This might in fact turn out to be one of the biggest, most expensive blunders by the company in question. Years later the tale is recalled - aggressive misguided legal department sends a C&D to one of the greatest projects in human civilization. Internet responds by hackers pooling in time and resources to build an alternative, superior, free solution that becomes the benchmark effectively putting the aforementioned vendor out of business. Poetic justice.
The fact that CERN is not publishing the name of the company in question makes me think they know exactly know what to expect from the online community. I don't think it will be an alternative superior solution, but certainly some backlash against the company.
Would that be a justified response? By the exact reading of the law/agreement probably not. But then again, this student was free to use the software at CERN, he just went out of his way to also work with it on his laptop (for the same project I suppose). That means the company is punishing someone for using their software, even though there was no lost sale. For me it feels unnecessary to put a 30k CHF fine on someone that way.
IANAL, but I feel obliged to point out that the company, not the employee, carries the responsibility for respecting copyright and contracts it signed. After all, the student has no way to know what those contracts are, has not legally agreed to be bound by those contracts (he has not seen them, and his employment contract does not change that), and might have been instructed by his manager to do exactly this.
Essentially, this person could legally claim that CERN or one of it's employees requested he install the software, and to just download it if the normal process didn't work.
If as part of your job you violate commercial agreements (this includes copyright related infractions and licence violations), the company is responsible for any and all damages and contractual consequences of these action(s). Even if there is no contract involved, for example in the course of your job function, you drop a pallet onto someone's car, the company is responsible for the damages. They can, of course, fire you as a result of this mentioning something about "lack of proper judgement", but that's the limit of what they can do. They can also not withhold wages for any period the employee was under contract, no matter how much damage he caused.
There are exceptions which mostly relate to an employee signing contracts in the name of the company and criminal acts, but they don't seem to apply here (the company board must name and publish a list of people who are authorized to sign in the name of the company in a government registry. Anyone who signs an agreement with said company is responsible for comparing the signature of the contact with that list. If you fail to do this, the contract may be null and void) (also, this is assuming it was not a criminal act. But neither copyright law nor contract law falls under criminal law, so only copyright violations committed as part of your job cannot result in you losing more than your job)
This employee should immediately cease all communication with CERN relating to these damages, neither admit or deny anything at all and resolve the matter with the help of a labor lawyer. Ideally, he should continue to carry out his duties as specified in his employment contract, but NOT talk about this incident, instead requesting all communication relating to this happen through registered mail.
This strongly looks like CERN is trying to pull a fast one on an employee. CERN, not the employee, has to pay damages resulting from one of their employees violating a contract they signed.
> They can, of course, fire you as a result of this mentioning something about "lack of proper judgement", but that's the limit of what they can do. They can also not withhold wages for any period the employee was under contract, no matter how much damage he caused.
Really? I could take a job with a software company, then purposefully pirate everything in sight, and the worst that could happen is I get fired? And the company has to pay the damages?
There has to be a vaguely reasonable claim that you did so as part of your employment. For instance, you pirate work-related software. Or your manager asks you (I've seen that happen).
I suspect (but should stress that I don't know, my suspicions are based purely on name and the fact that it's listed on the CERN Engineering Software DB) that the software in question is Allegro AMS Simulator: http://www.cadence.com/products/pcb/ams_simulator/pages/defa....
"Another factor that was attractive was the fact that a single network license allows CERN to run a COMSOL job on any number of cores or a compute cluster."
True, that could well be the software they're refering to. The reason I suspected that it may be Allegro AMS Simulator was a combination of it being listed on the CERN Engineering Software DB[1] and the product name.
Yeah, I would imagine CERN uses a lot of different packages. Indeed, they'd probably be mad not to run serious simulations across multiple systems to sanity check.. :)
Stuff like this often makes me consider writing an open source version of whatever the software is. If I really had to base my long-term livelihood off a piece of proprietary software, I wouldn't want to perpetually have such a sword hanging over my head. I work with many pieces of software where the core functionality is actually quite simple (more complex if you want nice features), and I'm actually doing this for one of them.
Because of course you would write some software that CERN, with 100's of engineers and scientists, finds not cost-effective to build its own version of, on a sunday afternoon...
The naivete and total absence of awareness of how things work in the Real World in this thread make me shake my head. 'Hey all, someone should write an open source version!' - sure, and in the mean while, those same people gush over some guy raising 300k for "the next generation code editor" who then barely manages to build something that works at all, let alone is an actual improvement.
Software is hard and expensive, especially software that has actual domain knowledge embedded, unlike the 1000th 'micro js framework for single page apps' and fads like that. All the hate on people and companies who make a living selling software (gasp!) is... well, there is no other word for it - plain dumb.
(yes, I make (part of) my living from selling software)
Yeah - no. Do you have experience with high end scientific software¿ Because I have, and that sort of software is hyper niche and requires highly advanced domain knowledge as well as expert software engineering, and is usually the culmination of several man-decades of research and development. If it was truely the easy to replicate cash cow some seem to be assuming, there would be competition all over the place; or a lab would get some intern to replace it in 6 months. But they don't because it's impossible and they realize that Adam Smith's point about specialization holds for software, too.
Right. The university paid a high price for MATLAB licenses (fine go ahead and claim that's not "high end" enough for your example), so they're going to teach their students MATLAB, even when the free and open source combo of IPython+Numpy+Scipy+Matplotlib is at least equivalent, in many aspects better, AND uses a saner scripting language (Python) than MATLAB's with all its crazy warts and lack of modern (15 years ago) programming paradigms.
> If it was truely the easy to replicate cash cow some seem to be assuming, there would be competition all over the place; or a lab would get some intern to replace it in 6 months.
Okay, now I have to ask. Do you have any experience with interns at a university trying to write even, let us assume, a relatively simple and straightforward piece of software?
Don't get me wrong, I partly agree with you, nobody's going to rewrite the high-end scientific software in a weekend.
But you seem to be saying that's because it's too hard. What I'm saying is that the people with the domain knowledge (physics students, interns, PHDs, whatnot, even the computational science guys) are pretty much uniformly shit at writing software. It's a big reason why there's not a lot of code sharing going on in the scientific community: Shame. And that if it was published nobody would want to read it, and there's a rather big chance it would reveal fundamental research errors.
The real reason this "high end" scientific software is guarded so heavily is because the fact that they have other users than themselves, they know they are in possession of a unicorn.
