Reading between the lines, it sounds like the Navy insisted that the phone-home mechanism was removed, either for confidentiality/DLP concerns, or because it can be a bit of a challenge to perform an online activation from the middle of the Pacific ocean.
Bitmanagement were happy to accommodate their request on the expectation that this would be a contract for hundreds of thousands of licenses, but it seems the Navy then proceeded to go live despite never purchasing any licenses beyond the original 38 they purchased to trial the software.
Why do they think they needed 38 licenses to install unlimited copies? That's stupid... one license you can confuse maybe, but if you have more than one there are obviously terms. If BM failed to put that in writing, they are stupider.
Quite possibly, the 38 licenses was the number deemed necessary, after negotiations, for the purpose of a limited trial. It usually goes something like "OK, we need 20 licenses for the lab, 6 for the devs to use when integrating with XYZ and a further dozen for demos, laptops and some flexibility in testing."
Most small ISVs would deeply discount or otherwise sweeten that deal with the expectation of negotiating a large scale site license once testing is successful. 500k seat would probably be discounted drastically to something like 10m $ / year (BS Contact seems to sell for 300 euros / license.)
Certainly in my experience of working with vendors, that deal would not only be sweetened, but we wouldn't even consider entertaining the idea of paying anything for such a trial. It would be considered a proof of concept and we'd want to be able to play with it until we were happy.
Of course, if we got as far as asking you to remove copy protection, then we're probably way past PoC stage and into serious contract negotiations.
I can't help feeling like both parties probably allowed this to happen because they felt it would improve their bargaining position. The Navy possibly felt that by dragging out the negotiation until way after the live deployment is complete, they can keep BS waiting until they go bust or accept a lower price. BS know that once the software is out there with no further negotiations about price, they're in a solid position to charge the full amount, which they can legally enforce if necessary.
Then invoice time comes around, the two parties are at completely opposite ends of the spectrum in terms of pricing, and here we are.
Using a central license server can be used to license the number of concurrent users. I've installed software on thousands of computers as part of a base image that only had 25 concurrent licenses paid for. The usage pattern meant that we rarely exceeded the number of concurrent license, but the software was widely used enough that it made sense to deploy everywhere. In the end we also asked for the limitation to be removed because of several issues (eg; the check out process for off-network usage was cumbersome and locked up licenses for too long, the license server wasn't great at releasing license and we'd frequently have to manual release them). After monitoring our usage over a period of time the software company agreed that removing the license server was the best option to address the issues. I have no knowledge of this case, but this is one scenario where the number of licenses would be so much lower than the number of installs.
Agreed. I was responding to hashkb as to why they might think they could install it widely without having more than 38 licenses. It also seems like a valid reason to ask for the phone-home mechanism to be removed without malicious intent to subvert licensing restrictions.
One thing is _allowing_ installation by removing DRM/copy protection of the software and a different one is licensing such software.
Looks like the navy first tried the software on their lab / pilot deployment. That will explain they bought 38 licences first.
Then, they wanted to use the software on live systems; but they weren't able to do it.
Why?
Probably the product activation needed internet access and that's not feasible for a military setting (in the worst case scenario it could be used as an attack vector to gain control of the installation).
I am just guessing.
I bet the Navy installed by mistake the 558K copies of the software because someone without the right information copied the files into an image server and...
I'm a big fan of trying to imagine reasonable possibilities and giving both sides of any story I hear the benefit of the doubt.
But, in this case it's hard for me to think this is a mistake when the Navy's own argument is that it was intentional because they feel they had the right. A mistake like that may actually be defensible in court, and there would likely even be logs on the Navy-public server, not to mention logs of the communication that spread some kind of internal viral download -- half a million installs don't just happen without people talking.
Mistake or not, they are liable.
Remember kids, don't just ask: Is this software licensed?
If yes, ask then: Is this software licensed enough?
Then you can install it.
