The Software Publishers Association (SPA), probably the leading international trade association for the PC software industry (its annual meeting was held in Chicago this October), believes that in 1990 alone, the software industry lost $2.4 billion in the U.S. from illegitimate software copying. In that year, total U.S. software revenues were around $4 billion. Worldwide loss estimates were between $10 and $12 billion. As a result, software companies are increasingly willing to enforce their legal rights against individuals and organizations which copy software in violation of the copyright laws or written agreements.

Many PC software users regard copying software as simply no big deal — they’re otherwise law-abiding folks who view borrowing a friend’s disks and loading them onto their own PCs as a way to save money. Or they’re organizations which, under tight budget constraints, consider duplicating software licensed to them without the right to copy as an acceptable business risk. The penalties, however, can be severe.

What are the rules? There are two sources: Federal Copyright Law and the terms of the license agreement provided with the software, often called a “shrink-wrap” license.

Copyright Law

The protections of U.S. copyright law extend to software. As a general rule, it is copyright infringement to make a copy of a protected work without the copyright owner’s permission. If you buy Microsoft Word or Lotus 123 from a retailer, you’ve bought one copy of the software. You own that copy, but you don’t own the copyright (the same is true, e.g., for books, CDs, sheet music, posters, photographs). Therefore, generally speaking, you cannot duplicate your copy, except as permitted by the copyright law (or the shrink-wrap license agreement accompanying the product.)

The Copyright Act was amended in 1980 to acknowledge the reality that a user of software must copy it to a limited extent in order to use it. A software program can’t be run unless it is loaded into a computer’s memory. Consequently, Section 117 of the Copyright Act allows a user to “copy” the software to this extent in order to use it on a single computer. Loading software into a computer’s memory, for purposes of infringement analysis, is copying, even though the resulting “copy” is intangible or electronic. Beyond the copying permitted in order to use the program on a single computer, Section 117 permits the user to make a copy of the software for backup or archival purposes as a safeguard against damage or destruction. Generally, that’s it. Unless the copyright owner otherwise allows it, a user can copy software onto one computer and make a backup copy to replace the software loaded onto that one computer.

Shrink Wrap License Agreements

Shrink wrap license agreements are commonly used by vendors of mass-marketed PC software to state the restrictions and permitted uses associated with the software they accompany. These licenses typically state that the user of the software agrees to the terms of the license by opening the package or using the software. While use of this type of “agreement” is ubiquitous in the PC software industry, its enforceability as a legally binding contract is unclear. After all, the user doesn’t sign it and usually has no opportunity to negotiate its terms. To date, two federal appellate courts have held shrink-wrap agreements unenforceable in the particular facts before them. However, one ignores shrink-wrap license terms at one’s peril.

In many instances, a shrink-wrap license will grant the user rights it would not otherwise have under the copyright law. For example, some vendors now permit a user to load (copy) the software onto both an office and home or laptop computer, provided the software is used on only one of the computers at any given time. Such a license might also contain a restriction that goes beyond what the copyright law would prohibit. For example, if a user of a program purchases an upgraded version, the shrink-wrap agreement might prohibit use of both the prior and current versions at the same time, even if both were legitimately purchased. Whether this further restriction would be enforceable depends on the enforceability of the shrink-wrap agreement. It is reasonable to conclude that if a user avails itself of rights granted in a shrink-wrap license that go beyond those permitted by the copyright law, it will be held to restrictions in the license against acts the copyright law would otherwise permit.

Penalties for Copyright Infringement

As a defendant in a copyright suit, one is potentially liable for, at the plaintiff’s discretion, actual damages suffered by the plaintiff as well as the amount of profits resulting from the infringement, or statutory damages. Judges have great latitude in determining the amount of statutory damages. The Copyright Act provides for damages awards of between $500 and $20,000 per infringed work, depending on the judge’s determination of what is fair given the circumstances. If the judge determines the infringement to have been “willful,” i.e. in knowing violation of the law or with reckless disregard for the copyright owner’s rights, damages of up to $100,000 per infringed work can be awarded.

How to Get and Stay Legal

For an organization to assess and minimize its potential liability for copyright infringement of PC software, it must first identify all software it uses. This involves performing an audit of each computer’s hard drive and determining the accessibility of each program via a network. This can be done manually or with the assistance of various utility programs. The SPA (202-452-1600) has developed a self-audit kit to help organizations in this task. Once this is done, all unauthorized copies of software (i.e., those for which no proof of legitimate license or purchase can be found, such as a license agreement, purchase order, invoice, user manual, or original disk), whether loaded on computers or storage media, should be removed and destroyed.

The SPA has also developed a detailed set of guidelines to help organizations stay “legal.” The first step, according to the SPA, is to appoint a Software Manager. This individual is responsible for implementing a company’s software policies, maintaining records and supervising compliance with such policies and various software license agreements. The second step is to control the acquisition of software by requiring that it be obtained in the same manner as any other important company asset: through formal purchasing procedures involving documentation and supervisor approvals after an appropriate needs assessment. Further, companies should be sure to appropriately budget for software needs. Failing to do so encourages illegal copying. The third step is to establish a storage security program — the Software Manager should supervise the distribution of software and manuals, keep original media in a locked area, and maintain a log of the location of each program and the machine on which it is being used. All software should be registered with its publisher to evidence its legitimate use and avail the user of whatever support the publisher provides. Finally, companies should periodically audit their compliance with their software policies and discipline those employees who violate them.

Understanding the law, and establishing and adhering to policies against unauthorized use and copying of software, are key to any organization’s efforts to minimize potential liability.

Attorney Eric Freibrun specializes in Computer law and Intellectual Property protection, providing legal services to information technology vendors and users. Tel.: 847-562-0099; Fax: 847-562-0033; E-mail: eric@freibrunlaw.com.