Then there's the part where all the old professors have their (unreadable) scripts written for that ancient unicorn, so even if something better comes along, nothing's going to change much. And even if the students translate (read: completely rewrite and fix some longstanding bugs) those scripts to the modern software, the professors won't have anything to do with it because they don't want to learn the newer thing since they spent so much effort getting to know the arcane old thing (though they will claim they don't trust the new software yet).
Dinosaurs. People will wax nostalgic over having worked at (gasp) actual UNIX terminals in their university years. Except it was the year 1999 and you had to FTP to the one machine with a floppy drive to take your stuff home. Sorry I digress, but yaaaaay science.
Someone's using arguably overly aggressive copyright laws to squeeze someone for cash they couldn't possibly come up with! Let's debate the ethics of selling software!
EDIT: The proper way to handle this would've been to say "Hey! Your site license doesn't cover this. Please don't do it again, as we depend on that license revenue to pay our bills to write great software."
> The proper way to handle this would've been to say "Hey! Your site license doesn't cover this. Please don't do it again, as we depend on that license revenue to pay our bills to write great software."
That's mostly the proper way to get people to not care and end up killing your business anyway.
As opposed to "Fuck these guys"? Even if their software isn't replaced with an open source alternative, this buys enough bad will to have someone patch their binaries to prevent them from calling home and distributing them via torrents. That seems far more likely to kill their business.
Is there some version of the article that names the student that 4 or 5 people have read? Or are people just seeing the name of the Licensing Officer at CERN and confusing it with the student's name?
Well then the student would do well to not pay and to force the University to take them to court over the speculative invoice. Good luck getting undergraduate students to the University that will give itself the reputation as the enforcement arm of a copyright claim. (NB that in the EU no matter what the University blusters they cannot prevent graduation over unpaid charges.)
Yes there is a graduation as such for Ph.D. students -- it's not such a big deal seeing as it happens post viva/defence and many students don't turn up in person however it is still required to get the piece of paper that says Doctor of Philosophy on it.
They must be telling the company her name if the charge is to be passed on. Otherwise she can simply not pay. I have read the article please do not swear at me even in acronym form.
In general people use "him" as a replacement for "him/her". Other people use the pronoun "her" to combat the implicit assumption that people must be male. Since they are not identifying the student in this blog post one cannot ascertain the sex of the student from the fact that blog post uses the word "him". My use of the word "her" had nothing to do with any fucking.
> In general people use "him" as a replacement for "him/her".
That's one of the ways people use "him". Other times, they use "him" to mean that the individual in question is male.
These days, "her" to combat the implicit assumption that people must be male is common enough, it's almost safer to assume that "him" means someone who is specifically male.
> These days, "her" to combat the implicit assumption that people must be male is common enough, it's almost safer to assume that "him" means someone who is specifically male.
I think this is not true yet. Anecdotally I personally only noticed this first a few months ago and no one I've discussed it with in real life has yet known what I'm talking about.
Because unlike you I read the fucking article. In it, the author directly refers to the student as 'him' and 'he'; therefore it is safe to say, despite your politically ridiculous musings, that the protagonist is male.
The story refers to the article, the student, in the masculine form. In English, we do not have explicit masculine/feminine forms of adjectives, therefore the article, in this case a student, is a male as the story's author referred to the article as 'him', 'he' and 'his'. I simply do not understand what you are finding so hard about this, other than petty political correctness. QED.
Furthermore, it is totally irrelevant to the story itself!
Well... in JupiterMoon's defense, the word is overloaded (in the C++ sense). We use "him" for "male", and also (historically) for "person of unspecified/unknown gender".
Now, we're more using "her" for "person of unspecified/unknown gender", but the problem remains: We've got three states (male, female, and unknown/unspecified), and only two words (him and her). No matter what, there's going to be this kind of problem, until we come up with a third word. (People have suggested "they" or "them", but I don't like it because of singular/plural issues.)
Like "they", "them" and "their"? English is a wonderfully flexible language, it's such a shame that ridiculous and faddish political correctness is so utterly blind to it.
So much fail here. If someone is aware of the vendor's name please publish it here so that I can avoid doing business with them.
The software company was within it's rights, but there's a big difference between what you're legally allowed to do when you detect a licence violation by a big customer and what you should do. You should attempt to preserve your company's good name at CERN and get the licensing situation fixed (by removing the extra copy or relicensing it). You should not try to go after a poor CERN student for 30k because he/she installed your software on the wrong computer despite having a valid license.
For what its worth, as a developer, I agree that the vendor should be able to enforce their product licencing. They have to make a living. But their actions here are heavy-handed, and those of CERN and the university are cowardly. Given what CERN does, and that the person in question was a student, its not like anyone profited from the licence infringement.
A more mature response would be to arrange for the student to do a modest amount of unpaid work for the software vendor to symbolically make amends and understand each others point of view.
Why are the actions of CERN and the University cowardly? Neither institution decided to use unlicensed software, the student did. He, as an adult, should be held accountable for his choices and his actions. I do agree that "AllSIM" are being heavy handed...
The student made a bad choice and I agree that they should take responsibility for their actions. I described a way to do that. The software vendor has a right to make a living from selling licences.
But. Students are usually young, relatively inexperienced, and have limited resources. A $31k fine would probably end their academic career and have a long-term effect on their life. And to what end? Why do this to someone at the start of their adult life?
CERN and the university - without agreeing with the student's actions - should recognise the power imbalance between the student and the software vendor, and the absence of any real damage caused, and they should look after their people. That doesn't mean siding with the student, just using their position as respected institutions to bring about a just settlement. Their failure to do that makes them cowards.
Not only did they not fight the claim the actively helped them enforce it, arrogantly declaring that "[...] he was forced to acknowledge the facts" and "[...] CERN passed all costs to them who, in turn, passed them on to the student". This was supposedly because the student had "placed the Organization's reputation at risk", but they apparently it was fine to blog about it, and "created a financial liability for CERN", which would have been true if they hadn't just passed the cost onto the student.
Bottom-line, if you're active in an organization like CERN you come in contact with a lot of expensive equipment. The student made a mistake, but did so as a result of the involvement with CERN. If you can't even protect your students from virtual claims what happens if you mistakenly do some actual damage at CERN, do they send you a bill for millions?
