Who are you buying your EDA software from?

If three years ago you had asked EDA-software vendors about software piracy, they would have answered, "It's not a big problem." The addition of licensing software, such as FlexLM from Macrovision, to their tools acted as a good enough deterrent "to keep an honest man honest," in the words of one vendor. Now, in the age of WANs (wide-area networks), developers working on designs worldwide and 24/7, and ever-more-rampant EDA-software legal disputes, legal land mines are cropping up as fast as the pirates are finding new ways to profit. Accordingly, EDA-software vendors are taking software protection more seriously, and so should you.

Inadvertent piracy or use of stolen tools can put you at as much legal risk as people who bootleg and sell stolen software as their "business." So, EDA-industry organization EDAC (Electronic Design Automation Consortium) and its members are getting tough and pursuing the pirates. And, EDA vendor Silvaco, which two years ago won its misappropriation-of-trade-secrets case against Circuit Semantics, is now going after customers. It is attempting to recover the license fees for its software plus a percentage of revenue generated from products that those Circuit Semantics customers originally developed with Silvaco's stolen software. Among Silvaco's targets are AMD and Intel.

Increasing complaints from its member companies and China's greater role in electronics prompted EDAC this year to establish a committee to gauge whether EDA piracy is real or an urban legend. It found that the problem is real, growing, and could wreak havoc on the $3.5 billion EDA market, according to Laurence Disenhof, a committee member and group director of export compliance and government relations at Cadence Design Systems. Disenhof says that the EDA industry is encountering more overt forms of piracy. "We are taking this seriously, and we think our customers will take it seriously, too," he says.

According to EDAC Piracy Committee member Jim Douglas, Reshape's chief executive officer, cases of overt and inadvertent piracy are going on. "A lot of it is simply educating people and speaking with executives about the behavior of their organizations. They may be unaware of what constitutes inadvertent piracy, but, in other cases, they have employees that outright misuse and distribute software their company hasn't paid for," he said, as a member of a recent Design Automation Conference panel.

EDAC and the BSA (Business Software Alliance), a nonprofit software-industry group dedicated to tracking and prosecuting software piracy, educating the public, and lobbying the government on the issue, have no statistics tracking the impact piracy has had on the EDA industry. But the BSA and industry analysts from research company IDC joined to conduct their first worldwide software-piracy study for the year 2003. And the most recent piracy study concludes that the software industry worldwide sold $59 billion worth of commercial software in 2004 but that $90 billion worth was installed, meaning $31 billion worth of software was pirated.

Although no study on EDA piracy exists, EDA vendors say convincing evidence does exist that EDA-software piracy is on the rise, especially as Asia opens up as a market for design tools. According to the 2004 study, Vietnam, Ukraine, and China top the list. In those three countries, 92, 91, and 90% of all software is stolen, respectively. In India, which has a growing reputation as a strong country in IC and design services, the figure is 74% (Table 1).

Laurie Atkinson, director of marketing at the BSA, says that the 2003 piracy study found that two-thirds of college students participating in the survey said that they have knowingly downloaded unlicensed software from peer-to-peer networks. "They know it is wrong, yet they do it anyway," she says. "And, presumably, they will be taking these attitudes into the workforce. When a company hires a new graduate, unless the company has an aggressive software-management policy in place, that new graduate may be illegally downloading software and putting that company into jeopardy."

Over the last year, you may have seen greater evidence and received a growing number of e-mail solicitations with URLs likely leading back to China or Russia, in which individuals claim to offer EDA tools at huge discounts. One such e-mail offers users unlimited access to any tool from Magma Design Automation, Mentor Graphics, Cadence Design Systems, or Synopsys for a low fee, and another claims to offer for $20,000 a workstation with every piece of EDA software from those vendors preloaded. The offer even includes maintenance. The BSA's director of enforcement, Jenny Blank, says that those offers are more likely to be Internet money scams than piracy operations. Still, no shortage of methods to pirate software exists.

