Software Piracy in the Information Age Index 1. Introduction 2. Software piracy methods 3. Small scale piracy methods 4. Large scale piracy methods 4.1. BBS 4.2. Internet 4.3. IRC FTP offers Trading Offerbots 4.4. Ftp sites 4.5. Usenet 4.6. Email 4.7. WWW 5. Commercial piracy 5.1. CDR 6. Copyprotection 6.1. Hardware protection 6.2. Software protection Serials CD-keys Manual check Registration Limiting installations Certificates 7. Anti-piracy organizations 7.1. Legal measures 7.2. Corporate audits 7.3. Contacting anti-piracy organizations 7.4. Education 7.5. Economics 8. Conclusion 1. Introduction In today’s rapidly changing world of advanced technology, computers and the software to run them have become integral parts of our society. The relative leap in recent technology has contributed to a boom in the sales and general use of computers. This is also due in no small part to the birth and growth of the Internet. A virtual world of entertainment and technology is now available at the fingertips of the average person. Once the domain of programmers and serious users, the Internet has opened the door to anyone with the slightest interest. The spread of home computing and the parallel growth in the business world has resulted in booming software industry. However, along with the spread of software has come a significant proliferation of software piracy. The issue of software piracy, the illegal copying or duplication of software, is rapidly growing in importance. As the software market continues to grow, so does the demand for stolen software. The issue of software piracy can be described on two levels, akin to the two stages of software: development and the end product. The protection of software at the developmental level can be very complex with many individual issues. Many of these issues are as yet unresolved and yet to be decided in a court of law. We will concentrate on the latter stage of software development, the end product. In order to gain a firm grasp on the subject, we will first define piracy, including the legal, monetary and ethical issues. We will then move on to the methods of software theft breaking them down into small and large-scale components. From there we will examine the protection of software through both industrial and legal means. Finally, we will deal with the social and ethical implications of software piracy in our society. Software piracy, precisely defined, is the unauthorized use, duplication or theft of software. In the past decade software theft has become a very serious problem. With the exponential increase in the consumer market for computers and software, the demand for black market, or stolen software has skyrocketed. Conservative analysis conducted by the Software Publisher’s Association estimated lost revenue due to software piracy in the U.S. alone came to $1.05 billion in 1994. This was approximately 25% of a $4.2 billion market. These figures only account for the business market. The size of the consumer market reached 1.3 billion in that same year. While the exact size of consumer piracy is unknown, we can safely assume that it constitutes a large portion of the losses to the software industry. These domestic problems pale with comparison to those present in international markets, where the estimated piracy rate is close to 49% or $8 billion. This economic impact threatens to impede the development of new software products and the availability of current ones. This problem affects everyone, from the software publishers to the legitimate user. The continued loss to the software industry could have harmful implications to the future of software development. In order to protect the economic viability of the software industry, laws have been enacted to protect software companies and their products. The protection of computer software under the law has gone through significant changes in recent years. The first attempt to protect software and its developers was made in the late 1960’s. Software was officially recognized by the United States Copyright Office as a form of literary expression and hence protected under copyright laws. The most comprehensive protection legislation in this area was made in the Copyright Act of 1976. This act gave a sharper definition of software and its development and provided more firm guidelines as to its protection. Amendments in 1980 brought this act more in line with advances in technology. According to Title 17 of the US code, it is illegal to make or distribute copies of copyrighted material without authorization. The only exception was made in the user’s right to make a single backup copy for archival purposes. In 1990 Congress approved the Software Rental Amendments Act which prohibits the commercial rental, leasing, or lending of software without the express written permission of the copyright holder. Individuals are allowed to possess the original software program and one backup copy for their personal use. No other copies are to be made without specific authorization from the copyright owner. In late 1992, Congress passed an amendment to Title 18 of US code, instituting criminal penalties for copyright infringement of software. The penalties include imprisonment of up to five years, fines up to $250,000, or both, for unauthorized reproduction or distribution of 10 or more copies of software with a total retail value exceeding $2500. As we’ll see below these laws these laws, in practice, have relatively little power in the prevention of software piracy. In order to understand the ethical implications of software piracy, it is necessary to outline the basic principles of ethics that apply to the engineering industry. These principles can be separated into six categories: 1. Loyalty, 2. Truth, honesty, and trustworthiness, 3. Respect for human life and welfare (including posterity), 4. Fair Play, 5. Openness, and 6. Competence. Any participation in the illegal duplication of software is in direct contradiction to the principles of truth, honesty and trustworthiness. From there it becomes more difficult to derive conflicts with the basic ethical principles. The theft of software can be said to conflict with the fourth and fifth basic ethical principle, fair play and openness, respectively. In purchasing a piece of software, you are entering into a tacit agreement with the producer, that you will respect the law and his rights. In duplicating that software, you are breaking that contract and the confidence of the supplier. Thus, you are violating the right of fair play with that person and in turn your openness to comply with the agreement. Finally, a farther analogy can be drawn to the engineer’s responsibility to respect the community around him. The act of breaking the law is indicative of total disregard for the structure of the society and the laws that bind it. This in turn shows little regard for the individuals within that society. In summary, software piracy has serious ethical implications for the engineer that in turn can be extended to the average user. 2. Software piracy methods The methods by which software is pirated can be small scale and large scale. The small-scale methods include user-to-user sharing and user group sharing. The large scale methods include software rental and compact disk manufacturing. 3. Small scale piracy Small-scale piracy can be defined as piracy without financial motives. The people and organizations that are involved in small-scale piracy are usually trying to get software for personal use, or are looking for fame by distributing software faster than others. There are many methods involved in distributing software without profit. These include user-to-user copying and user group sharing, and each of those can be performed in a variety of ways. Perhaps the most common way that people copy software is by sharing it with those around them. A friend or coworker tells you "Oh, I got such a great program yesterday". You’re intrigued, and ask for a copy. He then gives you the floppy disks, you install the program and return it the next day. Simple, quick, no harm done you don’t see a problem with this. What you don’t realize is that what you’ve done was in fact copyright infringement, and the software company can now sue you and your friend for damages. Borrowing diskettes or CD-ROMs is not the only way that people can share commercial software. Making copies and mailing it to your friend, posting a copy of the disks on your private FTP site, emailing an archived file all are ways that you can make that great program reach your friend, relative, coworker, boss. Perhaps you are doing this as a personal favor, or perhaps you feel that they won’t afford it, or you’re doing this to show off your assets. Either way, you’re breaking the law. User-to-user copying has some other implications, the most important of which is economic. Say that you purchase some software and let five of your friends copy it. Each of them, in turn, will let five of their friends copy the software as well. After only three such cycles, over 125 people have this software. This is incredible exponential growth. Consider the impact on the software developers of only one such pirated program. In our scenario, the company receives only 1/125th of their expected profits. An original software purchaser has to consider many issues. First, although there was no intent to defraud the software company, it is an inevitable result. Second, the copy that these other people now have on their computers usually has the purchaser’s name and/or serial number. Thus, if any of those people are caught pirating software, it will be traced back to the original purchaser. 4. Large scale piracy A much more serious type of piracy is called User Group Sharing. Here, there exists an organized method for distributing commercial software to many people at once. Some of these methods include Bulletin Board System Distribution, the Internet, Internet Relay Chat, File Transfer Protocol, Newsgroups, electronic mail, and the World Wide Web. 4.1. BBS A Bulletin Board System (BBS) is a small-scale electronic online service that is run from a personal computer. Anyone with a Personal Computer and a modem can connect to a BBS and participate in the services that it offers. Even though BBSs were much more popular before the acceptance of the Internet as a mass communication tool, there are still about 50,000 of them in operation. Most software and hardware companies keep their own BBSs to permit people from around the world to download software updates of fixes or to get the latest drivers. The majority of Bulletin Boards are, however, user-run and located on someone’s home personal computers. The personal BBS are easy to setup and maintain, and are not financially unbearable. Most of them require a dedicated computer system running special BBS software, several modems, and a few phone lines. The person who operates a Bulletin Board is often called the Sysop (short for System Operator). BBSs differ in many areas. Some offer membership on a fee-based basis, others are free for everyone, still others are by invitation only. The personal BBSs usually pick a central theme around which they tailor most of their services. Examples include music-oriented systems, systems dedicated to the Creation theory of biological development, or systems computer programming. Some Sysops decide to allow for, or center their BBSs around piracy. The pirate BBSs (or "elite" systems, as they are often known as in the pirate community) range from those that are casually "elite" to those that specialize in pirated software. The casually "elite" systems are those where the Sysop is (by negligence or on purpose) indifferent to the contents of files being exchanged in the "file transfer" area of the system. These systems usually specialize in other subjects, and piracy remains one of their unmentioned features. The specifically-pirate BBSs usually specialize even further. There are general-purpose systems, where users are encouraged to upload any commercial software that they might have access to. Other systems are more selective, and require that the software has to be new (within three months of its release, within a month, a week, two days, or sometimes even before release) or that the software has to be of a certain type (games, application software, productivity utilities, etc.). These BBSs usually require some sort of referral or authentication before they will accept a user. This consists of new user passwords (which must be received personally from current members), referrals (where when applying for membership, one must tell the Sysop names of some other current members who will vouch the new user), and payment of memberships. Most of these safeguards are in place to serve two purposes to keep software "quality" high, and to prevent detection. People on these "elite" Bulletin Boards range from people looking for software to download, to those who are seeking to promote their piracy group by uploading the greatest number of files. Most of the people on these systems know well what they’re doing is illegal, and most Sysops take great care to warn all users about potential FBI crackdowns. These are always expected, even though they happen very rarely. Most claims that "such-and-such BBS got shutdown" often heard on elite BBSs are invalid. Over time, Sysops have come up with preventive measures designed to clear the Sysop of responsibility in case of a crackdown. These usually consist of short warnings stating that copying commercial software is illegal, and that the user is breaking the law by downloading a file. Another attempt is to masquerade as non-profit libraries and make use of special exemptions that are allocated to these libraries. Carefully-worded notices warn users that they may "rent" the software from a BBS for a period of 24 hours (or some similar period of time), after which they must destroy the copy. This has the appearance of a legal operation (to be discussed separately later), however BBSs most often do not have a state-recognized non-profit operations license and are thus not non-profit libraries. The checkout warnings are nothing but ways to make users feel that they are participating in a legitimate activity and protect the Sysops. The law and pirate Bulletin Boards have rarely met. The combination of laws used to persecute Sysops allows for loopholes for Sysops who do not charge for access to the BBSs. The 1994 case of USA vs. David LaMacchia set a precedent, which has not so far been challenged. In the case, an undergraduate student at the Massachusetts Institute of Technology (MIT) set up and operated an open Internet-based BBS for the period of over a month. The court ruled, however, that under current laws, it was impossible to prosecute the defendant. The judge stated that the government’s "interpretation of the wire fraud statute would serve to criminalize the conduct of not only persons like LaMacchia, but also the myriad of home computer users who succumb to the temptation to copy even a single software program for private use" [http://swissnet.ai.mit.edu/dldf/dismiss-order.html]. As a side note, the judge noted that he hoped for stricter laws, which would permit persecution of non-profit system operators. The decision for this case was based partially on an earlier interstate mail fraud case, which was not connected to software in any way. In March of 1995, the US District Court for Massachusetts sentenced a BBS Sysop Richard Kenadek to 24 months probation with 6 months home confinement. Kenadek was an operator of the "Davy Jones Locker" bulletin board from his private residence. After an FBI raid, he pleaded guilty to criminal copyright infringement for using his BBS for the "unauthorized distribution of copyrighted software for financial gain." The key in this plea is the phrase "for financial gain". As soon as money changes hands, the activity can be considered criminal and judged accordingly. This case was the first time that a bulletin board operator was charged under the criminal statute of the copyright law, according to Sandra A. Sellers, the SPA director of Litigation. Bulletin Board Systems, though rapidly losing popularity, continue to be significant sources of piracy. The relative inexpensiveness of running a BBS combined with the ease of electronic software transport quickly breed piracy. Anti-piracy efforts are hindered by the system operators’ altruistic way of running these bulletin boards. US laws currently only apply to for-profit ventures. Still, efforts in curbing BBS piracy are expanding, and as new laws are created more lawsuits will begin to appear where system operators become responsible for their systems’ contents. 4.2. Internet The Internet became a major channel for illegally distributing copyrighted software only in the last decade. Five main methods for Internet distribution that will be examined are the Internet Relay Chat (IRC), File Transfer Protocol (FTP), Internet newsgroups (USENET), Electronic messaging (Email), and the World Wide Web (WWW). Each of the four has different characteristics, and involves a different method for transmitting the software from the distributor to the user. Of all the methods for obtaining large amounts of pirated software, the Internet Relay Chat is the most reliable and quickest; although it is harder to use. Interestingly, this is one of the least-investigated sides of the Internet, and is arguably the hardest medium for enforcing the rules. Internet Relay Chat (IRC) is a computer teleconferencing system which has recently gained widespread popularity. Designed in 1988 by Jarkko Oikarinen as a replacement to the UNIX talk program, it allows for users from all over the world to connect to a server that’s part of the IRC network and chat with anyone on any other server on that network. On a typical night, there are anywhere from 5000 to 15000 people chatting with each other. Actual numbers depend on time of the day, day of the week, and network stability. As a chatting system, IRC has some alternatives. Using IRC, people may engage in "private" chats, where they can send messages that only the intended recipient can read. People can create and join special discussion channels, where their messages will be shown to everybody. They may also use special DCC (Direct Client-to-Client) capabilities that allow for chatting and file transfer. By design the system is very flexible e.g. as upon not locating a certain discussion channel, a user may just create one. The IRC system also allows for control. The person who creates the channel is considered its operator. The operator can invite other users to join this channel, allow and disallow a user to join (on a temporary or even a permanent basis), punt people from the channel if necessary, and can grant operator privileges to others. On certain channels, operators play almost no role and utilize their positions to control excessive flooding (which occurs when a user sends so much information in a row that it, in the opinion of the operator, seriously interferes with the conversation). IRC uses a very simple system for differentiating between users who are currently connected to it. Each user picks a nickname based on his or her own preference, and logs into an IRC server. The IRC server either accepts the nickname or tells the user that the nickname is already in use and waits for a new one. The user can also optionally produce an email address that the server keeps in the database of current users. Other IRC users can then look up someone’s information based on their nickname. The inherent problem is that a user is not bound to reveal his or her identity in any way. The nickname can be unrelated, and the email address can be a fake. In fact, the only knowledge that someone has about some other IRC user is where this user is logging in from. This lack of information about users, coupled with the extensible system and a live presence of other humans at the same time as you’re there is an opportunity which pirates could not pass by. On the three major IRC networks there are currently dozens of round-the-clock channels which specialize in ways to illegally obtain software. The technical aspects of IRC file exchange are even more inhibiting to investigations. On one typical evening, there were over 11,000 people connected to EFnet (Eris Free network, the largest of the three worldwide IRC networks). These people were dispersed over a range of more than 3,000 different channels. Some of the channels had up to 100 people while others had just one. (For a channel to exist, at least one person must be in it.) The piracy channels, most of which start with or contain the word "warez" (which is pirate jargon for illegally obtained commercial copyrighted software), number over 85. On the sample evening, there were 931 instances of people logged in to the "warez" channels (note that a person may be on more than one channel at once, but keeping track of more than four at the same time is a rare occurrence on IRC). 4.3. IRC FTP site offers Piracy takes different forms on IRC. Some channels offer "FTP sites", others advertise other people’s public offers, and yet others are discussion-style channels where people request software that they need. The "FTP site" channels usually have an automated moderator. Channel users find FTP sites that currently carry pirated material and submit the Internet addresses to the automatic moderator (also known on IRC as a "bot", from the word robot). The moderators will then broadcast the site’s coordinate to others in the same channel. A variation is a channel where people post Internet addresses themselves. These addresses usually consist of the 4-digit Internet Protocol (IP) number, the user-name and password that are needed for logging into the system. Sometimes, the posters also mention a "ratio" of, for example, 4-to-1. This means that the operators of this FTP site are requesting that users upload at least one fourth of the megabytes that they download. This will be discussed a bit later. Below are some of the messages that may be posted in FTP site channels: RaiNMaNP9 Get da warez at 207.33.217.17 use the name warez and the password is you email address ! this ftp sucks someone told me lastnight!and he's down by the river! trade_it has a site up at 205.219.156.88. Come get your warez here! l/p: warez 1:3 Come to my FTP 199.69.76.123 l:warez p:warez 1:5 ratio Go to 165.91.2.150 \ Login & Pass: warez \ Change port to PORT:80 \ Upload:Download rate is 1:4 \ Most of yer warez files yer looking for (i.e. MS Office Pro 97 \ Visual Basic 4.0 \ Hellbender \ MS Pub97 \ WinNT 4.0 and server \ Adobe Photoshop 4.0 Beta list goes on and on!!! 206.29.242.29 l&p:warez 1:3 Another type of a channel is one where people simply type a message stating what they’re looking for (or what software they have for others to pirate). Other IRC users then read the messages, and can enter private chat with the person who posted the message. These channels are usually the most popular ones, as anyone who desires a certain software package can go and see what the other dozens of people offer on the channel. Most pirates on these channels deal in trades (as in, they only send software if the other user has some other software to send back). Below are a few examples of messages from this type of a channel: Trading [Gordon] will trade for Police Quest 1: vga.. msg me _triax_ wonders if anyone know if Leisure Suit Larry 7 been released yet.... |StompeR| is looking for a site with the NEWEST Visual Basic /msg me AoS is looking for Diskeeper, Mathematica, and Microsoft Assembler (MASM). /msg me for trade Blaspheri is looking for need 4 speed.../msg me boy20co is looking for a aol acct, or generator, will give perm ftp site away.X) butthead is looking for Speed Haste full, PLEAZ /MSG ME IF U HAVE IT!! PERM ACCOUNT ON FTP SITE!!! cf wonders is anyone knows if leisure suit larry 7 has been released yet... Chia_Pet is looking for Marathon2...Ne1 have it? Jeff just wants lemmings paintball jussa looking for REalms of Arkania disks1,6-9 and Daggerfall disks47-53 pls /msg for trade :) Milo looking for reg number of discplay 3.3 Monte needs a ppp dailer for MSDOS. /msg me if you have one. Thanks. NailBomb needs sites for: Uninstaller 4.0, and Adobe Type Manager Deluxe..../msg me...thanks...... ne1 diablo site /msg 4 trade i need a photoshop site i know how to crack eudora pro 3.0 upgrade but i didn't finish d/ling the intall.exe file from qualcomms site and now they took it off... if anyone has the file please let me know SprWalker: I have flight sim 97 ne1 has osr3, any Koei games or settlers 2. Plz msg me. looking for links386 can anyone help looking for death rally (for free) Help a newbie!!! I needz Pixar's Renderman and Mesh Paint 3D, msg me. does ne1 know were I can get abuse I looking for abuse can ne help???? anyone have Ms FlightSim 5.1? /msg for trade... how many more disk of office 97 to go? i need it all d/l by 9 am in the morning ncognito your one in a million now is 20 disk all so i can d/l it for work tomorrow and also have it on my new pc ne1 have wordperfect latest vers i need crescent internet toolpak msg me 4 trade Does anyone have MS flightsim 95!??! please msg me for trade!!! I have some pretty good warez to trade for that game make it msflightsim95 looking for Death Rally../msg Offerbots Finally, the third major type of a "warez" channel on IRC is one where users compile a special software listing, and send a message to the automatic channel moderator notifying it of this software. The "bot" then automatically posts all such listings in a similarly formatted way. Here is a short sample of output from such a channel: ( EtC Offerer: KfZ-DcC ) _#4_ 39x [2.8M] [ETN]Arena Designer Pro v2.5[10-27] ( EtC Offerer: NVC-AADCC ) _#1_ 79x [9.7M] Radin Fighter 2 [10/25] ( EtC Offerer: NvC-AADCC ) _#2_ 21x [6.2M] Hot Dog web editor - da best one of am all [10/26] ( EtC Offerer: NvC-ZKDCC ) _#1_ 0x [4.8M] [10/24] MS Money 97 Retail [RAGE] ( EtC Offerer: NvC-ZKDCC ) _#2_ 2x [9.7M] [10/24] Raiden Fighter 2 [EPI] ( EtC Offerer: NvC-ZKDCC ) _#3_ 0x [166k] [10/25] Diablo DEMO Hack Pack [NVC] ( EtC Offerer: NvC-ZKDCC ) _#4_ 1x [7.4M] [10/25] Fighter Duel: SPECIAL EDITION [PSG] ( EtC Offerer: NvC-ZKDCC ) _#5_ 1x [7.0M] [10/25] GemStorm c Malachite Games [RFX] ( EtC Offerer: NvC-ZKDCC ) _#6_ 3x [6.5M] [10/27] Amok c GT Interactive [RZR] ( EtC Offerer: NvC-ZKDCC ) _#7_ 1x [7.3M] [10/27] Gray Stone Saga 2 c Hwaei Co Chinese [KYL] ( EtC Offerer: NvC-ZKDCC ) _#8_ 1x [5.2M] [10/27] VocalTec4s IPhone 4.5.0.3 [MNC] ( EtC Offerer: NvC-ZKDCC ) _#9_ 1x [7.0M] [10/27] ULT Soccer Manager 2 c SIERRA [HYB] ( EtC Offerer: PMODE-DCC ) _#1_ 24x [142k] PMODE/W v1.30 - DOS Extender For WATCOM C/C++ ( EtC Offerer: Pro-DCC ) _#1_ 313x [ 29k] Key Gen. for Quake Shareware CD ( EtC Offerer: Pro-DCC ) _#2_ 86x [1.0M] WinPGP ver 5.0 ( EtC Offerer: Pro-DCC ) _#3_ 900x [5.3M] Eudora PRO ver 3.0 Final ( EtC Offerer: Pro-DCC ) _#4_ 50x [1.7M] Agent 99F 16 Bit cracked ( EtC Offerer: Pro-DCC ) _#5_ 301x [1.5M] Agent 99F 32 Bit cracked ( EtC Offerer: Pro-DCC ) _#6_ 279x [7.9M] CleanSweep ver 3 beta3 ( EtC Offerer: Pro-DCC ) _#7_ 28x [1.1M] NetTerm 3.2.3 32Bit *cracked* ( EtC Offerer: Pro-DCC ) _#8_ 15x [1.5M] WARFTPD ver 1.52 Final ( EtC Offerer: RnS|DcC1 ) _#1_ 47x [2.4M] Quake Track 2 by NiN ( EtC Offerer: RnS|DcC1 ) _#2_ 28x [4.4M] Fell on Black Days by Soundgarden ( EtC Offerer: RnS|DcC1 ) _#3_ 38x [4.8M] Never Leave Me Alone by Nate Dogg ( EtC Offerer: RnS|DcC1 ) _#4_ 24x [5.5M] Days of our livez by Bone ( EtC Offerer: RnS|DcC1 ) _#5_ 49x [2.3M] Mario 64 Main Theme ( EtC Offerer: sam-dcc ) _#1 _ 57x [539k] [SAM] [1021] The collector v1.13 ( EtC Offerer: sam-dcc ) _#10_ 82x [666k] [SAM] [1026] BookIt! PRO Win 95/NT ( EtC Offerer: sam-dcc ) _#11_ 192x [267k] [SAM] [1026] DomainSearcher Win 95/NT During a sample one-hour period, over 289 megabytes of files were offered through this "EtC-ReLaY" bot. Since a file may be downloaded by as many as 20 people at the same time, the total volume of files transferred with the help of EtC-ReLaY is amazing. Moreover, EtC-ReLaY is not the only service that offers this kind of a feature. On EFnet, one might find well over 10 such free offer channels. The mechanism for physically sending and receiving files through IRC is very simple even for beginners to use. If a person wants send a file to another user, all that needs to be typed by the sender in is a command, the name of the user, and a filename. To receive a file that is listed in a channel by a bot like EtC-ReLaY (see above), the target user executes a command, and the offerer’s system will automatically initiate the transfer. 4.4. FTP sites A fourth form of user group sharing is File Transfer Protocol (FTP) is a method to transfer files over the Internet. Created in the early 1970s at MIT, it has become a standard feature of many operating systems. FTP is probably the most convenient way to send files over the Internet. It is also very easy to detect the location of an FTP site, which is a reason why many of these sites are active for only a day or two. They are brought down by their operators to escape detection. The basics of FTP are simple. A server computer is chosen, and FTP server software is set up on it. At that point, anyone on the Internet who has the address of the computer and user information needed to log into the system can access files in the server machine’s storage. The addresses and user information can be distributed in person, or over the Internet via the World Wide Web, IRC or USENET newsgroups. Using FTP is very simple. There are many well-written FTP client programs that will let a user get and put files using the FTP Internet protocol. Pirates have also come up with their own FTP client called "WarezFTP" which has special features that certain pirates might want to use. For example, WarezFTP will detect and display names of hidden directories which are often created on FTP sites. If you are not using a program like WarezFTP, you will not know that a directory exists, but a pirate will be able to enter it and trade files. The motive behind putting up FTP sites (which is a very risky enterprise, since Internet Service Providers usually notify the SPA and sometimes even the FBI when they suspect illegal activity) is not commercial gain. In fact, most pirates lose money by paying excessive Internet connection fees. Sometimes a pirate may spend even more money while paying a hacker for a cracking job the hacker removes any copyright protection that might be embedded in the software. Usually cracking is done for free, but on some occasions where the pirates desire speed and accuracy, the cracker is paid large sums. The reasons why pirates put up FTP sites are to distribute any software that they have in hopes of getting something in return from other pirates, or to spread the popularity of a piracy group of which they might be members. Monitoring activity on FTP sites is harder than doing that on Bulletin Board Systems. Whereas on a BBS one can usually see the list of last few users and one usually has a full list of members; it is always easy to get in touch with someone who has recently logged on to the system. With FTP sites, there is almost no identification anywhere except for the FTP log file, which is usually stored on the server computer. The FTP log contains Internet addresses of all log-ins. 4.5. Usenet Another method of user group sharing is through Newsgroups. Newsgroups on the Internet (USENET) are results of an early attempt to create a thread-based virtual conversation medium. Not unlike a bulletin board system, users can post messages to a specialized "forum". However, unlike a BBS, USENET is a network consisting of many servers. A post made to one server is then sent across the whole USENET network in hopes that it gets everywhere. There are over 20,000 different newsgroups, with topics ranging from Fans of Bill Gates to technical discussions relating to the operation of a blender. Internet newsgroups are distinguished by a specialized naming structure. For example, a newsgroup which concerns itself with humorous posts is called rec.humor (rec. stands for recreation), newsgroups with pornographic material start with alt.binaries.pictures.erotica (alt. is short for alternative) and a computer newsgroup announcing new products for Microsoft Windows may be called comp.os.ms-windows.announce (comp. is short for computer). Not surprisingly, also, the newsgroups that pirates frequent are called alt.binaries.warez and alt.warez.ibm-pc. Piracy on newsgroups is an option that many have considered and tried, but due to technical problems that are now noticeable in the structure of USENET, is very impractical. What some pirates do is they locate a service which will post any message (including data information which could be an illegally obtained piece of software) without specifying the poster’s name. The technical problems surface when the post first occurs. Due to the nature of USENET, most messages have to be encoded in a special way to be compatible with old USENET servers. This scheme actually expands the size of the posted file. Also, if the posted file is too big and has been split up into several parts (as is often the case), not all parts are necessarily replicated to other servers. So for example, someone may post a 5-megabyte software package to USENET. Due to encoding and part size, it turns into 20 parts. Only 10 or 15 of those make it to most servers, and since all parts are needed to re-assemble the program, the posting was useless. Due to the relatively low volume of files being transferred over USENET, it has not been even a minor focus in the software companies’ recent efforts to curtail piracy 4.6. Email Email, by far the most popular feature of the Internet, is also the first method that was invented for Internet communications. A recent standard for Multimedia Internet Mail Extensions (MIME), has indirectly aided the spread of email-based piracy by permitting email software to correctly encode files for transmission over global networks. Using email, a user may "attach" any file to an email message. If the addressee’s email inbox will allow large messages, pirates will trade huge files using this relatively private method. Fortunately, most people’s inboxes have a set maximum size of 1 to 5 megabytes, which is barely enough for even the smallest commercial application program. Thus, email has not been a major method for pirate file exchange. WWW The World Wide Web (WWW), an extremely popular Internet communications medium, is one of the most recent advances in Internet technologies. Invented in 1991 by a few scientists at the CERN physics laboratories in Switzerland, the World Wide Web is a one-way TV-like medium where content providers may post any information they desire. In the beginnings of the World Wide Web, most pirates were very uncomfortable with posting their file collections in such a public way. Anyone on the Internet may access the publicly posted information, and there is virtually no way to restrict investigation by proper authorities. Lately however, as the Web grew in size and became less manageable, more and more pirates are putting up their information online. They no longer feel threatened. The only way to take this information down is to persuade the Internet Service Provider (ISP) to shut off the pirate’s service. Since most ISPs realize that by cutting off someone’s service they will be viewed as Internet censors which usually leads to loss of customers they are reluctant to block anyone’s service. 