Business Compliance Strategies: Avoiding “Accidental” Software Piracy

What’s the price of “accidental” or “inadvertent” software copyright infringement?  For the U.S. Government, the cost was $50 million to settle a $224.5 million copyright infringement suit brought by Apptricity, a software firm offering supply chain management and integrated finance solutions.  In this case, the U.S. Army paid for a certain number of licenses for Apptricity software to track troops and supplies in “real-time” and then significantly “over-deployed” copies to its servers and devices to the tune of thousands.

Under the U.S. Copyright Act, the infringer is liable for either actual or statutory damages plus attorneys’ fees of the copyright owner.  However, Apptricity chose to settle and the U.S. Army remains a client, according to their press release.  I surmise that Apptricity probably got the deal it wanted from the “alternative dispute resolution” process by adding some settlement agreement conditions that were not announced, such as improved monitoring for future compliance, additional maintenance fees and some other forms of future revenues.

In civilian cases, software piracy can lead to double the licensing fees plus intrusive usage monitoring, additional penalties for future infringement and adverse publicity.  On various occasions, we have had to advise clients on the realities and risks of unlawful “over-deployment” of a similar nature, or worse. The resulting process of correcting such errors is costly, distracting and damaging to your core brand value.

Executives and entrepreneurs alike should ask themselves what does it take to manage software licensing compliance?

• Inventory Management Practices. You maintain an updated inventory of all computers and other devices and identify the authorization rules for all licensed users. You update continuously based on needs and actual uses.
• Pricing Management Practices. You plan future growth so you can negotiate volume licensing prices. 
• Human Resource Management. You design a compliance process to include “adult supervision” of all personnel having access to computers. This includes both internal and external personnel and external (Cloud-based) computers. The process includes policies, training, internal auditing, enforcement and may include whistleblowing and code of conduct” procedures applicable to internal and exteral (outsourced) personnel.
• Toolkits. Find a software tool for digital rights management.
• Digital Asset Management. Beyond protection of third-party licensed software, every business needs to track and protect the intellectual property and competitive advantages of software developed by itself, its licensors, and its trading partners. Digital asset management starts with a trade secrets management strategy and assurance of the independence of its innovation team from inadvertent infringement using “Open Source” software or snippets “discovered” on the Internet.

$50 million is a lot of pain.  “Inadvertent” software piracy is not good for business.  The Government’s painful disclosure of such infringement is just a reminder that we each need a compliance program for digital assets

Infosys "Visa Fraud" Settlement

The U.S. Department of Justice has just announced a civil settlement in which Infosys, an Indian firm involved in consulting, technology and outsourcing, will pay the U.S. government a record $34 million dollars for “systemic visa fraud and abuse.”  Although Infosys denies all the allegations, reportedly, it has agreed to this settlement and to enhanced compliance measures to resolve claims made by the U.S. DOJ.  This settlement, the largest fine ever levied in an immigration case, serves notice on buyers and sellers of international business services.

So, what happened?  Was it more than garden variety fraud?   In short, it appears that Infosys used [less expensive] B-1 visa holders to perform jobs for clients that involved skilled or unskilled labor that would otherwise been required to be performed by United States citizens or required legitimate [more expensive and limited number of] H-1B visa holders.   The U.S. DOJ claims that Infosys basically went out of its way to conceal the true purpose of a B-1 visa holder’s travel in the U.S. in order to secure entry of the visa holder to perform these type of jobs.  Infosys also failed to maintain required records of its foreign nationals employed in the U.S.  See http://www.justice.gov/usao/txe/News/2013/edtx-infosys-103013.html 

Breach of contract?  No. Terminable by the customer?  Probably not. Damage Control?  Yes, for Infosys.  Under standard outsourcing and supply chain contracts, the supplier must agree to honor the enterprise customer’s “code of conduct.”  Since Infosys denied liability but paid the fine, it probably does not face a breach of contract claims by its U.S. customers for failure to honor the contractual obligation to respect the law.  But this episode invites a new “governmental settlement” event for termination by the enterprise customer. Or at least it warrants some possible contractual consequences short of a termination by the customer.

Contract drafting tips?   Yes.  Customers should require not only compliance with laws, but consequences for non-compliance.  Customers might include a new clause on “Visa Compliance” that warrants compliance and allows the customer to inspect the work permits of onsite service personnel.

Can U.S. customers ignore a service provider’s settlement of a civil suit by the government?   Can foreign outsourcers ignore the lessons?  That might not be a good idea.  To avoid collateral damage by being associated with a settler of a governmental fraud claim, business executives have a duty to follow the same rules that they set for themselves and others.  If a customer does nothing, it risks shareholder claims for breach of fiduciary duty, backlash from employees, vulnerability to attacks by U.S. unions and governmental officials for being bad corporate citizens, and possible loss of valuable recruitment opportunities for any prospective employees who believe in corporate social responsibility.

The lessons are simple.  Moving foreign technical staff to onside locations needs to be balanced and in compliance.  As a model for scalable global sourcing, mobile labor arbitrage is dead.  Don’t engage in schemes for illegal wage arbitrage.  Find Americans or lawful permanent residents to fill the needs . Don’t harass whistleblowers.  Train everyone on your commitment to compliance with all applicable laws and have a compliance officer.

“Transaction Costs”: A Nobel-Prize Worthy Analysis for Global Business

The death last week of Nobel-prize winning economist and retired University of Chicago Professor of Economics, Ronald Coase, at 102 years of age, reminds us all of the conflict between the real world and the economist’s theoretical world. His eight decades of work helped found the field now known as “law and economics” and continues to impact our understanding of today’s economy and the law. While an undergrad in college, I read Coase’s writings eons ago. His papers helped me understand the logic behind how business organizations work, and was a factor in my decision to become a transactional business attorney.

In law and pure economics, the fair market value of anything is the price that a willing buyer and a willing seller would agree upon, assuming each has equal knowledge of relevant facts, neither is under any compulsion and the transactions costs are nil. This economy would be comprised of self employed individuals continually contracting work with each other. However, in the real world, there is a price to pay for these constant negotiations or what Coase called “transaction costs”. In his 1937 paper, “The Nature of the Firm”, he posited the idea that people could more readily grow their business by organizing themselves into a firm and gain operational efficiencies by reducing these transaction costs. He further noted there may be a point of diminishing returns in this growth, some say foreshadowing the advent of outsourcing.

In 1960, his paper, “The Problem with Social Cost” dealt with the actions of business firms which have harmful effects on others. In a theoretical world, all affected parties would come together and arrive at a voluntary agreement and solution at nil cost as long as property rights were clearly defined and everyone was willing and able to bargain. In the real world, he advocated that cost benefit analyses should be done to determine the appropriate remedy and that each case should be evaluated individually. Where transactions costs are high, either no deal will occur or government regulation of protection of rights from externalities like factory pollution will be adopted to protect those who cannot protect their interests, or small claimants will sue under class action tort principles.

Today, we recognize that transaction costs are the norm in corporate, commercial, technology and service transactions. Business attorneys like me make a living as a transaction cost when clients buy and sell companies, intellectual property or other assets and when they enter into strategic relationships over an agreed time span, like financing, licensing, leasing, investing in depreciable business equipment and technologies. But I am just one mouth in an ecosystem of commission salesmen (“business developers”), consultants, intermediaries, brokers, investment bankers, accountants, appraisers, engineers, logistics providers, outsourced service providers and others whose transaction costs are embedded in the purchase price of an asset, a new venture or a strategic alliance of small companies fighting in a Big Company world.

For that, I am glad to express my appreciation for his insights.  Thanks, Ron.

Strategic Forum Shopping

Ever since your childhood realization that you can get Daddy to permit what Mommy prohibits (or vice-versa), you have learned the skill of forum shopping.  Getting what you want in business is no different. Artful “forum shopping” is a key business strategy for gaining competitive advantage and avoiding domination, as evidenced by some recent deals and litigation.

What do you want to optimize?  While we can look at governmental incentives and regulations, let’s consider optimizing for low tax rates.  That means a search for a “tax haven” from the storm of normal high tax rates. We’re not talking about tax fraud (hiding income), but simply about tax avoidance (navigating and complying with rules to minimize taxes owed).

