How do vendors handle mis-licensed software? | FAST

How do vendors handle mis-licensed software?

November, 2017

 

Software publishers (software vendors) have several methods of handling mis-licensed software. Some publishers take the view that anyone using their software is a positive thing even if they have not properly licensed it or even if they have not paid for it. This usually only applies to smaller publishers who are striving for market share, publishers of Open-Source software where the commercial imperative is not important and hobbyists. However, the vast majority of software publishers are commercial companies who are in business to earn money for their products.

Intellectual Property

Software is a type of intellectual property - “IP”. Mis-use of licensing is essentially a form of IP abuse or theft in the eyes of the law, and is morally wrong. It is similar to any other form of IP theft such as trademark infringement, copying copyright material such as publications, selling bootleg copies of films etc. It reduces the revenue a publisher is entitled to receive and damages their business.

Counterfeit Intellectual Property

Software publishers put a great deal of effort into minimising loss from IP theft in general, whether this be due to counterfeiting, deliberate mis-licensing or accidental mis-licensing. Counterfeiting has been with us for millennia where just about anything of value has been copied and fraudulently mis-sold or mis-used. Isaac Newton, for example, spent his later life avidly pursuing counterfeiters when he was appointed as Warden of the Royal Mint and later became Master of the Mint. Apparently he became the terror of London counterfeiters, sending many to the gallows. Luckily the gallows are no more in modern times but law enforcement agencies and manufacturers of all manner of goods (including software) must still invest a lot of effort to identify and shut down counterfeit channels, bring prosecutions where appropriate and publicise the issues.

Mis-licensed Intellectual Property

Mis-licensing is a little more straightforward to deal with than counterfeit goods. Software is not generally mis-licensed through deliberate avoidance but due to lack of or poor software controls, and/or poor understanding of the specific licensing rules. Generally when you install or buy software you are bound by the licensing terms and conditions in your contract or End User Licensing Agreement (“EULA”). These terms usually include a clause placing an onus on an organisation to keep track of software installations and to supply an inventory to the software publisher upon request. Some publishers reserve their rights to demand a detailed audit or to send in their representatives to review your IT estate. Whilst this may seem onerous, the fact is that mis-licensing costs software publishers many billions of dollars in lost revenue every year.

Software publishers most commonly audit organisations already known to be using their software. These audits may be triggered in one of several ways as indicated below, but mostly the first couple of points mentioned.

  • A programmatic approach to review software licensing in all customers
  • At the time of software license renewal it is mutually agreed to be beneficial to conduct a review
  • An unusual change in purchasing behaviour raises concerns
  • Investigations into suspicious resellers who may be mis-selling raises concerns
  • Prompted by an informant
  • Many other potential triggers

How a software review, or audit, works

There are many different approaches taken by software publishers to review an organization’s software and deal with mis-licensing. This is the general approach taken:-

Contact

You will be contacted by the software publisher or their appointed representative. Representatives include services firms that specialize in Software Asset Management, software resellers, the mainstream audit firms, IP protection bodies, and lawyers acting on behalf of the software publisher. This may be by phone, letter or email. Don’t ignore these.

Declaration

You will be asked to supply an accurate and up-to-date declaration of the software that you have installed across your IT estate. This should encompass your whole organization including all affiliates (as requested). You may be asked to gather this inventory by installing network scanning tools, particularly if you do not already use these tools. You may need to obtain assistance from a 3rd party to do so, or you may be asked to work with the publisher’s representative who contacted you to do this.

Proof of Purchase

You may also be asked to provide proof of license which can include Contract/Agreement Numbers, installation serial numbers/keys, copies of Invoices or other evidence. This helps to demonstrate what you have bought and how much, and helps confirm you have purchased these from legitimate sources.

Analysis

Your information will be compared with all available purchasing and agreement data. This is to confirm that your software is correctly licensed. This can be a complex and iterative process and you may be asked for additional information through the process.

Results

The result is usually a gap analysis that shows you if you have purchased MORE or LESS software than you are using. If you have excess software then this is an opportunity to minimize future purchasing and save money. If you have insufficient licenses paid for less software than you use then you will need to settle the difference with the publisher.

Escalations and exceptions

Software vendors generally act in a cooperative way with their customers during a software review, After all it is in their interest to have happy customers who continue to buy software. However there are always exceptions. Organisations that strongly refuse to cooperate may be escalated to a legal firm. In the extreme such companies may end up in court for copyright infringement. This can therefore be quite damaging for the organisation in question as their reputation can be severely tarnished and they may suffer a hefty penalty in addition to settling any license shortfall.

Repetition

It is fairly common for an organisation to be asked to conduct a software review by several publishers in any one year. This is not a case of collusion by the software vendors, just a fact of life for organisations that buy software from multiple publishers. Some publishers may repeat their review every few years.

Be Prepared

It pays to be prepared to minimise the effort and potential pain of a software review. Ideally make sure you always have the information available for the next request. For this reason many organizations have a dedicated Software Asset Management function and associated inventory management tools. Equally you should take advice from specialized Software Asset Management or Software Licensing experts that can advise on the appropriate licensing models for you. At the end of the day managing your software correctly is a part of good IT governance which you should strive for as the benefits extend far beyond license compliance. Knowing what software you have helps you minimise costs, identify and deal with infrastructure security, and comply with regulations such as the new EU General Data Protection Regulations (GDPR).