Microsoft might promise free upgrades for Windows and simplify its volume licensing with a new agreement, but the influx of cloud services, new devices and mobile apps means software licensing continues to be complex. A recent lawsuit should remind you that you can't afford to lose track of what software your company is using.
Adobe, Autodesk and Corel have sued clothing retailer Forever 21 for “willful, intentional and malicious copyright infringement" for using Photoshop, Acrobat, Illustrator, Autodesk, PaintShopPro and WinZip without paying for enough licenses, “even after being contacted by Adobe regarding the infringement,” the lawsuit said.
Pirating software is usually about civil liability. Adobe, Autodesk and Corel are asking for lost revenue and damages, plus court costs. Criminal liability tends to be reserved for cases of software counterfeiting, according to Jodie Kelley, senior vice president and general counsel of BSA, The Software Alliance.
It can get personal
But it’s not just the business that will have to pay up — an officer of the company can also be liable if they personally participated in the infringement or supervised it. For example, "If you could have prevented it but didn’t,” Kelley explains, and if you had a financial interest in using the copyrighted software. “It’s a relatively high standard for personal liability, but it does exist, and the officer is liable to the same degree as the corporation.”
Company liability might not end with the cost of paying for the licenses you should have bought and the statutory damages for not buying them, either. There’s now an ISO standard for software asset management, which isn’t required by any regulations yet. But the 2013 framework for internal controls and corporate governance from COSO, the umbrella organization for accountants and auditors, includes a chapter on software licensing that says your business needs to have “appropriate controls…which may…verify the entity’s legal right to use the technology in the manner in which it is being employed.”
Most companies have focused on the financial reporting implications in the COSO framework, but it means that software licensing now has to be considered as part of your internal regime rather than just a question for the IT department. And, Kelley warns, “the SEC has announced it will be looking to that framework when it assesses whether internal controls are adequate.” That could be a problem for the 65 percent of companies in last BSA Global Software Survey who don’t have written policies requiring properly licensed software.
Security and piracy don’t mix
It’s not just a question of the company doing the right thing by paying for the software it uses to run the business or being efficient about making sure you’re not paying for licenses you don’t need. Pirated software can make you more vulnerable to security breaches. Part of that is common sense: “If you want to deal with security, the most critical first step you have to take is knowing what you have in your network. If you don’t know what you have and you're not managing it, you're extra likely to have a threat.”
But if users are downloading cracked software and installing it on their computers, it often brings malware along with it. And too many times even a legitimate copy of the software that’s installed may not get security updates, so it won’t be as licensed copies. BSA commissioned a study from IDC to look at malware on PCs that shows a correlation between the amount of unlicensed software in a country and the amount of malware on their PCs. http://globalstudy.bsa.org/2013/cyberthreat.html
Bring your own license problem
Pirated software and over installing is obvious when you look for it. But what about the licensing impact of the tablets and smartphones that users bring to work? BYOD, mobile devices and even cloud services make licensing more complex and confusing.
“Most companies aren’t trying to cut corners,” admits Kelley. “They’re struggling with the complexities.”
[Related: Free Windows? Not a Chance ]
So when Microsoft announced in January that Windows 10 would be a free upgrade for the first year, it quickly emerged that there would be the usual licensing small print. The free upgrade is only for the base Windows 10 edition and the basic business version, Windows 10 Pro. If you have Windows Enterprise and a volume license, you'll need to pay for an upgrade or take out the usual Software Assurance subscription to get the new version.