Slashdot Mirror


How Do You Deal With Pirated Programs At Work?

LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."

22 of 958 comments (clear)

  1. Your choice by SatanicPuppy · · Score: 4, Insightful

    All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.

    In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.

    Now queue 500 posts saying, "ZOMG, replace it all with OSS."

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    1. Re:Your choice by Akido37 · · Score: 4, Insightful

      All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.

      In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.

      Now queue 500 posts saying, "ZOMG, replace it all with OSS."

      In summary, you're screwed.

    2. Re:Your choice by BitwiseX · · Score: 5, Insightful

      I agree 100%. I've seen this a million time at smaller companies, that I've gone into as a contractor. As a contractor I've had to refuse requests to install software. It was usually one copy of Office '97 that a husband brought in to install on 10 or so PCs.

      The sad part is MOST small business don't even realize what they are doing is illegal. Then when you analyze what they have and what the cost of going legit is, they say "Thanks!" and show you the door.

      In your case I would hope asking for a CYA letter from the higher powers would at least throw up a red flag and make them realize the seriousness of the situation. I'd be interested to know what legal position that puts you in however, since you know what you are doing is illegal, CYA letter or not. If your boss said to shoot his secretary and gave you a letter saying he told you to do it... I don't think it would hold up in court (A little extreme, but still..)

    3. Re:Your choice by mitchell_pgh · · Score: 5, Insightful

      Inventory, inventory, inventory... and make recommendations.

      Also, when talking to the higher ups, make sure to consider a "transition period" where you go from illegal software to "gray software", to a fully licensed office. It makes them recognize that it doesn't all have to happen overnight.

      I worked at a design firm and they had illegal versions of Adobe CS and MS Office floating around like it was their business. I basically performed an inventory of every system, created a spreadsheet highlighting the illegal software and then created a strategic timeframe/cost for how you are going to go legit.

      If they don't want to go legit, you should consider a new company or push FOSS alternatives.

    4. Re:Your choice by Anonymous Coward · · Score: 4, Insightful

      "The sad part is MOST small business don't even care that what they are doing is illegal. Then when you analyze what they have and what the cost of going legit is, they say "Thanks!" and show you the door.

      There, fixed that right up for you.

    5. Re:Your choice by cbreaker · · Score: 5, Insightful

      That's the perfect answer and exactly what needs to be done.

      You can even go a step further and contact some of these companies to let them know your situation ahead of time.

      Call Microsoft sales/licensing and tell them your situation and tell them you're working to resolve the licensing issues. Same with Adobe and the others. Get quotes and stuff. That way, if anything bad ever did happen, you have documentation that you're in the process of shoring up the licensing.

      No company is going to sue you if you're in the process of correcting the issue because that means you're going to be a future paying customer.

      --
      - It's not the Macs I hate. It's Digg users. -
    6. Re:Your choice by gustgr · · Score: 4, Insightful

      including the conversations you have regarding your findings and the solutions you're offering.

      You, sir, has just revealed the fastest way to get canned. I'm not saying it is the wrong thing to do, but I really believe his boss would not appreciate having his words written to stone by an employee. He may even see this as blackmail or something, which would make the case much much worse.

    7. Re:Your choice by John+Hasler · · Score: 5, Insightful

      > If they don't want to go legit, you should consider a new company or push FOSS
      > alternatives.

      Switching to Free Software *is* going legit.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    8. Re:Your choice by RollingThunder · · Score: 5, Insightful

      That also tends to be an easier thing to make happen because it's a bit here and a bit there, rather than a $50,000 price tag to bring every single system in to compliance.

      $1,500/mo slips in to the noise; $50K makes itself seen.

    9. Re:Your choice by LoadWB · · Score: 5, Insightful

      Yup. I have walked out of jobs like this and let some of my less scrupulous colleagues take them on. While no one I know of locally has ever had a visit from the BSA, they are a bit like lightning.

      I have been advised by legal counsel that a "CYA" letter does not "CYA." If you run into a situation where illegitimate (I prefer not to use the term illegal) is in use, you bring it to the attention of management, and management does not care, GTFO.

      Make your arguments, wait for the final word, and walk. Do not stop, do not talk, do not even say good bye... WALK AWAY. As a consultant, you have the freedom to do that. As an employee, polish up your CV.

      Although, at this point they are playing a very dangerous game with themselves and with you. Another tidbit of advice given was to write up a document which essentially held them hostage in return for your reputation: you agree not to report their use of illegitimate software in return for you never being there. Shitty, yes, but those are the games we play and the chances we take.

