The Software Police Take a Hard Line

With unauthorized copying running rampant, the software industry pursues targets of
all types with the civil liability provisions of the Copyright Act

By: Jim Sicilian and Stefan Underhill

Have you downloaded any good software from the Internet recently? Maybe stretched
that 20-user spreadsheet software license to include a few extra new employees who
really needed to use it? Taken home a couple of disks so you could finish up that
report after the kids went to bed? Been using some programs that came with only
photocopied documentation? Watch out for the software police. These infractions
could cost a lot more than a speeding ticket would.

Yes, the software police really are out there, patrolling the information
superhighway. The software police are better known as the Software & Information
Industry Association, or SIIA and the Business Software Alliance, or BSA, industry
groups that seek to reduce software piracy through education and enforcement
activities.

ADDING UP VIOLATIONS
Unauthorized copying of computer software programs may seem insignificant on an
individual or even a company-wide basis, yet the SIIA estimates that it costs the
U.S. software industry more than $8 billion each year worldwide, despite the
seemingly effective efforts of software makers to increase both awareness of the
problem and compliance with applicable law and license agreements. The BSA has
estimated far greater losses.

In this country, the publishers' association estimates, one of every four pieces of
software in use was unlawfully obtained. In anonymous user polls, more than 90
percent of users admit illegally copying or using software at some time, and more
than 50 percent report that they are currently using undocumented programs.

And while the United States, as the largest software market in the world, is
estimated to generate the greatest losses, its compliance rate is far higher than
that of many other countries. For example, the SIIA reports that the piracy rate in
Russia and China exceeds 95 percent.

With the software industry continuing to grow at an explosive rate the SIIA and the
BSA have a strong financial incentive to continue to turn up the heat on software
pirates.

LICENSE AND REGISTRATION

Virtually all of the billions of dollars of software purchased annually is

licensed, not sold outright. When you "buy" your copy of a spreadsheet or word-
processing program, for example, there is a "shrink wrap" or "box top" license that
precludes you from enjoying all of the benefits of ownership. There is much variety
among the small print of such licenses, but invariably they contain restrictions on
copying or transferring the software. Some licenses provide that the license is
canceled if you make an unauthorized copy or sell the software to another user.
Others permit resale of the software, but only if you do not retain any copies, and
only if the purchaser agrees to the terms of the license.

The most obvious differences among licenses relate to the number of people who can
use the software. Individual licenses permit only a single user. Suite licenses
allow a defined number of users. Concurrent-use agreements limit the number of
users at any one time, and the programs are often self-enforcing, restricting
access if the maximum number of users has already logged on. Site licenses or firm
licenses typically allow an unlimited number of users at a single company or
company location. These alternative licensing arrangements allow companies to
negotiate agreements that reflect actual usage of different software programs by
their employees. That's important. Using the software in ways not permitted by the
license will constitute both breach of the licensing contract and violation of the
copyright laws. The possible penalties are severe: They include liability for
actual damages plus the infringer's profits, or statutory damages of up to $100,000
for each illegal copy.

While the Copyright Act was designed to combat organized distributors of pirated
software, its terms are far broader and might arguably apply, for example, to a
corporate officer who encourages company employees to make and use multiple copies
of word-processing or spreadsheet software. Even if the criminal provision is more
narrowly interpreted, corporate officers who condone software duplication may be
within the reach of the Copyright Act's civil liability provisions. (See Southern
Bell Tel. and Tel. Co. v. Associated Tel. Directory Publishers, 756 F.2d 801, 811.
This 1985 opinion by the Eleventh Circuit U.S Court of Appeals holds that in the
civil context, an individual, "including a corporate officer, who has the ability
to supervise infringing activity and has a financial interest in that activity, or
who personally participates in that activity, is personally liable for the
infringement . . . even if [the individual] was ignorant of the infringement.")

NO PASSING

The "rules of the road" laid down in software licensing agreements are often
violated in innocuous, seemingly innocent ways. Nevertheless, the industry labels
any unauthorized use or copying of software "softlifting," and treats it seriously.
The simplest and probably most widespread form of software piracy involves
installing licensed software on additional computer terminals. Employees might copy
programs so that they can finish work at home or even on another terminal at the
office. A manager and a secretary might "share" a program so that both can work to
prepare the same document. An employee work group might pass around disks so that
everyone can use the same software.

