Other

By Jeff Mottle

How Work-From-Home and the Software EULA Could Cost You Thousands in Penalties

Editor's Note:

Publishing an article like this does not come without its political and legal risks. Neither I personally or professionally have anything to gain in bringing attention to certain industry risks and behaviours. But like everything I’ve done over the last 20 years with CGarchitect, it has always been about education, elevating our industry and making it a better place overall.  If you think this article was helpful for your studio, please consider supporting us financially by purchasing a CGarchitect membership or Recruiter plan, or donating to CGarchitect, so we may continue to publish articles like this and help our industry be better.



Just when you thought the impacts of COVID in the visualization industry were understood, it seems there is a new threat to studios - the software EULA  (End User License Agreement).
We all know it well, that small checkbox you are required to acknowledge each time you install software on your machine. Frequently it’s checked without giving it a second thought. We often scroll through the 16 pages of the legal text, not thinking twice about the ramifications of accepting the licensing terms and conditions. The general thinking is that if you have legal licenses and don’t use more licenses than you purchased, you should have nothing to worry about, right? If so, you would be wrong, and in researching this story, it seems it’s far more complicated than you might think.
Having been in the visualization industry for 25 years, I have heard many stories about pirated software - many firsthand from those caught up in software compliance issues.  Those stories were divided equally among both large studios and individuals who used software without paying for it.  You might be thinking that’s what this article will be about, but it’s not. There are far more complexities and gray areas to a EULA that can cost your studio six-figure fines if misunderstood. Some publishers aggressively enforce their EULAs not just for compliance but also as a profitable revenue stream, so you need to pay meticulous attention to what you agree upon. 

I do want to be very clear about one thing, however. Neither CGarchitect nor I endorse software piracy or intentionally breaching a EULA. Just as you expect to be paid by your clients for the visualization work you provide, so do software publishers. So from that perspective, it’s hard to find fault with publishers protecting their intellectual property. 

The Autodesk EULA, for example, is nearly 14,000 words, and Chaos Group is over 25,000. 

The EULA is very clear about using software without purchasing it,  but what about all of the other clauses in those terms and conditions you likely glanced over? The Autodesk EULA, for example, is nearly 14,000 words, and Chaos Group is over 25,000.  Are you compliant with the geo-locations of your licenses? Do you understand how the licenses have to be assigned?  Are you responsible for your employee’s personal machines?  Are you responsible for third parties that attach to your network? The scenarios that can potentially get you into hot water are endless. It’s essential you fully understand the limitations and responsibilities that come with all those clauses.  The ramifications of not doing so can come at a hefty price. 
Last year, I learned of a studio contacted by Autodesk’s compliance team alleging they had breached the EULA and owed a significant fine.  However, the infringement was not that the studio had illegally used licenses themselves but that they, like many studios during this pandemic, had employees working from home using their own machines.  The studio had allowed their employees to install their legal licenses onto their personal devices. In this case, that alone was not the issue. However, the studio did not anticipate that Autodesk would allege that they would be legally responsible for those personal employee machines' contents in doing so. Unfortunately, many of their employees had, unbeknownst to the studio owners, installed pirated versions of Autodesk software on their machines.  Installing the legal studio licenses engaged the built-in “phone-home” tools and alerted Autodesk to the infringement.  
In speaking to the studio owner, in this case, they expressed concern not only about the alleged infringement but the practicalities of even trying to remain compliant. “The challenge that we face with Autodesk’s subscription is that employees are provided with a login to self activate the software. However, Autodesk does not provide limitations on where that activation can be utilized. This means an employee can download the full Autodesk application from Autodesk's website at home and activate the software without the employer's knowledge. This can create a scenario where legal software resides on hardware that may contain pirated applications. Since the employer can not monitor employees' personal equipment, there is no way to ensure that their legal software is used in compliance with the EULA. A fix for this issue would be if Autodesk’s user management also included a toolset to monitor and approve which computers a user can activate with their software.”
The suggested remedy proposed by Autodesk’s compliance team, in this case, was significant and severe. This is just one of many stories we came to learn about during the investigation for this article.

Why go after the studio and not the individuals who infringed?  One lawyer I spoke to said quite simply, “the money, the studio has the money” 

Like many of these studio owners, my immediate reaction was to question why they were doing this during a pandemic. Why are they going after some of their best customers for infringements they arguably might not even be responsible for? And why go after the studio and not the individuals who infringed?  One lawyer I spoke to said quite simply, “the money, the studio has the money”  It would be easy to try to make this article about how a particular publisher approaches license compliance. Still, I wanted to understand this issue as a whole and speak to as many people as possible to ensure this article was fair, honest and balanced.  

I spoke to many studio owners who had been approached by compliance teams, software publishers, IP and technology attorneys and some veteran executives within the software industry to understand better what was happening here. 
I asked to speak to all of the top vendors for this story, including Autodesk, Chaos Group, Maxon, Enscape, Lumion, Epic Games and several other industry insiders.  While some were receptive to speaking to me on the record, many declined participation, citing they did not want to be associated with this article or did not see value in contributing to the clarification of their EULAs.  Honestly, I was a bit taken aback by this, and of course, I immediately started to wonder if there was a larger conspiracy at play here. However, I was fortunate to speak with Marc Petit, VP, General Manager, Unreal Engine at Epic Games, who was able to add a bit more context.

“You need to have policies, and you need to have systems to enforce those policies,” Marc explained to me, “Those policies are defined by legal terms that are as restrictive and precise as possible, and then you decide how you enforce it.”  
Those policies he is describing are, of course, the long EULAs mentioned earlier.  Marc went on further to explain: “The policies are written, to hold up in front of a court, and not as a guide for users. They don’t want to paraphrase their own EULA. Legal departments will tell their staff you can not tell users what to do; they need to read the EULA. That is purely a lawyer’s perspective as you don’t want to contradict yourself. You don’t want to have legal saying one thing and customer service saying another because it will invalidate their EULA in front of the court. Legal paranoia is prevalent in public companies because there is so much at stake.“
My mind was somewhat eased that there was no more sinister issue at play and explained why some companies were reluctant to speak with me. However, it’s unfortunate given the complexity of these EULAs that it has become so difficult for studios to ensure they remain compliant and understand what they agree to.

They struggled even to figure out which clauses they breached in the EULA, even after rereading it.

I spoke to several other studios that relayed their horror stories of being contacted by Autodesk’s compliance teams.  One studio had a third-party contractor come into their office with a laptop and connected to their network to complete some work for them.  As with the work from home scenario mentioned earlier, Autodesk alleges that in doing so, they became legally responsible for the contents of that laptop and the “phone-home” tools once again notified them of an infringement.  Like the employees earlier, this contractor had pirated software on their notebook unbeknownst to the studio owners.  In both cases, owners were caught off guard by their supposed liability. They struggled even to figure out which clauses they breached in the EULA, even after rereading it.
While I solicited stories for this article about EULAs in general without any specific publisher in mind, all of the unfortunate enforcement stories sent to me sadly involved Autodesk. I know many people at Autodesk, and they are all great people who have committed lifetimes to try to do great things for the industry, but why then do we see this sort of enforcement? The answer to this is possibly explained later in this article, but I reached out to Autodesk’s PR team for comment to ensure they could address these cases and some more specific questions I had.

I have pasted their reply in its entirety here:

Our customers’ trust in us is our top priority, as is the security of our products. We have processes in place to protect and guide customers to better practices for verification of software and software asset management (SAM). For example, Autodesk Genuine is a service that checks for nonvalid software, then sends customers guidance for how to resolve the problem. Autodesk Genuine and other processes protect customers by decreasing risk and ensuring continuous productivity. When it comes to SAM, Autodesk supports the following best practices: 

