How to stamp out software piracy

It could cost your company thousands of pounds, or you your job. Misuse of software - whether it is through end-user negligence or a misunderstanding over a licensing agreement - is viewed very seriously. So how do you keep on top of such a complex and costly problem? We bring you a survival guide to stamping out software piracy in your company.

Why all the fuss?
Pirate copies of software accounted for 26 per cent of all business applications sold in 1999, according to research by the anti-piracy group, the Business Software Alliance (BSA). This cost software vendors a record £457m in lost revenue.

Not surprisingly, the suppliers are less than pleased and they have given the BSA and the Federation Against Software Theft (Fast) the power to pursue offending companies. The BSA is exclusively vendor-focused, including Microsoft and IBM among its members. Unlike Fast, it has no user members, and as a consequence it has a reputation for being more punitive.

Is it really breaking the law?
Copyright laws in relation to software are no different to those that protect a song lyricist or a trademark. Copy without consent and the copyright holder is entitled to legal recourse.

"Anything you do with unlicensed software, whether simply downloading or using it, is a breach of copyright," warns Dai Davies, head of IT law at solicitors Nabarro Nathanson.

Where an organisation knowingly uses unlicensed software, it can be a criminal offence, resulting in an unlimited fine and even a prison sentence for individuals concerned.

Isn't jail a bit extreme?
In practice, most companies are pursued through the civil courts, where hefty fines can be dished out. Accountancy firm JSA Services had to fork out £47,000 in May when it settled with the BSA. "It is easier to prove a case under civil law because it is done on the basis of probabilities," says Lawrie Westwood, manager of copyright and legal services at Fast.

The BSA aims to recover lost revenue for vendors and, if the offender wants to continue using the software, to ensure it pays for new licences - which in effect means paying twice for the same application. It also has a strict policy of revealing all out-of-court settlements to the press.

Am I at risk?
Quite probably. Don't be fooled into thinking that it's just the IT team that is buying applications. Often directors or departments within an organisation will be buying their own specialist software, and unless you have a centrally maintained IT procurement record, you risk of not knowing what they're up to.

Another potential problem is that the larger vendors, such as Microsoft, enter into agreements with corporate customers without specifying the number of users in advance.

For an organisation with more than 500 desktops, Microsoft allows it to report on either a monthly or annual basis. "More and more trust creeps in as you move up the ladder," says Simon Kent, UK licensing manager for Microsoft.

Without proper reporting structures, though, it is quite easy for a company to lose track of exact numbers and find itself operating illegally.

This may be something that a disgruntled employee may gladly tell to anti-piracy authorities, and the BSA encourages informants to come forward by offering rewards of up to £5000. In the case of JSA Services, one unidentified 'supergrass' made a profit of £4700 from turning informant.

The internet threat
At the moment, the web serves mainly as a black market for software pirates, but as bandwidth expands it will be possible to source applications online, which means even more headaches for the IT team.

"With ADSL (asymmetric digital subscriber lines) on the scene, it is only a matter of months before people can download [pirated applications] over the internet," warns Mike Newton, BSA campaign relations manager.

"It is something that IT managers should be aware of at a time when they are being encouraged to give employees access to the internet."

The high street division of WH Smith - whose online business ran into trouble with the BSA last year - has taken active steps to prevent internet downloads. "The pipes that general users use are very small, making it very slow to download applications," says an IT spokesman at WH Smith.

Limiting bandwidth access, however, could prove detrimental to staff carrying out day-to-day business functions, but this is the kind of choice that companies will increasingly have to make.

Keeping a watchful eye
Auditing is the buzzword in anti-piracy circles. The only way to know if you are safe from the likes of the BSA is to establish exactly what software your end users have on their desktops and then prove ownership for each application.

Braintree District Council carried out its first audit two years ago. "There wasn't a lot we were doing wrong with licensing," says Robin Carsberg, head of technical services. "But we discovered that we needed an audit trail to prove that what we were doing was right."

An outsourced IT department is no get-out clause - the company which owns the system owns the responsibility for the software installed on it.

Take control
The bottom line: clearly define who can buy software and the process they should follow, and make it accessible to staff. Braintree Council found that employee guidelines did exist - in 14 different documents.

"What we did was to bring the whole lot together into a single document and issue guidelines for proper employee usage," says Carsberg.

Checklist: How to avoid getting on the wrong side of the law

Carry out an audit of all the software applications held by your company

Carefully read all licensing agreements

Watch out for 'cascading' - replacing a PC and then passing the old machine onto another employee without buying an additional licence

Include a clear set of guidelines in employee contracts about their rights to purchase software

Provide training for all staff in anti-piracy measures

Centralise IT purchasing or set up a clear framework so that all licences are clearly recorded

Buy software from established dealers. If in doubt contact the vendor to seek assurances