Vulnerabilities / Threats
05:59 PM

Half Of Computer Users Admit To Pirating Software

Software pirates typically are young and male and live in emerging economies, where obtaining legal copies of software isn't always easy, finds Business Software Alliance study.

More than half of computer users around the world say they've pirated software, typically by installing more copies of an application than their license permits, or by downloading the software via BitTorrent or other file-sharing networks.

That finding comes by way of a new study commissioned by the Business Software Alliance (BSA) and conducted by Ipsos Public Affairs, which surveyed 15,000 computer users in 33 countries about their software-buying--or alternative forms of procurement--practices. Overall, the commercial value of pirated software was $59 billion in 2010, but rose to $63 billion in 2011, which the BSA says was driven by the majority of PC shipments now going to emerging countries, including China, Russia, India, and Brazil. Notably, those countries have the world's fastest-growing technology markets, but also some of the highest levels of software piracy.

Although 57% of respondents said they've pirated software, according to the study, "frequent software pirates are disproportionately young and male, and they are more than twice as likely to live in an emerging economy as they are to live in a mature one." On average, these emerging-economy pirates also install nearly four times as many applications as "frequent pirates" in more mature economies.

[ Do Android developers make less money from paid apps than iOS developers because of piracy? See Android Survey Highlights Piracy Problem. ]

The United States, the world's largest software market, racked up 2011 software sales of about $42 billion, and had the world's lowest rate of piracy--just 19%. At the other end of the spectrum, China generated software sales of about $3 billion in 2011, but had an illegal software market worth $9 billion, making for a 77% piracy rate.

The amount of money spent on new PCs also highlights just how little some countries collectively spend on software. For example, the average PC in China, sans monitor, costs $542. But last year, according to market researcher IDC, China saw just $8.89 of legal software sales per PC, compared with $33.79 in India, and $120.22 in the United States.

Unclear provenance might help account for the higher levels of software piracy in emerging economies. "For example, a comparatively low two-thirds of computer users in emerging economies trust that the software available for sale in retail stores is likely to be legal. That skepticism is not unreasonable. Indeed, in many emerging markets, users would often be right to assume that stores are stocked with illegal copies of name-brand software," said the study.

The survey also found a marked discrepancy between how people view intellectual property rights, and their software-buying habits. "There's a mile-wide gap between what people say they believe in principle, versus what they do in practice," said Robert W. Holleyman II, president and CEO of the BSA, in a phone interview. For example, across all markets, 70% of respondents "agreed with the concept that they should be paying innovators for new software that comes to market--so it's essentially asking people, do you believe in intellectual property rights, without using that term, which they might not know," he said.

"At the same time, 57% of those users admit that they're acquiring and using unlicensed software," he said. But potential penalties seem remote, as only 15% of "frequent pirates" in emerging markets--and 20% in mature markets--"think the risk of getting caught is a reason for not doing it," he said.

"Now, if 57% of consumers said that they shoplift, you'd really see a dramatic increase in the public response--education, law enforcement, people who are shopping legitimately getting up in arms abut this," he said. But the same isn't true of software piracy, much of which occurs in business settings. "The biggest cause--and candidly, the most correctable cause--is when otherwise legitimate enterprises have some valid licenses, but exceed the allowed license numbers."

As with shoplifting statistics, the BSA study didn't examine whether people would have paid for the software they installed without a valid license. Instead, it just looked at the value of software that was being used, but which hadn't been paid for. The BSA study also didn't just assess the piracy rates of software from U.S. producers, but from around the world, including India and China.

Some researchers have painted the piracy problems in countries such as China, India, and Brazil as a market failure, rather than a legal one, but Holleyman criticized that analysis. "I can assure you, having spent time in both markets, it's not under any stretch of the imagination a distribution problem. The problem especially in China is that there's no disincentive, there's effectively no sheriff in town establishing that there's a risk for organizations that use the software of being caught and punished," he said.

What's the best way to crack down on software piracy? The BSA continues to pitch the issue as a business problem, as well as warning about the information security hazards of using any software of unknown provenance--for example, obtained via peer-to-peer networks.

More recently, the industry association also has started highlighting the unfair competitive advantage afforded to countries with businesses that don't pay as much for their software. "President Obama has made it a big issue for the U.S. and China, and it's not just because it affects the software industry, but because it affects every business; software is a tool for production," said Holleyman.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
5/16/2012 | 7:00:52 AM
re: Half Of Computer Users Admit To Pirating Software
Is piracy the bigger concern? Or is it computer security? Courses like this one on computer security would make you believe it is the latter. Yes, piracy is a profitability and business sustainability concern - but a over and above the thought of a third world war happening in the electronic space - not so sure.
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio