On the Lambda

Programming, Technology, and Systems Administration

On the Lambda

Are Client Access Licenses Enforceable?

January 5th, 2012 · No Comments · servers

One of the less-fun aspects of managing Microsoft Windows servers is dealing with the Client Access Licenses (CALs).  CALs aren’t only expensive, but with different licensing models (per seat, per user, per machine, etc) and different versions (CALs bought for Server 2003 are no good for your beefy new 2008 R2 box) they are also complicated and easy to get wrong.  But sometimes I wonder: are CALs really necessary? What if we could just ignore them entirely? This isn’t as far-fetched as it sounds. I think if it ever really comes down to it, CALs might ultimately turn out to be just so much bad data. The reasoning goes something like this:

Software licenses depend on Copyright Law, which (in the U.S.) grants copyright owners certain very specific rights relative to their protected works… namely the right to say who is allowed to make copies, and when. Legal precedent and the U.S. Copyright Office have established several specific points relative to copyright and software: computer source code is eligible for copyright protection, compiled source code is still protected, and installing software from the internet or physical media to your hard drive copies the software. Moreover, merely running software that you’ve already installed involves making a copy from your hard drive to RAM and CPU. This means that software makers can require you to license, rather than buy, your software.  I don’t agree with everything here, but I’m okay with it… and I better be, because my opinion doesn’t matter. This is legal fact in most of the free world whether I agree with it or not.

Now let’s make the next leap to CALs. Imagine you license server software from Microsoft and are legally running it. You’re also running a legally licensed copy of Microsoft Windows (client) on another machine. You now connect this client system to your server, and exceed the numbers of CALs for that server. This is supposed to suddenly be a copyright violation. The thing is, I’m having trouble seeing what part of the protected software was copied with this action. Sure, a few bytes passed over the network, but these bytes are not part of the protected work itself. They were generated by the protected work, but at the express direction of the user. Microsoft or any other software maker will have a very difficult time placing a copyright claim on that data, and you can’t copyright behavior.  Most importantly, there’s no legal precedent or copyright ruling here that I can find one way or the other.

The significance is that running without CALs is probably not a copyright violation. However, it might turn out to be a contract violation. This is interesting, because contract issues don’t have the weight of the federal government behind them in the same way that copyright does. Just one example is that the DMCA’s anti-circumvention penalties would likely not apply. Microsoft can choose enforce these contracts, but that is a much more difficult proposition, considering the sheer size of their deployed base and the fact that few of these so-called contracts will even have a signature.

I need to stop and this point and mention that I’m not advocating that anyone stop tracking their CALs. I am not a lawyer, and I’m probably way off on some key point in my analysis. This issue is far from settled, and even if my thoughts on CALs here turn out to be accurate, Microsoft or the BSA could easily make your life very difficult and your wallet significantly lighter in the attempt to defend yourself. As a sys admin, I try to protect the organization I serve from that kind of trouble, and so I purchase and track the required CALs like everyone else.

But I can at least dream of the day when this is no longer necessary.



No Comments so far ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment