National Hi-Tech Crime Unit should give piracy a lower
priority
Earlier this month sentences were handed down to UK members of
DrinkorDie, the international software piracy "warez" group. The
judge, the National Hi-Tech Crime Unit (NHTCU) and the Crown
Prosecution Service (CPS) all stressed the amount of damage they
thought the group had caused.
This was one of the first of NHTCU's really complex cases to
achieve completion. It cost the criminal justice system - funded by
the tax-payer - several million pounds, but was it a good use of
resources?
The original investigation was carried out by the US Customs
Service as Operation Buccaneer and it was entirely right that NHTCU
should pick up the UK leads in what was alleged to be a global
activity by many interrelated warez groups.
However, it soon became clear that UK DrinkorDie members were
motivated by the glory of being the first to "get out" new software
with the copy protection removed, rather than by direct financial
reward. This was a crime that required organisation but it was not,
as NHTCU and CPS press releases hinted, traditional organised crime
in the sense of extended criminal families engaged in illegal
activity to make a profit.
The CPS had a choice: charge each suspect individually with
substantive offences under trade mark or copyright law, or go for
the much more ambitious and glamourous "conspiracy"
indictment.
The first option meant single trials of a day or two and evidence
limited to what was on each of the accused's computers, with the
possibility of custodial sentences.
The second meant proving a common purpose to defraud. Each of the
defendant's computers held potential evidence against all the
others. There were no convenient "let us conspire" e-mails, so
intentions had to be inferred via actual activity and through hours
of jargon and slang-infested chat logs.
As this was an alleged global conspiracy, with leaders in the US,
it meant looking at their computers too, and also at the plea
bargains made across the Atlantic where the more "help" that was
provided, the shorter the eventual sentences would be.
This meant UK defence lawyers had to examine terabytes of data
rather gigabytes, determine whether US-originated testimony was
tainted and if there had been a US agent provocateur operating
under conditions unacceptable in UK law. Defence teams made
extensive demands for disclosure from UK prosecutors, which placed
a significant burden on NHTCU investigators.
Even before the trial started last September, several million
pounds must have been spent in police, prosecution and defence
expenses. The Old Bailey trial then ran for nearly six
months.
Let's step back a little. This was not a victimless crime. Losses
in software piracy are very hard to quantify because no one knows
how many copies are made, how many represent lost sales and whether
those would have been at full or discounted price.
Certainly a lot of the DrinkorDie archive I saw was of specialist
software for particular industries, where piracy is financially
pointless because the customers also want supplier support.
There were victims, but not defenceless ones. DrinkorDie did not
defraud the vulnerable public, trash essential computer systems or
trade in confidential personal data, for example. Software houses
have remedies in the civil courts and techniques like online
verification to protect themselves.
It is obviously convenient for the software industry if it can
persuade ministers, police and prosecutors to provide enforcement
at public expense. But resources to fight cybercrime are scarce
because they come out of a general policing budget, which must also
cope with terrorism, anti-social behaviour, street crime and
traffic.
Software piracy should be part of the cybercrime agenda, but given
a low priority. The millions the DrinkorDie case cost could have
been spent investigating more serious crimes and extending the
training of police and prosecutors.
Peter Sommer is a research fellow at the London School of
Economics and was lead expert to defence lawyers
