
Ask HN: My manager is asking me to violate MS licensing. What should I do? - lucifersam
The company I work for has a bunch of servers in colo running our websites. We&#x27;ve been a bit loose on Windows Server licenses in the past. We have some, but they are mostly OEM and a variety of versions. However, the big issue is around CALs and external connectors, of which we have none.<p>I had to research licensing in depth when putting together a proposal to replace all the servers. It turns out that we should have External Connector licenses, as well as about 35 CALs for internal users. We can no longer claim ignorance on this issue.<p>The company has decided to move fully to AWS in the next year, so the requirement has changed to keeping the colo going for 6 to 9 months. I supplied estimates to management of the cost of getting the licensing in order - around £7k. My manager has strongly suggested that his preference would be just to forget about it since it&#x27;s only a few months and we&#x27;ve got away with is so far.<p>The management seem to think that MS can only request voluntary audits and that the worst case risk is that we&#x27;ll be forced to buy what&#x27;s required to become compliant.<p>My question is how I should respond to this, and what the law says. Bear in mind we&#x27;re in the UK and the law may be different here compared the US.<p>(1) Is MS entitled to forcibly audit us?
(2) If we violate the licensing, what is the worst case? Can they enforce fines on the company?
(3) Is this a criminal matter, or a contractual&#x2F;civil matter?
(4) What is the personal liability of individuals here? Are IT&#x2F;Sysadmin people able to be held personally liable in law?<p>We actually received a voluntary Microsoft audit some time back (maybe 18 months ago), when we had a different IT manager and a dedicated sysadmin. The sysadmin did the audit work, but then he was made redundant. MS came back with a load of queries, but our IT manager at the time just ignored it until it went away. My concern is that this might flag us up for a more aggressive audit at some point.
======
Someone1234
1) Yes. Microsoft/BSA can require/force an audit[0].

2) Microsoft/BSA can fine the company[0].

3) Civil. It is only criminal if the company was producing pirated materials
for profit (e.g. pumping out cracked copies of Windows to sell on eBay). The
BSA normally sues companies in civil courts and extracts license fees and
fines.

4) You have no personal liability from Microsoft. Between Microsoft and the
company it is a contract dispute. However arguably if the company you worked
for did get sued and lose a good chunk of change, they could in turn try to
sue you, but I've never seen that and it is pretty easy to CYA via documenting
the issue for them.

Overall I'd say that as an individual employee you have little to no exposure
(other than getting fired). As a contractor "it depends" on what you did and
didn't do (since a contractor can be treated like a stand alone entity, and
blame can be shifted in part or entirely onto them).

[0] [http://www.computerworlduk.com/news/applications/sme-
fined-2...](http://www.computerworlduk.com/news/applications/sme-
fined-24000-after-software-whistleblower-squawks-3260660/)

~~~
acomjean
BSA = Business Software Alliance They can call in audits (its part of the
software licencing agreement.. They are a nightmare.. A friend many years ago
had to deal with them when someone was fired and dropped a dime on his
company.

------
zhte415
As long as you've raised the issue to your manager, they're responsible for
it.

They've given a reason, and this includes a business case for their
justification. You're neither responsible nor accountable for their decisions
(which you've informed them of).

You have raised your concern.

A bigger question for me, is this a systematic thing in your company? Or just
your manager? Or ripping of other things is OK too? If so, at some point there
will be negative repercussion, and at that point no order of internal memos
will separate you from the brand you worked with.

------
tired_man
If you've reported your concerns in writing (email), keep a local copy in a
pst and take it home. CYA.

I don't know how the situation is now (US or UK), but in past years the BSA
could show up in the US with warrants and a US Marshal or two in tow to force
an audit on their terms.

------
PaulHoule
Don't they have some number to call to drop a dime on this kind of thing?

~~~
Someone1234
Indeed. But how is that in the OP's best interests while they still work
there?

~~~
atsaloli
To live in an honest society, you have to insist on honest behavior.