Absolutely right. But, on the flip side, this may be the situation the contractor wanted. Based only on the info I have, I'd speculate it's possible the contractor knew about the large number of installs and even pushed for that along the way.
According to this short article, the contract they were hoping for was truly enormous. There's certainly incentive for the contractor to let the Navy install as many copies at it wants to use, because the more the Navy wants the software, the higher likelihood of big money. Whether the Navy pays for it first, or gets itself in a bind and ends up on the hook for fees, either way the contractor gets a lot of money.
"We bought 38 licenses for $x and asked the company to remove the lock, so they clearly allowed us to install it 100.000 times" doesn't sound really convincing.
If it was really agreed that the software would be installed on so many computers, I'd simply expect them to issue 100.000 licenses.
Sure, that answers the question of how many licenses they have and why. But it doesn't answer the question of what rationale could be used to think that 38 licenses would be good for 100k installs.
I worry about this type of non-consent when accepting IP through an intermediary, e.g., full movies on YouTube. How am I supposed to know if the content distributor secured the right license for my jurisdiction? Is that on me?
From a legal perspective, how is this ambiguous situation different from more sketchy operations like bit torrent?
Not a lawyer, but I think this case is well covered, at least in Europe. Users can't be held responsible when the offer looks legit and the average person couldn't tell that it's illegal.
Now what would be really interesting is a web torrent site that looks professional and broadly claims to be a legit service funded by ads. Right now, that would be a legal loophole. Not that it prevents right holders from sending cease and desist letters, but they'd be legally void.
YouTube is like passively watching TV. You can't be expected to know if the Cartoon Channel has properly licensed all of its cartoons. BitTorrent is different because the consumer is also a distributor, although the process is so streamlined that users often don't realize what they're doing or the significance of it.
Just guessing what happened, I am inclined to give Navy the benefit of the doubt.
Having worked with and sold stuff to the US military, there are shady contractors who will intentionally try to fuck with and take advantage of how purchasing works and how projects are managed to milk it for profit. Sometimes with contract "gotchas" like these.
I have seen it too many times. And now they want 150k / infringement for $550k copies? That's what $82B? I smell bullshit based on my previous experience there.
Even if by chance their lawyer screwed up so badly that a single license is not "limited" (as the Navy claims) and legally allows them to use it on any computer (I really, really doubt that), it leaves the issue of violating the spirit of the contract.
They knew the company expected them to get a licence per machine (they got 38 of them already!) but they failed to obtain them before installing them on a number of machines.
The article may be using the term 'machine' differently than what the HN community is used to.
In the Army we used similar technologies for planning, and the technologies were kept on SECRET computers that could only connect to the SIPRNET (an intranet for secret material). Because of the nature of the work we used to wipe and reimage the HDD's frequently (in training environments it was wiped and reimaged after each training session). I image each of those wipes/reimages might count against the 558k count of infringements.
That would depend on the licensing then. While many products do (still) get licensed and tied to specific machines, it's typically considered that if you have X licenses it means X simultaneous installs or X simultaneous active users (that is, I can have it on two machines that I primarily use, but I'm only using one at a time so a single license may be ok, again depending on terms).
If there were merely 558k non-simultaneous installs, this would be much easier to resolve.
The article is very non-specific. They may have distributed a runtime on a base image or the full application after the product went through a security review.
I had a case a long time ago where the sales organization for a company agreed, in writing, that they would meter usage based on sign-ins on the server, not installs. Long story short, the sales teams get laid off and the attorneys move in and want to be paid for each install. They lost and lost a bunch of recurring and future revenue as well, as we scoured our substantial install base and read a statement prepared by counsel to the 5 reference calls that resellers sent our way. :)
Having worked at a place which sold software to TLA's among other customers, I heard (let's say) stories of those agencies being able to pirate software at will. The main reason is that they are installed on secure computers, physically disconnected from the Internet at large, so there was no way to phone home in order to detect if more than one copy was using the same key.
Explanation of the most probable reason for the removal of the phone-home mechanism.
