Faced with a high rate of software piracy, publishers are fighting back John Lovelock discusses why you should reduce the risk to your company by ensuring software compliance.

Software piracy is a major problem for the IT industry. Recent research suggests that the current piracy level in the UK remains at a staggering 27%. It is not just the software publishers who are losing out: the repercussions of this piracy are costing the country billions.

A reduction in software piracy levels of just 10% could create 40,000 jobs and contribute £6bn to the UK's gross domestic product. Not surprisingly, the software publishers are fighting to retain their intellectual property.

UK-based companies are often under-licensed without realising it, leaving themselves open to a serious risk of prosecution if found out. This is a risk that needs to be managed.

Theft is theft

The illegal copying or distributing of software is often wrongly viewed by perpetrators as nothing more than a minor transgression, rather like speeding. Their answer to the threat of being caught is 'it won't happen to me'. But the threat is a serious one: the Copyright, Designs and Patents Act 1988 allows for penalties of up to 10 years imprisonment and unlimited fines. For most companies this means that even an out-of-court settlement may be just about as damaging for directors as a spell at Her Majesty's pleasure. The potential impact on reputation, customer relationships and share price is unquantifiable.

There is proof that direct action is not a just a threat. City banker, Alex Bell, and three other perpetrators were punished by prison sentences of up to two and half years at the beginning of May for conspiracy to defraud, through their involvement in an internet piracy gang, 'DrinkOrDie'.

The group considered themselves heroes in the style of Robin Hood, and enabled visitors to their website to download products such as Microsoft Word and Excel for free.

But it is not just individuals that are getting caught out. Very recently Microsoft reached a settlement of £750,000 with two of its UK customers over their use of unlicensed software. This once again demonstrates the potential risk to companies of not having the proper controls in place to manage their software licences. In total, over the last five years, companies have paid out £1.8m in fines to the Business Software Alliance for using unlicensed software, and a sum in excess of £5.5m has been recovered as a result of the activities of the Federation against Software Theft.

Director complacency

British business is worryingly complacent when it comes to software piracy, and the vast majority of company directors are ignorant of the concept of vicarious liability, which can put the responsibility for all of their employees' actions at work firmly at the feet of the company and its directors.

This embraces any acts by employees, no matter whether or not such an act was specifically authorised by the company.

Software piracy is included, so it is up to directors as custodians to make sure that they are putting in place the appropriate measures to prevent illegal software installation and use on the company network to reduce business risk It is also up to them to punish those responsible for illegal activity to demonstrate the importance of compliance across the organisation.

What is more, company directors would be wise to question the IT department before blithely accepting their assertion that software licences are all present and correct. The Federation recently discovered over 5,800 illegal digital music files in a software audit of 2,500 PCs at a UK financial services organisation. The vast majority of these files had been illegally downloaded by people in the IT department - those normally tasked with combating the problem.

All too often IT policy management and enforcement are left solely to the IT department, in the belief that when IT staff say that correct licences are in place, they are. But directors must not allow themselves to be fobbed off by IT staff. They can also be the culprits.

User knowledge

Part of the increase in software piracy is due to advances in technology.

The internet, combined with advances in DVD technology, has made the process of illegal copying far easier. As IT literacy increases among users - and not just among those employed in the IT department - the risk of illegal downloads is ever-present and growing. More often than not, employees treat their work PCs as they would their own property, and may be downloading software, swapping music files or burning files onto disk to pass to others inside and outside the organisation.

If company directors are to stamp out the problem of software piracy in their business, they need to have a firm grip on their technically able staff across all departments.

Internet CCTV

Just as high street computer stores have installed CCTV and other anti-theft mechanisms, there is an obvious need for similar initiatives to police the internet. But this is something that is clearly easier said than done across the vast worldwide web.

That said, The Federation has recently embarked upon a new programme, codenamed Operation Tracker. With the blessing and encouragement of our software publisher members we are using computer forensics experts to trace illegal uploads. The evidence gathered by these experts can be used to apply for court orders to obtain the relevant user information from ISPs, and actions which could include criminal proceedings, may be commenced.