What kind of income do you want to optimize?  By identifying the type of operations, you identify the type of income, and thus can have a shopping list according to local tax treatment of that kind of income.  You might want a different home forum for different purposes, such as R&D in one forum, manufacturing in another, distribution and sales in a third.  A typical tech company will generate intellectual property from R&D, resulting in licensing royalties or income from selling products.  Manufacturing is a tool of R&D.  Distribution means local sales in each country.

How to you limit each class of income to a specific jurisdiction?   You can set up your operations yet limit your exposure to a hostile legal environment by setting up an avatar (oops, a new company) to do business only there.   And then you just need to have all the avatars charge reasonable intercompany transfer pricing.

In lawful international tax avoidance or tax deferral, forum shopping is alive but under challenge.  In May 2013, a Senate Panel’s investigation revealed Apple Inc.’s set-up of a research and development center in Ireland in the 1980’s to get access to its low 12.5% corporate tax rate and its even lower dividend withholding rates.  U.S. anti-abuse rules (“Subpart F”) currently don’t require immediate repatriation.  So Apple Inc. is sitting on about $1.0 billion in undistributed untaxed offshore profits from licensing of software and sales of computers and telecom devices.  Like the US, other European Union countries are envious and hostile to Ireland’s competitive tax regime.

Did you forget to do your tax forum shopping plan before you grew into a big company?  No worries.  Like U.S. pharmaceutical, company like Perrigo Co., you can just buy an Irish biotech company like Elan Corp. for $8.6 billion.  That tax-favored strategic acquisition was announced last week.  Perrigo will lower its effective tax rate from roughly 30% to roughly 16-18%, saving about $150 million per year in taxes and operating costs, by creating a holding company in (yep!) Ireland.

What would kill forum shopping?  Think of equality in competitive tax and regulatory regimes and harmonization of laws across borders.  This is a stated objective in the Transatlantic Trade and Investment Partnership (TTIP) talks between the USA and the European Union), begun in July 2013, and the G-20 industrial nations 15-point action plan presented by the OECD, also this past July.  That’s optimism.  

Businesses hire professionals as “concierge forum shoppers.”   Maybe there will be a “forum shopper’s club” in the future.  The world’s a virtual mall for forum shopping.  When will there be an app for that?

SMB’s after ObamaCare: The New Sub-economy of 49’ers, Outsourcing, Automation, and Part-Timers

What should small and mid-sized businesses do to survive the Patient Protection and Affordable Care Act?   What lessons have we learned from the delayed Employer Mandate?

Thanks.  SMB’s can thank someone in the Obama Administration for raising the white flag and acknowledging the need to delay the “Employer Mandate” by a year until January 1, 2015.  (Of course, the statute does not permit any deferral of any mandates, so the delayed Employer Mandate raises constitutional issues.) 

Workforce Containment.   SMB’s can redefine their mission in a new microeconomy driven by enterprises having 49 or fewer “full-time” employees (the New 49’s).  These 49’s enterprises can avoid the complexity, costs and distractions by forcing more part-time employment (i.e., under 30 hours per week).   That means SMB’s will likely be training and keeping only those employees who will drive sustainable growth, and marginalize all the rest into part-time status, forcing part-timers to buy their health insurance on an exchange (yet to be established) or pay the penalty tax.

Boosting Outsourcing.  SMB’s should look for niches where a company of 49’ers could provide outsourced “back office” or “technical” support to other companies of 49’ers.   Any small business function can  be outsourced, such as payroll service providers, collection companies, technology suppliers, lease administration, insurance administration, HR administration, anything that a small business needs.   This will boost the “business services” economy.   Outsourcers might hire the involuntary part-timers, if needed, or just use more SaaS “web-enabled” tools for administration.  

Management of Projects and the Services Supply Chain.   SMB’s need to develop skills in partnering with others.  Such skills will allow strategic alliances to form.  The integration of a microeconomy of “49’er enterprises “ will involve project management training and tools so that unrelated companies can work as a team competing with larger enterprises.

Globalizing the SMB Workforce.    Under ObamaCare, SMB’s have been invited to globalize their workforces.  If the cost of “unnecessary” health insurance coverage is excessive, SMB’s can set up offshore offices, which can help both increase revenues and reduce costs.  Too bad this could come at the expense of local employment in the US.

Automation.   Automation can reduce labor.  The Affordable Care Act just made robots and software more affordable, comparatively. 

Web-Based Teams.   To cover greater territory, teams can be split into modules and assembled across the country.  Big services firms use webinars and videoconferencing.  SMB’s can survive with more geographical dispersion of staff (particularly in sales) while retaining core skills that can be deployed instantly without transportation.

Optimization by Shifting Societal Costs.  The resulting outsourcing, offshoring, part-timing, de-scaling and horizontal integration will have a societal cost.   But, until the law is changed, this is what the law encourages.  Nimble entrepreneurs will fill new niches, and savvy family businesses and new ventures will avoid hiring unless it drives core business revenue.  Everyone will be more specialized to remain small, nimble and niched.  

Pigeon Power!

Why establish your startup in France?  Why invest there?  

On April 12, 2013, the French government reportedly rejected Yahoo’s bid to acquire 75% of a leading video sharing website Dailymotion, owned by Orange, a subsidiary of France Telecom, S.A.  The ostensible reason was that control of a crown jewel of French Internet startups should remain in France.  No great French Internet company should lose its French identity.  The French government owns a 27% stake in France Telecom, S.A.

This result will only harm the French economy by encouraging French entrepreneurs and SMB’s to seek venture capital, growth opportunities and technologies outside of France.   This comes after a year of hostile words by Arnaud Montebourg, France’s Minister of Industrial Renewal  (“productive renewal”) against foreign steelmakers and others who might bring in foreign investment and foreign business methods for French industry.  It will deprive Dailymotion of capital investment needed for sustainability and growth.

Having studied, lived and worked in France, and as a tech business lawyer in New York, I offer my own lament to French entrepreneurs and SMB’s in their own tongue.  (If you only studied French in high school, try www.translate.google.com for a breezy translation.)

Où bâtir votre startup français?   Evidemment, la France ne vous accueille pas. 

C’est ça le message du gouvernement de François Hollande, dont le Ministre du Redressement Productif Arnaud Montebourg a refusé le 12 avril 2013 de permettre à la startup Dailymotion de se vendre le contrôle à Yahoo, Inc.  Le Ministre aurait permis la vente de 50% mais pas le 75% convenu entre la « startup » vedette française Dailymotion (fondée en 2005) et Yahoo. 

Quelles seront les conséquences de la « fin du capitalisme libre» que M. Montebourg a annoncée en 2012 ?  

D’abord, les entrepreneurs français (et leurs investisseurs, comme les « anges d’affaires » (Business Angels) et les fonds de capital risque) vont croire que les subventions et certaines baisses prioritaires de taux d’impôts, récemment annoncées en France, sont illusoires.  On va conclure qu’il vaut mieux établir les moteurs de croissances dans les pays étrangers des « Pigeons ».   L’Ireland, le Canada et, bien sur, les Etats-Unis vont les accueillir avec des visas d’entrepreneur, de startup, d’investisseur et de commerçant.  Sous Hollande, la fuite des cerveaux, des jeunes et des PME va s’accélérer.  Même s’ils ne se délocalisent pas personnellement pour des raisons de famille, les PME pourront établir des sociétés affiliées étrangères dans de tels pays d’accueil, où il trouveront du capital risque (venture capital), des marchés, des taux d’impôts raisonnables et le droit du travail plus équilibré que devant les tribunaux de Prud’hommes. 

Ensuite, déprimés par un dirigisme protectionniste en France, les prix de vente pour les PME français vont rester en dessous des niveaux atteints normalement dans d’autres pays.  

Enfin, au lieu de préserver la façon de vivre, et de protéger les mœurs et coutumes français, ce gouvernement de François Hollande va vider la France des personnes qui auraient soutenu autrement sa place de leader dans les économies européennes et mondiales. 