  • Putting policies and procedures in place for responsible software management. Examples include a process for centralized software purchasing and a corporate policy statement on software use. 
  • Taking inventory of software assets and comparing it to what is allowed under entitlements to determine what is compliant or not compliant. This can also help identify outdated or unnecessary software. 
  • Scheduling internal audits on a regular basis to ensure businesses remain compliant as they change or grow. 
More information about Autodesk Genuine can be found here. 
Autodesk subscriptions grant generous rights and allow for flexibility in who, how and from where our software is accessed. See here for more information. For example, single-user subscriptions can be installed on up to 3 devices to allow the authorized user the flexibility to access and use the software on one of three devices at any one time. More information about subscription types and terms of use can be found here. 
Our approach to license compliance ensures that customers pay for the software they use and comply with our terms of use, which is both reasonable and fair to vendors and other paying customers alike. We are also committed to respectful and reasonable license compliance practices. While the licensee of Autodesk software is responsible for ensuring that any access to or use of Autodesk products is done in compliance with the applicable licensing agreements (this is standard for software vendors), programs like Autodesk Genuine and SAM practices are resources for customers to evaluate their usage of software and verify compliance with Autodesk license agreements. 

So does this mean you need to contact a lawyer every time you install software now? I was able to speak with Robert Scott, the managing partner at Scott & Scott in Texas, to help me better understand if these studios were indeed liable. Scott’s law firm specializes in Technology and IP law and has extensive experience in IP litigation. They have dealt with most of the significant creative industry software publishers and have defended over 500 software audit cases, some of which in US Federal court.

When I asked about the need to hire an attorney to install software and if you should contact a lawyer when a compliance team has approached you, Scott said: “I don’t want to come across as self-serving and say as soon as you get contacted, rush out and contact a lawyer, but at the same time, it is a legal issue, and it may be a substantial financial issue depending upon the nature of the publisher.”  Scott further clarified that it’s essential whenever an IP rights owner contacts you, whether that be software, copyright, or trademark if someone is alleging you have infringed on their intellectual property right, you need to speak to an intellectual property attorney, even if it’s just a preliminary discussion. 
I detailed the specific cases brought to my attention and asked if he thought the studios were liable.  Scott told me that the fact pattern described does not make the studio responsible, despite what Autodesk’s compliances teams were alleging.  The legal theory is “contributory copyright infringement,” Scott said. 
According to Wikipedia, this is “a way of imposing secondary liability for infringement of copyright. It is a means by which a person may be held liable for copyright infringement even though he or she did not directly engage in the infringing activity.”  

“At best, it becomes a blurry situation when a publisher tries to tie liability to an employee’s computer.”

Robert explained that studios are likely only to be held liable if they supply illegal software or knowingly benefited from using the illicit software and could control the infringement. I also spoke to another attorney who had experience writing software EULAs like the one in question, and he said, “At best, it becomes a blurry situation when a publisher tries to tie liability to an employee’s computer.”

So if two lawyers don’t think the studios have any liability, why are publishers trying to seek compensation for this type of alleged infringement?  And this is where things get a lot more complicated.

Publishers will take liberties with the law for their financial gain in both areas.

Scott explained that publishers often take liberty with the case of liability (who is responsible) and what is the proper remedy. “Publishers will take liberties with the law for their financial gain in both areas.  While many publishers similarly approach this, Autodesk has been known to approach this more aggressively over the years.” 
The circumstances of this pandemic have created many unintentional opportunities as it pertains to EULAs. One industry insider said:  “Publishers can choose to be empathetic, or they can choose to squeeze as much value as they can from their customers.” And this, at its core, is what this is all about. 
This same insider does not think the top people at Autodesk want this to happen, but it’s an unintentional consequence of their culture. Sales targets are set at the top, and third parties are engaged to assist with license compliance, which is part of their incremental growth strategy. “And while it is a legitimate thing to do,” I was told, “it’s all in the way you do it, especially during a pandemic.”
 “The big publishers want to ensure they maximize the use of the software and to maximize the return per customer. Many publishers are moving to push licenses to specific end users to maximize their returns. Autodesk is growing faster than the market, so they need to make more money from their users.” 
I was curious if EULAs had been written specifically to accommodate this incremental revenue model, but one legal expert I spoke to did not think so. “EULAs don’t speak to these business models, but rather the relationship a company chooses to have with its customers. Much of this boils down to an ethos and value discussion vs a legal technicality.” 
Another targeted studio I spoke to said Autodesk’s compliance team reached out to them and indicated they had infringing software on their network.  The studio could not find the instances being described, and when progress went nowhere with the 3rd party compliance firm that Autodesk had engaged, they were forced to hire legal counsel to assist.  

