Slashdot Mirror
How Do You Deal With Pirated Programs At Work?
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.
In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.
Now queue 500 posts saying, "ZOMG, replace it all with OSS."
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Replace it all with OSS.
I'd just keep me head down and swab the deck, me hearty!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Don't worry, just post your company's name and address and we will perform a free audit on all your software for you.
Signed,
BSA Auditors
Everyone is doing it. What are you afraid of?
Don't be a baby! Go on, do it!
>I don't install 'borrowed programs' in a production environment
'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.
Nuke the site from orbit. It is the only way to be sure.
For what company do you work?
I'm sure we can figure something out.
Your friend,
BSA
Jeff Bezos once said to me 'you can't take something away from someone without giving something back of equivalent value without them being pissed off'. Obviously you have to take the software away but try to give them an open source equivalent for the time being. They may actually even start using it longterm and save the company money from having to purhcase licenses of the other software.
This is my sig. There are many like it but this one is mine.
Collect the reward.
If brevity is the soul of wit, then how does one explain Twitter?
Start with auditing your network (use automatic auditing software) and then work out:
You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.
If you can't/won't do this, go find another job.
Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it.
That's not your fault, tell them to be mad at the other guy. As far as you're concerned, either the company can cough up the money for non-pirated copies of software, or you can ZOMG, replace it all with OSS.
if the BSA got wind of this, it would all fall on me when they stormed in
But if you're not there, it won't. Hooray for blackmail!
Every employee reads and signs a conduct statement when joining and annually. Its spelled out in there. I believe company had some problems and fines in the past.
Call the BSA hotline and get your fat $25 bounty.
CYA = cover your ass
in case some of our international readers missed it ;)
Rules for dealing with that
1) *Never states the existence of pirated software as a fact to outside you company*.!!!
2) Ask your Boss at a cup of tea outside his office
3) Depending on your bosses answer and your morality
a) Boss says: hunt down priated software -> you do that
b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.
Easy! Keygens.
I'd probably do an audit and figure out how big the problem really is. Then present it to the bosses with your recommendations. At that point they'll decide what to do. Then you have to decide whether you want to be a part of what they'll do.
Gather the details of what is installed by using belarc's survey software. Summarize the number of computers, the unlicensed software and the steps necessary to move forward. Go to the executive privately first. This will allow him to evaluate and consider the path without cornering him.
The next step is going to be an evaluation by the managers to determine what software their people really need.
In the end, they need to get proper licenses, and no executive is going to wantonly commit federal fraud.
The more you scare people.....the more they will pay.
I had this situation with a company I was contracting to. Knowing that the IT guys were installing pirated software, I wrote the management of that company and recommended that the company established a policy that all software was legally obtained and licensed. At that point, management had only two choices, acknowledge the issue and agree, or document that they approved of piracy. Armed with the policy, I could point to that when anyone asked me to install non-legal software without fear of retribution.
CM www.cometenergysystems.com Blog: http://caribbeanrenewable.blogspot.com/
I make them walk the plank!
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
And those Boy Scouts are rotten little bastards.
Whale
You're absolutely right. I have prod, dev, and UAT instances of Captain Morgan, and they all seem equally potent.
Do what any decent pirate would do, turn 'em in to the Navy (or whoever is in charge of pirated software), collect yer bounty, and, arrr, off to more plunder matey!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
It's not my responsibility. I'm not paid enough to care. If I need software on my computer, and the IT guy gives me that software, then I will install it and use it and not ask questions.
I'm god, but it's a bit of a drag really...
Rather than presuming that it's all pirated, start by presuming that everything as it stands is legitimate. Write a memo to whoever does the accounting and ask for copies of the invoices for all of the software purchased over the past five years "so that I know what licenses we currently possess and don't end up paying for software twice over when someone asks me to install something".
When/if the accounting person/dept comes back with nothing, then take it to the bosses and explain how surprised you were when accounting were unable to find any invoices. Stress the safety issues of illegitimate software (viruses, trojans etc.) and discuss the options. Make it look like you are a contentious employee doing your best for the company and avoid looking like a self-righteous jobsworth.
1. Grab everything "IT" (install disks, licences, purchase invoices etc.) for hardware and software and get them to a single secure location.
2. Thoroughly audit the whole lot.
3. Refuse point blank to (re-)install stuff you're not sure about. You'd be surprised how much influence you have as the first (only) "real" IT guy.
4. Push FOSS as a solution.
Actually, it's not a ZOMG, just explain to the owner that you have certain ethical standards, and that you will not break the law for your job. Then put together an itemised list of licences needed to bring the company into compliance, with prices. If they are unwilling to pay, provide itemised list 2, which has FOSS options that can be migrated to, with an estimate of how long it would take you to do so, and how much downtime would be involved. If they are unwilling to go with either option, "You don't want to sell him death sticks. You want to go home and rethink your life."
That which is done from love exists beyond good and evil
Non-production piracy is still piracy.
Yes, and you still be hanged for it. Yarr!
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
Today in pretty much every American school from Kindergarden through 12th grade there is free training in piracy of anything digital. Want a song? Someone will show you where to download it from for free. Same for software.
After being subjected to 13 years of this sort of training we can move on to college where there is another four years of honing the art. Everyone knows how to do it by then.
Now they enter the business world and you find it odd that your fellow employees can't understand why they just can't have evertything they want? Sorry, but you are seeing the result of a nationwide (if not worldwide) program. If the people in charge at your workplace don't see anything wrong with everyone just having what they want, I think I'd run for the door. There will be consequences, someday. Someone will find out that rewards are paid to people that turn companies that pirate.
Ethics? If there are no ethics preventing people from pirating, there will be no ethics preventing them from trying to get a reward turning people in.
If someone high up at your company can't see the problem, you don't need to be working there. You will find out your bosses will see to it that it is all pinned on your predcessor and you.
I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?
Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?
So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*
* Just like music piracy. Even if you want to claim it's not theft.
You have to tell mgmt what is going on and tell them they need to purchase licensees. If they don't, they are liable for all sorts of headaches. If they don't want to believe you, then ask them to talk to your lawyers.
Under no circumstances should you continue to support or install pirated software. That puts you at legal risk and you can't CYA with a letter stating that mgmt is OK with breaking the law. If you do it, then you are liable.
If mgmt doesn't want to pay for licenses. Leave. Cause if they get caught, you will be the one to pay the price as the IT manager.
first step should be cataloging what you have: properly documented license, cracked/definitely illegal and uncertain legality (owner claims it's legal but can't find the license or the purchase receipt). everything without a properly documented license should be elevated along the proper management chain, but you should probably treat the uncertain legality cases different than the definitely illegal. maybe for the uncertain cases, you should give a deadline to produce proper documentation or some signed letter from the appropriate level of management that the software is legal even though they can't document it.
Ask for an indemnity in writing from your employer saying that everything they use is legitimate and legal. If they refuse to provide it, you *have* to go somewhere else, because they will blame YOU when they are reported for it (in actual fact, walking and reporting them yourself wouldn't be too bad an idea if you don't want to be party to the charges, plus it covers you if they decide to pin it on you as you walk out the door). If they provide an indemnity (which they won't, but keep reading), you have a piece of paper that says you were assured it was all genuine. The person who signed it gets the blame.
What *will* happen, if you do it right, is that when they are asked to sign a bit of paper, they will get incredibly stroppy and either get rid of you in time anyway (and you should be LONG GONE by then, if that's the case), or they will wake up and say "Okay, well, I suppose we have to do something about that, then", even if they end up hating you. It's nice earning money, and all, but they don't care about you so when the penny drops and someone does come in and audit you, at least you won't get caught up it in - short term unemployment versus police record for failing to do your job legally.
And, I *have* done this exact thing to my employers, in order to ensure that they are, and that they stay compliant with the law. Fortunately, it was somewhere where they did have all the right licenses, but were just careless about recording them - they actually bought 10% more than they needed most of the time because they knew their record-keeping was poor. They were able to chase up 99% of the licenses, or get the seller to put it in writing, or similar, and a few extra licenses they either bought or didn't care about (because they weren't using them any more). The legitimate companies will see it as an hassle, but they will happily do it if it means legal compliance. If your place won't do this, you have to ask what *else* they are doing... Not enough money in the pension fund? Spying on staff? Fiddling the accounts? Mis-selling? Sending out false references about their ex-staff? Who knows?
(Parent had the second post, mods. NOT redundant.)
The OSS thing is something that I hear a lot, and I have a certain amount of sympathy for...I use a lot of OSS myself, and my primary skillz are of the *nix variety. Where it fits, you should absolutely put it in. You might be able to ditch your windows servers, and remove part of your headache at least.
But it's really unlikely you'll be able to convince people to give up their desktop apps, especially once they've had time to learn them. Licenses there will have to be obtained, or not as the case may be.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Try telling a user who has had a pirated application on their computer you can't provide it -- that's no fun at all. They've gotten used to using it and most won't accept another program in its place. Even worse you'll get nonsensical crap about free/open-source software not providing appropriate output.
And management isn't always helpful. You'd think telling them "you are breaking license agreements and exposing yourself to legal liability" would be enough, but sometimes that isn't enough. At least in this case you have someone (old fake IT guy) to blame -- that's more or less all you can do.
And let me chime in on the ZOMG install FOSS tip -- this is a great opportunity. You've already got a tailor-made excuse. "X user is using X software and we do not have a license. We can either pay X dollars for a license or use this freely available alternative that will provide the same functionality." In this economic climate, they won't even consider the pay software in most cases.
I refused to install pirated copies of Word Perfect, etc on clone PCs we sold in the 80's-90's,
I got fired.
But frankly I'd do it again.
This is a totally unsurprising situation to find at many small businesses. When a business consists of just a handful of people, it is cost prohibitive to actually BUY software.
There is a point, however, that a business has to bite the bullet and "go legit". At certain sizes, businesses show up on Microsoft's anti-piracy radar, and your business can find itself on the receiving end of a software audit. At that point, the business will be liable for not only the costs of any software installed but also fines.
This is a good way to present the situation to your bosses: It's a matter of cost-benefit analysis.
Here is my policy : Don't ask, don't tell, but be sure that you got your ass covered by not being responsible of software installations (don't put your name as the user in the installs).
However, whenever possible, use OSS software. And when asked why you use Blender or Open Office instead of the standard installation everyone uses in the burrowed shared directory of the obscure internal server, answer, simply, as if it were non important and self-evident "well, it is the legal way". Observe and savor the uncomfortable silence after that, go back to the meeting's main subject. Observe after that, in the next days, your colleagues coming discreetly to you, asking where they can get this legal alternative.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
My company does this, much to my annoyance. Every single copy of Windows we have either came with the computer we bought, or is a pirated copy. Every single copy of Microsoft Office we have is pirated. The IT shop we contact to gives us even more pirated software, such as a pirated copy of Norton Anti-Virus, a pirated copy of Adobe PDF creator, etc. All of this software is pirated without a second thought to the moral and legal issues.
Keep in mind I'm not in the USA; I'm an ex-pat living in Mexico. I don't think people would be this flagrant about it up in the states; the only time this would be an issue is if some corrupt bureaucrat wants to use it as an excuse to get a bribe from us.
The issue is that I can't update the software with security updates; the other issue (which I know isn't something popular with some in the Slashdot crowd) is that it goes against my sense of morals to use software without compensating people who did the hard work to make, and test, and add polish to the software in question.
The year a fool-proof way to stop all software piracy is implemented will be the year of the Linux desktop.
And yes, the copy of Windows XP on my machine is illegal (I bought a Linux laptop and later on decided to put Windows on it), but I plan on fixing that this summer when I go back to the US to visit my family. And, yes, I do want to get back to the states, but in this economy it's nay-to-impossible to get a decent job.
Document all of the unlicensed software and the cost of buying licenses. Include the cost of alternatives (F/OSS or proprietary, where appropriate) when they are cheaper. Present copies of this to management, and ideally lodge a copy with a lawyer in case management ignores it and later claims never to have seen it.
Above all, try to be constructive. Don't just say 'we need to spend $n'. Say 'we currently have $n of liability, we can reduce this to $0 by spending $m and migrating these systems to these products'.
I am TheRaven on Soylent News
1) Get yourself an executive champion - someone with authority who understands the potential liability of deploying pirated software. Offer to audit and document all the company software, including applications that people need/use without a license. Work together with management to develop a strategy from there. BTW, this is great for your resume.
2) Quit. If your moral scruples are in jeopardy, explain to your management chain that you can't work in an environment that is exposed to these legal liabilities. Either they'll change or they won't
Most importantly, don't be a wuss. Lay it out straight for people, level the threat of resignation if it gets to that, and be prepared to follow through. There's nothing worse than that guy who bluffed about quitting and got called out.
There aren't a lot of options - you have to be up front about it. When someone complains because you tell them "we don't have a license", tell them matter-of-factly that the copies on the company computers appear to be illegal/pirated. Explain to them what kind of trouble the company could get into regarding this.
But first - go to the boss IMMEDIATELY, and make sure he/she understands the kind of trouble this could cause.
If there are legitimate, usable open-source applications that'll do the job well (not half-arsed), why not have some of the employees try them out (after you've become familiar with the software, of course)?
#DeleteChrome
As the 'IT Guy' it is your responsibility to make sure all the machines you manage are properly licensed. Any software that is used for the business is your responsibility, and you're likely to take the blame if someone reports the unlicensed software to a vendor.
I recommend that you immediately inform management of the problem. If they are hesitant to buy proper licenses, inform them that you need to start uninstalling the unlicensed software (and be sure to follow through on this if you have to). That will help motivate them to do the right thing.
Do not leave yourself in a position in which you might end up being the scapegoat, especially if management is aware of the problem and complicit. This sort of thing could potentially ruin your career. While it may cost you your job if you do the right thing, at least there won't be a black mark on your record that could harm your entire career.
Simply put, you arrived into a company and have determined they are using software illegally. The buck stops with the director of the company.
1) Inform director/upper management of the situation in writing explaining the seriousness of the issue (i.e. Fines, Prison etc.).
2) Perform a software audit.
3) Present findings to the upper management.
4) Buy required software licences.
If budget is an issue, then suggest ways to mitigate costs (e.g. Move everyone to Open Office)
As long as you legally cover yourself, it is not your responsibility. The responsibility is with the company director/board.
Your first step is to dig through all of the documentation you have to find any and all software purchases. This included going through the previous guy's email (hopefully it's still available) and digging out the license cards from those boxes stashed in the corner. If you are lucky, someone in accounting can start pulling invoices from you. Also, go to the resellers your company has been using to see if they can pull a purchase history or license report (CDW is great for this). Don't forget to try sites like Microsoft's eOpen (eopen.microsoft.com) or Adobe's license site (licensing.adobe.com).
The next step is to audit your workstations and servers to see exactly what commercial software they are running. Try to match that up with what documentation you found to start with. My rule of thumb is that if I don't have a PO/invoice, license key or box, then I don't own the software. Then go and get quotes from your favorite reseller to see what the costs are to "true-up".
Take all of this to your manager (or the owner) and show them the situation. Be sure to explain the consequences of not licensing the software you are using, and leave the decision up to him whether to true-up, stop using the software, or use it unlicensed. I would personally document this meeting just to cover your own ass, especially if the last option is chosen.
In order to prevent this situation in the future, make sure all software purchases come through your department. Then keep all license documentation in a single physical or electronic location. Be prepared to dig your heels in when someone tries to bypass IT to install illegal/unlicense software.
ÕÕ
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
They can't. They love to pretend they can, or they try to strongarm people into letting them do surveys. It's all just evidence gathering for when they sue you later, or use it to extort you into paying massive fines.
If they show up, tell reception not to let them past the waiting room. Call the cops IMMEDIATELY if they won't follow your instructions or requests (your business is private property.) Fetch the highest person in the company, preferably an officer, and tell them the BSA has no legal ability to search without a warrant or court order (which requires a lawsuit) and they need to shoo them away. The BSA should get nothing but the phone number of your lawyer.
Now, on the second part of your question: what to do? It's very simple. Ask your boss. Explain the risk. Include some sort of plan for inventorying and an estimate of how long it'll take. OCS Inventory is a pretty good way to do this if you have more than a dozen or so systems. Possibly include some (qualified) estimates of what it is going to cost to come back in line (remember there are significant volume discounts for things like Office) based on what you've seen before; stick to the facts. Include alternatives such as OpenOffice, but don't get too crazy (ie, don't list "convert to linux" for unlicensed servers as $cost_of_MS_Server in "savings"...factor in some healthy labor estimates AND you have the time to take on such tasks. Don't forget that there is opportunity cost too.)
Lastly: you need to make sure you have BOTH purchase records (receipts/packing slips) and the license files (ie those thingies with the holograms and barcodes) for EVERY PIECE OF SOFTWARE YOU HAVE. The company accountants / office manager can help with part of that. It's going to mean going through a lot of boxes- get a big filing cabinet. If you get any electronically, PRINT THEM IMMEDIATELY, and keep them in a safe place.
Please help metamoderate.
I actually ran into a similar situation when I started at my job. The bad thing was they had just got audited by the BSA and got hit with over $100k worth of fines, so when I came aboard they had most of the licenses caught up. Now when I tell the CFO we have to purchase an additional license each time we hire a new employee or whatever, he doesn't give me to much crap. Its still hard though with issues like this, small companies see a new computer for $400-$500 and then see $1500 worth of licenses such as Office Pro, Adobe Acrobat, and our management software license. (Not to mention $1000+ for AutoCAD. I would stress to make sure you get up-to-date with licenses and maybe even pull some BSA audits examples and stress the point of being under compliance with BSA. If you have proof that you made a strong effort to get under compliance and the CFO or whomever didn't see this necessary, then you can always go back and show that you tried. I have come under situations where people try to get me to load the software for "a short time" or "while I'm taking a class on it" but either way, you have to get the license. As an IT professional, you have to make the right decision each time you load the software and make sure that you are under compliance with BSA. It sucks but you need to make sure the higher ups know that this is a serious matter.
Another thing I try when people want me to load something for a home computer or whatever. I just tell them about OpenOffice. For most home users or even small businesses, this can fill the void of office. If your working in an environment like mine (people are not every computer literate) they might not even notice that its OpenOffice.
On the last note: The IT Manager before me that got audited fell into the same situation as you, he loaded software without licenses. He tried to get licenses but his manager just said get the computer up and running and we will get the licenses later. Then when the crap hit the fan the president went after him, and he tried to show all the e-mails and other letters showing that he tried getting the licenses. Either way the president is going to pin the blame on you, so make sure your protected, and do the right thing.
As many will point out, you have to get it to the top.
No CEO would like to be in power when BSA knocks on the door.
Also explain that the cost of software should be in the business plan of the company.
Don't trash talk the former guy since he could still be a friend of someone in Management but do explain what the person did wrong and how much it will cost to repair his mistakes.
Replace with FOSS. No, really. I've done this, literally, hundreds of times when I was consulting. This is what I suggest:
- Do your homework. Inventory all the software in use, figure out how much it would cost to legitimize it.
- Do your homework. Write a plan to implement FOSS solutions. Figure out what can be replaced and what can't. Maximize productivity, try to go with drop-in replacements when possible, try to avoid retraining costs if possible.
- Go to the higher-ups with both homeworks. Give them the options. Don't be a rabid supporter of FOSS, don't be a MS yes man. Explain that the third way, keeping things as they are, is a huge potential risk. It's not hard to find information online about companies that have been audited and had to settle for all their illegal software.
- If you manage to sell the project, be thorough and plan ahead (or hire someone like me as a consultant).
Do this right and you'll be a hero. But be careful, do this wrong and you're out of a job... Great opportunity comes with great risk usually.
If you seriously want to continue in this job, do some research. If you're in the UK the directors of the company are liable for up to two years in jail for pirating software. I'm not suggesting that you put them there, but in my experience it tends to focus their minds in a quite amazing way...
If you had used strictly free (libre) software only.
Get a concise audit of the software your company has installed, where it's installed, and just how much pirated software you're dealing with. http://www.open-audit.org/ does a serviceable job of software & hardware inventory, but really anything that connects to the WMI for inventory purposes should be able to tell you what license keys are in use. If you're in a small shop then XAMPP + OpenAudit will give you all the information you need in less than an hour from the time you start installing XAMPP.
Get your ducks in a row before you start making moves. You want to able to say "we have X copies of Office, Y installations for Win2k3, and Z copies of Photoshop installed against A,B, and C legitimate, verifiable licenses purchased. It'll cost us approxiamtly Q Dollars for Office, R for Win2k3, and S for Photoshop. I can have this issue resolved in two weeks and have multiple vendors willing to give us quotes" rather than "I don't think we've got enough licenses for all our stuff can I have some money?" It'll also offer you some small amount of protection should you have a less than productive meeting with management. CYA, Get it in writing, and maybe spend a few minutes updating that resume.
There are some people that if they don't know, you can't tell 'em.
As the first post mentioned, please DO bring this matter up with your higher-ups and get something in writing. Even then, getting it in writing doesn't give you a golden ticket out. If you are knowingly doing something wrong, then you are just as responsible as those who authorized it.
I don't care how small your company is; the smaller, the easier to get hit with a huge bill after an audit. I don't know how trustworthy your bosses are, but what you don't want is for the authorities to catch wind of what's going on, and for your superiors to turn you into the scape goat.
"What, we didn't know there was any pirated software being used...he's the guy who handles this stuff. We hired him to take care of this. It's his fault..."
Best "String" Ever!
With hardware people tend to play the price vs features game and optimize from there. With software, people just tend to install the best software in the general way and go on from there.
I'd hate to do prices vs features game on software.
So, if you are serious about legitimizing software, do a cost vs features analysis, and see what is the cheapest one to get. For example, choose between the various versions of Windows, various versions of Office and buy the one that is needed by which person. Also, look into site licenses etc.
1. Call a vendor like dell, hp, or PC Connection and have them look up your licensing, they are really good at this. They can tell you exactly what has been purchased at your business.
2. Figure up what you need for licensing, bare minimum, Antivirus, some text editor, some spreadsheet editor, and OS.
3. Get no less than 3 bids on the software PO.
4. Present the bids alongside a OSS solution, a real OSS solution, don't just say free look at TCO. Open office is wonderful for many businesses though.
5. Go with what the CFO says, you may not like it, but at least you presented a good set of solutions. You don't have to be shady if you don't want to but CYA is part of IT. You dont have to like paperwork but you had better do it.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Do you really want to work for someone that doesn't or can't afford to play by the rules. You can get around it with OSS, but in the end is that the kind of business that is going to move and grow? If you educate them and they still won't/can't go legit, I think it's a good time to walk away before you invest too much of your time. If they are willing to depart from their pirated software and move towards OSS, then you can help them usher in a new era of IT and save them some money down the road. BTW: One of my pet peeves is the line, "But the guy before you....". I'm not him/her so deal.
Remember, most piracy is reported by pissed off employees. In an effort to do the right thing, as other posters have pointed out, first inventory everything you can. Next, figure out the extent of the problem. Then go to your boss, or the owner, and let them know your concerns, as well as the legal ramifications. Do this in the best possible fashion for you, of course. And then let them know how much of a risk they are at, in terms of financial impact. All it takes in this environment (or any, for that matter) is one fired or layed off employee (yourself for instance, but I wouldn't mention that, all things being equal) to cost them far more in productivity, time, money, and embarassment than finding solutions.
The response should dictate your further actions. However, if worse comes to worse, you can always report them yourself, should they vindictively attack you over this.
Also keep in mind that the previous IT guy might very well be much better connected if he's still there. Do what you need to do to avoid embarrassment for all parties.
Bill
Actually, Microsoft helped me out on this one. Once the boss got a new computer with Office 2007 on it, and got tired of down-saving his files so that all of the other employees could open it on the single license of Office 2000 that was on the other 8 PCs in the office, I was able to get most of our software legitimately licensed. There were still a few apps which we were using that I couldn't locate any license for, and were on multiple computers. I made it clear to my boss that we were in violation of the license agreements to CMA, but he insisted the software be installed anyway. I should have got it in writing, but I didn't. Since I'm not there anymore, I'm not too worried about it.
I was able to deploy some OSS to get around a few applications: Deployed a Linux server with cvs and RequestTracker to replace some software we only had single licenses for that were being used on multiple systems. Also installed GIMP on several systems that were using a pirated copy of Photoshop 5.0.
So you want to be an IT manager? Grow some skin.
People are going to complain about a lot of things. Get used to it. Their monitors will be too small; their keyboards won't make the right clicking noise; their versions of MS Word won't be compatible with each other; their PC won't be as new and shiny as their neighbor's.
If your real worry is about the consequences to you personally if the BSA shows up, you disappoint me. What about just doing what is right because it is right?
Become a leader. Have a vision of what you wish to achieve and go get it done. If you want to run an honest company, do it. You don't have to apologize or make excuses. Does your company have a business license? Do they practice fair employment policies? Do you pay taxes? Why? Do the managers in charge of those things have to apologize for that? Do they have to rationalize those actions or policies? I hope not.
When people waffle in those places, we get Enrons, AIGs, and other disasters. Why should you hold others to a standard of ethics and responsibility, but not IT?
Not to be rude but if you're asking a question this elementary without doing so much as a site survey of assets than maybe you're not ready for a one man IT gig. It's a tough job to swing and if you're already apprehensive of approaching the top brass about this it's hard to tell where you may end up next when middle management starts to act like they own you.
BTW: This problem will be twice as bad if this is a "family run" company.
Dedicated Cthulhu Cultist since 4523 BC.
I realize that's true from a pure copyright standpoint, but in the real world it's sometimes useful to say, install a copy of a tool for evaluation in your workflow before deciding to spend $600 on a license for that tool.
Or do you know of a merchant that will accept opened software package for return, should I decide that $600 isn't worth the cost for deployment, or doesn't do what I need? Because I'd be happy buy a license if I had the right to terminate the license and return the product for refund, and even to pay some reasonable fee for my trial usage -- I'm just not willing to pay full price with no opportunity for refund for a product that I've never had the opportunity to test. I wouldn't do it for a car or a DVD player and I won't do it for software either.
DUDE you got to stand up to the fucking pigs at the BSA. they are just like any other cops, they love to talk big and fuck you with their nightstick, but you just give them the finger and tell them to give you your phone call.
I keep a gun in my desk and if those fuckers ever set FOOT in on my employers property I guaran-fucking-tee you I will be shooting to kill.
Non-production piracy is still piracy.
I will never, ever buy a program until I've vetted it first. Some companies have worthwhile demos, and I'll use those if available, but if not... fire up the keygen. If this makes me evil in your eyes, so be it - but I sleep comfortably at night.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I'm in a similar situation, and it's taken months to get all of our licenses in order. My strategy has been to move slowly, as tight budgets didn't allow us to upgrade everything right away, but forcefully, as the consequences running pirated software can be pretty substantial in the long run.
When possible, I switched to open source software (openoffice, gimp, etc.), but when some employees had difficulty switching, I went to management. Eventually, management decided that the increased productivity that we get out of using M$ products was worth spending about $2000 on licenses. I then set up a schedule and got management to agree to budget for 3 copies of office per month. We're finally up to date on licenses.
It was a difficult process, particularly because the median age at the company is fairly low, and because young people tend to believe that software should be free. Still, when management realized that the fines for using pirated software could literally bankrupt the company (and that if we ever fired an employee, he or she might report us to the BSA out of spite), they decided to give me a reasonable budget to buy software.
I think one of the most important things for small companies to realize is that if you use pirated software, you probably shouldn't fire anyone or make any of your employees unhappy. If you do, they can bring you down by reporting you to the BSA.
Facts have a liberal bias.
Presume for a moment that the part time IT person you replaced is just an inept nincompoop and wasn't very good at keeping licenses or keys. Presuming again they are still there then you can put the oness on them to step up to the fact that their turnover was incomplete and you need these things to do your job. There's no reason to play lone ranger here and try to solve this on your own. If they don't have it, then you need to make an inventory and go back to the mahagonites of your place and say to them "as part of my duties assuming this job I am bringing you this document of the missing license keys I have discovered. In my opinion we need to correct this for the following reasons ... " This involves work on your part, diligence on your part and the output produces exactly what corporate people (or people that like to play at being corporate people) want to see. IF they ask you to solve it, develop a plan to bring them into compliance. Usually a good way to do this is by purchasing the latest version of whatever it is so that as part of bringing them into compliance they feel like they are getting something new and shiny too. If they tell you to sod off, find somewhere else to work as IMO they are doing this in other aspects of the books too.
Just ignore it. These commercial programs cost way too much money anyway and the business you work for could probably not afford it. Just ignore it. If you did report something likely their business would be destroyed, they would be ruined, raided, in prison etc. All for just installing a software programs a few times on their computers. Do you really want to be responsible for the ruining of the lives of many other people. Keep your mouth shut.
You can try having the company sign a letter stating you aren't responsible, but I'm sure if your company ends up in court, you're gonna go down with them. Legally you are still responsible for the software that you chose to install. To get around this I recommend the following:
1. Get a CYA letter stating you are not going to investigate prior licenses due to lack of documentation(Duh! There is no documentation.). Make sure they are aware of the repercussions if they are caught with illegally licensed software. Make sure this is in the CYA document.
Ideally they'll see the err in their ways and want to fix it of free will. We all know this is a pipe dream. Then go to #2...
2. Have the company sign a document stating that all software you install from this point forward must be legally documented and obtained, or you will not install or set up such software.
With this agreement:
1. You can turn a blind eye (to some extent) to the illegal software currently installed
2. You are legally protected from getting your peepee slapped by any lawsuits since you are unaware of any previous software agreements
3. Your boss thinks you are trying to meet him on even ground so you aren't dropping a ton of cash in this bad economy all at once on something that will appear to have no return on investment.
You also can let your boss know that now is a good time to look at replacing the software, maybe $500 a week on software. It is much easier to replace the software while everything is working than to replace it when the domain controller is down, you have no license of the server OS, and it'll take 2 days to get in the mail. This will also give the impression that you have the forsight to identify future business opportunities that will be lost if you wait until it is too late to buy the software.
Now, if they aren't wanting to pay to play with the software, then you would need to give the company another letter informing them that they will need to find a new IT person as you do not feel compelled to violate laws to obtain a paycheck. Also make them aware that anyone that installs illegal software CAN and WILL go to jail if they are caught. Your boss (regardless of how much he may want to protect you) will not be able to stop the letter of the law that hold YOU accountable for installing the illegal software. You may even be able to sue the company legally for lost earnings because they are asking you to do illegal acts.
