A text transcription follows.
This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.
The following is the text spoken by OUT-LAW journalist Matthew Magee.
Hello and welcome to OUT-LAW Radio, where we hope to keep you up to date with the latest news and the most fascinating features from the world of technology law.
My name is Matthew Magee, and this week we find out what the people who run companies really know about what software they own. Here's a clue: it's not very much.
But first, here are some of the top stories from OUT-LAW.COM, where you can read breaking technology law news throughout the week.
Privacy watchdog gets start date for new powers
and
Swine flu could undermine contracts
Privacy regulator the Information Commissioner will be handed new powers to issue fines next April. The Commissioner's office has confirmed for the first time the date on which it will be able to hand out new fines.
The Commissioner was promised the long lobbied-for powers by Government but no date had been set. The Commissioner’s office says that it has been told the new powers will take effect in April.
Under the Data Protection Act (DPA) the Commissioner cannot issue fines for breaches of the Eight Data Protection Principles at the heart of the law. But from next April that will change and it will be able to issue fines for knowing or reckless breaches of the Act's principles.
A spokesman for the Commissioner said that it did not yet know how much it would be allowed to fine people and organisations, and that there was some work still being done on the fines.
Companies should dig out their major contracts and read the clauses on 'force majeure' to prepare for arguments that a Swine flu pandemic could render contracts meaningless, a legal expert has said.
Commercial contracts carry 'force majeure' clauses which say that major unforeseeable events outside of either party's control can relieve companies of their contractual obligations.
Technology law expert David Mcilwaine of Pinsent Masons, the law firm behind OUT-LAW, said that if Swine flu becomes a major problem in the UK then companies might start to try to invoke force majeure clauses.
He said if suddenly half your workforce is out sick and you are a major IT services company and obliged to deliver certain service levels then you might invoke the clause, it becomes even more difficult because probably your customer is operating with staff working from home.
The Swine flu illness is already reported to be disrupting business. A Google call centre in Hyderabad in India was shut down last week and 100 workers were sent home after one tested positive for the illness.
Those were some of the top stories from this week's OUT-LAW News.
Bodies like the Business Software Alliance (BSA) and the Federation Against Software Theft have been fighting the battle against unlicensed software for more than two decades.
As the BSA conducts audits and legal action in Glasgow, Manchester and London some businesses might be worried because they know that they have ropey software in the office.
Most, though, will be pretty happy, at least until they are audited.
We know this because the Software Industry Research Board, a part of the Federation Against Software Theft (ISS), has actually conducted research into companies and their attitudes to software licensing. IDC asked 600 businesses about it and probably the most important finding was that most businesses think that they are fully on top of their software licensing when in fact they have no idea what software they do and don't own.
It found that 75% of businesses claim to have what is called a Software Asset Management Strategy – basically a big list of what software you own, what of that is used and by whom. But when the research looked at what companies actually had in place, it was found to be rudimentary.
So, dangerously, not only are companies probably using software they have no license for, they are doing so when they think they are on top of the situation.
John Lovelock, Chief Executive of the Federation Against Software Theft (ISS), explains.
John Lovelock: Software asset management really is a series of processes, people and technology whereby you can achieve the aim of knowing at any point in time exactly what software you are using, against what software you entitled to use, and equally importantly, what software you have that is not being used. There is complacency at the board level for various reasons; generally they don’t do it knowingly, business that is, and directors of course but the issues are that directors, according to our research think they’ve got control 75% but actually only 38% have got any idea how that control is exercised.
So how do companies end up in such a pickle that they don't even know what software they own and what they don't? Lovelock says that the problem is, initially at least, an accounting one.