Et je ne parle as des obligations de la France d’ouvrir des portes à l’investissement étranger sous la convention de l’OMG (WTO) sur les investissements portant sur le commerce international.   Non, je me tais.  Je ne veux pas condamner la France du non-respect de la lettre des lois.   Montesquieu m’a enseigné quand même « l’esprit des lois. »

In short, look around.  Chercher le business là où vous êtes bien accueilli. 

Could an International Trade War on Privacy Rights for Online Businesses be Heating Up?

Privacy and data protection are synonymous with the “good life” of e-commerce, when online businesses are free to use consumer data with little restrictions.  But with technological advances and the explosive growth of e-commerce, this area invites extraterritorial regulation by foreign governments across borders.  I’m concerned that this web of web regulations will be totally inconsistent, unmanageable and lead to significant costs and lost opportunities for e-businesses.  Consumer protection should not become a mandate for imposing bureaucracy and “free” content management services.

EU Harmony.  In January 2012, the EU announced proposed reforms to its 1995 data protection rules in order to further strengthen online privacy rights and regulate the enormous growth of data collection and processing over the internet in this age of mobile and social computing, the Internet of Things, Big Data and related analytics.  In short, these reforms proposed:

• a single set of rules to apply across the EU and its administration by a single national data authority within the home EU country with the power to impose fines for non-compliance. 
• In addition, EU people will have greater privacy rights, including the “right to be forgotten” and the “right to port their data” across service providers. 
• EU rules would apply in cross-border transactions for companies in non-EU countries handling services to EU citizens.  Any serious data breaches would have to be reported to authorities as soon as feasible within 24 hours.  Additional costs would be incurred by businesses.

Since then, some EU member nations, major tech companies and other countries have criticized the proposal as being too restrictive and a burdensome expense for (especially small) companies..  Nevertheless, the EU continues to move forward with an amended draft likely to happen later this year with the objective of implementing a Regulation governing its member nations in 2014.

American Federalism:  A Hodge Podge.   In contrast, American federal laws (see https://www.cdt.org/privacy/guide/protect/laws.php) are generally weaker than European and other countries’ laws in the field of consumer protection for data privacy and the “private life.”  A year after the Obama administration called for a draft of a consumer privacy bill of rights, none has been completed or made public.  There are no baseline privacy laws protecting consumers. Instead there are sector specific privacy laws and self regulated company privacy policies; consumer privacy laws vary by state (see http://www.ncsl.org/issues-research/telecom/state-laws-related-to-internet-privacy.aspx).  Those who support this hodge podge of laws insist that these methods encourage free commerce and growth of online businesses.

New Balance: International Agreement or International Chaos?   There is no free lunch.  My concern is that privacy laws will be so onerous, complex and confusing that it will balkanize the Internet, preventing cross-border transactions and increasing the hurdles for Internet entrepreneurship of small and mid-sized businesses.  Consumer protection and data privacy laws will conflict with business, adding costs that will have to be passed along to the consumer in the form of higher prices, more advertising per view, and less innovation.  Should the EU adopt its proposed reforms independently, American companies could find themselves subject to EU regulations when conducting cross-border transactions with EU citizens even if there is no conflict with American laws. 

I believe that every nation should have “baseline” privacy rules, including the US, but I wouldn’t go as far as the proposed EU reforms.   Businesses and/or consumers alike have a:

• Right to know what data is being collected and aggregated about them

• “right to be forgotten” but only where the user pays the cost of undoing what the user posted “for free”
• copyright in posted content and a right to transfer one’s post to other providers, for a reasonable porting fee
• right to know what data is known by a service provider and the right to correct it.

The US and EU are set to begin negotiations for a free trade agreement June 2013.  Hopefully common agreement on data protection and privacy rules will be a part of it.  More on this subject later.

Visa Reform: Cutting Back on H-1B and L-1 Body Shops

Does your workforce depend upon foreign labor? If so your workforce planning may suddenly be changed.

On March 18, 2013, Senator Charles Grassley (Republican, Iowa) introduced a “50-50” visa bill to promote hiring local U.S. workers.  One section would require companies with more than 50 employees to limit their number of U.S. employees on H-1B or L-1 visas to 50% of its workforce.  This would apply to both domestic and foreign companies with American subsidiaries.  In short, 50% of the workers employed in the U.S. would need to be American citizens or green-card holders. 