Just a few thoughts. Good luck!
Disclaimer: I am not a lawyer. I was on the other side of the fence though. I was installing illegal software until I moved away from the company. Their replacement was a small contracted company that used these exact steps to avoid their legal requirements while simultanously fixing stuff down the road on an 'as necessary' fix. The boss would have shit a brick if he knew that we'd have to drop tons of cash right then and there, but he was okay with buying the software when we would replace it.
I work in a medium sized company ($2b revenue) and we also have issues with properly licensing software. The big vendors are not a problem. We're completely compliant with Microsoft, IBM, Oracle, CA, etc.. The problem is the smaller companies. For example, there's a belief that all RedHat licenses are free, so huge deployments go out on RHEL without a single license (I am trying to change that, either with CentOS or actually buying the licenses). Then there are things like PGP, which is not licensed for commercial use on the version we use, but we use it anyway.
The way I approached it was to send an email to the higher-ups detailing the problems. Inform them via email that the company is out of compliance. Keep the email.
I ran into this at one company. It caused lots of issues. Managment did agree that they needed to fix the problem and was prepared to start buying licenses, until I came back with a count of what people "needed", and told him the cost. Once he quit clutching his heart, he had a look at the "needed" software list. We then looked at OSS and found that would cover some of our needs and then cut the "needed" list down to the software people required to do their jobs. When I told the employees what was going to happen, they staged a revolt. Talking about the P in PC meaning personal. I thought about that and said "Your right!" So back to the boss. Here was my idea. Charge everyone with doing their job. Take away ALL of their sofware and give everyone a raise to buy their own PC and software, and make every sign the CYA agreement that they are personally responsible for the software on their computer and that at any time the company can invite and external audit. Everyone loved the raise and promptly bought a PC and Licensed versions of their software. This resulted in a direct write off for the company in stead of an amortized one. Because people were spending money on their Own PC many spent extra. so we gained with some having even better hardware and software. Only one person bought the "minimum" to save some cash. The other cool thing was watching people get together to pool their money to purchase things like Symantec Enterprise. One person did quit right away and tried to take their new PC, which they did. However he forgot to read the 6 month clause in actually getting paid for the PC. It might not work for everyone, It took a lot of communication and hard work. In the end when I left, everything other than some music was licensed. (but as an IT guy you can only push so hard)
In a meeting with your boos tell hom/her that one of your responsibilities as the IT guy is to ensure license compliance and that you would like to document all of your software. Ask for access to invoices to see what's been purchased. Inventory all software installed and prepare a report showing where there might be an issue. Offer a solution or solutions to dealing with the issue: buying licenses, researching alternative programs, etc.
Don't be confrontational, don't be a dick, don't make threats or demands. Do tell them about the BSA and what can happen if they are to get audited. Turn your concerns into a positive for the company. That's why they hired you.
There are several solutions, and which one is adopted depends a lot more on corporate culture than technical merit.
In large businesses (10,000+ employees), I see two common approaches. The first is lock-down.
Lock down.
* Centralize everything and lock down the workstations. All software comes from one department, is distributed by SMS or Altiris, and (sometimes) workstations are monitored for compliance. Businesses like this often go with Dell for their hardware provider and have only about 5 or so workstation configurations in active use. Patches and install requests can take months to fulfill, and if the software isn't on their list, chances are good that you'll never see it. These businesses have security weaknesses in their network due to this centralization -- typically using flat topology models with very little or no firewalling between various business units. USB ports are typically fiddled with so flash drives cannot be used. For some reason, DVD/CD drives always do though. Go figure. Everything is vanilla-flavored, stock, and the same. If you find a weakness on one workstation, chances are good they all have it. Standardization is great! The servers are backed up. The workstations, where all the real data is, is ignored.
Multiple IT departments
* You'll see this with businesses that absorb other businesses -- financial companies in particular. Each business unit has its own IT, distribution schema, and enforcement of IT policies vary wildly. You won't be able to change your desktop wallpaper, but regedit still works with full admin rights. Firewalling between various business units is more common, but the policies are often out-of-date, and multiple routes exist. VPNs are commonly stacked over them, and if you know where to look, you can usually find a way through. The upshot is that the hardware is much more diverse, users are sometimes "left to their own devices" (literally and figuratively), and homebrew software solutions are more common. Nobody really knows what Server X does, but it has a sticker on it saying "Do not touch, Very Important." Often, hardware inventory and diagnostics in such environments consists of unplugging it and waiting to see who complains. If nobody complains, pack it up and ship it to Corporate. Nobody really knows what the company owns, but by god, we've got a lot of it. The good news is, if you can find your IT guys, they'll usually have your software loaded in a few hours. They won't care as much about software licensing either (I just gotta make my 8 hours, man)... Contractors typically run the show, and they have no idea what they're doing (because nobody wants to tell them anything). Servers are backed up, sometimes workstations are too. Sometimes. Maybe.
Mid-size businesses (less than 100,000 employees)
Sometimes you'll see centralization, but more often it's the scenario above, but with only one IT department. The network topology is generally laid out better though, hardware is more consistent, and the helpdesk is actually (le gasp) helpful, typically being a stone's throw away from the admins who maintain the servers. This is a good deal for you users -- they're too busy to be making many software policies and auditing, but not too monolithic that they're inaccessible. Your USB flash drive will work, even though you're told not to. Hello iTunes! Don't download pr0n though... For some reason, medium-sized corporate IT departments know everything you do on the internet, even though they don't know where the database server is. There is one rack of equipment... somewhere... and if it dies the entire business will collapse. But nobody knows. The servers are sometimes backed up, and so are the workstations. We're not sure... What's a "backup policy"? Can I use MMC to set one up?
Small business (less than 10,000 employees)
There is one guy or a small team and they are zyzzy GOD on the network. They don't care what you are running on your workstation... There's a pile of install CDs at his desk. Help yourself. Talk to the pimply-face
#fuckbeta #iamslashdot #dicemustdie
You know, most of the time I actually come across this view on Slashdot is when people are claiming that it's what everyone except them believes.
I am TheRaven on Soylent News
The peer fact that you know it's wrong and you are asking for advice doesn't make sense. Do the right thing and comply with industry standards. At least you'll be sleeping better at night.
Play it cool, fraud is best proven by playing it up like it's legitimate.
Tell them that if the "other guy" must have the software then, and the problem is you'll need the software and licenses because that's how he must has installed it. He must have been keeping those originals at home for "safe keeping" and brought them in when he needed them.
Tell the managers they should call him and remind him that it's the company's software, that he is holding several thousands of dollars of company software, and that the company needs it back--otherwise the company needs to report it stolen.
If he walks in with a bunch of pirated discs, turn him in to the BSA. Not hard, really. Remember not to touch the CDs as you can lift fingerprints from them really easily. :) Nothing like hard evidence.
That is how I look at it. If I cannot prove that I have bought it then as far as I am concerned it is illegal. I remove it and tell the department in question to justify they still need it, if they do I get them to raise an purchase request and a copy is then bought for them out of their budget.
The Key though is not to get on a high horse about it, just explain they don't have a licence and to use the software they need one. If the software is critical then I will leave it installed in the interm while the licence is purchased, (I inisist the PR be raised that day within a few hours, if not they I warn them it WILL be removed).
Auditing software is worth its weight in gold providing the solution you get is good. Run reports to tell you how many copies you have running and then compare that to the list of licences you have (that you can PROVE you have).
Be firm but don't antagonise.
ZOMG, replace it all with OSS!
But seriously, take care because they could find any excuse whatsoever to get rid of you since you'll start costing them $$$ for proper licenses etc..
If it were me, if they didnt care, I'd write to the software owners (M$ for Windows, Adobe fore Photoshop, X for Y, etc..), and mention what this company is doing.. They can hence drop in by surprise one day for an audit, find the evidence, and prosecute the company..
most large commercial software do have free trials
what $600 purchase are you alluding to that does not?
Photoshop http://www.adobe.com/support/downloads/product.jsp?platform=windows&product=39
autocad http://usa.autodesk.com/adsk/servlet/mform?id=9106363&siteID=123112
Sony Vegas http://www.sonycreativesoftware.com/download/trials/vegaspro
MS office- http://us20.trymicrosoftoffice.com/default.aspx
you can in fact with a tech net subscription-
trial EVERYTHING Microsoft produces for $349 a year--
which is a worthwhile investment and negligable sum for ANY company large enough to have a full time IT person on staff
not an unreasonable purchase amount at all.
every day http://en.wikipedia.org/wiki/Special:Random
"The answer is easy if you take it logically..."
1) Start looking for a new job.
2) Go to the CFO. Explain that while you, yourself, have no intention whatsoever of blowing the whistle, there are actual *rewards* put out by the SPA for unhappy employees to take advantage of by being whistle blowers.
3) Explain that, if he's really lucky, as an officer of the company, he could face criminal charges.
4) You don't want ANY of this to happen. So, at the very least, a concerted effort going forward -- with backing from management -- should be made to start getting valid licenses in-place.
5) See #1.
same situation two years ago. Last month I cleared out the last of the questionable software. It has taken 2 years, much hard work, and more than a few shouting matches, but we are fully licenced here at last. Much of what I replaced was replaced with OSS.
Since simply licencing everything would have bankrupted the company, and inertia prevents a switch to Linux on the desktop, the bosses want outlook. I got a policy stating that all new laptops would be purchased with a copy of Office.
One day without notice I blocked access to the update server for the pirated antivirus software, and just waited. Two days later there was a panic, and the next day I had a site licence for the antivirus I wanted instead of the crap I was stuck with by the person I replaced.
In a nutshell, here is my advice:
Document everything. What you found, when you found it, and your plan to get rid of it.
Think creatively about ways to get what you want.
Take your time. Cleaning up a mess like this is a long process.
If I were God, wouldn't I protect my churches from acts of me?
The way I handled this when I arrived as the first "IT Guy" at my company was to fight for and then implement a "From this point forward" policy. I explained to the executives what was going on, why it was bad, and why I thought going forward it needed to change.
That meant that I ignored what was already there. I know some might not feel comfortable doing this, but in my opinion the wrong had already been committed and I wasn't accomplishing a whole heck of a lot by shutting down operations to pull all of the software.
The other part of my plan was to fight for and justify an accelerated upgrade schedule. I argued for this based on the value of the new software, but in the back my head I knew the other benefit was that it would get rid of the illegal software faster.
This ended up being a win-win-win situation. I won because I didn't personally install illegal software. The company won because they didn't have to shut themselves down while it was sorted out. And the software vendors ended up winning in the end too because since then we have budgeted and purchased, and re-purchased, their products as new versions become available... something I can all but guarantee you we wouldn't have been in a position to do had I shut them down and forced them to go legal all in one blow. The company would have either folded, or fired me. And in both of those cases it would have meant no transition to legal software.
Now, that said. I was in a bit of a unique situation in that the company I worked for was a non-profit. And thus subject to non-profit discounts that they were unaware of. So the sticker shock when it came time to license new version of products was less than if we were a for profit. But all in all, I still look back at that experience as one of the most reasonable ways to take an organization from non-compliant to compliant.
The conscientious employee would correct this issue, as you suggest. IMHO the typical "jobsworth" is gonna keep things going as before.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
The company I work for now has a very strict code on this. They got nailed about 8 years ago and fined heavily for a bunch of non-registered seats of Autocad, and made an example of to the local community. Just don't install the illegal stuff, the owner will have to bite the bullet.
some of the finest people in history have been shitcanned and blackballed for simply saying the truth, no matter how politely, professionally, or curteously they did it.
I download all my software from BitTorrent. Why pay for something you can get for free? It doesn't hurt anyone...it's not like the programmers are making the bulk of the money off the software sales...Microsoft is a billion dollar company but do you think they pay their programmers even millions of dollars a year? Pssht.
The day programmers start making even 50% of the profit from their labors is the day I start buying software.
Software? Oh, I meant music. :-)
Disclaimer: Outside of the Slashdot Virtual Reaility, I do purchase CDs, AACs, MP3s. I use licensed MS software at work and home and even buy video games now and then. I do NOT, however, pay for bottled water at the movie theater. Preposterous!
My rule as an IT professional is that if you are making money using the software, you are obligated to reimburse the developer.
I take a more lenient approach for software used for personal training at home for two reasons:
1) Those people tend not to purchase the software and would just not use it as an alternative.
2) Familiarity with the software inspires purchases in a professional environment.
So personal piracy is freeloading with little/no negative effects on the developer. Profiting from software is a removal of a sale from the developer.
I was a big pirate in my youth, though I become the biggest hard ass regarding licensing in the professional sphere. Cover your own ass in an email stating that you won't pirate software without a direct order/authorization from above you. In my experience though, small/medium business owners will tend to be on the 'pro-piracy' side of things, so you may want to update your resume if it's a moral issue to you.
Personally I had pretty good experience just stonewalling them, which caused the staff to put pressure on the higher ups to get licenses purchased. If worse comes to worst, you can always lie and tell them that the license is node locked and calls home.
Organize yourself, and ask them for legal advice. I think free legal advice is part of the membership of most unions, though I live in a country with a rather "socialist" culture.
Also might be a good idea to make sure that asking them is confidential. And do your homework on the union alternatives.
Ways to try before you buy in the real world:
1) Go to SW Vendor website, see if a demo is available
2) Call SW Vendor directly, request a trial version or sales presentation
3) Do some research before buying software - review competitors features, price, support structure, and make the best decision. If your business does not have a software budget where you can afford the rare $600 mistake, you probably don't really need $600 software.
If the first thought to statement in #3 is "but I might really need software X", then you either do or you don't. Do #1-3, especially 3, and determine if you need it. If you don't need all the bells and whistles that software X provides, buy a competing product, find an OSS alternative, or make do without.
Generally speaking, if it's worth your time to find a $600 (or $60,000 or $6,000,000) piece of software, you should make up for it in time saved or increased revenue. Return on investment.
Most (if not all) of that determination on whether to purchase a product must be made upfront. Just because it isn't a car doesn't mean you can't research it and do a "test-drive".
After you get done with all that, get into the Group Policy manager and set GPO's prohibiting them from installing ANY kind of software onto their workstations. That's your job, not theirs.
First rule of holes; When in one, stop digging.
no one has a separate CD or box for every copy owned. we buy WIndows Server with every new server purchase but i never see the license. it's all electronic. i just grab the iso from MSDN whenever I need to install a new server and use a CD key we got from MS a few years ago.
Same with every other piece of software we buy. we'll get a license and one media set or just download it from the vendor
Yes because all the people that come to this site think exactly the same.
I agree with you there, i have seen demos that work fine but when getting to a full version that has extra items due to full version can now do more errors arrive. Looks like I'm one of those evil people in the world.
Most free-as-in-beer software that is not open-source has a license that is not compatible with being free for commercial use.
Furthermore, the legal department would probably have to go through every license for every free-as-in-beer program. This is true of OSS as well, but many OSS programs have common licenses, like GPL, that legal would only have to read once.
(T>t && O(n)--) == sqrt(666)
hehe, at my last job i had the same problem. many copies of many different software where running only on one copy of any licence (i was shocked how easy you can do this with apple software). and things like using ms-office student versions...
i did my job, catalogued all the software and licenses (wont do it ever again!), presented the case to my boss. after 2 monts of hearing "we look to it next month", i left.
well, my main reason was not the illegal use of the software (like i care! and i was not the one to hold that up in court;), but the wasted time and money you need to manage all that shit...
so, if you really want to manage all those licenses,
play by the rules or die!
or shift that legal part to your boss and don't give a shit! ;P
cheers
"some floss guy"
ps. i assume they are even still running filemaker clients with keygenerator created keys, cause updating(=rewriting) their monstrous self-made filemaker "thing" to the latest filemaker version would be too much work...
I wouldn't want to go through the hassle of all the non-refundable time and expenses with her before deciding if she was really worth having.
No, you fool, it is *not* ok to steal someone else's stuff to try it out before buying. If they don't have a demo, you can ask the company for one. If they don't do that, tough, take your money elsewhere or write it yourself.
Sheesh.
Contact the company that makes the software. I know for a fact it is possible to get demo versions of a lot of software if you are talking about buying it if it works out for you, especially if you are talking about buying a few dozen copies. If nothing else, they'll give you someone to talk to about what the product does and doesn't do, situations that it has and hasn't worked out in the past. At least, if it's an honest company they will, and dishonest companies (believe it or not) tend not to last as long as honest ones.
Yawn.
Donkey tarps?
You don't know what is out there - how badly your network, systems and files may have been compromised.
You and your employer have to agree that if there is going to be an "IT Guy," there has to be an IT policy.
Installations must be approved.
Budgeted. Documented. Licensed. Maintained.
What'll we do with a pirated program, :)
Earl-aye in the morning?
In fact, they'll even come out and run it for you.
I can't think of any commercial software that doesn't come with a non-crippled free trial.
Windows Server 2008 for example has a 240 days trial. If you can't decide if it's worth your money in 8 months, you never will.
I have found that it also helps if you make the users aware of the issues related with this type of stuff.
We had a situation once where a service call came in for one of our old software components. It turns out that the software had been written by a very small group within the company. The guy brought in a "borrowed" copy of an IDE and did all the work in it. A lot of the files checked into our config management solution used some private format that only this IDE could understand. To make matters even worse, the company that had produced the IDE had died and we had no way to order the software and installation media. So the group was literally stuck and they had to rewrite most of the work that had been done before.
This type of nightmare scenario can be very compelling when it comes to getting some cooperation from your user base. Show them that this type of practice may end up blowing in their faces.
Cheers
First thing you need to do here is get the CFO and company attorney involved. The CFO because getting all those licenses is going to cost money, the company attorney because lack of licenses is a legal problem for the company. You also want the leverage: the CFO's not going to want to spend that much money if the company doesn't have to, the attorney is someone with authority to tell the CFO that the company does have to if it wants to keep the software available. You might also want to research news reports and have a few articles in hand less than a year old reporting on BSA raids of companies (to help convince the CFO that no, this isn't just a theoretical risk).
Before you go in, look over the F/OSS alternatives to the software in question. Ideally, have a laptop with it installed so you can show the CFO that no, it's not particularly inferior to the pirated commercial software. If he's already used OpenOffice to type up a memo and seen that it's just as easy to use and produces just as good a results as Word, he's going to be less sympathetic to spending lots of money on Word or to risking a BSA raid over it. This tends to look good to CxOs: you're identifying a real problem and presenting them with solutions to it that work while avoiding having to spend heart-attack-inducing amounts of money in the process. You'll still get screams from the users, but it'll go a lot smoother if you've got the executives on your side first.
As an IT contractor I run across this more often than not. All you can do is let the boss know what is going on and give him options.
1) Buy licenses for everything (Unlikely to be affordable at one time)
2) Ignore the problem (Bad idea)
Or the most practical
3) Set up a plan for getting legitimate. If the boss THINKS he has licenses for Windows, suggest that, rather than buy new hardware and reinstall Windows, next time he should buy a PC with it preinstalled. It may take some time but will bring them into line.
Just make sure you put the catch up plan in writing, that way if you ever get audited, you can say the plan is your bosses solution so not your problem, and it shows good faith that you are trying to get current without bankrupting the company.
He's getting his ass kicked in there!
I think this differs in the department of accountability. When one pirates music, he/she is solely responsible for his or her own actions, whereas the poster is dealing with piracy at work. He or she could be held accountable for the unlicensed installation of software in the duties of his job, which no employer should ask of an employee. (I do realize that he or she has not been asked to do so, I was simply making a point.)
If the last guy was pirating wouldn't management have been wondering why it was costing them nothing. I think this is a really dangerous situation to bring to management cause they probably already know about it and are playing dumb.You need to work on getting management to realize its an issue. If they aren't will, I would definitely start going to budget meeting and demanding budget for software to get everything legit or move off to something OSS. For employee complaints about waiting for software word an answer that makes it sound like they are liable for the software on their computer and they will get quiet really quickly.
Spiceworks is a spiffy tool. It'll get all the software and hardware info you need for your network. Borrow it on their website - it's free!
Don't worry about it, let it happen why are you so uptight?
Ok, well not at first... Bring it up to management. If they force you to install pirated software, report them to the authorities. There's federal laws against retaliation for whistle blowing. Once they force you to perform illegal actions, it's your duty as a citizen to report them. Assuming they do force you to install pirated software... once reported, you'll never really need to "work" any more as any "firing" could result in a retaliation lawsuit by you. Enjoy your full-time WOW job. (Note, this is mostly sarcasm...)
No SIG for you!
Above all, your first job is to show how this is THEIR problem. You need to show the management how this issue is THEIR issue, will bite them in the ass, and that their best course of action will be to pony up the money. Politely, of course. You don't need to be an ass. The second thing that you need is an ally. That's your boss. You need his help. You need him working the money/politics side for you. If not him, then you need someone who knows the money politics side. Don't point fingers. Your job is to come in, straighten things out, and bring the shop up to a PROFESSIONAL level. Keep that as your attitude, and make sure that everyone knows it.
If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.
Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:
1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.
2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."
So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.
Make a list of all the software you actually DO need, and propose a budget for the next year. Take it to the owner/CFO. They'll love you for it, and it gives you the ability explain why these things need to be licensed and what the real IT costs are going to be moving forward.
I'm out of my mind right now, but feel free to leave a message.....
Today I would also do the homework and add "direct FOSS replacements" for the software in question as much as possible. MS server -> CentOS + Samba; MS OFfice -> OpenOffice, and so on. I would create a roadmap to get everyone legal and ask for approval.
Above all, be professional, curteous, and politically astute. It won't do to create a "fear reflex" where you get shitcanned and blackballed. You may want to have a closed-door conversation first and ask to see if management would like to see the roadmap you've prepared.
That's pretty good advice. Diplomatically explaining to them the consequences of a BSA visit is a good place to start and then offer a number of alternative roadmaps to a legal setup. Be sure to give them both the MS based roadmap and the FOSS roadmap (or a mixed one) if you decide to go in that direction in an attempt to save costs and be *honest* about the pro's and cons of both. FOSS evangelism won't get you very far with PHB types, they respond to bottom lines. You can save costs on FOSS in one area compared to MS solutions only to find the FOSS solution can be more expensive than comparable MS products in others ways. Of course make sure there is a paper trail, covering your ass is the most important thing in case you do get a BSA visit. If your PHBs do decide to keep using pirated software you will at least be on record as having tried to fix the problem.
Only to idiots, are orders laws.
-- Henning von Tresckow
This reminds me about a post in alt.sysadmin.recovery many years ago. The post was asking about what precautions one should take when firing a sysadmin and had a fair amount of details of the environment. The first reply was "Don't post about it in alt.sysadmin.recover." I'm guessing that'd be applicable here.
Who is John Galt?
I realize that's true from a pure copyright standpoint, but in the real world it's sometimes useful to say, install a copy of a tool for evaluation in your workflow before deciding to spend $600 on a license for that tool.
And it's even more useful to get a warez version and not even bothering to purchase the full version at all.
If you're going to use convenience as an argument for breaking the law, I encourage you to follow that argument to its logical conclusions.
If you want to go legit:
Buy licenses or go FOSS.
The desktop part is already solved.
And if those guys can't even work with windows,
Install an easy gui for them, Its up to you to find and customize one...
For the servers:
I don't know, I don't know what that server is handling, But I am % 90 that you can replace it with a linux or BSD variant of the software.
I was put in a very similar position over the summer. The small business is now nearly bankrupt. If they can't afford software there is a major problem and it might not make sense to work there. I would explain what is going on to a boss, and request the software. If that doesn't work, leave the company and turn them in. Do your job, and don't worry about being the bad guy.
This deserves mod points, people.
Rule of Slashdot #0: You and people like you are not representative of the larger population. - A.C.
You've actually been given some good advice on what to do from a CYA standpoint. You can try those suggestions. The odds are that nobody will fink on your company, but if your company has a disgruntled former employee, those odds will suddenly increase.
Do note that nobody will like this. Management will get mad that you are "rocking the boat" and spending money that they hadn't budgeted because the previous guy didn't tell them that they were such a situation. The employees will get mad because there is a chance that what they were using may go away or be replaced with something else. Change is bad to a lot of people.
To give you an idea of how crazy this fear is, my best friend is an attorney. His practice includes his wife (also an attorney) and at any given time 2 or 3 employees. He doesn't retain people well because the jobs he has don't pay well, so there's a lot of turnover in his staff. He lives in fear that a former employee will sic the BSA on him, so he makes sure that everything he has on all the PCs is legit. In fact, he will not use FOSS at all because he is afraid that somehow this will run afoul of the BSA (I have tried and failed to convince him otherwise). He also tends to pay full price for everything he buys because he is afraid too that if buys something at a discount, it might not be legal and he'll be screwed. Heck, he's been known to even buy multiple copies of a program that he may only need 1 copy of just to be absolutely sure that he's in compliance and with all of this, he is still worried that somehow, someway, the BSA will one day come calling and arbitrarily decide that he's out of compliance and screw him over. While I know that this is an extreme example, it does illustrate that some people, including small businesses, take software compliance very seriously.
As you are the first employed as IT guy, your company might be open to your suggestions to solve the problem. To me there seems to be a change in the company, they spend money directly on IT.
The downside is, that they might need some help to understand the problem. But, as I said, they seem not to be opposed to that.
If I were in your situation, I would do the following:
- Map the software used on all the machines. Get their status from the legal and technical perspective. Are they covered with licenses? Are they up to date?
- Look for alternatives. Are they really neccessary? How much would it cost to license them? Can they be replaced by cheaper products? Is OSS an alternative?
- Lay out my findings to the management: costs on licensing the actual programs, alternatives, costs of legal trouble.
I am pretty sure, some companies "relicense" their products for less than the whole price. Even if odd keys might indicate pirated software, that isn't neccessarily the case. It's easier for anybody to get things straight for less money than to prove piracy and have the former customer use other products in the future.
But if they don't care I'd look for another job.
cb
PS: OSS might be a good alternative, either entirely or partially. But it can also be a costly nightmare to anybody, if it's deployed without care.
intellectual property was created as a sort of gentleman's agreement, when there were only a handful of real publishers in the world. now every teenager with a broadband connection is a publisher. such that the gentleman's agreement is unenforceable nowadays
i'm not defending piracy, i am simply asking you to consider the notion that your attitude is simply unsustainable on the internet
that is, if your entire defense of creators consists of whining, creators really don't have any rights any more. you need to actually defend creator's rights. effectively. i just don't see that being possible anymore. that it doesn't matter what the law is, because the de facto status on the web is poor teenagers with a broadband, zero interest in or knowledge of the law, and a hungry need for software
when publishing consisted of a guy with a vinyl press or a cassette duplicator, piracy was small, slow, and easily trackable. now its everywhere, sparse, and done in countries without the sort of intellectual property laws you apparently rely on as some sort of moral code
maybe the attitude towards intellectual property in other countries is the proper attitude and your attitude is wrong? maybe you should get off your high horse and adjust your attitude to the reality? maybe creators need to find some other way of sustaining income other than exorbitant fees for a distribution medium which is completely porous?
or ignore, dismiss me as an immoral pirate, and continue whining about a notion which is completely ignored and unenforced. reality: you need to look at it. your current attitude seems to be built in defiance of the reality you find yourself in
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Neither is theft. Both are illegal. I think most people however would agree that there is a substantial difference between downloading a song and putting it on your portable player vs. downloading that same song and using it in a product you sell. The introduction of profit motive makes a pretty big ethical difference.
Stop calling it "piracy"! Installing software you haven't licensed is breach of contract, or something like that.
Piracy, on the other hand, isn't some little look-the-other-way offense that gets you in trouble with the BSA and sends you to court. It's a brutal, nasty, bloody, violent, and sometimes deadly crime committed against a vessel (aircraft or ship) and the people and property on board People get hurt from piracy. People die from piracy.
And you know what the punishment for piracy traditionally was?
Death, usually by hanging.
It's not something that's just a storybook tale made for Disney movies. Piracy still happens, only now the pirates operate from fast boats, use radar and GPS to track their prey, and arm themselves with rocket launchers and machine guns. They still hold ships for ransom, steal the valuable cargo, and sometimes mutilate or kill their victims.
Piracy and copying software aren't even on the same level.
The meek may inherit the earth, but the strong shall take the stars.
No... I think most slashdotters believe you shouldn't be burdened with a lifetime of debt for downloading/distributing some music. The point being if you went out and stole the music from a store the penalty would be less...
I USE THEM.
> How Do You Deal With Pirated Programs At Work?
Well, I usually use BitTorrent or eMule myself.
Not even my own story. Several years ago, my father was working for Perot Enterprises (that didn't last long), and one of his jobs was to "do whatever was necessary" to get the local office software licenses legal, without impacting their ability to do the work. He ended up spending tens of thousands of dollars purchasing licenses for the software that everybody depended on, AFTER getting them to identify the stuff they didn't really use and removing it from the machines. But, that's the rub. You can either do it cheap, and change how the business actually works, generating animosity about your evil practices, or you can do it expensive. Ask the boss. He needs to decides which expense he would rather pay. And the risk of getting caught is a viable option for him to choose . . .. You might not want to hang around if he picks that one, but it is an option from his seat.
Spooner always knew what he was trying to say.
Slashdotters HATE creators' rights.
Ignoring the error of lumping everyone on /. together, there is no such thing as "creators' rights".
...have you considered a career change into piracy?
You could set the place up with even nicer warez than they've already stolen. Everyone would think you're da bomb.
Just be careful everyone knows what not to mention when writing your LinkedIn recommendations.
1. Rat them out to the BSA ....
2.
3. Profit!
4. Quit.
At the risk of using the same analogy twice in the same thread.. A person copying software and music is like J-walking.. sure it's illegal, heck sometimes it costs people their lives, but usually it's just a tiny little indiscretion that makes people's lives easier. On the other hand, actually PROFITING from copied music or software is like driving your car against traffic. It could end up a terrible mess.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
It's important to avoid being adversarial, so start by assuming that the previous guy was doing everything on the level.
1. Ask for documentation that supports the fact that you own licenses for all the software you have. (CYA)
2. In the absence of #1, ask someone to state for the record, in writing, that you own licenses for all the software you have. (CYA)
3. If they provide #1 or #2, carry on with business as usual, and buy new stuff as you need it.
4. If they cannot or will not provide #1 or #2, you need to outline what it will take to bring their operation into legal compliance and appeal for funds to do so. If there's no money, that may include removing software or shutting off machines, so work out how that can be done with the least disruption possible.
5. If they have no interest in being in legal compliance, leave.
6. If they fire you for trying to operate legally, sue their asses. (make sure you do all of the above IN WRITING and keep copies in case
you are escorted from the building)
You will earn respect by trying to work with them and their needs, and getting the most use out of what they have while still bringing things into compliance. You will not earn respect by threatening anyone or calling anyone names.
Again, if they're not interested in coming into compliance, you need to find someplace else to work, because they are asking you to break the law.
I think BSA gives bounties to whistleblowers, and the size varies on how much stolen software they discover... Depending on the size of your company it could run to years worth of salary.
If the company won't correct the problem, and you think the blame will fall on you...
In addition to FOSS, don't forget that there's also SaaS options (Software as a Service). For example... could you use Google Mail & Calendar instead of Outlook & Exchange for mail & calendar?
You're asking Slashdot how they deal with piracy? Slashdotters HATE creators' rights. Most will be fully in favor of piracy and consider it a "cultural revolution" or "free advertising" or whatever ridiculous excuse they've concocted that week to make themselves not feel guilty.
I think many Slashdotters had more respect for creators' rights before the Sony Bono Copyright Term Extension Act and other similar legislation were passed.
a business is not run on holier-than-thou shaming. either intellectual property laws are enforceable, or intellectual property laws are unenforceable. if they are unenforceable, which the internet and a billion poor teenagers with a broadband connection, no money, and little interest or respect for the law have shown, then there is no business in media anymore. furthermore, the internet is borderless, and other countries have no such regard for intellectual property laws, nor did they ever. who is to say your attitude toward sintellectual property is correct and their's is wrong?
you can make all the withering shaming speeches you want. you can't run on a business on that. can you enforce the law? or not? beginning and end of issue
intellectual property law, which is a gentleman's agreement amongst a few publishers, is not morality. please stop thinking you can defend a business practice with nothing more than attitude
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
http://ask.slashdot.org/article.pl?sid=09/02/04/022257 is a discussion very recently about software piracy at the Beijing office of a company. While the location is different, the responses are quite similar. Basically, document your actions in writing, and be prepared to leave if the situation doesn't improve.
This post brought to you by your friendly neighborhood MBA.
ZOMG replace it all with FreeDOS
What's the value of information that you don't know?
One thing you might try is use a software product to find the license numbers.
http://www.magicaljellybean.com/ has a utility that will print out all the Microsoft license number for all the MS programs installed on the computer.
Now I am not suggesting you do that for all the computers but certainly taking a sample of machines and seeing if they're using the same license on them could help determine the true nature of the situation.
take notes, get the BSA phone number and use those to get a raise?
First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.
Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.
Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.
Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.
Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."
Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.
Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I've had to deal with this before. Basically I reported the company and went through an audit. If your truly an IT guy you will understand this is the only way, otherwise you are letting pirates damage your field and doing nothing.
How Do You Deal With Pirated Programs At Work?
I know, I know - it can be hard to find them, but the Pirate Bay provides some good pointers.
having dealt alot with software licensing.. you have three simple options - ignore the problem and hope no one finds out - suggest free software that can replace illegal installs - tackle the problem head on. here in the UK at least the fact is that if your company was found out the guys up the food chain would be held responsible in the eyes of the law. If your company can cope with the financial and legal hit, and continues to exist you may lose your job, but you probably wouldn't be the only one. start any project like this by finding out the scope of the problem. find out, or make rough guesses as to what the damage is, and what would need to be done to rectify it. Get management buy-in, and start fixing it. Acceptance that there is a fault, and getting management buy-in to rectifying the problem is often enough to prevent the likes of FAST and FACT from persuing legal action. if you're up against a financial reason for not buying licenses, make managers realise that you've not been buying them since year dot, and the business simply cannot grow living on the wrong side of the law.
Bury them and mark the spot with an 'X'.
This wasn't the kind of booty I was hoping for.
Have gnu, will travel.
I came into a job where the previous guy had installed upwards of 300 copies of MS Office 2000 Pro and a number of other programs such as terminal emulators.
I went to the management with this and got pretty much nowhere. I did win on the fact that I would not under any circumstances install software without a license so I have a solution moving forward.
For all those machine without proper licenses I went to the software company and explained the issue and that I would like to bring the company into compliance if they would be willing to give me their discounted upgrade rate. I replaced all of the Office 2000 installs with open office and got the vendor of a terminal emulator to make me a good deal.
We are now 100% compliant and migrating towards more open source software.
I wish that there were direct OSS replacements for everything I run but there are not. I need perfect VT400 emulation and I have not found an OSS that does that. Putty is about 95% but that other 5% doesnt allow me to have the proper keys mapped to the proper location.
Good luck and be on Buddha's side. Stick to your principals.
Make it look like you are a contentious employee doing your best for the company
I do not think that word means what you think it means.
I play one on the interwebs...
I think the most important word you need to use is "indemnification".. if its that big of a deal, pay the $250ish whatever, get a legal document drawn up (from a real lawyer) that makes the company pay for your legal and judgement fees and hope you don't go to jail.
Imho, you cant "CYA" out of doing illegal things. If you are breaking laws, YOU are breaking laws.
Can I get a copy of Office 2003? I need to install it here on about 25 PC's.
Thanks!
real quick...i was in almost (see below) exactly the same position and had convinced management to comply and set about compiling a list of what was in-use. the employee assigned the task was let go prior to completing it, and subsequently turned in the company; we received a couple of nice letters kindly letting us know our options; we told them our story and they referred us to sales where after a few months(!) new licenses and upgrades arrived. almost exactly -- instead of truly pirated copies, most often one copy was purchased, but installed multiple times.
Perform an audit of all software installed and all licences owned by the company and report it. If you will hide it, you will be held responsible if/when BSA comes. On the other hand, you will report that the issue exists, business people will at least be able to make a decision - fix it or ignore it. But then its out of your hands anyway, and thats a good thing.
Ethical considerations aside, does the poster actually have any liability? He's not an officer of the corporation, and he has advised them of the situation. Even if the BSA storms in, would he be at any _personal_ risk?
...if you pirate music for personal use, that's kinda different than running a profit-making business using bootlegged software.
You should be making enough money to pay for the software you need to run your business. If not, well, I guess you have bigger problems than some pirated software.
You guys are demonstrating how out of touch with small business you are. And displaying a tad bit of hypocrisy as well.
Corporate IT policies? You flatter yourself if you think they are important to the company.
Software licensing? It's laughable you think there's money or interest in throwing away profit.
FOSS solutions? Yeah, like most non-tech industries are going to just reinvent themselves to support those. Many barely support Windows (XP only).
And what world do you guys live in where the users in the company would actually re-learn everything they do in email, word processing spreadsheets and industry apps just to fit your FOSS ideal? Most non-tech-industry users barely can handle email and rely on years of repetitive experience just to get through their computer day.
Your hypocrisy shows when you compare /.'s stance towards music piracy vs software piracy.
Guess what? Developers make up a majority of the groupthink here. Musicians aren't a significant portion of the membership. What a shocker, that software piracy is considered a sin, while music piracy is just "getting what ya' want and stickin' it to tha' man (RIAA)."
The OP lives in the real world, where the owner (not some company bigwig) built the small business and constantly evaluates expenditures. In this environment, discussing software licenses like they are sacrosanct (and more important than the company's bottomline) is the easiest way to get yourself fired.
Many small IT's yearly budgets is in the triple digits.
You guys would not be a good fit for this world. And it does use IT - they just don't view it as the Holy Way of Life y'all apparently think it is.
Do an inventory of the software and find out how much illegal software is in the company.
Set up a meeting with management, and the company lawyer if there is one, and explain to them what the last IT guy did and what will happen if they get caught using illegal copies of software, including the large fines. Explain to them their exposure. Tell them that this has to be corrected to protect the company. Tell them about the companies that have been turned in by disgruntled former employees. Get their buy-in to remove or buy any software that is of questionable origin and to put in place a software procurement process.
Then, put out a memo explaining the changes, including how this is caused by missing media and/or licenses and that any software missing licenses must either be bought or removed. State that this is an amnesty and, after a set period of time, anyone with illegal software on their computer will be subject to disciplinary action up to and including termination.
Document everything every step of the way. If at any point you are told to keep making illegal copies and using unlicensed software, find another job and quit stating you will not break the law for them. Then, turn them into the BSA.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
FOSS is not a replacement, but it may be legal in your company, Legality is the main issue, not features. If the company won't be legally owning software, I'd want nothing to do with them. If OpenOffice is all they can afford, that's what I'd be installing. After a few hours of fixing formatting issues between OO and MS-O users, the cost of not using the same software across the board will become clear. For tiny companies, MS-O is an easy selection. When you have 500+ users, that choice is less clear due to license costs. Then you have to be worried about the lost productivity for retraining all the people who will complain that OO doesn't do X or Y exactly the same as MS-O.
I ran some numbers on the costs to replace MS-Windows and Office at a company with 60,000 users. We were paying MS less than $30 per system for both and unlimited CALs. They gave us AD and Sharepoint for internal use. They reamed us on Exchange. We generally had 3 Microsoft provided engineers on-site for free and for specific projects, we'd buy additional consulting resources as needed. Anyway, our annual desktop license were under $5M. I couldn't consider Linux/OpenOffice for that price and never looked any further. Obviously, we had many 1,000s of applications. Many were Win32 only and we'd need to figure out how to address them. Many were web apps too, but the vendor used ActiveX controls, so they weren't platform independent.
Many years ago, I budgeted for 17 copies of Purify and 5 copies of the "leading" windows memory leak finder. My team ended up with 5 Purify and 3 of the other licenses. Purify was a hog on Windows at the time, but it was so much better than the native Windows tool that everyone wanted to use it instead. The next year, 20 more copies were purchased. We were always legal (or as close as any company with 100 people ever is) on compilers, class libraries, and OS copies.
What really bothers me is when you need 200 operating system licenses and seem to have paid for 400 of them just because you replaced WinXP hardware over time. Retail customers get screwed this way all the time. I suspect that only the largest customers don't get completely screwed - but they get screwed over CALs and MS-Exchange and MS-SQL server licenses instead.
FOSS isn't always the answer. It may be - depending on your current situation, but it probably isn't.
Your job is to look after the company - and installing illegal software is NOT looking after the company, no matter how you spin it. I used to work as Information Systems Tech for a major electronics retailer, and piracy was rampant, especially within the technical service area - cloning utilities, you name it. I have friends that had Best Buy techs install illegal copies of Windows on their machines.
I ended up making a list of the pirated software, and taking it to my manager, explaining the legal risk, and recommending OSS and low-cost alternatives. Management responded by telling me to remove the illegal software immediately, check for it frequently, and then worry about finding ways to make everything still work. I got lucky, you may face more resistance.
But remember, your primary thing to worry about is YOU not ending up in jail. DO NOT go along with your boss saying everything will be fine. If it's going to take a couple of months to transition, that's one thing, but you'd better be moving in the right direction.
http://news.softpedia.com/news/172-000-Pirated-Software-Fine-78476.shtml
this is what I show to people who ask me for pirate stuff in the company.
Well, or maybe not. /. is made of people like you, too.
Remember that
And like the guy who posted the Ask Slashdot, who probably doesn't care a lot for free software, or he wouldn't make that question.
And some of us are free software advocates (or zealots).
None of those groups think we are entitled to things for free.
_I_ refuse to run non-free software for other reasons. I don't like dealing with licensing and support budgets, and I think proprietary software tends to need support contracts, in my area. Free software is easier to support in house.
Unauthorized copies are a even more of a PITA for support.
You are a manager, CYA is not an option for managers.
BSA lawyers are unlikely to come to your door. At 300 USD/hour, those who pay them, prefer that they send a letter first. Not a nice letter - I have read one a few years ago - that must be handled by the company lawyers. If that happens you will have to bargain with them (which they will do).
Before that happens, please realize that for obvious cost and speed reasons, software vendors prefer that you negotiate a settlement with their sales guys rather than through their lawyers. If you need their software, give them a call directly and you may actually end up paying less than if you had to buy everything from the catalog. Oracle has run "operations" like this, usually close to their financial year end (end of May) to help meet their sales targets.
Finally, if this had to go to court, an important factor (not sure in the US though) would be to show that you/the management honestly tried to immediately do something to fix the issue when you became aware of it.
So talk to your boss, do something and make sure you write emails about it.
Arrgh, matey. Yer bloomin' semanticky pratter blister'd me ears. Dan'l Webster be damned! Software piracy be piracy!
Avast!
This is one of those things where you're going to find rough going regardless of which way you go. It really depends on the people above you. If the problem is as bad as you suspect, your higher-ups are going to have a cow when you tell them how much it's going to cost to fix the problem, but after that they're either going to understand that this is necessary and look for a solution, or they're going to turn into Slimy McShysterpants and look for a way out. Which will involve telling you to ignore the problem to some extent, and selling you out if and when the time comes.
The critical thing here is that you can't waiver on this one. You can get all the CYA's in the world but if you continue to let this go on, even through inaction, it will have consequences down the road if the situation ever blows up.
"So Mr. Jones, I see you worked at Company X for 5 years until they...went out of business after being sued by the BSA?"
"Yeah they were using all kinds of illegal software, I told them it was wrong when I hired in but they didn't want to spend the money to fix it, so I just ignored the problem for the next 4 years 364 days."
"OK, well thanks for coming in, we'll let you know when we make our decision."
People need to stop using the pirated software, or they need to get licensed as soon as humanly possible. Likely you can't solve this problem overnight but make it clear to management that this is job #1 until the problem is solved. No "OK we'll only use it until the next fiscal year when we can afford X" or "We'll ignore the OS pirates since we'll eventually replace the computers anyway"; if you're complicit in this in any way, you're risking yourself.
Yeah people are going to get mad, quite possibly management themselves, but remind them that you're not responsible for this time bomb. No one likes to be "that guy" but now is not the time to play office politics; blame your predecessor (for what he actually did, don't make up stuff of course), and don't hold any punches. They can either choose to address the problem, or choose to find themselves another IT guy. It sucks to have to put your job on the line, especially in this economy, and the fact that in reality the company could roll like this for another 20 years without anyone the wiser, but if something like this comes back to bite you, it's going to bite hard.
I heard somewhere that you could collect a bounty for blowing the whistle. I'm thinking it'd be difficult to re-employ afterwards, though. Probably the best personal decision would be to get the heck out of there. That's a tough decision in a down economy, but it may be a decision between being unemployed for awhile, or getting into serious legal difficulty.
I run into this often to a much smaller extent. I do administration for individuals and small businesses, sometimes pro-bono or in exchange for other services (carpentry, automotive, housecleaning). I rely heavily on free tools because invariably these people can barely afford a legit copy of whatever OS they're running (if it has to be Winders).
I'm very alarmed at how many of these machines have illegal copies of Winders, various antivirus packages, small business applications. The owner usually has no media or license certificate and no idea where the software came from. In some cases I've traced this back to local system builders who are apparently decreasing their overhead by cloning applications. In one case, for a remote customer who's hard drive had blown out, I bought an OEM copy of Windows XP to replace the illegal copy she had been running, along with the replacement hard drive, and mailed it to her. I had intended to talk her through installing the drive and OS, but instead she took the computer and the media to the same local shop she had originally dealt with. They charged her about half the license cost to install it, and not only didn't install the copy I bought, (installing their "in-house" copy of Winders instead) but also kept the media I had sent her. And I could not convince her that this was a bad thing.
