Software Piracy and Copyright

Infringement

Information Security Office

The key to security awareness is embedded in
the word security

SEC-
-Y

Information Security Office

 What is “Information Security”?
To decide whether a computer system is “secure”, you must
first decide what “secure” means to you, then identify the
threats you care about.

Safeguard
Identity Confidentiality identity and
Theft password

Email Reputation

Virus Availability

Integrity Copyright

Information Security Office

What is Security Awareness?

Security awareness is recognizing what

types of security issues and incidents
may arise and knowing which actions to
take in the event of a security breach.

Most security incidents can be prevented.

Information Security Office

 What is Expected of You?
During your typical day, you may
be exposed to situations where you
may become aware of an attempt
to breach an area of security.

You need to be prepared to:

Protect
Detect
React
Information Security Office
 So How Do We Start?
Be aware or beware
Know how to identify a potential issue
Use sound judgment

Learn and practice good security habits

Incorporate secure practices into your everyday
routine
Encourage others to do so as well

Report anything unusual

Notify the appropriate contacts if you become aware of
a suspected security incident

Information Security Office

Don’t copy that floppy…(or MP3 file)!

Movie http://global.bsa.org/usa/antipiracy
/tools/business.phtml

Information Security Office

 What Is Software Piracy?
Software piracy is unauthorized copying,
distributing or downloading of copyrighted
software. Three of the most common forms of
software piracy are:
 End-user copying: Organizations installing or
using software on more computers than they are
licensed to support.
 Distribution: Selling or distributing illegally copied
software, including counterfeit products.
 Downloading: Making unauthorized copies from
the Internet.

Information Security Office

 Types of Piracy
End User Piracy:
This occurs when a company employee reproduces
copies of software without authorization. End user
piracy can take the following forms:

 Using one licensed copy to install a program on multiple

computers;
 Copying disks for installation and distribution;
 Taking advantage of upgrade offers without having a legal
copy of the version to be upgraded;
 Acquiring academic or other restricted or non-retail
software without a license for commercial use;
 Swapping disks in or outside the workplace.

Information Security Office

 Types of Piracy (cont’d)
Client-Server Overuse:
This type of piracy occurs when too many employees
on a network are using a central copy of a program at
the same time. If you have a local-area network and
install programs on the server for several people to
use, you have to be sure your license entitles you to
do so. If you have more users than allowed by the
license, that’s “overuse”.

Information Security Office

 Types of Piracy (cont’d)
Internet Piracy:
This occurs when software is downloaded from the
Internet. The same purchasing rules should apply to
online software purchase as for those bought in
traditional ways. Internet piracy can take the following
forms:
 Pirate websites that make software available for free
download or in exchange for uploaded programs;
 Internet auction sites that offer counterfeit, out-of-channel,
infringing copyright software;
 Peer-to-Peer networks that enable unauthorized transfer of
copyrighted programs.

Information Security Office

 Types of Piracy (cont’d)

Hard-Disk Loading:
This occurs when a business who sells new computers
loads illegal copies of software onto the hard disks to
make the purchase of the machines more attractive.
The same concerns and issues apply to Value Added
Resellers (VAR) that sell or install new software onto
computers in the workplace.

Information Security Office

 Types of Piracy (cont’d)
Software Counterfeiting:

This type of piracy is the illegal duplication and sale of

copyrighted material with the intent of directly
imitating the copyrighted product. In the case of
packaged software, it is common to find counterfeit
copies of the CDs or diskettes incorporating the
software programs, as well as related packaging,
manuals, license agreements, labels, registration
cards and security features.

Information Security Office

Information Security Office
Software Piracy: What You Should
Know

Whether you call it borrowing, copying,

sharing, or “fair use,” software piracy is
illegal and puts the University of Arizona’s
students, faculty, and staff, as well as the
University itself, at risk for legal action.

