Software Piracy – Don’t Copy That Floppy
Anti-Piracy “Don’t Copy That Floppy” Campaign
Imagine this alarming scenario. It’s the middle of a busy, productive afternoon at the office when unexpected visitors suddenly arrive: a federal marshal accompanied by a representative of the Software Publishers Association (SPA). They have come to search all the company’s computers for unauthorized copies of software programs. And they are armed with a federal warrant.
If the investigators find programs for which the business holds no license, or more copies than a site license allows, the crime could be a felony, and the penalty could hit six figures. The experience could also tarnish the firm’s reputation, cause employee morale and productivity to plummet, and create public humiliation for those at the top.
While this scenario is an extreme one — representing the most dramatic action taken by the SPA as it seeks to reduce the nation’s software piracy problem — it is a distinct possibility for companies without an effective software management policy in place.
“It’s cheaper in the long run to implement a good software management policy than it is to face investigation by the SPA,” emphasizes Jane Edwards, manager of public relations at Discovery Toys of Martinez, California, which was searched in early 1992. Similar to most businesses audited for software piracy, Discovery Toys settled out of court by paying fines and agreeing to establish company policies to monitor employees who may add illegal programs to their computers.
“When your business is growing, you’re thinking bottom line, you’re thinking about moving ahead with your plans,” Edwards continues. “The last thing you are thinking about is whether someone has put something unauthorized on his computer. We sure think about it now.
“Parametrix, Inc.’s president Waite Dalrymple agrees. The Seattle-based engineering consultancy paid $350,000 when it got caught with dozens of illegal copies of software. “When raided in February 1991, we were able to reach a settlement with the SPA. However, the fees they can assess for each piece of pirated software are staggering. It’s just not worth it to put off dealing with the problem.”
So far, only one of the more than 100 companies the SPA has resorted to searching since 1989 has come out with a clean bill of health. When the SPA paid a surprise visit to Snap-on Tools Corporation in Kenosha, Wisconsin in 1991, the firm was able to prove that each and every software copy it possessed was legal. Despite this, after the suit was dropped, Snap-on beefed up its software management policy to provide better documentation.
“Aside from legal expenses, the investigation also cost us in terms of productivity and employee morale,” says David Heide, manager of Snap-on corporate communications. “It was disconcerting for our employees to even be associated with so-called `white collar crime.'”
Costs Of Piracy
To many computer users and office managers, horror stories of company searches by federal marshals seem unreal. Copying software is so easy that it doesn’t seem like stealing. It’s almost a Robin Hood Act — taking from big, rich companies such as Microsoft — isn’t it?
Not according to the SPA. Stealing software is a serious crime that hurts both publishers and end-users. Those who “soft lift” often work at for-profit companies and steal from vendors who are struggling to survive in a highly competitive marketplace. Although illegal copying has decreased in the last few years, the SPA estimates that today in the U.S. about one out of every five copies of software is still bootleg. The group further calculates that approximately $1 billion in revenue was lost to software piracy in the U.S. in 1992, out of an annual market of $6 to $7 billion.
Not only does piracy translate into higher prices for users, but it also costs jobs. The U.S. Labor Department estimates that every billion dollars in lost sales equals 50,000 lost jobs.
Are You A Software Pirate?
Piracy is so common that many companies do not realize they are breaking the law. Parametrix’s Dalrymple explains, “It’s insidious. All you need to do is put two computers next to each other and you’ll get illegal software copies.”
Small firms are especially susceptible. Owners and managers tend to allow employees more freedom, which may open the door to copying home software to business machines and vice versa. Also, many small business owners are reluctant or unable to spend the money required to get the appropriate number of legal copies of each program they use.
The solution is knowing what’s legal and what’s not, and developing a sound software management policy.
When purchasing computer software, you are not actually buying the software itself, but rather permission to use it. All commercial software comes with a licensing agreement that specifies what copying is authorized. Any unauthorized copying constitutes piracy.
