JackMech SPA Paper Ê Software Piracy The invention of computers has spawned a new type of crime. A crime that cannot be easily detected and is running rampant around the world. Millions of dollars in revenue are losteach year to these crimes, yet relatively few of the people who commit these crimes are caught. Software piracy is theillegal duplicating of any software. It is as easy as selecting a file andchoosing ÒduplicateÓ. But software piracy isnÕt just for thehardened criminals. Most often it is committed by the most innocent people. Some donÕt even know it is a crime.These illegal copies of software pass through person to person contact,through Bulletin Board SystemÕs (BBS), through the Internet, and throughÒprofessionalÓ pirates. These crimes are not going unnoticed. Software manufacturers and organizations seek tostamp out software piracy. But it is not an easy battle. Varioustechniques have been employed to deter individuals from illegally copyingsoftware. Yet none have been successful. The most powerful force in place against illegal copying of software is thelaw. Yet the laws are vague and the costs of criminal prosecution areseverely restraining any efforts to fight back against piracy. About Software Piracy: Software piracy is a common type of computer crimeand there is a lot of confusion surrounding exact what constitutes piracy.Many people think that because they bought a copy of the software it istheirs to do with as they wish. Many people see nothing wrong with Òjust installing a copy of thesoftware on someone else's computer.Ó Often thinking, ÒWell itÕsjust one copy.Ó This is an example of the great temptation to piratesoftware. The fact that making a copy of the software in no way degradesthe original copy is part of that temptation. Thebelief that no one will ever know is another part of that temptation.There is also a motivation from the cost of the software. To most peopleon a limited budget, spending $40 or $50 for a piece of software is borderline outrageous. They begin to thinkthat if they are going to spend that much money they should be able to givecopies to whomever they want. Or they may seek to install a copy of thesoftware without actually having to pay for it. A little known fact among the general public is that younever actually buy a piece of software, you license a copy of the softwarefor your personal use. The software is never yours to give away, you aresimply allowed to use a copy of their product. If you truly did buy the software, meaning that you buy allthe rights to the software, then you would legally be allowed to give awaycopies. Of course that is out of the price range of most people. Anotheraspect of software piracy that people rarely think about is why the price of software is so high. Thefact is that producing software is never as simple as it seems, as anyprogrammer can attest to. Hours upon hours go into every program. Not tomention the cost of the hardware to write the software on, the salary of the programmers who program thesoftware, and the marketing to sell the software. All these things add tothe cost of software, along with one other cost. Software piracy. Therebellion against high prices only drives the price higher. This last factor ends up in a catch 22. A tragedy ofthe commons. Software companies could lower their prices, but only ifpeople stopped pirating. But people will only stop pirating if the priceof software comes down. Many people believe that the software companies should make the first move. Theybelieve that the cost of software is artificially high and could be loweredwithout too much loss in profit (cost less = sell more). Whether thesepeople are right not isnÕt clear. ThatÕs a dilemma for the economists. Where does all this happen? There are many way of committingthis crime. The simplest is a person to person exchange. This occursmostly among friends and co-workers. A set of disks are copied and handedover to a friend or co-worker. This type of pirating is the hardest to detect. It happens in nearly every household or companythat owns a computer. While this is the hardest type of piracy to detect,when it is detected itÕs the easiest to prosecute. The parties involvedare easily recognizable and easily proven guilty. Though the cost of actually prosecuting these peoplewould never result in any financial gain. An extension of this type ofpiracy is when companies purchase a single license for a piece of softwareand then install it on all of their computers. The idea of innocence in these types of actions can stillapply, in some cases. Many times this type of piracy is conducted to savemoney and Òcut cornersÓ. Again, this type of piracy is hard todetect, though the ability to ÒraidÓ, or evaluate, a companies computers makes detection a more viable. The presence ofhard evidence usually results in a guilty verdict if the company isprosecuted. A point worthy to take note of is the fact that if a companyis given warning of investigation, they often times will quickly purchase legal licenses for all the softwarethey use. This Òscare tacticÓ works very well against most