How vendors handle mis-licensed software
Software publishers (software vendors) have several methods of handling mis-licensed software. Some publishers take the view that anyone using their software is a positive thing even if they have not properly licensed it or even if they have not paid for it. This usually only applies to smaller publishers who are striving for market share, publishers of Open-Source software where the commercial imperative is not important and hobbyists. However, the vast majority of software publishers are commercial companies who are in business to earn money for their products.
Software is a type of intellectual property - “IP”. Mis-use of licensing is essentially a form of IP abuse or theft in the eyes of the law, and is morally wrong. It is similar to any other form of IP theft such as trademark infringement, copying copyright material such as publications, selling bootleg copies of films etc. It reduces the revenue a publisher is entitled to receive and damages their business.
Software publishers put a great deal of effort into minimising loss from IP theft in general, whether this be due to counterfeiting, deliberate mis-licensing or accidental mis-licensing. Counterfeiting has been with us for millennia where just about anything of value has been copied and fraudulently mis-sold or mis-used. Isaac Newton, for example, spent his later life avidly pursuing counterfeiters when he was appointed as Warden of the Royal Mint and later became Master of the Mint. Apparently he became the terror of London counterfeiters, sending many to the gallows. Luckily the gallows are no more in modern times but law enforcement agencies and manufacturers of all manner of goods (including software) must still invest a lot of effort to identify and shut down counterfeit channels, bring prosecutions where appropriate and publicise the issues.
Mis-licensing is a little more straightforward to deal with than counterfeit goods. Software is not generally mis-licensed through deliberate avoidance but due to lack of or poor software controls, and/or poor understanding of the specific licensing rules. Generally when you install or buy software you are bound by the licensing terms and conditions in your contract or End User Licensing Agreement (“EULA”). These terms usually include a clause placing an onus on an organisation to keep track of software installations and to supply an inventory to the software publisher upon request. Some publishers reserve their rights to demand a detailed audit or to send in their representatives to review your IT estate. Whilst this may seem onerous, the fact is that mis-licensing costs software publishers many billions of dollars in lost revenue every year.
Software publishers most commonly audit organisations already known to be using their software. These audits may be triggered in one of several ways as indicated below, but mostly the first couple of points mentioned.
There are many different approaches taken by software publishers to review an organization’s software and deal with mis-licensing. This is the general approach taken:-
You will be contacted by the software publisher or their appointed representative. Representatives include services firms that specialize in Software Asset Management, software resellers, the mainstream audit firms, IP protection bodies, and lawyers acting on behalf of the software publisher. This may be by phone, letter or email. Don’t ignore these.
You will be asked to supply an accurate and up-to-date declaration of the software that you have installed across your IT estate. This should encompass your whole organization including all affiliates (as requested). You may be asked to gather this inventory by installing network scanning tools, particularly if you do not already use these tools. You may need to obtain assistance from a 3rd party to do so, or you may be asked to work with the publisher’s representative who contacted you to do this.
You may also be asked to provide proof of license which can include Contract/Agreement Numbers, installation serial numbers/keys, copies of Invoices or other evidence. This helps to demonstrate what you have bought and how much, and helps confirm you have purchased these from legitimate sources.
Your information will be compared with all available purchasing and agreement data. This is to confirm that your software is correctly licensed. This can be a complex and iterative process and you may be asked for additional information through the process.
The result is usually a gap analysis that shows you if you have purchased MORE or LESS software than you are using. If you have excess software then this is an opportunity to minimize future purchasing and save money. If you have insufficient licenses paid for less software than you use then you will need to settle the difference with the publisher.
Software vendors generally act in a cooperative way with their customers during a software review, After all it is in their interest to have happy customers who continue to buy software. However there are always exceptions. Organisations that strongly refuse to cooperate may be escalated to a legal firm. In the extreme such companies may end up in court for copyright infringement. This can therefore be quite damaging for the organisation in question as their reputation can be severely tarnished and they may suffer a hefty penalty in addition to settling any license shortfall.
