Risk
11/17/2011
03:50 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Pirated Software Hurts U.S. Jobs, Economy, Microsoft Says

Companies that use illegally copied software put more scrupulous competing companies--and countries--at a disadvantage, Microsoft argues in its latest anti-piracy push.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Thursday was Play Fair Day, and on this Microsoft-created annual event designed to remind people about the problems associated with intellectual property theft, Microsoft released a study showing that software piracy in Brazil, Russia, India, and China creates an aggregate competitive disadvantage of $8.2 billion over five years for companies that play by the rules.

In other words, firms that don't rely on stolen software pay more to operate, making them less competitive.

For Chinese firms using legitimate copies of Windows, the study's findings translate into annual harm of $837 million, enough to construct 66 manufacturing plants or hire 217,000 employees (at a salary of $3,857 each).

The message might seem to be that crime pays, but of course it's the exact opposite: Microsoft doesn't get paid. Microsoft's challenge is to get more people, particularly in emerging markets, to recognize theft of intellectual property as a crime.

[ Find out what Microsoft has up its sleeve for its next operating system. Read Windows 8 Promises Fewer Annoying Restarts. ]

"We're losing a lot of money from people stealing our IP," said Bonnie MacNaughton, senior attorney in the Microsoft legal affairs department and head of the company's anti-piracy team in the U.S.

MacNaughton, other members of Microsoft's anti-piracy team, a supply chain management expert from Stanford's Knight Management Center, and a principal from the consultancy that conducted Microsoft's study, met over dinner with members of the press in San Francisco, Calif., on Wednesday evening to discuss the company's evolving effort to combat unauthorized Microsoft software.

Play Fair Day, an event known as Consumer Action Day since its 2008 inception, comes at time when intellectual property issues are at the forefront of regulatory discourse. An intellectual property protection bill recently introduced in the House of Representatives, the Stop Online Piracy Act (SOPA), is being fought by Internet companies--Microsoft doesn't yet have an official position--that fear it will undermine the safe harbor protections that protect them from being held liable for the actions of their users. And the Computer & Communications Industry Association, a tech industry trade group, testified Wednesday before the Congressional Executive Committee on China about how Chinese censorship constitutes an unfair trade barrier. Also, earlier this month, 39 state attorneys general said they intended "to address the unfair advantage that results when foreign and other manufacturers use stolen information technology, including pirated software, to illegally slash their costs."

That's the approach Microsoft is taking and it represents something of a new strategy. It is focusing on software piracy's economic impact on businesses and governments rather than emphasizing crime and litigation. The company's strategic shift makes sense given the ongoing global economic difficulties. Now more than ever, a message that pirated software endangers jobs is likely to resonate with policymakers, and perhaps even with a public that isn't entirely convinced of the evils of copying without authorization.

The problems associated with illegally copied software have been well-known for years: Pirated software can be unreliable and insecure, and it enriches scofflaws at the expense of those who worked hard to create it.

Pirated software is also rampant: About 41% of software worldwide is pirated, according to a 2008 IDC study. The problem is more acute in emerging markets, which just happen to be places where Microsoft sees the most potential for growth.

And it is compounded by extreme price pressure: Microsoft's hardware partners in emerging markets have been selling "naked" PCs--computers without the Windows operating system--to reduce the retail price of their devices from, say, $450 to $400. This not only deprives Microsoft of Windows license revenue but also leads to brand damage and increased support costs--buyers of bargain PCs still tend to blame the hardware maker and Microsoft when their illegal copy of Windows has problems.

Yet, if some businesses see an economic incentive to rely on unlicensed software, there are also incentives pushing in the opposite direction. Jeff Marowits, principal at Keystone Strategy, the consultancy commissioned by Microsoft to conduct the study, noted that even in environments where software piracy is up in the 80% range, some companies recognize the business case for playing by the rules, particularly if they expect to do business internationally. Some emerging markets are starting to see things that way too.

"The new twelve year plan [in China] is very much focused on moving up the stack," he explained. "They don't just want to be differentiated by low labor costs; they want to create things and come up with ideas and monetize those. And in order to do that, you need to protect intellectual property."

The situation appears to be similar in Russia, which has been sending business leaders and politicians to Silicon Valley in the hope of learning how to foster innovation at home more effectively.

MacNaughton characterized Russia as one of the emerging markets where Microsoft has made the most progress in terms of fostering an interest in protecting intellectual property. She also noted that governments have an additional incentive to promote authorized software sales: tax revenue. "Governments are losing billions of dollars and tens of thousands of jobs for not having a legal software industry," said MacNaughton.

"As soon as you want to get into the innovation business, you will respect ideas," said Marowits.

Indeed, with BRIC countries seeking to sell more than cheap labor, piracy rates have been coming down in emerging markets over the past five years. China still has a ways to go--the software piracy rate has come down from 90% a few years ago to 78%, according to MacNaughton. But growth of PC sales in China hasn't been matched by proportional growth in software license sales, which means that Microsoft is losing more potential revenue than it was when the piracy rate was higher.

Although cyber criminals continue to keep one step ahead of investigators--Peter Anaman, senior program manager for online piracy in Microsoft's legal affairs department, noted that software pirates had begun hiding their servers using Tor encryption software in response to more aggressive takedowns--Microsoft isn't about to give up. In two months or so, the company expects to open a investigative analytics center devoted to tracking piracy around the globe.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.