5. Commercial piracy While the methods above involve an active pirating population, the profitable distribution of stolen software defines another side of the market on a larger scale. This market involves the sale of illegally duplicated software in large quantities. These large-scale pirates work only for the profit involved in the redistribution of illegal software. The two major components of large scale piracy are software rental and compact disk manufacturing. While it has always been illegal to rent unauthorized copies of software, until 1990 it was legal to rent the original versions. Loss of revenues that was associated with these rentals prompted the US Congress to pass the Computer Software Rental Amendments Act of 1990. This act makes it possible for software publishers to explicitly prohibit rental in the license agreement. Interestingly, an exception to the law was created specifically for non-profit libraries. These could rent original software without express permission from the publisher. 5.1. CDR The second major component of large scale piracy is the duplication of computer compact disks. The advent of software distribution via compact disks offered developers a level of protection unavailable with conventional floppy disks. The ability to duplicate these disks was limited by the expense of CD-R’s, or compact disk writers. However, with advances in technology, the prices of these CD copiers have come down considerably. Current CD-R’s can be purchased for around $500 dollars. This has lead to a considerable growth in the availability of pirated software on CD’s. The large volume of storage available on a CD had also previously limited copying by potential pirates. These limitations are no longer an issue with the ability to copy directly to another CD. The production of counterfeit CD’s has become a considerable part of illegal pirating of software. The distribution of counterfeit CD’s can take two forms. These CD’s can be explicitly marked as illegal copies or can be cleverly disguised as the original. The former is the most common form of distribution. With explicit markings or simply no disguise at all, the purchaser is generally aware of the illegal nature of the product. However, with duplicate packaging of the some stolen software, the ability of the user to distinguish between the legitimate and not becomes very difficult. The volume of pirated software has also grown with the advent of CD copying. With the large available storage on one CD, numerous programs can be copied and stored on a single disk. This has significantly eased the difficulties of distributing these stolen programs. The growth of CD duplication is evidenced by the influx of counterfeit CD software from the foreign market. These copies are distributed rapidly and efficiently to a large market. In summary, the production of CD software has become a significant component of the pirating industry. 6. Copyprotection In light of the many effective methods of software piracy, the protection of software programs has become increasingly difficult. The battle to protect the software industry is a never-ending struggle, as pirates continually find new ways to illegally copy and distribute software. (With software piracy so prevalent, what can software developers do to protect their intellectual property?) The software industry has invested a serious amount of time into the development of new forms of protection. Alongside the industry, many Anti-Piracy Organizations and campaigns have arisen to combat the flood of illegal software. The first and most important component of the software protection is that engineered by the industry itself. We will explore what approaches have been taken in the past, what approaches are currently being used and other methods software developers have used to fight this growing problem. We will look in depth at each of these approaches and see their successes and at what cost. 6.1. Hardware protection Let us first start with hardware solutions to the software piracy issue. The best known methods are dongles. Dongles are hardware "keys" which allow applications to be run on PCs and servers. This hardware "key" must be purchased separately from the application. Therefore the software developers configure the software to require the dongle. This is an extremely successful approach, however, at great cost. It costs approximately $30 per dongle. This means that for a $30 application the cost is now double. This fact has made this solution very limited. It is used almost only on very high-end applications because of its cost. Dongles have been the only real approach employed by software developers that uses hardware to help fight piracy. 6.2. Software protection The most common approach for fighting software piracy has been with software. Among the approaches used have been serial numbers, CD-keys, encryption, manual references, registration requirements, and installation restrictions. We will take a look at each of these in depth. Serials The use of serial numbers requires that the user enter a serial number before they can install application. Many applications use this method including such prominent titles as Fauve Matisse, Janna Contact, Abode Photoshop, etc. When installing one of these applications you are required to enter a serial number usually found in the software manual before you can successfully complete the installation. The idea behind this is that it requires the user not only to have the software but also the manual. However, this approach has been easily defeated. Many of the very popular software titles have their serial numbers available on the World Wide Web. This limits the effectiveness of serial numbers! Another problem with serial numbers is that there are serial number crackers. These crackers are applications that are designed to find the necessary serial number to get past the serial number check. CD-keys Microsoft offers a similar strategy with their software titles. It is called the CD-Key. It is a "serial number" located on the back of the CD case. It is a ten-digit number and is required to complete the installation of a Microsoft software product. As with serial numbers there are ways to defeat this check. First all of the CD-KEYs uses the same scheme (xxx-xxxxxxx). If a person finds the scheme used to create the CD-KEY then they can use all Microsoft products. Another technique is a specialized form of a serial number check. It is called the Certificate of Authenticity (COA) and is a way for end-users to be assured that their OEM (Original Equipment Manufacturer) is authentic. The COA is a 20 digit alphanumeric number that must be entered before the end-user can use the Microsoft operating system that came their OEM computer. With a large range of possible combinations, the difficulty is relatively high for cracking these serial numbers. Manual check Manual references are another of the approaches that software developers employ to fight software piracy. This is used mainly on games. Every time the game is launched a code (usually in the form of a unique word) is required before the game can be played. A prime example is the games Stunts by Brøderbund. Every time you launch the game it specifies a page, paragraph, and word to enter from the manual. The idea is that you must have the manual to play the game so that you cannot just get a copy of the game and start playing. This method has two major drawbacks. The first is that it is a hassle for paying customer to go through every time he wants to play the game. The second is that there are ways around this manual reference. You could photocopy the manual or write down a few of the unique words and then just keep launching the game until one of them shows up. Registration A very different approach to software piracy protection has been to force registration in various ways. Registration might require payment (most cases) or simply just registering your name and address etc. Some software developers use the method of encryption to protect their software. They lock the software with a "software key" and the software will only work if the user gets the "key" from software developer. The software developer can then force the user to register before he releases the key. Using this approach, the developer can create a unique key for every user. Some developers did not like the idea of forcing registration and have instead shipped the software key with the application. This second method is not as effective as the first. Both approaches have a distinct use for applications that are distributed via electronic and on-line distribution. Other software developers force registration by creating some limit for the use of an application prior to registration. For example, limiting the number of launches before registration. This approach is used primarily in shareware, freeware, and demos. An example of this approach is employed in Quicken SE by Intuit. Another common approach instead of the number of launches is to limit the number of days that the application will run before registration is required. This is used particularly in shareware, freeware, and demos. An example of this is Netscape Navigator beta applications, which limit the use of the application to 30 days. Once again, when you register the application this limit is removed. Limiting installations In a radical attempt at a new method Microsoft proposed limiting the number of installations of Office 97 to a total of 3. This technique was soon abandoned as many people complained to Microsoft. Obviously Public Relations have a priority over piracy concerns. Certificates All of the previous approaches are ways to protect the software from being pirated after it is purchased. Some manufacturers like Microsoft have gone a step further. Microsoft decided to fight software piracy from the retail store. To do this they placed a Certificate of Authenticity (COA) on the side of the box. This COA contains 3 hidden, and non-reproducible watermarks making it nearly impossible for pirates to copy the box . Therefore, when a user sees a box without this COA it is safe for him to assume that it is a pirated version of the Microsoft software. 7. Anti-Piracy Organizations The second component of the protection of software comes from the numerous organizations that have been formed to combat software piracy. These organizations use advertisements and legal action to fight against the rising tide in the illegal duplication of software. Though there are many organizations which are fighting against software piracy, the largest and most active of these are The Software Publishers Association (SPA) and The Business Software Alliance (BSA). Both are international organizations whose members include software developers, distributors, retailers, consultants, and essentially any other groups which are concerned with the industry’s growth. Through cooperative work with the government, the SPA and BSA enforce anti-piracy laws through active measures such as filing lawsuits, conducting raids, and undertaking audit programs. 7.1. Legal measures Over a thousand lawsuits, against both large groups and individuals, have been filed by the SPA and BSA. The penalty for software piracy is high for the violator - up to $100,000 per copyright infringement and a maximum 5-year prison term. On March 1, of this year, SPA filed a lawsuit against a junior college located in Florida for using illegal copies of software on its computers. The settlement reached by the plaintiff and defendant resulted in a fine of $135,000 along with removal of the illegal copies and repurchase of new ones. On July 4, 1996, BSA successfully prosecuted two Hong Kong citizens with prison terms under the new Copyright (Amendment) Ordinance. Yip Chi Hung, the owner of a software shop in Hong Kong was sentenced to 6 months in jail plus a fine of HK$51,000. Kwok Po, Yip’s supplier of wholesale pirated CD-ROMs, was sentenced a total of 16 months in jail and fined HK$308,000. Just recently, this past October 10, SPA filed 5 civil lawsuits for software piracy on behalf of the software corporations Adobe Systems, Inc., Claris Corp., Corel Corp., Datastorm Technologies Inc., and Novel Inc. Three were against Internet service providers (ISPs), and two were against individual violators. The three ISPs Community ConneXion, Inc., GeoCities, Inc., and Tripod Inc. had pirated software, unauthorized serial numbers, links to ftp "warez" sites, and cracker/hacker utilities posted on their webpages. With the help of the ISPs, two individuals were tracked down as the responsible posters of the copyright infringing material. Though it is certain that software copyright laws are being violated in this case, there is controversy over whether or not the ISPs, which offer free space for individuals to design their own Web pages, should be responsible for the material that is posted by their users. Internet analyst Chris Stevens voiced his opinion, stating "They need to go after the people who post pirated software, not the host. That’s like suing the phone company for receiving obscene phone calls." As an illustration showing that nobody is above the laws of copyright protection, a hospital in Chicago, Illinois was fined $161,000 for using illicit copies of software. In fact, with the increase of computerization in hospitals, these institutions should be given increased special scrutiny, according to Bob Kruger, Vice President of Enforcement for BSA. 7.2. Corporate audits An alternative to litigation, is conducting what are called corporate audits. If investigators report a corporation as having violated copyright laws, SPA will often ask the corporation to allow an audit of its software in place of taking the matter to court. During an audit, the contents of each computer are compared with the company’s purchase receipts of software. If any illegal copies are found, the company will agree to pay the retail price for each copy, destroy these illegal copies, and replace them with legitimate ones. For the most part, these audits have been met with cooperation by the company who would much rather settle the issue in a confidential, private matter than dragging everything to court. If the company does refuse to submit to an audit, SPA will then file a lawsuit against them. 7.3. Contacting anti-piracy organizations To help them in their search for copyright criminals, the SPA, BSA and software giant Microsoft have established a hot-line (1-800 toll free number) which people can call in to report suspicions of software piracy. The numbers are 1-800-388-7478 for SPA, 1-800-688-BSA1 for BSA and 1-800-RULEGIT for Microsoft. Most investigations start off with a tip through this hot-line. Everyday, 30 to 40 calls are received, mostly from employees and consultants for software firms. Together with law enforcement officers from the government, the anti-piracy organizations will pursue these leads and often arrest the violator through a sting operation. Besides calling in to give tips on copyright violators, the public can also call in to receive information about preventing software piracy. 