Generally, software programs for personal computers offer exclusive licensing to the purchaser to copy the program onto one machine and make one backup copy of the original diskettes. Additional copies are illegal. Site licenses may allow multiple copies and network usage within a specific organization. If you have any doubts about what is legal, read the license carefully and call the software company with your questions.
Getting caught making illegal copies became much costlier in October 1992 when Congress passed, and President Bush signed, new laws that make software piracy a felony. Those caught and convicted now face fines as much as 10 times higher and jail terms as much as five times longer.
Under the recent statutes, it is a felony to make or distribute 10 or more copies of any copyrighted works with a retail value of more than $2,500 during any 180-day period. Penalties include a maximum prison term of five years and a maximum fine per count of $250,000 for an individual, $500,000 for an organization or twice the gross gain from the offense. Copyright infringement not meeting felony thresholds is a misdemeanor, subject to a maximum sentence of one year.
Since 1988, the SPA has pursued copyright enforcement through actions ranging from cease-and-desist orders to surprise corporate audits and seizures. In 1993, an average of 20 phone calls a day came into the organization’s piracy hotline. During the year, the SPA initiated audits and lawsuits against more than 300 companies — resulting in payment of $4 million in fines and penalties. Today the SPA initiates lawsuits and audits at an average rate of 10 a week.
“We have two tools available to use — moral suasion and litigation — and we are continuing to use them both,” explains SPA’s executive director Ken Wasch.
Establish A Sound Software Management Policy
A strong, publicized company-wide policy of software management and enforcement is crucial to keeping an organization clean.
Put Someone in Charge. Concentrate responsibility for all software with one person in a small business, or with a designated person in each department in a larger firm. The software manager should be responsible for the purchase and monitoring of software, the maintenance of documentation, the education of employees, and the assurance that the company’s policies are published and followed.
Distributing a memo once every few years is not enough to protect the organization in the event of a lawsuit. Distribute copies of company policy to each employee every year, and place a “Do Not Copy Software” label on each computer and software disk to remind employees of the policy.
Keep a Software Log.
Having information in one place is crucial if you are audited. Keep a log that records when software is purchased, who is to use it, and on which machine it is to reside.
Accumulate software documentation and devise a system for labeling. One suggestion is to create a separate folder for each computer in which a copy of invoices, licenses, warranty cards, and original diskettes for all software used on the computer are stored. Be sure registration cards are sent into the manufacturer. If you cannot find documentation, delete the software and purchase new copies.
Don’t Tempt Employees.
Store documentation and original diskettes in a secure cabinet.
After purchasing an upgrade, remove the old version from the hard drive, and destroy the old disks. They cannot be legally sold or used on another system.
It is advisable that software managers perform a search on all directories at least once a year to make sure all software is legal. Illegal copies should be destroyed. The SPA offers a free Macintosh and DOS software inventory management tool called SPAudit; call (800) 388-7478 to order a copy. Audits are the only way to guarantee a company is staying clean, and also let employees know the firm is serious about its software management policy.
Inform New Employees.
Publicize software policy as part of the orientation for new employees. Provide one copy of company policy for employees to keep, and another for them to sign. Place signed copies in their personnel folders. The policy should clearly state that the firm does not condone illegal copying and that employees who illegally copy can be disciplined or even terminated. The policy should also state that employees having knowledge of misuse should report it.
Discipline Illegal Copiers.
Investigate when illegal copies are found, and if a perpetrator is discovered, discipline the person responsible. Let the employee know that copying software is a serious crime, and that the company cannot tolerate such criminal activity.
Also Protect Your Hardware.
While devising a software management policy, it’s a good idea to take time to protect hardware as well. Consider assigning the company’s software manager the task of investigating how best to prevent theft, such as purchasing locking cables that secure computers to desks. Be sure to ask your insurance company if it offers discounts to firms that secure computers.
As the capabilities and usefulness of computers continue to increase, they have become an important tool for more and more businesses. And, like other critical assets, they should be zealously safeguarded — including the software they house. It’s the law, and it also makes good business sense.
