How does software piracy work

Robbery and copying


When Christian Goltz makes one of his home visits, the company concerned is not doing particularly well anyway. The Chemnitz public prosecutor specializes in white-collar crime. Copyright infringement is his hobbyhorse, which leads to unpleasant surprises for some of his customers.

Because if pirated copies are suspected, the computers can be confiscated in order to preserve evidence. "Confiscation to preserve evidence" means that the owner has a certain chance of seeing the computer again one day. However, if computers are confiscated as ‘tools’, they will become the property of the state as soon as the suspicion has proven to be justified in court. However, the principle of proportionality of the means also applies here. As a rule of thumb in the case of software piracy, one can say that a high-end machine will not be confiscated due to a missing WinZip license, but the Aldi computer with illegal QuarkXPress and Photoshop has a good chance of finally becoming state property.

Anyone investigating white-collar crime routinely secures evidence on hard drives and backs up the suspects' workstations and servers. Special police units work together with IT experts. And while you're at it, it's easy to take a close look at the company's licensing situation.

Prosecutor Goltz also applies the principle of proportionality in other respects: ‘If a company is doing badly, for example in the event of embezzlement or threatened bankruptcy, I will do everything to prevent the IT system from being paralyzed. That would be the death knell for the company. I then instruct the experts or the police to secure the evidence as far as possible by creating backups. "

In many cases of license abuse by companies, the public prosecutor is left out. The software manufacturer obtains a court order to search the suspicious company. The bailiff usually calls in IT experts and subjects the computers to his power of attorney, i. H. he ‘sequesters’ them and with them all invoices and license documents.

Dr. Siegfried Streitz, state-appointed IT expert in Brühl near Bonn, describes the technical process: ‘We usually bring a wide range of equipment and mostly work with SCSI cards that we insert into the computers. With today's capacities, the parallel port is no longer sufficient. We can also access backup devices that are already in place at many companies. Then we first make a reasonable data backup. In rare cases I can rely on the existing backups. This is a very gloomy subject: either they are incomplete or they do not work. Our "customers" are certainly not regular c't readers. "

The sequestration is maintained until all data necessary to secure evidence has been collected. If this is prevented by passwords or encryption, the corresponding PC or server, and possibly even the entire IT installation, may not be used for that long. When a company is faced with the choice of naming the passwords and surrendering the keys or at least temporarily forfeiting its IT infrastructure to preserve evidence, the decision is usually not difficult. In addition, according to Streitz: ‘Normally, the protective measures are not really designed to hinder our work, or those affected are correspondingly cooperative. We can get 97% of the data without the assistance of the owner. "

When asked about the scope of the problem, he notes: ‘In the course of my work, I have not yet seen a company that had sufficient valid licenses for the installed program packages. That may be because companies that are the subject of judicial investigations are often of the more dubious type. "

The bad internet

Immoral offers to purchase super cheap software flutter into our inboxes almost every day as promotional e-mails. A ‘Who Dini’ wrote on March 20th: ‘Hello, are you tired of paying full price for software? What do you think of $ 20 for high-end software? This price applies to the first CD, each additional CD costs only US $ 10. ’This is followed by the usual list of programs: the bestsellers from Adobe, Microsoft and Macromedia.

There are thousands of websites that openly and boldly advertise pirated content. Some of the pages are professionally designed and resemble shareware sites, except that their top downloads are called ‘Windows 2000’ or ‘Dreamweaver 3.0’. But who has enough fast or cheap internet access to suck up a complete operating system?

