Software Piracy At the Workplace?

An anonymous reader writes "What does one do when a good portion of the application software at your workplace is pirated? Bringing this up did not endear me at all to the president of the company. I was given a flat 'We don't pirate software,' and 'We must have paid for it at some point.' Given that I was only able to find one burnt copy of Office Pro with a Google-able CD-Key, and that version of Office is on at least 20 computers, I'm not convinced. Some of the legit software in the company has been installed on more than one computer, such as Adobe Acrobat. Nevertheless I have been called on to install dubious software on multiple occasions. As for shareware, what strategies do you use to convince management to allow the purchase of commonly used utilities? If an installation of WinZip reports thousands of uses, I think the software developer deserves a bit o' coin for it. When I told management that WinZip has a timeout counter that counts off one second per file previously opened, they tried to implement a policy of wait for it, do something else, and come back later, rather than spend the money. Also, some software is free for home and educational use only, like AVG Free. What do you when management ignores this?"

Bide your time

[Dunkirk]

Do what you're told. Look for another job.

Re:Bide your time

So, it's okay for people to not say anything about corporate software piracy (hundreds if not thousands of dollars), but if you pirate a game for home use (around 60 dollars) or pirate a single song you're supposed to shut your mouth, end up in court and pay millions in damages?

Talk about double standards.

Other professions have liabilities and so should IT.

Re:Bide your time

[Clover_Kicker]

I.T. is the farthest thing from a profession.

No barriers to entry, no professional society to get bounced out of.

Accounting, engineering, law, medicine are professions - we're computer janitors.

Re:Bide your time

Find another job, while documenting everything you have. Tell your new employer, flatly, that you feel you're working in an ethicsless stability hell-hole that could be sued into the ground at any point, and that you've brought up numerous internal illegal activities to upper management repeatedly and they've flatly denied it or told you to ignore it. Be prepared to justify the extent of the behavior as far-reaching, and clarify the intent of continued behavior at all levels of management. Be prepared not to be hired by shady companies, and to be immediately hired on by companies that hire specific licensing compliance personnel to do their own internal audits (yes, companies actually search themselves for illegal use of products so they can determine business advantage to using them and either ban their use or obtain the proper license).

Tell your CURRENT employer this in your exit interview if you must... but its not any business of any future employers. It could even be considered a violation of your confidentiality agreement to tell others about this (you could get sued...) Also, if you tell a potential employer about something a former employer did wrong, they will be wondering what you will be saying about them in the future. In business the old adage "If you can't say anything nice, don't say anything at all" is one to live by.

If you feel you must take further action, file a report with the BSA (not the Boy Scouts of America - the Business Software Association) and be prepared for a shitstorm to ensue.

In any case, get out ASAP. You are liable for your actions regardless of the fact that you are just following orders. Installing known pirated software for your employers is actionable -you could personaly face penalties. Telling the boss NO when he instructs you to install the software could get you fired as well.

You tried to tell them about the problem. They chose not to listen. Now get yourself out of harms way.

Re:Bide your time

[bakawolf]

on the other hand, you've just screwed someone else over, if that tactic works. Do you really want to keep working at a place you have to call the BSA on anyway?

Re:Bide your time

[realityimpaired]

Tell your CURRENT employer this in your exit interview if you must... but its not any business of any future employers. It could even be considered a violation of your confidentiality agreement to tell others about this (you could get sued...) Also, if you tell a potential employer about something a former employer did wrong, they will be wondering what you will be saying about them in the future. In business the old adage "If you can't say anything nice, don't say anything at all" is one to live by.

I've found, from past experience, that it's always good to be honest in your interviews. I flat out told a company that ultimately hired me, that one of the main reasons I'd left my previous job was that I felt that management didn't understand the industry, and that there were some questionable ethics going on behind closed doors. The company hired me. And on day 1 of my training, they said that ethics and openness were paramount within the company, and that if I ever felt that something was hinky, I was to e-mail my manager, and CC his boss. Within that organization, I *never* needed to take them up on that offer.

Coincidentally, that organization was one that routinely monitored computers for pirated software. When they found something questionable, they e-mailed the person whose workstation it was, asking them to either remove the software or provide a license for it. If they didn't get an answer within 1 week, they'd e-mail the person's boss. 1 week after that, they'd have IT reimage the computer.

Be honest. You're more likely to get a job that actually suits you.

recommend free alternatives

[gad_zuki!]

Security essentials is free for business, so replace AVG with that:

http://www.microsoft.com/Security_Essentials/

7Zip is free and OSS. Replace Winzip with that. Heck, XP has its own zip handler installed. A lot of techies assumed that XP needs a zip program because 2000 didnt have one. Get rid of it.

http://www.7-zip.org/

PDFCreator is free and OSS. It can make PDFs. Most people just need to make them, not 'edit' them.

http://sourceforge.net/projects/pdfcreator/

Different Approach

[Enderandrew]

Instead of accsing the company of piracy (even if they're guilty), use another approach.

Say, I'm concerned that renewing future licenses will be very expensive. Say, the 1,000 copies of Winzip at $30 each is $30,000. 7-zip is a free alternative that actually works better, and will save the company $30,000 the new time those licenses need to be renewed. Alnd OpenOffice saves $400 per license over MS Office. OpenOffice comes with free PDF export functionality, which saves the $500 Acrobat license.

You may get approval to install free, legal alternatives and get rid of the pirated software. Even better, instead of being seen as the problem (the person who has a moral objection to their piracy), you'll be seen as a solution.

Re:Different Approach

[Enderandrew]

Or, if you are in a position of relative authority (and not as afraid of getting canned) you can quote the $250,000 fines the BSA can assess PER VIOLATION and tell them it would greatly behoove themselves to switch to FOSS alternatives and cover their ass.

My job used to be like this....

[ajlisows]

I am a sysadm/web developer for a smallish manufacturing business. When I got here, there licensing was a complete and utter mess. They had about half the number of Office licenses as needed (And half of those were Home/Student Edition), they had a centralized AV solution that they were still getting updates for but hadn't paid for in three years, and just overall were NOT compliant.

I brought it to the company president's attention. Buying 40 Office licenses at a time (Probably around $10000 for Small Business) as well as 70-80 AV subscriptions (Maybe another $2000), and various other server and client software (Around $12,000 more) was not something they wanted to do. They did agree to take it slow and get legit over a period of time. During that period, I did install Office on more machines but they bought the licenses over a period of 18 months. In the end, I am happy to say we are nearly 100% compliant.

So I guess instead of going to him with a HUGE bill, maybe write up a plan to go legit over the next year or two. They may balk at a one time large sum of money but be willing to pay $1000 here, $2000 there or something. Worked for me. If the company is too cheap to even do that, you probably aren't going to you as an employee and are probably better off starting to look around....

Get Out. Sleep Better.

[RobotRunAmok]

Don't think that the company president who "didn't know he was using pirated software" won't serve you up as the sacrificial lamb to the Powers That Be in a heartbeat when some disgruntled ex-employee rats to the BSA. At that point, you'll be out of a job the hard way, with the kind of black stain on a record that no young IT guy wants to have.

Re:Contact the BSA & request an audit

[Eponymous+Coward]

It doesn't work quite like this. Microsoft has no more right to demand an audit of your systems than you do of their systems. They can only demand an audit if you've already agreed to do so in a licensing agreement you consented to. Generally, if you get a corporate site license or possibly other volume licensing from MS, you have agreed to on demand audits. If all the MS software you have came with the machines (like Windows and often Office) or you bought shrinkwrap versions, you don't have to agree to anything unless they have a court order.

-ec

Let me get past the easy comments...

[HikingStick]

There are already tons of posts saying either "document it" or "find another job". Here's what I recommend.

1. Take a software inventory. Figure out what is installed where, and which license codes/CD keys are being used.
2. Pull records. We get a lot of our PCs pre-loaded with MS apps and Acrobat. Those OEM installs stay with the machines, though many places try to move them forward from machine to machine (thus creating the impression that "we must have bought it sometime").
3. Check online sites, like Microsoft's eOpen site, or contact specific vendors (e.g., call Autodesk or your VAR) and ask them to send you a summary of your current licenses.
4. Document your level of usage against your level of compliance. Include all costs for becoming compliant. Be sure to include one time costs (e.g., buying additional seats) and any recurring costs (e.g., maintenance, back maintenance, reinstatement fees).
5. Educate management that software is licensed, not purchased.
6. Include information regarding the legal liability related to pirated software. Include references to any cases you can find, including actual fines, as well as potential fines (caps). Note the reputational risk to the company as well.
7. Prepare a plan for bringing the company into compliance. Include possible stop-gap measures and alternatives (e.g., limiting the number of users with a specific pieces of software, buying one additional license per year, using OpenOffice).
8. Compile everything into a well-documented report/memo (depending on your company's preferred style), and be sure to present it personally (don't just email it off). Offer to meet at another time, if necessary, but you must make it clear how important this is. Offer to meet with the entire management team. Communicate, communicate, communicate.
9. Let management know you don't plan on blowing the whistle (they'll surely say "nobody knows, so we're fine"), but make them aware that any disgruntled employee could make a call in to the piracy hotline. If you have the intestinal fortitude to do so, you could even make it clear (if it reflects your beliefs) that you value your integrity and that you cannot, in good conscience, help the company steal software/violate contract terms. Of course, that means you need to be ready to put up or shut up.

All that being well and good, you can take some practical steps to start getting things into compliance going forward:

• Commit to buying licenses for all new software requests.
• Keep good inventory records of hardware (and associated OEM software) and software.
• Start buying machines with appropriate OEM software (if small enough where volume licensing doesn't make sense), and consider buying shrink-wrap software on the same order (this might let the financial eggheads depreciate the entire purchase - IANATA)
• Adopt free software that is not limited to home/personal/educational use, like Comodo Internet Security and OpenOffice.
• Pray you don't get audited.

Re:Then THEY should get another job

[racermd]

The better (business) solution is to speak to management in terms they can understand - money.

I'm not saying that they need to feel threatened. Instead, point out that you are looking out for the interests of the company and want to ensure all bases are covered in the event of a short-notice software audit.

Then you outline a plan to audit the computers on your network and a plan for remediation (buying licenses, uninstalling software, and/or using some sort of network-wide metering package). Again, this should be done with the focus on how much this will cost the company versus not complying and getting caught with unlicensed software. Remember, management really only cares about budgets and how much of it needs to be expended. It might also help to explain that your own ass is on the line as the IT admin and that, by formally notifying management (you *are* documenting this formally, right?), they are just as culpable if/when a BSA audit occurs.

Part of a good admin's job is to audit the environment regularly for such things, anyway. Even if no action is taken on the findings, at least you know where you're starting from when action ultimately does need to be taken - for any sort of project, not just software license management.