Software Piracy At the Workplace?

An anonymous reader writes "What does one do when a good portion of the application software at your workplace is pirated? Bringing this up did not endear me at all to the president of the company. I was given a flat 'We don't pirate software,' and 'We must have paid for it at some point.' Given that I was only able to find one burnt copy of Office Pro with a Google-able CD-Key, and that version of Office is on at least 20 computers, I'm not convinced. Some of the legit software in the company has been installed on more than one computer, such as Adobe Acrobat. Nevertheless I have been called on to install dubious software on multiple occasions. As for shareware, what strategies do you use to convince management to allow the purchase of commonly used utilities? If an installation of WinZip reports thousands of uses, I think the software developer deserves a bit o' coin for it. When I told management that WinZip has a timeout counter that counts off one second per file previously opened, they tried to implement a policy of wait for it, do something else, and come back later, rather than spend the money. Also, some software is free for home and educational use only, like AVG Free. What do you when management ignores this?"

Since you brought it up... You're liable

[charleste]

Unfortunately ignorance of the law is no defense. The same is true for not saying anything when you witness a crime being committed. It's called obstruction. So, CYA: leave the company as soon as you can. Assume you WILL be held accountable in the future.

Contact the BSA & request an audit

[mandark1967]

They have a rewards program that will pay you money for turning in your company.

recommend free alternatives

[gad_zuki!]

Security essentials is free for business, so replace AVG with that:

http://www.microsoft.com/Security_Essentials/ [microsoft.com]

7Zip is free and OSS. Replace Winzip with that. Heck, XP has its own zip handler installed. A lot of techies assumed that XP needs a zip program because 2000 didnt have one. Get rid of it.

http://www.7-zip.org/ [7-zip.org]

PDFCreator is free and OSS. It can make PDFs. Most people just need to make them, not 'edit' them.

http://sourceforge.net/projects/pdfcreator/ [sourceforge.net]

Change in some Policies

[Monkeedude1212]

First off, you shouldn't need to use Winzip, every computer since like Windows 95 has had its own method of compression to send files. Toss that out, and just use the right click "Send to compressed (zip) folder".

Secondly, If your boss is saying that you had to have paid for software at one point, tell him that you're going to have to buy licenses for each time that software is used.

This means that either
A) Your IT Budget is going way up
or
B) Other Departments are going to have to expense their own software, and you just aid in the installation and support.

If your IT Manager is content with what software you've got going on, either knowing full well that its trial version or doesn't care, than its really not your place to challenge that, and you go with it.

If YOU are the IT Manager, you need to get some backbone and tell the Chief that you are at serious risk of lawsuit.

Re:Since you brought it up... You're liable

[Anonymous Coward]

Document everything and call the BSA otherwise you could be thrown under the bus.

https://reporting.bsa.org/usa/home.aspx

Re:Contact the BSA & request an audit

[gbjbaanb]

Yep, do it. Take the money as a little reward for dong the right thing..

What will happen to the company is: Microsoft will send a letter to the CEO informing him that they will be performing an audit, that they are entitled to do as he is running some form of Microsoft software (I doubt they need to check that's true). Then they will tell him that he needs to run audit software in the company and send the results to MS, and that they know of a few companies who will perform this audit for a reasonable fee, and no, running it all yourself of not acceptable.

Once he's done that, they will check how many licences they think the company needs to become 'compliant' and demand proof they have that many purchased. At this point, they also offer to bill for unlicenced software that accidentally or mistakenly was installed.

End result: the company pays to audit itself, and pays MS for a load of licences. Usually they end up paying extra for things people have installed but never use any more.

They're quite nice about it, if that help any.

Common cause of termination in bad startups

[presidenteloco]

A friend of mine was uncomfortable with using the pirated s/w at her company and so switched her computer and work products
from (pirated) Office to OpenOffice, (pirated) MatLab to Octave, and VBA to python. She also brought the overall issue up with the CEO, suggesting
that the company should pay for its payware, or switch to FOSS.

Needless to say, not long afterwards, she was terminated with some lame excuse but it's clear it was for not being a "team player".

The 95% of the technology startups in our town are laughingly underfunded
(e.g. reverse mortgage on CEO's house and small contribution from Aunt Tilly's bakery), so they have no
money for legit licenses. Unfortunately, the management at many are too stupid to understand that there are perfectly good FOSS
alternatives for all of it.

