Am I bothered?

By John Lovelock

As director general of the Federation Against Software Theft (FAST), it strikes me as a sad world we’re living in when four-fifths of the British public admit they’d turn a blind eye to theft, or to be more precise, software theft.

The results of a recent study commissioned by FAST have revealed that while 79 per cent of us would report someone we saw shoplifting, it is a different story when we witness our workmates brazenly sharing illegal software on their computers.

Call it what you want, but theft is theft. And digital software theft is exactly the same as walking out of PC World with a CD-Rom stuffed up your jumper. Personally, I’m shocked at the blasé attitude of so many of our survey respondents.

Yet perhaps those who need to be most shocked are the company directors who employ our respondents. Some 90 per cent of people surveyed admit they would freely download something onto their work PC that they would not do at home.

Perhaps they think they will not get caught – but that’s simply not true.

Significantly, company directors who can be held responsible for ensuring that illegal computer activity, such as file sharing, does not take place in the workplace. Ultimately, it is they who are liable. Indeed, as the law stands today, they can be subjected to ten years in jail if they are deemed to have consented or connived in the activity.

While handing responsibility for IT to your company’s technical staff might seem like the easy option, it is imperative that company directors take a firmer grip. In May 2005, City banker Alex Bell and three other perpetrators were punished by prison sentences of up to two and a half years for their involvement in an internet piracy gang. Worryingly, most of these men held responsible positions in corporate IT departments.

All too often, IT policy enforcement and management is left solely to the IT department, in the belief that when IT staff say that correct software licences are in place, they are. But this case shows that the very people who are left in charge of managing IT are also just as capable of software piracy – if not more so.

Policies and procedures

As FAST and its sister organisations worldwide continue to crack down on piracy, directors ought to remember that ignorance is no defence in a court of law. They must therefore tighten up on software licensing to make sure that their companies comply with their legal obligations.

They need to set boundaries – fixed policies and procedures so that employees know what they can and cannot do when it comes to software purchasing, installation and use. This should include obtaining authorisation from the appropriate member of staff before downloading or installing anything on the organisation’s computers.

Employees should sign a document to say they understand the policies and that they will follow them to the letter. Staff should be regularly reminded of what is and what is not allowed. A disciplinary process should also provide reinforcement and be followed consistently if staff are found to be contravening the rules.

The next task is to audit all software and hardware assets to find out exactly what is already installed and, more importantly, what is actually used. Many find they are actually over-licensed and can therefore save money as a result of the audit.

The third step involves reconciliation of the audited assets with relevant software licences. The organisation should ensure it has the correct number of licences. An asset register should be devised, listing the unique asset number during the audit process with the licence number. Invoices may also be used as proof of licence purchase, so it is worth reconciling software to invoice numbers as backup.

The last and perhaps most difficult task is ongoing management of the compliance programme. As the environment is constantly changing and evolving, so too does the use of assets. Policies and procedures should therefore be reviewed frequently and updated as necessary, with regular communication sent out to all staff to remind them of their existence.

A full audit should be carried out at least once a year and be supplemented by an interim audit every quarter of between five and ten per cent of the organisation’s PCs. This will ensure that the organisation is in the best practical position to demonstrate compliance and reduce the risk of being hauled over the coals.

At the end of the day, software piracy is illegal, as is any form of theft, and the taxpayer’s money is never ‘wasted’ on convicting anyone who breaks the law.

John Lovelock, director general of FAST, can be contacted on (01628) 622121.