[Note: This article was written by Nate Cochrane was originally published by CRN online on 11 June 2015, and in issue 339 (June 2015) of their printed magazine]

SaaS promises to level the equation but risks for resellers remain.

It was a day like any other for ‘Frank’*, owner of an IT business that employed a dozen people, when he got a phone call set to cost him thousands of dollars.

Frank had fired two employees, Brad* and Janet*, who had an office romance over which the three of them fell out (*not their real names). The caller was a lawyer for a business software enforcer with knowledge of illicit applications allegedly installed throughout Frank’s firm.

“Before they left, the pair went through the office and installed software that wasn’t licensed [then] they dobbed the company in,” says intellectual property lawyer Kay Lam-MacLeod. The business software agency said “pay up or we’ll sue”.

“The business said, ‘We didn’t install or authorise it’, ” she says. Frank’s arguments fell on deaf ears as the claim rose from $5,000 to $20,000, says Lam-MacLeod, founder of IdeaLaw, a legal consultancy that specialises in such cases and advising resellers on software licence compliance. “They said, we don’t care. You should have regularly audited your machines to ensure there was nothing unauthorised on those machines. Now pay up or we’ll sue.”

Frank paid.

Lam-MacLeod says the copyright enforcer rewarded the couple with a bounty. She’s critical of the “standover merchant” tactics used in such cases. “You can’t defend yourself because you don’t have the resources and you’re over a barrel. What can you do?”

It shows how even SMBs must have proactive software compliance. Had these policies been in place, Frank could have batted back piracy allegations.

Another reseller that Lam-MacLeod has represented also fell foul of Microsoft licensing and, despite trying to get a clear answer, was referred to the software maker’s lawyers.

“It happened over a couple of years where they were trying to get their Microsoft rep to confirm they were doing the right thing, only to get a letter eventually from a Microsoft lawyer who was not involved in the licensing process and was just a litigator saying, ‘OK, pay up’.

“It didn’t seem Microsoft were making much effort… to communicate with the reseller or no one wants to put their arse on the line. Even though these clients were spending hundreds of thousands of dollars with Microsoft, they got the angry letter saying you owe us millions of dollars for the wrong type of licensing.”
Lam-MacLeod says the average reseller or punter is at a great disadvantage: “It took us a while to unravel it all and we’re the lawyers”.

“Sometimes the software companies are their own worst enemies by making their licensing so difficult to comply with.”

After initially agreeing to participate in this article, Microsoft representatives declined repeated invitations to comment.

SaaS to the rescue? 

Lam-MacLeod says software-as-a-service (SaaS) introduced sanity into software licensing terms that are now easier to understand than many traditional licences.

But these now present difficulties for SaaS vendors, says Tom Canning, Asia-Pacific vice president of software asset management system Flexera.

“The world is a long way from being 100 percent on [SaaS],” Canning says. The problem for SaaS vendors is managing their side of the licence. Don’t assume that every software company has very sophisticated back-office systems in place.

Canning says that “software publishers have many levels of agreements with customers”, which makes this “a complex problem”, especially for novice apps vendors that lack licence-compliance systems.

This is prevalent in ‘freemium’ apps where base software is given away and consumers switch on features inside the app. Marketplaces or app stores don’t help because the vendor “has no direct connection to the customer”, Canning says.

If SaaS is staunching piracy losses, the effect is “minimal”, says Roland Chan, compliance director of the Software Alliance (BSA), which patrols “unlicensed software installations” for the likes of Microsoft, Adobe and Salesforce.

The BSA estimates that in Australia, pirated copies represented 21 percent of software use or US$743 million (A$837 million) in 2013.

“In 2013, less than 10 percent of software solutions were cloud,” Chan says. “At some point, there will be an impact but we don’t have any indication of how fast that shift is moving.”

And while online activation and hybrid models such as that deployed in Adobe Creative Suite and Microsoft Office 365 should improve compliance, Chan says BSA has “no evidence” that it works. “But in theory, it would be far easier for organisations [end-users] to subscribe to such models.”

A rise in settlements

While the BSA estimates the value of Australian pirate software to have risen from US$492 million in 2007 to a peak of US$763 million in 2011, the rate fell from 28 percent to 21 percent. Further, it says Australia’s economic activity would grow by US$1.4 billion for every percentage point drop in unauthorised use.

Last year, BSA settled A$825,000 worth of actions with 12 businesses for alleged unauthorised software use, a rise from the year prior when 16 cases worth A$536,050 were settled.

Despite the rise in settlements, this is likely due to increased enforcement than illicit software use as Australia slides down BSA’s list of infringing countries.

Chan defended BSA’s enforcement, which includes a ‘pay off your credit card’ Facebook marketing campaign to encourage ‘dobbers’.

“We run a reward campaign where we track use of unlicensed software in the marketplace. Once the leads come in we offer that to our investigators, lawyers, to conduct a thorough investigation. On completion, we decide whether to send a cease and desist letter or conduct a civil action.”

Chan says resellers should work with software vendors to help their customers comply, given that “it can sometimes be a complex concept for individuals to understand”. And he says BSA is on the cusp of launching an online course on software asset management at verafirm.org to ease the burden for the channel.

The official word: ‘It’s a civil matter’

Avoiding a malware infection is a key incentive for using compliant software, BSA says in its latest reports. Pirated software is a leading vector to attack critical systems and was fingered in the US-Israeli ‘Stuxnet’ takedown of Iran’s nuclear centrifuges and other online scams.

But the Australian Federal Police has little interest in pirate software, which it says is a civil matter. We asked the AFP about its role in enforcing legal software use, and it responded in a statement: “AFP’s major focus remains on investigating serious, large-scale levels of IP crime particularly those linked to organised crime.”

It added that AFP works with “industry bodies, state and territory police and Australian government agencies such as the Australian Customs and Border Protection Service, IP Australia and the Attorney-General’s Department”.

Lacking funds from government, the Australian Institute of Criminology (AIC), which last wrote research notes on software piracy nearly 10 years ago, has dropped it as an area of interest, a spokesman says.

Dr Gregor Urbas, who researched piracy at AIC before leaving to lecture in cybercrime at the Australian National University and now University of Canberra, says criminal actions tend to be taken against small traders.

“Where there’s a dispute between commercial rivals, police are more likely to say it’s a civil matter; you fight it out with your competitors,” Dr Urbas says. “A corporation is more likely to proceed through civil litigation and letters of demand… so criminal enforcement has always been… where the person who’s allegedly infringing doesn’t have the resources to satisfy the civil judgement and you won’t get much out of them.”

But he cautions that software piracy could easily escalate into a criminal matter. “There were statements around the mandatory data retention debate saying copyright piracy is a civil matter and not criminal, and that’s not strictly true; there are criminal offences on the books. There are certainly criminal cases going on.” Dr Urbas adds that many of these are in lower courts and go unreported.


 

Breakout: The rise of online theft (but it’s not piracy)

Lorenzo Coppa’s Melbourne online reseller, eStore, has become so popular he has to block access to his website from certain countries. That’s because fraud from some places in Asia and the Middle East is costing him thousands every year.

Coppa says the issue is that financial institutions and vendors side with consumers in disputes over goods. Thieves have wised up and are defrauding the system, receiving thousands of dollars of goods and software licences, and either using them in their business without paying or selling them on eBay, says Coppa.

It’s “absolutely critical for the health of the channel” that when alerted to fraud, vendors revoke licences, he says. But vendors don’t care because either way, they’re covered, he says.

“We’ve been absolutely hammered with orders that were rejected as fraudulent and I think word is out on the street,” Coppa says. “People who get software from us without paying hits our bottom line because we still have to pay for it. It would be good if we could provide affidavits [to vendors] and the licences would be revoked; it would stop this behaviour.”

And he points the finger at credit card providers and payment services. “We were also under the impression that BPAY protects the buyer and seller in a transaction; but it turns out that in the case of licensing, they don’t protect you [the reseller] because there’s no physical product.

“We found out the hard way when there were thousands of fraudulent licences that were purchased and BPAY don’t even have a department you can deal with. We’ve gone back to a manual fraud checking process on software licencing.”

CRN has seen the details of a Victorian business that Coppa says ordered $10,000 of business software with no intention of paying for it. He is preparing a legal case to recoup his losses. Coppa says it costs his business “tens of thousands of dollars a year” and that he’s rejecting “millions of dollars” of potentially fraudulent purchases.

“Law enforcement is absolutely useless; you can ring the police and give them all the IP addresses of someone who on 20 occasions had fraudulently ordered licences and they will not investigate. It’s extremely rare that it goes anywhere.

“I’d hate to think how much crime there is – it’s absolutely huge.”

Coppa says police must be more “strategic” about online theft and treat it with the same gusto as other types of property crime. “If it were tracked down there would be less people committing these crimes.

“Once it’s gone through to the keeper, you’re pretty well done.”


Breakout: What is ‘piracy’ anyway?

The simplest definition of piracy that most will agree on is, “The unauthorised use or appropriation of material covered by intellectual property laws like copyrights, patents and trade secrets”.

It isn’t necessary in most jurisdictions to show a commercial gain for a case of infringement to be brought. And despite emotive industry claims, piracy isn’t theft that crucially requires denying the material to someone else.

IP lawyer Kay Lam-MacLeod and cybercrime researcher and law professor Dr Gregor Urbas separately say BSA claims are “rubbery”. Dr Urbas also says BSA’s measurement of software piracy “tends to be a bit fictional”.

“That relies on the assumption that every pirated copy would be replaced by a full-priced legitimate copy and that’s not true, especially in third-world developing countries.”

Even the AIC researcher was “sceptical” of industry claims of losses, Dr Urbas says: “He didn’t make himself popular by saying if you’re making these claims to back it up with data and methodology”.

Of the BSA/IDC report, AIC wrote in Intellectual Property Crime and Enforcement in Australia (2008): “Although the research covers hardware and software markets in more than 75 countries, the methodology used is not without criticism. IDC relies on a uniform international methodology – not one which is necessarily comparable with Australian piracy and counterfeiting losses for other industries.”

Lam-MacLeod says BSA enforcement tactics need work. “My personal view of the BSA is pretty low. Their tactics are pretty poor.” On losses she says, “I’ve never seen how they justify [them]… I don’t believe them.”


Breakout: How does the BSA measure software piracy?

The BSA engages IDC to run its biannual software reports. The analyst firm that also tracks software use across the economy first estimates how much PC software businesses and consumers have deployed. It then estimates how much of thiswas bought. It subtracts one from the other to arrive at the amount of unlicenced software and to compute the percentage of infringement.


Breakout: Popular piracy scams

It will come as no surprise that downloads from online places like torrent sites and Usenet newsgroups constitute the bulk of casual illicit software use.

Market stalls in urban centres might also be centres of activity although following high-profile raids in the 1990s and the move to online distribution they have waned in popularity.

Large network-gaming gatherings might also include a peer-to-peer filesharing component where software is made available without appropriate licences. ‘Warez’ cracking tools and key generators to bypass licence sign-on requirements are available through these illicit avenues.