It seem like they are more interested in enforcing their own rules than anything else. Mindlessly writing things like "CERN offers a variety of commercial software and has all the corresponding licences you'll need for your professional use", when they've just concluded that "However, the CERN AllSIM installation would not allow for this, as roaming usage is not covered by CERN's AllSIM licence".
The student should of course refuse to pay, forcing the license holder to either sue or settle. Probably for far less of an amount. At least if CERN hadn't published the whole thing, increasing the risk of the student being made an example of.
The student knowingly used a pirate version to circumvent the licensing restrictions communicated to him by CERN. So no, the student did /not/ have a valid license and knew he didn't have one. Why shouldn't the student be liable for that?
Also, the software company didn't go after the student themselves. They billed CERN, which billed the Uni, which billed the student.
I agree with most of your post. I don't think the license was valid for the laptop/roaming, however ("roaming usage is not covered by CERN's AllSIM licence").
The vendor should have looked at it another way. They should have thought to themselves "Looks like someone at CERN needs the roaming license, send over some sales people to convince CERN to upgrade their license to include roaming." They might have more than made up for the 30K fine they will collect.
This is just a guess, but maybe -- just maybe -- the people who have been living and breathing this business for years understand it better than someone who learned about it 5 minutes ago on a web board.
I never claimed to know that anonymous business, but it doesn't take a genius to understand that good customer service doesn't include handing out a fine for 30K CHF, especially to world renowned, well respected research facility.
Part of running a good business is looking for opportunity wherever it exists. The company can see the opportunity to squeeze 30K from a client, but when that license expires, the chance the customer goes a different direction is higher. Instead if you accept that it was a mistake, use it as an opportunity to expand the license, not only have you increased the revenue from that company, but you've also shown you are easy to work with, forgiving and therefore the customer is more likely to renew.
I'll provide a very anecdotal story that happened to me. I once worked in a bar/kitchen and was paid under the table in cash each week. The owner would give me the cash in an envelope with the number of hours I worked. On a few occasions he would overpay me by $20 or so. Some may this as an opportunity to get an extra $20. Instead, I would go to my boss and say "Hey, you accidentally over paid me by $20" and hand him a $20. I can tell you that the respect and admiration I received for being honest, was worth way more than the $60 or so extra I would have received if I had just shut up and took the money. Moral of the story - look for the real opportunity, not the immediate payout (as the software vendor did with CERN).
Let me tell you an anecdote, too. I worked at a startup where we were selling software and that money was what I was using to pay my rent so I wouldn't be homeless and buy food to put in my food hole so my body would not die.
Various people tried to steal our stuff. Every once in a while someone would call us up and tell us what we should give them a free copy because, in a lot more words, "it would generate goodwill." I'm sure they might have even believed what they were saying. But it wasn't their rent money on the line. It was ours.
(Other people would call us and tell us, literally, that they had mailed us a check, so please ship out the software now. The most obvious "we are lying to your face and fuck you if you need money to live" was a military branch that said they couldn't buy a license until we removed our copy protection. After a bunch of negotiation, we finally said "sorry, take it or leave it" and they bought three licenses. Huh.)
I'm not saying that the company is right. But I am saying that that software company is the one with their butts on the line. If you are wrong, absolutely nothing goes wrong for you. But if they listen to your advice and it turns out to be wrong, they lose money, or maybe go out of business. They can't use "goodwill of 'giarc" to pay their lease.
People who have been in the business of selling software learn quickly that people who complain online about proprietary software are not their customers and will never under any circumstances end up as their customers.
You are inappropriately extending my argument to new customers and non existent customers. My argument was that if they saw someone at CERN was using their unlicensed software, the best path might not be to impose a hefty fine on CERN (an existing customer). I never said anything about how to treat a one off person that has stolen your software.
They don't need to charge the student (and I would recommend the student just walk away) for future people to learn not to do this. The post by itself is clearly a warning not to be the one who thinks it's cool to download and run random software. They aren't going to give him any kind of recommendation.
They didn't name him, but people within CERN certainly know his identity. People care about reputation.
Photoshop didn't become #1 by fining pirates. A heat model simulator is such a niche tool that the market for licenses outside of the institutions and companies who pay mega $$$ for it is surely miniscule(?)
It'd make more sense for Microsoft and Adobe to chase millions of license violators over Office and Photoshop. Maybe they do, but I've not heard of it happening in personal cases, just businesses. It sounds like this vendor is chasing CERN though, despite it being the fault of an individual not employed by them.
Wow, this post makes me angry and I don't know at whom. Is it the student's fault, who wanted to use the software he had legally licensed, but couldn't because of stupid licensing terms, or the company's fault for wanting to get paid for their software?
I'm inclined to side with the student, I think. When I pay for stuff, I want to be free to use it in a reasonable manner, and restricting usage of the software on the specific computers the company likes is not reasonable.
But not for 30k. I doubt a court would award this much in damages if he was sued. Even before that, I don't think CERN is justified in releasing his identity (edit: I mean, the identity of the student to the software vendor for them to sue).
1) CERN also did a grown-up negotiation to have the person work for them, and therefore carry out his function as the legal entity "CERN", not as himself. Any action he did in his function, is legally executed by CERN, not by the employee. That of course includes installing software he needs for his job, and certainly covers installing any software CERN directed him to install.
This works both ways : if he invents/builds/... something and CERN sells the fruits of his labor (or otherwise profits from it), he doesn't have a claim to single cent of that profit. If he does something as part of his job that damages CERN, the most he can lose is his job. If he unintentionally blows up CERN headquarters, CERN quite literally has to pay him his wages for doing so, medical expenses, ... the company would even have to replace his cell phone if it broke during the explosion and pay to have his pants cleaned afterwards. The unintentional part is only required because, if intentional, it would be a criminal act (and this intent needs to be proven beyond reasonable doubt, not merely indicated). Even if he failed to follow safety procedures while doing so, it was the company's responsibility to correct him, and the consequences for failing to do so are theirs.
2) stealing is a criminal act, and governed by an ENTIRELY different part of the law. The two cannot be compared. This case would be governed by employment law and commercial law, stealing is covered by criminal law.
But your example has another flaw: if you can even vaguely reasonably claim you took the item by accident, yes you should be able to pay the $5 and be even. No criminal court judge is going to convict anyone who non-violently took a $5 item, and offered to pay the damage in full the second he was confronted. This would not be reasonable.
IANAL but your company is not shielding you from legal responsibility of the illegal actions you take, even if you are required by your employee to engage in those activities.