It is fairly common for an organisation to be asked to conduct a software review by several publishers in any one year. This is not a case of collusion by the software vendors, just a fact of life for organisations that buy software from multiple publishers. Some publishers may repeat their review every few years.
It pays to be prepared to minimise the effort and potential pain of a software review. Ideally make sure you always have the information available for the next request. For this reason many organizations have a dedicated Software Asset Management function and associated inventory management tools. Equally you should take advice from specialized Software Asset Management or Software Licensing experts that can advise on the appropriate licensing models for you. At the end of the day managing your software correctly is a part of good IT governance which you should strive for as the benefits extend far beyond license compliance. Knowing what software you have helps you minimise costs, identify and deal with infrastructure security, and comply with regulations such as the new EU General Data Protection Regulations (GDPR)
During the last few years software publishers have increasingly been moving to the cloud as a means to access and distribute their software. Software distribution via physical means is reducing but is not dead. Software products continue to be pre-installed on PCs. Many products remain available as “boxed” products. Older software (either unused or second hand) remains readily available via liquidation sales, online auction sites and other online sites, high-street markets and car boot sales. In many countries of the world software is regularly sold on CD in local markets. This means illegal copies of software are still in circulation and will be for years to come. This exposes the unsuspecting customer to two problems: counterfeit and unlicensed software. It is commonplace to discover illegally copied or counterfeit software pre-installed on PCs. It is also quite easy to buy illegal software copies over the internet without realising it. There is a rampant online industry offering illegally sourced software. Many of these websites last only one day and are replaced with a different website name the following day. Sometimes the pricing is obviously too good to be true. Other times the pricing seems a little cheap but fair. One key feature to look out for is software that is offered as a download with a separate product key or serial number with which to activate the product. Avoid these unless it is sold by a reputable source.
Activation keys supplied with downloadable product are often are expired, blocked, fake or stolen activation codes. If the keys are invalid your product may not work at all, or will work with reduced functionality, or you may not receive online updates that normally help keep you secure.
Software is often available on a trial basis. By all means use this if you get it from a legitimate source. But don’t be tempted to hack the activation keys to extend your trial indefinitely. This is simply illegal and fraudulent. It’s like keeping a loan car indefinitely – would you do that?
Software vendors offer attractive discounts to deserving users such as students, schools, universities and charities. If you qualify then you should make use if these offers. But don’t be tempted to lie to obtain cheap deals. It is quite simply illegal and you can be prosecuted for this deception. Also you do a disservice to those deserving users who might otherwise receive better deals.
Basically you are mis-licensed if you don’t license all your software, or you buy the wrong type of licenses (for example buying Academic licenses when you are a commercial organisation), or when you fail to procure enabling licenses (e.g. CALs) that are required to use what you have installed. For example, users often require a CAL (Client Access License) in order to access a central resource such as a file server, authentication server or database server. These enabling licenses are just a paper license and nothing is physically installed. The terms and conditions of your main software products will make it clear what is required. It is important that you ensure you understand the licensing terms to get this right. Another area of mis-licensing is grey-imports. Software is often sold for use in a particular country. This is because there are trade laws and rules within a given region such as the EU that govern import of goods and services. Tariffs, taxes and import duty will usually be levied on imports. Software procured for use in the EU should be bought from legitimate EU resellers or bought direct from the software publisher.
By copying software, or in any other way using it but not paying for it, you are helping to bump up the cost to other users who legitimately procure their software. This is Intellectual Property theft and is a criminal offence. Similarly, avoiding import duties is an offence. When you are caught you will be penalised and have to pay the cost of the software you ought to have paid for initially as well as compliance purchase going forward together with discounts in doubt. The worst offenders can be imprisoned. Your organisation may receive unwanted publicity about the issue and have its reputation damaged, suffer consequential damage to your sales or other source of income, or in the worst case this could irreparably damage your organisation.