NSW Police court trouble on software audit

Software execs confident of finding evidence of copyright breach.

Software company Micro Focus is battling NSW Police over the scope of a court-ordered software audit that will inform the parties’ six-month-old copyright dispute.

In May, Micro Focus accused NSW Police and two other agencies of installing more instances of software than was covered under a 1998 licensing agreement.

The vendor reached out-of-court settlements with the NSW Police Integrity Commission and Ombudsman in August and September respectively over similar issues.

But it is yet to come to an agreement with NSW Police, which it accuses of installing 16,000 copies of Micro Focus’ ViewPoint software despite having paid for only 6500 licenses.

On September 20, Federal Court Justice Jayne Jagot appointed KPMG associate director Stan Gallo to audit NSW Police systems.

Micro Focus wanted Gallo to investigate all installations of its ViewNow terminal emulation software and its predecessor, NS, which was originally covered by the 1998 agreement.

But Police argued that the process of installing ViewNow would have overwritten any instance of the NS product on an endpoint device.

The parties were unable to agree on the scope of the audit in court today, leading Justice Jagot to schedule another hearing on Friday afternoon.

According to David Taylor, Micro Focus’ president of Asia Pacific and Japan, the company’s end-user licensing agreement afforded it the right to an audit.

“It's galling to have a lack of dialogue,” he said of NSW Police’s unwillingness to reveal the number of endpoints on which the software was installed.

“The Police tell us they can’t tell what they are using, but we know for a fact that to satisfy its requirement for security, the system would have to have been set up to be audited,” he said.

Micro Focus argues that NSW Police must have the ability to audit its IT systems to have been able to prosecute officers for misusing the Computerised Operations Policing System (COPS) database since 1994.

“We are happy for KPMG to do an audit, but it's a cost unnecessary to go through,” Taylor said. “The data is there ... They would know every machine it was installed on and de-installed on.”

Lessons for compliance managers

Taylor said the NSW Police dispute was the first time in 30 years that Micro Focus faced “a problem like this” in the region, noting that Micro Focus did not have designated copyright lawyers prior to the case.

According to Micro Focus’ Australian general manager Bruce Craig, a majority of software was distributed “on a trust basis” owing to the portability of software.

“We trust our clients to do the best with our [intellectual property],” he said. “There is an expectation they will try and do the right thing.

“Our methods are not onerous. Realistically, the client needs to have ability to change or respond to an emergency. If you restrict them too tightly it can hurt their business.”

Taylor said copyright breaches typically occurred because of a customer’s enthusiasm about the product, noting that those customers tended to “come to a sensible outcome” with Micro Focus should the issue of copyright be raised.

He described a disconnect between the end-user licensing agreement that employees, IT administrators and helpdesk staff see on the ground, and the corporate contract signed upstairs.

Taylor recommended organisations use auditing software and conduct annual reviews to ensure staff were informed about the limits of their commercial agreements.

“You can’t stop [IT staff] on-boarding new employees,” he said, but “the job is upstairs – there should be a regular review.

“Sometimes you find you are actually using less, and you can renegotiate and get better value,” he added. “Why wouldn’t you review if it could save you on maintenance costs?

“To not bother is somewhere between arrogance and complacency.”