Preview: Denise Mingrone, partner at Orrick, Herrington & Sutcliffe LLP, shares some of the advice she will present at the Cylynt Software Monetization and Anti-Piracy Summit on how to protect software IP in the new remote working environment. Denise recently published an expert analysis article on this topic in Law360. Join the summit to see the full presentation.
The remote working environment and greater employee mobility that has become our reality places software deployments at increased risk for piracy. Since the shelter-in-place orders were issued in early 2020, software companies are reporting an increase in illegal usage of software applications of 20-30%, costing independent software vendors (ISVs) millions to billions of dollars in lost revenue. This problem is only expected to rise as remote working environments remain the norm.
Combatting Piracy: The Three Rs
There are three key pillars for implementing an effective piracy prevention program.
There are a wide range of products that can be used to restrict illegal access to your software. If you deliver downloaded executable files to your customers, you should integrate a license key and usage monitoring technology to prevent and detect unauthorized access. If you deliver your software products over the cloud, you should use monitoring software in conjunction with strong login credentials.
DMCA: A Powerful Tool for Protecting IP
Defeating or circumventing access controls to software in order to use it without paying for a legal license violates the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of a technological measure that “effectively controls access to a work protected under this title and trafficking of technology that allows for circumvention." The damages are similar to those for copyright violations, but statutory damages are awarded per violation and range from $200 to $2,500, leading to the potential for high damage awards if there are multiple circumvention violations. As an example, if a customer uses a counterfeit license key to run software five times a day, five days a week for six months, this results in 600 circumventions, yielding statutory damages in the range of $120,000-$1.5M.
Recognizance is accomplished through the dual strategies of technological and human intelligence gathering. On the technical side, an anti-piracy application that offers use monitoring and reporting through phone-home technology, if installed within a software vendor’s products, collects usage data that enables the vendor to identify who, where, and how often its products are being used illegally. The data collected can include the precise software applications being pirated, the dates and times of illegal use, and the user(s) involved in the piracy, and the geographic locations from which the use is being perpetrated. This data can be organized and analyzed to determine which situations would most likely yield a successful revenue recovery outcome. It is also irrefutable evidence that often persuades illegal users to negotiate a settlement and come under compliance or will enable the vendor to prevail in a legal action.
Human intelligence is the second arm in the fight against software piracy. ISVs should be on the lookout for and investigate suspicious activity such as a customer that is reducing its spend despite obvious continued need for the product or a customer who drastically reduces its paid licenses after moving its services offshore. Known piracy websites should also be continually monitored to discover if the company’s binaries and license key files are being offered on these sites.
Remediation can take the form of technical measures such as kill switches, invalidating license keys, and locking out user credentials. The next step would be to issue cease and desist demands and initiate license negotiations to bring illegal users under compliance. This can be accomplished in a variety of ways depending on the company’s primary objectives, which likely include a combination of protecting its valuable copyrighted IP while also deterring illegal behavior and minimizing lost profits.
To achieve these goals, a tiered approach is required that includes an initial company-to-company outreach, escalation outreach by a third party such as outside counsel, and, finally, litigation, which has proven successful in most piracy situations.
Settlement and Litigation Options
There are a number of common law and statutory tools that can be leveraged, including DMCA claims, copyright violation claims, computer trespass claims, and trade secrets claims. Most statutory claims entail the possibility of attorneys’ fees awards in addition to damages. Copyright claims are unique in that attorneys’ fees awards are only available if the software has a registered copyright extant at the time of infringement.
Orrick Piracy Toolkit and Cylynt Anti-Piracy Report
The Orrick anti-piracy and license compliance team has developed the Orrick Piracy Toolkit as a complementary solution that enables software vendors to determine if any of their products are being pirated, either by hackers and/or customers who may inadvertently be out of compliance with their license obligations. The assessment is developed by anti-piracy and license compliance software expert Cylynt, and requires answering just a few questions, from which the company's piracy experts will prepare a report that uncovers the extent of your piracy problem and how it is impacting your company, your customers, and your profits.
Once the report is ready the Orrick team will walk you through all of the results and discuss whether and to what extent a piracy problem exists. Having identified such piracy, the team can then advise on a tailored strategy for mitigation, including a revenue collection process, should that be desired. They will analyze and evaluate risk on the software products clients are most concerned about, regions in which remedies will be most cost-effective, and protections for both existing and new technology.
Orrick attorneys have successfully litigated some of the most significant cases in the IP theft area and counsels some of the largest and most innovative software companies in the world. They will draw on their knowledge of this specialized area to help ISVs develop a tailored license compliance program or upgrade an existing one. The assessment begins with the piracy report, along with two to three complimentary hours of partner time to discuss the situation. Depending on the goals and the findings in the piracy report, the team will help you develop and implement a customized plan.
To learn more about the Orrick Software Piracy Toolkit and how it can help your software company discover and mitigate a piracy problem, contact Denise Mingrone, partner, at firstname.lastname@example.org to set up a free piracy assessment.