) companies – providers of real-estate listing information for brokers and their agents – may be contemplating the formation of an industry group to enforce the owners’ perceived intellectual property rights against third parties who acquire their data and make it available to others without the MLS providers’ permission. The issue apparently is a long-standing one for MLS providers, and it recently has gained more public attention due to copyright lawsuits filed by two regional providers (one from Maryland and one from Minnesota) against the operator of NeighborCity.com, which allegedly used the plaintiffs’ data in the creation of its real estate agent ratings and referrals site.

Read more


BSA Adds Oracle to its Member List

BSA | The Software Alliance recently announced that Oracle had joined the software-industry organization as a new member. It remains unclear at this stage whether the new relationship will have an impact on future BSA software audits. Many BSA members tend not to play very prominent roles in the organization’s license-enforcement efforts and instead work with the BSA mostly on efforts to promote the industry.

Read more


Copyright Alert System – The “Six Strikes” Warning System

The Center for Copyright Information (“CCI”) and its partners, the Recording Industry Association of America (“RIAA”), Motion Picture Association of America (“MPAA”), and leading U.S. Internet Service Providers (“ISPs”) soon will implement a system designed to reduce illegal file sharing of copyrighted works. The Copyright Alert System (“CAS”), also referred to as the “Six Strikes” system, is a subscriber notice system in which the ISPs will monitor Internet traffic to identify illegal downloads of copyrighted works.

Read more


Software Development Licensing Is Not Free

Many businesses develop their own software products, and they understandably want to save on the licensing costs associated with using third-party tools or products in their development environments. However, not all publishers treat development licensing in the same way, and companies that are familiar with one publisher’s practices may end up in hot water if they assume those practices represent some kind of industry standard.

Read more


California Becomes Third State to Regulate Employer Access to Social Media

Last month, California Governor Jerry Brown signed Assembly Bill 1844 into law, making California the third state, behind Maryland and Illinois, to create statutory privacy protections for social media users from their employers. Senate Bill 1349 applies the same prohibitions on the state’s colleges and universities.

Read more


Second-Hand Software OK in the EU

A flurry of attention surrounded the recent legal saga of Timothy Vernor and his protracted fight against Autodesk to re-sell software via eBay. In the end, it was decided by the Ninth Circuit Court of Appeals that the “first sale” doctrine applicable to other kinds of copyrighted works does not apply to software licenses and that software publishers may use copyright law to prevent the development of a market in second-hand software packages. (More information on the Vernor outcome is available here.)

Read more


State Data Breach Laws Continue to Evolve/Diverge

While data privacy and compliance professionals clamor for a single, Federal data breach notification statute, states have continued to establish and amend their own medley of breach notification statutes. As of September, 2012, 46 states and the District of Columbia have enacted some version of consumer data breach notification requirements. This disparate environment makes compliance under these evolving and sometimes divergent state notification frameworks both technically and logically challenging for organizations that find themselves cleaning up after a data breach.

Read more


Using IBM Software in Clusters May Be Less Risky Now…But Tread Carefully Anyway

In the past, when deploying IBM software licensed on a Processor Value Unit (PVU) basis on servers that are configured in clusters for fail-over or load-balancing reasons, it generally has been necessary to license all servers in the cluster for that product. (Read more here.) Thus, for example, though a business may only be deriving limited functionality from an installation of DB2 Enterprise on one server, if that server is in an 8-unit cluster where each of the physical servers is identical to the one where DB2 is installed, the IBM customer could incur a DB2 Enterprise licensing charge equal to 8 times the amount to license the single host machine.

Read more


Proper Microsoft Licensing in Hosted Environments is a Two-Part Question

Businesses wanting to license Microsoft products for use in connection with solutions delivered to customers over the Internet need to remember proper licensing involves answering two questions:• Are users “accessing” the software?• Is that access “commercial hosting”?Many companies skip to question two, but the answer to question one may keep you from having to address it at all.

