Slashdot Mirror


How Do You Deal With Pirated Programs At Work?

LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."

30 of 958 comments (clear)

  1. Your choice by SatanicPuppy · · Score: 4, Insightful

    All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.

    In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.

    Now queue 500 posts saying, "ZOMG, replace it all with OSS."

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    1. Re:Your choice by Akido37 · · Score: 4, Insightful

      All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.

      In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.

      Now queue 500 posts saying, "ZOMG, replace it all with OSS."

      In summary, you're screwed.

    2. Re:Your choice by BitwiseX · · Score: 5, Insightful

      I agree 100%. I've seen this a million time at smaller companies, that I've gone into as a contractor. As a contractor I've had to refuse requests to install software. It was usually one copy of Office '97 that a husband brought in to install on 10 or so PCs.

      The sad part is MOST small business don't even realize what they are doing is illegal. Then when you analyze what they have and what the cost of going legit is, they say "Thanks!" and show you the door.

      In your case I would hope asking for a CYA letter from the higher powers would at least throw up a red flag and make them realize the seriousness of the situation. I'd be interested to know what legal position that puts you in however, since you know what you are doing is illegal, CYA letter or not. If your boss said to shoot his secretary and gave you a letter saying he told you to do it... I don't think it would hold up in court (A little extreme, but still..)

    3. Re:Your choice by mitchell_pgh · · Score: 5, Insightful

      Inventory, inventory, inventory... and make recommendations.

      Also, when talking to the higher ups, make sure to consider a "transition period" where you go from illegal software to "gray software", to a fully licensed office. It makes them recognize that it doesn't all have to happen overnight.

      I worked at a design firm and they had illegal versions of Adobe CS and MS Office floating around like it was their business. I basically performed an inventory of every system, created a spreadsheet highlighting the illegal software and then created a strategic timeframe/cost for how you are going to go legit.

      If they don't want to go legit, you should consider a new company or push FOSS alternatives.

    4. Re:Your choice by Anonymous Coward · · Score: 4, Insightful

      "The sad part is MOST small business don't even care that what they are doing is illegal. Then when you analyze what they have and what the cost of going legit is, they say "Thanks!" and show you the door.

      There, fixed that right up for you.

    5. Re:Your choice by Saint+Fnordius · · Score: 3, Insightful

      The only other thing I can think of is to tell the individual users that you are busy covering their arses as well, since an audit may cost them all their jobs. And don't let them think it ends there, give them a ray of hope such as "well, we're examining the accounting records as well."

      After all, you might get lucky and accounting might have the purchase receipts. Then you can blame it on bad bookkeeping while you untie the Gordian knot.

    6. Re:Your choice by vtcodger · · Score: 3, Insightful

      ***All you can do is go to the higher ups and lay out the entire situation.***

      Not arguing. But first check the purchasing records. If some (or all, but how likely is that?) the software was actually bought, there should be Purchase Orders or paperwork reimbursing whoever bought it. There may be a cardboard box around somewhere with original copies of the disks/CDs for some of the software. Do not expect the paperwork to be especially clear about what exactly was purchased.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    7. Re:Your choice by cbreaker · · Score: 5, Insightful

      That's the perfect answer and exactly what needs to be done.

      You can even go a step further and contact some of these companies to let them know your situation ahead of time.

      Call Microsoft sales/licensing and tell them your situation and tell them you're working to resolve the licensing issues. Same with Adobe and the others. Get quotes and stuff. That way, if anything bad ever did happen, you have documentation that you're in the process of shoring up the licensing.

      No company is going to sue you if you're in the process of correcting the issue because that means you're going to be a future paying customer.

      --
      - It's not the Macs I hate. It's Digg users. -
    8. Re:Your choice by gustgr · · Score: 4, Insightful

      including the conversations you have regarding your findings and the solutions you're offering.

      You, sir, has just revealed the fastest way to get canned. I'm not saying it is the wrong thing to do, but I really believe his boss would not appreciate having his words written to stone by an employee. He may even see this as blackmail or something, which would make the case much much worse.

    9. Re:Your choice by John+Hasler · · Score: 5, Insightful

      > If they don't want to go legit, you should consider a new company or push FOSS
      > alternatives.

      Switching to Free Software *is* going legit.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    10. Re:Your choice by RollingThunder · · Score: 5, Insightful

      That also tends to be an easier thing to make happen because it's a bit here and a bit there, rather than a $50,000 price tag to bring every single system in to compliance.

