Software Piracy (How to stay legal)

The lawsuits against these civil engineering firms resulted from tips to the Business Software Alliance's (BSA) anti-piracy hotline (800-688-2721). BSA is a Washington, D.C.-based trade organization dedicated to fighting software piracy. The trade group counts as its members Autodesk, Bentley Systems, Intergraph, Lotus Development Corp., Microsoft, Novell, WordPerfect Applications Group and The Santa Cruz Operation.

U.S. law prohibits duplicating software for profit, making multiple copies for use by different users within an organization, and giving an unauthorized copy to another individual. If caught pirating software, an individual or organization may be tried under civil and criminal law. < p> A civil action may result in statutory damages of as much as $100,000 per infringement. Criminal penalties include fines of as much as $250,000 and jail terms of as long as five years, or both.

Despite these laws, piracy costs the software industry an estimated $12.8 billion each year.

Software presents a unique problem because it is easy to duplicate and the copy is often indistinguishable from the original. According to Sandra Boulton, Autodesk's director of anti-piracy, "Unlike other works, such as audio and video tapes, there is no degeneration in quality from copy to copy, and the one hundredth or one thousandth copy can be a perfect replication of the original."

A program that reflects years of effort by a team of software developers and millions of dollars of investment takes only a few minutes to copy. Although software is expensive to develop, duplication costs little or nothing; virtually any PC can be used to make unauthorized copies.

Software theft takes many forms, and the reasons for unauthorized software copying range from pure profit motives to carelessness, ignorance of the law and a general disregard for the importance of treating software as valuable intellectual property.

"Software piracy stifles innovation, destroys the financial incentives for the creation of new programs and applications, and menaces the continued growth of the industry," Boulton said.

No one is immune

According to BSA's director of enforcement, Bob Kruger, the enforcement actions against Utica Enterprises and Louis-Berger reflect BSA's increasingly aggressive efforts to identify and pursue individuals and organizations found to be violating software copyright laws. "We are currently investigating a number of engineering firms," Kruger said. "If the evidence points to the use of unauthorized software copies, the BSA will not hesitate to take action.

"Unless a business can guarantee they have no unhappy present or former employees, they are at risk if they don't have a good software management policy in place," Kruger added. "Essentially, no one is immune. BSA's hotline calls come from a variety of sources -- managers, temporary free-lance employees, consultants, competitors, disgruntled employees -- in short, anyone who may have knowledge about your company."

U.S. law enforcement officials are also on the trail of software pirates. Between 1990 and 1993, the number of hours FBI agents dedicated to software piracy increased more than 400 percent. And more increases from the FBI as well as the Justice Department are on the way. In addition to these efforts, each of BSA's member companies coordinate their own anti-piracy programs, which may include their own hotlines and investigators.

"Conducting surprise audits on software pirates and filing lawsuits are certainly effective methods to enforce copyright laws," said Kruger. "However, we prefer to work with organizations to develop preventive measures such as the implementation of software compliance programs."

According to the BSA, organizations can avoid becoming the subject of a software piracy lawsuit by conducting an internal software review and implementing an effective software compliance program. Below is a step-by-step guide recommended by the BSA.

Meet software needs with original software

1. Assess your organization's software needs. Periodically survey users in your organization. Find out what software they need to make the most effective use of their PCs.
2. Identify the appropriate software profile for each computer or user. Based on input, ascertain the appropriate software profile for each computer in the organization. A typical software profile includes operating system software and programs for word processing, spreadsheets and database management. For engineering and architectural firms, it will probably also include CAD/CAM software and desktop publishing packages, as well as utilities, communications software and programming languages.
3. Commit, as an organization, to supplying original software to meet the software profile of all computers in the organization. Ensure that the organization acquires a full range of original software fully authorized by license or purchase terms and in quantities proportionate to the number of computers in use. These quantities should meet the software profile on each computer so that legitimate needs are fully met.
4. Set realistic budgets for hardware and software. One major pitfall is a mistaken belief that an organization can take financial shortcuts when it comes to software -- yet, no one expects to avoid paying for computers. Investments in hardware necessitate a comparable investment in software.
5. Deliver needed software to users in a timely fashion. If original software is available in principle, but acquisition is bureaucratic, slow or unduly restrictive, users are deprived of the software they need when they need it and may resort to unauthorized copying.
6. Anticipate reasonable user needs and plan ahead to meet them. As organizations, users and software capabilities change, software needs must also change. Keep the organization's software profiles current. This may highlight the need to acquire new releases of existing software or new programs. It may also permit specific departments in an organization to distribute software they no longer use to other departments, as permitted by license agreements.

