For better or worse, Forever 21 is really good at making culturally and generationally “on point” graphic tees, such as this one that makes the desperate, exasperated, (and, let’s face it, probably justified) plea, “CAN YOU NOT?”
When it concerns software license management, it turns out that Forever 21 could, in fact, not. On January 28, 2015, Adobe filed a suit against the retailer for allegedly pirating 63 instances of their software and “[continuing] their infringing activities even after being contacted by Adobe regarding the infringement.”
Consequences for when you “just can’t”
Poor software license management puts your company at risk, and you don’t even have to be as blatantly irresponsible as Forever 21 in the recent suit to face severe fines and punishment for license violations. Even for unintentional infringement, a business or individual can be hit with triple damages–that means three times the cost of the software itself. Classified as piracy, violations that are found to be intentional can mean punitive fines of tens or hundreds of thousands of dollars–and that means a ton of money that you could have put toward employee salaries, better technology, or anything other than paying fines that prudent management would have helped you avoid.
Rewards reaped for ratting on you
“Getting in trouble” is easier than you may think: major software publishers invest in protection against piracy by joining anti-piracy consortiums that advocate for their interests and legal rights. Two of the most popular are BSA, which includes Microsoft and Symantec, and SIIA, which has other major vendors as its members. Consortia like BSA and SIIA are backed by law firms that specialize in anti-piracy and incentivize reporting piracy violations with rewards. Both make reporting suspected instances of piracy as simple as filling out a form. It’s like in movies about high school where the principal bribes a student to tell them who’s been breaking into the chemistry lab, except with a lot more at stake. (There’s got to be a Forever 21 shirt that captures that whole trope.)
Many years ago, it happened to us. We terminated an employee and out of (movie-like) revenge, he reported us to SIIA for supposed licensing violations. SIIA sent us a demand letter threatening to sue unless we provided them a full inventory of software in use on all of our computers, along with proof of all purchases. We wasted many hours collecting all the information they requested. In the end, we only had $1500 in software that we couldn’t account for, but with treble damages, it cost us $4500. Even more significant was the loss in productivity from our accounting department.
From our story, the takeaway is this: even if you aren’t violating any licensing (and we sure hope you aren’t), it’s still a very cumbersome and time-consuming process to dig through years of information to prove your compliance. It might not be as painful as an IRS audit, but it’s close.
How not to waste time or money
The best way to prevent big fines or big hassle starts with being organized and informed. Develop a software license management policy and associated procedures to accurately track all your purchased software and its use. Don’t assume that your IT provider is doing this for you, because it is usually out of scope of managed IT services. License management is largely an accounting and compliance function, but IT can help by providing things like software tools to automated inventory scans. Additionally, IT is usually better versed in the intricacies of various kinds of licenses, such as pro versus Home editions, per-seat versus per-user licenses, and client-access licenses.
Your software license management process should include a few key things:
1. Proper record-keeping of all purchased software:
- Record/log of software purchases, dates of purchases, and assignees
- Log whenever software gets moved from one user to another
- Software scans of all computers for actual software in use
- Comparison and reconciliation of in-use software with software purchase records
- Periodic (annual) audits to verify accuracy and completeness of record-keeping
2. Scan and save all receipts and maintain a thorough inventory spreadsheet that tracks:
- Type (hardware, software, etc)
- Purchase date
- Amount paid
- Serial #
- Physical location or assigned user
- License key
3. Well-defined and publicized employee policies against software piracy:
- Maintain a list of allowed “free” software for staff to reference
*Warning: Most “free” applications are free for personal use only, not for commercial use*
- Put someone in charge of reviewing software license terms before adding applications to the list
- Disallow all use of unlicensed software and provide consequences for non-compliance
- Communicate/re-communicate the policy regularly
4. Periodic internal audits to verify accuracy, completeness, and compliance:
- Scan all computers for software in use (When possible, utilize an automated tool like Spiceworks, which provides support for software inventory scans)
- Re-compare this actual, in-use software with purchase records
More ways to reduce your risk
To significantly simplify software license management, you may also want to consider a BYOD policy where employees own and are responsible for their own computers. While you’ll still need to track any business software that you provide to them for their work, you don’t have to track their own personal software. (Practice saying, “Sorry, Chad, but the fine for your unlicensed version of WordPerfect is not our problem.”)
You may also want to consider migrating to the cloud where you can. By using web-based applications instead of those that are PC-based, you’ll have to keep tabs on fewer traditionally-licensed applications. For example, you could move your timekeeping from a PC-based app to Harvest and trade license costs and management for a simple flat subscription fee. Similarly, you could swap out MS Office for Google Apps and get great live collaboration features in the process.
Lastly, don’t overlook “free and open-source software” (FOSS) that exists under appropriate licenses (such as Creative Commons and GNU) and can be used freely even more commercial purposes. Still, make sure to have someone well-versed in interpreting software licenses to review all applications for suitability.
The perks of staying on top of things
By establishing and maintaining a rigorous software license management policy and practice, you can greatly minimize your exposure to unintentional license violations and effectively eliminate the chance of getting roasted for outright piracy. Most importantly, you’ll have up-to-date records of all of your software purchasing and licensing should someone who has a beef with you attempt to get your business busted.
If you need need a starting point for your company’s software license management policy, feel free to use ours as a template.