Managing Software License Disputes: Cooperation or Litigation
What to consider when developing your risk-mitigation strategies
by Robert J. Scott and Julie Machal-Fulks
Software publishers -- and the trade groups that represent them -- are increasingly targeting clients alleging violations of software licenses and copyright laws. At the same time, new licensing models and hardware platforms, such as software as a service, virtualization, and multi-core processors, increase the complexity of licensing rules frequently interpreted liberally for the benefit of the software industry and to the detriment of end-users. Most CIO's know that managing software license compliance risks should be a priority, but it's not easy to accomplish.
From a contract law perspective, software licenses frequently contain ambiguities regarding licensing terms. The legal test for whether a contract is ambiguous is whether reasonable minds could differ about the meaning of a particular provision. For example, one of our clients was involved in a multi-million dollar dispute that hinged on the definition of the words "account" and "resides in the system." The software was a CRM solution that managed customer accounts, licensed on a per-account basis, and based on the total concurrent number of users in the system. The case was settled.
Most software license disputes involve one of two issues: accounting (the number of people using the software) and entitlement (the number of licenses you own). Also, it's important to keep in mind how your licenses are structured: Are they on a per-seat, per-device, or per-user basis?
I advise my clients to make sure that contract language is frequently reviewed and publishers are pressured to make changes necessary to reduce compliance costs and the probability of future license disputes. If a company is already involved in a dispute, the CIO should pressure the vendor to make changes to the license to accommodate the company's needs, along these lines: I'm willing to resolve this dispute but I need one global, enterprise-wide license, in one document, that covers all the functionality I need now and may need in the future.
The software industry dictates what standards are acceptable in a software compliance audit, often contrary to what the legal profession might find acceptable in a lawsuit. A valid license, an expense report, a credit card statement, or a copy of a check paid to a software reseller are all insufficient to establish valid proof of ownership, according to the Business Software Alliance and the Software & Information Industry Association. An auditing entity will require that the audited company produce dated proofs of purchase for every software product to demonstrate ownership.
The increasingly mobile workforce can represent significant corporate exposure if there's no way to accurately inventory the software installed on the computers located outside the office. Because software licenses often extend to every laptop belonging to an organization, we recommend that our clients consider having their employees own their own laptops. If companies don't want to do that, they should incorporate access and installation controls in all their laptops, and implement technology that routinely inventories them, such as an agent that checks a laptop every time it connects to the network.
Other challenges to completing an accurate audit include lack of executive sponsorship and mature recordkeeping processes. Many companies simply don't keep records -- they let employees go to Best Buy and purchase a copy of Microsoft's Office suite, then get reimbursed for the software through expense reports. One-off and non-central purchases are a huge area of vulnerability for companies. An accurate and cost-effective way of retaining and retrieving software records is necessary to mitigate the expense and potential exposure of an audit.
Large organizations with a number of affiliates often have difficulty determining which entities to include in the scope of their enterprise software agreements -- and which to exclude. Companies with enterprise licenses can find themselves out of compliance when their affiliates are specifically included in the enterprise agreements but purchase their own individual licenses and don't participate in the periodic license assessments required by the enterprise agreements. It's critical for an enterprise to communicate with its affiliates to determine which are willing to adhere to the requirements of an enterprise license.
Another challenge for large enterprises is how and when to purchase additional licenses after an enterprise license becomes effective. Many companies, for example, negotiate bundles in their enterprise license agreements that include operating systems and applications. The companies, or their affiliates, then purchase the same software when they purchase new computers, possibly as part of an OEM agreement with the hardware vendor. Unfortunately, Microsoft then says, "You have to pay me for every enrolled desktop in all of your affiliates, notwithstanding the fact that you purchased OEM from Dell." The salient question: What counts as an eligible desktop in terms of triggering your license?
Here are some issues related to recent technology developments affecting software licensing agreements:
- Virtualization: It's an accounting issue and an inventory challenge. How do you account for multiple virtual instances on a machine covered under a single server-based license or rapidly proliferating virtual servers? Note: Microsoft has announced new licensing rules related to virtual servers.
- Software as a service: Typically involves seat-based licenses and periodic payments, sometimes including monthly counting. There's no perpetual license grant, so if you discontinue the service you lose the ability to access the license.
- Open source software: Not a license issue so much as a copyright issue -- be careful using open source software in proprietary software products. However, I don't necessarily advise my clients to shy away from Linux if Microsoft brings an IP case against them.
- The Oracle Effect: Vendors will take advantage of acquisitions to institute software audits. Make sure the acquiring vendor sticks to service and support levels negotiated in the original license. To mitigate the risk of your critical infrastructure software being held hostage by an acquiring vendor, negotiate an escrow clause for the source code with the initial vendor so that the code passes out of escrow to you, the end user, in the event of a takeover by another company.
Across the board, license disputes are on the rise. There are a number of trade associations and software publishers spending substantial resources marketing to disgruntled employees to encourage them to provide information regarding potential copyright infringement. For instance, this summer, the Business Software Alliance temporarily increased the potential reward for qualified piracy leads from $250,000 to $1 million.
The BSA's current tactics seem indicative of a particular mindset in the software industry, as more publishers target their customers, requesting incriminating information to resolve potential licensing disputes.
Although many software publishers genuinely want to assist their clients and provide valuable services, others use the audit rights located in software license agreements as a hammer to intimidate their customers into paying significant licensing and audit-related fees. If the customer declines the invitation to participate in the process, the publisher escalates the issue to its legal department. When the customer provides installation information to the publisher, the publisher often demands licensing fees, past maintenance and support, and sometimes penalties, fines, or attorneys' fees.
Those are the cold, hard facts. When it comes to software license "nightmares," there are the CIO's who have already learned their lessons and those who will.
- - -
Robert J. Scott is a managing partner, and Julie Machal-Fulks is a partner, at Scott & Scott LLP.