Such visa legislation would attack foreign “body shops” that rotate contractors to the U.S. in support of global sourcing.  Aside from targeting India, a 50-50 quota bill would also hurt foreign businesses from Western Europe and Latin America that send technical staff in management consulting and business change management to the U.S.  It would hurt smaller foreign companies that depend on foreign staff as they grow into the US market.

Will a 50-50 quota really increase U.S. employment levels for technical workers?  I see several scenarios:

• Yes, it promotes local hiring to replace foreign contractors.  (This assumes you can find the right talent here.)

• No, it encourages U.S. companies to set up foreign “vendor management” teams to manage foreign workers in offshore service delivery centers.

• No change.  In the short run, it will reduce utilization rates and operating profits of foreign service providers.  Over time, nothing will stop globalization.  Businesses will find a way to deal with this by more video conferencing and online collaboration tools.  Affected foreign service providers will hire more U.S. sales people (as well as technical personnel) to meet this quota.

• It’s irrelevant.  Foreign countries with existing “friendship, commerce and navigation” treaties are entitled to “most favored nation” treatment.  So they will lobby to eliminate such rules, or they could threaten retaliatory visa action against U.S. expatriate employees in foreign subsidiaries. 

In my view, this measure would not survive long, and it highlights the need for a comprehensive immigration reform that invites foreign technical workers (“STEM” – science, tech, engineering and math) to become residents and citizens.   

What do you think?

The Hot “New” Value of Copyrights for SaaS and other Software Apps

What’s the most cost-effective, practical way to protect intellectual property for your cool mobile app or your SaaS e-business?   The answer just changed as of March 16, 2013.   

Since this date, getting patent protection became harder.  Now, the first inventor to file a patent application will be recognized as the inventor of this U.S. patent, and the “first to invent” priority rule will no longer apply under the America Invents Act, enacted September 16, 2011.  A number of other changes became effective as well:  “prior art” now includes foreign publications.  In short, getting a U.S. patent will require more vigilance and investment in the patenting process.  And enforcing/defending a patent could still cost over $1.0 million or more. 

So is now the right time for a resurgence of copyright applications for software to protect intellectual property rights?   Yes, perhaps.  While copyrights cannot replace patents as a legal monopoly, for the smaller business or entrepreneur with limited funding and wanting a quick certification of ownership, copyright offers a simple, cost-effective solution. 

Unlike patents (which protect innovative ideas), copyrights only protect the particular expression of an idea, such as a story, or a software application.  There is some room for additional copyright protection against plagiarized “derivative” works, but not much, since the author of the “derivative” work need only show a minimal level of originality to defeat a claim of plagiarism. 

But, copyrights still have a lot of value.  A copyright owner can prevent others from copying and marketing clone software or even a clone product catalog.  You don’t need to register to own the copyright, but registration helps with enforcement.  The owner of a registered U.S. copyright can sue for damages and collect attorney’s fees.  (Owners of trade secrets can only sue for damages and normally cannot collect attorneys’ fees).  And you can register the copyright with U.S. customs authorities to prevent the importation of infringing products.  All this is a powerful incentive for preventing knock-offs.  The U.S. online copyright filing fee is only $35 per basic claim of authorship.

But, done wrong, registering a copyright can risk losing trade secret and/or patent rights.  If you deposit a copy of your source code for the app with the U.S. Copyright Office, it risks making public your confidential secret sauce, which would normally defeat trade secrecy and could endanger an unfiled patent application.  Done right, however, your copyright registration can avoid that risk by careful planning and limited disclosure of the secret sauce. 

Your copyright registration program should fit within a more holistic overall program to protect intellectual property including trade secrets.  The copyright deposit materials could be machine-readable object code, so that it becomes indecipherable without an operating system and a computer language.  Or the deposit materials could be fractions of a printout of the code.  All you need to do is prove that it compiles, and do it in a manner that prevents anyone from decoding.   Special rules apply, though, for apps that are derivative works or include some open-source components.

For low-cost and high legal value, copyright registration may become the method of choice for entrepreneurs and small app developers.   Patents should still be pursued as a defensive measure, but copyrights can be an important part of the plan.