In December 2015, six men pleaded guilty to running a $100M global piracy ring. The scheme duped purchasers that bought more than 170,000 copies of Adobe and Microsoft programs from Amazon, Overstock, eBay, Craigslist and other reputable companies. Purchasers received valid registration codes and certificates of authenticity. While the value of the crime is particularly high, this is far from an isolated incident.
While Apple recently estimated that more than $11 billion worldwide is lost to software piracy annually, a 2013 patent description for a mobile security method by Qualcomm estimates annual losses of approximately $13 billion. Says the patent, “Statistically, one in every three software applications will be pirated.”
In a Business Software Alliance (BSA) report, the global software piracy rate in 2013 was 43 percent, while the commercial value of unlicensed software installations was $62.7 billion. It isn’t just revenues lost, but jobs within the software industry as well.
The most common ways software is pirated include:
· Softlifting – You buy software and give it away to friends or businesses, violating the license agreement. This accounts for billions annually. This is also known as End User Piracy.
· Internet piracy – Free downloads of software are rampant on the Internet from a variety of sites.
· Hard-disk loading – Preloaded illegal copies of software on computer hard disks. A common happening typically not recognized as pirating by the end user.
· Software counterfeiting – It might look real but it’s an illegal software duplication. This is the most common type of piracy. Karma often prevails as this piracy sometimes delivers malware with the software.
· Academic software - Academic versions of software cannot be used for commercial purposes or it violates the software license.
When considering the types of software targeted, the Software and Information Industry Association (SIIA) break down the types as follows (see below chart):
Whereas the SIIA data above cites productivity software as the most often pirated, the embedded software industry is not immune. Embedded software is also vulnerable.
According to Christian Légaré, executive vice president and CTO at real-time operating system (RTOS) supplier Micrium, “Piracy is more of an issue for the general RTOS vendors such as Segger and ExpressLogic. Micrium has always made the kernel source code available in an “honor-based” licensing model.” He went on to explain that they recently adopted the same licensing model to all of the company’s software IP.
Légaré added, “Micrium has dealt with piracy of our software from Asia for a long time. While many companies tried and still try to regulate Asia, they come to the realization that their sales office is actually the lawyer’s office. Lawyers, however, will not solve the Asian piracy issue—only commerce can do that.”
Micrium founder, president and CEO, Jean Labrosse agrees. “We introduced an honor-based system when Micrium first opened its doors in 1992, setting a precedent in the industry. While other available real-time kernels were closed source, Micrium was the first source-available RTOS. Now, with Internet of Things rapidly evolving, the industry is again ready for a commercial-grade source-available RTOS.”
Labrosse’s feeling is that, while the industry believes in open source, especially to accelerate IoT development, safety-aware applications require commercial-grade software. Micrium is now making this grade of software available to Makers, requiring only that individuals or companies sign a ‘no nonsense’ licensing agreement stating that there is no commercial intent, and should Micrium’s software be used in a commercial product, they must license it. The opinion at the company is that engineers are basically honest—bolstered by the fact that its source-available model has worked for decades.
Will other types of software vendors attempt to circumvent piracy in the same way? They already are.
In October of 2013 Apple announced OS X Mavericks, iLife and iWorks would be available for a free-of-charge download. The updates were also made available to trial and illegal versions. They commented that they eliminated their legacy software update system for apps. When Mavericks finds legacy apps on a Mac, they are provisioned as a purchase, using an Apple ID—saving time, effort and bandwidth. The change highlights Apple’s move to a systems vs. software approach and efforts to solve software piracy by not being a software company.
Similarly, Microsoft made available a full version of Windows 10 as a free upgrade for Windows 7 and Windows 8 users, extending its offer to software pirates. The company stated that customers over time would realize the value of proper licensing, and that the company would benefit from making the move to legitimate copies easy. Good move, since software pirates have always defeated Windows activation, with the company noting in 2011 only 10% of users in China paid for their software.
For some, it’s a lack of awareness that prompts them to pirate. Others cite the high cost of software, especially in countries with challenged economies. Software piracy rates are mostly higher in Asian and African countries compared to North America and Western Europe. Software piracy is most popular in collectivistic societies where software is purchased by an individual and is shared with others. The availability of pirated software on the Internet is also a factor.
Globally, software piracy is widespread. It is easy to create duplicates of a program using only just one computer—enticing criminals and bolstering efforts from suppliers to find ways to counteract the practice.
A Karmic Response
One study by IDC and the National University of Singapore and sponsored by Microsoft found that malware hits enterprises running pirated software enterprises, and hits them hard. According to David Finn, associate general counsel and executive director of Microsoft’s Cybercrime Center, in 2014 businesses would spend approximately $127 billion dealing with security and $364 billion with data breaches—all as a result of using pirated software. He also stated that two-thirds of the losses were attributable to organized crime, malware courtesy of financially-motivated individuals.
Consumers aren’t off the hook either—with approximately $25 billion in cost and 1.2 billion hours in time lost because of infected systems.
And we wonder why we can’t get a handle on security.