Do you already use GNU/Linux on your desktop system(s)? Vote in our poll! Number of GNU/Linux Desktops
For quite some time now I have had a vague notion to write about so-called “software piracy”. That vague notion has sharpened into a resolve to write about Proprietary Closed Source Software (PCSS), “software piracy”, GNU/Linux, Free Open Source Software (FOSS) and your business.
One of the enforcers of PCSS licenses is the Business Software Alliance (BSA) founded by Microsoft and containing a Who’s Who list of IT industry leaders. The BSA encourages “informants” a.k.a. “rats”[1] to contact them and for a promise of compensation to confidentially turn in businesses practicing “software piracy”. It is highly likely that any business on Earth using PCSS software is not fully “in compliance” with the Draconian software restrictions of PCSS licenses. As a result any company that uses PCSS software and has employees or hires outside IT contractors must have some concern about this. There is no other way to look at it and be safe.
Following is an example of a “software piracy” rat turning in a company that was “pirating” software. Listen below to the BSA “Interview” with this “Informant”.
If the above does not work, try the following:
Direct URL to the MP3 at the BSA Informant Website.
If neither of the two above work, try the following:
A copy saved from the BSA Informant Website.
As an outside consultant for small businesses I find that little “interview” disturbs me personally on a deep level. When I work for a small business that I can determine is not in compliance with some software license my first inclination is not, “Hey, I’ll call the BSA and get in line for my million!”. My response is to pull the business owner aside and explain to him or her the dangers inherent in having non-compliant software, employees, outside contractors and the BSA. In almost all cases where I have done this the owner was grateful and wanted to make things right. In the very few cases where the owner knew about the problem and was fine with it I eventually quit doing business with that client. In the latter cases I never was inclined to rat on them.
I have a serious problem with the idea of being a “software piracy” rat, so I just will not do it. But, that does not mean if you are my client you are safe from “Joan” over in accounting who you just had to discipline for updating her Facebook page on the job. Dear “Joan” may decide she is going to quit and has to “get even” with you. “Joan” knows you have some software licensing problems and knows that the BSA will pay her to rat on you. So “Joan” contacts the BSA and rats on you. Then the BSA goons show up at your door with Federal Marshalls and a warrant.
I suspect that more often than not a “software piracy” rat is going to be an upset employee or ex-employee. Of course the BSA example “software piracy” rat in the “interview” above is supposedly an outside contractor or consultant that turned in one of the companies that trusted him. Obviously, if true, this means if you own a business you must worry about anyone that has access to your computer systems deciding to shoot for getting some BSA cash for turning you in. Do you think that cannot happen to you? Do not bet your business on that. Go read about Ernie Ball Incorporated [2][3][4], then do some rethinking of your position.
Do I advocate “software piracy” of PCSS? No, I do not. No matter what my personal feelings are on the matter I do not advocate breaking the law in the case of PCSS. What I do advocate is taking a serious look at FOSS instead. One cannot “pirate” that which is “free”. Sure, one can violate the terms of an open source license and be liable in court, but not as just an end-user.
Here are some examples to consider.
Do you have a license for 10 copies of Microsoft Office? Is it installed on 12 computers but only used on 9 of those computers? You are not in compliance with the licensing terms so a rat may decide to turn you in to the BSA for some cash. However, if you switch to the OpenOffice.org office suite and erase all those copies of Microsoft Office then you will have no more worries about licence incompliance for your office suite.
Do you have any PCs with XP Professional? When you have to reinstall those do you make sure that no two PC systems have the same license key? If not, then you may be out of compliance with the license terms for XP Professional and a rat may decide to contact the BSA about you. But if you erase XP Professional from your hard drives and install Mandriva, or Ubuntu, or Fedora or any of hundreds of FOSS GNU/Linux distributions you will no longer need to be concerned about a visit from Federal Marshalls and the BSA.
Do you use Adobe Photoshop in your graphics business? Did you make certain that Photoshop was deleted from those 8 old PC systems inherited by the accounting department when your graphics artists got all new systems? No? Then you are out of compliance and “Joan” in accounting has just decided you are getting a visit from the BSA when she quits. Although, if you get rid of Photoshop on Microsoft for The GIMP on GNU/Linux you do not have to worry about a visit from the BSA because you forgot to remove The GIMP when your PC systems found a new department in which to live.
Wait! Before all you graphic “arteests” start whining, again, about Photoshop versus The GIMP think about this. As an individual you can have a say in development of The GIMP. You can join the project and help get in the features you want to see. On the other hand you as an individual have almost no chance of affecting the development of Photoshop, unless you work for Adobe. See? That is how FOSS projects work (usually) versus how PCSS projects work (usually).
My final solution to “software piracy”? Leave the PCSS behind and do a complete switch to FOSS. Ernie Ball Incorporated did and as far as I can tell from all reports I can find they are better off after doing so.
This many unique visitors have seen this article:
| Powered by vocational schools website. |
Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.
Edit Sat Sep 26 16:36:03 CDT 2009: Fix a repeated sentence.
on Sep 26th, 2009 at 4:38 pm
All, do you know a small to medium business owner that might have software license compliance problems? Please refer that owner to this article. You may be their hero for doing so.
on Sep 26th, 2009 at 5:41 pm
This seems like a condensed version of a similar talk at an open source conference recently. Some pretty good points made, however my own thoughts on the matter is that if the commercial software is better featured, then it is in the business’s interest to use the software that better matches their needs, and not spend countless hours filing bugs.
Licensing issues can be quite murky at times, though in the cases you mention of this many computers having a license, and some not being used etc, such issues can be resolved by actually calling the company. You know, those people care more about getting your money and are willing to give you some extensions if you ask nicely/bitch about it enough. They’d rather have repeated customers who would call and ask for new licenses to replace the ones that were invalidated but already paid for than someone just leaving them completely. I have first hand experience in this and have also heard such from acquaintances.
If you can make do with this or that FOSS project, fine, but if the business is booming with the commercial package then success shouldn’t be messed with.
on Sep 26th, 2009 at 9:30 pm
Ed (comment #2) thank you for reading.
The primary point is not about companies that know they are out of compliance and call Big Proprietary Software Maker to fix things up. I think almost everyone is aware this can be done. It is about companies that get nailed because they do not know they are out of compliance. When someone inside or outside the company rats on them then they have a problem. With FOSS there can be no problem like that.
Edit: For the record, I do not go to conferences nor do I follow what happens at them. Could you point me to a URL that covers the conference talk you heard?
Edit #2: What do you mean “make do with this or that FOSS project”? I find that the FOSS I use for my business is easily as good as anything I ever saw from a PCSS vendor.
on Sep 26th, 2009 at 9:51 pm
There’s a misconception that needs to be resolved regarding the BSA.
They have NO jurisdiction to come knocking. If they do, simply refuse them access. Even a confidential informant to the BSA isn’t going to be enough to get Federal Marshals at the door with the BSA. So just refuse them entry.
The ONLY party that can claim infringement is the holder of the copyright… and it’s up to THEM to do so. In the thousands of software licenses I’ve seen (many of which have been on vendor paper), virtually ALL of them specifically even state that there are “no third party beneficiaries” under the agreement. This is actually intended to prevent someone from trying to claim benefit under the agreement to the detriment of either party… but it also works to prevent the BSA from trying to enforce copyright on behalf of even a BSA-member organization.
Oh, and Microsoft isn’t going to come after a business for 2 excess licenses. They have much bigger fish to fry. At the consumer level, this is why they’ve instituted all sorts of licensing phone-home schemes… because they know they simply don’t have the manpower to try to enforce their licenses.
Does this mean you should pirate software? Of course not. But let’s be realistic about what would happen if you did.
on Sep 26th, 2009 at 11:11 pm
Jeff Gordon (comment #4) thanks for reading.
The BSA is the group to which one reports “piracy”. That is the place that starts the “Indiana Jones Temple of Doom Boulder” rolling toward a business.
Okay, so the small business of Ernie Ball Incorporated was not raided because someone turned them in to the BSA. Oh wait, they were. Apparently some copyright holder named Microsoft did follow up on that. The whole situation started with a rat and the BSA.
Alright, how about this, the RIAA (different organization, but still much bigger than you or me) will not go after individuals for sharing “stolen” songs. Oh wait, they have. So there is a precedent for large multi-company organizations to litigate against individuals for “infringement”. The parents of the teenagers that were sharing “stolen” music still have to show up in court and spend money on defense, even if they win the case.
Now, I agree that Microsoft is probably not going after individuals for software piracy in most cases. Unless they have some point they want to make by going after individuals that is. But there is a precedent for Microsoft going after businesses that are reported to the BSA. The BSA must represent its member companies in some manner, otherwise what is its purpose? Its purpose is to be the hit man for its members. Here, this is from the BSA web site:
Investigations and enforcement: BSA solicits and receives thousands of reports of alleged software piracy each year from end users, resellers, law enforcement, member companies, and affiliate associations. BSA investigates these tips and ― when necessary and appropriate ― files civil lawsuits to stop software piracy. BSA refers particularly egregious cases to national law enforcement authorities for criminal prosecution.
That says to me that the BSA has some power in these cases. Go read it for yourself: About BSA & Members. I guess they thought Ernie Ball Incorporated was one of the “particularly egregious cases”. But from all I have read about that case Ernie Ball Incorporated was no different from hundreds of other companies that pass computers down the chain.
Realism is that Ernie Ball Incorporated never was a software pirate. Yet the Federal Marshals and the BSA showed up and shut them down while they sifted through computers looking for dirt. This could happen to any business that has a “software piracy” rat. Trying to pretend otherwise is not productive.
Edit: Ah! I get it now. Mr. Gordon is looking to drum up some business from people with licensing concerns who may be here to read this article. Okay, Mr. Gordon, I’ll leave your URL intact. Folks, click on Mr. Gordon’s name to see his web site that hawks his $114.95 book about licensing.
on Sep 27th, 2009 at 12:15 am
[...] GNU/Linux and FOSS versus “Software Piracy” – The ERACC Web Log blog.eracc.com/2009/09/26/gnulinux-and-foss-versus-software-piracy – view page – cached Do you already use GNU/Linux on your desktop system(s)? Vote in our poll! Number of GNU/Linux Desktops — From the page [...]
on Sep 27th, 2009 at 7:55 am
All, Before someone else chimes in and points this out I will go ahead and state it. There are likely more steps between ‘So “Joan” contacts the BSA and rats on you.’ and the point where ‘Then the BSA goons show up at your door with Federal Marshalls and a warrant.’ But the end result is that your business can be put in the position where it has to spend some more money because of PCSS licenses.
on Sep 27th, 2009 at 3:45 pm
[...] http://blog.eracc.com/2009/09/26/gnulinux-and-foss-versus-software-piracy/ a few seconds ago from kdemicroblog [...]
on Sep 27th, 2009 at 5:34 pm
[...] GNU/Linux and FOSS versus “Software Piracy” My final solution to “software piracy”? Leave the PCSS behind and do a complete switch to FOSS. Ernie Ball Incorporated did and as far as I can tell from all reports I can find they are better off after doing so. [...]
on Sep 28th, 2009 at 10:14 am
[...] #Linux and #FOSS vs Software #Piracy http://blog.eracc.com/2009/09/26/gnulinux-and-foss-versus-software-piracy/ [...]
on Sep 28th, 2009 at 10:50 am
Compliance is futile…you shall be fined.
I will admit up front, sometimes the software you need to use for your business is going to be non-foss. There are people who need AutoCAD and Photoshop. In those cases you know you are dancing with the devil. Part of that dance is “compliance” which takes more work than most people think.
At an company where we had 8 locations in 3 states. 70 desktops and 14 servers. It was almost a full time job. The problem is you have the following flavors of compliance.
a) I don’t care if I am in compliance or not
b) I think I am in compliance
c) Feel good compliance
d) I dot every I and cross every T and am in compliance.
Most companies operate at level B or C. Having 10 computes and 10 copies of office is not good enough. Computers move around and software gets reinstalled. OS’s get reinstalled.
Most compliance is “feel good” compliance. Remember the final arbitrator of what real compliance is, is the company that licensed the software. For most folks that means dealing with Microsoft. Lets talk about being in 100% compliance.
You need a computer. That computer needs to have a receipt for it showing that you purchased it. The receipt needs to show that an OS was included and paid for. It needs to show what version of the OS was included. I.E. If it says “Windows XP” you had best be able to produce a CD for Windows XP with NO SERVICE PACKS. If it says Windows XP SP1, you had best have a Windows XP SP1 CD. What if your CD does not match? Then you are not in compliance.
So you need the receipt, the document OS, the certificate of authenticity, the install media. You need to be able to match it to the computer it is installed on, including License Keys. If you re-image your computers you need 2 licenses. 1 for what came on the machine orginally, and 1 for your “corporate image”. You need to make sure there is a 1-to-1 correspondence. You have to make sure all serial numbers match the machine they are installed on. Anything short of that and you are not in compliance.
Every 3 months we would audit all software, all computers and make sure everything continues to line up. It takes work. Someone will move a PC at a remote location. Software breaks (like MS Office) and needs to be reinstalled. You are now reinstalling Office on what you think and have been told is REMOTEPC1 and it turns out to be REMOTEPC3.
To go past feel good compliance requires documenting who uses what computer, all computer moves, all software installs. Physically auditing the paperwork related to each computer and physically auditing each computer. It is a pain in the rump.
98% of all businesses, schools, city, counties, states, non-profits could not pass a real BSA audit. Unless you audit yourself several times per year, there is no way to pass. Almost all business are out of compliance and are 1 disgruntled employee or shrewd competitor away from an audit.
I agree with Ernie Ball. There should only be a handful of PC’s in a building that have any NON-FOSS software on them. The more systems you run on FOSS the less exposure you have to an audit that you are almost certain to fail if it ever takes place.
Side Note: I worked for a company were in there recent economic downturn a bank that had loaded us money for improvements got the idea we had “over inflated” the value of the company to get a larger loan. So they went to FBI, cried “wire fraud” and we were raided by the FBI.
So there is an FBI agent in a flack jacket, with shotgun in hand telling me to step away from the computer, NOW. Do NOT touch another key on the keyboard. It had been about 2 1/2 months since my last audit, so I knew there was the possibility of at least one computer with a goofed up license key. I always find at least one computer like that. I just kept repeating to myself “It is OK, Federal Marshal BSA raid, FBi must be another problem that I do not have to worry about.”
That my friends is a sad state of affairs. We had the goal of being in 100% compliance 100% of the time, re-audit every 3 months. Document everything religiously and still know with the “human factor” an item or two always needs to be fixed to maintain that 100% compliance. The fact I was more worried about the Federal Marshals performing a raid for the BSA than I would be about the FBI raiding our facility for anything else.
Open source software is the way to go.
on Sep 28th, 2009 at 12:21 pm
Elder-Geek (comment #11) thank you for reading and for your comment.
All, Elder-Geek and I are both warning you that a switch to FOSS from PCSS is the only way to know you will not be raided. If you still are not convinced that your small, medium or large business is not at risk with PCSS then maybe the BSA’s own reporting will convince you: BSA.org - Piracy News
on Sep 28th, 2009 at 5:15 pm
Here’s another one. Ken “Helios” Starks talks about a company CEO that called him asking him if “your Linux thing” could fix his broken network. Turns out a previous “consultant firm” had installed pirated copies of MS Windows XP on the workstations (IIRC, someone’s nephew was involved), and one of the later “consultants” had seen this and ratted. The BSA goons showed up with a “helpful” Microsoft sales rep in tow trying to pretend he was the “good guy”. You know, just along to “help” this company get into license compliance.
Rather than pay up, this CEO told them to get out or he would physically throw them out. Turns out this CEO had done his homework on the BSA and knew that it and Microsoft were joined at the hip. Very shortly thereafter, he, his assistant, and Helios converted the entire company over to K12LTSP 6.0, which was based on Fedora Core 6 (they’ve since upgraded, of course). The MCSE’s who didn’t like it eventually got fired, too.
Basically, it was Ernie Ball all over again. And this company hasn’t looked back since.
–SYG
on Sep 28th, 2009 at 7:32 pm
Sum Yung Gai (comment #13) thanks for the comment.
Do you have a URL to share for the Ken Starks anecdote? I looked on both Blog of helios and The HeliOS Project but did not see it. Thanks!