Software piracy group offers cash to whistleblowers

By Robert Westervelt, News Editor
Security ProPortal.com
December 3, 2009

Disgruntled employees in the U.K. have a financial incentive to tell on their employer if they suspect the software they've been using is improperly licensed.

The Business Software Alliance (BSA), a global software industry group that collects data on software piracy and presses for greater control of software licensing, is offering employees up to $32,000 for reporting software piracy violations. The program, which has been in place for several years, was increased from about $16,000 by the organization through the end of the year.

The BSA is combating software piracy by tapping into the rising threat from insiders -- disgruntled employees -- dealing with layoffs and budget cutbacks as a result of the unsettled global economy. It announced the incentive program last week along with a survey it sponsored finding that 40% of workers based in London were willing to turn in their boss for a financial reward if they were laid off.

Software piracy has grown to be an international concern. Cybercriminals have been known to pirate software and sell it using legitimate looking websites. Some social networks, peer-to-peer file sharing sites and certain Web forums also fuel the trend, according to the organization. The BSA estimates that globally 41% of all software installed on computers is obtained illegally. It concludes that as a result of piracy, the software industry is losing $53 billion annually.

Software piracy:

Application hardening tools help repel software pirates: Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit. Software piracy losses total $53 billion, study finds: The sixth annual Global Software Piracy Study found software piracy dropped in about half of the 110 countries studied.

A German consumer technology website reported last week that pirated copies of Microsoft Windows 7 on USB disk drives surfaced in China. The USB sticks display the signature of Microsoft CEO Steve Ballmer and look authentic.

But experts say there are much better ways to track and crack down on illegal software piracy in the workplace. Antipiracy technologies are available and cost as little as a few pennies per client, said Avivah Litan, a vice president at Gartner Inc.

"I would rather see the alliance promoting sound technology practices rather than incenting employees to rat on each other; it seems like an arcane measure," Litan said. "Software makers have the option to use effective technology out there that can solve most of their problems."

News of the increase to the BSA financial incentive program was announced in several UK publications. A number of software giants make up the organization, including Apple, Adobe Systems Inc., Hewlett Packard, IBM, Microsoft, SAP and Siemens.

Peter Beruk, senior director of compliance marketing said a reward of up to $1 million is offered to employees based in the United States. In the U.S. the program has paid out about $260,000 over the last two years. To be eligible for a reward, the employee must leave valid contact information. Most investigations take about a year to process and the average payment is about $5,000, Beruk said.

"We realize that it is difficult for people to make the call and we want to reward them for doing the right thing," Beruk said.

Experts say many companies aren't trying to swindle their enterprise application provider. Some businesses can fall into the trap of sloppy bookkeeping with enterprise software deployments, wrangling software license agreements, Litan said. In many organizations, office technology inventory systems can become of date, causing some firms to violate their agreements. To better handle license management, some organizations are considering integrating inventory management with identity access management systems.

Application hardening technologies have entered the market over the last several years, targeting many consumer and some business applications. Arxan Technologies Inc., Cloakware Inc., PreEmptive Solutions LLC and V.i. Laboratories sell products that make applications difficult for hackers to crack and duplicate.

Device reputation technology can also ensure that licenses are being used properly, Litan said. Portland, Or.-based Iovation Inc. and Scottsdale, Ariz.-based 41st Parameter Inc. each sell fraud management tools. Software makers and enterprises wanting to track licenses have to weigh the benefit to determine if there is a cost savings. More robust technologies can be costly, she said.

The BSAs Beruk said that some software makers are afraid that certain technologies could hinder end user productivity and make the software difficult to run.

"There's a fine balance of protecting the IP but also alloowing the organization that properly acquires the licenses for the products to use them without any encumbrances," Beruk said. "Many of them do a cost benefit analysis to realize if it makes sense to add the technologies."