companiessuspected of pirating software. Besides on the personal level,then invention of remote networking using modems has spawned a new type ofsoftware piracy. Immediately following the invention of modems was theestablishment of Bulletin Board Systems (BBS). These BBSÕs allowedusers to connect to a central computer and such services asreal-time chatting, multi-player games, and file transfer. The ability totransfer files to a large number of people created a big boom in softwarepirating. BBSÕs setup specifically for pirated software (or warez) quickly appeared. These BBSÕshosted collections of software posted by users. Huge numbers of peoplecould connect to these BBSÕs, take any kind of copyrighted software theydesired and leave unnoticed, never to connect again. This anonymity causes many problems when it comes toprosecution. The amount of evidence against the host of the BBS wouldallow for a guilty verdict, but the people downloading the software, whichcould eventually end up being the hosts whole collection, could get away with their crimes. With the invention of theInternet, more people could connect to the BBSÕs, and the invention ofnewer and faster modems and file servers allowed more and more piracy tooccur. Also, the increasing storage technology allowed anyone to host aserver for very little cost. Software piracy isnÕt limitedto a single, or even one hundred, copies. China has an amazing amount ofÒprofessionallyÓ pirated software. These ÒprofessionalÓpirates copy not only the software, but also the packaging and manuals thatcome with the software. These pirated copies of software are thensold as originals at greatly reduced prices and all revenue goes directlyto the pirate. No money is ever paid to the software publisher. This typeof pirating is the most frustrating because the pirates are directly gaining from their actions. When twopeople exchange software on a personal level, nothing is gained by the twobut the software. When a ÒprofessionalÓ pirate sells a pirated copyof software, he gains in the form of money. What kind of person pirates software? Software piracy happens all overthe world. It is committed by children, adults, garbage men, businesswomen, and every other type of person conceivable. Software piracyisnÕt a crime held to the lowest ranks of society. Many people donÕtrealize that they are even committing a crime when the copysoftware. They donÕt understand that if they copy a program for a friendthat they are breaking a law. Even less understood is the fact that if youhave two computers and you have a single program installed on more than one computer, you must have a licensefor the software for each computer. The type of person that piratessoftware while not realizing they are committing a crime is the type ofperson that only pirates software on the personal level. The level at which it is hardest to get caught. So thereis really not much danger of an ÒinnocentÓ person being prosecutedfor software piracy. Easy access to an abundance ofillegal copies of software lead to a new type of pirate. The collector.Warez becomes an addiction of sorts to some people. Downloading softwarebecomes a competition to collect as many programs as possible. ThepirateÕs collection is something to be proud of. Theyforget about the legal implications of what they are doing. They thinkonly about expanding their collections. This type of person has a certaininnocence to their actions. Their collections of pirated software consist mostly of programs that they donÕtreally want for any reason but to fill their collections. They would neverbuy the program because they donÕt need it. Most of the files in theircollections have never even been expanded from the compressed state in which they were downloaded. Thecollector is one of the most likely people to start their own server. Theywill most likely want to show off their collection and a server providesboth a way to show off and to have the hundreds of other pirates add to his collection. If a collectordoesnÕt have the resources to start their own server they may uploadtheir files to other servers as a means of flaunting their collections. Another type of pirate is theTry-Before-You-Buy (TBYB) pirate. This type of person pirates software inorder to gain a real world feel for how a certain program will deal withtheir needs. This type of person evaluates the program and then eitherbuys it or deletes it. This type of person is not themost common among pirates, but there are quite a few. Illegally copyingsoftware provides the most acceptable form of evaluation for the TBYB.This type of pirate is, again, innocent in a way. They are not trying to gain copies of software without payingfor them. The fully intend on paying for what they use. This type ofperson would be the easiest to convert away from warez. The TBYBer couldalways just buy programs off faith and demos, they simply prefer to use the full program as an evaluation.These people have good morals for the most part. They have good intentionsjust a bad means of getting there. Many people go to a warez serverfor the social aspect. They