Story Highlights

Indian enterprises often find themselves at the receiving end of anti-piracy tactics deployed by software biggies such as Microsoft, AutoDesk and Adobe

In several cases, companies using licensed software are approached repeatedly on compliance audits by third party firms such as KPMG and PwC

The rise software asset management and compliance audits, coming at a time when legal IP challenges are falling in the country, aim to boost sales, allege insiders and targeted companies

Early in 2015, Nakul Kumar, co-founder of Cashify, an online marketplace, received an email from a Microsoft anti-piracy team representative. It talked about an audit for software asset management, or SAM. It was a simple form on the number of software licences the company had.

Kumar agreed and sent in the details.

But then it got to a point, where the communications with the auditors started changing: they got threatening in their tone with emails and calls alleging that Cashify, which at that point had 30 employees, was using “100 unlicensed Microsoft software”.

After a series of emails, later in 2015, a KPMG representative – the consulting firm was representing Microsoft – came visiting Cashify’s Gurugram office. The person did not have a legal notice or anything that would justify an unwelcome intrusion and Kumar’s team did not allow the representative in.

“Maybe he looked at the small size of our office and realized we are not big fish,” recalls Kumar.

But the emails and calls did not stop. Kumar, who was aware of such similar incidents with startups elsewhere in the country, first used personal connections in the company to get out of the situation. But when it became a bi-annual affair, he sent a legal notice to Microsoft.

“I had an eight-member tech support team and when you are a startup focusing on growth and cost-cutting, licensed versions of software is not your top priority,” says Kumar of his early days. Gradually, Cashify completely moved to Linux, the open source operating system.

Then, this April, when he received a similar email from Adobe to schedule a visit at his office on a day’s notice, Kumar was more prepared. He identified the machine that had downloaded a version of Adobe and deleted the software. His IT admin then installed a firewall on the office network to prevent employees from downloading any pirated software.

SAM audits or software licensing audits by companies such as Microsoft, Adobe, AutoDesk, among others, is not uncommon or new. (Microsoft also has something it calls “compliance audit” to protect its intellectual property rights.) The software companies promise clients savings by optimising the number of licences deployed but the experience of users are different (see here, here, here, and here) – with complaints of harassment and coercion. There are even blog posts with advice on how to handle an SAM audit or what to do when you receive a compliance email from a software giant.

To be sure, India does have a huge piracy problem. It, for instance, is one of Microsoft’s biggest markets in Asia. Yet, over half of all software installed on computers in the country is unlicensed, according to advocacy group Business Software Alliance, or BSA. A June 2018 survey report by BSA indicates that the rate of unlicensed software installation in India was 63% in 2011, 60% in 2013, 58% in 2015, and 56% in 2017.

With good reason: pirated copies of software are way cheaper in the country than licensed versions. You can buy a pirated compact disc of Microsoft’s Windows 10 for under Rs 150 in a neighbourhood market – compared to the $130 (or nearly Rs 9,000) an original licensed version costs online.

The BSA report indicates that commercial value of unlicensed software in India was $2.93 billion in 2011, $2.91 billion in 2013, $2.68 billion in 2015 and $2.47 billion in 2017.

“Software piracy is a big concern in terms of IP protection and security of data and software,” says Rama Vedashree, CEO of Data Security Council of India. “Unlicensed software that do not undergo regular patch updates that protect them against security bugs are more vulnerable to security attacks.” By IP, she is referring to intellectual property.

“India is on the path to be a large global technology hub and, hence, protection of IP and encouraging people to use genuine software should be much broader campaigns,” she added. She did not want to comment on the audit practices of the large vendors. “As an industry body, DSCI does not track specific vendor-customer cases.”

Piracy down, sales up

It is not the head-on battle by the software vendors against piracy – it’s been a battle of over two decades in India – but the coercive tactics employed on their behalf that is attracting attention and has experts like Vedashree stepping back from commenting on the drive.

One ex-Microsoft senior executive says it was an open secret in the company that the primary reason for SAM audits was to boost sales and meet revenue targets at the company. This person did not want to be identified.

