Gotcha! Pursuing software pirates
You might not realize it, but two out of every 10 of your co-workers might be using pirated software, according to industry statistics. You might be, too, for that matter, particularly if you work in manufacturing or at a small or midsize company with 100 to 500 PCs. You just might not know it.
Your boss, an IT manager or even the president of the company, on the other hand, may be well aware of the "cost-cutting measure," which typically involves buying a single license or just a few copies of PC software and then installing it on multiple computers for use by hundreds, sometimes thousands, of employees.
According to the Business Software Alliance (BSA), which represents the world's largest software makers by revenue, virtually no organization -- large or small, commercial or nonprofit, governmental, religious or educational -- is immune to software piracy. Some industries, like manufacturing, are heavier abusers, however (see sidebar).
According to a report issued jointly by the BSA and research firm IDC in May, global software piracy last year accounted for 41% of all installed PC software, which translates into a $53 billion loss to software makers. In the U.S., the 2008 piracy rate was 20%, the world's lowest. Even so, the economic loss is a stratospheric $9.1 billion.
The BSA does a lot more than merely study software piracy. The industry group provides education about copyright and software licensing rules, plus it offers sample software asset management policies and free online tools so companies can self-diagnose and address potential piracy problems.
The group also employs a small team of software piracy investigators to follow up on the thousands of confidential leads it receives each year, primarily from IT managers and other IT employees. Computerworld was given unprecedented access to the BSA's Washington-based investigators and attorneys, who explained step-by-step how they find corporate software pirates and what they do once they catch up with them.
How it works
It all begins with a lead like this one, which was submitted to the BSA via its standard online fraud-reporting form (www.nopiracy.com) on July 8 and is now being investigated:
"I was the IT coordinator and questioned higher up why I was installing the same CD on all the computers even though we bought one license," wrote an informant. "[The] response was that [my employer] was too cheap to buy all the licenses."
The informant went on to say that "management knew about the issue from Day One and recommended it to save cost. This was brought up several times among the IT staff and was pushed off, as it was considered no big deal."
Another critical piece of information the informant supplied is the number of computers in use at the company and the number of PC software licenses or programs that were legally purchased. Among other irregularities, the informant alleges that a single purchased copy of Acrobat Pro software from Adobe Systems Inc. and five legally acquired copies of Microsoft Corp.'s Office Professional suite are in use on 69 user PCs.
"We ask a significant number of questions [in the online reporting form] because we're looking for as much detailed information as we can get to help us understand and get a comfort level that the person who is reporting really has the goods," explains Jennifer Blank, the BSA's senior director of legal affairs.
Once the lead passes a preliminary credibility check, Frank Konczakowski, the BSA's program coordinator for enforcement, contacts the informant to gather additional information about specific software-related conversations, memos or meetings that might bolster the case. The BSA also contacts the software vendor for whatever licensing or sales information it may have about the suspect company.
"If our informant reports 100 copies of Norton antivirus software but then Symantec reports 100 copies licensed, we know the lead is no good," Blank says. Because so many software vendors sell through multiple distribution channels, their information isn't comprehensive. But some BSA members, especially engineering software makers like SolidWorks Corp. and Autodesk Inc., "keep copious databases with registration numbers and transfer information and a lot of detail," she adds.
Wall of shame
The 10 industries most often reported for software piracy:
4. Financial services
5. Software development
6. IT consulting
Source: Business Software Alliance, Washington
In more than seven years as an investigator, the one thing that Konczakowski says consistently amazes him is "how blatant the pirates are." He has seen plenty of cases where a single legal copy of a PC software program has been installed on hundreds of machines. Even more troubling is that most informants who report corporate software piracy to the BSA say that the company knows about the piracy.
"Usually, our informant will say their company is aware of the problem and has made a deliberate decision not to buy the software but to pirate the software," says Blank. "Of course, when we investigate, we hear a different story from the company itself."
But the BSA doesn't put a legal press on all of the reports of piracy it receives. Rather, for a case to go forward, all BSA members must unanimously agree to move ahead with legal action. All leads and follow-up information are stored in a central database that licensing staffers and attorneys from the BSA's member companies access via an online portal. They then review the information and decide whether to take further action.
The cases that get escalated are those that involve "a reasonable number of computers and software" and have a "good lead," Blank says, although she declines to specify what the BSA considers a "reasonable number."
"It's not a set number of computers, but we're looking ultimately to reach a settlement with the company, so we have to look at whether it's worthwhile investing in legal fees," she explains. "If it's 20 copies of a $20 software program, that's not a great lead for me. But 10,000 computers and only three [legal] copies is a lot better lead. It's going to involve a larger case. So we're looking for a reasonable number of computers and a variety of software."
One other important note is that the BSA pursues only those cases involving software of its member companies. The group doesn't have the power of attorney to pursue cases on behalf of nonmembers.
If the case gets a green light, an attorney representing the BSA first sends the CEO of the target company written notice of the allegations and all of the details. The informant's identity remains confidential throughout the process. The organization also asks the company to perform its own investigation and an audit of all software published by BSA member companies.
Ultimately, the goal is to get the company to own up to the possession of whatever software it may be using illegally, agree to a financial settlement based on the retail price of the unlicensed software, and promise to comply with all licensing and copyright laws going forward -- all without litigation.
"Our goal is to work with companies collaboratively, not go to court," Blank explains. "There's a good reason. From a bang-for-the-buck perspective, I can sue two companies for the same amount of money I can do 20 audits. [Through audits] I can reach more companies and achieve more compliance. It's also cheaper for BSA and for the company defending itself."
Last year, the BSA received more than 2,500 informant leads, requested 920 audits, pursued one case in court and collected $9.5 million from settlements.
But the organization can and will take noncompliant companies to court. In June 2008, the BSA filed a copyright infringement lawsuit against Taney Engineering Inc. and Taney Cunningham Equipment LLC of Henderson, Nev., after the civil engineering company presented the BSA with an audit report whose findings varied significantly from the information provided by a confidential informant.
Unable to resolve the dispute during the audit process, the BSA filed a lawsuit and court proceedings began. Ultimately, however, Taney did reach a settlement with the group, which collected $205,000 in damages from the company.
"It probably would have been cheaper if they had just settled with us in the first place," says Blank.