BSA plays good cop, bad cop

The Business Software Alliance (BSA) has built itself a reputation of being heavy handed in its quest to eliminate illegal software use since its inception in 1988.

Tactics include bombarding companies with mail threatening jail sentences for directors, even though the organisation has no legal force, and offering up to £10,000 to whistleblowers whose information leads to offenders being uncovered.

Opponents have criticised the BSA's approach, maintaining that it uses a trawling system to pressure often innocent companies to open their books, despite a lack of evidence of any wrongdoing.

They claim that companies refusing to answer the BSA's letters were treated as guilty of running illegal software until proven otherwise.

Mark Floisand, who was elected chairman of the BSA in the UK in January, explains how the organisation is trying to shift its focus from prosecution to education.

Most IT professionals associate the BSA with threatening letters and the prosecution of software pirates. How accurate do you feel that is?
We are best known for enforcement, but that's really only a third of what we do. The rest of the time is spent raising awareness within companies about what constitutes good practice, and helping them make sure they are legal. The rest of our activities revolve around lobbying on a government level.

Nevertheless, your naming and shaming policy, aggressive audit requests and payments to whistleblowers have won your organisation a bad reputation in the business.
We don't name and shame just for the sake of it. If a company calls us and works with us then they'll have nothing to fear. Don't stay in contact and ignore our mails and you may end up in the papers.

As for whistleblowers, nearly two-thirds don't want any money for reporting; they just have moral problems with what is going on or are disgruntled ex-employees.

The Federation Against Software Theft and the BSA both seem to do the same job, so why are you competing with each other?
The perception is that we fight each other, but that won't be going on during my watch.

Ultimately we've got a lot in common in both aims and methods and you're going to see us working a lot more closely in the future. Matching up our audit procedures would be a good start.

Is there really a need for one organisation, let alone two, when piracy in the UK is the lowest in Europe? Isn't the BSA redundant?
I hope not. Rates are low here but one in four pieces of software in use in this country is still illegal. Rates in the US and Canada are lower still so there's still something to aim for.

It's going to be a lot harder to knock 10 percentage points off our figures than it would be in eastern Europe, for example, but there's still work to be done.

Has the increasing use of peer-to-peer (P2P) networks made your job harder?
To an extent; and we're monitoring the traffic on those networks carefully. But if you're downloading software over such networks it's useless without a key, and it's key trading that's a bigger threat.

We're certainly not spamming P2P networks with useless data; we're in enforcement, not counter-insurgency.

Doesn't the high price of some software encourage piracy in the first place?
It is popularity rather than price that determines how likely it is that software will be targeted. Demand is the key driver in piracy. If someone's pirating software they are already making a huge margin so they'll follow the buyers.

Most pirated software is sold in online auctions. Who bears responsibility for this, auction houses or the buyers?
We've no issues with online auctioneers, but 'buyer beware' is always the rule when dealing with such sites.

If someone buys software at about a tenth of its purchase price they must know they are getting pirated software and I've no sympathy if it trashes their system.

It's the people thinking that they're getting legitimate second-hand software at a slight discount who are getting a rough deal, and we'll work with trading standards officers to track down the vendors.