AVG not a free for all.

[Anonymous Coward]

AVG is only for home use - even educational institutions have to buy it.

Will you get fired for non installing illegal software? Probably not.

Only install legit software or you are complicit.

Business is business

[kentrel]

Tell your boss that this is important, and that the company needs to pay for it, and you feel obligated to report it as you will be liable also. Then offer helpful suggestions as to who you can lay off in order to allocate money to pay for the software. Will it be friendly Bob, or the pregnant lady in the accounts department? Alternatively you can just shut your mouth and get another job like everybody else said.

Let me get past the easy comments...

[HikingStick]

There are already tons of posts saying either "document it" or "find another job". Here's what I recommend.

1. Take a software inventory. Figure out what is installed where, and which license codes/CD keys are being used.
2. Pull records. We get a lot of our PCs pre-loaded with MS apps and Acrobat. Those OEM installs stay with the machines, though many places try to move them forward from machine to machine (thus creating the impression that "we must have bought it sometime").
3. Check online sites, like Microsoft's eOpen site, or contact specific vendors (e.g., call Autodesk or your VAR) and ask them to send you a summary of your current licenses.
4. Document your level of usage against your level of compliance. Include all costs for becoming compliant. Be sure to include one time costs (e.g., buying additional seats) and any recurring costs (e.g., maintenance, back maintenance, reinstatement fees).
5. Educate management that software is licensed, not purchased.
6. Include information regarding the legal liability related to pirated software. Include references to any cases you can find, including actual fines, as well as potential fines (caps). Note the reputational risk to the company as well.
7. Prepare a plan for bringing the company into compliance. Include possible stop-gap measures and alternatives (e.g., limiting the number of users with a specific pieces of software, buying one additional license per year, using OpenOffice).
8. Compile everything into a well-documented report/memo (depending on your company's preferred style), and be sure to present it personally (don't just email it off). Offer to meet at another time, if necessary, but you must make it clear how important this is. Offer to meet with the entire management team. Communicate, communicate, communicate.
9. Let management know you don't plan on blowing the whistle (they'll surely say "nobody knows, so we're fine"), but make them aware that any disgruntled employee could make a call in to the piracy hotline. If you have the intestinal fortitude to do so, you could even make it clear (if it reflects your beliefs) that you value your integrity and that you cannot, in good conscience, help the company steal software/violate contract terms. Of course, that means you need to be ready to put up or shut up.

All that being well and good, you can take some practical steps to start getting things into compliance going forward:

• Commit to buying licenses for all new software requests.
• Keep good inventory records of hardware (and associated OEM software) and software.
• Start buying machines with appropriate OEM software (if small enough where volume licensing doesn't make sense), and consider buying shrink-wrap software on the same order (this might let the financial eggheads depreciate the entire purchase - IANATA)
• Adopt free software that is not limited to home/personal/educational use, like Comodo Internet Security and OpenOffice.
• Pray you don't get audited.

Quit

[endianx]

Your employer is stealing. Quit.

Re:I don't have all the answers for you, but...

[Supergibbs]

If you need other formats, use 7-Zip. Supports almost everything and is free.

Re:recommend free alternatives

[Bacon Bits]

Eh, 7-Zip is a better compression algorithm than it is software. The GUI is not as nice as that in WinZIP or WinRAR (it's designed around Norton Commander instead of the more well-understood Windows Explorer model), the installer doesn't provide the option to associate the files, the association mechanism within the program itself wants admin rights but doesn't properly ask for them so it conflicts with Vista and 7's UAC, the archiver lacks "preserve full pathname" support (extraction support works fine), the context menu component defaults to off, etc. The command line version makes me miss tar, as it lacks the seemingly-basic feature of deleting files after archiving which would make archiving logs so easy.

It's a good program that's fine for personal and home use, but it requires a lot of post-install configuration that is difficult to deploy for a business to get the kind of uniform desktops that make IT life easier. About the only good thing business-wise is that the installer is an .msi file.

I use 7-Zip because it's free as in beer. If I had my choice, though, I'd use WinRAR.

Too Late

[DeanFox]

It sounds clear they're not going to change business practices. There's always reporting them to the BSE or some other software piracy watchdog then going through a very painful (from what I hear) audit. You've already made known pirated software bothers you and if all of a sudden a watchdog group shows at your door with a warrant or whatever they use... You're screwed as far as continuing with this company. Likely you'll be fired for some unrelated subjective cause.