Someone who has experienced it says as much. “It’s a regular pattern,” says Manish Sharma, founder of print retail chain Printo. “The audit and compliance emails usually start doing a lot of activity a couple months before the closing of a financial year.”

Recalling his own experience, Sharma says that he was “borderline abused” by an AutoDesk representative who came down to his office at Bengaluru to audit systems to check unlicensed versions of the AutoCAD software. The person arrived without a legal notice to conduct the audit. In an unrelated decision, he bought licensed Microsoft software after repeated calls and emails from its representative.

“You would expect a company like Microsoft to at least acknowledge that the compliance activity has been successfully completed if you go ahead and buy licences,” he says. He received none and believes that SAM audits are but sales-driven activity by Microsoft. “To call it IT compliance is a bit of sham.”

Says an architect firm founder of the audit on him: “…there was no written communication from the company. Everything was going on on phone calls.” While consulting with a lawyer friend later, he got a call from a local dealer who said he was already aware of the incident and pushed him to buy the software.

While companies and CEOs in tier-1 cities seem better equipped to deal with software vendors, not everyone is equipped to handle such incursions.

For the founder of an architecture firm in a Kerala city, the whole experience got out of hand within days. He tells us his story of late 2014 asking for a promise of anonymity. His firm, he says, had two computers and two iPads as office infrastructure and was using two unlicensed versions of AutoCAD design software at the time. AutoCAD software costs a pretty dime in India – nearly Rs 66,000 for a single computer annual licence.

This founder was approached by a local software dealer with a discounted price on a licensed version of AutoCAD. The dealer asked for the number of software versions the architect firm was using to be able to offer a better discount. The discounted price didn’t make much difference and the founder decided to not buy the software, despite repeated calls from the dealer.

A few days later, a man who said he was there on behalf of AutoDesk, the owner of AutoCAD brand, landed up at the founder’s office while he was away. A clueless employee, upon being questioned, revealed that the company used AutoCAD on two machines. The founder says he then received a call from an auditor asking him to buy licensed versions of the software or face legal action. “Up until that point, there was no written communication from the company. Everything was going on on phone calls,” he says. While he was consulting with a lawyer friend on the issue, the founder says he got a call from the local dealer who said he was already aware of the incident and pushed him to buy the software.

“There’s only one local dealer in the city for selling these (design) software. He keeps tabs on companies and their requirements and also tips these auditors. There’s no other way he would have known about the incident,” the founder said.

To avoid getting into trouble, the founder says, he ended up buying different software licences from the local dealer for around Rs 5 lakh.

FactorDaily reached out to AutoDesk with a set of questions but the company declined comment.

Hurriedness = Shabbiness

Though the problem is well known and common in the technology companies ecosystem in India, incidents like these are usually not something companies like to discuss up front. Arpit Agarwal, Principal at venture capital firm Blume Ventures says that large companies take advantage of the fact that smaller startups that are scrappy in nature and presumably use some unlicensed software can be targeted for such audits. Venture-funded startups that are in more limelight than peers and answerable to investors are an easy target. (Disclosure: Blume Ventures is an investor in Sourcecode Media Pvt Ltd, which owns FactorDaily.)

“Every quarter, a quarter of our portfolio companies get a notice from one of these large companies for audit,” says Agarwal. “Venture capital funded companies are probably easy to target because these companies are well known and supposedly want to operate in a clean manner.”

The data that the auditors have on for the SAM audits look put together shabbily. Ankur Agarwal, founder of Pricebaba, a Mumbai-based product search platform, says that even though the representatives claim that they received the data (about his company and the number of unlicensed software versions) from Microsoft, he realised it was a bluff because the data was inaccurate. Agarwal says in his blog post that at the time of the incident the company did not have any unlicensed Microsoft software, with most of their operations being on cloud or Ubuntu, an open-source operating system.

Some of this could be the result of poor quality research by independent investigators working on behalf of Microsoft. The company has said in court documents that it did engage “private investigation” services. In one such investigator’s report reviewed by FactorDaily, the modus operandi is detailed: research on the internet (company websites, ministry of corporate affairs filings, other sources), phone interviews with personnel of the company targeted, and even field investigations.