Operation Tracker has its eye on home users as well as users of corporate networks.

Industry allies

It is not just the software publishers that are taking drastic measures to protect their intellectual property. The global music industry is also stepping up its anti-piracy war. The International Federation of the Phonographic Industry (IFPI) recently announced it was launching legal action against 693 filesharers, and the British Phonographic Industry (BPI) has started legal proceedings against 33 UK internet users accused of illegally uploading music to the web.

Neither The Federation nor the IFPI and BPI are cracking down for the sheer sake of it. Copyright infringement costs livelihoods, and these organisations have a duty to their members to try to reduce and prevent it.

John Lovelock is director general at The Federation Against Software Theft, Tel: 01628 622121, E-mail: fast@fast.org


The Federation Against Software Theft was set up in 1984 to lobby Parliament for changes to the copyright law. Today, The Federation's key remit is enforcement. In particular, it tackles software theft using the sanctions of the copyright legislation, extending from under-licensing (buying fewer licences than the number of copies of the software being used at any one time), to the problem of misuse of the internet. It represents any software publisher member whose intellectual property is being abused, regardless of their size.

The Federation's own legal expertise is reinforced by its Legal Advisory Group (FLAG), which consists of circa 30 law firms engaged in IT/IP and operating in the UK and overseas.

FAST has 160 members from the software publishing industry (including resellers, distributors, audit software providers and consultants).

FAST Corporate Services offers a membership programme which provides advice and training to help businesses understand the various areas of effective IT and software management. The FAST Standard for Software Compliance, a private standard developed in collaboration with the BSI, is now widely recognised as the benchmark in the software management arena. For more information please visit A STEP BY STEP GUIDE TO COMPLIANCE FROM FAST CORPORATE SERVICES


The first step in the software compliance process is to ensure that the appropriate policies and procedures are implemented, so that employees know what they can and cannot do when it comes to software purchase, installation and use. This should include obtaining authorisation from the appropriate member of staff before downloading or installing anything on the organisation's computers.

Naturally, users should be made aware of new policies and procedures and this can be done via posters, newsletters and notice boards. Employees should sign a document to say that they understand them and will follow them to the letter. A disciplinary process should also provide reinforcement, and should be followed if staff are found to be contravening the new policies and procedures.


The next stage is to audit all software and hardware assets to find out exactly what is already installed and, more importantly, what is actually used. Many businesses find they are over-licensed and are wasting money on buying more copies of software than required or paying maintenance on unused applications. The money wasted could be channelled into other areas.

The audit process can either be done using an electronic network auditing tool or via a manual walk-round audit. There are advantages and disadvantages to both, and it may also depend upon the size of the organisation and how many PCs it owns.

Collecting data via an electronic tool is much quicker, but it is practically impossible to obtain all the information required for the audit. Information on the user as well as details of stand-alone PCs or laptops that may be off-site cannot be collected via an electronic audit. A physical walk-round is very time-consuming, but ensures that these details are not left out of the audit. It also takes into account peripherals such as printers, plasma screens, scanners and external modems. Once each item has been audited, it should be marked with a unique identification sticker.


The third step is reconciliation of the audited assets with relevant software licences, to ensure that the organisation is correctly licensed. An asset register should be devised, listing the unique asset number identified during the audit process with the licence number. Many software publishers now allow invoices to be used as proof of licence purchase, so it is worth reconciling software to invoice numbers as backup.

The organisation should then ensure it has the correct number of licences. This is likely to involve purchasing licences for software that is underlicensed and deleting any unlicensed software that is not needed. Licences should also be stored in a fire-proof safe once the reconciliation has taken place to avoid potential loss or disasters.


The last and perhaps most difficult task is ongoing management of the compliance programme. As the IT and business environment are constantly changing and evolving, so too does the use of assets.

Policies and procedures should therefore be reviewed frequently and updated as necessary, with regular communication sent out to all staff to remind them of their existence. A full audit should be carried out at least once a year as well as an interim audit of between five and ten per cent of the organisation's PCs. This will ensure that the organisation is as compliant as it can be and reduce the risk of being hauled over the coals for non-compliance.