Indeed, even a company that tries to do the right thing can become a pirate if it
fails to keep track of its software use. It is common, for example, for companies
to purchase multi-user licenses covering all of the employees in place at the time
the license is obtained, but to forget, as the business and number of users grows,
to add additional licenses. The Copyright Act permits licensees to copy software
onto a single computer and to make "another copy for archival purposes only," i.e.,
a backup copy. Beyond this, one may make extra copies of software or allow multiple
users access to it only if the license for the software permits. If it doesn't, the
publisher has been deprived of revenues that would have been generated by sales of
additional copies of the software or by licensing fees paid for use by a broader
group of employees. Not surprisingly, a 50-user word-processing license will cost
more than a 20-user license.The threat of anti-piracy enforcement does not exist
for huge companies alone. Publishers, and the software police representing them,
have gone after businesses with as few as five personal computers in use.

Since it started its anti-piracy campaign in 1988, the SIIA has been extremely
active. Its piracy reporting portal -- a well-promoted website set up to generate
tips of violations -- receives many submissions per day. The group asserts that,
since its inception, it has recovered almost millions of dollars in settlements.
The SIIA targets entities of all types, including corporate software users,
computer dealers, training schools, computer bulletin boards and even educational
institutions.

The BSA has had similar success, but with a more international flavor. It has, for
example, been involved in raids of European software users, including a 1991 search
of four United Kingdom companies that uncovered 670 pirated software programs in
use. The BSA has also been active domestically, as evidenced by the recent
announcement of its $325,000 settlement with a firm of consulting engineers in
suburban Chicago. The BSA reports that it has collected more than $4 million in
settlements this year. Both organizations plow settlement revenues back into their
piracy investigation and enforcement activities.

MEANS OF ENFORCEMENT

One of the software police's most fertile sources of leads is employees of the
targeted companies. There have been more than a few reports of particularly unhappy
workers actually sabotaging the employers' computer systems by loading extra copies
of unlicensed software on the systems themselves before they blow the whistle. In
most cases, the SIIA and BSA will start with a cease-and-desist letter, which will
often seek the targeted company's cooperation in a voluntary system audit.

The SIIA's own auditing software can be obtained free of charge both by
conventional mail and by downloading from the SIIA's Internet Web page at
http://www.spa.orgFor "routine" cases, the organizations will often permit a target
company to audit itself; in more serious cases, the software police will insist on
doing their own audit as an alternative to litigation. In either case, they will
compare the software found on the company's computers with company purchase records
to identify the type and quantity of unlicensed applications. At least in the case
of SIIA proceedings, the audited company typically agrees in advance to pay the
retail price of the unauthorized applications identified, to destroy the illegal
copies and to purchase new copies of all software needed to bring the company into
compliance. The net result is that the offending company pays roughly double the
normal price of the software it needs.

Although the BSA is somewhat more secretive about its settlement philosophy, it
appears to follow a similar approach. When dealing with either group, a target
company will be in a more favorable bargaining position if it can show that it has
a sound compliance program in place. When the SIIA and BSA feel that litigation is
required, they will often begin by seeking an ex parte temporary restraining order
empowering their representatives, accompanied by U.S. marshals, to "raid" the
defendant company by entering unannounced and conducting a surprise audit of the
computer systems. Once the SIIA or BSA has arrived, there is little for a company
to do but cooperate. There are few if any effective defenses to typical pirating
claims so long as they are factually accurate. Failure to cooperate with a cease-
and-desist letter or audit request will inevitably lead to a suit.

Although a company might be tempted immediately to purge its system of offending

applications in response to a cease-and-desist or audit letter, and in the process
destroy the evidence of violations, doing so will only compound the problem.
Skilled computer technicians can recreate the contents of telling computer
directories with relative ease. Beyond that, a company should keep in mind that the
software police are frequently alerted to the problem by insider tips, and the
tipper may still be there to observe - and later describe in glorious detail for a
federal judge - the company's willful destruction of evidence.

Jim Sicilian and Stefan Underhill are trial lawyers and members of the intellectual
property practice group at Day, Berry & Howard in Hartford and Stamford, Conn.