This isn't just one shop. I have customers in Oregon, California and Nevada, and all of them had unlicensed software installed at one time on their machine by a local shop. I had an (unsuccessful) argument just the other night with a customer in southern Oregon, that she should uninstall her "mystery" copy of Symantec antivirus and switch to a free antivirus that will at least not get her into trouble.
I'm hoping that keeping records, including emails, and choosing to disengage when I can't convince the customer to come clean, will keep me from becoming collateral damage.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
In my best Ballmer the Monkey boy voice--
"DOCUMENT DOCUMENT DOCUMENT "
"DOCUMENT DOCUMENT DOCUMENT "
added to appeased the filter gods - yes I know all caps are like yelling thats why i used them silly filter.
aaaaaaaa
aaaaaaaa
aaaaaaaaa
aaaaaaa
aaaaaa
--MikeW
"Don't tread water next to a sinking ship, it eventually goes down"
It's all about RTFM.
Blue-Collar Man: Excuse me. I don't mean to interrupt, but what were you talking about?
Randal: The ending of Return of the Jedi.
Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
Randal: Like when?
Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
Dante: Whose house was it?
Blue-Collar Man: Dominick Bambino's.
Randal: "Babyface" Bambino? The gangster?
Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
Dante: Based on personal politics.
Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
Randal: No way!
Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.
Set the bar high, then bring a tall ladder.
including the conversations you have regarding your findings and the solutions you're offering.
You, sir, has just revealed the fastest way to get canned. I'm not saying it is the wrong thing to do, but I really believe his boss would not appreciate having his words written to stone by an employee. He may even see this as blackmail or something, which would make the case much much worse.
I've actually been in this situation. You tell 'em, one disgruntled employee making one phone call will cost your business millions of dollars. Show them an example (I used an example that was pretty much exactly their setup, ending up costing over $2 million in fines). Then tell them how you want to fix this situation, not make phone calls.
You still think they are going to can you? Not unless you work for the Sicilian Mafia, and in that case you still aren't going to get canned, you're going to get cement overshoes.
A friend of mine lost their job in one of the legion of small, hopelessly underfunded tech companies because of the bad blood generated when she refused to use stolen software.
She tried to be constructive about it, finding and using FOSS alternatives, but overall she just got the rep of "not a team player".
I am proud of how she acted. Essentially, small, ridiculously in debt tech companies should use FOSS and be happy it's out there.
In retrospect it was just a litmous test of the bad management at the company. I don't see that company succeeding, more on the basis of how they treat honest and creative employees, than on their level of honesty vs financial desperation.
Where are we going and why are we in a handbasket?
1. You can ask your managers for a disclaimer. They will look at you like you are from Neptune, fire you, and wait for the problem to fix itself.
2. You can tell the BSA and cash the reward.
3. You can do nothing and wait for the BSA to impose a mind boggling fine on you. If that happens, there is 100% chance that the upper management denies any knowledge about it.
Choose one.
Yes, I am a lawyer. No, I am not your lawyer. So don't rely on this as legal advice yada yada. But I do have several thoughts from an in-house counsel prospective that might be of help.
1. Avoid putting anything in writing prematurely.
As an in-house counsel, I would much prefer you to come and speak with me prior to putting anything in writing. If you come see me, I can address the issue in the way that makes the most sense from the company perspective. I'm sure management would similarly prefer being verbally informed prior to your putting things in writing.
2. If you do put something in writing, include an attorney on the distribution list.
Generally, letters or emails to the company's attorneys are presumed to be confidential -- particularly if you put ***ATTORNEY CLIENT COMMUNICATION *** in big letters across the top (don't laugh -- I do this all time, even if it seems silly). Should you ever get sued, it would be unlikely that the opposing party would be able to get access to that document. Your management should appreciate the fact that you are looking out for the company by insulating them from potential discovery.
3. If you do put something in writing, stick to the facts.
If you find yourself in the position of being required to document a potential problem (particularly where an attorney isn't available), don't draw conclusions that could be used against the company in any written document. Simply report your findings in straightforward boring terms. Don't speculate about how much trouble the company is in. Do not use words like "pirating" or "stealing." Use words like "may" or "might". Stating in any memo that "thus far I have been unable to locate the appropriate licenses" is very different than saying "we are pirating software."
4. Always leave yourself an out and don't put management on the spot.
A key part of any cya letter is -- well -- covering your ass. You do not want to get fired over something like this. So include an open ended aspect to any letter you write. Say something like "my investigation is continuing, but the preliminary results indicate...." This gives management a chance to come to grips with the idea that what they thought was their bonus fund is instead heading to Redmond. As a last resort, it also gives you the opportunity to revise your attitude should it become necessary to save your job (at least long enough to find a new one).
5. You are not an avenging copyright angel.
This is tricky. You really have only a couple options if you are ignored by your immediate management. At my company, we have an internal compliance hotline as well as in-house auditor and access to the audit committee of the board of directors. Obviously, these avenues are not always available at smaller companies. Just remember that management has every right (and even the obligation) to do what they think is in the best interest of the company. If you report a potential copyright/licensing problem to the right people, and they conclude that it is in the best interest of shareholders to take no action, that's okay. In my view, you have fulfilled your responsibility to bring the issue to their attention. You can only do so much.
Tough situation -- but be a responsible employee, and I'm sure you can weather the storm. Good luck.
1. Use group policy to manage your machines. Make sure that your users don't have install/admin privileges on their machines (this will solve many other issues as well).
2. Any time the computer needs to be replaced or re-imaged (this might be more necessary than not, if you catch my drift), give them a clean image without the pirated software.
3. Feel free to install any software where the legit install discs and license can be reproduced. If said software is owned by the company, it's your job as the IT Manager to keep it under lock and key (and backed up as necessary).
4. If there are complaints, explain to them the legal situation. If the don't like it, point them to your purchasing office or legal department.
I have a pretty flexible morality when it comes to software for my personal use. As soon as it is software that is used for 'business' then I'm a lot more rigid. When I administered a site license I kept very detailed records of who had access and what PCs it was installed on.
I honestly didn't care about liability or legal matters at all. What I was doing was enforcing MY personal opinion on the matter. If the software is being used to generate profits or to provide a service to a business then it should be bought and paid for. If it is for personal use then I'll pay on a case-by-case basis.
If you do care about legal matters then you MUST have direct orders from your superior to install this software despite the unclear status of the licenses. By the way, if you ask "should I illegally install this software" and they say yes that is not necessarily going to help you. You'll want to phrase it more carefully like so "Since I'm new I'm unclear about the licensing status--can you assure me it is bought and paid for and to go ahead and install it for anyone who asks?" Something like that should cover you pretty well.
Create the excel spreadsheet that keeps track of what you own, what its serial numbers are, and for how long the license runs, how many licenses you have, and projected cost. Claim it's for budgeting. That way, no one will fuck with you; they'll be forced to recognize it as legitimate and in doing so, be urged toward software legitimacy.
It's like ISO 9002 in fragmentary form.
Futurist Traditionalism
You are new to the company (apparently), and you have discovered that licensing is out of compliance. Use this as leverage (with the BSA as the threat) to get whatever you want.
It's the American Way (which is being exported to every other country on earth as we speak, so don't worry if you're a foreigner).
When the BSA audit comes, many management types will try to make a scapegoat of the IT guy, but in 100% of all cases I've known about, the BSA ignores the IT guy and goes straight for jugular veins of the upper management. Especially when it is an obvious case of a newly hired IT guy being dropped into hornet's nest of pirated software deployment. The BSA is bright enough to check the IT guy's hire date, and the datestamps that the software was installed on the computers.
What you need to do is work with the finance person to find out how many (if any) software package was purchased. Then a copy the world memo to all management letting them know there is a big issue.
Might want to polish up your resume. If they dont have a plan to address I would find another place to work.
Just grab your closest linux disk and fix them right up.
But me,
I would find all the pirated software. Copy it. Install it on everyones computer, make copies to use at home, give it to my friends, and sell it on ebay. And then install Linux. Nothing better than pirated software.
"yo ho me matey"
Comment removed based on user account deletion
If they don't want to comply, keep pushing for it--it IS your job. If they threaten to fire you, be sure to mention that they'd be firing you for refusing to do something illegal. IANAL and I don't know where you live, but 'round these parts an employer can't fire you for refusing to do something that turns out to be illegal.
If they do, you got TWO kinds of law to bring down on 'em! Copyright laws and certain labour laws that hopefully exist in your area. No company in their right mind would want that kind of mess.
I've developed software for several companies over the last 15 years. You would be hard pressed to find a developer that doesn't have a piece of pirated software installed. Especially if it's a laptop that's taken home. Two of the companies actually had to pay after being busted for using pirated software.
Torrents? Back in the day, we used _floppies_ to move our pirated software between machines, and spread our viruses the old-fashioned way...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
We've got our own titles for the job. So surrender the booty....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
All the companies that I know of offer an "evaluation" option even if they don't outright say that they do on their website. Most of them can even generate full license keys that are valid for something like 30 days. You just have to ask.
Comment removed based on user account deletion
If you're stumbling on this stuff and reporting it to upper management as you go, you're going to piss off everyone as they think you're just nickel and diming them to death. If you have been doing this piecemeal, announce immediately that you are going to do a complete audit to see where you are and then you'll work with them to decide as to how and when to update your licenses as to minimize risk while becoming legal. You'll be surprised how much better a controlled process will go over rather than the random crap you've been shotgunning them with.
That is all.
1 do a full audit of every machine in the company (first thing you need to buy is a company copy of Belarc Advisor or similar)
2 list out the software in use and then match actual purchased keys to whats on the machines
3 the really icky part buy licenses for everything in use that doesn't have a valid documented key or have that program not make it past your next Nuke And Pave cycle
4 backup all of the data on the computers and then do a Nuke And Pave on all systems
5 get a Boss+++++++ commit on a Valid License or It Gets Nuked policy
Any person using FTFY or editing my postings agrees to a US$50.00 charge
I've ran into this before, and in that case, I converted them to FOSS...
I refuse to just magically find software for work - I don't care to be responsible for that. I can lay hands on legitimate copies for all of the software I know about. However, I've noticed at various times that when I inventory a computer to fix a virus, or some other problem that other software might have been added by someone else. And I tend to make people angry because when I discover that, I remove it as part of my clean up of that system.
I should have replied to your post rather than post next to it. Now I'm in the Slashdot loophole where some people think it's funny and some think it's redundant, so I can lose unlimited karma!
First of all, you really should have posed this more hypothetically.
If your management is willing to entertain a plan to get legal, try it. You took the job for a reason, so try to stick with it. If turning your company into a FOSS shop is the worst thing about your job, you should feel lucky.
If you are unsure about the licensing situation, and you don't want to be associated with any potential illegal activity, then leave. Alternatively, you can be an upstanding citizen and put in all the extra time and effort to get legal. That's a stretch, but if management is willing to back you on it, it might be a good approach.
If, however, you have hard evidence of deliberate illegal activity, and you have exhausted internal avenues for changing it, you do have a responsibility to report it. This is a last resort, but a necessary one. First of all, you don't want your career tainted by a scandal that you wanted nothing to do with in the first place. Second, the big evil software giants are not the only ones to suffer from piracy. FOSS suffers from a lost user base in what is generally its target market. Small software vendors suffer, as they often can't compete with "free" versions of the giants' software. Your business' integrity suffers. Your department's integrity suffers. If you go along with it, your integrity suffers. It's a bad situation for everyone. After you report it, reassess. Did management change after a wakeup call? Odds are, you'll want to leave, but sometimes management surprises you (albeit not often).
Simply leaving does nobody any good. They'll find some other sucker to distribute the pirated software until they leave. Eventually, they might get the idea, or they might not. Grow some courage and do what needs to be done. Then, if it's a bad environment, leave. Don't just throw up your arms when there is a difficult situation. Leave after you have given it your absolute best shot.
As yet another IT person who has been in this situation, I can say that BSA was pretty much worthless in my experience. When I was fired (mainly because of the noise I was making about unlicensed software) I tried to hand the company over to BSA on a silver platter and they were worthless. They just seemed totally incompentent and knew less about software licensing than the company I was working for. Of course that was a long time ago so I'm sure things are better these days. The bigger issue is the big suprise during an audit when the company is going public or trying to be sold. One place I worked ended up paying about $50,000 for software licensing when they tried to go public. And they were not even trying to pirate on purpose. If management really doesn't care about becoming legit, it's time to start looking for a new job. In my case, I ended up getting fired but I really should have started looking for a new job the day that they asked me to install the first unlicensed software. If that's the way they do business, they will take liberties with employees the same way they take liberties with software.
1) Run an inventory of all the legal/illegal software that you have
2) Document what you would need (in terms of money/time) to purchase/install legal software
3) Present this to your manager. Explain to him/her the advantages and disadvantages of using legal software vs illegal software
4) Explain to him/her that since you do not own any illegal software you will not be able to do things such as properly patch/udpate software (leaving vulnerabilities open). You will not be able to reinstall if someones computer gets screwed - leaving them unable to do their work.
5) Make sure they are aware of what could happen if they get busted- which is very well possible since a lot of software reports itself to the developer company.
hopefully your boss will listen and give you what you need. Conversely your boss may say "tough shit, and keep the ship running without costing me money". Then you will have to decide to either install pirated software or quit. If you quit remember you can whistle-blow.
I do not support "The Man". I also do not support your irrational stupidity
I would strongly recommend that you partner with your legal department in conducting an audit. They can tell you what to do in order to allow the company to keep the results of the audit confidential, even if you are sued. By partnering with the lawyers, you can conduct your inquiry while protecting the company.
I started in a company just like you did.. as the first permanent IT support.
Previous support was a mix of lowest-bid contractors, non-techie employees, and "friends who knew stuff". It's not that the company actively sought out pirated warez, but if a contractor installed some PC's, either they used their own reseller licence or the docs dissapeared.
The first problems I found with licencing was that there was no documentation. There was no proof of purchase, no storage for original media and licence keys.
1. Make a plan for software purchasing and upkeep. Get it approved as company policy.
A. Organize past purchases. Get all previous receipts, order confirmations, and work orders. You can call some hardware vendors like dell and request purchase histories. Lock up install software.
B. Install a software inventory tool. (I went with a paid product - LOGINventory, I didnt like the foss solution) These are VERY helpful because you can verify packages, versions, serial numbers, licence keys, and patches.
C. Make it company policy that you will be the gateway for all hardware and software purchases and installations. File all new records of purchases, contracts, and work orders.
D. Remove admin rights from users on company PC's. This was politically hard for me. Be prepared for 'but I need that video player installed'.
Once you know exactly what you have you can sit down with your executives and discuss. You may not be able to attain compliance immediately, just make sure that is the goal.
I implemented compliance by attrition. New PC's were purchased with proper licenses. Unneeded software was removed or replaced by free/low cost solutions. Our exchange server was upgraded to the latest version. Our web server was replaced with a linux lamp.
