Slashdot Mirror
How Do You Deal With Pirated Programs At Work?
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.
In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.
Now queue 500 posts saying, "ZOMG, replace it all with OSS."
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
>I don't install 'borrowed programs' in a production environment
'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.
Start with auditing your network (use automatic auditing software) and then work out:
You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.
If you can't/won't do this, go find another job.
Every employee reads and signs a conduct statement when joining and annually. Its spelled out in there. I believe company had some problems and fines in the past.
Rules for dealing with that
1) *Never states the existence of pirated software as a fact to outside you company*.!!!
2) Ask your Boss at a cup of tea outside his office
3) Depending on your bosses answer and your morality
a) Boss says: hunt down priated software -> you do that
b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.
Do what any decent pirate would do, turn 'em in to the Navy (or whoever is in charge of pirated software), collect yer bounty, and, arrr, off to more plunder matey!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
Actually, it's not a ZOMG, just explain to the owner that you have certain ethical standards, and that you will not break the law for your job. Then put together an itemised list of licences needed to bring the company into compliance, with prices. If they are unwilling to pay, provide itemised list 2, which has FOSS options that can be migrated to, with an estimate of how long it would take you to do so, and how much downtime would be involved. If they are unwilling to go with either option, "You don't want to sell him death sticks. You want to go home and rethink your life."
That which is done from love exists beyond good and evil
Today in pretty much every American school from Kindergarden through 12th grade there is free training in piracy of anything digital. Want a song? Someone will show you where to download it from for free. Same for software.
After being subjected to 13 years of this sort of training we can move on to college where there is another four years of honing the art. Everyone knows how to do it by then.
Now they enter the business world and you find it odd that your fellow employees can't understand why they just can't have evertything they want? Sorry, but you are seeing the result of a nationwide (if not worldwide) program. If the people in charge at your workplace don't see anything wrong with everyone just having what they want, I think I'd run for the door. There will be consequences, someday. Someone will find out that rewards are paid to people that turn companies that pirate.
Ethics? If there are no ethics preventing people from pirating, there will be no ethics preventing them from trying to get a reward turning people in.
If someone high up at your company can't see the problem, you don't need to be working there. You will find out your bosses will see to it that it is all pinned on your predcessor and you.
I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?
Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?
So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*
* Just like music piracy. Even if you want to claim it's not theft.
Well, you say that jokingly but depending on the types of software we are talking about it might be an option. I'm not really an OSS evangilist but I would still recommend it in this case because the company isn't willing or isn't able to purchase the software legally. For technical users, there shouldn't be any problem moving people over to Linux, OpenOffice (I'm not talking about the accounting guys or anything, just the people that it makes sense to move over), and svn. The problem is if the software being pirated is software without good free alternatives.
Unless I'm missing something the options are 1) put your ass on the line and install the software illegally, 2) look for free alternatives, or 3) quit. Personally I'm not loyal enough to my company for #1 and with the job market today I wouldn't want to do #3.
Yes, but then you have to retrain people or expect them to muddle through learning new software. That will negatively affect the productivity, appearance to the client, and the bottom line. Buying licenses doesn't - it affects the bottom line only - the rest of the company works exactly 100% as it did before.
Try telling a user who has had a pirated application on their computer you can't provide it -- that's no fun at all. They've gotten used to using it and most won't accept another program in its place. Even worse you'll get nonsensical crap about free/open-source software not providing appropriate output.
And management isn't always helpful. You'd think telling them "you are breaking license agreements and exposing yourself to legal liability" would be enough, but sometimes that isn't enough. At least in this case you have someone (old fake IT guy) to blame -- that's more or less all you can do.
And let me chime in on the ZOMG install FOSS tip -- this is a great opportunity. You've already got a tailor-made excuse. "X user is using X software and we do not have a license. We can either pay X dollars for a license or use this freely available alternative that will provide the same functionality." In this economic climate, they won't even consider the pay software in most cases.
This is a totally unsurprising situation to find at many small businesses. When a business consists of just a handful of people, it is cost prohibitive to actually BUY software.
There is a point, however, that a business has to bite the bullet and "go legit". At certain sizes, businesses show up on Microsoft's anti-piracy radar, and your business can find itself on the receiving end of a software audit. At that point, the business will be liable for not only the costs of any software installed but also fines.