      $1,500/mo slips in to the noise; $50K makes itself seen.

    11. Re:Your choice by LoadWB · · Score: 5, Insightful

      Yup. I have walked out of jobs like this and let some of my less scrupulous colleagues take them on. While no one I know of locally has ever had a visit from the BSA, they are a bit like lightning.

      I have been advised by legal counsel that a "CYA" letter does not "CYA." If you run into a situation where illegitimate (I prefer not to use the term illegal) is in use, you bring it to the attention of management, and management does not care, GTFO.

      Make your arguments, wait for the final word, and walk. Do not stop, do not talk, do not even say good bye... WALK AWAY. As a consultant, you have the freedom to do that. As an employee, polish up your CV.

      Although, at this point they are playing a very dangerous game with themselves and with you. Another tidbit of advice given was to write up a document which essentially held them hostage in return for your reputation: you agree not to report their use of illegitimate software in return for you never being there. Shitty, yes, but those are the games we play and the chances we take.

      Unless the guy's name is "Tony" and he runs a "waste management" business. Then you just say "yes, sir!" and move to another country in the middle of the night. Better yet, get off the damn planet.

      Another guy here mentioned an alternative plan of attack, which is gradual compliance. If you can present that as an option, I think that would work as well. You are still on sticky legal grounds with the BSA, though. They consider unlicensed software like child porn, and if you ever THINK it is there and do nothing immediately, you are considered complicit.

      This work makes me sick sometimes.

    12. Re:Your choice by Archangel+Michael · · Score: 3, Insightful

      You document everything for PERSONAL protection. You don't tell people you're documenting things, you just do it.

      And in this day and age, if you don't document things (journal entry) properly, you're an idiot. When the boss can fire you for doing your job, you want to be able to fire back. Self preservation.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    13. Re:Your choice by Mister+Whirly · · Score: 3, Insightful

      When you explain that the alternative may be a $250,000 fine, the $50,000 doesn't seem as bad anymore. The one positive thing I can say about the RIAA trials is now my supervisors take licensing and such a little more seriously.

      --
      "But this one goes to 11!"
  2. It doesn't have to be production to be piracy... by omkhar · · Score: 5, Insightful

    >I don't install 'borrowed programs' in a production environment

    'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.

  3. What the hell? by Anonymous Coward · · Score: 4, Insightful
    Why the hell have you taken the time to "Ask Slashdot" when your first duty should have been to call an urgent meeting with the board to explain the situation? If the shit hits the fan you will be the one responsible, so get it in order!

    Start with auditing your network (use automatic auditing software) and then work out:
    1. What licenses can I reclaim from users who do not need the software they have?
    2. What licensed software do we use for which we require more licenses?
    3. What unlicensed software do we have?
    4. How much will this all cost to fix?

    You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.

    If you can't/won't do this, go find another job.

  4. Are you mad? by drolli · · Score: 4, Insightful

    Rules for dealing with that

    1) *Never states the existence of pirated software as a fact to outside you company*.!!!

    2) Ask your Boss at a cup of tea outside his office

    3) Depending on your bosses answer and your morality
        a) Boss says: hunt down priated software -> you do that
        b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
        c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
        d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.

  5. Reap the rewards by cdrguru · · Score: 3, Insightful

    Today in pretty much every American school from Kindergarden through 12th grade there is free training in piracy of anything digital. Want a song? Someone will show you where to download it from for free. Same for software.

    After being subjected to 13 years of this sort of training we can move on to college where there is another four years of honing the art. Everyone knows how to do it by then.

    Now they enter the business world and you find it odd that your fellow employees can't understand why they just can't have evertything they want? Sorry, but you are seeing the result of a nationwide (if not worldwide) program. If the people in charge at your workplace don't see anything wrong with everyone just having what they want, I think I'd run for the door. There will be consequences, someday. Someone will find out that rewards are paid to people that turn companies that pirate.

    Ethics? If there are no ethics preventing people from pirating, there will be no ethics preventing them from trying to get a reward turning people in.

    If someone high up at your company can't see the problem, you don't need to be working there. You will find out your bosses will see to it that it is all pinned on your predcessor and you.

  6. Same as you deal with pirated music by kiwimate · · Score: 4, Insightful

    I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?

    Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?

    So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*

    * Just like music piracy. Even if you want to claim it's not theft.

  7. Common Problem by geekmansworld · · Score: 3, Insightful

    This is a totally unsurprising situation to find at many small businesses. When a business consists of just a handful of people, it is cost prohibitive to actually BUY software.

