Lawsuit: Trial version of CAD software includes spyware

The software company demanded payment months after the customer deleted the trial version, the complaint alleges

A trial version of a 3D CAD software package includes "phone-home" functionality that allows the vendor to contact downloaders months later and demand thousands of dollars in licensing fees, according to a class-action lawsuit filed recently in Massachusetts.

Plaintiff Miguel Pimentel, downloaded a trial version of TransMagic's CAD conversion software in 2010, then deleted it the same day, according to the lawsuit. About three months later, ITCA, a Curacao firm specializing in intellectual property enforcement, contacted Pimentel and demanded he pay $US10,000 in licensing fees plus recurring maintenance fees or face a $150,000 lawsuit.

ITCA, which lists Microsoft, Siemens and McAfee among its clients, used "various coercive techniques" to attempt to get Pimentel to pay for the software, according to the complaint in the lawsuit, filed March 30 in U.S. District Court in Massachusetts. "ITCA made it clear it knew where [Pimentel] worked and, as long as payment was made, ITCA would not disclose the 'piracy' to his employer," the complaint said.

The tracking software alleged in the case goes beyond reasonable efforts of software vendors to protect themselves, said Scott Kamber, a lawyer representing Pimentel. ITCA efforts were "pretty aggressive," said Kamber of KamberLaw in New York. "This is certainly a version of DRM [digital rights management] gone too far."

The alleged phone-home functionality is not unique to TransMagic, said lawyer Robert Scott, with the Scott & Scott law firm of Southlake, Texas. Software vendors are increasingly turning to similar technology to track unauthorized use of their products, said Scott, who defends people accused of software piracy but is not involved in this case.

This case could set a precedent for the use of these tracking techniques by software vendors, Scott said. "It really is the first case that I'm aware of where there's a direct assault on the industry use of phone-home technologies without end-user consent," he said. "If if turns out it's illegal to do it ... that's going to present a very significant problem for the industry and their trade groups."

Software vendors could avoid potential lawsuits by warning customers in EULAs they will track the users of the software, he said. "The real issue with this case is, does the publisher have to say to the customer, 'we're going to do this'?"

TransMagic CEO Todd Reade disputed the allegations that his products have spyware on them. "TransMagic does not and never has employed any phone home technology or spying software in any products distributed by our company," he said.

The Colorado software vendor does collect contact information, including an e-mail address and phone number, when a customer downloads a trial version from its website, Reade said. "Our standard practice is to attempt to follow-up with these people within a week or two," he said. "If we connect with them, we offer to answer any questions about our products, schedule webinars or training, provide technical support and generally determine if there is a match between their needs and our products."

If the potential customer does not buy the software, they get an e-mail from TransMagic a few months later, and they can then opt out of future communications, Reade said.

"TransMagic is like most software companies," he added. "We want to earn our business by delivering a high-quality product that solves problems. I don't think we are very different than other software companies."

A representative of ITCA declined to be interviewed unless he could see part of the news story before it was published. "There are all these wild speculations and conspiracy theories on the Internet," he said.

The lawsuit alleges that TransMagic and ITCA use an anticopying and licensing software package called Sheriff, from vendor Licensing Technologies, which allows users of the package to record user activities to log files.

Pimentel, who works for an architect firm, downloaded the software from a different website than, but he believed the software to be similar to the trial version offered by the company, according to the complaint. Pimentel did not provide contact information when he downloaded the software, but TransMagic and ITCA were able to gather detailed information about him, including his IP (Internet Protocol) address, the media access control address associated with his computer and his e-mail address, the complaint said.

The lawsuit accuses TransMagic, ITCA and Licensing Technologies of violating the U.S. Computer Fraud and Abuse Act, the Massachusetts Consumer Protection Act and the Massachusetts Privacy Act. Pimentel's lawyers are asking for the court to order a halt to the alleged tracking activities and asking for an undisclosed amount of money.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags siemensScott & ScottTransMagicCivil lawsuitsScott KamberprivacymcafeeRobert ScottLicensing TechnologiesMicrosoftintellectual propertysecuritycopyrightlegalTodd ReadesoftwarespywareITCA

More about IDGMcAfee AustraliaMicrosoftSiemens

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place