From ZDNet: Most businesses are aware of the repercussions of using pirated or counterfeit software; however, with the consumerisation of IT, many employees may be opening up their employers to increased liability without the business even knowing it.
Speaking to ZDNet, Business Software Alliance (BSA) chair Clayton Noble said that while businesses that are purposely doing the wrong thing could extend their liability to their employees by providing pirated software to their staff, the opposite is also true, where employees could place the business at risk.
He said that companies that fail to put in place proper policies to ensure its software is genuine and licensed could be putting themselves at risk of “authorising infringement” by allowing their employees to use pirated software for work.
“The person that commits the copyright infringement is liable under Australian copyright law, but also under Australian copyright law, any business or person that authorises the infringement is itself liable for the infringement.”
While each company’s IT department may be well aware of how each piece of software’s end-user licence agreement dictates its use, this understanding could be different for individual employees who, upon purchasing an application, do not realise, or may have forgotten after they’ve installed it, that it may not be suitable for commercial use.
“Some offer, for example, student licences that are for use by students only in connection with their education, and if a student brings a device into the workplace and starts using it commercially, it may be that the person is breaching their licence and breaching copyright. [In that case] the business will be infringing copyright by authorising that by not having proper checks on whether the software used for the benefit of its business is being properly licensed.”
Noble said that the best way to ensure that the business and its employees are in the clear is to conduct regular checks of employee devices, but highlighted that whether or not the device is supplied by the employer, a degree of sensitivity is needed, since these devices often contain personal information.
“It may be that businesses who permit people to use their own devices, or as part of that policy, say that…in exchange for that is the understanding that the business is going to have to look at your device to check that what you’re bringing on to work systems is safe, secure, and genuinely licensed. That’s a really tricky issue for IT managers to deal with.”
Noble also highlighted that pirated software makes the already complex issue of securing the corporate network from any security holes in personal devices even more complicated. He said that in some cases, the process of circumventing checks for genuine software has also meant that software could not be updated to patch security holes.
“Sometimes it has malware embedded in it, because the criminal syndicates that engage in piracy and distribution and creation of pirated software sometimes also make money by distributing botnets, distributing keylogging software, [and] all sorts of other security risks that a user who installs pirated software may not be bargaining on.”
Microsoft’s own 2011 study (PDF) into the security of pirated versions of its operating system found that about a quarter of all illegal installations were either already infected with malware out of the box, or downloaded and installed malware upon first finding an internet connection.