Software company wins $154k for US Navy's licensing breach In 2016, The Register highlighted the irony of the US Navy being accused of being pirates after it was sued for making "hundreds of thousands" of copies of 3D modeling software without purchasing licenses. The Court of Federal Claims has now awarded [PDF] Bitmanagement Software GmbH, the German vendor of BS Contact Geo, $154, …
Worked for a company who sold software to military, intelligence and law enforcement agencies (CIA, FBI, GCHQ, MI5/6 et al). The software was protected by a physical dongle but customers wanted a 'more flexible, dongle free, licensing solution'. We spent about a year gathering requirements and testing various products before deciding on a really neat solution. We even spent £250K GBP on the product to get a royalty free distribution license.
Shortly afterwards, the company was bought by IBM who said: "We're IBM, we only ever rely on (the paper) license agreement." We then spent a bit of time ripping it all out, testing it and updating the docs.
Just a short 6 months later, our customers began to *beg* us to reinstate the software licensing system. In fact, they wanted *any* licensing system as they themselves couldn't guarantee compliance!
Of course, the former, neat solution was not acceptable to IBM and we were forced to use some cr4ppy, IBM mandated product. There were a few scenarios it didn't support but, by and large, it mostly did what the customers wanted ie avoid being sued by IBM
And that was the beginning of the problem.
You bought X number of installs ? You get X number of licenses.
You want to install more ? Buy more licenses.
As much as I would love to rip on the US Navy on this occasion, it's more of a global administrative issue. Administration is very picky about what the peons that it controls do, very much less on what happens inside its own walls.
So don't go and give them any slack. They get what they pay for and no more.
It doesn't need to phone home. Just verify itself against a key, or a dongle, or a number scribbled on the installation media. Some unique method of identifying individual installations.
If they'd deliberately and knowingly re-used license keys that would have been a completely different scenario to them copying software that had consensually been de-protected by the owner.
> "You bought X number of installs ? You get X number of licenses."
> "You want to install more ? Buy more licenses"
Nope. Not when it's licensed by concurrent use rather than installs.
They probably knew that only ~600 people would be in a position to use it at any one time, but not what computer they would be in front of when that time came. Thus install it on all possible computers, but have it licensed per user account.
Considering the fact that the computer might be in the middle of the ocean, with extremely limit comms, having no license enforcement is the only way to be able to trust that the software will be usable.
But the headline is "US Navy took software priced at $600Million, paid $0.15Mil."
1/400th of the alleged value. Yeah, should be a quantity discount, but $156K may be less than actual cost to develop and negotiate (nevermind litigate).
WHY would I as a software vendor ever deal with the US Navy? Most vendors keep "bad client" lists, buyers they will no longer deal with.
The Navy will get by because a decade is a long time in a software career, and the screwees have moved on to other fields, the new kids never knew this story.
ahh yes, let a populist demagogue shithead, offering simplistic solutions to real problems, take over the the government, and have rival kleptocracies squabbling over your country for the next several decades.
If only there were some lessons to be learnt out of all that...
And here is National Defense Industry Association news of the military, security and secret services' sweet G spot for targeting with abilities and realities/facilities and utilities that both titilate and satisfy/excite and quench all past and present and future needs and feeds and seeds ......... https://www.nationaldefensemagazine.org/articles/2022/11/23/jadc2-could-introduce-cyber-risks-at-unprecedented-scale ........... whenever unhindered by bindings expecting one to adhere to and follow any sort of rules and regulations.
That's that old chicken/egg thing again, isn't it, trailing the enigmatic power riddle which provides no easy ready or readily made solutions when questions are answered of it ..... Who and/or what is leading whom and/or what and to where and/or from what and to what ultimate end and great purpose, should there actually be one?
Who/What are you following and from where/whom/what are you getting your instructions and directions? Is it a Wild Wacky Western Confection or an Erotic Exotic Eastern Delight or a Quantum Convergent Concoction of Both Exercising a Novel and Noble AI Singularity?
Turning off the copy protection before concluding negotiations sounds a bit silly. To demonstrate feasibility they could have at least downgraded to a time based kill switch. If the Navy is then doing weird stuff like setting the clock to 2013 on all its machines to extend usage then its a clear deliberate violation.
"....our networks are completely dark with no Internet access. Therefore your products cannot register with your licensing server. Therefore you need to build us a version with the license controls removed.
Don't worry, we are the government, you can trust us....
Need to bookmark this story and bring it up the next time I get that request.
I guess I could design some sort of license key & time based challenge-response code which they could phone in for each activation. It would be a PITA for them to roll out, but that is their problem not mine. Besides, government loves inefficiency. They will call it a jobs program.... "E-3 Licensing Activation Specialist"
I was using this kind of setup a looong time ago, at a time where modems used acoustic coupling...
Once a year, you had to phone back to my company to get the license extended (you phoned, not the software).
And if you were not a registered user, then no way to do it...
Hang on, isn't the typical "number of pirated copies" levied against pirates, as mandated by the RIAA and MPAA. The number of potentially downloaded copies* raised to the power of number of MOSFETS ever manufactured, multiplied by the time to the heat death of the universe, measured in microseconds. There appears to be some discrepancy here...
*A random number between 8e7 and 8e9.
> The sailors previously admitted to making 400,000 copies BS Contact Geo, but it only had 597 unique unlicensed users.
Am I correct to read that as meaning they made 400,000 copies but only 597+38 users actually used it ?
Seems an unnecessary number of copies. Did they put it on some installation image that was distributed to people who didn't need the application ?
Or were the 597 users particularly promiscuous with their machines?
It seems to me this is a typical 'per user' licence where only licensed users can use the software, but can install it at work and home, or on any computer they use, but must only use it in one place at a time.
Figuring a user could be using any of the navy's computers they can install it on all, entire legitimately.
The challenge is in ensuring only licensed users are using the software and only on one computer at a time.
It appears the software suppliers woke up rather late to the inherent risk of what they were allowing with no means to ensure only licenced users were using it and only one install at a time, but couldn't prove there was abuse, and were arguing it as if 'per machine' licensing.
Am I correct to read that as meaning they made 400,000 copies but only 597+38 users actually used it ?
It all depends on how they define "unique licensed users".
Is that unique login names and they do something like have any Chief Petty Officer use the "E-7" account?
Or did they check and found the program was never used by more than 635 users at the same time so they were only missing 597 floating licenses?
400k copies does seem a bit excessive for just 635 users.
The equivalent would be pirating a DVD and then burying it in your back yard without ever viewing it.
I'm sure the so-called 'Rights holders' would make you pay for this DVD anyway, and several times if possible, because some moles would have been able to access it.
Thus human courts acquit the strong,
And doom the weak, as therefore wrong.
== Bring us Dabbsy back! ==
This post has been deleted by its author
Carrier groups can control a radius around the carrier group of some 500 miles, possibly more. If it's parked in Japan, it can control a rather large part of Chinese airspace. If the group happens to have a nuclear armed sub under there somewhere, then it can control at least the entire hemisphere and can quite possibly reach out and touch any point on the planet as those nuke subs have ICBMs on board. So yeah, the modern US Navy needs to be able to work on land as they aren't limited to oceanic operations.
Many years ago I worked for a reseller who sold a certain CAD software. This particular CAD package was sold with each licensed copy requiring a Dongle apart from in one Country in the world. This country was the U.S.A.
The "story" as to why the US copies didnt have dongles to control the license was that the US Navy, and Army stated that they would not purchase the software if it did, so to make the sale plus all future support and upgrades the dongle protection was removed in the US instead relying on serial number and "unique" product key. But with internet connectivity to all systems being a thing of the future thi seffectivly meant that any pirated copy you came across was the US version as it would just install and work, the unique product key being use many many times. Allegedly the US army/Navy were the biggest customers of the software and also the biggest unlicesned users.
Not a "story" but on more than one occasion when my colleagues and I were carrying out a support call/upgrade on several different large Oil companies cad systems, in a drawing office of 40 plus machines all running the software it was found that maybe 5 or 6 had dongles the rest were running US versions of the software. Company claimed they were legit, Software compnay asked for proof, company couldnt provide it, software company force oil company to buy the missing copies at full single license cost (as opposed to the multi copy discount they would have got) to avoid an unseemly court case.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
