11 Secrets to Defending BSA | The Software Alliance Audits
Don’t be in the dark on how to prepare and respond to software audits.
An increasing number of companies face software audits initiated by software publishers and their trade associations, such as BSA | The Software Alliance and the Software & Information Industry Association.
Most companies are totally unprepared; many underestimate their exposure and are unpleasantly surprised by the auditing entities’ analysis. As a result, they wind up paying substantial fines and suffer negative publicity.
Properly preparing for and responding to software audits can reduce the financial and organizational impact on your business. Through years of helping more than 250 clients navigate the audit process, we have found the following software audit strategies to produce the best outcomes.
1. Do Not Ignore a Software Audit Notice
Failing to respond to a letter from the BSA, SIIA, or software publisher, will likely make your problems worse and could include litigation against you and your company. The date at the top of your letter from the BSA | The Software Alliance is a very important date. This date which is known as the audit effective date is critical because it is the only date that matters for purposes of comparing your software deployments on that date to the purchases you made prior to that date.
2. Consult Experienced Legal Counsel
The publishers and their trade associations have experienced software piracy attorneys, and so should you. When considering an attorney to defend your company in a BSA | The Software Alliance audit, experience and track record are two important keys to consider. If you are looking for an attorney to represent your company in a BSA | The Software Alliance software audit consider this post in how to find the best lawyer for your BSA audit case.
2. Preserve Evidence
Do not uninstall or change computer configurations until an accurate inventory of computers has been gathered. Look at your BSA | The Software Alliance audit notice and you will see that they make it very clear that they consider uninstalling software or purchasing software in response to the audit notice to be unacceptable. Legally, the notice regarding preserving evidence is called a spoliation notice. If BSA audit cases cannot be settled out for court, the issue of evidence preservation is likely to be an issue in the court case. Targets of BSA | The Software Alliance audits need experienced counsel to guide through the balancing act of preserving evidence and making sure that IT business initiatives can proceed. The key is to proceed with IT projects without jeopardizing your defense.
4. Do Not Use Free Tools Provided By Software Associations
Network discovery tools are a necessary part of an internal investigation related to BSA | The Software Alliance cases. While these tools can be very helpful, the raw data they produce is some time inaccurate and may damages to your legal position in a BSA audit case. More often than not, they fail to exclude information outside the scope of the audit request. It is important to carefully interpret the discovery tool data comparing it not only to the entitlement records that the BSA will accept as proofs as well as applying sometimes complex licensing rules including those affording downgrade rights as well as the right to deploy on multiple devises for a single license. The licensing rule frequently require an understanding of the precise use case which discovery tools are completely incapable of evaluating. Consider your discovery data a starting point for an analysis not the final work-product.
5. Avoid Knee-Jerk Purchases
A natural but counterproductive response to a software piracy audit is to run out and purchase software. Avoid making purchases until a complete inventory and case assessment has been completed. In most cases, it’s a waste of money to purchase software in response to a software audit. In the case of a BSA | The Software Alliance audit, targets have the right to buy or uninstall at the end of the case. I advise my clients to only buy software for new deployments during the pendency of the BSA audit and then make a buy or uninstall decision at the end of the case in connection with a negotiated settlement and a release of claims.
6. Maintain Confidentiality
Client prepared audit materials and related documentation may be discoverable in a lawsuit. An attorney-supervised audit report is protected by attorney-client and attorney work-product privileges. In addition, if you use an outside vendor for IT services it is important to insure that vendor has an NDA in place before any BSA audit case related information is shared with the vendor.
7. Condition Audit Disclosure
Software piracy audit materials should only by disclosed after an appropriate agreement regarding confidentiality and non-use of the information has been signed by the software piracy enforcement agency. These agreements are usually entered into after the case has been pending a couple of months and the BSA audit target has compiled the audit materials. These agreements sometimes referred to as 408 agreements should be secured in all cases. The BSA | The Software Alliance is generally cooperative in agreeing to interim confidentiality or 408 agreements in BSA audit cases.
8. Estimate Software Piracy Fine
Always review the draft audit materials with your attorney before they are produced to make sure everyone is clear on the potential financial exposure involved. You can use Scott & Scott, LLP’s software piracy fine calculators at BSA Fine Calculator. I have seen many targets of BSA | The Software Alliance audits get surprised by huge financial demands because they lacked the experience to estimate the financial exposure in a case before the audit materials were presented to the BSA. In my experience, nothing can anger a client more than an unpleasant surprise regarding the financial exposure in a BSA audit case. For that reason, we calculate the client’s financial exposure in every case before audit materials are presented to the BSA.
9. Argue Software Piracy Legal Issues
There are many legal issues involved in software piracy audits including what constitutes infringement, who has the burden of proof, how damages should be calculated, what constitutes proof of ownership and many others. These legal points should be vigorously argued in an effort to reduce software piracy settlement demands. Perhaps the most controversial issue is how damages are calculated when a shortfall of licenses is revealed in a BSA | The Software Alliance audit. The BSA’s approach of calculating three times the unbundled MSRP value of the software has no basis in the law. Copyright owners may choose between actual damages and statutory damages. Neither of these damages models, support the multiple or MSRP approach used by the BSA | The Software Alliance. Scott & Scott, LLP has litigated the issue of the proper measure of damages in software cases and has specifically argued that the BSA’s approach to un-bundling of software suites such as Microsoft Office and Adobe Creative Suite is contrary to section 504 of the Copyright Act.
10. Negotiate Non-Monetary Terms
Software piracy audit settlement agreements are incredibly one-sided and unfair to the targets. Carefully consider important issues like future audit obligations, confidentiality of these settlement terms, the nature and scope of the release being offering. The most important non-monetary provisions to negotiate are future inspections and confidentiality provisions that prohibit the BSA | The Software Alliance from issuing a press release naming your company as a target in a software piracy audit.
11. Focus On Your Business.
Continue to stay focused on running your business and taking care of your customers. Find an experienced attorney that can quarterback you and your organization through the audit practice do you don’t lose sleep over what might happen and you can stay focused on doing what you do best. Running your business.
We have discovered the above suggestions during the more than a decade of handling software audit matters. They can help you be better prepared to defend a BSA software audit.