Virtualization technologies are most often used in classified environments for planning purposes. Computers used in classified environments are designed to be connected to the SIPRNET[1] and never see the NIPRNET[2]. The phone-home mechanism would never have been able to function and might have caused issues with the functionality of the system.
It obviously will be settled. The Navy could keep using that software for a while but the developer won't update and maintain it for them unless they get paid something. It's going to be useless in a few years, obsoleted by new software. On the other side the developer wouldn't want to lose such a large client, especially to a competitor. They'll agree on $omething, there was a misunderstanding, and business as usual.
The problem with F/OSS in the DoD is supportability. If the software is fielded, there has to be someone (person or company) that's on stand-by that is available to support the product. This includes code maintenance and information assurance. There's a constant fair amount of personnel turn-over but the information and personnel to support the fielded software should be readily available.
> The problem with F/OSS in the DoD is supportability. If the software is fielded, there has to be someone (person or company) that's on stand-by that is available to support the product.
So, hire someone? This is basically what RedHat does. F/OSS doesn't mean you can't pay people to support it.
Thanks for the downvotes without any explanation. F/OSS would not have issues like this. It would provide the Navy with software that doesn't need to have it's "phone-home" mechanism removed.
I'm not absolving the Navy, just putting forward the point of view that these types of software problems don't need to happen.
I did not downvote you, but I think the others may be downvoting you because there simply isn't F/OSS software available for many things - including, I believe, advanced VR. So F/OSS point is moot as it wasn't an option..
They could have commissioned it. How much was this ruling and how much were the licenses they did pay for? We're starting to get to the point where it isn't necessarily cheaper to purchase.
The Navy also has quite a bit of clout; they got this vendor to remove DRM. If the government insisted on F/OSS, there would be vendors waiting to write and support it.
If the lawsuit actually ends up costing billions or hundreds of millions, they could have funded an open VR project on a scale larger than all of Ubuntu instead.
No, but they were probably planning (originally) to license the software. Maybe not at the full $1,000 retail or for 550,000+ computers... I wonder how the software would compare to the commercial offering if they had hired 100 independent contractors at $150k to develop it in the open.
I'd like to know how the software vendor came to know about this? Maybe the software was accidentally pushed to all machines as part of the standard image or maybe it was deliberately pushed to everyones desktop, and some whistle blower told the vendor?
What I take from this most is that I'm glad the ridiculousness of the DMCA is backfiring, even if the navy didn't have anything to do with it existing.
Accidental is not a valid reason, same as ignorance. Otherwise everyone could just say they accidentally committed a crime. That necklace accidentally fell in my purse, I was accidentally speeding, etc.
> Accidental is not a valid reason, same as ignorance
While this happens to be true in this specific case, as a general statement, it's misleading. It is true for copyright infringement because that is a strict liability tort, which means it doesn't require any particular state of mind ('mens rea'[0]).
Not all torts, and not all crimes, are strict liability. In your examples, if a necklace accidentally falls into your purse, that is not theft (in English law, anyway), as theft requires intent to deprive the owner of the thing[1]. Though once you notice it, if you decide not to return it, at that point it will become theft. Speeding, on the other hand, is strict liability (again: in English law, I don't know about US), as are most minor regulatory-type offences where it'd be difficult and impractical to prove intent.
(Also note: tort != crime. Copyright infringement can in some circumstances be a crime, but this is a lawsuit: the company is suing the Navy; the Navy isn't being prosecuted).
That doesn't change if they intended to do it or not, its a clear copyright violation never the less (given the facts in the article are avcurate). I'm curious about what they actually intended to do.
The type of copyright violation matters. Copies in the dusty recesses of a drive image are a lot more minor than it actually being used by a million people.
Bitmanagement were happy to accommodate their request on the expectation that this would be a contract for hundreds of thousands of licenses, but it seems the Navy then proceeded to go live despite never purchasing any licenses beyond the original 38 they purchased to trial the software.