A significant portion of my present professional life is managing/auditing software licensing for a large company.
It gets fiendishly complicated when you realize how many different licensing schemes (per seat, per concurrent user, per socket, per core, etc.) there are, multiplied by mapping things over virtualizaton (some vendors support sub-proc licensing, some don't), different entitlements under different contracts, different terms for different editions, etc.
And then vendors change names of products/editions/SKUs periodically when you get a report...
It's frankly ridiculous. All the big companies work on an honor system for the most part, where you can deploy all you want but the vendor has the right to come in an audit any time. Some relationships worth hundreds of millions of dollars hang solely on the honor system/threat of audit. We have vendors who have never audited us in 20+ years.
In my experience in several large companies, big organizations do not sanction piracy and don't intentionally do it. Where they get burned is more around things like sloppy records, migrations that take 6 months instead of 6 weeks and you're running in two places, bad communication between license tracker and teams, bad handoffs in projects/outsourcing, misunderstood terms, cases where hardware changes and no one things that the products are processor licensed, etc.
But widespread, intentional piracy with management's knowledge would really surprise me because usually there are risk committees, Sarbox auditors, legal departments, etc. who won't sanction it. And once you've been through an audit, things tighten up. A lot of times, the major publishers know their users are not perfectly compliant in big complex environments, but if they come and audit and you're 95% compliant and there's no evidence of intentional fraud, they settle for true up without penalties.
Vendors also like to invoke audit rights when they need a revenue boost or sales are lagging.
Small companies...different story. But it's a lot easier to have a conspiracy with one man or three than it is in a big environment where you have to keep records.
In this case, there almost definitely was some offer to settle and F21 refused because it was too much. How did things get to this state? Many possibilities...
- Someone misbehaved locally and Adobe made a demand to settle and the two legal departments couldn't work it out
- Things escalated from Adobe trying to sell an enterprise license, F21 saying no we'll just buy as needed, Adobe getting mad
- Someone in IT said "we don't want to track 2,000 different keys so we'll use one" and the only way to do that is to buy some kind of enterprise license (which would have cost F21 more) and someone decided that rather than give into that, they'd bend the rules
- Adobe intentionally made the settlement offer very expensive so they could go to trial to set an example
Or a combination. These things often get to settlement before big legal bills start to rack up (settlement often even before lawsuit) because the vendor doesn't want to piss off a customer and the customer doesn't want to get into the kind of damage multipliers trials can result in.