      Unless the guy's name is "Tony" and he runs a "waste management" business. Then you just say "yes, sir!" and move to another country in the middle of the night. Better yet, get off the damn planet.

      Another guy here mentioned an alternative plan of attack, which is gradual compliance. If you can present that as an option, I think that would work as well. You are still on sticky legal grounds with the BSA, though. They consider unlicensed software like child porn, and if you ever THINK it is there and do nothing immediately, you are considered complicit.

      This work makes me sick sometimes.

  2. It doesn't have to be production to be piracy... by omkhar · · Score: 5, Insightful

    >I don't install 'borrowed programs' in a production environment

    'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.

  3. What the hell? by Anonymous Coward · · Score: 4, Insightful
    Why the hell have you taken the time to "Ask Slashdot" when your first duty should have been to call an urgent meeting with the board to explain the situation? If the shit hits the fan you will be the one responsible, so get it in order!

    Start with auditing your network (use automatic auditing software) and then work out:
    1. What licenses can I reclaim from users who do not need the software they have?
    2. What licensed software do we use for which we require more licenses?
    3. What unlicensed software do we have?
    4. How much will this all cost to fix?

    You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.

    If you can't/won't do this, go find another job.

  4. Are you mad? by drolli · · Score: 4, Insightful

    Rules for dealing with that

    1) *Never states the existence of pirated software as a fact to outside you company*.!!!

    2) Ask your Boss at a cup of tea outside his office

    3) Depending on your bosses answer and your morality
        a) Boss says: hunt down priated software -> you do that
        b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
        c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
        d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.

  5. Same as you deal with pirated music by kiwimate · · Score: 4, Insightful

    I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?

    Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?

    So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*

    * Just like music piracy. Even if you want to claim it's not theft.

  6. Re:Tell the truth, plainly by Sun.Jedi · · Score: 5, Insightful

    and no executive is going to wantonly commit federal fraud.

    Wow. Thats a naive, and highly innacurate opinion.

  7. get shitcanned, its good for character by hildi · · Score: 5, Insightful

    some of the finest people in history have been shitcanned and blackballed for simply saying the truth, no matter how politely, professionally, or curteously they did it.

    1. Re:get shitcanned, its good for character by postbigbang · · Score: 5, Insightful

      "shitcanned" isn't the right word. "liberated" is the right word. Better to be free and hungry than fat and fucked up.

      --
      ---- Teach Peace. It's Cheaper Than War.
  8. Re:Yes, it's a horrible situation I've faced too by Greg_D · · Score: 4, Insightful

    Ah, yes, the ivory tower scenario. Here's how it works in real life:

    1. Grab everything "IT" (install disks, licenses, purchase invoices etc.) for hardware and software and get them to a single secure location. Your bosses will wonder why you're wasting time, but that's okay, you're on a mission.

    2. Thoroughly audit the whole lot. Your bosses will wonder why you're wasting time auditing the lot since you already have everything in a single, secure location.

    3. Refuse point blank to (re-)install stuff you're not sure about. At this point, they will fire you on the spot and hire someone willing to install pirated software like the last guy did.

    4. Maybe you can push FOSS as a solution at the unemployment office.

    The vast majority of small businesses don't care about pirated software, because most of these people use pirated software regularly at home too. The correct thing to do would be to raise a concern about the lack of licensing, and if you meet resistance, find another job.

  9. One thing to make sure of by Sycraft-fu · · Score: 5, Insightful

    If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.

    Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:

    1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.

    2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."

    So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.

  10. Here's what you do by Spazmania · · Score: 4, Insightful

    First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.

    Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.

    Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.

    Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.

    Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."

    Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.

    Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  11. Obligatory Clerks Reference by bazio · · Score: 5, Insightful

    Blue-Collar Man: Excuse me. I don't mean to interrupt, but what were you talking about?
    Randal: The ending of Return of the Jedi.
    Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
    Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
    Randal: Like when?
    Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
    Dante: Whose house was it?
    Blue-Collar Man: Dominick Bambino's.
    Randal: "Babyface" Bambino? The gangster?
    Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
    Dante: Based on personal politics.
    Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
    Randal: No way!
    Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.

    --
    Set the bar high, then bring a tall ladder.
  12. Re:devil's advocate by gknoy · · Score: 4, Insightful

    I'd say that reporting knowledge of wrongdoing, when you know there's a bounty and have given them an opportunity to reform, is:

    +1 ethical
    (and we hope +1 lucrative also. It's also probably -1 Bad Career Choice, though.)

    Doing it right off the bat isn't very nice, but if the management insists on unethical (and illegal?) behavior being company policy, then you're in the clear.