Read more


Preventing Bad Press Associated With SIIA Software Audits

The Software & Information Industry Association (“SIIA”) is an organization that pursues copyright infringement claims on behalf of many software publishers against companies it accuses of violating its members’ software license agreements. Although many companies have properly licensed software, many are unable to produce the receipts from software purchased years prior to the audit. In many instances, it is better for innocent companies to settle the SIIA’s claims instead of litigating them.  Because a settlement may be misconstrued to reflect misconduct on the part of a company, many companies insist on a confidentiality provision to keep the existence and terms of settlement confidential. Without a confidentiality provision in the settlement agreement, the SIIA generally is free issue to a press release or publish on its web site details of the terms of settlement and name of the company. It is beneficial to seek counsel from an attorney familiar with the SIIA process to provide proper guidance for the implications regarding a confidentiality provision.

Read more


Making SIIA Settlements Affordable With Payment Terms

Legal fees and expenses can quickly add up defending against a Software & Information Industry Association (“SIIA”) audit and potential software copyright infringement claims. The SIIA typically demands a penalty based on some multiple of the MSRP of each product alleged to have been infringed, in addition to the SIIA’s attorney’s fees and a sometimes requests an additional payment to keep the existence and terms of the settlement confidential. By the time settlement is reached, it may be difficult for a company to pay a large settlement fee related to the alleged copyright infringement.  

Read more


Locating Entitlements for SIIA Software Audit

Once the Software & Information Industry Association (“SIIA”) sends a letter to a company questioning the authenticity of software licensing status and demanding a self audit, it is very important to have proofs of purchase for the licenses in question. Unless a company is able to provide sufficient documentation proving all of the SIIA-member software installed was legally purchased, the SIIA will assume that the SIIA-member software installations are unlicensed and will demand that the company pay a penalty to resolve claims of alleged copyright infringement.

Read more


Seeking Help for an SIIA Audit

After receiving a request from the Software & Information Industry Association (“SIIA”), many companies choose to conduct an internal audit of software installed on their networks. There are multiple considerations regarding the strategy for conducting an audit, including, but not limited to, the nature of the company’s record-keeping, the size of the company, the size of the network, the type of software at issue, and the IT support.

Read more


Data Breach Insurance Coverage Lawsuit Highlights Necessity for Cyber Liability

In August of 2012, the Sixth Circuit ruled on a case that determined who is responsible for the costs associated with loss of data arising from a hacking incident in Retailer Ventures, Inc. v. Nat’l Union Fire Ins. Co., -- F.3d --, 2012 WL 3608432 (6th Cir. Aug. 23, 2012). In this matter, DSW Shoe Warehouse was targeted by computer hackers who successfully accessed their systems and harvested the credit card and checking account information for more than 1.4 million DSW customers. In its efforts to conduct thorough investigations into the incident and comply with the numerous state and federal data breach notification requirements, DSW incurred expenses of more than $5M.

Read more


Beware the Convenient “Intent” of Software Publishers

Most software license agreements used by major publishers like Microsoft and IBM are in many ways vague with respect to license restrictions and metrics. This leaves licensees in the position of having to interpret the agreements based on whatever guidance may be available from the publisher or, often, simply based on the licensees’ own experience and understanding. Unfortunately, that often lands companies in trouble in the context of an audit.

Read more


What is Really Driving the BSA’s “Record Period of Settlements”?

The Business Software Alliance recently issued a breathless press release touting what it characterizes as a “recent wave of high-value unlicensed software cases.” The release goes on to describe eight recent software-audit settlements ranging in amounts from $120,000 to $625,000, with some settling businesses identified by name and others identified only by industry (likely to avoid breaching confidentiality clauses in the corresponding settlement agreements). The implication of the release appears to be that the “significant uptick in high-value cases of unlicensed software” correlates to some increase in the actual incidence rate of “piracy.” 

Read more


Google Alters Search Rankings in Response to Pressure from Media Companies

In a blog post on August 10th, Google announced that it will add a new ranking parameter, or “signal,” to its ever evolving search ranking algorithm: the number of valid copyright removal notices it receives for a given site. Google says that websites with high numbers of “valid copyright removal notices” may result in a lower ranking within search results. Google specifically refers to copyright owners such as NPR, Hulu, and Spotify, when it claims that the new results should benefit legitimate media companies by raising their potential ranking in search results.

Read more


What is a “Hosting” Violation Really Worth?

