Print
Close Window
From: www.itworld.com
Microsoft unleashes piracy police: Are you safe?
March 20, 2001 —
It seems we are no longer a nation ruled by law, but rather one ruled by lawyers. No, it's not the presidential race -- or should I say cases -- that makes me say this. It's something that happened in Virginia Beach, Va., and may be happening today in your hometown.
Do you remember a basic principle of law that says we are presumed innocent until proven guilty? As George W. Maschke pointed out in a brief essay on the subject (see Resources for a link), the heart of that phrase is not about presumption, but the burden that presumption implies. In other words, the burden of proof rests with the plaintiff, not the accused. But even that underlying principle is not written in stone. It appears that you can sign away that protection of law, and of due process, merely by signing a contract with Microsoft.
The story of what happened in Virginia Beach is sure to strike fear and dread into many organizations. Fear and dread are happy partners with Microsoft's global "anti-piracy" campaign; the campaign is orchestrated by Redmond, but mainly conducted by the Business Software Alliance (BSA), which acts as Microsoft's private police force.
The gospel according to Gates must surely contain a verse that avers, "The only good customer is a frightened customer." The Virginia Beach story is, from Microsoft's point of view, the best of all possible scenarios: it contributes to the general level of fear -- which makes the BSA campaign that much more effective -- and to Microsoft's sagging revenues.
Storming Virginia Beach
If you missed the Virginia Beach saga, here is a brief recap gleaned from reports published by PilotOnline, the Internet edition of the Virginian-Pilot. (See Resources for a link.) In September, the city received a letter from Microsoft demanding that it produce an inventory and proof of purchase for every Microsoft product on every computer the city owned. Virginia Beach was given 30 days to comply. I've been told unofficially that the letter did not even specifically address the city -- it was a form letter.
Form letter or no, Virginia Beach took it very seriously. It soon realized its chance of completing the task in the allotted 30 days was roughly on par with that of a Democratic county in Florida having sufficient time to do a manual recount. The city requested a 30-day extension, then dedicated five people -- one-fourth of its IT department -- to the task, which was finally completed in late November at a cost of over $80,000. The city had searched its roughly 3,900 computers and identified more than 800 Microsoft products for which proof of purchase could not be found.
That heinous crime was likely neither intentional nor unintentional piracy, but rather a policy failure by various city departments, which threw out the proofs of purchase instead of safeguarding them. Nonetheless, the penalty was substantial.
It cost the city about $129,000 to acquire the missing licenses, meaning the little exercise cost a total of over $200,000. That money could have gone to the Beach Health Clinic, the purchase of library books, or any number of uses that would have benefited the city more than the privilege of paying twice for the same software.
I asked David Sullivan, Virginia Beach's CIO, if he believed the proofs of purchase were missing due to piracy or simply loss of documentation. Sullivan said, "We didn't look for piracy. What we did was to inventory all the software on the machines. We did that through an automated process and then we summarized that. Then we asked departments to provide us with all the documentation for all the Microsoft software they had purchased. We came up short. About 13 percent we couldn't document."
Sullivan did state that none of the products were purchased from firms in Virginia that had previously been found guilty of selling counterfeit software. Furthermore, the products Sullivan said were most often missing the proof of purchase were not things an employee would likely have brought from home -- they were products like SQL Server or various versions of the Windows operating system. That suggests that the only act of piracy in Virginia Beach was Microsoft's forcing innocent customers to pay twice for the same item.
While one of PilotOnline's news stories states that Microsoft can demand audits of all its customers, I don't believe that is true. I've carefully read the EULA (End Users License Agreement) for Windows 2000 Professional and found no such language. I asked Sullivan what the legal basis was for Microsoft's demand; he explained that it was part of the bulk purchase agreement, called Software Select, that Virginia Beach uses to purchase Microsoft products. Though Virginia Beach did sign a contract requiring it to produce an audit on demand, Microsoft customers are normally not obligated to do so.
Sullivan also noted that Virginia Beach is not a pure Microsoft shop. For example, the city has a standard desktop that includes Corel Office, not the Microsoft equivalent. The city also uses Novell software for its print and file servers. Those standards probably saved the city thousands of dollars in tribute.
I asked Sullivan if he believed the incident would cause Virginia Beach to change its reliance on Windows, and perhaps adopt open source software like Linux.
He said no. Virginia Beach had noticed a lack of a current software inventory during its Y2K preparations. In fact, the city had purchased an automated tool for performing software inventory prior to receiving Microsoft's demand; the inventory would have been conducted regardless of Microsoft's intervention.
Sullivan also pointed out that because city government includes so many different types of operations -- e.g. jails, police departments, and hospitals -- all with unique requirements, the city had to find products in the marketplace, rather than writing them all from scratch. The marketplace for each of those niche industries usually centers on a single platform, which is usually Windows. In short, he gave one of the clearest descriptions of a monopoly's barrier to entry that I've heard.
What's it to you?
So what, you say? It doesn't matter a bit to you what happened in Virginia Beach, because you don't do bulk purchasing and the auditing clause is not part of your purchase agreement. Think again, penguinista. The BSA will gladly relieve you, too, of your right to due process -- using fear and intimidation in lieu of the Software Select agreement.
The BSA ran radio ads almost daily on all of the major stations in Austin, Texas, during November. It threatened fines of hundreds of thousands of dollars for those found with unlicensed software. The same ads said the BSA could target you using just a single phone call from a single disgruntled employee. Microsoft's position, presented by the BSA, seems to be, "Contractual obligation to perform an audit? We don't need no stinking contractual obligation."
Software pirates are not the only ones frightened by the BSA/Microsoft campaign. All it takes is one employee who did one unauthorized install of one program on one computer -- or even one misfiled receipt -- to put any Microsoft customer equally at risk. But even the small minority of organizations that can produce the requested inventory and matching proof of purchase are not safe. They will still have to use time and effort to produce the paperwork, and their productivity will be negatively affected.
Are you safe from such threats? Not if you're running Microsoft products. I asked a sysadmin at a small firm, with approximately 100 employees and at least that many computers, for an estimate of the potential damage if his firm received the type of demand that Virginia Beach did. He said it would take two people one or two weeks to produce the inventory. At a rate of $25 per hour per person -- I know that's low in today's labor market -- that's $2,000 per week: a total of between $4,000 and $8,000. And that's without the cost of lost productivity, fees for any missing licenses, and penalties as described by the BSA.
Is that the price of piracy? You bet it is. But Microsoft customers are not pirates: it's Microsoft. Microsoft formerly only threatened to "cut off the air supply" of those who dared to offer alternative solutions, unless they agreed to "knife the baby" and kill their competitive threat. Now it appears that the law allows Microsoft to turn on its own customers as well. By the way, those are actual phrases, cited in the antitrust trial, that Microsoft used to describe its actions against Apple and Netscape. (See Resources for a link.)
The only way to be free of risk is to be completely free of Microsoft products. My advice is simple: Join the revolution. Become a penguinista. Give Gates, his lawyers, and their contracts and sticky licenses, exactly what they deserve. Make them walk the plank by eighty-sixing all of the Microsoft software you use.
- "Microsoft Orders Va. Beach to Prove Software Ownership," Katrice Franklin (PilotOnline, Nov. 4, 2000):
http://www.pilotonline.com/business/bz1104mic.html - "Beach Sends Microsoft a Check for Software Use," Katrice Franklin (PilotOnline, Nov. 30, 2000):
http://www.pilotonline.com/business/bz1130pay.html - "Innocent Until Proven Guilty?" George W. Maschke (Oct. 8, 1998):
http://www.humnet.ucla.edu/people/maschke/innocent.html - "Alliance of Concerned Software Companies, or Microsoft Front?" Joe Barr (Penguinista.org):
http://www.penguinista.org/cgi-bin/article?articleId=723&showBody=Y - Business Software Alliance:
http://www.bsatruce.com/ - DOJ complaint against Microsoft (reference to "cutting off the air supply" is in Section I, paragraph 16):
http://www.techlawjournal.com/courts/dojvmsft2/80518com.htm - "Microsoft to Apple: 'Knife the baby,'" Will Rodger (eWeek, Nov. 5, 1998):
http://www.zdnet.com/eweek/stories/general/0,11011,370795,00.html
LinuxWorld.com