7.4. Education In addition to playing cops and robbers with software pirates all over the world, the SPA and BSA are also committed to teaching the public the degrading effects of software piracy using propagandistic methods, and helping companies prevent copyright violations through educational courses and software utilities. Noticing the prevalence of software piracy everywhere, the anti-piracy organizations are trying to change the cultural view that copying and buying illegal versions of software is okay. The SPA, especially, has undergone extensive efforts to make the public aware of the illegality of software piracy. Free brochures for the general public with titles such as "Software Use and the Law" and "Is it Okay to Copy My Colleague’s Software?" contain information about copyright laws and demonstrate the legal extent of using software. "It Could Have Been So Easy" is a seven minute video intended for companies, showing what can happen if one is found guilty of copyright infringement, and also giving advice on maintaining an efficient software management program. Another video called "Don’t Copy That Floppy" is a rap/hip-hop music video attracting the younger generation that educates them in ethical problems with pirating software. Both these videos can be purchased for $20 and $15 dollars respectively. In addition to distributing brochures and videos which educate the public on the legal and ethical ramifications of software piracy, the SPA offers a free software tool called the Self-Audit Kit that allows companies to maintain an inventory of all the software on their systems. This way any accidental use of pirated software can be detected and quickly remedied. The software comes in 6 different languages and is also available for the Macintosh. A more effective tool of education is the SPA Certified Software Manager Course (CSM). This course gives computer professionals the skills needed to organize a software management program for their company. They are also taught the legal aspects of software use and how to "optimize the legal use of software." This course is currently taught in the USA, England, France, Germany and Singapore and will soon extend to China, India and several Latin American countries. 7.5. Economics Software piracy is an economic and legal problem that impacts every community. Software piracy is something very new to many people. A lot people don’t know about it and others don’t think it is illegal when they copy software from the floppy disk. "Many people don’t see a harm in it," says Robert Holleyman, president of the Business Software Alliance (BSA). "Business owners would never think of asking their employees to steal computers, but many of those same business people don’t think twice about buying one or two programs and duplicating them for all the PCs in their office." Many people convicted of copyright violations are simply naive or ignorant of the law. For example, "A misguided computer technician had take an application intended for five bean counters and install it every where in the operation department." Another example is a mother, "Miki Casalino, in whose house Novell found the ‘Planet Gallifrey BBS’ which she admitted was run by her son, though she only learned of the alleged illegal software after it was too late." The problem is that all of them are "innocent" but on the other hand, they are violating the copyright of the software. We must concede that copying software, like drinking and driving, is something that everybody disapproves of, yet most people do at least one. "Of 300 PC-using managers questioned earlier this year by MORI, a market-research group, 55% admitted to copying software illegally." A contribution to the seduction of computer users is the fact that using the pirated software is as good as using the legal software but the prices are better. In addition, it has been said that " From the user’s standpoint there’s virtually no risk to using pirated software." And it is not hard to copy software. All that is needed is a computer, the empty diskettes, and of course the software program you want to have. Finally, the fact is that few people are actually prosecuted each year for software copyright infringement, and most offenses don’t warrant maximum fines or jail time. Human nature being what it is, software piracy persists. Most people know that copying the software is illegal, but they still do it. The reason is very simple. They can make a lot of money from doing it and the consequences are nil or avoidable. According to Iritani "It was a check forgery case that led deputies to the quiet Rowland Heights cull-de-sac. But they found at the home of Ming Chin Jin and his wife, Pifen Lo, was $400,000 worth of counterfeit copies of Microsoft’s Encarta’s 95 CD-ROM encyclopedia and 48,000 fake holograms from China." Indeed, high profits and minimal penalties make this form of high-tech crime a criminal’s dream and a police officer’s nightmare. Iritani wrote, "most cases are not prosecuted for the lack of evidence or end up in civil court, where monetary penalties have proven to be ineffective." The making of a counterfeiting lab are very easy to acquire and relative inexpensive. According to Iritani, all they need are "a computer, a disk or CD-ROM duplication machine, a laser printer, a shrink-wrap machine and someone willing to produce the labels and packaging." 8. Conclusion Software piracy exists. We covered the basic definition of software piracy, the methods involved, the potential solutions, and the social implications. In conclusion, let us address two questions The first question is "What can you do avoid piracy and pirated software?" Your options as a user are to purchase authentic software and to report violations. In this way you protect yourself and the software industry from the damages of software piracy. As mentioned before there are numerous ways to assure you are purchasing authentic software. Be aware of words and warnings, such as "warez" that are "red flags" of pirated software. Remember that there are hotlines available to report software piracy and report any suspicious sites. The second question one should address is "Why shouldn’t you pirate?" Reasons for not pirating software include the legal consequences as well as ethical and moral issues. The legal consequences can include fines or jail time while the ethical issues can effect your reputation and standing in the professional and personal community. Piracy won’t be eliminated until users determine as a community that it is wrong and take a united stand to eliminate it. --Original author: Ilya --Reformatting, Subtitles, Index: Mr.F