Not all of the non-compliant software BSA is finding in businesses is due to intentional and/or knowledgeable copying. In many cases the situation is a lost receipt (often because people have believed that certificate of authenticity actually meant something). Other causes are things like sloppy record keeping (almost a certainty at any rapidly growing business), and employees adding software on their own to office computers.

Certainly, none of these cases exonerate a business from a failure to keep all software in license compliance. But what businesses really need is not the scare tactics (whether legal threats from BSA or reports of cases on your web site) to bring them into compliance, but instead, they need low cost methodologies that scale well across a wide range of small (1 person and up) to medium size (as many as 2000 people) business. These methods need to include tools to manage and track all licenses, including scanning tools (not unlike a virus scanner) that look for unlicensed software on each computer. Other tools needed include educational material small businesses can use to teach each of their employees about license compliance.

Thanks for your note, Phil; good point about how many businesses often do not maintain the records to validate the legality of their software.

I wholeheartedly agree that businesses need to be more aware of the issues. However, I don't agree that telling them the potential consequences of noncompliance is a scare tactic; I see it as making them aware of what can happen if they are not in compliance. Too many business leaders to not realize the potential penalties and consequences.

In addition to those businesses who just have sloppy record-keeping there are also many business leaders who make the decision to take the risk and use illegal copies, gambling that they will not get caught.

I've spoken to many business leaders who, much to the frustration of their information security and compliance officers, said they'd rather risk not getting caught with illegal copies instead of buying the number of legal copies they needed. They often justify this by saying that they already paid for the software, and that they should be able to use it as they see necessary. In the 90's I performed several audits of my organization's subsidiaries who's CEO's told this to me directly. I still speak with business leaders who express this same attitude. They typically tell me they will "do what it takes to increase bottom line profits." Most of these folks know about the laws. Most are more motivated to do the right thing by knowing what the penalties are.

Awareness of issues such as this must be done using many approaches. What works for some will not work for others. For many business leaders, they are more motivated to be in compliance if they know organizations such as the BSA are actively enforcing licensing compliance and are utilizing organizations' personnel to do so.

I also agree that organizations need affordable solutions; what do you suggest? There are many automated software licensing tools out there, and there have been for many years. Are these not feasible for all businesses to use? There is also a great amount of free awareness material the BSA, as well as the Software Publishers Association (SPA), has available. Along with government regulatory oversight agencies.

Businesses of any size can utilize the many software tracking tools and free to low-cost awareness materials available.

Thanks again for your post. I will plan to do a blog posting about these tools and awareness materials this week; it is always good to revisit topics such as this and remind folks about the tools and materials that have been around for well over a decade.

Rebecca

I have no doubt a great many business do try to get away with what they can get away with, just to improve the bottom line. I've encountered several such businesses, personally. Some of these may be swayed by information about the consequences (because they don't know them or how serious they can be). Others might need more persuasion in the form of how likely they are to get caught (generally much smaller business fall into this category) ... if that even is likely (see below).

My reference to a scare tactic is when the information about the consequences is provided on its own. I would likely not label it so if along with that information came information about what businesses (that intend or hope to do the right thing) should be doing ... in a non-vague way.

The BSA does, IMHO, a very poor job of this. They are into the scare tactic mentality and put their limited tools and resources off on another page.

Take a look at some of their resources. A lot of it is just further extensions of their scare tactic approach. For example: assisting employers to apply the same tactic on employees, rather than assisting employers to implement and deploy procedures (technical and business) to ensure that employees can't, or do not need to, do inappropriate software installation.

I'm not saying that BSA doesn't have anything good; they do. What they should be doing is at least highlighting the positive resources they offer on a significant portion of the front page of their web site. Their advertising ... all of it, radio, TV, web banners, whatever ... should mention the availability of documents and tools to help businesses comply, in an amount equal to the information about the consequences of not doing so.

Both of us do have experience (yours apparently a lot more than mine) of just how rampant business people think they can get away with whatever they are doing, whether that is blatant copying of software, or just saving a few hours keeping proper records. If you and I know this, it is likely lots of business people know this as well. The problem with that is that the few cases BSA reports success with is a tiny fraction of what appears to be going on. I'm sure they know this. But their answer to it, I believe, is off target; they focus on the penalties instead of balancing it with the solutions.

BSA's position (promoting the penalties over the chance of being caught or the methods to avoid non-compliance) could be giving the idea to many much smaller businesses that they are unlikely to get caught at all. And maybe that's actually true. That's why I think what I refer to as scare tactics is wrong ... it just gives the impression that there are a few businesses that lose the gamble; and most win.

I look forward to your next blog. Maybe your research could also find a business which has dealt with this issue and gone from having compliance issues to utilizing methods and tools to come into full compliance ... as a case study example of how this is done.

Thanks for your additional thoughts, Phil.

True, the BSA...as well as other similar types of organizations...could provide a more varied approach in trying to get information out to businesses about how to comply with the licensing requirements.

A case study is a great idea!

I'll post about these issues later this week...probably not along with a case study, which would be good to include in a white paper or article...or as another blog post after I've had time to talk with some folks with some positive experiences who are willing to have their situations publicized! :)