are people who started out trying to get afew programs that they wanted without paying for them and found that thereare a lot of interesting people at these servers. Often these socialites are also collectors. The thinking is that the filesare there, so why not just download while youÕre chatting. There aresome socialites that donÕt download, but they are few and far between.These people do pose a problem for software producers. These people usually download only things that lookinteresting. And if they like what theyÕve downloaded they keep it.They have no intention of ever paying for the software. These three types of people makeup most of the software pirates on the Internet. Social groups andÒCyber-CommunitiesÓ have developed over time. Friendships havedeveloped among the warez community that are just as important asÒreal-lifeÓ friendships. Often times, the people who spend the time to makethose Òcyber-friendsÓ are the ones who are recluses in real life.Sometimes, Òcyber-friendsÓ are all you have. This is not a healthyrelationship, but it does provide the needed companionship to survive. These relationships further draw pirates intowarez. Whenever this type of person feels lonely, they just connect to theinternet, find a file worth downloading, and start up a conversation.Socialites are most affected by this draw to spend all their free time ÒonlineÓ, talking anddownloading programs they donÕt need or want. While their actions areno less illegal, certain types of people have less damaging intentions.The TBYB in particular is the least of the dangers to software publishers. Some effects of software piracy: The battle against software piracyisnÕt only an ethical battle. Hundreds of millions of dollars insoftware revenue are lost to pirates each year. Several world wide websites are set up to show the monetary loss due to piracy. Though this lossof revenue is definitely a problem, the magnitude is notquite as high as these sites claim. Many software pirates could neverafford to buy the programs that they are pirating. And many more donÕtneed the program enough to actually buy it. One cannot calculate loss when there was never a possibility togain. Despite this the problem of monetary loss is substantial even if itisnÕt as dire as these pessimists proclaim. Another problem, stemmingfrom the loss of revenue, is that software developers may go out of business because of the lost revenues. Andin the case of the Macintosh, a platform which needs all the developers itcan get at this time, losing developers can mean a downfall of their wholecomputing platform. All of this can be stopped, of course, by stopping software piracy. What has been done to stop softwarepiracy: There have been quite a few attempts to stop softwarepiracy. Though none have been successful to any degree, there have beensome good ideas, and there are still many more yet unthought. One of theearliest piracy prevention schemes was the serial number, or registration code. When purchasing a licensefor a software product, you would receive a serial number or registrationcode. When installing or running the software package for the first timeyou would be prompted for the serial number or registration code. Without the number or code you could notuse the software. This idea works against only the more novice softwarepirate. There are quite a few database files that circulate at almostevery warez site that document registration codes for most software products. With this database in hand, auser can gain access to thousands of software packages. Another piracy prevention methodwas requiring the user to own the manual in order to use the software. Atcertain points during usage the software would ask for a word in themanual, such as ÒEnter the word that appears on page 34, line 10, word4:Ó The user would then look in the appropriate place inthe manual and enter the word. Without the manual they could not continueworking with the application. This method never caught on to any greatdegree because of its intrusiveness. For the legal user, this type of protection is annoying to have to dealwith. And for users who lose their manuals it became a real headache. There is a piece of hardwarecalled a dongle or hardware key. It attaches to one of the cables on yourcomputer and allows you to use a piece of software. Without the dongle,the software will not work. This type of software protection is againannoying to use because it increases the cost of thesoftware. Not only must a company develop a dongle, they must develop thesoftware to check if the dongle is present. This increases the cost ofsoftware as well as increasing the development time of the software package. This type of protection is thehardest for a pirate to bypass. The only way is to create a ÒpatchÓthat modifies the code of the software to exclude the check for the dongle.These patches are not very difficult for an experience programmer to produce. Because of the volume of peopleworking together to ÒcrackÓ a protected program, a new productequipped with a dongle could be cracked within a a week of being releasedat the