"We ask a significant number of questions [in the online reporting form] because we're looking for as much detailed information as we can get to help us understand and get a comfort level that the person who is reporting really has the goods," explains Jennifer Blank, the BSA's senior director of legal affairs.
Once the lead passes a preliminary credibility check, Frank Konczakowski, the BSA's program coordinator for enforcement, contacts the informant to gather additional information about specific software-related conversations, memos or meetings that might bolster the case. The BSA also contacts the software vendor for whatever licensing or sales information it may have about the suspect company.
"If our informant reports 100 copies of Norton antivirus software but then Symantec reports 100 copies licensed, we know the lead is no good," Blank says. Because so many software vendors sell through multiple distribution channels, their information isn't comprehensive. But some BSA members, especially engineering software makers like SolidWorks Corp. and Autodesk Inc., "keep copious databases with registration numbers and transfer information and a lot of detail," she adds.
In more than seven years as an investigator, the one thing that Konczakowski says consistently amazes him is "how blatant the pirates are." He has seen plenty of cases where a single legal copy of a PC software program has been installed on hundreds of machines. Even more troubling is that most informants who report corporate software piracy to the BSA say that the company knows about the piracy.
"Usually, our informant will say their company is aware of the problem and has made a deliberate decision not to buy the software but to pirate the software," says Blank. "Of course, when we investigate, we hear a different story from the company itself."
But the BSA doesn't put a legal press on all of the reports of piracy it receives. Rather, for a case to go forward, all BSA members must unanimously agree to move ahead with legal action. All leads and follow-up information are stored in a central database that licensing staffers and attorneys from the BSA's member companies access via an online portal. They then review the information and decide whether to take further action.
The cases that get escalated are those that involve "a reasonable number of computers and software" and have a "good lead," Blank says, although she declines to specify what the BSA considers a "reasonable number."
"It's not a set number of computers, but we're looking ultimately to reach a settlement with the company, so we have to look at whether it's worthwhile investing in legal fees," she explains. "If it's 20 copies of a $20 software program, that's not a great lead for me. But 10,000 computers and only three [legal] copies is a lot better lead. It's going to involve a larger case. So we're looking for a reasonable number of computers and a variety of software."
One other important note is that the BSA pursues only those cases involving software of its member companies. The group doesn't have the power of attorney to pursue cases on behalf of nonmembers.
If the case gets a green light, an attorney representing the BSA first sends the CEO of the target company written notice of the allegations and all of the details. The informant's identity remains confidential throughout the process. The organization also asks the company to perform its own investigation and an audit of all software published by BSA member companies.