Monday, May 11, 2009

Does Unlicensed Software Put Your Organization at Risk?

Before we begin…

Here is a quick test:

Question: Name the only type of software that you can use legally without a license.

Answer: Software you write for your own use. All others require some type of license from the author and using any of them without a valid license is illegal as well as taking a risk that you may be sued for damages.

Does this really matter?

It depends on whether you mind paying fines or not. Ask the folks at A.E. Petsche Company in Dallas, Texas. Not only did they pay a fine of over $90,000 for using unlicensed copies of Adobe and Microsoft software, they also ate their own legal fees and the expenses of an intense audit. And now they have a black-eye as well as possible ramifications to their federal government contracts (Petsche is in the military/aerospace industry).

Software is protected by copyright laws written to protect the author’s work product. It is the same as for a book author or music composer. When you purchase commercial software, you do not actually buy the underlying software code, you buy a license to use it (with a few exceptions) in accordance with the software license.

Under federal law in the United States, each violation carries a potential fine of up to $150,000 per software title copied illegally. Individuals prosecuted for criminal copyright infringement face up to $250,000 in fines and imprisonment of up to five years. So you be the judge as to whether this topic presents a real risk to your business.

So who is watching, anyway?

Software licensing is a major challenge for every software manufacturer from a one-person start-up to Microsoft. Piracy is rampant and software manufacturers are continuously looking for new ways to prevent illegal distribution of their products and catch those who use pirated versions. The Business Software Alliance is the largest IT industry group formed to address international software piracy issues. Another is FAST IiS—Federation Against Software Theft & Investors in Software.

Both organizations work to help manufacturers protect their products from piracy and both try to educate the public on the negative impact to the IT industry that piracy has. And the public is listening. BSA reports that over 2500 potential violations are submitted each year to its website,, and its toll-free phone number, 1-888-NO PIRACY. In fact, the Petsche case arose from an anonymous tip.

Now the bad news (for software pirates): BSA offers rewards of up to $1 million USD for qualified reports of software license violations. In other words, your co-workers could really cash in by reporting you.

Who is watching? Assume everyone is.

But what about shareware and Open Source software?

Freeware, shareware, open source software—you have heard the terms. Each is a type of software license. It is a common misconception that they are available for anyone to use without a license. In many cases, they are not even free.

Even freeware—software that is available for use without payment—is covered by a license and users are obligated to comply with the license. Its authors are also protected by copyright laws whether you pay anything for their work or not.

Software provided to the public as “Open Source” and “Copyleft” come with the specific stipulation that the user may freely copy, examine and modify the source code, and redistribute the software to others (free or priced) as long as the redistributed software is also passed along with the copyleft stipulation or open source license.

What you don’t know CAN hurt you!

Assuming that your policy and directives to staff specify that all software used on business computers and for business purposes wherever installed must be properly licensed, you cannot go quietly about your work and safely avoid any risk of anything happening to you or your organization.

Companies who found themselves in hot water typically did not have a solid program for auditing or enforcing their own rules or the terms of their software licenses. Meyers Industries, Taney Cunningham Equipment, Nuvelo, Inc., Graham Downes Architecture, Inc., Styles for Less, Inc. and Web US Mail, all have written checks they would rather have not written for software license violations. They spent money on lawyers, auditors and fines that could have been spent on pay raises, equipment upgrades or even paid to investors as profits.

All they needed was a simple system that they actually followed.

What’s a small business person to do?

There is help for those who want to comply. To begin with, use common sense such as following these guidelines:

» Adopt written policies that prohibit the use of unlicensed software
» Educate your employees on why the organization must insist on full compliance
» Establish an authorization process for all employees—even IT—to follow before installing and using any software, but make sure it is easy to follow
» Keep an active inventory of every software product in use and ever purchased by your organization
» Promptly delete any software found on your computers that is unlicensed or whose license cannot be verified

FAST IiS has several practical resources online if you want more ideas: Know Your Responsibilities and Risks, 10 Ways to Avoid Buying Pirated Software, Effective Software License Purchasing and 4 Steps to Effective Software License Compliance and Management.

The BSA will not accept post-violation compliance and clean-up as an excuse to avoid penalties. Your organization will waste countless hours of productivity responding to an investigation as well as huge sums of money. Prevent that type of waste and manage this risk with your compliance program. It is worth it.

The BSA site has a good list of free Software Audit Tools. Use one of them. You might be surprised at what you find.

(Here is another similar post on this topic that I found useful.)

1 comment:

0s0-Pa said...

Only if you are referring to electronic discovery software! Although FTI Tech is pretty good about combatting those risks.