In a SAM incident this March that was fought in the full glare of social media, Vinit Goenka, a member of the Bharatiya Janata Party and a governing council member, CRIS, the ministry of railways, complained against the Microsoft and KPMG when an employee of the latter “barged in” to his Mumbai recruitment firm without an appointment to check its software.

After Goenka’s company Ratein Infotech did not give in to the emails and calls from Microsoft for an audit request, it got a response saying there will be an onsite review. “Onsite review is as good as a warrant issued to search your house. This can only be provided by a magistrate,” Goenka says. Regardless, the KPMG representative working in the risk advisory team of the audit and consulting firm, landed up at the Ratein office saying he wants to conduct an audit.

The office, which is in a residential building, had only three women employees at the time, says Goenka. The KPMG executive, by Goenka’s account, was rude to Ratein employees and also tried to insert a dongle in one of his company’s machines. That’s when the women employee threatened him that the office is under CCTV surveillance and the actions would bear consequences. “One of the women employees then called us and told what happened. We told the guy that if you have entered our premises without a magistrate or a warrant, it is illegal,” recalls Goenka.

The KPMG executive later emailed an apology to Goenka, with his boss at KPMG on copy, apologising for trespassing. The executive, who offered to resign in his email to the BJP functionary, declined to comment when FactorDaily contacted him.

As an apology, Ashutosh Chadda, Microsoft’s group director of government affairs and public policy in India, wrote to Goenka: “This seems to be a gross breakdown of process at KPMG and, believe me, has absolutely nothing to do with the issues around Data Sovereignty etc.”

KPMG denied Goenka’s allegations. “The allegations of trespassing and the suggestion of unlawful action are inaccurate as the visit was made to the customers’ registered office to establish contact, pursuant to repeated attempts to contact the company for a visit. We further wish to clarify that the resignation of the KPMG employee was involuntary and, hence, KPMG has not accepted the resignation,” a company spokesman said on email.

Goenka has filed a case in the Supreme Court seeking a ban on Microsoft products in India pending investigation into whether the company has violated the fundamental rights of privacy of users.

Microsoft’s SAM audit process involves finding data about its software users from public sources and data available across its vendors and resellers. Based on this data, Microsoft identifies the list of companies that uses its software and engages with them to make them software complaint. The company also authorises third-party providers such as KPMG and PwC to conduct audits.

In several cases, though, the companies that FactorDaily spoke to complained that the information alleged by an auditor and generally passed over a phone call was incorrect. While in the Cashify and PriceBaba instances, it was slightly not grossly wrong, the case of Sachin Paithankar, founder of Imperative Business Ventures, Mumbai, the information was way off the mark — as late as earlier this year.

Paithankar, who offers consulting solutions to banks, says that his office computers had only genuinely licensed software installed on them. “Unless we have all genuine software, no bank will work with us.” Yet, he says, he kept receiving emails from PwC and Microsoft starting early 2018 to engage in an audit for compliance only on suspicion that the company used pirated software. He kept ignoring them until the calls took an edgy tone and got under his skin. He filed a police complaint against Microsoft and the agencies it had contracted for the audit. FactorDaily has seen a copy of the complaint.

PwC declined official comment.

“What I want to understand from large software companies like Microsoft is how come their sales records are not synced with software asset management team,” Paithankar says. “Why should I allow an unknown party to enter our premises forcefully and breach the data security agreement we have signed with our customers, even when we have the evidence of 100% genuine software purchase.”

In an email response to FactorDaily’s questions over these incidents, Microsoft said: “Microsoft and its partners follow all local laws when conducting business in India. When a customer complains to us about a process issue they may have experienced, we take the concern seriously and address appropriately through process review and gap assessment and remedial action, when necessary.”

The company also claimed that “Microsoft India has de-emphasized legal enforcement-based licence compliance over the last many years considering the growing relevance of engagement-based SAM programs to the benefit of our customers.”

What does this even mean? Read on.

Court orders for audits

As a part of a software management audit, companies like Microsoft go through the legal route. As per Delhi High Court order documents accessed by FactorDaily, in many cases, Microsoft, or the plaintiff in question, engages a law firm to obtain an ex parte ad interim injunction against a company that uses unlicensed software versions. This injunction is received from court on basis of “discreet enquiries after which they learnt that the defendants and their related parties are using the above software programmes of the plaintiffs,” as per court order documents.

