This post was originally in response to a Slashdot article, referring to the Business Software Alliance (BSA) and the law. I have reproduced it here (edited for length) for educational purposes. The original posting can be found by following the related link below.

Clauses in contracts of adhesion (meaning a contract where you did not get a chance to negotiate terms with the other party) are typically invalid and regularly struck down in courts. If a clause would not have been accepted by a hypothetical 'reasonable person' who had a chance to negotiate, in the opinion of the court, then it is void. Letting a third party come into your company and poke through all your computer systems with sensitive data on them is not something that the courts often regard as reasonable. Here's a key phrase from the US case law, lifted from http://en.wikipedia.org/wiki/Contract_of_adhesion [wikipedia.org]:

absence of meaningful choice on the part of one party due to one-sided contract provisions, together with terms which are so oppressive that no reasonable person would make them and no fair and honest person would accept them.

> Remember that, by the BSA's rules, merely having
> all the original media, license certificates and
> product keys for every single copy you've got
> installed is not sufficient.

Ah, the BSA. Here's how their little scam works: They come along to you with a bunch of impressive-looking lawyers and make all these demands. You're probably a fairly small company. You don't have legal staff in-house. You don't realise that the law is actually on your side at this point; you think that they're telling the truth, and you have to let them audit you. So you let them.

At this point you have just granted them permission to do this stuff, so you can't later claim (when your lawyer explains things to you) that their investigation was unlawful. The whole scheme is based around conning you into granting them permission without realising it.

What you should have done was:

(1) instruct them to get off your property
(2) give them the name of your lawyers, and instruct them to refer all further correspondance there
(3) if they are still here, call the police and tell them you need some trespassers removing

Then you can have a nice leisurely discussion with your lawyers and figure out what, if anything, you actually need to do. Most likely they will tell you that you don't need to do anything unless the BSA has actual evidence of infringement.

Under no circumstances should you ever allow anybody to search your premesis unless they are holding a warrant and they are an officer of the law. The BSA themselves will never, ever have the right to do this because they are not the police.

As for those 'rules' they have about having to show the invoices? They made those up. They have no legal standing. The BSA has to prove that you are breaking the law, not the other way around. Then you merely have to show anything that proves them wrong. "Innocent until proven guilty" applies.

The BSA is like a mail worm infestation: it's far better to block them at the firewall than to try and clean up the mess once you let them get onto your network.

Leave a Reply

Your email address will not be published. Required fields are marked *