Without further investigation, it remains unclear who is really behind the sites and what he is up to. The BSA (Business Software Alliance, see [# kasten1 box]) warns against virus-contaminated and incomplete downloads. Margo Miller rejects the suspicion that the BSA itself has such offers to covertly penetrate the scene. The BSA Internet Investigator for Europe: ‘I make sure that my boys don't break the law. I can talk to police officers who are conducting similar investigations about my methods at any time. "

The newsgroups are another trading place for illegal copies. On December 20 last year, for example, ‘Norman’ is offering Mathcad 2000 Professional ’and a well-stocked collection of other CAD software for US $ 30 per CD. To this day, various international telephone and fax diversions have been switched to him, but he has not yet responded to our request. ‘Such dealers can be located practically anywhere,’ says BSA lawyer Oliver Wolff-Rojczyk, ‘We can only do something against copyright infringers domestically, but we have our hands full with that too. Many providers try to give the impression that they are based abroad. In reality, they are sitting in a conspiratorial apartment in the high-rise district around the corner. "

A high school student and a few cronies had a flourishing CD mail order business for months. The name in the lease for the business premises is fictitious, and in an East Berlin block of flats with over two hundred parties, the young people, who are mostly out and about at night, are not noticed. The police find out the home address by requesting administrative assistance from the provider in the USA, which they locate by analyzing the falsified IP address. The pursuers find out which apartment it is with a classic detective trick: they paint invisible fluorescent paint on the mailbox that receives the envelopes with dollar bills and then wander through the house with special glasses looking for traces of paint on the door.

Streitz describes the pursuit of software pirates on the Internet as poking around in the fog ’. Given the chances of success alone, it makes sense to leave the underground scene and well-camouflaged hobby copiers alone. Open trade with commercial interest, on the other hand, relies on payment channels that are easier to track down than FTP servers hidden from the domain name system, whose address can only be found via conspiratorial IRC channels.

Miller claims her tracking team has search tools that she can use to locate the most disguised illegal markets and file sharing sites. 1808 Miller's troop is said to have shut down websites in 1999. However, this usually does not require a lot of effort: ‘The IP address of an illegal offer can be used to determine the provider, which we then ask to close the site. Almost all providers forbid in their terms of use to offer copyrighted works of others without their consent. "

Insider as a guide

In addition, the persecutors do not only live on the Internet from tips that are sometimes received anonymously and sometimes openly via e-mail, fax and telephone. Attorney Oliver Wolff-Rojczyk, who works regularly for BSA and Microsoft: ‘Our best whistleblowers are fired employees with exact insider knowledge.’ The commercial manager of a larger insurance office and his colleague IT manager got on the boss's nerves. They kept pointing out that there were no licenses for 100,000 marks. "I hired you to save costs, not to cause unnecessary ones," the managing director is said to have said. Even during the probationary period, the end of the line-up for the IT manager and his successor. After calling his authorized signatory at the BSA, the license-resistant boss should not enjoy his frugality for much longer.

The small series forger who offered the first self-burned MS Office CD in a small classifieds paper is particularly stupid. His pilot customer is a test buyer from the State Criminal Police Office who arrested him at the meeting point. The judge, slightly annoyed, imposes a small fine with the express stipulation: "I don't want to see you here again."

But the message does not reach the addressee. Two weeks later: same classified ad, same meeting point, same buyer. Face to face, the would-be retailer is lacking courage. He gives heel money. After a wild chase, the two end up before the same judge. The hard reward for supposedly easy work: eleven months without parole.

Problem child computer schools?

In an interview with c't, BSA lawyer Wolff-Rojczyk explains: ‘In recent years, small private computer schools that are mainly financed by retraining funds from the employment office have turned out to be a particular problem child. Especially here, where the correct handling of hardware and software should actually be taught, it seems to have become common practice to consciously save money on software licenses. "

Jörg Dennis Krüger from the Digital Services EDV Academy in Hanover explains the background: ‘Our company could not afford to train retrainers from the employment office. In this area, sometimes less than 100 DM per student per day are paid. This would mean that we would not be able to recoup our costs, which also include costs for software licenses and their administration. Private users, on the other hand, are usually neither willing nor able to spend more than DM 25 per hour on the table. A typical course with us costs two to three thousand marks a day. "

Due to the variety of software equipment for training courses, the prices for licenses quickly add up to a multiple of the hardware costs. Those who do not have a proper license here can offer their courses more cheaply than the competition and still make profits faster - if they are not caught.