Using third-party software as components of business solutions delivered to customers over the Internet can be risky. Almost all major software publishers include terms in their license agreements prohibitions or restricting the use of their products for “hosting services” or in connection with “hosted environments.” However, what is level of exposure associated with violating the anti-hosting terms in a software license.

Read more


All License Breaches May Not Constitute Copyright Infringement

At the conclusion of software audits where it appears that software products were installed and used without adequate licensing, many companies find themselves confronting two challenges. First, there is the fact that the software publisher likely is demanding that the company pay penalties or otherwise steep rates to obtain the previously un-purchased licenses, upon threat of license termination. In addition, however, in most cases the publisher also will bellow that its intellectual property rights have been violated and will threaten the company with copyright-infringement exposure. Both can be serious threats for most companies.

Read more


Beware of IBM's “Blue Washing”

Fans of Star Trek likely are familiar with the dreaded Borg – an alien race of cyborgs that survives and swells its ranks primarily by conquering other races and then absorbing them into the collective through brainwashing and physically altering them with Borg-y bionic body parts. Their creepy, trademark greeting to new races is always: “You will be assimilated.”  And so it goes with IBM software. Big Blue grows its business lines as an organization just as much (if not more) through acquiring other companies as it does through originating its own products internally.

Read more


Don’t Buy Software Twice—Ensure Licenses Come from Authorized Resellers

For many small to medium-sized businesses, software license procurement may involve little more than an Internet search for the lowest price. Budgeting constraints often demand it, and especially in the wake of costly software audits by organizations like the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA), companies may be bordering on desperate to find the best deal available. Unfortunately, that impulse can lead to trouble if the company ends up giving its money to a vendor that is not authorized to resell valid licenses.

Read more


Connecticut Amends Data Breach Notification Statute

On June 15, 2012, Connecticut amended the state’s security breach notification law. The amendment will go into effect on October 1, 2012, and requires businesses to notify the state Attorney General when notice of a security breach is provided to state residents—with such notice to affected residents to be provided “without unreasonable delay.” Connecticut follows Vermont as the second state this summer to amend its data breach statute to require notice to be given to the state’s Attorney General.

Read more


Be Wary of Audit Tools Promoted by Software Auditors

Most companies with more than a handful of computers in their IT environments rely on the results of network-inventory tools to gather the deployment data needed for accurate software audits. Without the tools, a business would be required to assign valuable resources to manually looking at the titles installed on each machine. Therefore, it should not be surprising when a vendor requesting an audit suggests or even requires the use of an automated tool to assist with the discovery process

Read more


OCR’S HIPAA Audit Protocol

On June 26th, the Office for Civil Rights (OCR),the federal agency that enforces the privacy and security regulations underHIPAA, published theprotocol it uses to conduct the audits required by the 2009 HITECH Act. Accordingto OCR, the protocol is designed to analyze the “processes, controls, andpolicies” of covered entities in an effort to measure compliance under theHIPAA mandate. OCR set out three different areas that will be analyzed underthis audit protocol: 1) privacy; 2) security; and 3) breach notification.

Read more


A Global Definition for Software “Hosting”

I previously have discussed what “commercial hosting” means when it comes to Microsoft software, but the universe of problems created by the “hosting” ambiguity obviously is bigger than just Microsoft. Almost all software publishers restrict or prohibit – to varying degrees – their customers’ ability to use the software products they license in connection with solutions delivered to end users over the Internet.

Read more


Five Key Provisions to Consider When Negotiating Software Licenses

The form and structure of software licenses and use agreements have changed substantially over the past ten years. From the advent of estate or enterprise-based licensing models to software-as-a-service (SaaS), licenses and agreements come in a variety of forms to address a wide range of circumstances. Although the terms and forms change for these agreements, the following key provisions remain more-or-less consistent across all types:

Read more


Technical Challenges Associated with “Hosting” Restrictions in License Agreements

Most software publishers put limits on (or under some circumstances simply prohibit) the use of their products in connection with solutions delivered over the Internet to third-party end users. The license terms imposing such restrictions often can be difficult to interpret (as discussed previously). However, even in cases where the controlling language is relatively clear, it can remain difficult for CIOs to determine how to accurately and correctly track "hosted" deployments and "non-hosted" deployments for licensing purposes. 

