BSA’s Misleading and Unsavory Tactics in Software Audits

December 19, 2014

By Steve Helland, Shareholder and Chair of Technology & Internet Group at Fredrikson & Byron, P.A.

BSA’s Misleading Form Letters

For over a decade I have represented scores of corporate clients from all over the country in software audits and license disputes involving the Business Software Alliance or BSA.

These disputes usually begin with a form letter to the company (the audit target) from the BSA itself or one of its outside law firms:

“This law firm has been retained by the BSA / The Software Alliance in connection with its investigation of possible instances of illegal duplication of certain software companies’ proprietary software products….We recently have been advised that [your company] has installed on its computers more copies of [specific software programs] than it is licensed to use.”

In follow-up correspondence, apparently cutting-and-pasting from a library of form letters, the BSA’s legal counsel tends to push the same demands and legal positions again and again.

However, in my opinion, a number of the BSA’s form letter positions provide either an incomplete picture of the law or mislead as to the requirements of the law. 

David vs. Goliath

This approach by the BSA is especially troubling because, in my experience, the BSA appears to target primarily small-to-mid-size businesses, which may not have ready access to legal counsel with a background in copyright and software disputes. Audit targets understandably fear a legal battle with the deep-pockets of the BSA and its member-companies such as Microsoft, Adobe, Autodesk and Symantec. For audit targets, it may be economically rational to simply pay up, rather than devote time and expenses to dispute the BSA’s demands and purported requirements.

Below are some of the BSA’s recurring legal positions along with my commentary:

BSA Misleads on Evidence: Only Dated Receipts

A typical BSA form letter describing the self-audit will include the following statement regarding the demand that the audit-target provide evidence of its software purchases:

“This item must be supported by dated documentation, such as invoices or receipts, as proof of the ownership of each such license. Undated documentation, such as photocopies of software media (e.g., CD-ROMs), blank license agreements (with no date or identification of purchaser), and product packing, cannot be accepted for the purposes of this inquiry.”

While that might be the BSA internal preference, I think this misleads audited entities into believing that in the absence of dated receipts, they are certain to be found liable for copyright infringement.

In fact, if the matter were to go before a judge, courts will generally permit the introduction of relevant evidence. See Federal Rule of Evidence 401. Therefore, I encourage my clients to compile all relevant evidence, whether dated or not. When arguing with the BSA over whether there is any license shortfall and/or the size of that shortfall, all relevant and probative evidence should be considered. Even Microsoft’s own website has a page devoted to indicators, other than dated receipts, as to whether software is genuine.

BSA Misleads on Burden of Proof: Guilty Until Proven Innocent

In practice, if an audited entity is unable to produce a dated receipt, the BSA will label the corresponding software copy or installation to be improper. In turn, the BSA will demand settlement payment for the resulting so-called “shortfall” – the gap between reported software installations and the number of copies for which dated documentation is located and provided.

In a courtroom, the burden of proof in a copyright infringement case is not so simple and often rests with the plaintiff. This is especially true if the existence of a license is given, even if to only one user. See, Nimmer on Copyrights, 2010 Electronic Version via Lexis, 3-12, § 12.11 (burden to state prima facie case remains with copyright plaintiff). See also, Bourne v. Walt Disney Company, 68 F.3d 621, 631 (2nd Cir. 1995). If existence of a license is granted, and the issue is the scope of the license, then “the copyright owner bears the burden of proving that the copying was unauthorized”. The complaining party carries burden of persuasion.

The Shoplifting / Closet Analogy

The analogy I offer to my clients and to the BSA is this:

Imagine that you are accused of shoplifting a pair of Levi’s® jeans by an unnamed tipster. The anonymous tipster might even be your ex-spouse or person with their own agenda. The agent for the clothing store demands that you inventory not only your Levi’s® jeans, but every article of clothing in your closet. Next the agent demands that you provide a dated receipt for each article of clothing. No matter how old. And if you can’t find a receipt for an old sweater, the agent is uninterested that your mom will provide an affidavit that she bought it for you as a gift. Absent a dated receipt, all items are deemed shoplifted or stolen. And the agent will demand a settlement payment or threaten to sue you for $150,000 per item.

The inference of shoplifting/theft above is absurd on its face.

The inference of copyright infringement for software under like circumstances is equally absurd.

BSA Misleads on Damages

A BSA form letter will typically include the following eye-opening statement:

“The Copyright Act (17 U.S.C. § 101 et seq.) provides that copyright owners may recover actual or statutory damages. In cases where the infringement is willful statutory damages can reach $150,000 for each copyrighted product that has been infringed. The copyright owner can also seek its attorneys’ fees.”

Small and mid-sized businesses are understandably intimidated by such amounts; fearing that a single over-installation of Microsoft Office (containing multiple sub-programs) could lead to over $1 million in liability, according to the BSA.

What the BSA fails to include in its letters is that the specific section of the Copyright Act that discusses damages (17 U.S.C. § 504) lists ordinary or typical statutory damages as “a sum not less than $750 or more than $30,000, as the court considers just.” Although it is true that a court may award damages of up to $150,000 for certain willful infringement, it may also, “in its discretion may reduce the award of statutory damages to a sum of not less than $200.”

Conclusion: Knowledge is Power

I hope this information is useful to you and provides factual legal background, as you consider how to interact with the BSA. If your business would like legal assistance in responding to a software audit, please contact me at or 612.492.7113.

The views in this article are those of the author alone in his individual capacity, and do not reflect the views of Fredrikson & Byron.

This article is adapted from materials the author presented before the Minnesota Bar Association is “Computer and Technology Law Institute.”

View All Blog Posts