An ex parte ad interim injunction is a court order that allows a party to temporarily refrain the second party from access to property/objects in dispute, without hearing the version of the second party.

In a few court orders posted on Delhi High Court website, where Microsoft obtained an ex parte ad interim injunction against a company, it also appealed for obtaining the right to take into custody computers and storage devices where unlicensed software was to be found in the audit and seal it.

The audit is conducted by Microsoft through representatives and technical experts along with a court-appointed commissioner (an advocate) who receives between Rs 80,000 to Rs 100,000 as fees borne by Microsoft, according to the court orders reviewed by FactorDaily.

“Ex parte orders are generally reserved for property related disputes in cases where it gets extremely difficult for a party to function properly and it makes a case to generate an ex parte order against the other party,” said a Delhi lawyer familiar with the way these case filings are made and asked not to be identified in this story. “Ex parte orders in software copyright and licensing issues are neither rare nor legally incorrect, but ethically it doesn’t make sense to get an ex parte order where you seal the machines of the accused under the guise of preserving evidence for trial and bring their entire business to a halt until they settle the dispute.”

Also, the lawyer adds, the cases often don’t even go into trials. Per Delhi High Court records researched by FactorDaily, 31 of 48 cases in 2013 ended in a compromise, 20 among 33 in 2014, 12 of 22 in 2015, three of eight in 2016, and two of two last year.

Abhinav Singh, managing director of Noida-based Cogent e Services recalls receiving one such order in May 2016, when after repeated calls and emails, Microsoft representatives arrived at his office, with 10 PwC employees, a commissioner, and an ex parte court order.

“The audit went on from 11 am in the morning to 6 am next morning and at the end of it, the representatives sealed almost all of the machines,” Singh told FactorDaily. He says at the time his office had around 1,200 machines running Microsoft software. The company offered him for an out of court settlement by paying Rs 6 crore. He ended up paying Rs 5.5 crore worth of licensing cost to buy genuine Microsoft software. His business, primarily customer support as a service for clients such as Flipkart, Airtel, Idea Cellular, and Tata Sky, was badly hit for the over two weeks.

According to the data on the Delhi High Court website, Microsoft alone has filed 48 cases in 2013, 33 in 2014, 22 in 2015, eight in 2016, and two cases in 2017 — illustrating the “de-emphasized legal enforcement-based licence compliance over the last many years” that the company spokesperson talked about.

Autodesk and Adobe have registered around 21 cases since 2013.

Adobe India initially said the company will respond to questions emailed by FactorDaily but had not done so at the time of publishing this story.

The data from court records also revealed that settlement made in these cases often ended in the defendants paying anywhere between Rs 1 lakh to Rs 6 crore to Microsoft.

In several cases reviewed by FactorDaily, the companies in question were not headquartered in the capital but the cases were filed in the Delhi High Court. Examples: a case by Autodesk against a Hospet-based firm or the case against a Chennai engineering firm or Microsoft versus Ludhiana-based steel company or the case on Kolkata’s Ranjit Rai Jain of RS software filed by Microsoft.

Data on the websites of Delhi, Mumbai, Calcutta, and Karnataka high courts reveals that in 2014 and 2015 there were total 55 cases filed by Microsoft in Delhi High Court related to software licensing. But in the same years, there were no cases filed by it in Mumbai and Karnataka High Court and just one case filed in Calcutta High Court.

Some known names in these cases include Rattan India, a BSE-listed mining company, Sunil Pandurang Mantri of Mantri Builders, and even Delhi’s Newgen Software.

The practice is changing, however, thanks to a 2015 judgement regarding copyright violation which stated that the if a plaintiff holds business in the city where the copyright violation has occurred, the case should be filed in the same jurisdiction. This meant that a Mumbai-based company accused of using pirated software in that city, where Microsoft, too, has an official establishment, could not be dragged to the Delhi High Court.

Since this amendment, the number of cases filed by the likes of Microsoft, majority of which were filed in the Delhi High Court, significantly dropped.