The Employment Office in Hanover expects at least 18 participants per course for its retraining at an hourly rate of nine to 13 marks per person. With up to 24 participants and 1500 hours of training per year, this results in a turnover of around 300,000 marks per course. The investment costs of approx. 100,000 DM for 20 computers with legal software could be brought in in this way.

Nine to 13 marks are only available in special cases and only for demanding courses such as training to become a programmer or network administrator. For commercial participants (Word course for the secretary, digital copying for printers), the employment offices in the state of Lower Saxony only pay four to seven marks per person and hour. ‘We got the impression that politics in this federal state are deliberately playing off schools against each other in order to lower the prices. The employment offices in Bavaria pay four to five marks more per hour and participant for the same performance, ”said the spokesman for one of the computer schools that c't asked about the BSA's allegations of piracy.

Conclusion

It is precisely the ‘standard programs’, which are widespread anyway, that are particularly popular among pirates. Today there is more freedom of choice than ever before. With Solaris, BeOS, the various Linux distributions and FreeBSD, there are now a number of full-blown alternatives available even at the operating system level, some of which are also free for commercial use. All these have in common that they cannot be compared with the work of the monopolist in terms of software offer or hardware support, but whoever wants can find a suitable solution for almost every application.

However, anyone who is professionally dependent on the use of a certain version of a certain program due to its dominant market position, but cannot afford a legal copy and does not get it from the client, has bad cards. Here the software manufacturers are called upon to think about new forms of licensing that enable these mouse and keyboard workers to step out of illegality. How about a Use Now - Pay later ’model as you know it when buying a car? Overall - we assume that there is a serious interest in the decline in illegal use - some elements of today's licensing policy are in need of revision. Is it really sensible and negotiable to charge 800, 400 and 100 marks for one and the same product?

Companies that use standard software also have to rethink. After all, it was they who, through their purchasing behavior, promoted applications in favor of format compatibility in the past, which is what makes the sometimes excessive product prices possible in the first place. A company that does not operate pirated copying directly or does not want to promote it indirectly has to sift through its software fleet and optimize it for format compatibility. It is not important that everyone uses Word. It is only important that the data exchange between the various applications runs smoothly. Only then will it be possible for external and internal employees to actually use the alternatives and submit their work in convertible, i.e. loss-free, importable formats. In the end, it depends on the customer receiving the work on time and in satisfactory quality, and not on whether it is done under Linux or Windows, FrameMaker or TeX. (frf)

[#start top of page]


Who actually is the BSA?

The Business Software Alliance (BSA) has existed since 1988 as an interest group for software manufacturers. She takes care of license abuse in companies and advocates uniform international copyright regulations. Presumably in order to sharpen her negative profile as a dangerous persecutor, she has already sent threatening letters to well-known registered users in the past (see Christian Persson: 'Threatening letters to your own customers', c't 7/97, ​​page 14) .

Today people act more moderately, complain about the flood of pirated software on the Internet, which is difficult to contain, and look forward to a number of cleared up cases that sometimes end with high fines. The BSA achieved diplomatic success last year in Brazil, where a new copyright law provides for hefty penalties for license abuse. Up to three thousand times the relicensing costs can be imposed in addition to these.

In the USA, the BSA is currently paying particular attention to software legalization in public administration. In their weekly press release of March 17th, the software watchdogs enthusiastically wrote: 'Bill Owens made an impressive commitment to the use of licensed software: The governor of Colorado has instructed all departments of the state government to only use legal software in the future.' Ask what kind of software was used before these instructions. For the European Union, a parallel education program provides, among other things, ‘exemplary behavior in copyright protection in authorities’ so that they ‘act as a role model for the private sector.’

The BSA regularly publishes figures on the damage that pirated copies are supposed to cause. These are estimates based on a comparison of the official sales figures for software packages and new computers. If fewer software packages are sold than computers, then the other machines work with pirated copies according to BSA logic. In several conversations with c't, however, the BSA representatives questioned admit that they too do not know anything more precise about the true extent of the problem. "We are actually working on a usable method to make the size of the problem and also the impact of our work measurable." Says Margo Miller, who investigates for the European BSA on the Internet.

[#start top of page]


Licensing practice using the example

The "Private Bildungs ​​Akademie Hannover" computer school, founded five years ago, now employs around a dozen permanent employees and 30 to 40 freelancers. At the beginning, the PBA belonged to a nationwide franchise network, which was able to act as a major customer to the software manufacturers and received appropriate conditions.From this time and later computer purchases with OEM software comes a noteworthy collection of licenses, which is repeatedly supplemented by individual packages. In an interview with c't, PBA managing directors Peter Nolte (network administrator) and Bernd Regenthal (planning and accounting) reveal recipes with which they prepare their licensed soup in a tasty way:

c't: How do you calculate the number of licenses required for your courses?

Nolte: Our planning system gives us an overview of the courses for the next two to three years. The learning content shows which software we have to use in each case. In this way, we can already prevent the course planning from requiring more licenses than are available at a certain point in time. Depending on the application, the savings potential is 30 to 75% of the license costs compared to the hypothetical full equipment of all computers.

Regenthal: If several Word courses are currently taking place, we use the free alternative StarOffice under Linux in other classrooms to write reports.

c't: You now have a license and software management system that is tailored to your needs. But what about smaller companies, with people who are just starting to set up a computer school?

Nolte: Especially in the beginning you have your hands and your head full of things other than licenses. You see to it that you buy the computers with the required programs and simply forget about the license issue. Specifically, this means that you no longer ask yourself the question if the company suddenly grows or if more participants register for a course than planned. There doesn't even have to be malicious intent. Actually, we should hire someone who does nothing from morning to night other than dealing with license and update problems. We have tried again and again to find competent contact persons at the manufacturers at trade fairs or via the hotline. We usually get rather vague answers to questions in the area of ​​software licensing.

c't: There are also software consultants from the BSA and Microsoft who you can even bring in free of charge. And there is free software from the BSA that is supposed to help you with licensing questions.

Regenthal: I'm not looking for my tax advisor in the tax office either.

Nolte: With us, the licensing situation changes on a weekly basis. I doubt that such software will help in our situation. For example, we teach Word one week in a classroom, NetWare the next week, then maybe not a single Word installation for two weeks and then again in two classrooms.

c't: How does your software management work? Do you work, as I suspect, with disk images on fairly similar hardware?

Nolte: Our system ensures that no more licenses are used at the same time than are available. The number of images is also lower than the number of permissible backup copies, because there is only one sample installation per computer type. Since we ensure extensive driver consistency across as large a number of our computers as possible, there are very few.

So I have, for example, the image of my sample installation of Windows 95 with Word for computer type X. When a classroom with Word is on, I run my resource server next to it or connect the classroom network to the server room. Then I put a start disk in each computer, and after 40 minutes the room is completely set up - including post-configuration such as the assignment of IP addresses and computer names, which I have now automated using scripts from the NT resource kit, among other things have.

c't: If 70,000 marks are now required for the upgrade to Microsoft 2000 products, how do you finance this investment? The money will only come back into the cash register in the course of a year or two ...

Regenthal: Either we take out a loan or we lease the computers together with the licenses we need. There is something recently: software leasing. The "Open E" program from Microsoft gives us the opportunity to purchase upgrade licenses, for example from Windows 95 to Windows 2000. This is even the rule in ‘Open E’.

c't: How do you, as a customer, feel treated by the software manufacturers?

Nolte: You will get very little information about the products from the software manufacturers themselves. That alone wouldn't be so bad if the product quality were right. We pay a significant portion of our budget for products that are on construction sites.

Regenthal: The companies for which we train employees have similar problems with the software companies as we do. We notice this from the fact that Linux, Apache and Sendmail are increasingly required in training. If it continues like this, the license problem will eventually resolve itself. In addition, we as a school are multipliers. I can give examples in which our graduates have replaced Novell and Microsoft installations in companies with Linux. Linux is actually still not a system for the end user, but an appropriately trained computer department can set up the workstations in such a way that the users do not even notice it.