most. More often it would take only a few hours to crack. These techniques are not by farthe only ways to protect against software piracy. There will be many newmethods used in the future. Necessity is the mother of invention and aslong as there is software piracy, there will be a quest among programmers to find a fool-proof way to protect their softwarefrom piracy. The legal aspect of software piracy: While finding people who arerunning servers dedicated to copying software illegally isnÕt hard.Prosecuting them is. The first difficulty comes in finding out who, inreal-life, is actually running the server. Most people who copy softwareillegally use false names. The only way to track the owner ofa server is through their IP address (the address that leads to a computerthatÕs connected to the Internet). For someone who has a static IPaddress (read: their IP address doesnÕt change) it is simpler. There is a database that tells what IP addressesbelong to whom. It becomes a simple matter of looking up who owns the IPaddress and sending out a letter. Though if the IP address was registeredunder a false name then the search gets more difficult. The only way to find out who runs the site if theIP address registration isnÕt accurate is to simply ask the owner.Posing as a simple user, a ÒdetectiveÓ can simply ask for theiraddress. Many people will readily give their city and state, which will narrow down the search. Any host that knows whatheÕs doing will never give out his address to anyone for any reason. Ifthis is the case, the ÒdetectiveÓ is at an impasse. It becomesnearly impossible to find out who is hosting the site. The other difficulty in findingpeople who are copying software is if they use a dynamic IP address (read:changing IP address). A dynamic IP address will change every time the userconnects to the Internet. Most users who dial in with a modem have dynamic IP addresses. If a ÒdetectiveÓ is chasinga person with a dynamic IP address, the best he can ever hope to getwithout help from the person he is trying to chase is the name of thecompany that is giving him access. And even that information doesnÕt help much. Most Internet service providers havethousands of users. Finding which user was logged in to a certain IP at acertain time is quite a task. And even after finding the name of theperson who was logged in on the IP address, the ÒdetectiveÓ must prove without ever touching that personscomputer that they were connected to a warez server and that they weredownloading illegal copies of files. The lack of substantial proof makesit nearly impossible to actually prosecute people using dynamic IP addresses. With so many factors workingagainst anyone who tries to catch a person hosting or downloading illegalcopies of software, a ÒdetectiveÓ must rely on the stupidity ofothers in order to catch the criminal. All this ÒdetectiveÓ worktakes time. And time is money. Once a person is caught making illegalcopies of software the cost of taking that person to court would by faroutweigh the $40-$50 the software would have cost to buy. And even ifthere was a trial, finding concrete proof is difficult. And to add to the difficulty, the laws surroundingsoftware piracy and mildly vague. If a pirate works it right, he cansometimes be proven innocent because of some technicality. While thisprocess is long and hard, right now it is the only solution that has any possibility of stopping software piracy.Software side prevention has had no effect so far on piracy. It is timefor the companies involved to take action. How do people find these servers: Finding a server that hostsillegal copies of software is no hard task. Servers and files are flauntedover nearly every chat medium. All one has to do is ask for a serveraddress or a file and there request is granted almost immediately. Thereare four major methods of trading software: IRC, FTP,Usenet, and Hotline. Internet Relay Chat (IRC) is on ofthe earliest and largest means of pirating software. IRC allows people tochat in real time. There is also functionality allowing the transfer offiles. Many of the people who offer files on IRC are runningÒbotsÓ. ÒBotsÓ are communications programs that loginto IRC servers and allows other users to request files (among otherthings). You basically ask the bot, ÒWhat files are you offering todayMr. Bot?Ó IRC is one of the hardest mediums to track people from. A technique call IP spoofing allows IRC users to hideor alter their IP addresses so they cannot be traced. IRC is themain method of finding FTP servers. Another method of file transferthat is more reliable and faster the IRC is FTP (File Transfer Protocol).FTP allows users to connect to a server and peruse they files offered thereat will. Where IRC is a crowded room akin to the stock exchange, FTP is a quiet store, shelves lined with illegal copies ofsoftware, free for the taking. FTP servers are easier to track than IRC.Some other advantages of FTP are limiting the number of people downloading,which increases download speed for everyone downloading. And occasionally, resumable downloads, whichare helpful for when you get disconnected during your download. Usenet, which is more commonlyknown as newsgroups, is best fit with an analogy of a bulletin board whereeveryone can post a bit of information, and the owner comes along everyonce in awhile and takes off the old notes. Usenet is the most anonymousof all the transfer methods. Most people who postfiles to Usenet do so through anonymous email sites. And the people whodownload are nearly immune to being traced. The drawback to Usenet is thata whole file cannot be posted in a single ÒnoteÓ. It must be broken up into smaller ÒnotesÓ. If oneÒnoteÓ is missing, the whole thing is useless. The unpredictabilityof Usenet has overpowered its anonymity. Hotline is a new technology thathas taken software piracy to a new level. Hotline combines the best partsof the previous three technologies. There is an area for online chattingmuch like IRC. There is the capability to transfer files like FTP. And there is an area to post ÒnotesÓ to otherusers. While Hotline isnÕt especially anonymous, it does allowresumable uploads and downloads. Hotline has the fastest download rates ofany transfer protocol. There is also a convenient feature called the Tracker. The Tracker allows anyone to retrieve a listof currently operating Hotline sites. The only drawback to Hotline at thistime is that it is only available on the Macintosh. With all of thesegreat features and only a single drawback, itÕs no wonder Hotline is the method of choice. While none of these technologieswere developed specifically to solicit warez, they all provide featuresthat make software pirating possible. The power of fear: One universal fear amongsoftware pirates is the law. It is widely known among most regular pirateswhat the penalties of their actions are. Most pirates are younger than 18and living with their parents. When they make the choice to piratesoftware they count on the fact that if they were caught, as aminor they will not be punished to the full extent of the law. They gainconfidence from the fact that their record will be cleared when they turn18. This bloated confidence allows these pirates to continue with their illegal actions. The goodoutweighs the possibility of the bad, in their minds. Since most of themhave never had to deal with being caught for a major crime, they have nofear and the ÒitÕll never happen to meÓ attitude. This is why the best offense against software piracy is throughintent of legal action. Or in a word, fear. Increasing the number ofcompanies and organizations that actively seek out warez servers will stirthe fear that has long ago settled to the bottom of most pirates minds. Not only increasing the number ofcriminal cases, but the number of threats as well. A threat can go a longway to motivate a warez host to remove his files, or at least disappear.There is inherent fear that goes along with offering pirated software. As mentioned before that fear hassettled by the inactivity of anyone to try and stop them. The presence ofopposition should be loud and clear. To anyone who has looked a decentamount of time, finding a server that provides copyrighted software is simple. These smaller servers shouldbe the new target of opposition. These people are most likely juststarting out hosting pirated software. That is the perfect time to appearwith a letter stating, ÒYou are under investigation for illegal reproduction of copyrighted software.Ó Mostof the people who run small servers are in no position to fight against alaw suit. Once they are aware that their actions are being watched theywill run for cover. The important thing is to start small. Start with the people who could grow into largerservers. Start with the masses who provide the support and theÒmarketÓ for illegal copies of software. A lot of little victorieswill spread the word as fast as a few big victories. But which is easier to accomplish? A large server may be harder toprosecute because of precautions that a larger server would prepare. Suchas erasing the data on their hard drives. While there are methods ofrecovering lost files, there are also ways of removing files so that they may not be recovered. Methods ofprotection of servers are a common topic of discussion among pirates. Itis in everyone's interest who comes to a warez server to see it survive.Therefore, many people provide their knowledge and expertise in order to protect their ÒfriendsÓ fromlegal action. Another important part ofprosecuting people is making sure that the problem not only goes away, butis eliminated. When a house is infested with ants, you not only want toget rid of the ants you can see, but also the ones that you canÕt.Removing a problem from view doesnÕt solve anything, it onlyhides to problem. An example of this is stated in Time, June 2, 1997 page65: ÒRecently...[Glen Roberts] learnedthat Indiana University had a database open to the Net that listed thenames, Social Security numbers, phone numbers, research qualifications, andjob titles of 2,760 faculty members. Roberts grabbed it and published portions on his own site, along with a press release.University officials were not amused. They took the database off line ofcourse, and sicced the authorities on Roberts, who agreed to take his offline as well. Curiously, though, no one ever asked him to erase the data, which still reside on his homecomputer. ÔThe only time people care about [illegal activities] is whenthey can see it. As soon as they canÕt see it, they think thereÕs noissue. But the problem is still there.ÕÓ A possible solution: ********************************************* * NOTE: The information detailedin the * * following section is not to be* * divulged to anyone but JoshuaBauchner of * * the SPA and the Dean of StudentsOffice * * at the University of PugetSound. * ********************************************* Penalties: Once a software pirate has beencaught there comes the time of punishment. The laws regarding softwarepiracy describe penalties such as as much as $100,000 for each softwarepackage duplicated, a fee of $250,000, and a jail term of up to 5 years.These punishments, like all punishments, can be carriedout to the letter in campaigns dubbed Òzero-toleranceÓ. ButÒzero-toleranceÓ is not always good. While it does foil any attemptsby the guilty to lie, it also convicts people making innocent mistakes to the same fate. A better way of dealing with apirate is on a case by case basis. While some people may hold no respectfor the laws and feel no remorse for what theyÕve done, there are otherswho feel regret and sorrow for their crimes. Should a person be expected to pay for their mistakes or learnfrom their mistakes? It is a tough question. One of the most importantparts of punishment is making sure that a criminal rectifies the damagesthat they have caused. Is there any hope of winning? As long as there is software piracy, there will bepeople looking for a solution. Developments of the past have been valiantattempts to protect copyrighted software, but all have failed.Developments of the future will come and have a very good chance of failing just as the methods of the past. Buteventually, as long as there is piracy, there will be a cure. It may comein the form of the network computer. Where all applications are stored onremote computers, and downloaded only when used and protected by IP address restrictions and passwords. Orit may come in something so simple we will all wonder why we didnÕtthink of it before. No matter how it comes about, there will be asolution. Conclusion: Software piracy has developed into an internationalproblem. While still occurring at the personal level, the greater problemnow is the Internet. Hundreds of thousands of programs are transmittedover the Internet daily. While no solution is visible in the near future, the problem of software piracywill some day come to a successful conclusion. And hopefully someday itwill be possible for everyone to afford any piece of software that theycould ever want. But until that day comes, we must keep up out hope and strive forward. Software Piracy Facts: (From the SPA web site. http://www.spa.org) Fact: Few other industries lose asmuch revenue to theft, estimated at $13.2 billion; nearly 1 out of 2 copiesof software is illegally installed. Fact: The US has the lowest piracyrate of 26%; Vietnam has the highest rate of piracy estimated at 99%. USloss = $3.3 billion; Asia-Pacific loss = $4.0 billion; Latin America loss =$1.1 billion; Western Europe loss = $3.6 billion; Rest of World loss = $1.2 billion. Fact: Over 45% of US software companyrevenues are generated overseas. Nearly 75% of piracy losses occur outsideUS borders; 25% of the countries surveyed had piracy rates greater than90%. Fact: Software piracy presents aunique problem in that there is virtually no degeneration in quality fromcopy to copy. Fact: US federal copyright law statesthat it is illegal to make a copy of software other than as a back-upwithout the permission of the copyright holder. Fact: Commercial piracy of software isa felony offense under which penalties may include a prison term of up to 5years and fines up to $250,000. Fact: Civil penalties for copyrightinfringement range up to $100,000 per title infringed plus attorneys' fees. Fact: SPA investigates illegalsoftware use on behalf of its members in the following ways: cease anddesist letters, cooperative audits (in lieu of litigation) or litigation. Fact: Actions have been takenagainst: computer dealers, corporations, non-profits, government agencies,educational institutions, Internet Access Providers and end-users. Fact: Results of SPA enforcementactions to date for anti-piracy total over $16 million. Thanks: Thanks to Joshua Bauchner and thepeople at U.Pwelcome datacomp.S. for the chance to write this paper ratherthan slapping huge fines and jail time on me. IÕd rather write thispaper and perform the other duties of our agreement, as well as changing myways, than have both mine and my parents live prettymuch ruined by fines. This has been an immense experience for me and Ihave learned quite a few things about software piracy, the laws thatsurround software copyrights, and about ethics and morals. As they say, allÕs well that ends well.