The Business Software Alliance (BSA), the enforcement and lobbying arm of a private trade organization of approximately 100 members including Adobe, Autodesk, IBM, Microsoft, and Symantec, recently introduced the BSA Anti-Piracy Lead Generation Drawing offering a chance to win $1,000 cash for making anonymous reports of software piracy. As part of its new No Piracy Campaign, the BSA has established a web site Report Piracy Now that includes a recorded interview with an actual BSA informant—an IT consultant who reported a client’s alleged software piracy.
The contest with three distinct entry periods began November 1 and ends January 31, 2012. Each month a prize winner from a random drawing will receive $1,000. The entry form requires no purchase or payment just the type of alleged piracy, the name of the company, address, company website, phone number, employees, name of CEO, number of computers, software number installed, number of licenses, why you think the software is unlicensed and does management know. The only optional information on the entry and the only whistleblower info is their email address should they choose to provide it. I question the credibility of the informants who respond to the BSA's campaign.
The Report Piracy Now page (https://reporting.bsa.org/r/report/add.aspx?src=us&ln=en-us&intcmp=irphp000043) contains a recorded interview with an actual BSA informant—an IT consultant who reported his client to the BSA after he installed what he believed to be pirated software on his client’s computers. The unnamed informant’s perspective in the promotional interview was “coming forward is the right thing to do” and “he would do it again if he could”. The conduct of the informant appears to be unethical and potentially illegal. Why didn’t the informant refuse to install the software that he believed to be illegal? The informant was in a relationship of trust and confidence with the client, violating that trust to enter a prize drawing is not the right the thing to do.
Companies should prepare for the inevitable audit. To see if you are ready for a software audit, take this Audit Readiness Assessment:
- Does your organization conduct routine discovery on 100% of its desktops, laptops and servers?
- Can your organization conduct on short notice a complete reconciliation correlating all installed software to appropriate proofs of purchase?
- Has your organization implemented appropriate electronic controls to prevent unauthorized software-title proliferation?
- Has your organization implemented well defined processes for retaining and retrieving software licenses and invoice documents?
- Do you always obtain a confidentiality agreement from IT consultants and employees?
Companies that have effectively mitigated the risks of software audits can answer “yes” to the above questions. Being proactive can save headaches and expense.