initial contact was very confrontational and aggressive

The studio owner I spoke to said the initial contact was very confrontational and aggressive, and they had no desire to listen to any explanations.  Once they hired the lawyer, the tone of communications changed.  In the end, the studio agreed to allow auditing software to be installed to find the alleged infringing copies.  Autodesk’s internal compliance team returned with the software’s names but could not provide any information about which machines the software was on.  Eventually, the case was settled, and Autodesk finally relented and agreed there were no infringing copies after all.  But not until the studio owners had spent thousands in legal fees to prove what they already knew.  

compliance representatives working for third party firms tasked with using aggressive and high-pressure techniques to obtain the largest settlement possible. 

Robert, the managing partner at Scott and Scott, told me first contacts often come from compliance representatives working for third party firms tasked with using aggressive and high-pressure techniques to obtain the largest settlement possible.  From the correspondence I reviewed by the studios I spoke with, this appears to be the case.  The names of the individuals listed in the emails tie back to third party firms specializing in license compliance. The individuals themselves often had backgrounds in sales and customer service based on their LinkedIn profiles. 
When I asked Robert about how most cases ultimately end up being settled, I was told every case was unique. He could not remember a point where they could not either make progress on the alleged infringement liability or the arguments relating to the damages that reduce the settlement that is lower than the original demand.
Some studios I spoke to negotiated lower penalties independently without an attorney’s assistance but did so knowing they were not at fault and just wanted to be done with it.  Scott did caution that there is a reputation factor when admitting guilt when there might not be any.  “Why would you admit fault when there is no fault,” and who gets to see this? Is this confidential? Or could this admission end up in a press release somewhere? Are there confidential provisions tied to the resolution in the admission of responsibility?”
Robert likes to include language in his settlements that include no admission of liability and confidentiality clauses.  Scott further went on to say: “Too often the publisher’s conduct is allowed to fly under the radar. I don’t think enough light gets shed on the other side of this story. Plenty of people talk about how software is bootlegged in the street, but none about how software companies are bullying small businesses, particularly in the creative and design spaces. In many cases, the studios are both in the legal and moral right. If you have rights in either of those areas, it’s worth fighting.“
So should you consult an attorney to understand the EULA better?  Scott recommends you don’t deploy software on the hardware you don’t own. If you don’t fully understand the EULA and are thinking about new deployment scenarios, speaking to a law firm is prudent, especially when you venture into more complicated deployments. “If you don’t engage a law firm to explain these scenarios, you have no one to hold accountable. I can’t tell you how many clients have come to me and said they were told by the publisher or a reseller the use case was permitted, but it was not and resulted in liability in an audit.“

In the case of Twinmotion, we do not have an enforcement mechanism or DRM. It’s 100% honour-based. You can have license policies like Epic, and you don’t need complex DRM systems.

While Robert indicated that most major software publishers have license compliance teams and can sometimes aggressively enforce their EULA, I spoke to two companies that take a different approach. Marc Petit from Epic Games told me, “In the case of Twinmotion, we do not have an enforcement mechanism or DRM. It’s 100% honour-based. You can have license policies like Epic, and you don’t need complex DRM systems.  We find that most of the people want to pay for the software they use.”  Marc said approaching the EULA the way they do, creates trust and flexibility with their customers.  
Paul Babb, Global Head of Marketing at Maxon, agrees. “Piracy naturally decreases as subscriptions bring down the cost of entry. Ultimately, we would rather focus on developing functionality that provides value for legal owners. With Maxon’s new entitlement system using login technology, it doesn’t matter where an artist is working as long as they log into a valid account, meaning users can activate the software whenever and wherever they feel creative. And for Maxon, that makes it fairly easy to spot abuse and eliminate exploitations. We adapted many studios licensing structure during the quarantine to facilitate remote working and virtual production pipelines. The most popular setup is our organizational licenses technology, which allows an account administrator to selectively share licenses with individuals or with groups within an organization. And, it’s the same scenario as above – creatives can work in-house or at home legally.”
One legal expert I spoke to said it is unfair to place all the blame on EULAs, as the new challenges caused by this pandemic were never something that was foreseen and creates some ambiguity when the license attaches to the hardware and not the user. Everyone reacts differently to this ambiguity. The entire model needs to be rethought, including employment agreements.

Most employment agreements have provisions about what you can and can not do on company software, what the company has rights to and what you are allowed to install. If you read the agreement more broadly, then the studio may have the right to audit everything on your home computer, but this needs to be reviewed more carefully moving forward. A personal home user might have a license, do personal work and work for the studio with the same software. The studio now may legitimately ask if the personal work they create is covered by the corporate EULA or the personal EULA?  These new variables create many complexities, and studios need to be on top of this and consult with lawyers to ensure that they have all their bases covered. 

In speaking to the legal professionals, most advised not to install software onto machines you don’t control.

So, now that you have a glimpse into the world of the software EULA and how it can potentially impact your studio, what do you do now? In speaking to the legal professionals, most advised not to install software onto machines you don’t control. It would be best if you also were running regular audits on your network to understand what is installed. But you don’t have to use the software publisher’s auditing software; there are many third-party applications out there that can do this as well, without the risk of it phoning home to report on what you find.  Finally, you really should be consulting with a legal professional to both update your employment agreements and review your EULAs as they relate to your use case.  These should also be reviewed again if you change the way you are deploying licenses. Especially during a pandemic where all the rules and typical ways of doing business seem to have gone out the window.
No one should be installing pirated software, and if you do as an employee, you might be putting your employer at risk and your future employment.

Just because you are told you are infringing does not always mean you are. Seeking out a lawyer’s advice when a compliance team approaches you seems to be the most prudent thing to do. 

These EULAs are not easy to understand, and it’s incumbent upon studio owners to know where their risk lies and try to alleviate it as much as possible.  It’s also important to understand your rights. Just because you are told you are infringing does not always mean you are. Seeking out a lawyer’s advice when a compliance team approaches you seems to be the most prudent thing to do.  
As for how different publishers approach the enforcement of their terms and conditions, I think that ultimately is a decision for each to decide, but I question the approach some are taking. Most studios are just trying to do the right thing and want to be compliant. I think a bit more compassion is needed when dealing with cases that are not so black and white.  Your customers are why you exist, and that relationship should be fostered and not made to be antagonistic. If, indeed, as some have suggested, this is not the intent of these companies, I would highly encourage executives at these publishers to review the practices being employed by their compliance vendors. Publishers need to ensure what their vendors are doing aligns with their company ethos and the relationship that they want to have with their customers.
I think it’s safe to say that none of these studios intended to do anything wrong, and all had legal licenses for their studio. But all of them told me they were made to feel like criminals and were treated very aggressively. Some told me it had soured the relationship with their publishers, and they are now actively looking for other alternatives for their studio. 


Editor's Note:

Publishing an article like this does not come without its political and legal risks. Neither I personally or professionally have anything to gain in bringing attention to certain industry risks and behaviours. But like everything I’ve done over the last 20 years with CGarchitect, it has always been about education, elevating our industry and making it a better place overall.  If you think this article was helpful for your studio, please consider supporting us financially by purchasing a CGarchitect membership or Recruiter plan, or donating to CGarchitect, so we may continue to publish articles like this and help our industry be better. 



You must be logged in to post a comment. Login here.

About this article

Just when you thought the impacts of COVID in the visualization industry were understood, it seems there is a new threat to studios - the software EULA (End User License Agreement).

visibility4.75 k
favorite_border4
mode_comment0
Report Abuse

About the author

Jeff Mottle

Founder at CGarchitect

placeCalgary, CA