The risks of using unlicensed software in your business | Apertura Designs

The risks of using unlicensed software in your business

Commercial software licensing remains a complicated and arcane issue for many business owners. Unless you have spent a great deal of time and effort designing and implementing a comprehensive business software asset management plan, the chances are that you are non-compliant in some way. Many business owners choose to take a blasé view of software licensing, and perceive the chance of “getting caught” as being low to non-existent. However, the plain fact is that using unlicensed software can result in considerable harm to your business—both financially, and in your customer relationships.

In this blog entry, we'll highlight some of the ways in which a business may be non-compliant. We'll also look at the methods employed to detect unauthorised software use, the associated damage that can result, and some effective ways of mitigating—or eliminating—the risk.

Software ownership versus licensing

Perhaps the most misunderstood concept for customers is exactly what is owned when software is purchased. When you buy a hardware appliance —such as a computer or printer—there is no doubt that you own that piece of hardware. You are free to use it in whichever way you like, and you can donate or sell it to someone else.

When you purchase a proprietary software product (for example, Microsoft Office), you have paid for a license to use that software. The product is not yours, and it remains the property of the software vendor. The terms of the license—as dictated by the vendor—determine how you are permitted to use the software. Generally, you are not free to use the software in any way you like, nor are you permitted to share or install it on multiple computers.

The confusion surrounding this distinction is exacerbated by the often high cost of commercial software—or to be more accurate, commercial software licenses. For example, a customer who has paid NZ$2000 for architectural design software may believe that they own the product: why else would the software cost so much? The fact remains, however, that all that exists is a license agreement between the customer and the vendor. The terms of the license must be adhered to.

For perspective, very large organisations typically pay companies such as Microsoft millions of dollars annually in software license fees. They may have dedicated teams of full-time staff whose only role is to manage software licensing. This includes ensuring employees are adhering to the agreed license terms at all times.

How does a business become non-compliant?

For small and medium-sized businesses, software license non-compliance occurs in a number of ways.

First—and easily the most risky—is that the business deliberately and knowingly uses pirated software. Illegally-acquired software could, for example, be distributed to employees with an understanding between the business owner and staff. There may be a misguided perception that as long as its use is kept concealed, there is no risk of being discovered—and that any penalties that could occur will be light. As we will highlight further below, neither of these beliefs are true. One reason a business may risk this approach is to keep startup software costs to a minimum. For creative and engineering industries in particular—where specialist software licensing costs are high and terms of use restrictive—this may be viewed by the business as an acceptable risk, especially when competing with established firms.

A second way a business may become non-compliant is if an employee has knowingly installed illegally-obtained proprietary software on a business computer, and is using it for work purposes. Unless the business owner is carrying out regular audits as part of a larger software asset management plan, they may be unaware of the illegal use—until a vendor audit notice is received and the wrongdoing is discovered. In this case the business will still be liable.

A third way to become non-compliant is when using legally-obtained software in a way which falls outside of the license terms. This can happen easily if the license agreement is not examined carefully before use. For example, there may be restrictions dictating:

  • How many computers a single copy of the software is permitted to be installed on
  • How many employees are permitted to use the software
  • Whether the software can be used for commercial purposes (versus home or non-commercial use only)
  • Whether the software can be used by employees working remotely

These are four common restrictions, but there are many others. Without carefully reading and understanding the license agreement—and ensuring all employees are adhering to it at all times—it is easy to become non-compliant. This is worsened by the deliberately lengthy and confusing licence agreements used by many software vendors.

How do software vendors find out about illegal software use?

As noted above, many business owners perceive the risk of illegal software as low, partly out of a belief that software vendors have no way of discovering its use. The first point to note is that commercial software vendors do have enforcement agencies, the most prominent being the Business Software Alliance (BSA).

BSA member companies include the largest and most well-known business software vendors, including Microsoft and Adobe. (Another well-known software enforcement agency is the Entertainment Software Association (ESA), which oversees the electronic games industry.)

It is through these agencies that member companies take action against businesses suspected of or known to be using their software outside of the license terms. The BSA uses the lure of substantial cash rewards to solicit information from employees about illegal software use. The BSA makes particular note of targeting employees who may have special reason to report a company. Quoting Jenny Blank, BSA Director of Enforcement: "Often they are the stereotypical disgruntled former employee. But the issue is not what motivated them, but do they have a story to tell us . . .”

Reporting of illegal software use is performed online and in confidence with a simple web form. The potential rewards used to entice those reporting are documented publicly on the BSA's website. For especially large infringements, the cash payment can reach sums of US$1,000,000.

Once an enforcement agency is advised of illegal software use, they will issue an audit notice to the infringing business. The business owner will need to prepare for the audit, ensuring that specific software license purchase records are available. Note that the original software installation media and packaging may not suffice, as discussed here). Ignoring an audit letter may result in a civil court action being taken against the business.

What size businesses do the BSA target?

Small and medium-sized business owners may be tempted to think that the BSA and other enforcement agencies target only large organisations. After all, large enterprises have hundreds or thousands of employees—and typically pay millions of dollars in annual license fees—so surely the potential for infringement would be much greater. This assumption, however, is incorrect. The BSA does not discriminate on company size, and medium to small businesses (even those with a handful of computers) are at equal or even greater risk of an audit than large companies.

Simply put, a small business owner without a clear picture of software license legality should be concerned about the potential for an audit.

What can happen to my business in the case of a successful infringement action from the BSA?

The damaging factors are two-fold. First, there is obviously the financial settlement to be made with the BSA. Even for a small business, the cost can be absolutely crippling.

Second, there is the damage to the company's public profile. Successful BSA settlements are published on their website and associated industry press. The negative effect on customer and investor perceptions regarding the integrity of the business and its staff cannot be overstated.

Mitigating or eliminating the risk

If you are a business owner and haven't yet considered the non-compliance scenarios outlined above, then it should be your first priority to assess the current state of software use—and take steps to become compliant. As we have highlighted, small businesses in particular should be the most concerned about the severe financial and publicity risks.

Apertura Designs recommends first and foremost to migrate to free and open source software. Where possible, proprietary applications should be replaced with open source equivalents. Where using open source is non-trivial, business owners should allocate resources to developing a migration path (resources that would otherwise be spent on implementing a software asset management plan). Freedom from the risk of illegal software use is just one of the many benefits to be gained from open source software.