That is a warning to be careful I heard was given to sysadmin. Even if their boss require them to steal personal information or "find" software, they are legally responsible for doing it.
There is a point area somewhere between murder and failure to protect confidential information at which the company takes over responsibility, but that's not a blanket protection as financial obligations.
Depends what you mean by "illegal", there are over two dozen main kinds of illegal. As a massive simplification anything not found in the "criminal law" or "employment law" books your employer covers while you're working (and in some states while you're doing things you're only doing because you work, e.g. drive to work).
So, very generally speaking, anything you can't get arrested for is covered by your employer.
Nope. He/she did not negotiate it. The company is speculatively invoicing CERN. CERN are attempting (with dubious legality) to pass it to a University who are attempting (with extremely dubious legality) to pass it to a student. The student should call his/her lawyer asap and should certainly not pay this demand without forcing all the parties to actually undergo some due process.
I think it is safe to assume that HE knowingly and wilfully breached his contract with CERN. again TFA states that, and I quote, "Understandably, the student was shocked when we investigated the case and he was forced to acknowledge the facts."
The student has wilfully broken the law. Due process has clearly been undertaken. Again, RTFA.
She should never have acknowledged the 'facts'. She should have called her lawyer. She should also point out that she was under pressure to get stuff done and was under the impression that she had a licence to use the product.
Due process implies a legal process not a random invoice and several large organisations charging an individual an arbitrary amount.
No. You are wrong and getting very tedious. This individual, a male by the account of a person that has first hand knowledge (something you, or indeed I, do not have) of the situation, did wilfully obtain software for use outside of the agreed license scope. HE didn't get it from an authorised reseller or from CERN, an innocent party in all of this. HE obtained this from an illicit site. The ramifications of this action could have been considerably worse; someone has already mentioned confliker.
Let's examine your quoting the word "facts". Are you disputing that HE acted unethically? By using unlawfully procured software? Are you really arguing that these actions should go entirely unpunished?
There is only 1 organisation charging an individual, who has used said company's product unlawfully (this is the bit you seem incapable of acknowledging). The other 2 were implicated by HIS unlawful and unethical and merely met their legal obligations in identifying the guilty party.
Whichever way you look at this, however militantly anti-capitalist you are, failing to accept the individual acted unethically and with impunity is a ridiculous position to take. Should HE pay the money? No. HE should negotiate. HIS career in the very small field that is academic particle physics is over as HE has acted unethically.
He used it only under the scope of his work and the company contracting the work had the necessary seat in pool to cover for the student license.
So the student is only technically at fault in the same way as you are technically trespassing when you sneaked behind your colleague that day your forgot your badge.
The reason the company was able to extort ( I think that's the only appropriate term here ) 30K is because of the enormous B2B corporate administration will process this issue routinely rather than using common sense.
As a European tax payer that is not the behavior of a company I want my tax money to fund.
FTFA; But our student failed to download AllSIM from DFS onto his office PC, since that wasn’t where he wanted to use it. He wanted to install it on his laptop so that he could work on his simulation while travelling. However, the CERN AllSIM installation would not allow for this, as roaming usage is not covered by CERN's AllSIM licence. The student had a need and was not willing to compromise i.e. by using the Windows Terminal Service. Instead, he used Google and quickly found AllSIM for free on a dubious website. Three clicks later, he was ready to go.
For convenience, the student essentially stole the license.
The student didn't steal the license. He misused the license.
The license for his usage existed in the pool - it is only a combination of CERN security policies and the company licensing check limitation of their product that prevented proper identification and therefore infringement.
Sure there is violation, but the elephant in the room here is that a license was available and paid for so the company producing the software had been compensated. We are not in the grey area "but I would not have bought it anyway" where "stealing" could somewhat apply.
No, he stole it. He went to a website, not under CERNs jurisdiction and downloaded a cracked copy of the software thereby circumventing the license and using the software unlawfully. No pachyderms present anywhere. It really is that simple.
If you want to be pedantic - then no it is not that simple.
The student is in license infringement, copyright violation, contract with CERN violation, ... but has not stolen anything.
But yes, he need to pay for those "crimes". That's what the 30K fine is for ?
Nope the 30K is just an agreed payment between the CERN and the Company for the discovery of his infringement. That money will charged back to the University thanks to another agreement and only then is going to be charged to him. The "theft" will go unpunished in the eye of the law.
The student fucked up - that part is simple. Everything else that leads to him having to pay 30K is anything but simple. Considering the context described in the blog it involves a lot of bad faith from the company and the CERN.
Just because the company and CERN say the student has to pay doesn't mean that he/she has to... The student would be well advised to call their lawyer at this juncture.
Only if you know nothing about copyrights and intellectual property laws.
First, there was NO theft. Copyright isn't about theft, no matter how the media likes to portray it, what matters is the law. License violation. Not theft. Not stealing. Violating license.
Further,
> He went to a website, not under CERNs jurisdiction and downloaded a cracked copy of the software
Has absolutely no bearing on the license violation. None whatsoever. No theft, no "illegal downloading" (whatever that means), especially in the world's saner jurisdictions where reverse engineering and/or cracked software by itself is NOT illegal.
It doesn't matter where he got the copy, because a copyright license has nothing to do with obtaining or possession. So it can't be theft. Copyright license only covers WHAT you can do with a piece of intellectual property.
CERN has a site-license. If the student had downloaded the cracked software, from anywhere, but used it only on-site: No problem. Covered under the license. Bonus: no dongle required.
> It really is that simple.
It's not actually that complicated to stick to the legal facts either.
Legally stealing includes the concept "taking with the intention to permanently deprive". The concept of stealing revolves around physical goods not intellectual property. What he did is not stealing (and if you attempted to charge him with theft you would lose in court). The crime is copyright violation not theft. Please be accurate when you are being patronising.
By taking the license without paying for it, he has permanently deprived AllSIM from the license revenue, ergo it was stolen. And drop the ad hominem. You are attacking me and the manner that you interpreted my statement, it has no bearing on the discussion.
The student didn't "take" a license, if he could have, and did, there would not even have been a case because he would have had a license!
For clarity, not attacking you, just pointing out your completely inaccurate view of intellectual property law, with the intention that other people may not get any ideas this is actually how copyright works.
But don't worry, I won't call you out for being patronizing, not when you're the one being taught.
