Software theft is again high on the industry agenda. Under revised legislation that came into effect in November 2002, UK company directors now face up to 10 years in prison if they fail to stamp out the use of unlicensed software within their businesses.
The new penalty, part of the Copyright etc and Trade Marks (Offences and Enforcement) Act 2002, is aimed primarily at scaring off professional software pirates who previously faced a maximum prison sentence of two years. But IT management should also be aware of several other aspects of the tighter legislation that relate to the use of unlicensed software within their organisations.
The software industry’s unofficial anti-piracy ‘police’, as well as the UK’s Department of Trade and Industry, have hailed the Act as an important step towards reducing piracy. Its aim is to simplify the process of investigating and charging those who are supplying or in possession of unlicensed software. Police officers – often acting on behalf of Federation Against Software Theft (FAST) or the Business Software Alliance (BSA) – now only need a single search warrant, rather than three separate orders, to be able to access premises, seize computers and software, and make arrests relating to copyright offences.
Yet enforcing such legislation will still be difficult. According to Keith Hodkinson, a partner at patent and trademark law firm Marks & Clerk, police and trading standards officers lack the training and resources to effectively implement the new legislation. In any case, under the new legislation, IT directors who have failed to renew a licence or have made too many copies of a package are unlikely to end up in jail. Indeed, the chances of anybody from the offending company even entering the dock are slim. Most commonly, offenders reach a financial settlement with the BSA, the vendor-sponsored group that acts as a private police force against piracy.
Some lawyers, however, find that situation rather uncomfortable, suggesting that organisations should not be intimidated by this pseudo-authority. Often acting on a tip-off submitted to its 24×7 whistle-blowing website and hotline, the BSA will write to the alleged offender demanding it sends details of an audit of all software in use, that the organisation pays for any unlicensed products (usually at full price), and that the organisation hands over a ‘fine’.
However, says Rosemary Norton, a partner at the technology practice of Barlow Lyde &Gilbert, “The BSA has no intrinsic powers to enter premises and seize evidence, or carry out (or require you to carry out) a software audit.” In fact, she says that if an IT manager receives such a demand from the BSA, it makes no sense commercially for them to make any admissions, especially when it is the BSA’s interest to both demand restitution and still “name and shame” the offender.
She recommends that organisations should consider seriously whether they want to respond to any initial letter, remembering the request for an audit is essentially “a fishing expedition”. If they actually do find a gap in licence coverage or are presented with firm evidence, they should engage in some form of cooperation, but they should insist on a confidentiality agreement, demand very specific details such as individual licence numbers, and only provide information on these items.
Clearly such guidelines were not followed by Amaze, a Liverpool-based IT solutions company. In November 2002 it agreed to pay the BSA £28,000, and to buy £24,000 of software to replace unlicensed products. Six months earlier, department store House of Fraser paid the BSA an undisclosed amount after the company admitted using unlicensed copies of Macromedia web-design software. And in January Clackmannanshire Council paid an unspecified sum to the BSA for the unlicensed use of 470 copies of Microsoft Office 97.
With employees often free to download or copy unauthorised software to their PCs, it is inevitable that every large organisation is in breach of software copyright laws at some level. But are IT directors responsible? Most definitely, says Marks &Clerk’s Hodkinson. IT directors cannot build a defence around the fact that they did not know that employees were using unlicensed software. “Ultimately, the IT director is being paid to competently secure the technology infrastructure,” he says.
Ten years in prison is clearly an idle threat, but the pressure is certainly now there for IT management to be fully aware of the organisation’s exposure – before a threatening letter from the BSA arrives.