Enforce compliance to ensure the use of originals

1. Prevent illegal software copying by removing its causes. Meeting organizational needs with legitimately acquired software is the single most effective means of preventing copying.
2. Communicate your organization's commitment to using only original software. Have employees understand and sign a software code of ethics or similar statement. (See sidebar.) Post a notice on each computer that states your organization's policy on software use and the consequences of violating that policy. Ask individual users to sign a statement acknowledging the policy.
3. Designate an individual to be responsible for ensuring proper software use in the organization. Often this person will be the manager of electronic data processing or management information services, but may also be an attorney, financial officer or accounting professional inside or outside the organization.
4. Track software acquisition in a software register. A software register can be a focal point, not only for planning software use, but for monitoring purposes, to ensure that only original software is used. The software register identifies each PC or workstation with information such as location and authorized user. It then gives each machine's software profile, which lists the software legitimately installed on the computer's hard-disk or legitimately used with the machine on floppy disks. In conjunction with the software register, maintain easily accessible files with the actual software license agreement's invoices and other documents showing that the software has been acquired legally. Returning registration cards to software companies facilitates this process and provides other benefits as well.
5. Inspect the software actually in use to ensure that all programs are legitimately acquired originals duly accounted for in the software register. Various computer programs ranging from batch files that run in disk-operating systems to full-featured utilities can be used to identify the programs on a computer hard-disk or on floppy disks. Special audit software is also available from a number of sources. Many auditing firms have made software audits a part of their routine financial audit. Consult your auditing firm. Inspections are often most effective when conducted without prior notice. Indeed, in BSA software piracy raids, courts have granted orders permitting surprise inspections of organizations suspected of software copying. Be ready for such surprise inspections by conducting your own inspection before outside searchers arrive. Be able to account for all the software you use.
6. If unauthorized copying is found, take appropriate steps, consistent with law and organizational policy, to ensure that the problem is corrected and is not repeated.

Many companies use stolen software. The BSA estimates that 35 percent of the software used in the United States is unauthorized. Many companies think they can get away with it. Utica Enterprises and Louis-Berger did not.

"The most basic issue of software piracy is a moral one," BSA's Kruger said. "When somebody decides to make or use unauthorized software copies, they are stealing -- and what kind of message does that send to others in the organization?"

For more information, a free copy of BSA's Guide to Software Management, and/or to report incidents of software piracy, contact BSA's Anti-Piracy Hotline at (800) 688-2721, or reach them on the World Wide Web at http://www.bsa.org/bsa, or via e- mail at software@bsa.org.

Software Code of Ethics

Unauthorized duplication of copyrighted computer software violates the law and is contrary to our organization's ethical standards. We disapprove of such copying and will apply the following principles to prevent its occurrence:

• We will neither commit nor tolerate under any circumstance the creation or use of unauthorized software copies.
• We will provide, in a timely fashion, legitimately acquired software to meet all software needs and in sufficient quantities for all our computers.
• We will comply with all license or purchase terms regulating the use of any software we acquire or use.
• We will enforce strong internal controls to prevent the creation or use of unauthorized software copies, including effective measures to verify compliance with these standards and appropriate disciplinary actions for violations of these standards.