Risk
11/17/2011
03:50 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Pirated Software Hurts U.S. Jobs, Economy, Microsoft Says

Companies that use illegally copied software put more scrupulous competing companies--and countries--at a disadvantage, Microsoft argues in its latest anti-piracy push.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Thursday was Play Fair Day, and on this Microsoft-created annual event designed to remind people about the problems associated with intellectual property theft, Microsoft released a study showing that software piracy in Brazil, Russia, India, and China creates an aggregate competitive disadvantage of $8.2 billion over five years for companies that play by the rules.

In other words, firms that don't rely on stolen software pay more to operate, making them less competitive.

For Chinese firms using legitimate copies of Windows, the study's findings translate into annual harm of $837 million, enough to construct 66 manufacturing plants or hire 217,000 employees (at a salary of $3,857 each).

The message might seem to be that crime pays, but of course it's the exact opposite: Microsoft doesn't get paid. Microsoft's challenge is to get more people, particularly in emerging markets, to recognize theft of intellectual property as a crime.

[ Find out what Microsoft has up its sleeve for its next operating system. Read Windows 8 Promises Fewer Annoying Restarts. ]

"We're losing a lot of money from people stealing our IP," said Bonnie MacNaughton, senior attorney in the Microsoft legal affairs department and head of the company's anti-piracy team in the U.S.

MacNaughton, other members of Microsoft's anti-piracy team, a supply chain management expert from Stanford's Knight Management Center, and a principal from the consultancy that conducted Microsoft's study, met over dinner with members of the press in San Francisco, Calif., on Wednesday evening to discuss the company's evolving effort to combat unauthorized Microsoft software.

Play Fair Day, an event known as Consumer Action Day since its 2008 inception, comes at time when intellectual property issues are at the forefront of regulatory discourse. An intellectual property protection bill recently introduced in the House of Representatives, the Stop Online Piracy Act (SOPA), is being fought by Internet companies--Microsoft doesn't yet have an official position--that fear it will undermine the safe harbor protections that protect them from being held liable for the actions of their users. And the Computer & Communications Industry Association, a tech industry trade group, testified Wednesday before the Congressional Executive Committee on China about how Chinese censorship constitutes an unfair trade barrier. Also, earlier this month, 39 state attorneys general said they intended "to address the unfair advantage that results when foreign and other manufacturers use stolen information technology, including pirated software, to illegally slash their costs."

That's the approach Microsoft is taking and it represents something of a new strategy. It is focusing on software piracy's economic impact on businesses and governments rather than emphasizing crime and litigation. The company's strategic shift makes sense given the ongoing global economic difficulties. Now more than ever, a message that pirated software endangers jobs is likely to resonate with policymakers, and perhaps even with a public that isn't entirely convinced of the evils of copying without authorization.

The problems associated with illegally copied software have been well-known for years: Pirated software can be unreliable and insecure, and it enriches scofflaws at the expense of those who worked hard to create it.

Pirated software is also rampant: About 41% of software worldwide is pirated, according to a 2008 IDC study. The problem is more acute in emerging markets, which just happen to be places where Microsoft sees the most potential for growth.

And it is compounded by extreme price pressure: Microsoft's hardware partners in emerging markets have been selling "naked" PCs--computers without the Windows operating system--to reduce the retail price of their devices from, say, $450 to $400. This not only deprives Microsoft of Windows license revenue but also leads to brand damage and increased support costs--buyers of bargain PCs still tend to blame the hardware maker and Microsoft when their illegal copy of Windows has problems.

Yet, if some businesses see an economic incentive to rely on unlicensed software, there are also incentives pushing in the opposite direction. Jeff Marowits, principal at Keystone Strategy, the consultancy commissioned by Microsoft to conduct the study, noted that even in environments where software piracy is up in the 80% range, some companies recognize the business case for playing by the rules, particularly if they expect to do business internationally. Some emerging markets are starting to see things that way too.

"The new twelve year plan [in China] is very much focused on moving up the stack," he explained. "They don't just want to be differentiated by low labor costs; they want to create things and come up with ideas and monetize those. And in order to do that, you need to protect intellectual property."

The situation appears to be similar in Russia, which has been sending business leaders and politicians to Silicon Valley in the hope of learning how to foster innovation at home more effectively.

MacNaughton characterized Russia as one of the emerging markets where Microsoft has made the most progress in terms of fostering an interest in protecting intellectual property. She also noted that governments have an additional incentive to promote authorized software sales: tax revenue. "Governments are losing billions of dollars and tens of thousands of jobs for not having a legal software industry," said MacNaughton.

"As soon as you want to get into the innovation business, you will respect ideas," said Marowits.

Indeed, with BRIC countries seeking to sell more than cheap labor, piracy rates have been coming down in emerging markets over the past five years. China still has a ways to go--the software piracy rate has come down from 90% a few years ago to 78%, according to MacNaughton. But growth of PC sales in China hasn't been matched by proportional growth in software license sales, which means that Microsoft is losing more potential revenue than it was when the piracy rate was higher.

Although cyber criminals continue to keep one step ahead of investigators--Peter Anaman, senior program manager for online piracy in Microsoft's legal affairs department, noted that software pirates had begun hiding their servers using Tor encryption software in response to more aggressive takedowns--Microsoft isn't about to give up. In two months or so, the company expects to open a investigative analytics center devoted to tracking piracy around the globe.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3541
Published: 2014-07-29
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

CVE-2014-3542
Published: 2014-07-29
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) is...

Best of the Web
Dark Reading Radio