Company officials advised to take aggressive steps to ensure only legitimate programs reside on their electronic premises.
In the information age, pirates are busy surfing the waves of networks and the Internet. The treasures they pilfer are not doubloons or pieces of eight, but software, and it is certainly just as valuable. These modern-day buccaneers wear neither eye patches nor Jolly Roger insignia but rather business suits and corporate logos, and the term freebooter has now taken on a whole new meaning. But industry and government software sea rovers beware; you could find a U.S. marshal at your door holding a court order in one hand and an auditing program to identify illegal copies of software in the other.
Today’s piracy problem, infringing on software copyrights, can be both expensive and embarrassing to organizations caught red-handed by attorneys retained to investigate alleged offenders and followed up with in-court or out-of-court settlements. Despite strong copyright laws, four out of 10 business software applications in use today are obtained or copied illegally, and on average, one business is caught with illegal software every day.
Software manufacturers and industry organizations are on the offensive to claim what is rightfully theirs and send a powerful message to would-be software pirates that installing unlicensed copies of programs on company computers will no longer be tolerated. The Clinton administration is making sure this message is also heard by government agencies through an executive order that directs departments to prevent and combat software piracy.
Pursuing copyright infringers has proved financially beneficial to software companies and their representative associations. Businesses and government agencies caught with illegal copies are paying hundreds of thousands of dollars in penalties—much more than it would have cost to purchase the additional licenses upfront. During the last six years, one association has collected more than $35 million in fines from U.S. companies that have pirated software. Additional revenue has been generated for the software producers as businesses are compelled through legal action to purchase the correct number of licenses for their companies.
This white-collar crime is taking place against one of the fastest growing industries in the world. Research conducted by PricewaterhouseCoopers Financial Advisory Services and Nathan Associates Incorporated found that the packaged software industry creates more than one million jobs worldwide and that software industry workers receive more than twice the average salary earned by other workers in the economy. In their report titled Contributions of the Packaged Software Industry to the Global Economy, the research firms predict that, excluding the United States, software industry revenues will reach $116.5 billion by 2001, and the industry will provide more than one million jobs by that year.
The report was released by the Business Software Alliance (BSA), Washington, D.C., an international association of several software companies, including Adobe, Autodesk, Lotus Development, Microsoft, Novell, Symantec and Visio. Hardware developer members include Apple Computer, Compaq, IBM and Intel. Established in 1988, BSA was designed to promote continued growth in the industry through education, public policy and enforcement programs. It has become one of the primary watchdogs to keep software piracy in check.
As BSA’s vice president for enforcement, Robert Kruger is on the front lines of the battle. He believes the root of the crime is the failure of organizations to view software asset management as an important issue.
“Reputable companies that follow through on other areas of compliance in, for example, the Occupational Safety and Health Administration, do not have a corporate checklist of what software they have on what systems or how many copies,” Kruger says. “It’s not taken seriously, and no one is watching this. This is willful ignorance and willful disregard. They believe they won’t get caught and say, ‘If we get caught, we’ll just buy the software.’ It’s viewed like a traffic ticket. They have to know that there’s more at stake.
“I don’t believe these are bad companies. There’s no conscious effort to rip off the software industry. But licenses are the payback for all the substantial investment in research and development,” he adds. If software companies are not paid for all the copies in use, they may be forced to raise the price of each license to recoup their investment. Because of the formidable size of the software industry, this could have a significant impact on the economy in general, Kruger offers.
A study conducted by the International Planning and Research Corporation on behalf of BSA and the Software Publishers Association backs up Kruger’s position. Researchers found that revenue lost from pirated software totaled $11.4 billion worldwide in 1997. The United States was the hardest hit financially with a $2.8 billion loss and a piracy rate of 27 percent. Although China’s total monetary loss was half that of the United States, its piracy rate of 96 percent was the highest among countries assessed for the study.
“We want companies to know that yes, we may not catch you, and that’s okay if you don’t have any disgruntled employees and don’t plan to have any disgruntled employees in the future. Otherwise, you’re only one phone call away from investigation,” he says.
And tips from employees and former employees received on BSA’s piracy hotline provide most of the information that leads to investigations of companies and government agencies. Last year, the organization handled more than 8,000 calls on its multinational hotlines.
When Kruger interviewed at BSA for his present position, he wondered how the organization would be able to track down unauthorized duplication offenders. He was told that a telephone line would be set up and that tips would come from dissatisfied employees or ex-employees. He was skeptical until he took the first call from a person who identified himself as a disgruntled employee. “I paused. I didn’t know what to say, and during that hesitation, he asked, ‘Is this the place where I get revenge?’” Kruger relates.
Although BSA continued to receive calls, Kruger was still doubtful about the reliability of the information. Just because people are disgruntled, “it doesn’t mean they don’t know the computer systems or that something illegal is going on. You have to sift out the disgruntled employees with good information from those who don’t know what’s really going on. After time, we realized that there were a lot of disgruntled employees with good information,” he offers.
Approximately one-half of the tips received result in further investigation, and the alliance only takes additional action when someone is willing to testify under oath to the allegations. “Out of those that warranted further examination, only a handful haven’t panned out,” Kruger says.
Once a claim is verified, several general approaches are used to stop the piracy. In some instances, a letter is sent to organization principals informing them of the problem, and a cease and desist order is enclosed. To verify that a company has complied with all copyright laws, it must provide a certificate, under penalty of perjury, stating that it has resolved the problem and has put mechanisms into place to avoid piracy in the future.
In other cases, lawyers conduct further investigation to acquire evidence so that a suit can be filed. BSA conducts some inquiries itself but also employs outside law firms to collect additional evidence.
One firm the alliance has relied on in several cases is Donahue, Gallagher, Woods & Wood, Oakland, California. Attorneys, acting on a request and information from organizations like BSA, continue the evidence gathering process and, when warranted, present the evidence to a judge to obtain a court-order for an audit, William “Rock” Hill, chief executive officer of the firm, explains.
All raids must take place during normal business hours. “Typically we go to the company in the morning with a U.S. marshal. We also typically take along someone who is proficient with computers,” Hill says.
The attorneys are not allowed to seize computers unless the equipment is being used to produce the illegal copies of software; however, they are allowed to gather evidence by seizing any unlicensed copies of software.
The time between the court-ordered audit and the court date can be as little as two to three days if the defendant is cooperative, Hill states, and adds that the firm has never lost a case that resulted from evidence gathered during a raid.
Companies found guilty of software piracy face stiff penalties. Individuals and organizations can be tried under both civil and criminal law. A civil action can be taken to obtain an injunction, actual damages or statutory damages of up to $100,000 per work for copyright infringement and $1 million per mark for trademark infringement. In addition, criminal penalties for copyright infringement include fines up to $250,000 and jail terms up to five years or both for the unauthorized reproduction or distribution of 10 or more copies of software having a total retail value of more than $2,500.
When BSA is the plaintiff in a case, the organization receives the statutory damage amount and subsequently reinvests the money into its education and enforcement programs, Kruger says.
Many perpetrators of software copyright infringement have already felt the sting of the substantial fines—some through lawsuits, others through out-of-court settlements. Three New Jersey firms agreed to pay a total of more than $425,000 in fines to settle allegations of software program copyright infringement. The list also includes the Los Angeles Unified School District, $300,000; City of Philadelphia, $192,000; a trading company of value-priced toys and novelties, $525,000; a real estate organization in Los Angeles, $170,000; and a Washington, D.C.-based architectural-engineering firm, $324,000.
Kruger believes these high fines are necessary to motivate companies considering the use of illegal copies of software or lacking a comprehensive software-management plan to take the issue more seriously. He is particularly dismayed that, “Engineering and architectural firms are among the largest offenders. They take steps to protect their own intellectual property, so when they commit piracy, I say shame on you.”
Although raids and lawsuits produce substantial revenue for BSA, Kruger believes education and publicity about the dangers of duplicating software are the key to supporting the software industry’s business. “We really want to get the information to the manager of information systems that this type of thing [court-ordered audits] is not required. It is a rude way for a company CEO to find out that he has a problem with software.
“The good news is that it’s not all that hard to get your act together. Make sure there is a policy and make sure it is communicated effectively to the employees. It can’t just be in a manual somewhere. There has to be constant training and ensuring that employees know that this is an important issue. You have to put into place some controls such as centralizing software acquisition and installation. Companies have to have a realistic [software] budget so that the appropriate number of licenses are purchased, and when upgrades come out, another full set of copies is purchased. You have to make sure the executive boardroom knows what’s involved. People at the highest level have to be educated. After everything is in place, you have to conduct audits to make sure all policies are being followed,” Kruger offers.
However, access to software on the Internet is posing an entirely new set of problems, according to Kruger. “Two years ago, the problem really began, and I believe it hasn’t fully arrived yet. You can go to pirate web sites and point and click and get free software. This has the potential to make the current piracy problem almost quaint,” he says. Earlier this year, the alliance shut down the largest software counterfeit and Internet sales operation it had found to date in the European Union. The enterprise, based in Denmark, had produced 125,000 CD-ROMs containing $237 million worth of several BSA members’ software.
Identifying Internet-enabled software pirates presents several challenges, according to Hill. “Tracking these people down is difficult because Internet service providers are not forthcoming with their customer lists. Ultimately, the court will have to sort this out,” he says.
While encryption or scrambling has been used in the past as a defensive measure against software copying, the marketplace determined that this was not a viable solution. Although more common in countries outside the United States, locking software for a one-time use proved to be too inconvenient for customers of U.S. companies. Clients purchased their software from companies that featured unencrypted items rather than chance being without a program if a system crashed, Hill explains.
Officials at the highest levels in the U.S. government have recognized the software piracy issue. An executive order issued last fall directs all agencies to adopt procedures to ensure that they do not acquire, reproduce, distribute or transmit computer software in violation of copyright laws. Government contractors and recipients of federal financial assistance also are tasked with developing appropriate systems and controls to ensure that federal funds are not used to acquire, operate or maintain illegal copies of computer software. However, the order does not outline penalties for a failure to comply with the directive.
To assist government information technology managers administer software within their agencies, BSA recently released a step-by-step guide for software management. The group also provides studies, fact sheets and summaries of the law and gives presentations to associations and trade groups outlining how organizations can take control of their software inventory. In many cases, executing these procedures saves businesses and government agencies money by controlling future procurements, eliminating redundancies and preventing the spread of computer viruses, BSA officials offer.
Information technology entrepreneurs are advised to file for copyrights early in the development process. Timothy C. Meece and Joseph P. Krause, two attorneys with Banner and Witcoff, Chicago, explain that the process to obtain a copyright often helps product developers avoid committing copyright infringement themselves. Prior to filing copyright papers for a client, the firm investigates an idea to ensure that the product has not already been protected. In addition, a copyright, trademark or patent secures a company’s hold on an idea or product, allowing developers to reap increased profits.
There has been a significant increase in the procurement of copyrights and patents during the last five years, Krause notes. He predicts this increase will continue.