The BSA has identified five major classes of software piracy: end-user piracy, client-server overuse, Internet piracy, hard-disk loading, and software counterfeiting. End-user piracy occurs when a company employee reproduces copies of software without authorization. Client-server overuse occurs when too many employees access a piece of software over a network. Internet piracy takes place when pirate Web sites make software available for free download or in exchange for uploaded programs. It also occurs when Internet auction sites offer counterfeit, out-of-channel, infringing-copyrighted software or when peer-to-peer networks enable unauthorized transfer of copyrighted programs. Hard-disk loading happens when companies load a piece of software onto multiple computer drives. And software counterfeiting occurs when users duplicate and sell exact copies of copyrighted material.

The two most common forms of piracy EDA vendors encounter are inadvertent piracy and intentional "overuser" perpetrators. You may be unaware that you are illegally using software. For example, EDA vendors offer companies a broad range of licensing options that can vary from sale to sale, so users need to be aware of the terms of their licensing agreements. "A majority of companies pirating software are actually honest companies, but, for whatever reason, software-asset management is just not at the top of their list of priorities," says Atkinson. She says that this situation typically occurs in the midsized- to small-business sector, which may lack full-time IT personnel to monitor these things.

According to Disenhof, the most worrisome form of piracy for the EDA industry is client-server overuse or, as many in the EDA industry call it, "underlicensing." "We are seeing one copy, one seat being purchased, then used 24 hours a day, seven days a week on a WAN," said Disenhof on a DAC panel. "This industry is using the Internet on a global basis today, and, whether they are doing it consciously or unconsciously, having software reside on a server that is accessed around the world may not be licensed legally. Engineers who are picking up the software in China, for example, during the graveyard shift in the United States may not have a legal right to use it. So, we are seeing a general trend of underlicensing across the board." Disenhof and others point out that most vendors offer terms that grant 24/7 usage of software worldwide, but it is typically much more expensive than a single-seat, perpetual license.

According to Rex Jackson, Synopsys' general counsel and acting chief financial officer, the other most common form of EDA piracy comes from the intentional overuser. A common profile of an intentional overuser is a customer who acquires just one perpetual license of a flow and then almost immediately drops the maintenance agreement. "We work with our salespeople to identify that profile because it is remarkable how good that match is," says Jackson. "Once you have identified customers that came in once and then disappeared off the radar screen, you have to ask yourself: Do they still exist, where are they, and how large do you think their design team is?"

Jackson says that all Synopsys contracts give the company the right to audit users to ensure they are not misusing licenses, and Synopsys exercises this right, especially when customers fit the intentional-overuser profile. Synopsys and most EDA companies tend not to pursue every small infringement, simply because doing so is not cost-effective. Synopsys, like many EDA companies, has joined the BSA and is banking on the fact that education on all levels is the key to reducing all forms of piracy over time.

The BSA helps to educate consumers, businesses, and government officials worldwide about software piracy. Failing that, the BSA also has legal muscle, a Public Action Committee, to push for domestic and international legislation regarding software piracy. It also runs piracy hot lines in most countries.

The BSA's Blank says that the BSA helps its member companies bring civil suits against offenders, works with criminal-law-enforcement authorities, and operates a high-volume notice-and-take-down program. Both inadvertent and overt software pirates can face criminal charges ranging from fines to jail terms. The FBI doesn't get involved until the amount of software pirated exceeds $100,000, a lofty amount for business-software pirating but the price of only one or two tools for pirated IC EDA tools, whose prices average approximately $40,000 per seat.

Vendors in the United States can seek one of two civil-court remedies if they catch a company or an individual stealing. The first is a $150,000 fine plus the cost of the software. According to Blank, vendors take this tack in 99% of piracy cases in the United States. The second remedy is an open-ended civil damage for recovering not only the loss of license, but also a percentage of the revenue pirates generate using end products they developed with the stolen software. Users can also be in legal jeopardy if they use one vendor's product that is later found to infringe another company's patent, copyright, or trade secret. "Under the federal Uniform Trade Secret act, customers have full liability if they are using software that infringes a patent or if they purchase software that is stolen," says Chris Scott Graham, IP (intellectual-property) attorney with Dechert LLP, a law firm that currently represents both Silvaco and Synopsys on their respective IP litigations. California district attorneys can prosecute engineers under Criminal Trade Secret Statute 499C for using a product that violates a trade secret or under the California Penal Code Section 496, which essentially states that receiving any stolen property is a crime.

