Rewriting The Script

Copyright infringement of software – also known as software piracy – is an ever-increasing problem for the UK’s software community. As Jamie Longmuir states, this form of criminality is difficult to trace, can be even harder to prevent and, if truth be told, is almost impossible to negate

Research at SafeNet has shown that just over 40% of software producers believe lost revenue due to software piracy has wrought a major impact on their business. Not only can piracy stunt revenue potential, but it can also negatively impact on paying customers who bear the cost of illegal product use as it limits the software community’s ability to be competitive, in turn leading to more expensive but less advanced products.

The problem can affect a wide range of industries, from software vendors and retail companies through to the online gaming crowd. Earlier this year, for example, popular online game Grand Theft Auto fell victim to a software hack that caused a huge disruption to Rockstar Games and its customer base.

Software piracy is facilitated by the abundance of reverse-engineering information now found online which provides easily available tools and knowledge to anyone who wants to find it. In today’s computing environment, software publishers must learn how to prevent the unauthorised use of their software without creating unnecessary obstacles for customers who wish to legitimately purchase and use it for their own purposes.

It’s a well-known fact that most countries have copyright laws in place directly applicable to software. However, the degree of enforcement and compliance varies which makes some countries more ‘fertile’ in terms of infringement practices.

Software vendors who pro-actively protect their software are on the right track, of course, but may not be fully protected against the ever-growing hacking attempts that can compromise their given application’s security.

Misconceptions about piracy

Though software piracy is a well-discussed topic, there are some misconceptions around who it affects and how the issue should be treated. For example, some practitioners believe that software piracy is a ‘victimless’ crime. That assertion couldn’t be further from the truth. According to industry statistics, illegal software use costs developers worldwide over $50 billion every year in lost revenues. In Europe, an average of 66% of the software in use is illegal. In some Asia Pacific and Eastern European markets, meanwhile, over 90% of software remains unlicensed.

Other commentators on this subject are also under the false impression that inexpensive software isn’t copied.

There’s an argument to suggest that software protection isn’t necessary because making software cheaper would reduce the chance of it being copied and pirated. Like life, it’s not that simple. Developing a software product requires a huge investment of time and money which must be continuous. To succeed in tomorrow’s market, developers must invest today.

The argument that people don’t actively copy inexpensive software is evidently false. If you were to check some computers around you today, you’d probably find that most copied programmes are actually the cheaper ones.

When it comes to software protection, there’s a school of thought that this somehow ‘gets in the way’ of the legitimate user. In reality, the new and more sophisticated types of software copy protection actually benefit legitimate end users. Protection works to safeguard the integrity of the software, reassuring the end user that the software cannot be tampered with in any way.

Often, it’s the end users themselves who request the software to be protected so as to ensure that it will not be used illegally in a working environment (an occurrence which could harm their organisation).

One final myth to clear up is that any protection system can be cracked and, as such, software copy protection is useless. Indeed, the first part of that belief is true: any software protection system may be cracked, just as any lock can be picked or any door might be smashed. However, the aim of software copy protection is to provide protection for a reasonable period of time.

Software cannot be protected forever, but it can be protected long enough (ie until a new version of the product is released). This new version should be protected again with a system that was also improved in parallel, thus assuring a long and profitable sales life for the safeguarded application.

Challenge for software vendors

As software pirates continue their attacks, companies are forced to spend additional time cycles and effort patching and plugging their products to defend against those that might steal them. With every cycle that passes, software pirates become more sophisticated and their vectors of attack harder to spot and defend against, especially with the skills required to do so becoming ever-more specialised and scarce.

Software vendors are feeling the pressure from all sides. Customers demand ever-increasing levels of capability from the products they deliver. As budgets strain, they rightly demand more compelling reasons to upgrade or switch from platforms they’re already using.

At the same time, the advent of Software-as-a-Service (SaaS) and the drive towards delivering software in a ‘Pay as you Consume’ format demands that vendors re-evaluate their delivery mechanisms and business models.

Jamie Longmuir

Jamie Longmuir

For many vendors, this means expanding the time it takes to re-engineer their code in order to enable the provision of the product. This has to happen not only in a reliable and scalable manner in the cloud, but also in a fashion which fully enables them to monetise the capabilities that the software product offers. As you can imagine, this is no small task.

As packaged and downloadable software makes way for cloud-based software delivery, what will the counterfeiters do? In what is an underground industry now estimated to be worth around $63 billion (in terms of the value of commercial software), it seems unlikely they will pack up and move on. Rather, the counterfeiters’ pirating techniques will simply keep on evolving.

Can we prevent software piracy?

In order to stop software piracy, we need to look towards software licensing. The problem is many software vendors shy away from software copy protection due to fears that it makes that software more expensive. In truth, this cost is negligible when compared to the losses incurred by developers through software piracy.

By protecting their software – and thereby increasing their revenues – developers can afford to supply better software at competitive prices. For those software vendors who do pro-actively protect their software, this doesn’t mean they are fully protected against the ever-growing hacking attempts that can compromise their application’s security.

A common misconception is that once a certain application is protected and distributed, it’s then completely ‘bullet-proof’ against software piracy and Intellectual Property (IP) theft. It’s crucial that software vendors work with the licensing vendor and/or a copy protection vendor to constantly update and improve levels of security.

Simply incorporating innovative protection and security measures as part of the product lifecycle can greatly contribute towards vendors being steps ahead of potential threats.

Jamie Longmuir is Software Monetisation Expert at SafeNet

 

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts