How Do You Deal With Pirated Programs At Work?
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.
In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.
Now queue 500 posts saying, "ZOMG, replace it all with OSS."
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
>I don't install 'borrowed programs' in a production environment
'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.
Start with auditing your network (use automatic auditing software) and then work out:
You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.
If you can't/won't do this, go find another job.
Rules for dealing with that
1) *Never states the existence of pirated software as a fact to outside you company*.!!!
2) Ask your Boss at a cup of tea outside his office
3) Depending on your bosses answer and your morality
a) Boss says: hunt down priated software -> you do that
b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.
Today in pretty much every American school from Kindergarden through 12th grade there is free training in piracy of anything digital. Want a song? Someone will show you where to download it from for free. Same for software.
After being subjected to 13 years of this sort of training we can move on to college where there is another four years of honing the art. Everyone knows how to do it by then.
Now they enter the business world and you find it odd that your fellow employees can't understand why they just can't have evertything they want? Sorry, but you are seeing the result of a nationwide (if not worldwide) program. If the people in charge at your workplace don't see anything wrong with everyone just having what they want, I think I'd run for the door. There will be consequences, someday. Someone will find out that rewards are paid to people that turn companies that pirate.
Ethics? If there are no ethics preventing people from pirating, there will be no ethics preventing them from trying to get a reward turning people in.
If someone high up at your company can't see the problem, you don't need to be working there. You will find out your bosses will see to it that it is all pinned on your predcessor and you.
I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?
Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?
So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*
* Just like music piracy. Even if you want to claim it's not theft.
This is a totally unsurprising situation to find at many small businesses. When a business consists of just a handful of people, it is cost prohibitive to actually BUY software.
There is a point, however, that a business has to bite the bullet and "go legit". At certain sizes, businesses show up on Microsoft's anti-piracy radar, and your business can find itself on the receiving end of a software audit. At that point, the business will be liable for not only the costs of any software installed but also fines.
This is a good way to present the situation to your bosses: It's a matter of cost-benefit analysis.
and no executive is going to wantonly commit federal fraud.
Wow. Thats a naive, and highly innacurate opinion.
"The answer is easy if you take it logically..."
1) Start looking for a new job.
2) Go to the CFO. Explain that while you, yourself, have no intention whatsoever of blowing the whistle, there are actual *rewards* put out by the SPA for unhappy employees to take advantage of by being whistle blowers.
3) Explain that, if he's really lucky, as an officer of the company, he could face criminal charges.
4) You don't want ANY of this to happen. So, at the very least, a concerted effort going forward -- with backing from management -- should be made to start getting valid licenses in-place.
5) See #1.
some of the finest people in history have been shitcanned and blackballed for simply saying the truth, no matter how politely, professionally, or curteously they did it.
Ah, yes, the ivory tower scenario. Here's how it works in real life:
1. Grab everything "IT" (install disks, licenses, purchase invoices etc.) for hardware and software and get them to a single secure location. Your bosses will wonder why you're wasting time, but that's okay, you're on a mission.
2. Thoroughly audit the whole lot. Your bosses will wonder why you're wasting time auditing the lot since you already have everything in a single, secure location.
3. Refuse point blank to (re-)install stuff you're not sure about. At this point, they will fire you on the spot and hire someone willing to install pirated software like the last guy did.
4. Maybe you can push FOSS as a solution at the unemployment office.
The vast majority of small businesses don't care about pirated software, because most of these people use pirated software regularly at home too. The correct thing to do would be to raise a concern about the lack of licensing, and if you meet resistance, find another job.
If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.
Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:
1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.
2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."
So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.
First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.
Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.
Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.
Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.
Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."
Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.
Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Blue-Collar Man: Excuse me. I don't mean to interrupt, but what were you talking about?
Randal: The ending of Return of the Jedi.
Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
Randal: Like when?
Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
Dante: Whose house was it?
Blue-Collar Man: Dominick Bambino's.
Randal: "Babyface" Bambino? The gangster?
Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
Dante: Based on personal politics.
Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
Randal: No way!
Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.
Set the bar high, then bring a tall ladder.
Yea....good advice. Just send out a memo that basically condemns the last guy doing IT (who is likely still there doing other tasks), and freak out the management with "we need $25,000 in new software" in a memo you just broadcast to the personel without management position. Be sure to upgrade your resume as well, since management will consider you a troublemaker and find it easier to replace you than fix the problem.
Only a dumbass would just do this without going to management first. They don't want, or need, someone to stir up the pot in public that can fixed over a period of a few months, while you beef up policies in a more orderly fashion.
Tequila: It's not just for breakfast anymore!
I'd say that reporting knowledge of wrongdoing, when you know there's a bounty and have given them an opportunity to reform, is:
+1 ethical
(and we hope +1 lucrative also. It's also probably -1 Bad Career Choice, though.)
Doing it right off the bat isn't very nice, but if the management insists on unethical (and illegal?) behavior being company policy, then you're in the clear.