CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Software piracy: Hype versus reality

In the face of increasing skepticism, Bob Kruger of the Business Software Alliance says new piracy stats reflect the real magnitude of the growing threat to digital copyrights.

If you don't know what the Business Software Alliance is, consider yourself lucky.

A nonprofit trade group formed by more than a dozen major software makers--including Microsoft, Adobe Systems and Autodesk--the BSA is charged with enforcing licensing and copyright protections. Personal contact with the software group usually comes in the form of a "software audit," in which the BSA, often acting on a tip from an angry current or former employee, combs through a company's PC stock, matching installed programs with licenses. Companies that come up short can be forced to pay big fines and buy tons of new licenses.

But BSA executives say the group's role isn't to be the tough guy. Instead, they're around to protect the interests of software makers, through a combination of enforcement action, education and governmental lobbying.

Educational efforts include advertising campaigns designed to make IT managers sweat and periodic surveys on the state of international software piracy. The latest survey, which pegged international losses due to software piracyat more than $29 billion a year, has drawn criticism from pundits and trade groups such as the Consumer Electronics Association, for allegedly inflating loss estimates by counting every stolen program as a lost sale.

Many of the same critics have already clashed with the BSA over its lobbying on behalf of the several legislative measures, including the Inducing Infringement of Copyrights Act , which would effectively outlaw file-sharing networks.

Given the BSA's complex and sometimes confrontational role, Bob Kruger, vice president of enforcement for the organization, doesn't necessarily expect to be every IT guy's best buddy. But he maintains the BSA does valuable and necessary work to keep the software industry healthy.

"We've always viewed education and understanding as the key to promoting compliance with copyright requirements," Kruger said in an interview with CNET "Even our enforcement program is geared to raising awareness. We don't enforce for the sake of enforcement. We pursue these actions mainly to illustrate the consequences of failure to respect copyright requirements."

Q: What's Microsoft role in the BSA--some IT folks refer to you as "the Microsoft police?"
A: That's an unfortunate perception. We have 13 global members now and every one of them, from my perspective and the perspective of the BSA staff, is equally important. Only one member from a tech company sits on the BSA board; only one member from each company sits on the BSA committee. Every decision we make is made by all members.

Microsoft may be a bigger company than many of the other BSA members, but they all have this piracy problem in common. All the work we do is geared toward benefiting not just these companies but the software industry as a whole. Within the BSA, there are companies like Autodesk and Adobe that make very popular products, and those products get pirated and impact those companies every bit as much as Microsoft's products do.

Yet I've heard allegations from some IT buyers of Microsoft salespeople using the threat of a BSA audit to get customers to upgrade.

The notion that we're doing enforcement for anything other than to promote compliance is just false.
We take very seriously what we're doing here. It's a good thing to keep in mind that our companies are not in the business of antipiracy. They're in the business of developing software packages and marketing them to the public. They're not interested in going after companies. If they could, they'd fire me tomorrow and hire another programmer. The notion we're doing enforcement for anything other than to promote compliance is just false.

You've come under some criticism for the allegedly inflated figures in your latest piracy survey. What's your response?
Once again, people are trying to create something that's not there. We've been doing this study for at least 10 years, and the only thing that's different about the study this year is that it's more comprehensive. In the past, we've omitted certain categories, such as consumer software like reference and entertainment. Operating systems have never been included in the past. And we haven't looked as closely as we did this year at global software--products created and bought to market outside the United States.

This year's study is really just a continuation and extension of what we've done in the past, with a bigger base. The conclusions are pretty consistent. The piracy rate we announced this year doesn't vary significantly from the piracy rate we've announced in the past. Naturally, because you're looking at a bigger market, you come up with a higher figure for lost revenue.

But some folks have a problem with the apparent assumption that every pirated copy of a program is a lost sale.
I think the methodology behind the study is very sound. I haven't seen where anyone's pointed out anything about the methodology they disagree with. Many people don't like the number for one reason or another.

The notion that not every pirated copy represents a lost sale seems to be a correct one; I don't think anyone in our industry has ever argued it does. But I'd say when you look at piracy generally, it's far more likely that a pirated copy of business productivity package represents a lost sale than it would with other types of digital works. It stands to reason that a company that makes more copies of a program on company PCs than they have licenses to support them would purchase most if not all of those programs if they weren't copying them illegally.

There's a fairly close to one-to-one correspondence between workplace copying and lost sales, as opposed to say downloading music files from the Internet. You have to understand that the majority of the problem for this industry is concentrated in the workplace. And most companies that are copying business software are using it to run their businesses. To say that's not lost revenue--I don't know.

Is that one of the biggest education challenges, to get people to think of piracy beyond some guy in Hanoi selling Windows XP for $5?
I think it's a relative question. What we often find when we go to a business that's copying software and we tell them they're engaging in piracy, often they take offense. They respond that they're not selling software, they're not counterfeiting the software, they're just copying it.

From the perspective of the software company having its product used without recompense, there's not a lot of difference. It's like if somebody steals my car, I don't really care if they drive it and enjoy it or if they abandon it by the side of the road--either way, I'm out a car.

Let me share with you some of the criticism I've heard about the way the BSA conducts audits, starting with the idea that it's hardly ever a private thing. The BSA wants to publicize the outcome, and there's a degree of embarrassment for the company involved.
As I said earlier, even our enforcement program is aimed at raising awareness. Unless we make known that we exist and we are doing these enforcement actions, it's hard to imagine how we could perform that awareness-raising function.

It's far more likely that a pirated copy of business productivity package represents a lost sale than it would with other types of digital works.
We don't announce the settlement or the outcome of any enforcement action in an effort to embarrass any company. Many of the companies with which we have settled with over the years are good, reputable companies. They pay their taxes, they obey OSHA (Occupational Safety & Health Administration) requirements. They just don't pay attention to their software licensing compliance. It's important to bring to the attention of the software-using community that failure there can have serious consequences. The best way to do that, we have found, is to let it be known that companies do end up being investigated and having to make payments to the BSA.

There's also a perception of audits used as harassment--you've made a point of letting it be known that disgruntled ex-employees are a good source of leads.
We receive thousands of leads a year, and we take action on less than half of them. We take very seriously our responsibility to our companies to only proceed on the basis of reliable information. We don't do our companies any good by taking action against businesses that are in compliance with their software licensing requirements. We would very much reject any attempt by disgruntled ex-employees to get BSA to carry out their vendetta.

There have also been complaints that the BSA doesn't really distinguish between sloppy record-keeping and actively setting out to illegally copy software--if you can't produce a license, you're guilty.
We recognize there are situations where the problem is one of record-keeping, and we work with the company on that basis. But you don't want to have a situation where the company is deliberately copying the software and then saying, 'Well, we have the licenses, but the dog ate them.' We take great care in pursuing these investigations to give the company the full opportunity to explain what happened. We take everything they provide to us into account. Anyone who's really familiar with how we approach these matters knows we make a serious effort to be firm but fair.

Let's say I'm an IT manager at a small business, and I've got 27 projects vying for my attention. Why should auditing and keeping track of software licenses be a priority?
Unfortunately, there are a lot of issues out there, to the point where software-licensing compliance often drops off the corporate checklist. It's important for us to break through some of that noise with examples of what it might cost a company if they don't manage their licenses.

I think the answer lies in the fact that there are serious legal consequences. And there are a number of practical reasons for companies to make sure their software is properly managed. If you don't have a compliance program in place, you increase the risk of installing virus-ridden software or software that doesn't work as intended, and you lose a lot of benefits as far as technical support.

So is your advice to just make tracking licenses part of somebody's job?
Absolutely. Most of the companies we end up contacting are not bad companies. They do most things right; they're honest companies. They just need to treat this issue more seriously. It's almost always the case that the reason the company has this kind of problem is not bad record-keeping or a deliberate attempt to cut corners--it's just inattention to the issue.

Some would say it's also because software licenses are so darn complicated nobody can keep track of what they're supposed to be doing.
I'm a lawyer, and I'm sympathetic to people who say some of these licenses are difficult to understand. But there's often no ambiguity in that one paragraph that sets out your right to install and use that software on a limited number of computers. In those cases where companies take a single copy of a software program and install it on all their computers, it's not because of confusion over the terms of the license agreement.