Pirates chased by watchdog


10 Dec 2004

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

The chances are that a large proportion of businesspeople reading this article have recently received a letter from software piracy watchdog, the Business Software Alliance (BSA), which was accompanied by a form known as a Software Audit Return (SAR).

The BSA sent out 15,000 such forms at the beginning of the month. The SAR asks businesses to list what software it holds within the organisation and what software it has purchased. By comparing the two lists the BSA says it hopes to get a clear picture of the level of software piracy within Ireland. Companies that can prove they are fully licensed receive a certificate in recognition of their status. So much for the PR. In reality, few if any under-licensed firms are likely to return the forms to the BSA but the annual exercise does allow the watchdog to make contact with a large number of companies that are under-licensed – whether unintentionally or not. Last year the programme targeted 13,000 small and medium-sized enterprises in two phases, of which 39pc responded and just 6.5pc were able to confirm they were fully compliant.

While companies are under no legal obligation to fill out the SAR and return it to the BSA, under the terms of the Copyright and Related Rights Act, 2000 there are significant penalties for firms that use software without a licence from the manufacturer. Deliberate and even negligent misuse of software is now a criminal offence, with directors and managers of a business potentially liable for fines up to €127,000 and/or five years in prison.

The Act also enables software publishers to raid the offices of companies believed to be using pirated software, once a stringent legal process has been followed first. It’s a road that the BSA is not afraid to go down – in 2003 it was behind seven such raids on end user companies while many other organisations made substantial settlements of up to €40,000 in order to get their software compliant.

Given that its members consist of some of the most profitable software companies in the world – including Microsoft, Adobe, Macromedia and Symantec – and high-profile actions against relatively small local firms, it’s hardly surprising that some in the industry accuse the BSA of being heavy-handed.

With the latest figures for software piracy in Irish business showing it is running at a rate of 41pc, however, at a projected cost of €71m to the local software business, the BSA is not making any apologies for its actions.

“There’s definitely an attitude within Ireland that it’s all right to do this as long as you don’t get caught – it’s the same with drink driving and speeding in this country,” says a BSA spokesperson. “As a result, we need to be heavy-handed.”

Perhaps recognising that while the big stick approach has been effective in getting software misuse rates down from a high of 72pc in 1995, the BSA is tempering its actions this year with an education and advice programme in association with the Small Firms Association (SFA). In the past, SFA director Pat Delaney has been one of those that has criticised the BSA’s approach but he now seems happier that the organisation is engaging with companies who may be inadvertently under-licensed. “This initiative from the BSA will help companies around Ireland by providing advice and support in relation to having the correct software licensing procedures in place,” says Delaney.

While it is clear that some firms simply decide not to buy software licences and take the chance of being caught out, many firms are simply struggling with the increased complexity of licensing offered by software publishers. The ubiquity of the internet also means that employees can easily download and install software to company networks without the knowledge of management.

Anthony Quigley is CEO of iQuate, an Irish software firm that offers auditing and analysis tools that enable firms to become compliant. “Our pitch to companies starts with corporate governance and risk,” says Quigley. “Non-executive directors have responsibilities as well. Under current regulations they now have to sign off that everything the company is doing is all right and that includes software.”

The financial scandals at Enron and Worldcom put corporate governance firmly on the agenda and companies with a US operation now have to comply with the 2002 Sarbanes-Oxley Act. However, even directors of local companies need to be aware that they have responsibilities under the Companies Act 2003, which includes ensuring that all their software is compliant and licensed.

Aware that software licensing is not a trivial matter for most companies the BSA offers a guide to software asset management that can be downloaded from its website at www.bsa.org/Ireland, where it also lists vendors of auditing tools such as iQuate.

“iQuate can provide you with a snapshot of your IT worth and your compliance levels,” says Quigley. “When we go into a big company we will run a scan that looks at every PC on the network and comes back with information on what’s installed on it. The company could have X number of copies of Windows or Microsoft Office but some of them will have patches on top of that or some machines may have service packs installed so there could be many variations. The next job is to put a value against each piece of software so that the company gets a financial snapshot of where it is.”

IQuate’s tools can then lock down the network and – through the use of daily scans – ensure that staff are not installing unsafe or unlicensed software that they have downloaded from the internet. According to Quigley, every company that he works with finds that they have non-corporate applications and data on their network such as MP3 music files, pornography, games and hacking tools.

“The BSA is not just there with a big stick and neither are we trying to do that,” says Quigley. “We are trying to educate people that their company has to be compliant and there are tools available to help them achieve that.”

By John Collins