You Can’t Always Tell a Pirate by His Flag!
By: R. Curtis Thompson, CPA.CITP, CISA
IT is a busy profession and management is always looking for ways to save money. Those two pressures can be dangerous and may even lead to illegal behavior by good honest people. I am talking about software piracy. That may be a harsh term for using unlicensed software but software developers don’t necessarily think so.
The Global Software Survey conducted by BSA, The Software Alliance (more on them later) was released in May 2016. They showed that 39% of software installed on PCs around the world in 2015 was not properly licensed, down from 43% in 2013, the date of their last survey. More specifically that rate was 25% in banking, insurance, and securities industries. 49% of CIOs identified security threats from malware as a major threat posed by unlicensed software.
While those figures are worldwide and you can blame countries that don’t recognize copyrights the way we do but the survey shows that 17% of the software in the US is unlicensed, costing software companies over $9 Billion.
This is where The Software Alliance (bsa.org) comes in. The Software Alliance is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
The Software Alliance (BSA) helps to develop compliance programs and promote legal software use but they are also a force behind stopping software piracy. Software piracy can be reported anonymously on their website and they will investigate as well as potentially prosecute offenders. In the US, the penalty can be overwhelming.
If the copyright owner brings a civil action against you, the owner can seek to stop you from using its software immediately and can also request monetary damages. The copyright owner may then choose between actual damages, which include the amount it has lost because of your infringement as well as any profits attributable to the infringement, or statutory damages, which can be as much as $150,000 for each program copied.
In addition, the government can criminally prosecute you for copyright infringement. If convicted, you can be fined up to $250,000, sentenced to jail for up to five years, or both.
Apart from legal consequences, using copied or counterfeit software also means:
- Greater exposure to malware and security risks
- Inadequate or no documentation and no warranties
- Lack of technical product support available to properly licensed users
- Ineligibility for software upgrades offered to properly licensed users
Most people would never think of stealing from a store or a neighbor but when you are imaging or using volume licensing, you could accidently over use the licenses that you have paid for. Using a software disk to install software that you have multiple licenses for could end up being used more than you paid for. All of these scenarios could happen due to trying to be efficient or cost effective with no intent of stealing but could still be considered theft.
So what’s the solution? They call it SAM or Software Asset Management. There are various software out there that can be used to track software license and keep you compliant. There are freeware applications like Spiceworks and paid products (many listed on BSA’s website.) Many will go out and actually scan your network for the software and help inventory all software you have as well as serve as a database that you can track these assets and provide reports on compliance.
My suggestion is to use your licenses as they were intended, and keep track of the number of installations of all software. Do an annual software audit of yourself. If you are out of compliance, work with your vendors to get you up to date. They will understand and work with you to get you there but if they come knocking on your door first, you may not have as much leverage and may face penalties, legal fees, possible criminal charges, and impact to your company’s reputation.
BSA can and will pursue even small companies for software violations. Don’t think that this can’t happen to you, even if you think you are doing everything right you need to make sure, in fact.
Much of the information in this newsletter was from www.bsa.org. They have a number of resources that could be valuable, including the Global Software Survey and a list of SAM applications. YHB can also provide software audits to help identify the installations you have and give you the assurance that you are properly licensed.
Throughout his time at YHB Curtis has provided IT audit and consulting to clients, even while holding the position of the firm’s IT director for several years. Now, as head of the YHB Risk Advisory Services Team, Curtis focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services. Also, he frequently speaks and gives presentations on SOX compliance, internal controls, and data security.