This is a good way to present the situation to your bosses: It's a matter of cost-benefit analysis.
Your first step is to dig through all of the documentation you have to find any and all software purchases. This included going through the previous guy's email (hopefully it's still available) and digging out the license cards from those boxes stashed in the corner. If you are lucky, someone in accounting can start pulling invoices from you. Also, go to the resellers your company has been using to see if they can pull a purchase history or license report (CDW is great for this). Don't forget to try sites like Microsoft's eOpen (eopen.microsoft.com) or Adobe's license site (licensing.adobe.com).
The next step is to audit your workstations and servers to see exactly what commercial software they are running. Try to match that up with what documentation you found to start with. My rule of thumb is that if I don't have a PO/invoice, license key or box, then I don't own the software. Then go and get quotes from your favorite reseller to see what the costs are to "true-up".
Take all of this to your manager (or the owner) and show them the situation. Be sure to explain the consequences of not licensing the software you are using, and leave the decision up to him whether to true-up, stop using the software, or use it unlicensed. I would personally document this meeting just to cover your own ass, especially if the last option is chosen.
In order to prevent this situation in the future, make sure all software purchases come through your department. Then keep all license documentation in a single physical or electronic location. Be prepared to dig your heels in when someone tries to bypass IT to install illegal/unlicense software.
ÕÕ
As the first post mentioned, please DO bring this matter up with your higher-ups and get something in writing. Even then, getting it in writing doesn't give you a golden ticket out. If you are knowingly doing something wrong, then you are just as responsible as those who authorized it.
I don't care how small your company is; the smaller, the easier to get hit with a huge bill after an audit. I don't know how trustworthy your bosses are, but what you don't want is for the authorities to catch wind of what's going on, and for your superiors to turn you into the scape goat.
"What, we didn't know there was any pirated software being used...he's the guy who handles this stuff. We hired him to take care of this. It's his fault..."
Best "String" Ever!
Yea, I'll second this. Don't be a pussy and cave just because someone says, "The other guy installed it!" The other guy broke the law. Not being willing to break the law doesn't make you less skilled than teh pirate.
It's very tempting to just install the stuff anyway: you look like a can-do guy, with it, always got the stuff we need, a real team player. But if you do get audited they will sell you out so fast your head will spin. And if you get audited after you've fixed the license issue, they will worship you, yea, as unto a god.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Non-production piracy is still piracy.
I will never, ever buy a program until I've vetted it first. Some companies have worthwhile demos, and I'll use those if available, but if not... fire up the keygen. If this makes me evil in your eyes, so be it - but I sleep comfortably at night.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
and no executive is going to wantonly commit federal fraud.
Wow. Thats a naive, and highly innacurate opinion.
"The answer is easy if you take it logically..."
1) Start looking for a new job.
2) Go to the CFO. Explain that while you, yourself, have no intention whatsoever of blowing the whistle, there are actual *rewards* put out by the SPA for unhappy employees to take advantage of by being whistle blowers.
3) Explain that, if he's really lucky, as an officer of the company, he could face criminal charges.
4) You don't want ANY of this to happen. So, at the very least, a concerted effort going forward -- with backing from management -- should be made to start getting valid licenses in-place.
5) See #1.
some of the finest people in history have been shitcanned and blackballed for simply saying the truth, no matter how politely, professionally, or curteously they did it.
Ah, yes, the ivory tower scenario. Here's how it works in real life:
1. Grab everything "IT" (install disks, licenses, purchase invoices etc.) for hardware and software and get them to a single secure location. Your bosses will wonder why you're wasting time, but that's okay, you're on a mission.
2. Thoroughly audit the whole lot. Your bosses will wonder why you're wasting time auditing the lot since you already have everything in a single, secure location.
3. Refuse point blank to (re-)install stuff you're not sure about. At this point, they will fire you on the spot and hire someone willing to install pirated software like the last guy did.
4. Maybe you can push FOSS as a solution at the unemployment office.
The vast majority of small businesses don't care about pirated software, because most of these people use pirated software regularly at home too. The correct thing to do would be to raise a concern about the lack of licensing, and if you meet resistance, find another job.
If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.
Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:
1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.
2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."
So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.
Your friend needs some serious help.
The world's burning. Moped Jesus spotted on I50. Details at 11.
First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.
Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.
Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.
Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.
Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."
Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.
Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Do an inventory of the software and find out how much illegal software is in the company.
Set up a meeting with management, and the company lawyer if there is one, and explain to them what the last IT guy did and what will happen if they get caught using illegal copies of software, including the large fines. Explain to them their exposure. Tell them that this has to be corrected to protect the company. Tell them about the companies that have been turned in by disgruntled former employees. Get their buy-in to remove or buy any software that is of questionable origin and to put in place a software procurement process.
Then, put out a memo explaining the changes, including how this is caused by missing media and/or licenses and that any software missing licenses must either be bought or removed. State that this is an amnesty and, after a set period of time, anyone with illegal software on their computer will be subject to disciplinary action up to and including termination.
Document everything every step of the way. If at any point you are told to keep making illegal copies and using unlicensed software, find another job and quit stating you will not break the law for them. Then, turn them into the BSA.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
I think you mean +1, Evil.
> Fully 100% of the local labor pool is trained and experienced in MS Office.
That will be fun when the next version Office comes around and all their skills and experience go in the shredder...
A Pirate and a Puritan look the same on a balance sheet.
Blue-Collar Man: Excuse me. I don't mean to interrupt, but what were you talking about?
Randal: The ending of Return of the Jedi.
Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
Randal: Like when?
Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
Dante: Whose house was it?
Blue-Collar Man: Dominick Bambino's.
Randal: "Babyface" Bambino? The gangster?
Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
Dante: Based on personal politics.
Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
Randal: No way!
Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.
Set the bar high, then bring a tall ladder.
If the company won't correct the problem, and you think the blame will fall on you...
Send out a memo to all staff. Advise that it has recently come to your attention that there is possibly unlicensed software on some computers.
Management will perk up their ears when you include how much it will cost the company in fines should this come to anyone's attention.
Insist that ALL software installed on any company machine be given the OK by the IT department. Set up a process whereby you verify licensing for all applications on all company equipment.
Basically, you need to conduct a software license audit. Get the go-ahead from management first, of course. If they refuse to give it out, and/or dig in their heels about making official policy that all apps be approved to verify legality, then go to the BSA yourself.
If you're stumbling on this stuff and reporting it to upper management as you go, you're going to piss off everyone as they think you're just nickel and diming them to death. If you have been doing this piecemeal, announce immediately that you are going to do a complete audit to see where you are and then you'll work with them to decide as to how and when to update your licenses as to minimize risk while becoming legal. You'll be surprised how much better a controlled process will go over rather than the random crap you've been shotgunning them with.
That is all.
OSS Keygens?
Yea....good advice. Just send out a memo that basically condemns the last guy doing IT (who is likely still there doing other tasks), and freak out the management with "we need $25,000 in new software" in a memo you just broadcast to the personel without management position. Be sure to upgrade your resume as well, since management will consider you a troublemaker and find it easier to replace you than fix the problem.
Only a dumbass would just do this without going to management first. They don't want, or need, someone to stir up the pot in public that can fixed over a period of a few months, while you beef up policies in a more orderly fashion.
Tequila: It's not just for breakfast anymore!
I'd say that reporting knowledge of wrongdoing, when you know there's a bounty and have given them an opportunity to reform, is:
+1 ethical
(and we hope +1 lucrative also. It's also probably -1 Bad Career Choice, though.)
Doing it right off the bat isn't very nice, but if the management insists on unethical (and illegal?) behavior being company policy, then you're in the clear.
live in the real world.
People who 'whistle blow'
are thrown under the bus.
If you need your job you only 'whistle blow'
for criminal IE: capital murder massive fraud, Maddof type behavior, psychopathic behavior.
You don't 'whistle blow' a 300 dollar software license.
A reporter is a reporter, regardless if he works at a television company, the local newspaper, or on the internet. If you have doubts of the facts presented, rather than engage in ad hominem attacks (a logical fallacy), you could double-check the facts in the Congressional records from 1992 to 2005, and then come back here and refute them one-by-one.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall