Do you already use GNU/Linux on your desktop system(s)? Vote in our poll! Number of GNU/Linux Desktops
For quite some time now I have had a vague notion to write about so-called “software piracy”. That vague notion has sharpened into a resolve to write about Proprietary Closed Source Software (PCSS), “software piracy”, GNU/Linux, Free Open Source Software (FOSS) and your business.
One of the enforcers of PCSS licenses is the Business Software Alliance (BSA) founded by Microsoft and containing a Who’s Who list of IT industry leaders. The BSA encourages “informants” a.k.a. “rats”[1] to contact them and for a promise of compensation to confidentially turn in businesses practicing “software piracy”. It is highly likely that any business on Earth using PCSS software is not fully “in compliance” with the Draconian software restrictions of PCSS licenses. As a result any company that uses PCSS software and has employees or hires outside IT contractors must have some concern about this. There is no other way to look at it and be safe.
Following is an example of a “software piracy” rat turning in a company that was “pirating” software. Listen below to the BSA “Interview” with this “Informant”.
If the above does not work, try the following:
Direct URL to the MP3 at the BSA Informant Website.
If neither of the two above work, try the following:
A copy saved from the BSA Informant Website.
As an outside consultant for small businesses I find that little “interview” disturbs me personally on a deep level. When I work for a small business that I can determine is not in compliance with some software license my first inclination is not, “Hey, I’ll call the BSA and get in line for my million!”. My response is to pull the business owner aside and explain to him or her the dangers inherent in having non-compliant software, employees, outside contractors and the BSA. In almost all cases where I have done this the owner was grateful and wanted to make things right. In the very few cases where the owner knew about the problem and was fine with it I eventually quit doing business with that client. In the latter cases I never was inclined to rat on them.
I have a serious problem with the idea of being a “software piracy” rat, so I just will not do it. But, that does not mean if you are my client you are safe from “Joan” over in accounting who you just had to discipline for updating her Facebook page on the job. Dear “Joan” may decide she is going to quit and has to “get even” with you. “Joan” knows you have some software licensing problems and knows that the BSA will pay her to rat on you. So “Joan” contacts the BSA and rats on you. Then the BSA goons show up at your door with Federal Marshalls and a warrant.
I suspect that more often than not a “software piracy” rat is going to be an upset employee or ex-employee. Of course the BSA example “software piracy” rat in the “interview” above is supposedly an outside contractor or consultant that turned in one of the companies that trusted him. Obviously, if true, this means if you own a business you must worry about anyone that has access to your computer systems deciding to shoot for getting some BSA cash for turning you in. Do you think that cannot happen to you? Do not bet your business on that. Go read about Ernie Ball Incorporated [2][3][4], then do some rethinking of your position.
Do I advocate “software piracy” of PCSS? No, I do not. No matter what my personal feelings are on the matter I do not advocate breaking the law in the case of PCSS. What I do advocate is taking a serious look at FOSS instead. One cannot “pirate” that which is “free”. Sure, one can violate the terms of an open source license and be liable in court, but not as just an end-user.
Here are some examples to consider.
Do you have a license for 10 copies of Microsoft Office? Is it installed on 12 computers but only used on 9 of those computers? You are not in compliance with the licensing terms so a rat may decide to turn you in to the BSA for some cash. However, if you switch to the OpenOffice.org office suite and erase all those copies of Microsoft Office then you will have no more worries about licence incompliance for your office suite.
Do you have any PCs with XP Professional? When you have to reinstall those do you make sure that no two PC systems have the same license key? If not, then you may be out of compliance with the license terms for XP Professional and a rat may decide to contact the BSA about you. But if you erase XP Professional from your hard drives and install Mandriva, or Ubuntu, or Fedora or any of hundreds of FOSS GNU/Linux distributions you will no longer need to be concerned about a visit from Federal Marshalls and the BSA.
Do you use Adobe Photoshop in your graphics business? Did you make certain that Photoshop was deleted from those 8 old PC systems inherited by the accounting department when your graphics artists got all new systems? No? Then you are out of compliance and “Joan” in accounting has just decided you are getting a visit from the BSA when she quits. Although, if you get rid of Photoshop on Microsoft for The GIMP on GNU/Linux you do not have to worry about a visit from the BSA because you forgot to remove The GIMP when your PC systems found a new department in which to live.
Wait! Before all you graphic “arteests” start whining, again, about Photoshop versus The GIMP think about this. As an individual you can have a say in development of The GIMP. You can join the project and help get in the features you want to see. On the other hand you as an individual have almost no chance of affecting the development of Photoshop, unless you work for Adobe. See? That is how FOSS projects work (usually) versus how PCSS projects work (usually).
My final solution to “software piracy”? Leave the PCSS behind and do a complete switch to FOSS. Ernie Ball Incorporated did and as far as I can tell from all reports I can find they are better off after doing so.
This many unique visitors have seen this article:
| Powered by vocational schools website. |
Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.
Edit Sat Sep 26 16:36:03 CDT 2009: Fix a repeated sentence.
Compliance is futile…you shall be fined.
I will admit up front, sometimes the software you need to use for your business is going to be non-foss. There are people who need AutoCAD and Photoshop. In those cases you know you are dancing with the devil. Part of that dance is “compliance” which takes more work than most people think.
At an company where we had 8 locations in 3 states. 70 desktops and 14 servers. It was almost a full time job. The problem is you have the following flavors of compliance.
a) I don’t care if I am in compliance or not
b) I think I am in compliance
c) Feel good compliance
d) I dot every I and cross every T and am in compliance.
Most companies operate at level B or C. Having 10 computes and 10 copies of office is not good enough. Computers move around and software gets reinstalled. OS’s get reinstalled.
Most compliance is “feel good” compliance. Remember the final arbitrator of what real compliance is, is the company that licensed the software. For most folks that means dealing with Microsoft. Lets talk about being in 100% compliance.
You need a computer. That computer needs to have a receipt for it showing that you purchased it. The receipt needs to show that an OS was included and paid for. It needs to show what version of the OS was included. I.E. If it says “Windows XP” you had best be able to produce a CD for Windows XP with NO SERVICE PACKS. If it says Windows XP SP1, you had best have a Windows XP SP1 CD. What if your CD does not match? Then you are not in compliance.
So you need the receipt, the document OS, the certificate of authenticity, the install media. You need to be able to match it to the computer it is installed on, including License Keys. If you re-image your computers you need 2 licenses. 1 for what came on the machine orginally, and 1 for your “corporate image”. You need to make sure there is a 1-to-1 correspondence. You have to make sure all serial numbers match the machine they are installed on. Anything short of that and you are not in compliance.
Every 3 months we would audit all software, all computers and make sure everything continues to line up. It takes work. Someone will move a PC at a remote location. Software breaks (like MS Office) and needs to be reinstalled. You are now reinstalling Office on what you think and have been told is REMOTEPC1 and it turns out to be REMOTEPC3.
To go past feel good compliance requires documenting who uses what computer, all computer moves, all software installs. Physically auditing the paperwork related to each computer and physically auditing each computer. It is a pain in the rump.
98% of all businesses, schools, city, counties, states, non-profits could not pass a real BSA audit. Unless you audit yourself several times per year, there is no way to pass. Almost all business are out of compliance and are 1 disgruntled employee or shrewd competitor away from an audit.
I agree with Ernie Ball. There should only be a handful of PC’s in a building that have any NON-FOSS software on them. The more systems you run on FOSS the less exposure you have to an audit that you are almost certain to fail if it ever takes place.
Side Note: I worked for a company were in there recent economic downturn a bank that had loaded us money for improvements got the idea we had “over inflated” the value of the company to get a larger loan. So they went to FBI, cried “wire fraud” and we were raided by the FBI.
So there is an FBI agent in a flack jacket, with shotgun in hand telling me to step away from the computer, NOW. Do NOT touch another key on the keyboard. It had been about 2 1/2 months since my last audit, so I knew there was the possibility of at least one computer with a goofed up license key. I always find at least one computer like that. I just kept repeating to myself “It is OK, Federal Marshal BSA raid, FBi must be another problem that I do not have to worry about.”
That my friends is a sad state of affairs. We had the goal of being in 100% compliance 100% of the time, re-audit every 3 months. Document everything religiously and still know with the “human factor” an item or two always needs to be fixed to maintain that 100% compliance. The fact I was more worried about the Federal Marshals performing a raid for the BSA than I would be about the FBI raiding our facility for anything else.
Open source software is the way to go.
Elder-Geek (comment #11) thank you for reading and for your comment.
All, Elder-Geek and I are both warning you that a switch to FOSS from PCSS is the only way to know you will not be raided. If you still are not convinced that your small, medium or large business is not at risk with PCSS then maybe the BSA’s own reporting will convince you: BSA.org – Piracy News
Here’s another one. Ken “Helios” Starks talks about a company CEO that called him asking him if “your Linux thing” could fix his broken network. Turns out a previous “consultant firm” had installed pirated copies of MS Windows XP on the workstations (IIRC, someone’s nephew was involved), and one of the later “consultants” had seen this and ratted. The BSA goons showed up with a “helpful” Microsoft sales rep in tow trying to pretend he was the “good guy”. You know, just along to “help” this company get into license compliance.
Rather than pay up, this CEO told them to get out or he would physically throw them out. Turns out this CEO had done his homework on the BSA and knew that it and Microsoft were joined at the hip. Very shortly thereafter, he, his assistant, and Helios converted the entire company over to K12LTSP 6.0, which was based on Fedora Core 6 (they’ve since upgraded, of course). The MCSE’s who didn’t like it eventually got fired, too.
Basically, it was Ernie Ball all over again. And this company hasn’t looked back since.
–SYG
Sum Yung Gai (comment #13) thanks for the comment.
Do you have a URL to share for the Ken Starks anecdote? I looked on both Blog of helios and The HeliOS Project but did not see it. Thanks!