You are assuming that there would have license revenue, that is, that there would have been a sale. In this case that's possible; in many cases that's completely false (maybe even in the majority of cases).
So the "stolen" word is a strange word for an act which leaves the owner with the goods, and does not cost the owner a sale that they otherwise would have had.
What it is, though, is taking the owner's software in violation of the owner's terms. That's immoral (arguably), and definitely illegal. What it isn't, though, is stealing in the historic meaning of the term. (Though that may not be a valid argument, as uses of words change with time and new circumstances...)
Further to this. Theft has a clear legal meaning. For example in the UK stealing a car is technically difficult to prove since proving intent to permanently deprive is not very easy. This does not stop a law against taking a car without the owners consent which is then punished appropriately.
Well a few minutes with google and wikipedia will set you straight on this. Actually that your legally wrong insistence that copyright infringement is theft actually damages your copyright maximalist stance in the eyes of both legal precedent and public opinion. NB I don't argue that copyright infringement should be legal -- merely that is is a different class of crime than theft.
I have first hand experience of your car theft analogy, my car was stolen and, luckily enough for me, recovered along with the thieves. They were successfully prosecuted. You are, yet again, wrong.
You are quite slow to grasp simple concepts aren't you.
The car theft example is not an analogy it is a fact. I never said that taking a car is legal. However, the crime is "taking without permission" not "theft" (although it is I admit often referred to as theft in common parlance). This is because theft has a clear long standing meaning which for various reasons is often difficult to establish for cars. Therefore a new type of crime (which happens to have the same punishment) was created.
The point about how stupid you copyright maximalists sound to the general public when about software 'theft' stands. You weaken you position when you do so and make yourselves subject to ridicule.
Your comment ought to be flagged, but for some reason cannot be done by me. You have gone too far. Not only are you wrong, you are being obnoxious, rude and cowardly. I guarantee that you wouldn't dare speak like that to anyone you were in front of. Just another cowardly nerd hiding behind a screen.
You're right that what that user did was not ok. Unfortunately comments like this one just compound the problem. When you can't flag a comment, someone else probably will. Or you can email us at hn@ycombinator.com. But please resist getting into a personal spat.
Everyone in this thread was at fault. You can't post things like "Did it blow your mind when you understood something for a change" here. HN's rules hold regardless of how provocative someone else may have been.
We all lose it on the internet sometimes. On HN the thing to do is recognize that you broke the rules, stop blaming the other person for it, and move on.
The I-merely defense ("I was merely X-ing, but they were Y-ing") doesn't work. You can, and people do, justify anything that way.
Please re-read my comments on this thread and others on this article you will find that I've actually been very patiently trying to explain some simple concepts -- to someone that repeatedly swore, accused me of criminal activity, wilfully misinterpreted me and raged at me. I said nothing that I would not have said IRL even when I did eventually descend to sarcasm in respond to the personal attacks.
Because the software license was restricted to use only in the lab. The student wanted to use it while he was travelling - not an unheard of use of software, and a reasonable expectation.
This was OP's point. If I'm paying for a boatload of expensive licenses, why should I be limited to how and where I use the software?
CERN licensed the software exactly that way. They aren't Joe Random User. They have a purchasing department that can negotiate back with the vendor.[1] Then the student wanted to override CERN's negotiation with the vendor.
Not the university, CERN. As the article notes CERN's license pool is only for fixed computers (not roaming), the student wanted the software on their laptop so they went and downloaded a cracked version.
I think the only reason CERN was involved at all is because the student used an illegal version of the software to access their system. By going to CERN, they were able to track down the culprit, and that was the student, who essentially was the one who got hit with the bill.
I might be wrong here, but from what I understood, he wanted to keep working with the simulation on his vacation? Ended up getting punished for it because of shitty license agreements.
The thing that angers me about this, is that the user could legally access this software from his Laptop, albeit over an inferior third-party interface.
His choice was between accessing the software over a display proxy, and accessing the software locally. The provided functionality was essentially the same either way.
I don't understand how this minor technical distinction should be worth 30 kCHF.
CERN had the option to negotiate for a traveling license and declined to do so.
The fact that there was a technically inferior workaround means jack shit. Yes, it's technically inferior, that's why you should pay for the real thing.
"A workaround to your licensing deal existed so I wasn't violating your licensing deal!" is nonsense.
It's not "arbitrary." The contract didn't allow it. CERN didn't buy it.
And even if it were "abritrary," the time to discuss that is when you are negotiating the software license with your vendor. This isn't shrinkwrap software being sold at ElBo under a clickwrap license. It's a sophisticated buyer who has a staff member dedicated to the job.
You can tell "roaming license" was valuable because this student went to a warez site to get around it. The vendor likely charges more for it, and CERN didn't want to pay it, so CERN voluntarily left that functionality off the table. Then the student decided to overrule CERN's negotiating and the rules CERN had explicitly set out[1]. Oops.
I don't get to decide the GPL is stupid and release modified software without source.
I find the behavior of the software manufacturer rude and unacceptable. CERN is certainly not the type of company that screws you over or produces counterfeit copies for their own profit; 30kCHF is an outrageous claim.
Sure, people using your software without a valid license is not cool. On the other hand, AllSIM didn't suffer any damages.
Also, there are probably not that many potential customers in the world for AllSIM(TM). Maybe CERN should have used their power to make clear that this was the act of a naive student, and that a ridiculous fine could seriously impede the future business relation with CERN...
> I find the behavior of the software manufacturer rude and unacceptable.
I've seen many photographers who ended up with the exact same behaviour because any other is a good way to get steamrolled. Infringement = infringement invoice, period, end of the story.
> 30kCHF is an outrageous claim.
Depending how the original license cost (for a roaming license too) is, not necessarily. An infringement invoice must be significantly higher than a regular license or there's no point to getting a license, you can just wait to be caught. Considering the kind of products we're talking about, licenses are probably in the 5k~10k range. A 3~5x infringement surcharge isn't outrageous.
> On the other hand, AllSIM didn't suffer any damages.
Somebody used their product unlicensed in a way not allowed by the licenses they had access to, that sounds like damages.
> Also, there are probably not that many potential customers in the world for AllSIM(TM).
On the other hand, there probably aren't that many potential replacements in the world for AllSIM.
> Maybe CERN should have used their power to make clear that this was the act of a naive student, and that a ridiculous fine could seriously impede the future business relation with CERN…
Why? CERN suffered no damages, they forwarded the invoice to the student.