Read more


IT Procurement Negotiations – The Importance of Setting Expectations

Negotiation of product and services contracts should include more than just the business terms, but many times the "standard terms and conditions" or "boilerplate" is glossed over by the vendor and ignored by the procurement team. For IT-related products and services, it is the language in these "boilerplate" provisions that often control which party shoulders the principal risks associated with the transaction-particularly the data privacy and security, intellectual property infringement, and confidentiality risks-so negotiation of all of the language contained in the vendor's contracts is critical.  

Read more


Autodesk Audits: How to Effectively Scan Your Network and Prepare Accurate Results

Conducting a self-audit while facing potential copyright infringement claims from Autodesk or any other software publisher often is complicated and time-consuming. Nevertheless, it is critical to choose an appropriate method to ensure the audit results are accurate.

Read more


IBM’s Standard Audit Clause is a Time Bomb

It is standard practice for software vendors to include clauses in their license agreements giving the vendors the right to invoke audits or some other mechanisms to ensure that the licensed products are used in a way that is consistent with agreed licensing restrictions. Most software consumers would agree – perhaps grudgingly – that such provisions make sense. After all, a software vendor’s life blood is its products, and if it allows those products to be used without adequate licensing, it risks both financial loss and damage to the value of its intellectual property.

Read more


What If I Discover Unlicensed IBM Software on My Servers?

Software license compliance is a task that typicallyrequires constant vigilance. Despite a CIO’s best efforts, it is almost inevitablethat software will be deployed on a company’s computers at some point withouthaving the necessary licenses to permit such use. For most software, theresponse to such a discovery will be to simply remove any unlicensed, unneededproducts and to purchase licenses for whatever is left. However, with IBMsoftware, that solution may not resolve all liability associated with theunlicensed deployments. 

Read more


What Is “Commercial Hosting” When It Comes To Microsoft Software?

Many companies using Microsoft products to deliver services to their customers are familiar with the “commercial hosting” prohibition included in most Microsoft license agreements:You may not host the products for commercial hosting services.Most CIOs reading that prohibition also are familiar with the feeling of deep confusion that can arise when they notice that Microsoft has utterly failed to include any definitions or guidance in its license agreements regarding what “host” or “commercial hosting services” means.

Read more


Cyber Intelligence Sharing and Protection Act Bill Passes House

On April 26, 2012, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). According to the bill sponsors, CISPA is an essential update to the National Security Act of 1947 that adds provisions allowing for information about “cyber threats” to be shared between the government and private industry.

Read more


Varicent Customers Should Plan for Audits by IBM

In April 2012, IBM announced that it had reached an agreement to acquire Varicent Software, Inc., an Ontario-based publisher of analytics software for compensation and sales performance management. According to the announcement, Varicent’s customers include Starwood Hotels, Covidien, Dex One, Manpower, Hertz, Office Depot and Farmers.

Read more


Warning: Business Software Alliance Reorganization May Affect You

The Business Software Alliance announced in a press release late last week that they are reorganizing the organization into two operating units: one focused on increasing its focus on software anti-piracy and the other on global advocacy around key emerging issues for the technology industry including privacy and security and intellectual property protection.

Read more


Avoid Pitfalls When Deploying ILMT for IBM Software

IBM software is expensive. In some cases, very expensive. While this may represent a necessary cost of doing business for many companies with mission-critical software solutions developed on or using IBM applications, all IBM customers clearly are incentivized to maximize the value of their software expenditures with Big Blue.

Read more


Top Three Decisions for Microsoft Enrollment for Application Platform

An increasing number of enterprises are considering the value of Microsoft’s enterprise-level licensing models. The model with which companies are most familiar likely is the Enterprise Agreement (“EA”), under which a business licenses all of its desktops for Windows, Office and/or client access licenses, with the cost of those licenses being payable in three installments over the term of an EA enrollment (usually three years). During that term, the company can upgrade to the most current version of the licensed software and can deploy additional desktops without first purchasing licenses in advance, all subject to annual true-up orders.

