GIS vendors, both software and data providers, should be aware that their offerings are ripe for misuse. Eric Muraven of the Software Compliance Agency lists three areas of concern for software providers and explains why they need to act to prevent misuse.
GIS vendors, both software and data providers, should be aware that their offerings are ripe for misuse. And all the locking and copy prevention technology available will not stop this. Misuse happens when an organization without proper licensing, uses products to perform commercial services for a third party, either stand-alone or as part of a greater solution. Nearly all End User License Agreements prohibit this type of use as it cannibalizes future business by stealing future sales, violates the agreements GIS vendors have with their providers and profoundly shortchanges vendors in the proper compensation for use of their intellectual property.
Misuse is not limited to any size or type of organization. These violations have been found from small, one-person companies to global corporations to governmental bodies and non-profits. Any organization that acquires data or software has the potential to misuse. No vendor should dismiss this based on its type of user base.
There are limitless scenarios in which GIS products could be misused. Some more typical misuse might include:
- Client uses GIS software and/or data as an immediate part of a consultative service providing results to a third party.
- GIS software and/or data are a small part of a larger solution of results/information provided to third parties.
- Client includes GIS software and/or data as part of its cloud offering.
- GIS software and/or data are installed onto machines’ hardware that multiple organizations may access.
Why is license misuse a concern to vendors? There are three major issues. First, nearly all data and software products require the use of commercial third-party products in their build. These products come with licensing restrictions and reporting obligations for these third parties. By not complying with these commitments, vendors risk the potential for heavy fines for failing to accurately report, and they jeopardize these important relationships.
The second concern around misuse is that it may cannibalize the vendor’s very own user base. When an organization performs services with the data or software for a third party, it eliminates the need for that third-party organization to acquire the products for its own internal use. Although a situation may occur where the user has unwittingly created an offering using these products, an agreement must be in place to reflect this usage and ensure the vendor receives proper compensation.
This leads to the third and perhaps most important misuse issue, and why it matters. For data and software vendors, intellectual property is the absolute key to their business. They are able to pay their bills, support their products and improve their technology via the rightful compensation they are owed from use of their product. A user who does not use the product according to the terms of the agreement will not provide this proper compensation that is rightfully owed to the vendor. Vendors should never be reluctant to seek what they are rightfully owed.
Misuse poses a serious risk to the vendor. Many software companies have invested in locking technology—which does help prevent over-deployment (installing more seats, servers, CPUs etc. than were legally obtained). However, this solution does not monitor how the product is used. The actual business purpose and who is benefitting from the results of using the software cannot be controlled or determined. This is true for data as well, in which there are very limited options for controlling usage.
Vendors that provide data and software via the cloud may have a false sense of security. Putting technology in the cloud provides insights into the usage, including how many users and amount of usage. But simply knowing the usage may not reveal the actual business purpose and who is benefitting from it.
Many vendors have the right to do audits as per their license agreements. However, they have serious limitations. Audits are geared toward looking at number of installations and users. They do not effectively capture the business purpose for the technology. As well, audits are expensive; there is a heavy cost for this and it still will not yield the needed results concerning usage. Lastly, these audits are known for upsetting the client. This may not be as much of a concern for the largest vendors, whose users have limited choices in alternative technology. However, for the majority of vendors, keeping costs down and not upsetting customers are likely significant concerns.
The news is not all bad. With careful investigation, this type of misuse can be detected without upsetting clients. The results can be quite lucrative to vendors. Discovery of this type of misuse usually nets owed royalties, fees and possible damages to the vendor. Additionally, discovering this type of usage may present new opportunities for the vendor to provide additional products and services to the user. Finally, the process may lead to a better fit, product-wise, to suit the actual usage. Large vendors have teams focused on user compliance. While this is not realistic for many small and medium-sized providers, they should not hesitate to seek outside help. The risk from misuse is serious and the opportunity it creates is considerable.