> I've seen many photographers who ended up with the exact same behaviour
Total different scale. One photographer vs thousands of infringers is different from team of lawyers vs one casual infringer which is also a good customer.
> A 3~5x infringement surcharge isn't outrageous.
We'll have to disagree there. The copyright industry is the only industry on earth using multiplicators as liberally as this, for "damages" that are very hard to prove in the first place.
> CERN suffered no damages, they forwarded the invoice to the student.
Yeah, and that's a dick move as well. The student clearly did wrong, but CERN might have had a responsibility by not monitoring what this student was doing (why did he have to install the software himself? Where was the sysadmin? Why is he allowed to use his own laptop? etc etc). They acted like Pilate, and that's not good in my book.
With whom? Certainly not software vendors, probably not students or researchers either. Frontend web developers? Now I'm sure that will be a great great bother for them.
Students and researchers. They don't care about copyright or software free or otherwise. They care that their institution is seen to be on their side and prepared to look out for them. CERN clearly is not in this case.
Well they actually do run on karma. CERN runs largely on tax money. If citizens of the countries that contribute to CERN don't support giving money to CERN then it's grants will eventually stop... NB I'm not saying that this one incident will stop any grant money but this sort of event tends to sour people's minds.
Since the student had access to the software with a more restrictive license, they should have charged only the price difference between the two licenses (or some reasonable surcharge of that, as you suggested). Also I assume these licenses are multiuser licenses, charging the full license price is kind of unfair.
In the end what is the intention of the software company? They probably only want to enforce the license so nobody uses their software illegally. It's irrational to get a revenue from these cases. 1000 CHF from a student I think is a big enough hit to discourage the illegal usage of their software among students, really, and they wouldn't send a student to deep dept.
Agree absolutely with your sentiment. However, CERN's kind reaction is not atypical and is usually extremely self-serving.
This kind of minor stuff is often seized upon to demonstrate self-righteousness and establish a defense for future claims. For example, in a large company in which I worked (tens of thousands of people), someone at my site installed some unlicensed utility, which I think was worth like $200, on his laptop, just to check it out - it was something he didn't even need. The utility phoned home, the author company wrote a letter - not even a rude or threatening letter, just an FYI - to the large company. The next day, the large company made a huge show of having security meet this guy at the entrance with a box of his belongings, and sending a mail to everyone about how they just fired someone for unlicensed use of software, filled with some of the same sanctimony used by CERN. Everyone thought this was ridiculous, and that there were better applications for the high-mindedness.
It's literally bragging. The story's provocative lead ends with the words "Here is my story." as though told by the student, about an organization from hell.
But it's not his story!
The author is actually the bad guy! The thing that makes the experience hell is...him. He's just being a jerk, for numerous reasons. I hope he has $1 million lying around to contribute to cern's recruitment budget, because that's what his behavior costs as words of stories like this get around.
Just read the comments here at HN. In what possible universe is a public blog post like this an appropriate reaction? The only one damaging CERN's reputation is this guy.
What would "the right thing" be exactly? Nor enforcing their own rules, eating the costs of a student fucking up (when they didn't have to) and gaining the enmity of a software vendor?
They probably *should( eat the costs. If your employee breaks your machinery, well, fire him and move on.
As someone who is hardly the student's best friend on this thread, I'm skeptical they could really stick him with the 30K bill, and even more skeptical that they could get any of it from him, since he is judgment-proof.
Yes the student fucked up, but CERN does have the 30k to spare, where as this student probably does not. Sure this is a good lesson to share, but also this is someone's life. They could have let the student go but still paid for it. Its the human thing to do
Institutions are not humans, so they cannot do "the human thing to do".
And of course there are departments, projects, etc, and probably the specific department that was billed did not have 30K to spare.
Anyway, they could try a political solution (ie: call someone with authority in AllSIM)
Perhaps making the student share a portion of the cost would be smarter. Maybe make the student pay 5 or 10k or the 30.
Alternatively, everyone could be adults and settle for a smaller, much more reasonable amount proportional to harm. Especially considering the company wasn't really harmed substantially by this since he did have access, just not on that machine.
Even though CERN's budget is probably humongous, it does not mean it can spend 30k CHF (27.5k €, 30.5k $) left and right. As it is huge amount of cash.
The best way to do is explain and negotiate with AllSIM. As I understood the student used pirated software for a very short period of time. If AllSIM are human, they will not charge CERN, or charge low fine (<1k €).
Rules are rules, without obeying them, student compromised reputation of whole CERN, then his/hers university and finally himself. Probably CERN will not hire him and will not recommend to anybody else.
You don't need to break 'life-threatening' rule to compromise your reputation.
It's just about who is trustworthy and reliable, and who is not, especially in an organisation where people are very educated and probably with high morality standards.
As has already been established repeatedly on this thread quite possibly no one should pay. If I send you an invoice for $30000 it does not mean that you owe it to me merely that I am demanding it.
Right, I'm going to try and put this in very simple terms. The student is the one who broke the law. HE deserves to be punished. CERN are not the employer, the University are. HE was seconded to CERN by the University. However, the actions HE took were done on HIS own. Had HE been directed to pirate the software by either CERN or the Univerity, then you may have a point. As it stands you do not. Pointless. I'm sure you are going to suggest draconian licensing terms, blah, blah, blah... The fact remains that the terms exist and, as a professional scientist, HE should have behaved ethically and operated within the confines of the license. End of discussion.
You are a copyright maximalist. I have a different view where I believe that creators should be paid but not to exclusion of the rest of society and not to the exclusion of the rule of law. This colours both of our views of the facts and we will never agree. We both think that the other is sadly misinformed and a foolish with a politically motivated viewpoint.
Nope, wrong again. You are anti-intellectual property, but that has little bearing on the facts of this story.
I believe that if you have made an agreement, you keep it and if your employer has agreements with third parties, that you honour those too. If you, or this indivudual, have moral objections to said agreements, the choices are simple, leave their employ.
Taking and using the software without permission or regard for agreements made in legally binding contracts is not an option, and it is not morally or ethically anyware close to doing the right thing. You seem to have lost sight of this because your views are politically motivated. It has nothing to do with your views of how the world should work.
Since you are so concerned with the 'the rule of law' (due process doesn't exist in UK law, we have natural justice, but that's by-the-by), the students actions were in direct contravention of established laws and policies. You seem to think that HE is above censure because 'capitalism is bad, man'. Well I'm sorry to be the one to break this to you but, it's actually about ethics. This individual has none, and clearly neither do you.
I am certainly not an anti-capitalist. Although I don't regard such a comment as a slur.
I do think that creators should be paid.
I don't think that companies should slam arbitrary egregious charges on people -- and I know that courts don't always uphold these speculative invoices and indeed have been known to punish the people making the demand and their legal representation quite strongly.
I do know that most people in the real world would find this utterly outrageous given that the student had the right to use the software in question in the setting in which it was detected.
I personally would not do what he did -- all software that I use is either free (as in speech) or properly licensed.
The only thing that is wrong is the twisted interpretation the story! The charge isn't arbitrary!
The student didn't have the right to use the software! It was only licensed to be used at CERN. HE downloaded it from an illegal site that provided a cracked version of the software on his own laptop so that HE could travel and not be at CERN, where he was entitled to use the software![0] He was even allowed to access the software using terminal services, but, in caps so it's easy for you to understand, CHOSE TO PIRATE THE SOFTWARE FOR HIS OWN CONVENIENCE!!! If you had read and understood the article, as you claim, you would know this. You even aknowledge that the software was improperly licensed!!!
To your ad hominem, I will respond in kind; you are an idiot.
[0] From the second paragraph of the fucking article: "But our student failed to download AllSIM from DFS onto his office PC, since that wasn’t where he wanted to use it. He wanted to install it on his laptop so that he could work on his simulation while travelling. However, the CERN AllSIM installation would not allow for this, as roaming usage is not covered by CERN's AllSIM licence. The student had a need and was not willing to compromise i.e. by using the Windows Terminal Service. Instead, he used Google and quickly found AllSIM for free on a dubious website. Three clicks later, he was ready to go."
I don't believe they do have a spare 30000CHF (approx $31000). Even if they did, I'd rather that they spend the CHF 30000 on research. Any way you look at it, this is the students fault, not CERNs or his University. The human thing to have done was to have acted professionally and not pirated the software in the first instance.
In case anyone was also wondering, that's the Swiss Franc, and not a Chinese currency, and converts to about 30,800 US dollars.
> As he was affiliated with a university, CERN passed all costs to them who, in turn, passed them on to the student.
At first I thought that the software vendor was being unjustifiable. But if you think about it, the student was not just part of CERN, he was also (using the s/w) to work on a CERN project - so it does kind of all fall back into CERN's lap. Yet CERN passed the cost to the university, which passed the fine to the student?
> Yet they passed the cost to the university, which passed the fine to the student?
CERN had a license pool available which the student didn't use, and the student most likely broke CERN's rules wrt licensed software. Why would CERN pay for a student's breach of their rules?
The way I look at it is that the licensing agreement, and penalty clauses, is totally between CERN and the software vendor, and not the particular student.
Did the student sign some type of a indemnification agreement with CERN?
+1. I don't support or defend the student's actions one bit, but the 30K was negotiated between CERN and the vendor. Fire him with a "not eligible for rehire note" in his HR file: fine. Make him the subject of orientation studies: great. Trying to get him to pay CERN's fine: sketchy.
Not just unlicensed, possibly from a warez site, possibly bringing trojans and keyloggers into the network.
I'd suggest CERN run a deep scan and begin backing up data and formatting systems. If they think 30k is bad, imagine the bitcoin bill for a cryptlocker key to the entire CERN dataset.
My opinion of CERN has gone done a few notches after reading this bitchy blog post, this is some poor sap's life they have ruined for taking initiative around silly restrictions to get shit done.
They should have contacted the software company in question and settled this, now both CERN and Allsim have a bad reputation and a student is deep in debt
The keyword here is CAN, no harm was done to CERN in this case that we know of.
It makes for a toxic workplace once employees/students in a facility feel like they can be thrown under a bus by management, or worse purposefully made an example of.
The whole approach here is destructive and makes me think that someone at CERN went on a power trip and is a real arsehole to work for.
Yes it was. CERN's negotiated contracts were broken, triggering a 30K damage award. Just because it's "on paper" doesn't mean the damage isn't real. He could have done the same kind of damage if he had sexually harassed an underling.[1]
I can say with very high confidence that "don't pirate software" is a key part of orientation at CERN, the same way as at most large companies.
The student might not have known about the specifics of the contract (and he shouldn't pay the 30K), but it's not the company's responsibility to tell each and every idiot "here is why you obey our policies." It's the company's responsibility to tell each idiot "these rules are important to obey."
[1] of course the student likely didn't have any reports
The student was wrong. He had access to a legal copy through CERN, but instead, he used a pirated copy. Not only is that legally wrong, it is bizarre.
The company was wrong. They are not a law enforcement agency. They have no right to demand a fine of CHF30000 be paid. At best, they can send a cease and desist. If they believe significant damages have occurred, they can sue.
CERN was wrong to pay the fine and pass it on to the student. For one, they had a site license. For another, after investigating, they found it to be the stupid act of a naive student who, I am sure, has learned his lesson by now. However, it was no skin off their back to pay up and pass it on. They should have refused to pay the fine and participated in coming to an amicable settlement between all parties involved.
> The company was wrong. […] They have no right to demand a fine of CHF30000 be paid.
The company has every right to send a speculative or infringement invoice, the infringing party also has every right to ignore said invoice and try their chance in court.
> For one, they had a site license.
Which didn't cover the student's usage.
> For another, after investigating, they found it to be the stupid act of a naive student who
had likely breached CERN policy and was possibly a hazard to CERN's computer systems.
The company has every right to send an infringement invoice, the infringing party also has every right to ignore said invoice and try their chance in court.
They have every right to send a notice as I said, myself. It is the fine that I believe is unreasonable regardless of whether it is explicitly part of CERN's contract with the company.
Which didn't cover the student's usage.
No, but then, it wasn't CERN who downloaded and used a pirated copy, was it?
had likely breached CERN policy and was possibly a hazard to CERN's computer systems.
They said flat out that he violated their computing policy, so they can take away his computing privileges, but paying a CHF30K "fine" and sending him the bill?
CERN should try to mediate between the software company and the student.
The high fine of 30k was probably set because the company thought CERN was violating their licensing. For an institution or large company the size of CERN, 30k might be a justifiable fine.
If the company knew the infringement was done by a single student, they probably would not have set such a high fine.