Read more


White House Outlines Consumer Privacy Bill of Rights

In late February 2012, the White House outlined a consumer data privacy framework that includes a “Consumer Privacy Bill of Rights” in a report entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” In it, the administration sets out a plan for a four-element approach to protection of consumer privacy: 1) enumerate the consumer privacy rights; 2) encourage industry developed of codes of conduct; 3) strengthen FTC enforcement power; and 4) ensure interoperability with international privacy rules and regulations.

Read more


Software-Audit Compliance Demands Often Include “Fuzzy Math”

In defending against software audits initiated by publishers such as Microsoft or IBM, many businesses make the mistake of assuming that those publishers or their designated auditors know what they are talking about when it comes to determining what licenses need to be purchased in order to achieve compliance. After all, the companies that wrote the license rules certainly know how and intend to apply them fairly, right?

Read more


Software-Audit Compliance Demands Often Include “Fuzzy Math”

In defending against software audits initiated by publishers such as Microsoft or IBM, many businesses make the mistake of assuming that those publishers or their designated auditors know what they are talking about when it comes to determining what licenses need to be purchased in order to achieve compliance. After all, the companies that wrote the license rules certainly know how and intend to apply them fairly, right?

Read more


New IBM Passport Advantage Agreement Drastically Changes Support Requirements

One of the major changes in the latest version of IBM’s Passport Advantage Agreement is the requirement that customers maintain subscription and support (S&S) on either all of the licenses that are installed and in service or none of the licenses. Customers can no longer maintain subscription and support on only some of the licenses in use.

Read more


Effective Audit-Response Policies Can Be Vital in Responding to Software Audits

Businesses often have close relationshipswith software vendors, and that close-ness usually is in direct proportion tothe extent and importance of those vendors’ software products in thebusinesses’ network environments. However, despite their best marketingefforts, software vendors’ interests always will remain aligned primarily withtheir own bottom line, and that often means that information shared with themcan and will be used against licensees in future transactions or, worse, in thecontext of an audit.

Read more


Big Changes for Microsoft System Center Licensing

Business software buyers increasingly are aware of the significant changes that Microsoft will be implementing to the license metrics for SQL Server when version 2012 of the popular database solution is released this April. However, of potentially equal or even greater significance for some companies is the fact that Microsoft also is planning big changes for the license rules applicable to System Center when version 2012 of the network-management line of products is released, likely in April alongside SQL Server.

Read more


Judge Allows Sales of “Used” MP3 Files to Continue

On February 6, 2012, a judge for the U.S. District Court for the Southern District of New York ruled that ReDigi – an upstart, online marketplace for “used” MP3 files – can continue operating pending the outcome of copyright-infringement litigation initiated by Capitol Records. ReDigi went live in October 2011 with a business model that uses proprietary technology to verify, transfer and delete instances of digital music content from a user’s computer for inclusion in an online library of MP3 files available for download by others.

Read more


Windows Server Licensing Under SPLA

Licensing under Microsoft’s Service Provider License Agreement (SPLA) often is not a simple process. There are monthly true-ups to process, user management policies to follow, and the specter of increasingly frequent audits looming large. To complicate things further, licensing rules for Microsoft server products vary significantly. Some products, such as Exchange, can only be licensed on a per user basis, while other products give the partner the choice of whether to license using a per-user or per-processor modelWindows Server Licensing Under SPLA

Read more


Top Five Important Provisions In Technology Vendor Agreements

Although technology spending has made up a significant chunk of company’s yearly budgets for some time, many organizations have been slow to develop the expertise necessary to review and negotiate the associated technology agreements—and I’m talking about both the customers and the vendors. Many of these agreements appear to be based on outdated templates that were customized by someone with an incomplete understanding of the unique risks associated with the technology, the industry trends with respect to specific provisions, or the law.

Read more


BSA Secures Half-Million Dollar Settlement with Texas Software Firm

The Business Software Alliance (BSA) announced on February 6, 2012 that it has signed a settlement with PCS-CTS, a Houston-based company providing supply-chain software solutions. Under the settlement, PCS-CTS agreed to pay the BSA a total settlement of $500,000.00 to settle claims that the company had unlicensed copies of Adobe, Filemaker, Microsoft, and Symantec software installed on its computers. The BSA’s announcement indicates that the amount of the settlement is the largest ever reached with a Texas-based business.

