Practically no one reads software licensing agreements, but the terms they set allow software companies to access your computer network for an audit. And when they decide they want an audit, software companies may attempt to gather information without executive management knowing.
“They will send the audit request in an email because a formal letter has a greater chance of going up the chain to management. The email will say the audit right is in the contract and to run the attached script on your computer system,” says Jason H. Beehler, an associate with Kegler, Brown, Hill & Ritter.
“That script was created to find as much usage as possible. It will look for any occurrence of the software’s name, even if it has no correlation to the installation of the software. The company, usually without thinking, will go ahead and run it and it comes back with an unbelievable number. All of a sudden the software company is asking for $100,000 or $500,000 or more, depending on how extensive they allege the overuse is,” says Beehler.
Smart Business spoke with Beehler about procedures companies should follow to manage software licenses and what to do if a software company requests an audit.
How should companies respond to an audit request?
Treat it like an audit request from the IRS. Whoever receives the request should notify someone on the executive side — CEO, CFO, CIO — and the executive should contact in-house or outside counsel to review the licensing agreement and understand the company’s rights. What is the script designed to look for? Is the license agreement valid and enforceable?
You also want to make sure that, before any audit request comes in, the person who manages software purchases is proactively tracking software licenses and usage. A person may have moved on to another job or department and the copy still exists, although no one is using it. Simply removing software from computers prior to the audit can legitimately decrease your exposure by reducing the number of users.
Often employees have software programs they don’t use. From an IT perspective, it’s easier to create a master template for a desktop software suite that is loaded on computers. You may have what registers as 100 users of the software, but the number of people actually using it is 15.
What if the script has been run?
If you get a letter that says you owe $200,000, contact your counsel, and then together you can call the software company’s general counsel and see if you can negotiate. It could be that $60,000 of that total is interest and, of the remaining $140,000, maybe half corresponds to the actual number of unpurchased licenses in use. If there’s legitimate overuse, you can structure a settlement and offer to pay over a period of some months or years.
If you can’t reach a settlement, consider filing suit before the software company files, so you can choose the court. It’s much better to fight on your turf and your terms. When you file, the software company may very well countersue for copyright infringement and breach of contract. But at least you will define the case on your terms, and you may not have to litigate in the software company’s backyard.
Are more software audits being conducted?
Yes. It could be a function of a difficult economy, either because the software companies are feeling the pinch or because they suspect that users may be engaging in unauthorized copying in order to save money. The prevalence of downloaded software presents an opportunity for software companies if they suspect people aren’t tracking their licenses well.
IT experts say software companies could put controls in place to prevent unauthorized copying. That’s what makes these claims interesting, and that issue should be explored if it comes to litigation. The argument that the software company had an opportunity to prevent copying and now seeks damages for activity it could have stopped could be a significant issue at trial.
Jason H. Beehler is an associate at Kegler, Brown, Hill & Ritter. Reach him at (614) 462-5452 or firstname.lastname@example.org.
For more information on Kegler, Brown, Hill & Ritter, please visit www.keglerbrown.com.
Insights Legal Affairs is brought to you by Kegler, Brown, Hill & Ritter
You don’t have to be pirating software to get in trouble during a compliance audit.
“Where companies get ensnared is in the deployment phase. It’s not that they are trying to get away without paying, they get caught up in the terms of conditions found in the fine print of licensing agreements,” says Heather Barnes, an intellectual property attorney with Brouse McDowell.
Smart Business spoke with Barnes about what businesses can do to make the software audit process go smoothly.
What prompts an audit?
Software companies include the right to request audits as part of the terms and conditions of the software license agreement. The fine print contains the right for the software company to audit your computers and systems. Sometimes audits are performed because that organization received a tip from a discharged employee. There also are companies that conduct audits as a regular course of business, either itself or through a third party, such as The Software Alliance. Because of the economy, software revenues have decreased, so software owners are replacing lost revenue by ramping up enforcement with compliance audits.
Once you’re notified about an audit, what should you do?
If you are an organization with in-house counsel, contact them immediately. Smaller companies should retain outside counsel, because attorneys can make a big difference in the final outcome.
The first thing an attorney will do is assist with the parameters for the audit — how and when it will occur, as well as the scope. If there is a noncompliance issue, legal counsel can draft a settlement agreement; they may even negotiate the settlement to a more reasonable number. Even if there are no compliance issues, you still want a document drafted that acknowledges how the audit was conducted and what was found, as well as a release of any claims the software company could have brought.
What problems can occur if you proceed without legal counsel?
Much is dependent on the particular company, but the audited company wants to prevent the software owner from having free reign of its systems, and that is a role legal counsel can help control. For example, legal counsel can assist in defining the scope of the audit by determining which computers are included in the audit. Do you include every computer? Just computers in use? What about the computers that are older and sitting in a warehouse? A software company could attempt to include any computer you own, even those that are obsolete and unused.
Another potential issue is how the audit concludes. You might come to an agreement at the conclusion of the audit and think a settlement is in place. Without legal counsel involved, a company could find itself with no settlement agreement or other document detailing what occurred and the responsibilities of each side going forward.
What are typical noncompliance issues and how much do they cost to fix?
Terms and conditions of the software license agreement vary by company. Many companies allow you to use older versions of software when you obtain a license for their latest product, but some do not. However, many people think that it’s an industry standard that you can deploy older versions.
Another problem is maintenance of business records proving owned licenses for software. You need to have documentation and keep those records current and accessible. That can be complicated when the software was purchased from multiple third-party vendors and for software that is old. Companies should conduct internal audits to ensure they are in compliance with what their records reflect, which could help mitigate exposure when an audit occurs.
Normally, if you are out of compliance, you’ll be charged the licensing fee you should have paid. If it is $200, $300 or $500 per license, multiply that by the number of computers out of compliance and it can get expensive quickly.
Further, if you’re found to be noncompliant, develop internal procedures to ensure compliance in the future. If you are audited once and are found to have compliance issues, it is just a matter of time before the software owner is back to check again.
Heather Barnes is an intellectual property attorney at Brouse McDowell. Reach her at (330) 535-5711 or email@example.com. Learn more about Heather Barnes.
Insights Legal Affairs is brought to you by Brouse McDowell