More advice: Learn the company business as best you can. Take an active roll in starting projects that will save money, make money or entice or retain customers. That is how you become an asset not a burden.
oldhack: "Security is a waste of money until shit hits the fan. 5 minutes later, it becomes waste of money again. "
If the company is large enough, they likely have a plethora of company guidelines, procedures, and assorted rules that all employees must abide by. It's worth your time to read through those, particularly the software handling documentation. Should they have something in there about "under no circumstances shall software be installed without a valid license", you can say you're following company procedures on top of following licensing laws (which managers may not get anyway). As the IT person, it's now your responsibility to ensure compliance with all laws as well as any of the company policies, and make sure that all employees understand them.
Beyond that, it should be a matter as others have posted. See what licenses you can find, see what isn't licensed, offer options (OSS or buy the stupid thing).
One more word of advice, have your story straight and be ready to answer any and all questions when you talk to management. A friend years ago told me this "#1 rule of work, keep your immediate supervisor happy, rule #2 is keep your immediate supervisors manager happy". Make sure to keep boss #1 and #2 in the loop about what it is you're doing, particularly any updates you get by talking to software vendors.
I've been in the tech support business for 11 years, and here is my policy with customers when I find myself in a similar situation. I changed jobs recently and I made sure my new employers were OK with it beforehand.
If the software is already installed and working, I work with it as it is. If I have to actively support software that is clearly unlicensed, I will mention it to the customer and notify them that I cannot support it properly. I won't reinstall or update the software.
If I am asked to install software, I will make sure the customer has a proper license or original media to do the installation. I will not install it on more systems than the customer can prove he has licenses for.
If the customer asks me to administer his network, and not just do spot jobs, the matter is different and closer to your situation. I'll complete a check of licenses used and paid for and deliver a report on licensing making suggestions. Those usually include: getting up to speed on everything, buying licenses as things go and systems are being replaced, or going with OSS.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
...if you get audited and delete it all without remorse.
If your management won't support you on this you need to find another job.
It is perfectly sensible to evaluate something before you commit to using it in production, but if a company is unwilling to let you evaluate their products properly then they don't really deserve the sale.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
You are the IT Manager, it's your job to fix this. I hate software licenses as much as the next guy but being complicit in criminal behavior is not an option.
I would do the following:
1) Make a list of all the software you need. Ask all the users what they need so you can pass the buck back to them when you miss something they never told you about.
2) Make a nice sheet in excel, wiki, or whatever detailing what licenses you have and what licenses you need.
3) Buy the software or replace it with OSS. Normally buying the same tool causes less resistance but money might be tight. Tell the users it's an upgrade, throw in a bit more RAM, and tell the users something about upgrading 'the network'. They will at least think they are getting something out of this.
4) Profit! Assuming you don't get sacked for causing too much nuisance send your full reports to management and look like a hero. Even bad management love it when you give them a list of problems they no longer have.
Always keep clear records. If the BSA ( or whoever ) do turn up management will blame you in a heartbeat and you will need every scrap of evidence to prove you, and your company, are doing the right thing.
I tend to use the car analogy when presented with that situation. If I get pushback from management on being legal, I suggest they start using stolen vehicles for company use as that is cheaper as well. It's really no different as far as I'm concerned.
I don't think I've ever seen a piece of commercial software that does not have at least have full-feature demo that is time-limited. Even if they don't have it on the website, you can normally contact the sales department for a trial key and a download link.
You can usually guarantee that if there isn't a full-featured trial, then the software is probably not all its cracked up to be.
Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
That's an excellent point. Unfortunately, the best tool for the job may have awful marketing. To be completely honest (and in support of your point), I can't think of a software product that I've had to pirate in this fashion for a number of years - though that may be because I've tended toward open source solutions recently. I think the last one I pirated was Mathematica, because it had this retarded demo that wouldn't let you save your work.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I just install a few ninja programs to fight them off.
I do freelance IT along with other repair work for a handful of small businesses in a small town, who can't afford their own IT but need someone to hold their hands when something breaks or they need to upgrade. More often than not, I'll find unlicensed software on their computers of one source or another and most are fairly understanding when I explain to them what the situation is (half don't know what they've got installed, usually done by someone employee's college aged kids). The clients that are the worst offenders, though, are the people who should really know better: lawyers. Not only are the technology masters (at least they seem to think so, even though they're calling for help) but they have been the most difficult when I inform them that I won't help them violate their software licenses. You would think that people who are supposed to be well versed in the law would be understanding of my desire not to have some corporate lawyer unhinge his jaw and swallow my company whole, but that doesn't seem to enter their minds. When I'm faced with a similar situation to yours, I usually inform them that what they do when I'm not there is not my concern, but that I cannot help them break the law or offer support for their unlicensed software. I try to be polite as possible, but I have lost clients business because I refused to help them break the law. We do warranty and insurance work and I can't tell you how many times we've had someone in our shop yelling about how we were such a terrible repair shop because we wouldn't help them defraud their equipment manufacturer or insurance company.
From my personal experience don't piss off upper management with software issues. I used to work for THQ Inc, I complained one day that we didn't have temp monitoring software and management flipped out. I also went to them to mention that we had illegal versions of FRAPS sitting around on shares and most PC testers had this installed. The worst thing was my buddy who had to reinstall Windows Vista all the time because they didn't have legitimate keys to give out and the discs handed to us were always burned. I was fired for mentioning such a thing, it a decision of standing up and doing the right thing or letting them get away with it because you will lose your job.
live in the real world.
People who 'whistle blow'
are thrown under the bus.
If you need your job you only 'whistle blow'
for criminal IE: capital murder massive fraud, Maddof type behavior, psychopathic behavior.
You don't 'whistle blow' a 300 dollar software license.
Excellent question, I had a similar issue where I was at one time. 1) Talk to the person that can make a difference, privately. Tell him this is between you and him for now, but you will report it if it continues. 2) Estimate a cost to get legal, and 3) work out a reasonably deadline before you call it in. Most importantly, 4) Keep your options open for new work, should you get let go because of this. They may decide to trade your salary for program licenses!
I did everything except #3 and... it never happened. Of course the whole thing was never done out of criminal intent, more likely, just a make-do situation, they INTENDED to get legal... eventually. It just took low priority compared to blackberrys for the execs. What you need to do is bump it up the priority scale for them.
Would be to make more copies :)
Seriously tho, take inventory, get management support, and start buying licenses or yank software.
---- Booth was a patriot ----
Now that you put it on here, BSA will be knocking on your door any time now.... So if I were you I would talk to everyone and tell them, buy more license or else company will be busted.
...Especially those from Autodesk, Adobe, and Microsoft!
The software activation complexity and compatibility issues make those three companies products worthless as shipped. I view the pirated product as having added value for our company when compared to the activation challenges the others pose.
We're generally compliant with the number of software licenses in the office, but there might be a few things off here or there. I'll even go so far as to say that we deliberately "kite" licenses periodically to match purchases of major software to payment rather than workload. Honestly, that is the best we can do and still run a business.
Now, when it comes to blatant "piracy", that is another matter, but software makers need to keep things easy enough to be compliant that you avoid the slippery slope.
And, as for the implied taunt to the BSA, this all may reflect actual or imaginary companies, software, and policies. Nothing written here is an admission of guilt or implied condoning of such actions.
You're over reacting. Employees are not legally liable for corporate piracy.
Both your and the preceding poster suggest that as an employee or contractor, you could somehow be personally, legally liable if the company's piracy were to be reported. Why do you believe this?
I can't recall a single case of a mere employee (or contractor) getting in legal trouble for following a boss's orders to pirate software. In my long recollection of software piracy, the only US criminal prosecutions I can remember have been against those that have sold pirated software to others.
When it comes to civil suits for piracy, the BSA and others sue business, not employees or contractors.
In the real world, the worst repercussion an employee 'might' face would be job loss. I have not heard of a single instance of an employee (or contractor) getting into legal trouble for installing pirated software.
My recommendation for anyone in this situation is to do what I've done. Keep their head down and install whatever the boss man says. You won't be sued, you cannot be prosecuted. I don't condone piracy, I just 'slowly' influence the higher ups to get legal. The key word is slow. I don't threaten to resign, I don't 'stand my ground', I just point out the benefits of getting legal, then suggest the budget start to account for this. A boss is a lot more likely to respond to the slow ask than the overly wrought demand.
And if at some future date the company treats you badly or fires you, wait 3 months, then report them to the BSA. The wait is to make sure the smoking gun isn't pointing directly at you. They will doubtless have fired someone in the interim, and of course, they'll still have lots of pirated software.
Very insightful. Sometimes, I wonder if all the EULA and licensing demands are even upholdable in court. Yes, Singapore makes illegal software in corporate environments a criminal offence, where executives can land in jail in the worst scenario. However, I wonder how much of the law changes were lobbied by large software companies and vendors.
A good licensing agreement will do more than just "make you legit" it will also give you access to new software if you purchase software assurance. The Co. I work for has an Agreement with MS for Office, Server, Exchange, as well as the necessary CAL's. As new versions are released and your software assurance is still active you get "Free" upgrades.
Every piece of software that is not crazy expensive (100k$+) is open source or free as in beer. Or it is subscription service software
Expensive:
Oracle
Business Objects
GreatPlains and a ton off addons
Lotus Domino/Notes
Subscription services:
Postini
The rest... all OS.
Nagios
Apache / Linux / Tomcat
Centos
SmokePing
MRTG / Cacti
Firefox
The expensive software, I get reminded annually that I "own" it when they hit me up for their annual renewals.
The rest, I just dont have to worry about.
Quit, and then call the BSA.
They won't go for it if they have a few thousand dollars in illegal software--some head honcho will be 'annoyed' that you are reporting it.
Stop being so lame. Everyone knows what he means my "pirated programs". Let's save the silly semantic arguments for the people that say that his company is STEALING from Microsoft.
Idiot. You're probably the same guy that pretends to be Bruce Perens.
[FUCK BETA]
Tell those socialist pricks that once upon a time, the US was capitalist; and so if you wanted something, you had to pay for it. Now that we have Obama in office though, they could ask him to bail them out by buying the licenses for you paid for by the rest of us.
Wait...is this the rant channel?
I ran a script at network login to inventory all the software and hardware on the systems once a week. I could diff all the reports from week to week to see what changed on every system. I created a report to show how far out of compliance we were and gave them a bunch of links to companies that had to pay out $100,000 per infringing copy. Then I budgeted $100 a month to bring us into compliance over a couple of years time.
Bottom Line in my experience:
Unless you document a polite/respectful "CYA" response to management and put the situation in their hands you will be held responsible if anything happens.
Chances are they will have no problem using you as scape goat to make problem go away if something does occur.
Also!!! If you are fired for refusing to do something illegal. Can't you sue the *&%^# out of that company? You cannot force someone to do something illegal even if you are their boss.
I've gone through very similar situations. I think the bigger question here isn't if you're going to get audited (as you likely won't), but how badly you need the job? In this economy your check might be more important than your need to legitimize the operation. What I've typically done is carried on business as usual, installing the pirated software when a necessity for business operations, until I got a full inventory of what was needed to purchase. Once I had that list I just started twiddling it down, sorta like debt. When we needed 1 license, I got 2 licenses instead -- you'd be amazed how easy you can get those POs signed. Depending on the size of the organization you can also consolidate your servers to cut down on licensing needs. Example, for a environment with 100 exchange users you could get away with that server also being a DNS/AD server -- not the most ideal, but it works and is cost effective. The other thing to do depending on the number of users and if you're a big Windows shop, get MS Select, or MS Open program. Open is usually good for smaller businesses. It allows you to get half-way legit with purchasing volume licensing, buying 10 licenses, install it on 20 PCs and buy 10 more licenses later. Software piracy isn't right, its illegal, but if you're not making money selling the software then its a threatening letter and demand to buy licenses. The people that get into trouble are the ones that ignore the scathing letter telling them they need to be in compliance after the audit. Contrary to popular belief Microsoft doesn't really give a crap if your company bought 100 copies of Windows -- they care about the guy who is pirating and selling them from China by the thousands. Most of the companies, Microsoft specifically, understand the circumstances -- and will even give discounts because of it sometimes.
Replace Norton Antivirus with AVG Free
I think AVG Free may not be used in a commercial environment (regardless who owns the PC/laptop). Overall good post, though.
Is that per machine? That sounds a little closer to me (but a touch high, maybe for 2 machines). Corporate liscensing is a lot more expensive than "personal editions." I know for where I work, per machine licenses are discouraged because of this, and we work to use "concurent liscensing." That doesn't make sense for small companies though.
I'm not this huge F/OSS guy, but I can say that you should be able to replace a bunch of "normal" business apps if your company is not yet profitable. If it's a charitable organization, there are a lot of software that is much closer to "personal" costs. Some of it is free.
Me? I would ask my last boss if he still has that spot open, while you submit your resume. You are doing the right thing, and if this company wants to grow, they'll need to grow legit too.
How much is your data worth? Back it up now.
The GP post to which I replied was that they wanted the ability to try the software before making a purchase.
TESTING being the key word.. for $349 they get to test the entire library
and then, when testing is complete- they buy a copy.
every day http://en.wikipedia.org/wiki/Special:Random
This way avoids the awkward situation in the case where the management doesn't really care or want to deal with the problem.
It's a freaking dream (or a nightmare if you did it) But I know what you meant.
If you take two weeks to replace a server(not a swap, but new solution), (I'm talking 80 man hours) you are not even close to testing enough scenarios. Change Control would ask what testing you did, and you'd reply w/ Well, the apps all "Looked" like they worked.
But unless your going to stop your users from working, enabling them to test all functionality of their software for two weeks, your trying to shove a VERY LARGE O PEG into a tiny [] hole.
How much is your data worth? Back it up now.
And avoid the spamming from the vendor for the next 8 years.
really?
accurately define good according to a criteria and seek it out.
Do what my boss did - keep a list of open source equivalents and tell them they're getting the early version of the 'upgrade' we're rolling out.
The company ended up not noticing they had an open source office - the previous guy actually rolled over to a BSA and they started an audit, and by the time it happened we only had two violations outstanding.
Pug
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
I'm not going to sort through the 600+ comments to see if someone else mentioned it, but in case nobody did:
http://spiceworks.com/
It's totally free, and can do an installed inventory of software on every machine on your network. That way you not only know when pirated stuff is installed, but you also are able to tell how many legal licenses are in use currently if, for example, a new person comes to the office and needs Photoshop installed.
Although, why your folks have the privileges to install software on their own computers is beyond me, unless they're developers.
I have also been lucky enough to have been in this situation, and I have found that a multi-pronged approach is best:
1.) Introduce FOSS solutions where ever, and when ever possible
2.) Don't install or otherwise handle pirated software and keygens, and tell them that is where most of your problems with viruses and security problems have come from, not to mention that dickering around license keys and key generators and cleaning up viruses is a huge waste of time and it is actually cheaper to just buy the license, especially when you put it in terms of your time to get the illegal version running. If you are a contractor, break work out the cost of you installing a pirated version at say $100 per hour, getting the key gen + scanning the software + scanning their computer for viruses + install time + updates + time to get new keygen because the updates broke the install + the time they have to call you back because the install broke again because they installed the updates for a serious security flaw that can be exploited from the internet; or they can just buy office for $200 for non commercial (student/teacher) version or $300 - $400 for the commercial version, and prolly cheaper if they can get OEM copies if they buy/upgrade some hardware.
3.) Break down the cost of the software over the software's lifetime and the productivity of the employee, suddenly the cost of MS office doesn't seem so unreasonable any more.
I'm serious, they're not the government, they're not the police, they're a private company, where do they get the right to storm your offices and start poking around in your computers, counting up all your software licenses? I run a small IT shop and if they ever tried that shit on me, I'd tell them to go fuck themselves in no uncertain terms. Can I storm THEIR offices and have a look at all their computers? Or should I too expect to be told to go fuck myself?
Perhaps the answer to the problem of teenagers dropping bricks from motorway and railway bridges is to sue Tetris.
It does happen. I bought my new desktop last year at a no-name shop and it came with a bootleg copy of Windows XP Pro SP3 installed. Great system, though. I had a copy of Windows XP Pro anyway, but it was at least nice of them to make it easier for me (I activated it with my key).
Seriously? In this economy you're worried about your company pirating software? Just get the CYA letter like the first productive suggestions and enjoy your job, be it long-term or short-term, depending on how fast the spooky BSA finds out.
What are these license's that you talk of? Shall I check all my Ubuntu desktops have one?
Worse still, you can fork over what they think you owe them OR when you do get audited your business grinds to a halt. Certainly a little publicised downside to the closed source model.
My ism, it's full of beliefs.
I know like 50 other people have said "FOSS" but yeah. The "free" is as in "freedom" but ALSO free of cost, which in a situation like this is a big motivator. In general, I would make sure the licenses are legal for any specialized software, and get them to put in as much free software as possible for the rest. Let them know they ARE going to have to pay for it, it won't just appear for free. And do let them know about groups like the BSA, so they know that it's NOT risk-free to just keep using pirated software.
Since this is a small company, the odds are high they can use OpenOffice, some desktops you may even be able to run Ubuntu on them. While deciding Linux or Windows, don't forget about antivirus -- they probably have like AVG Free or similar on every box, the "free" versions of most antivirus software is explicitly NOT for business use. I would use a samba server if the Windows 2008 or whatever server is improperly licensed. You may get them fully legal at near 0 cost if they don't have too much specialized software.
Figure out what media and licenses they DO have and consolidate them, and also see what software each box has. Then you'll know how far out your company is. Then tell your bosses the results and the above info. Make sure they do not view this as you bringing about extra expenses, but rather you correcting mistakes of the previous IT guy. But don't dump on the previous IT guy too hard, the bosses won't want to view you as someone who dumps on ex and current employees either.
Explain the current situation to management. If they are unwilling to take the steps required to set things right, leave. Put it in writing as to why you are leaving, and leave. If they willing to steal software, you can bet your last dollar (or euro or pound or ...) that they'll be willing to use you as a scape goat if need be.
I was in a similar situation several years ago. I sleep well at night with a clear conscience. And yes, it did hit me financially.
10,000 is large and 100,000 is mid size???
OK I see the + after the 10,000 but still i'm confused.
Those who can, do.
This situation comes up whenever I get a new job in a company. I want to use MY software that has been configured by ME specifically to make ME more productive.
I've spent twenty years working in situations where one company uses WordBozo and another company uses BozoWord. In WordBozo the combination moves the cursor back one space and in BozoWord the same combination erases the hard disk. I've reached the point where I just assume that I am going to use the text editor that I know and trained my fingers to use the commands efficently regardless whatever the company uses for its 'official' word processor. I don't care. I'm not going to learn any new user interfaces for general-purpose software. Like text editors and graphics imaging/drawing programs.
So I discretely use MY software with MY user interface which makes ME productive. Which makes THEM money. And, to be quite frank and honest, at this point I don't give a F*** about what any software lawyer, BSA flack, or IT manager thinks about it. If they can't change the user interface of THEIR software to fit the commands that MY fingers have memorized, then that is their problem, not MINE.
If your software doesn't have a customizable user interface, then it's junk and you shouldn't be selling it. It's not professional by 21st century standards.
So I discretely bring MY productivity software to work, whereever I work, on flash drives. And I discretely use it. And I remain productive. Which is what really matters in the 21st century with its self-destructive economy.
All software lawyers are fools because they don't accept this situation. Any IT manager that doesn't accept this situation is a fool also.
And, why work for fools???
If ya don't like livin the real world and insist on bein a snitch for the hawgopolists, then quit. Just walk to the boss and tell him that you are a worthless piece of shit and will rat him out at the first opportunity. Then you go to New Yoark shitty and put a placard on your back saying you hate black people and walk wit it down Lennox Avenue in Haarlem. By the way, tell the boss about every computer you touched so that he can clean up after your rat out jobs before he fires your worthless ass and throws you out on the sidewalk like ya deserve.
I have also had to deal with firms that have pirated software.
Most do not understand the issue until it is explained to them and squawk a bit when they know the costs of fixing it but ultimately do the right thing either by replacing pirate software with FOSS or by purchasing the appropriate licenses.
When this doesn't occur it has been my experience that they are cheating in other areas of business, ie doing dodgy things with accounts and safety standards, etc. I would serious reconsider working for them either as an employee or as a contractor because it will be there intent to rip you off where they can. It seems to be the same mentality.
You have been hired to fill a new position and you see your responsibility as covering the licensing of software. Is that really your charter? If you can drive the idea that you can only work with company property, then you immediately presage any direct involvement with such extra-ware.
I'd say have a talk with your attorney because you have already committed to something. Saying your are the "IT Manager" really doesn't help us much. Being the first IT Guy, well, are there more than just you? I think you see the obvious question here.
Every computer-using company faces the same issue. So long as users can install software they will (prev. it guy not withstanding) and you cannot be responsible for misuse of company property by others than yourself. You need to drive the compromise that a list of software is supported by you and there is an as-needed channel and that you need a budget for supported softare.
And talk to a layer....
I had this experience 20(!) years ago and here is what I did. Our CFO asked me why we didn't just buy one copy of WordPerfect and install it on their 50 machines. I answered that WordPerfect Corp. was just across San Francisco Bay, that I knew staff there, and that while we would never rat them out, others might, resulting in their paying big bucks damages. They bought a copy for each computer, instead.
The term "pirates" to describe those who infringe copyright predates the personal computer. It even predates fucking electricity.
So how about you get your facts straight and stop complaining about how the language makes downloading free shit look worse than you feel it should be?
3laws: No freebies, no backsies, GTFO.
1. Always put everything in writing to all people you talk to. It creates the Audit Trail that CYA.
2. Have a plan to get things into compliance NOW AND Keep it in compliance in the future!!!
You want to be able to advise them that even if your not there that anyone who comes in can find out what software you have and what you dont have and what is recommended to use and where to find it... You dont want to through a bill for $50k in there face with the thought that they may need to fork this out every 5-10 years... Give them a set in stone methodology for overcoming these problems in the future.
I'm currently fixing a mess similar to this, to save costs, I have looked at opensource solutions, luckily we clean up a lot of bad software, some of it being virus-ridden.
I'm the IT guy that installs the pirated programs.. my bosses are happier cause I save them money, and I get more in return.
If you are placed in a position where the upper management doesn't support you then you need to find anothr company.
The problem is they think IT is fast food. You got to pay to play and if they aren't willing to buy legit software then you need to find another company to work for.
I worked at a former company for 1 week because the higher ups didn't want to spend money on servers or software and expected things to be running.
When I asked the JR Network Admin if there was a budget for IT he said "man don;t aks these guys for money to buy anything".
I turned in my resignation a week later.
The company I now work for has no problems spending money if it's needed, otherwise I use open source. We are about 50/50 on servers.
How refreshing it is to work in a company where every piece of software is legit and machines are locked down to prevent the installation of software.
Replace it all with Red Hat Enterprise Linux, L.A.M.P, Openoffice.Org (also opens Microsoft files) and that's mostly it. ZOMG REPLACE IT ALL WITH OSS!
1 word
LINUX!
installing software you don't own is copyright infringement. Piracy is dressing like Johnny Depp.
Piracy is a centuries-old term for breach of copyright. Daniel Defoe acknoweldged it in 1703.
from http://www.luminarium.org/editions/trueborn.htm
Why else you think they hire you bro? So there's someone to take the load. :) I would say get the hell outta there if they get mad at you for doing your job.
2. If you do put something in writing, include an attorney on the distribution list
The intent here is to basically use the attorney client privilege to hide evidence from a plaintiff. Isn't that a total violation of the spirit of discovery and a judicial process?
Don't speculate about how much trouble the company is in. Do not use words like "pirating" or "stealing." Use words like "may" or "might"
Again, if the software is not licensed, its pirated. That's usually how it works. If he feels that piracy is taking place, he should call it for what it is. That's the right thing to do. IF the management doesn't do it, then they are breaking the law and should be turned into the BSA.
f you report a potential copyright/licensing problem to the right people, and they conclude that it is in the best interest of shareholders to take no action, that's okay. In my view, you have fulfilled your responsibility to bring the issue to their attention. You can only do so much.
Isn't this wrong? I mean, "I wrote a note that kinda said that there was a problem, and so I'm off the moral hook".
Why is it too much to ask that corporate heads follow the law? If they want to use Office or Windows Server, then they should pay for it. That's pretty clear cut. If they do not want to pay for it, then they should consider an open source alternative.
Allowing pervasive theft of any kind, and demanding that employees misrepresent the truth, completely undermines our culture. You can't demand that people lie to keep their jobs, particularly when it comes to following the law.
This is my sig.
After you know what you are talking about, you need to bring this to management's attention in writing. CC all of the top managers and VPs. They will have to deal with it. I was convinced I would be fired, possibly tarred and feathered in the past for doing this but I wasn't. Instead I was put in charge of fixing it. It's a tough job. Every machine needs to be accounted for and everything on that machine has to be accounted for. Even freeware. This is so you can say you have a complete accounting. Get a drawer, folders and label them like Microsoft, Free Software Foundation, BSD, things like that. Print out or put their provided copy of their licenses in the folder. The database you make will refer to these folders. Finally, print it out at least once a year and put with the printed licenses. There is nothing like losing your database!
Finally, if something isn't licensed you must either remove it or purchase a license. In cases where the company doesn't exist anymore, consult a lawyer for advice. If you don't account for all the software (purchase license, remove it, do something), that is a liability. Criminal liability actually. The manager (not you unless you are the manager) could go to jail. There are also civil liabilities that you already seem to know about. This may make you unpopular but someone has to do it. Be prepared to be compared to Hitler and other Nazis. Godwins law may help there.
Good luck.
First, I'm from Canada where AFAIK the company or owner(s) would be responsible for infringing software. Second, IANAL, Canadian or otherwise, so you might want to check w/ one.
Now then, what you seem most worried about is your own legal culpability, not the fact that there is pirated software, which is an easier task to deal with than the technical aspect in some ways.
1) Write an internal memo to management addressing your concerns, outlining the risks associated with not complying w/ software licenses, etc. Include a rough inventory of infringing software, the approximate cost of said software, and the estimated cost to the company if they are pursued for damages.
2) Send yourself a copy by registered mail. Put it on a shelf, or better yet, in a small fire safe or safe deposit box. To be really thorough, send 2, and keep them in separate locations.
3) If you get a response to just ignore it, keep it. If it's to deal with it properly, then you're pretty much golden.
Either way, keep the response. Possibly send yourself a printout by registered mail as in step 2.
4) IF the crap ever hits the fan, you have 2 documents which cover you. The dated and sealed envelopes from registered mail are considered legally admissable, so if there's any finger pointing in your direction, you should be able to deflect it handily.
Note: If management changes you may want to redo this process.
--Not to be worried, Pitr fix.
I went on a Pirate Program at work. They sent me to the Caribbean where I learned to drink rum, bury doubloons, walk the plank and carry a parrot on my shoulder. Best training I ever did - what a week! Every merchant banker needs to do this.
here's a simple plan 1. inventory all software that you have media and licenses for. 2. survey all the software that's on individuals computer. take this opportunity to view what they need to use compared to other employees. 3. look at standardized solutions for all users based on what they have then look at options in FOSS or paid software. Present to execs (or however you process your budget) 4. deploy based on response.
When the BSA audit comes, many management types will try to make a scapegoat of the IT guy, but in 100% of all cases I've known about, the BSA ignores the IT guy and goes straight for jugular veins of the upper management.
And ultimately, the upper management has legal responsibility for all wrongdoing in the company unless they can pretty much prove not only that they didn't know, but that they couldn't reasonably know. A few missing licenses here and there could be blamed on the IT guy, but if much of the company runs on unlicensed software, it's clear that they should have known from the financial point of view that something was wrong.
Step 1: Policy. Make sure your policies are clear about what can be installed and who may install it. Step 2: Inventory everything that the company owns properly, and that is licensed to the company. You will likely have to reimage most company computers to come into licensing compliance. Step 3: Make everyone run as a limited user, unless they have definitive need. This will cut down on pirated software, as well as malware. Anyone who needs admin status should sign an agreement that IT support may be limited to reimaging the computer to its original parameters. Step 4: Follow through on Policy. OR Switch to Linux
Open Source: Eroding the Digital Divide
No offense, but, to motivate management you'll sure not need to kick against their heels ...
If you'd like to motivate them, you better explain the truth about licensing, BSA and liability, which gives much MUCH more motivation!
Your motivation would be -the direct way out- of a company, for most managers, with that kind of attitude! Wonder if this has to do with your nickname ;)
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Option C: Shitcan me, stay illegal, and I'll report you to the BSA, screw you over and get a reward for my trouble.
Whistle blowing is protected in all civilized localities.
Some people in /. have a very strange view of life, in which company policy has higher precedence than the law of the land...
IANAL but write like a drunk one.
You do something unethical or illegal then you can't excuse yourself hiding behind the needs of your family.
Sorry but we honest people know that abiding by proper ethical standards is not always easy.
IANAL but write like a drunk one.
People blaming need for their moral failings are beyond contempt.
IANAL but write like a drunk one.
What you are doing is still illegal.
IANAL but write like a drunk one.
Where did I hear that one before?
IANAL but write like a drunk one.
No matter which way you want to slice it.
The irrefutable proof of this is that we have different bodies of law to deal with copyright infringement and to deal with theft.
I have rarely seen any /.er claiming that copyright infringement is OK, most people recognize the illegality of this, nevertheless most people recognize also that copyright has been unethically and immorally subverted by the recording cartel an the governments of most countries.
So in synthesis, this is not different from copying music illegally, they are both illegal activities which should not be condoned, while at the same time pointing the unreasonable nature of the current legislation....
IANAL but write like a drunk one.
http://asg.com/products/product_details.asp?code=BSZ
If you ask them nicely, ASG will demo Becubic for you.
Would a company really wanna piss off someone who has knowledge of illegal doings and is trying to fix it?
That seems counter-intuitive to me.
I inhereted a similar situation I am at. That was back in 2001 and one of the guys they canned before I got here turned the company into BSA and HE was the one installing unlicensed copies. It cost the company a ton of money and cost me a lot of time (nights and weekends) doing a thorough audit of all software. You can get information off of BSA's site (don't go to their site from your work connection...do it from home or the library) and see what the penalties for each infraction. You can then give your boss an estimation of what he could be fined. Additionally, the company's doors can be shut by the authorities until you are in compliance. It can be a nasty thing. Then get an estimation of what it will cost to get everything licensed so your boss has that information as well. Then, if he/she doesn't want to license the software then get that letter saying that you will not be held liable for the illegal software. Then you let them know that you will not personally install any illegal software because it is a crime. It is and you shouldn't. I had to do this. At that point you may want to start looking for another company to work for. Hope it works out for you.
The Thing is.