Read more


Copyrighting Web-Based Software Applications

There are a number of ways to protect the intellectual property in software, but by far, the most commonly used method for protecting software IP is to register the software code as a literary work with the Copyright Office. The process is generally pretty straightforward: gather the code, print it to PDF, and send it off to the copyright office with a note that you would like to register the code as a literary work. While there are some specific instructions regarding the deposit and how to protect any portions of the code that may be trade secrets (hint, stock up on markers), the process typically is not much more complicated than that.

Read more


Courts May Refuse to Compel the BSA and SIIA to Identify Their Informants

On January 12, 2012, the D.C. Court of Appeals held that the Software & Information Industry Association (SIIA) would not be required to disclose the name of one of its confidential informants in a civil case for defamation. Solers, Inc. had filed its lawsuit against a John Doe defendant for defamation after it resolved a software-audit investigation initiated by the SIIA. The SIIA had alleged, based on information that it previously had received from the anonymous defendant, that Solers was using a number of copies of SIIA-member software products in excess of the number of licenses it had purchased for that software. Solers had attempted to force the SIIA to disclose the name of its informant in order to proceed with the defamation action.

Read more


Getting More Value from the Microsoft Enterprise Agreement - Top Five Amendments to Consider

The “off-the-shelf” Microsoft Enterprise Agreement provides considerable flexibility for both Microsoft and its customers to construct a deal that is a good fit for both parties. That being said, there are some fundamental limitations at the core of the agreement that may prevent the customer from extracting maximum value from the EA. Below is a list of five important revisions to make to the contractual language in the EA in order to unlock the potential value stored within its pages.

Read more


Tips to Improve the Enforceability of Click-Wrap License Agreements

A very significant portion of Internet commerce today depends on the use and enforceability of “click-wrap” license and service agreements – legal terms that typically are presented to a customer during the service-ordering or software-installation process and that usually do not allow for any negotiation or modifications by the customer. Click-wrap agreements represent the evolution of “shrink-wrap” agreements, which for many years have been attached to the packaging of software products purchased in stores. As with shrink-wrap terms, the use of click-wrap agreements is not surprising, given the fact that most consumers of software or other products and services delivered over the Internet do not want or expect to sign more traditional contracts in order to use those products and services.

Read more


Compliance Documentation After BSA and SIIA Settlements – Three Top Tips

In a previous post, I introduced the concept of post-settlement compliance following the settlement of audits initiated by the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA). As noted before, the first step to completing the compliance review process is setting a baseline to determine what software is installed compared to what licenses are owned by the business.

Read more


Software Compliance After BSA and SIIA Settlements

Your business has just finished spending the last year of its corporate life responding to a software audit demanded by the Business Software Alliance (BSA) or the Software &Information Industry Association (SIIA). It has devoted substantial time and internal resources in an effort to gather an accurate inventory of software installations, together with all available documentation of license purchases. It also has incurred legal fees in order to obtain counsel regarding the audit process and to protect its rights during settlement negotiations. Management understandably is ready to move on.

Read more


Microsoft Enterprise Agreements - The Fine Print

Any Microsoft Enterprise Agreement (EA) negotiation should involve not only the organization’s IT budgeting, compliance, and forecasting groups, but also in-house or outside counsel for analysis of the legal and business risks that are not necessarily front-and-center during the negotiation process. A significant obstacle in the way of fully understanding the applicable rights and obligations under the EA is knowing which agreements apply, and in which order. Many times, decision makers review only a portion of the agreements during an EA negotiation and do not appreciate how the entire document set integrates to establish the parties’ respective rights and obligations.

Read more


Your Adobe Software May Be Phoning Home Without Your Knowledge

Increasingly, software publishers are looking for new tools and processes to assist them in their license-enforcement programs. While such efforts are understandable to a degree, they sometimes can include methods that are somewhat dubious at least from a customer-relations perspective, if not from a legal perspective. One provision from Adobe’s most recent end-user license terms provides a good example. (The full EULA is available here

Read more