Also, I doubt 30k would hold up in court as a reasonable fine, given that the student had access to the software anyway. Although him downloading the software illegaly shows some criminal energy.
But maybe I'm wrong and the company knowingly fined 30k for the single person's license infringement and CERN tried to avert that. Would be nice to know some more details.
1 CERN will fuck you over, do not count on them, and definitely do not go above and beyond to finish a job assigned by them
2 Use outbound firewall when using pirated software. Download said pirated software only from connections that cant be traced back to you. Learn about output files watermarking (for example IDA Pro watermarks everything).
Good job CERN, prime blog post there, people skills so stronk!
This bulletin is obviously aimed at scaring others who were thinking of doing something similar. Still, it's a bit heavy handed, isn't it? No one was hurt, no damage was done, CERN responded immediately when notified, and it turned out to be a dumb student who fucked up. Give the dude a slap on the wrist, and let it go.
CERN should have told AllSIM to go pound sand on "indemnity"; just pay the difference between the license they have and the one they need, even just in kind (losing a couple of users). This under threat of losing CERN forever as a customer. I bet AllSIM would have relented: 30k CHF won't pay three weeks of lawyer fees, nor will they make up for years of CERN business.
That was the right thing to do, not washing their hands of it and crucifixing a kid. Unfortunate things happen all the time in business, real men deal with it with fairness. This is despicable behaviour.
You don't take a binary blob from a dubious website and install it onto a company machine, and if it was his own laptop, then you don't use such a blob to produce another blob and install that on your company's machine. That's such a damn stupid thing to to in so many ways. The IT security department has all the reasons to be angry, much worse could have happened than triggering some company's license monitoring system.
Having said that, I hope they are going to let go on the student with that 30k.
Was the company in question legally right? Probably (I'm not a lawyer). Was this a dick move? Totally. Did this move makes them any long term benefit? I don't think so. I think they lose this short term 30k CHF in long term by harmed reputation. So in the end everybody loses.
I'm confused. If CERN has the licenses, and the student is covered under that usage case, why wouldn't their license rights apply to the software that the student was using (regardless of where they got the the binary installation or whether it had a crack). The software has still been paid for, so why wouldn't the software company allow it? It sounds like the software company is exploiting a technicality in their licensing terms, for no real reason other than greed?
So my neighbor has a book in his house I want to read. He didn't want the book out of his house. So we both got legal counsel and negotiated a contract that I paid him an amount of money and I could read the book inside his house. He also put a damages clause in the contract because for some reason people have violated his stupid rule.
Well, pretty soon I wanted to read the book outside. Oh, but the rule. But wait, I had him outsmarted! I put the book on table in the house next to a window, and then I could read the book while outside.
Wait, this is stupid. Why am I reading a book through the window? I'll just pull the book out through the window and read it there.
WTF, my neighbor now says I violated the contract? I've triggered the damages clause of the contract I vountarily agreed to? All I did was move a book three feet through a window! I had a contract that I could read it!! I THOUGHT THIS WAS AMERICA!!!
Sure, Switzerland isn't in the EU but can companies really issue huge fines to other people there? Here in the UK I believe fines/penalties in civil situations can be restricted to the actual damage caused (?).
I hope this ends up in court if Switzerland has similar rules. It seems like one of those situations where a company might legally be able to do something, but the ethics are uneasy.
This is not a 'fine' in the legal sense, it's a (most likely) contractually agreed penalty for non-compliance with the licence terms, or otherwise a settlement proposal. This is most likely a no brainer, from a legal point of view (it's how pretty much all specialty licence deals are constructed) - as I'm sure CERN's in-house councel has advised.
There is a reason this sort of thing is covered during orientation training. Sure, many people (especially those new to the real world like students) roll their eyes at it and think it's all just a bunch of mumbo jumbo; and OK, usually in practice it's not as strict as it seems at first, but that doesn't mean it's any less real.
In many European countries many software licenses are worthless. Similarly such penalty clauses have no legal weight. This is likely to be far from a legal "no brainer".
Pray tell in what country whatsoftware licenses are 'worthless'. Because they're contracts like any other, and parties are free to contract anything they want (bar illegal things, which a penalty clause certainly isn't) anywhere in Europe.
I'm in the UK which is only one part of Europe, and while "penalty clauses" are not illegal here, they are unenforceable. Liquidated damage clauses that impose reparations of a genuine pre-estimate of probable loss are fine, however. Whether $30000 is such is a matter for debate. If the software would cost $30000 for licensing on a single laptop, maybe it would be.
Then you will know that contracts are only enforceable if they are legal. Also you will know that coercive contracts which one party could not understand tend to be looked upon unfavourably by courts.
I don't mean to be zealous, but I'll be honest. Why don't research organizations and international conventions have strict policies of using only free (as in freedom) software? I think this is a cautionary tale right here of why it's important. The licensing pitfalls of violating proprietary terms are so much higher stake.
> Why don't research organizations and international conventions have strict policies of using only free (as in freedom) software?
What are they to do when no such "free software" package exists? Stop research? Spend years trying to build one when there's a known industrial package available off the shelf?
Isn't that already the reality for plenty of commercial enterprises, where certain licenses are avoided like the plague? Licensing is an unfortunate form of yak shaving that everyone must get around.
Considering the alternative is conducting research on top of intrinsically obscurantist proprietary software, the trade-off might well be worth it.
There are adults who want to get their job done and don't care about your feelings about free software. 30K is chump change as far as CERN's software budget is concerned and is not going to make them give up on commercial software.
Also, because I can anticipate the response: just because 30K is not worth giving up on commercial software, it doesn't mean they shouldn't try to fix the user fuckup that cost them 30K.
The only one invoking "feelings" here is you alone, and it implies to me you're the one who is most susceptible to them here. If you have some vendetta against free software, then leave it out for now.
The question of how one reconciles obscurantist practices with the scientific method remains open.
This happens frequently at large corporations, where a design engineer uses either an educational or personal license on a corporate machine (or vice versa), either out of ignorance or simply because they want to work more flexibly than they'd otherwise be allowed. IT departments don't adequately educate about it, imho, and software companies are too heavy-handed in enforcement, but regardless of all this, the student was in the wrong here and absolutely knew better than to use a pirated license.
The so-called freedom that software authors have to choose a software license is in reality not a freedom, but a controlling power over other people – the users of said software.