Although EDA vendors commonly sue each other in civil court in patent or trade-secret disputes, EDA vendors have traditionally shied away from suing customers that use infringing software. Silvaco is bucking that trend, and, pending the conclusion of its suit against Magma, Synopsys hasn't ruled out pursuing Magma customers, either (see sidebar "Silvaco seeks legal remedy as Synopsys watches").

Most EDA tools include security technology such as Macrovision's FlexLM, which essentially functions as a key that allows access to the software for the term of the license. However, the use model for EDA software has been changing and has become more complex. Traditionally, vendors have sold licenses on a per-CPU or per-seat basis, but Suresh Balasubramanian, director of licensing products at Macrovision, says that licensing arrangements are getting more complex because user demands and even the definition of "CPU" are changing. "In the semiconductor industry, we are seeing a trend toward deploying software on mass-computing, where people want to do bigger simulation faster and deploy these jobs on thousands of CPUs," he says. "When you look at new technology trends, where the whole dynamic of computing changes—where you have dual-core CPUs or multithreaded CPUs—publishers are often at a loss as to how to license their software." Macrovision is working with other vendors to do intelligent scheduling to monitor simulation-farm usage. The company is also looking at developing programs to prevent pirates from overtly hacking EDA software (see sidebar "How pirates hack EDA software"). "Just as people are determined to break software, one of the things we've put in our software is for crippling pirated software," Balasubramanian says. "So, for example, if someone pirates an EDA tool, their verification won't complete, or their timing will be off, so you frustrate the hell out of them and ensure that they are not productive."

Of course, EDA software doesn't have the greatest reputation for being bug-free. Half-jokingly, vendors agree that EDA lends itself less well to piracy because its software tends to be complex and bug-prone, requiring upgrades and maintenance. Ironically, some vendors say they discovered that they had a piracy problem when an increasing number of non-customers inquired about software patches or sent inquiries to customer support or even formed user groups in countries not allowed to own EDA software. EDA vendors pass the cost of adding greater licensing and security features to their products onto their customers.

Due diligence is the key, experts say, to protecting yourself or the company you work for from implication in a software-theft-related lawsuit. Designers and managers need to be aware of the terms of their software-license agreements, and, for example, not access any software that has a geography- or site-specific license. Companies also need to police their employees to ensure that they are not bootlegging corporate products for their own personal use or profit. Experts say that your company, as well as the individual employee unknowingly perpetrating the crime, can incur huge fines. According to the BSA, the most common way that companies discover piracy is after a disgruntled employee reports it. If your company is using software that is stolen and such an employee reports it, the piracy can damage your company, division, or group to the point that you may find yourself out of a job.

If you are licensing software from a vendor that is later sued or is currently being sued by another vendor for patent or copyright infringement or misappropriation of trade secrets, that other party can also sue you if doing so ultimately wins the legal dispute. Because of this risk, experts say that customers have every right to demand to see all pertinent evidence in the case to assess whether the vendor can win the case or is healthy enough to honor indemnification if it loses the suit.

"Indemnification is a contractual agreement that says, 'If I'm found to have stolen someone's product, I will replace what I sold you with a noninfringing copy, or I will refund your money or defend you from a third party claiming you have done something wrong,'" says Graham. "In most cases, indemnifications are not worth the paper they are written on." Graham notes that insurance companies do not back indemnification contracts, and, therefore, any indemnification contract is only as strong as the size, health, and cash balance of the company offering it.

Author Information

You can reach Senior Editor Michael Santarini at 1-408-345-4424 and michaelsantarini@reedbusiness.com.