Don't get into a fight over licensing

If the software police come knocking on your door it pays to know your rights - but it will also save a lot of heartache and...

If the software police come knocking on your door it pays to know your rights - but it will also save a lot of heartache and expense if you take a cooperative view from the start.

Software piracy is a growing problem the world over. In the UK failure to comply with software copyright and licences can result in hefty fines and up to two years imprisonment.

It is estimated that one in every four pieces of software in use in the UK today is being used illegally. This figure covers anything from counterfeit software sold at car boot sales to organisations exceeding their software licences.

The problem is rife within the corporate sector, with many companies not fully aware of what software resides on their networks and systems. But an organisation is breaking the law if it cannot prove it has a valid licence for all of its software, whether it is using it or not, and whether its lapse is unintentional or deliberate.

There are several monitoring bodies in existence that aim to educate the corporate sector as to the rights and wrongs of software licensing and with the power to request proof from companies that they do not posses illegal software.

And if you get a visit from one of these bodies, such as the British Software Alliance (BSA) or the Federation Against Software Theft (FAST), there is little you can do in the eyes of the law, to avoid presenting detailed audits of all of your software.

Good intentions are no defence
"A company hasn't got a leg to stand on if it is running illegal software, be that intentional or accidental," explains Jon Fell, partner within the Information and Technology group at law firm Masons.

It is not known how many organisations are breaking the law unintentionally. "People are generally very well meaning," says Richard Willmott, general manager of FAST corporate services. "We meet with hundreds of companies every month. We say 'are you compliant?' and they say, 'yes, we buy from reputable vendors and we don't copy disks'.

"However, do the staff have Internet access and the ability to download software from the Internet? Do they have e-mail? Can they handle attachments?"

If this is the case and there is no clear software management in place and no defined licensing policy, it is very likely that there could be illegal software in use at the organisation.

Richard Saunders, the UK chair of the BSA, says: "The mandate of the BSA is to prevent any illegal or inappropriate use of software." He explains that the BSA will approach a company if it believes it is using software without the correct authorisation.

Fell points out that a company approached by the BSA or FAST is not obliged to disclose audit information. But he believes it is better to cooperate from the outset.

"FAST has the standing to come and knock on your door, but they don't have the power to do an audit," Fell explains. "You can say no. If they don't believe you, or they've had a tip-off, then they can go along to a court and get an injunction to allow them access.

"The first question a company should ask one of these monitoring bodies is how confident is it that there is a licensing problem. If the user company has done its own audit and is pretty certain of it, I would say cooperate with an organisation like FAST. If it is not sure of the position, the company should say it will take its own audit."

Anxious times and bad publicity
When challenged over software compliancy, companies often feel edgy. A direct marketing group specialising in mobile phones, pagers and Internet services, which has asked not to be named, received a certified letter from the BSA challenging its software compliancy.

"I think panic was our first reaction," says a spokesperson for the company, which was in breech of its software licences. "The company was undergoing an extremely rapid rate of growth and the attitude was, 'do whatever it takes to get the job done'."

The company cooperated with the BSA, and the whole process took six months and resulted in the establishment of a software compliance group. The organisation understands the BSA's role, but still feels uneasy about the process that was adopted, especially the threat of bad publicity.

Randy Britton, communications director at asset tools specialist Tally Systems, also believes the BSA's approach is too severe. "The BSA's tactics are heavy handed," he says. "They say 'we are going to stick the lawyers onto you and you'll face hefty fines'."

Britton also believes that the majority of companies approached by the BSA have simply lost track of their software. "My gut feeling is that probably three quarters of the software that the BSA is describing as piracy is a situation where a reputable company has lost control of its software licences."

Guarding your reputation
However, regardless of the cause, Fell points out that cooperation from the outset is often best in the long run, not least because the organisation retains its reputation. "It will be a lot cheaper to cooperate and help. If you don't cooperate, the end result will be the same, but it will be a lot more expensive getting there," Fell said.

One of the most effective ways to ensure your organisation is compliant is to undertake regular software audits and define a software licensing policy.

"As part of your own management structure, make sure that you understand the licensing process, that you have resources and capabilities to understand what the licence is," advises the BSA's Saunders.

"Put in place management processes to ensure your use of software is compliant to the licences you have, just the same as you would ensure your factory floor conforms to health and safety regulations."

FAST's Willmott offers similar advice: "Devise policies and procedures and communicate them to users. Then run a network audit. Reconcile that to your licences. Then you need ongoing management. Put terms on the intranet and remind users all the time."
This was last published in February 2002

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close