Software Piracy: How much should you tolerate?

Is software piracy always bad? Is there any amount of piracy that you should tolerate, or even embrace? What determines how much, if any?

First of all, no one can deny that by the very nature of software being a binary set of bits, at some point, given enough effort and CPU cycles, a determined hacker can figure out a way to circumvent and/or disable even the most ingenious protection schemes. OK, I said it. It’s out there.

Piracy vs. Overuse
But, piracy is not the same as “overuse.” Most people would define software piracy as the deliberate attempt to use or resell software without paying the legitimate software publisher for a license. With piracy, there are usually two offending parties in the transaction: the hacker (seller) and user (buyer).

Overuse, on the other hand, can be inadvertent or unintentional. It represents software usage in excess of what’s allowed in the user’s license agreement. So, although the software was paid for, it was used in an unauthorized way. These two scenarios (overuse and piracy) are really very different, and can be addressed by publishers and users in a variety of ways.

What determines a software publisher’s approach?
How software publishers view and handle piracy and overuse varies widely. The diversity of viewpoints and approaches reflects various factors, including:

  • per-license prices,
  • product complexity and deployment model,
  • customers’ expectations and technical capabilities,
  • copyright laws in target markets,
  • presence of an in-house legal staff,
  • product maturity,
  • market share, and many others.

Popular Approaches
Overwhelmingly, software publishers whose products are highly valuable on a per-seat basis, such as engineering, design, simulation, etc., use a “keep honest users honest” approach. This strategy uses integrated licensing software (e.g., The Reprise License Manager) to enforce license policies that are described within license files or keys.  The key encodes license counts (for concurrent licensing), maximum allowable version, license and maintenance expiration dates, machine-ID, etc. into digital signatures that prevent license tampering or replication of the license. This model does not strictly prevent hacking, but gives users a sense of what they are entitled to, and it keeps users within the bounds of the “terms of use” of their vendors’ license agreements. Equally important to these end users is the knowledge that compliance is being enforced “automatically,” without the extra expense of proprietary reporting or auditing tools to monitor usage.

Other Strategies
Companies who write small inexpensive applications like iPhone apps and PC utility programs often tolerate and sometimes embrace overuse as a way to increase market share and product awareness.  Once the product is well established, these same vendors may later release a less-than-fully-featured version with a licensing technology, and enable the full-blown version with a license key.

Business applications like CRM, ERP, etc. are often licensed with integrated technology that counts users and controls where the software can deployed (locked to a hostid). But, many of these vendors have consultative relationships with their customers, so overuse is tolerated, but it is later measured via an agreed-upon auditing mechanism.  Most recently, these same companies are beginning to deploy their applications as Software As A Service (“SaaS”) or cloud-based, hosting the software and controlling access via an authenticated user login process. Software licensing can still play a role here as a mechanism to encode license rights into tamper-proof keys.

For the truly trusting types, licensing can still merely play a compliance role for customers who prefer a self-policing model, ie. a kinder and gentler licensing model.

Making Use of Hacked Versions
Recently, “phone-home” systems have been developed by Reprise Software partners, VI Labs and Arxan. These vendors offer software hardening technology that can detect if a software product has been hacked. This technology has been adapted to report back the coordinates of the users of hacked software to the publisher, thereby helping them to uncover new potential revenue opportunities.

The take-away point is that by using electronic or embedded software licensing technology, software vendors can optimally address an undeniable truth – software overuse and piracy.

Leave a Reply

Your email address will not be published. Required fields are marked *