Corporate punishment: Software piracy

Many hard-working IT professionals believe that there isn?t much wrong with copying software. Apart from affecting the profits of non-UK, cash-rich companies such as Microsoft, pirating appears to be a victimless crime. It is only the faceless corporations which seem to suffer.

Such talk is enough to make Microsoft-backed piracy fighters Business Software Alliance (BSA) froth at the mouth. ?You might as well say: ?what?s wrong with stealing one out of every two computers??? explains a BSA spokesman. ?In Europe, the piracy rate is estimated to be 49 per cent; this means that for every piece of software bought legally, another is stolen.?

He adds: ?And it?s not a victimless crime. It?s not only the software industry that suffers as a result of this endemic practice ? the estimated revenue loss in the UK alone stands at $444m ? but all businesses suffer. Illegally copying software is an anti-competitive practice that gives an unfair advantage to companies which do not pay for software products.?

The BSA also likes to cite a Price Waterhouse report written in 1995 which estimated that for every job in the software industry, another seven are created in support and ancillary industries. As a result, even national governments are undermined by pesky software duplication within businesses.

?Tens of thousands of jobs supporting the packaged business software industry are not being created because of Europe?s high piracy rates, and billions of dollars of potential tax revenues remain uncollected by governments,? continues the BSA spokesman.

Back on planet Earth, both the BSA and arch rivals the Federation Against Software Theft (FAST) are waging campaigns aimed at striking fear into the heart of corporate UK.

FAST?s strategy targets chief executives and managing directors rather than IT middle management. The body is using a mailshot campaign to threaten corporate UK?s big cheeses with imprisonment, in the hope that it will attract 12,000 new companies this year and a further 38,000 over the next two years.

The threat of a two-year stint in prison, according to Geoff Webster, chief executive at FAST, is central to the organisation?s latest crusade. ?Fear is a key part of the operation in capturing the imagination of the chief executives and managing directors who tend to hold the purse strings,? he explains. ?There was little reaction last year when we targeted IT directors, so we decided to shift the focus. We had to push the negative side and the fear factor.?

Backing up the bellicose rhetoric are trading standards offices (TSOs), which joined the fight against software piracy at the end of 1995 when it was made their statutory duty to look into copyright offences.

For those who thought FAST was a sickly, toothless dog still reeling from Microsoft?s decision to switch support to the BSA, Webster has this hard-hitting message: ?The TSOs could come through your front door without a search warrant right now and demand that in two days? time you have to demonstrate you are fully compliant with copyright laws when using software. If you can?t, your managing director will be hauled off ? it?s as simple as that, because that?s the law.?

FAST estimates that 90 per cent of businesses in the UK are using illegal software. This is costing the industry #400m a year which, in theory at least, means nine out of ten directors face prison sentences. This kind of scaremongering, claims Webster, is helping IT managers win their battle with the board for budgets that will ensure a clean bill of health.

The BSA, meanwhile, has spent more than #250,000 on an advertising campaign aimed at fanning management?s paranoia. The Shop Your Boss campaign invites disaffected employees to call a hotline if they believe the company they work for is using software illegally. Callers reporting software theft can earn up to #2,500 for information leading to prosecution.

Once the BSA receives a tip-off, it will investigate and may audit the offending organisation. If it is found to be using software illegally, the company has to replace it with legitimate copies and pay damages to the publishers. Offending organisations also have to agree to a press notice released by the BSA, detailing the case.

According to the BSA, the larger the company, the cleaner it is likely to be. It is the smaller businesses that are most prone to criminal software practices. ?In small and medium-sized enterprises, there is still some way to go to make people aware that software piracy is a crime which can lead to severe penalties,? says the BSA spokesman.

Interestingly, travellers on London?s Northern Line have been targeted as a poten-tial gold-mine of software supergrasses. This has resulted in an advertising campaign dedicated solely to the capital?s ?misery? line.

The association?s figures suggest that more than 60 per cent of revenues lost to software publishers through illegal copying of software is carried out by end users in small and medium-sized enterprises.

In reality, the BSA and FAST face a massive uphill struggle. The truth is that only a tiny percentage of those working in IT believe software piracy is a crime.

Indeed, according to the most recent Software Theft Survey, carried out by Spikes Cavell last year, the number of firms which consider illegal use of software to be theft has fallen to as low as 8 per cent. More importantly, nearly two out of three companies believe offenders run little risk of being caught.

In 1996 the BSA?s hotline took 1,000 calls. Across Europe, the association proudly quotes a figure of 19,000 calls over the year which, it claims, led to more than $1m recovered in compensation and resulted in the purchase of $2.5m-worth of BSA members? software. But if you consider that lost revenues in the UK alone are around #444m a year, the BSA?s achievements are just a drop in the ocean.

There?s also something a little phoney about FAST?s bullying stance. For a start, the trading standards offices have had the power to bust businesses for well over a year now, yet not one company has been successfully prosecuted in that time.

FAST?s task is mammoth. It aims to ?mailshot, phone and visit? each of its 12,000 targeted members this year (most of whom have a turnover of more than #2m and at least 20 PCs). Even chief executive Webster has doubts: ?It?s a lot of visits to do in 12 months. I don?t know if it?s feasible.?

While FAST rattles its undersized sabre and the BSA encourages workers to snitch on their bosses, corporate UK will continue to copy on regardless.

Software auditing tools

Making sure you stay within the law is easier with automated auditing tools. The right products can help you keep track of the applications your employees are using, find out which ones have proper licences and identify possible pirate copies.

These programs work by burrowing into your systems and seeking out all the executable files. They check what they find against their internal databases, which typically contain details of thousands of commercial applications. Then they generate reports which detail your software inventory and highlight any dubious findings.

Most auditing programs run across a network. They scan servers and workstations, and can identify copies of software to which numerous users have access. Sometimes, the search is done on demand; other times, it can be set up to run automatically at off-peak periods.

For PCs not connected to the network, some audit programs provide a ?walk round? mode. Here, a member of the IT department carries a floppy disk from PC to PC. The disk contains the scanning program, and is also used to transport the results to a central station where they are collated and analysed.

The best products have huge databases that seem to include details of every commercial program ever published. There will always be packages the database doesn?t know about, so it?s important for IT staff to update it.

Once the program has determined which applications and how many are installed, it compares this data against a list of legal licences. It then reports any cases where there are more copies than licences.

Used carefully, an audit program will do a lot more than just hunt down pirate software. It can alert IT staff to out-of-date versions, partially installed software and missing components. And, by keeping an inventory of what is installed, it can help support staff deal with users? problems.

Software auditing takes time and effort. If you want to stay out of trouble, don?t skimp. It is important that you do it on a routine basis; it should not be seen as a one-off exercise. A thorough audit every three to six months can be extremely useful in helping to keep company executives on the right side of the law.

Fprint IV

This multi-platform tool can audit both servers and workstations, running under DOS, OS/2, Windows 3.1, 95 and NT. Instead of recognising programs from their file names, it generates a checksum for each executable file, which it checks against its database. This not only reduces the risk of mis-identification, but also helps locate software installed under non-standard file and directory names.

As it audits, Fprint writes a ?tag? to it. The next time the PC is scanned, the tag is used to identify any changes in the configuration and generate a report of the updates.

Contact: Fprint UK on 0181 563 2359.

Price: #150 for first five users; #20 for each additional user.

Dr Solomon?s Audit 2.5

Currently available for DOS and all versions of Windows, this is sold in a free-standing version and as part of Dr Solomon?s network support product, Helpdesk. The company is in the process of extending it to other platforms.

Audit works by generating a custom scanning program which is run on each workstation. The scanning is fast, typically taking less than a minute to plough through 3,000 files. Also, the reporting functions are comprehensive, with a useful drill-down feature to help home in on particular programs or users. The database is smaller than in some products, but is updated quarterly.

Contact: Dr Solomon?s on 01296 318700.

Price: #495.

Lanauditor 3.13

As well as offering standard audit features, this utility can keep track of individuals who are using a given application. It can also detect programs that are not being used, which might be wasting disk space.

It tracks version numbers of installed packages, and can help detect unauthorised configuration changes. It works across all major networks, and can scan DOS and Windows-based PCs, as well as Macs.

Contact: Horizons Technology on 001 619 292 8331.

Price: $495.

Utopia Audit 3.0

This is the auditing module of the Utopia Helpdesk package, which also has a knowledge base, a query tracking tool and a utility for scheduling configuration changes.

The Utopia Audit 3.0 builds an inventory of each user?s hardware and software, and adds it to a central Helpdesk database. It runs on all DOS and Windows-compatible file servers and also with client-server databases.

Contact: Utopia Technology on 01628 20001.

Price: starter pack for 100 users: #2,000; 100-500 users: #16 per workstation; 500-1,000 users: #14 per workstation.

Netcensus 2.82

Netcensus is a workstation-based audit tool for DOS, Windows (all versions), OS/2 and the Mac, and is independent of any network operating system. It works by generating programs called ?collectors? which are distributed to the individual PCs. These programs scan the local disks and gather data for collating later.

The Netcensus database has details of more than 10,000 commercial applications, and is updated six times a year. Unusually, it can identify foreign language versions of many popular applications.

Contact: Tally Systems on 0171 872 5460.

Price: 5-100 users: #25 per PC; 100-249 users: #13 per PC.

FAST guidelines for putting your house in order

With good software management, an organisation can improve security and control. It allows you to get the best out of your software and keep costs down. To help you gain control, the Federation Against Software Theft (FAST) provides these guidelines:

l Set up a software policy. Clarify your position on illegal software, state what software is allowed on company systems, and how to request it. Stress the penalties for breaking software policy, and make sure everyone in the organisation knows about it.

l Do a software health check. Look at the procedures for buying, installing, maintaining and disposing of software. Are there areas where software is introduced onto your systems without the IT department?s knowledge?

l Audit your hardware and software to get a detailed picture of what you have.

l Use the information to produce an asset register with procedures for updating it with new software and hardware. What software is actually being used and what has been simply installed on a system?

l Collect software licences and compare them with the software found in the audit. Buy any shortfall in the licences owned.

l Get rid of any software which is not needed so that it does not slow down your systems.

l Keep the audit up-to-date using network monitoring tools or a regular schedule of audits. If remote auditing is not possible, run a sample audit monthly and carry out an annual audit.

l Keep users up-to-date on why and how audits will be done.

Contact FAST on 01753 527999

Caught in the act

Paisley-based Reid Kerr College was hit by the BSA in 1995 following an anonymous tip-off. The audit revealed 581 illegal software copies, leading to damages of #50,000, payable to the publisher. Reid Kerr College has since been forced to take steps to ensure its position is not compromised in the future. According to Bill Fisher, IT manager at the college, all illegal software ? not just that produced by BSA members but by all companies ? has been replaced, and all software is ordered through a central department. The college also carries out regular software audits.

In the eyes of the law

Under the Copyright, Designs and Patents Act of 1988, any unauthorised copying of software is an infringement of the software publisher?s copyright. Making an unauthorised copy can therefore expose the copier to civil and criminal liability. Such liability can also be incurred if unlicensed software is imported, sold and/or distributed for sale. Companies must be able to satisfy to trading standards officers, who carry out spot checks on unsuspecting businesses, that their software is clean. Failure to do so leaves both the company and its directors liable to prosecution.

Mark Haftke, solicitor at IT legal specialists Bird and Bird, says: ?The act is really under-used. There is a lack of awareness among legal practitioners about using instruments of the State when it comes to software infringements. The cost of the prosecution is not borne by the client.?

The Business Software Alliance answers some frequently asked questions about piracy

Is it OK for me to copy my colleague?s software?

Absolutely not.

As an employee, am I allowed to copy software under any circumstances?

You can make a backup copy of software bought legally. Beyond this, everyone must read their software licence terms to make sure they understand exactly what is allowed. For example, with some licences you can make an additional copy of your software to use at home or on a portable PC. Licences vary greatly, so it is vital that you check exactly what the terms are before you make any copies. If in any doubt, you should check with the software publisher.

What is the worst thing that could happen to me as an IT professional if I were caught copying software?

In short, a prison sentence ? up to two years if you have knowingly infringed copyright. Also, the courts have the power to impose an unlimited fine. Under criminal law, limited companies can also be fined. The civil legal system can also subject companies and individuals to injunctions, disclosure obligations and payments of damages, resulting in embarrassing and damaging publicity.

Who in a company is legally responsible for keeping software clean?

Everyone has a duty to observe the copyright law and be aware of the consequences of using unlicensed software. IT managers of companies could have personal legal responsibility but, of course, ultimate responsibility rests with senior management of a limited company, partners or sole traders.

Do the same laws apply to bulletin boards and user groups?

Yes.

What has been the impact of the Internet on software piracy in the UK?

The Internet is fast becoming the preferred way for pirates to distribute illegally copied software. ?Using the Internet will lead to growing infringement of copyright,? says Mark Haftke, solicitor at IT legal specialists Bird and Bird. ?Increasingly, software can be accessed from unknown sources. Even if software is sourced in all innocence, this is no defence in the eyes of the law, and could lead to a growing number of prosecutions.?

Contact BSA on 0800 510510