You can shut-up and look the other way or you can leave and report them. You cannot force them to change, you cannot report them and stay. Do your own math...

-[d]-

Re:Bide your time

[Mister Whirly]

Someone physically taking something from you and someone making a digital copy of something is not the exact same thing. If someone steals from you, yes, that is a criminal offense. When someone makes an unauthorized copy of something, that is a civil, and not criminal, offense.

From someone in the trenches.

[dthanna]

Either get licensed or get a new job - seems to be the running theme here. I agree. As the license manager (and product expert) for Adobe Acrobat at my company I can honestly say that if you don't have the support of leadership to get and stay licensed you really need to get a new job. Software worth using is software worth paying for. Many software companies really would rather you became compliant rather than have to deal with litigation - no one wins. And in these economic times your negotiation power is that much greater. You can always threaten with the 'I really like your xyz product, but if terms aren't favorable I guess we will just have to go with the FOSS abc tool. Yea, we are willing to take the functional hit.' Two things - be willing to back it up. Be reasonable in your requests. Sorry - you will never get Acrobat Pro for less that $250/seat unless you are handing over at least seven figures. But by then, you are already at CLP Level 4 pricing - which is a significant discount against list - that you can leverage across ALL your Adobe products (CS, Flex, etc.) For Acrobat - Yea, it's expensive but it does a lot of things that are hard to do with FOSS* tools. You may also want to investigate just 'lower cost' alternatives - Nuance's is pretty good along the solution from ArtsPDF. With some negotiation you may be able to get Nuance's sub $10US/seat. Stay away from PDF995 and other such really low-cost tools - they aren't worth the hassle. The primary problem with them is the way they handle the conversion. Most are implemented as a GDI printer which tends to have problems with some graphics and layout accuracy. Direct to PDF is the best (e.g. Adobe CS tools), but if the underlying library is bunk that makes the PDF bunk. Second best is through PostScript, but it has it's limitations. PDF, as a filetype, is much, much more complicated than many folks realize. A lots of ways to screw it up - not so many to do it right. * Sorry if I rub some folks wrong here - but I have yet to find a FOSS implemented PDF library that is any good. The GNU library, and products based on it (OpenOffice, GhostScript, FOP, etc.) really produce poor quality PDFs in the production world. For quick, one-off work it works just fine. But when you have to take their PDF output and use it as input into another system (or even just to combine them) they tend to breakdown. Or the PDF becomes overly bloated. Yes, the Adobe library is expensive, but I know what I am getting and don't have problems with them. PDFlib is also a really good production-grade library and isn't all that expensive. Licensing terms are more than generous. More language bindings and platforms than you can shake a stick at (even native z/OS - not just USFHFS). We had some reasonable success with iText for on-the-fly generation but in a production print workflow, not all that good.

Re:Bide your time

[somersault]

Even worse (in a way) - why are they being so stupid as to wait for Winzip when 1) it's pretty cheap (by corporate standards) and 2) there are FREE alternatives available

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Since you brought it up... You're liable

[MarkvW]

Parent advice is BAD. If no duty is imposed upon an actor, most states do not impose liability for simply knowing of the commission of a crime and remaining silent.

Don't rely on this email for legal advice. Don't rely on parent's email for legal advice. Don't rely on ANYTHING in slashdot for legal advice.

Get the CEO's response in hard copy!

[The_Deacon]

This is a dangerous position to be in, since **** rolls downhill when someone calls the BSA. First thing to do at this point is get some documentation. Email the CEO with your same concerns, maybe add in some of your research, and get his response via email, then print it out & save it! Then, when the audit happens and he points the finger at you, you can defend yourself. Otherwise, your conversation with the CEO (and his response) is irrelevant. Remember: if it isn't written down, it never happened -- the CEO could say you were installing unlicensed software without his knowledge, and then its your neck on the line.

And as far as calling an audit goes, think VERY carefully before calling the BSA in. It's going to be pretty obvious to the CEO who called the BSA, especially after you've been coming to him with these concerns. They may not know 100% for sure, but that's not going to stop them from finding some way to get rid of you. More importantly, if your CEO is networked well within your local business community, he may be able to blackball you from getting another job. Based on the information you've given, I would personally go for a paper trail where the CEO tells you NOT to fix the licensing issues, save that, and look for employment elsewhere. If you're going to call the BSA, wait until ~6 months after you're happily employed elsewhere before burning those bridges by calling an audit.

Re:Bide your time

[Anonymous Coward]

Wait, lawyers would never break the law?

Are you smoking something expensive?

Re:Bide your time

[Anonymous Coward]

yah because there isnt a multi billion dollar ponzi scheme that was run by a banker and his accountants or anything like that.

Re:Bide your time

[aztracker1]

Most of the software in question has viable alternatives. 1: instead of MS Office, install OOo, unless they pay for more keys. 2: instead of WinZip, 7-zip rules (there's other front ends for 7-zip) and you can make the default format for 7zip .zip instead of .7z ... 3: use PDF Creator or another print to pdf option, keeping originals in an editable document format.

Re:Contact the BSA & request an audit

[TooMuchToDo]

Mod parent up. Early in my IT career, I worked at a small web dev shop with 15-20 people. Someone got laid off, and called the BSA on us, even though we were licensed on all our software. Someone from the Chicago BSA office showed up and said they had a right to audit us and would be coming in to do so. My manager at the time told them to GTFO and come back with law enforcement if they wanted to do an audit. We never heard from them again.

Re:Contact the BSA & request an audit

[TooMuchToDo]

Also, as GPP mentioned, if you have a volume licensing agreement, you've already agreed to let them audit whenever they please.

Re:Bide your time

[whitelabrat]

That right. I would suggest that you line up another job before you notify BSA. Otherwise I would suggest pushing things like OpenOffice as an alternate to getting legit licensing.

Time for a new job

[snoig]

As someone who has been there and done that, my advice is to start activly looking for a new job today. It's one thing if management doesn't know what's going on but it's different if they know and don't care. In my case, I mentioned in several meetings that I needed to get legal and when my next review came around they needed someone with a different skill set. My two reviews before that were above average. The point is that if they are to cheap to get legal they are also to cheap to give you raises and support you and your job in other ways. Other places where I have worked that had no pirated software policies in place also had HR policies in place for cost of living and merit raises that were fair to the employee. Just get out of that place as fast as you can and you will be glad you did.

Re:Bide your time

[hibiki_r]

So you think there's no shady lawyers and accountants that will break every rule in the book? There's plenty of breaking codes of conduct in those professions. It might be less likely than in IT, but the amounts of money involved in corporate piracy tends to be smaller than when a corporation deceives or outright lies in their quarterly reports.

Re:Bide your time

[Grishnakh]

This is pretty close to extortion, but aside from that, it's going to get him fired at an inopportune time.

The best choice for this guy is to immediately look for a new job. This one is obviously not working out, and it would be idiotic for him to try to continue building his career there. He's probably already on their hit list for bringing this subject up. On the way out, he might as well report their asses to the BSA in exchange for a hefty reward. Normally I don't like the BSA's actions that much, but when a company is this stupid, they really deserve a giant fine.

Re:Beyond absurd

[Grishnakh]

Yes, except that people who report their employers to the BSA get a hefty reward. So in this case, the blackmailer would definitely benefit, making it blackmail. It's still a little vague though, since it is an illegal activity.

However, threatening to report it is downright stupid IMO, because it'll just get the reporter fired (either immediately, or later at an inopportune time). Either ignore it, or report it (after finding a new job, or determining the reward money is enough to carry you over). Don't threaten. It's not going to produce any positive results, and only negative ones.

Re:Bide your time

[rtb61]

Open Office works really well for me, I have been using it for many years with out any problems and prefer it of 'to annoyingly unhelpful' M$ office and document compatibility of Open Office over the long term is really helpful (last version I bothered with M$O was 97).

Obviously in a work place where piracy is a problem shifting them to free open source solutions makes sense as it is pretty obvious they will not pay for proprietary software licences. Of course the system admin should make the switch and focus on providing more support for the free open source solutions and as much as possible leave the pirates to fend for themselves.

Resolving the 'we pirate everything' office is more of a long term goal, application by application done over years and initial priority is to de-pirate hardware you are directly responsible for to ensure that should they finally get caught holding the bag. Keeping in mind copyright in the office content with no for profit redistribution is a civil rather than criminal and nothing to get too uptight about.