A CLEAN BILL OF HEALTH FOR SNAP-ON TOOLS CORPORATION
Four armed U.S. marshals and three representatives from the Software Publishers Association arrived at the headquarters of Snap-on Tools Corporation in Kenosha, Wisconsin with a search warrant in March 1991. After spending the next two days printing out directories on all the firm’s
300 computers, the SPA asked the company to provide documentation conclusively proving that the software listed on the directories was legal.
“Although we had a heck of a time finding all the documentation because we hadn’t maintained the best filing system, we did have everything we needed — original diskettes, invoices and licensing agreements,” reports Ed Johnson, one of two microanalysts who run Snap-on’s micro center. Although the entire process took several weeks, Snap-on was able to show that all its software was legal, and the SPA dropped its lawsuit.
This marked the only time in its history that the SPA has dropped a lawsuit. “The raid and software audit at Snap-on were, unfortunately, based on incorrect information,” recalls the SPA’s director, Ken Wasch. “The Software Publishers Association commends Snap-on for its professionalism and cooperative spirit in resolving the matter swiftly.”
David Heide, Snap-on’s manager of corporate communications, credits employee honesty, if not superior software documentation management, for beating the lawsuit. “We had an acceptable system, but the software raid and subsequent audit had a galvanizing effect on us. Our adequate documentation system of 1991 has evolved into an excellent system today.”
Snap-on’s improved management system includes requiring all employees to sign an anti-piracy declaration as a condition of employment. Snap-on also gives each department manager personal responsibility for ensuring the software in that department is legal. “Our system keeps the appropriate documentation envelope associated with each computer. Each department manager is responsible for maintaining the envelopes and checking the department’s computers,” explains Johnson.
For Snap-on’s networks, only Johnson and his microanalyst colleague, Terry Morin, are permitted to load software onto the servers. They maintain all the file servers and their software documentation behind locked doors.
“We also conduct unannounced internal audits,” he adds. “We maintain the right to check any computer at any time, so employees keep their computers clean. They know their jobs depend on it.”
SPA, THE SOFTWARE COPS
“If you’re used to the image of the FBI knocking three times and kicking down the door, I think our raids are pretty genteel by comparison,” claims Software Publishers Association (SPA) lawyer Ilene Rosenthal. “It’s certainly not a matter of `Put down your mouse and come out with your hands up.'”
Still, with more than a billion dollars worth of software illegally copied in the U.S. each year, piracy is a serious crime, and SPA raids — the most dramatic of the actions it undertakes — are serious business.
The SPA was formed in 1984 to represent vendors in the consumer and educational markets. The group expanded its focus and began policing use of pirated software in 1986-87 when companies such as Lotus and Microsoft joined up. Currently representing approximately 1,000 software companies, with offices in Washington D.C. and Paris, a staff of 40, and a budget of $9 million, the SPA is a significant force in reducing piracy.
SPA set up its hotline number (800) 388-7478 in 1989, and 90 percent of the information used in the organization’s prosecution now comes from this source. An average of 20 calls comes in each day, and approximately a third of those end up being actively pursued.
Pursuing Software Crime
Typically, the process begins when a disgruntled current or former employee tips off the SPA via its piracy hotline. Each informant is required to sign an affidavit attesting to the veracity of the claims made before the SPA will contemplate any legal action. After an in-depth phone interview, the SPA follows up with an investigation. For example, the group looks at registration records the accused company has on file with specific software publishers. If the informant asserts that the firm has significantly more copies than the publisher has licensed to it, the SPA’s suspicions are immediately aroused.
Information from this investigation is subsequently turned over to a Copyright Protection Fund Committee that includes representatives of a dozen vendors. The committee considers both the quality of evidence and management’s complicity. The group is primarily interested in “wanton willful” copying, not individual copying on a minor scale.
The SPA then chooses one of three avenues to pursue to remedy the piracy. In cases where evidence is not complete enough to support a lawsuit, the SPA sends a “cease and desist” letter notifying the defendant company that it has evidence to indicate possible use of illegal software on the premises. The letter asks the firm to correct any violations and notify the SPA upon doing so. No penalties are assessed.
The second avenue, which accounts for 90 percent of SPA actions, is in the form of an audit letter. This letter, sent to the head of the company as an alternative to litigation, proposes that the SPA come to the premises and conduct a complete software audit.
Once inside, SPA auditors run software tools that identify all the software on every PC and server on the company’s premises. The firm is responsible for producing documentation — original diskettes, invoices, licensing agreements — proving that the software was legally purchased.
All illegal copies are destroyed.
After a voluntary audit, which is handled confidentially, the only consequence is that the defendant company must legally purchase the proper number of copies of software, and agree to implement better software management policies in the future.
SPA’s executive director Ken Wasch warns that while waiting to be audited, companies should not give in to the temptation to erase programs. The SPA uses Norton Utilities and other tools to try to reconstruct them. “We have a lot of experience with people who say they will cooperate while at the same time they wipe their hard disks clean,” Wasch comments. “They end up paying a much larger penalty.”
Surprise Raids And Fines
If a company ignores the SPA’s audit letter, or refuses to submit to a voluntary audit, the group resorts to its third avenue of action. It turns the case over to outside counsel, usually an independent law firm in a city near the offending company. The law firm, sometimes using private investigators, tries to determine the extent of the piracy. When enough evidence has been amassed that federal copyright laws are being broken, the lawyers ask a federal judge for a temporary restraining order and a search warrant. The SPA then arrives unannounced on the defendant organization’s doorstep accompanied by armed U.S. marshals.
After this surprise raid, carried out in much the same way as a voluntary audit and designed to prevent destruction of evidence, most companies decide to work out a settlement with the SPA, rather than fighting the case in court.
Under the law, fines can be as high as $100,000 for each infringement, in addition to legal fees. Settlements typically include fines that equal the retail value of the pirated software. However, since these illicit copies are destroyed, the company also faces paying that price again if it wants to purchase legal copies. “In essence, the company pays double,” Wasch explains. And the SPA also touts its victory in press releases.
In 1992, through voluntary and surprise audits, the SPA forced companies to buy $9 million worth of software that they had been using illegally. Money paid as fines goes into a special SPA fund that supports SPA enforcement programs and educational efforts — including distribution of software inventory management kits.
If you are an individual user with a computer full of “borrowed” software, the SPA probably won’t be knocking on your front door, even though you are breaking the law. The cost of catching you is simply too high. And Fortune 500 companies are infrequent targets because most large firms, fearful of the adverse publicity that comes with being tagged a pirate, are now trying to root out piracy internally. The most common targets of current crackdown efforts are small- and medium-size businesses that have enough pirated copies — and enough money to pay fines — to make action worthwhile for the SPA.
Assistance In Staying Legal
While surprise raids grab headlines and galvanize management into action, the SPA also engages in more mundane awareness and prevention campaigns.
More than 90,000 copies of SPAudit, SPA’s free software inventory management tool, have been distributed in the last three years. The SPA also publishes a more comprehensive guide for managing software assets — the Software Management Guide. This package contains a video, SPAudit and a set of internal control procedures designed to protect an organization from allowing illegal software to proliferate.
The SPA sells two videos as well. It has sold nearly 35,000 copies of its 12-minute “It’s Just Not Worth the Risk,” and approximately 20,000 copies of its eight-minute musical rap video “Don’t Copy the Floppy,” which is designed for school-children.
In addition, another trade association — Business Software Alliance (BSA) — is committed to vigorous enforcement of copyright laws. BSA represents eight companies which collectively provide nearly 71 percent of the world’s packaged PC software published by U.S.-based firms. While primarily concerned with international copyright enforcement, BSA has its own U.S. anti-piracy hotline and includes the United States among the more than 30 countries it monitors.
According to the SPA’s Wasch, anti-piracy efforts are paying off. He estimates that the amount of software pirated in this country dropped from $2.4 billion in 1990 to $1 billion in 1992. Still, he points out, $1 billion amounts to the combined revenues of 81 of the nation’s top 100 independent software publishers.