John Lovelock: In a lot of businesses nowadays around the world, software is not actually seen as an asset to the company because they don’t perceive that they own it which is absolutely true, you never own a copyright material, in the case of software you only own the right to use that software. Though most organizations, when they buy their software for their PC estates they write it off, say in the first 12 to 18 months similarly as you would with stationery and cheap pieces of office furniture and the like, and thereafter there is no list of what software they actually have on their estate in terms of an asset register because under accounting rules in the UK if it does not have a book value you don’t have to report on it on an annual basis, so it is kind of out of sight and out of mind.
So companies end up woolly about what they have. But as businesses grow, spawn subsidiaries and merge problem is piled on complexity and a terrible mess ensues.
John Lovelock: The issue is as businesses expand or grow or they merge or get acquired that situation becomes exacerbated in as much as one business takes over another and neither had control or any clarity of what they’ve got on their estate and more importantly what they actually have the right to use. If people listed their software licenses in any form for example in a spreadsheet and as the business changed whichever way it went and updated that list in a dynamic way they would also know what software they have in use and they would always know what licenses they could demonstrate that they have the right to use that software with.
This is how companies can end up in the licensing soup, where the research showed that a massive 42% of them don't even measure the cost of their software.
Add to this mess the confidence that directors have that they are actually on top of the situation and you have an extremely complicated problem.
But how much trouble can it cause the companies? According to Lovelock it can be a costly issue before you even get near the Courts. For a start, the muddle can lead to over- as well as under- licensing.
John Lovelock: Wherever there is an under license scenario there is invariably an over license scenario. Unfortunately as Murphy’s Law would state that normally they are under licensed on the most ubiquitous software without mentioning names and they are generally over licensed on the less known software, so invariably it entails once the software asset management program is implemented usually the re purchase or purchase of more software.
And, says Lovelock, the chances are that when the software companies or bodies like his come knocking at your door you will end up having to re-buy software you've already paid for.
John Lovelock: All of a sudden a vendor writes to your business to say right we are going to com in and conduct an audit of your software estate as it states in our License Agreement we can give you two weeks’ notice and therefore we can go in and once they come in and they audit your estate if you haven’t been managing your estate there is a very big likelihood you are going to have to fork our a lot of money. First of all being under licensed, if you can’t demonstrate you had the licenses in the first place you may have to re purchase what you thought was legitimate and probably is legitimate software that you purchased years ago but you no longer have the documentation because you haven’t been careful enough to ensure and give the value to the software that you kept the receipts and all the License Agreements you had when you first purchased it.
The legal ramifications, though, are not especially severe.
Lovelock said that if a company is found using unlicensed software they will only have to pay what they would have had to pay to anyway to license the material in the first place.
This is no disincentive, Lovelock said; there should be damages payable by companies that use unlicensed software.
Directors are only liable if it can be shown that they knew about the unlicensed use and that that use continued. This is hard to do, said lovelock and he wants directors to take the issue in hand.
He wants Company Boards to take responsibility for software management, and then he wants them to take the fall if it fails.
John Lovelock: The Board needs to take responsibility. Somebody on the Board and individually or collectively needs to take responsibility of managing the IT assets right across the company. Our experience shows that doesn’t happen often enough and it is worrying to me still, you know, that people wait until a policeman comes to the door or the vendor sends a re seller in to audit the organization and they are found to be wanting but more worrying is they don’t know they didn’t even realize. Oh, I didn’t know that as a director of the business why didn’t you know, why didn’t you make it your duty to find out. So another thing we are trying to create is director liability. You know, as, the Corporate Manage Law to bill even if you are 6,000 miles away as a director of a business and somebody’s head like that poor student gets crushed in an earth moving piece of kit you are still liable, because you should know what your Health and Safety Policies and Procedures are. We would like to say the same thing about software. If you are not managing your software, Mr Director of the Business, then you are culpable in what the results are, and therefore you should be punished accordingly.
That's all we have time for this week, thanks for listening. Why not get in touch with OUT-LAW Radio? If you know of a story you think we should cover, do get in touch on radio@out-law.com. Make sure you tune in next tine; for now, goodbye.