    There is a point, however, that a business has to bite the bullet and "go legit". At certain sizes, businesses show up on Microsoft's anti-piracy radar, and your business can find itself on the receiving end of a software audit. At that point, the business will be liable for not only the costs of any software installed but also fines.

    This is a good way to present the situation to your bosses: It's a matter of cost-benefit analysis.

  8. Re:Tell the truth, plainly by Sun.Jedi · · Score: 5, Insightful

    and no executive is going to wantonly commit federal fraud.

    Wow. Thats a naive, and highly innacurate opinion.

  9. In the immortal words of Paul Simon... by Slartibartfast · · Score: 3, Insightful

    "The answer is easy if you take it logically..."

    1) Start looking for a new job.
    2) Go to the CFO. Explain that while you, yourself, have no intention whatsoever of blowing the whistle, there are actual *rewards* put out by the SPA for unhappy employees to take advantage of by being whistle blowers.
    3) Explain that, if he's really lucky, as an officer of the company, he could face criminal charges.
    4) You don't want ANY of this to happen. So, at the very least, a concerted effort going forward -- with backing from management -- should be made to start getting valid licenses in-place.
    5) See #1.

  10. get shitcanned, its good for character by hildi · · Score: 5, Insightful

    some of the finest people in history have been shitcanned and blackballed for simply saying the truth, no matter how politely, professionally, or curteously they did it.

    1. Re:get shitcanned, its good for character by postbigbang · · Score: 5, Insightful

      "shitcanned" isn't the right word. "liberated" is the right word. Better to be free and hungry than fat and fucked up.

      --
      ---- Teach Peace. It's Cheaper Than War.
  11. Re:Yes, it's a horrible situation I've faced too by Greg_D · · Score: 4, Insightful

    Ah, yes, the ivory tower scenario. Here's how it works in real life:

    1. Grab everything "IT" (install disks, licenses, purchase invoices etc.) for hardware and software and get them to a single secure location. Your bosses will wonder why you're wasting time, but that's okay, you're on a mission.

    2. Thoroughly audit the whole lot. Your bosses will wonder why you're wasting time auditing the lot since you already have everything in a single, secure location.

    3. Refuse point blank to (re-)install stuff you're not sure about. At this point, they will fire you on the spot and hire someone willing to install pirated software like the last guy did.

    4. Maybe you can push FOSS as a solution at the unemployment office.

    The vast majority of small businesses don't care about pirated software, because most of these people use pirated software regularly at home too. The correct thing to do would be to raise a concern about the lack of licensing, and if you meet resistance, find another job.

  12. One thing to make sure of by Sycraft-fu · · Score: 5, Insightful

    If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.

    Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:

    1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.

    2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."

    So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.

  13. Here's what you do by Spazmania · · Score: 4, Insightful

    First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.

    Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.

    Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.

    Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.

    Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."

    Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.

    Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  14. Obligatory Clerks Reference by bazio · · Score: 5, Insightful

    Blue-Collar Man: Excuse me. I don't mean to interrupt, but what were you talking about?
    Randal: The ending of Return of the Jedi.
    Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
    Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
    Randal: Like when?
    Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
    Dante: Whose house was it?
    Blue-Collar Man: Dominick Bambino's.
    Randal: "Babyface" Bambino? The gangster?
    Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
    Dante: Based on personal politics.
    Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
    Randal: No way!
    Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.

    --
    Set the bar high, then bring a tall ladder.
  15. Re:devil's advocate by Pharmboy · · Score: 3, Insightful

    Yea....good advice. Just send out a memo that basically condemns the last guy doing IT (who is likely still there doing other tasks), and freak out the management with "we need $25,000 in new software" in a memo you just broadcast to the personel without management position. Be sure to upgrade your resume as well, since management will consider you a troublemaker and find it easier to replace you than fix the problem.

    Only a dumbass would just do this without going to management first. They don't want, or need, someone to stir up the pot in public that can fixed over a period of a few months, while you beef up policies in a more orderly fashion.

    --
    Tequila: It's not just for breakfast anymore!
  16. Re:devil's advocate by gknoy · · Score: 4, Insightful

    I'd say that reporting knowledge of wrongdoing, when you know there's a bounty and have given them an opportunity to reform, is:

    +1 ethical
    (and we hope +1 lucrative also. It's also probably -1 Bad Career Choice, though.)

    Doing it right off the bat isn't very nice, but if the management insists on unethical (and illegal?) behavior being company policy, then you're in the clear.