Last June, PACE, the company behind the ubiquitous iLok software authorization system had some issues lanching its new desktop-based license manager software.
Two months later, an eBay user based in Russia with over 300 prior sales and 100% positive feedback began selling what we now know were illegitimate duplicate licenses of plugins. One of the buyers was Brooklyn studio owner and engineer Joel Hamburger, of Gödelstring recording studio. He purchased an aftermarket license for Cranesong’s Phoenix II, only to have it removed from his account later by PACE. His experience is nearly identical to at least one other user we spoke with who had also bought a Phoenix II plugin from the same eBay seller.
“I bought a Cransong Phoenix II license on eBay from a seller with 100% rating.” Joel explains to me. “So, I pay the transfer fee as shipping. The transfer goes through and I’m a happy Phoenix user.” Fast forward eight months to April 2014: Joel receives an email from PACE explaining that an audit of his account turned up duplicate licenses that were issued to him by mistake—as well as “licenses that were deposited in error to a different iLok account and then resold” to him. And with that, the plugins he had innocently purchased online were gone.
A Buyer Left Holding the Bag
This unfortunate chain of events has left some users like Joel in a worst-case scenario with no plugin, no refund, and very little insight into the cause of their mountains of frustration.
Because PACE’s audit process took upwards of eight months to complete, any recourse through eBay and PayPal are impossible due to their buyer protection policy which is limited to just 45 days. Initial communications between Joel and PACE/iLok proved unhelpful, with a representative from iLok stating:
“We are sorry but due to an error on our part and a malicious seller, we had to reclaim your CraneSong Phoenix asset. Due to the structure of our agreements with our publishers we will not be able to reimburse you for the asset. We will be refunding your transfer fee. Since you were one of a very small group of users affected we will also work with the publishers to see what we can do to help you.”
“I understand your frustration, but there is nothing we can do to help here. You will need to contact the seller as explained in the email. The license was deposited to his account by mistake.”
I was first alerted by Joel to a thread on the Avid Pro Audio Community forum where many users have experienced similar redacted license issues with Avid. Pace responded on the DUC forum via their “iLoksupport” handle releasing the following statement (linked in full and excerpted here):
“First, the entire iLok ecosystem was unaffected by the Heartbleed vulnerability. This includes the iLok.com website, the iLok License Manager application, and our license activation services. Our site and services are running smoothly without any problems.
Second, we did send emails to a small number of iLok users regarding license deposits that were made to their accounts by mistake. These users were not randomly chosen, we actually audited every single license to carefully identify only those that were mistakenly deposited.
The license deposits that we sent emails about were deposits created by our server, NOT deposits made to an iLok account by a software publisher. These deposits were made when our server saw an iLok but failed to recognize the licenses on that iLok as the very same licenses that already were listed in the iLok account. This created a duplicate of the license, and in some cases, created a full license when what was actually seen on the iLok was an expired license.
This means that the licenses that are being removed are duplicate licenses that should never have been deposited.
Several of the posters here had purchased this type of license from another iLok user. Unfortunately we can only direct them back to the party that they purchased the duplicate license from.
We’d like to take this opportunity to publicly apologize to the iLok users who received the mistaken deposits for any inconvenience this may have caused.”
My colleague Justin Colletti and I corresponded with a PACE employee over email to ask for responses to a number of the concerns voiced to us by users who were directly affected by PACE’s server error and audit.
The representative from PACE told us that: “In the vast majority [of cases, the license manager] created a second copy of expired licenses that just got cleaned up. But in a few cases…it has to do with the seller taking advantage of a situation that allowed them to have a second copy of a license. In some cases this was fully intentional abuse and in other cases it was fraud to the publisher, and in a few cases [there was] the overlap of licenses created by issues [from] last summer that needed to be cleaned up”.
The PACE representative’s position was that the ultimate decision on whether to allow the duplicate license rests with the plugin developer and not with PACE. He also said that the company has attempted to bridge the divide between users and manufacturers: “Where the sellers can get involved, we are indeed helping people and went to the publishers and told them – so they can hand out those licenses if they want.”
Some companies, it seems, have done just that. One user I spoke with had a duplicate license for Eventide’s H3000 plugin deposited in his account, and wound up with a much more satisfying resolution. He was informed by iLok that: “Eventide has changed their policy for this product (H3000 native) and now allows 2 concurrent activations for a single license for this product.” This means that H3000 users affected by the server issue actually made out cleanly with a legal 2nd license of their plugin. I’ve also spoken with users whose plugins such as Avid’s Revibe and Impact were mistakenly removed from their account. Avid responded quickly and restored these licenses to affected users.
“From what I hear the publishers are trying to be accommodating,” the iLok rep told us. “In cases where everyone can work together – we have resolved them and backed out, we have offered free ZDT etc.. but we cannot give out licenses to those that bought stuff on eBay. If a publisher wants more help from us – they can contact us to help them support these users.”
This is without a doubt a very complex problem. A lot of ins, a lot of outs, a lot of what-have-yous as The Dude would say. Some users, like Joel, feel understandably burned by PACE. The company’s core explanation—that the licenses were deposited in error due to server issues—is an “insufficient and unreasonable explanation for what in effect is an electronic seizure of property,” says Joel Hamburger.
One of those most frustrating things for users who have lost their money and software licenses is that PACE has yet to provide any real insight or clarity into the true cause of the server issues and duplicate licenses. Joel told me “If the licenses were actually stolen or fraudulently obtained, I would have no issue whatsoever. However, PACE is unwilling or unable to provide any explanation, proof or documentation about what happened”.
While it may be true that PACE does not have the authority from the publishers to unilaterally reinstate licenses, it doesn’t seem right for them to absolve themselves of responsibility for the problem by directing affected users to attempt to contact the Ebay seller directly (who is likely long gone) in order to obtain a refund, or to contact the publisher directly to plead their case. Even if all these cases stemmed from unscrupulous sellers intentionally exploiting a programming glitch, it was ultimately iLok’s system that allowed for the error.
Pages: 1 2