Information Security Office

 What Is the Economic Impact of
Software Piracy?
Software piracy contributes to lost sales, jobs,
wages and tax revenues. It denies software
developers a return on their substantial
investment of time, money and creativity and
harms consumers and the industry as a whole.
 2001 - piracy cost the worldwide software
industry $11 billion in lost revenue.
 In the United States the industry lost $1.8 billion
in 2001, and more than 111,000 jobs, $5.6 billion
in lost wages and $1.5 billion in lost tax revenue.

Information Security Office

 What Are the Penalties for
Pirating Software?
In most countries, organizations can be held liable
when employees copy or download unauthorized
software.

 Penalties include damages, fines and even criminal

sentences. But there are other consequences as well. N
 Networks may be exposed to viruses.
 In the United States, infringers face civil damages up to
$150,000 for each program copied.

Information Security Office

Software Piracy: Statistics and Facts
More than one third of adult Internet users say they have
downloaded commercial software online without paying for
all the copies they made. (Source: “Quantifying Online Downloading of
Unlicensed Software – Survey of Internet Users,” IPSOS Public Affairs, May 2002)

25% of users who download software say they never pay

for it. (Source: IPSOS, May 2002)

Last year, piracy cost the software industry an estimated

$11 billion. (Source: “2009 Global Software Piracy Report,” International
Planning and Research Corp., June 2002)

The loss to the economy has significant impact, including

more than 111,000 jobs lost, $5.6 billion in lost wages and
more than $1.5 billion in lost tax revenue. (Source: “2001 State
Software Piracy Study,” International Planning and Research Corp., October 2002)

Information Security Office

 10 Reasons Why It’s Important
To Be a Responsible Software User
10. Copying software undermines policies against
taking University property.
9. Proper software management saves time and
money, and makes a computer user more
productive.
8. Unlicensed software is one of the prime sources of
computer viruses that can destroy valuable data.

7. Unlicensed software is more likely to fail,

leaving computers and their information
useless.
Information Security Office
6. You can expect no warranties or support for
unlicensed software and you won’t have access to
inexpensive upgrades.
5. The cost of software piracy settlements usually far
outweighs the cost incurred by a company using
legitimate software.
4. In some circumstances, you leave the organization
vulnerable to raids and seizures of evidence,
including computers, disk drives, and other
equipment.

Information Security Office

3. In 2002, BSA investigated more than 500
companies. In the past 11 years, BSA has
recovered nearly $90 million in penalties from
software pirates.
2. Software piracy can lead to stiff fines of up to
$150,000 per copyright infringed and civil and
criminal prosecutions.
And the number one reason you should ensure
that the software you are using is compliant
with U.S. Software Copyright Laws?
Software Piracy Is Theft!

Information Security Office

 Individual Risks
of Pirated Software

• It often lacks key elements of documentation and

lacks warranty protection or upgrade options
• These untested disks may be infected with viruses
• Can put yourself and company at risk by pirating a
product protected by Copyright law

Information Security Office

 Software Piracy

Ensure that you only obtain software

through approved methods and install it
in accordance with licensing of the
specific software.

Let’s look at some common questions in this area…..

Information Security Office

Common Questions and Answers
Is it legal to copy software from your PC
to your laptop?
The END USER LICENSE AGREEMENT will specify
whether you are able to. If the EULA does not contain
this clause, then you cannot make a second copy.

Can I make a second copy of my

operating system software for my home,
PC?
Usually, the right to make second copies of software only
applies to some application products and not to operating
system software, like Windows 2000.

Information Security Office

How will anyone know that I have
illegal software?
It happens more often than you might think, through honest
employees and students, routine software audits, technology
support professionals, network administrators, software
publishers and piracy watchdog groups.

Your office computer is University property. So too, is your

connection to the Internet via the campus network. We are
committed to making sure that our systems are running legally
licensed software and that this network is not supporting
software piracy in any form.

Information Security Office

When my computer was delivered, it
had software installed on it. Is this
software already legally licensed?
Yes, if it was ordered and/or delivered by a reputable
company or reseller (i.e. Dell, Gateway, etc.). All computer
systems deployed by such entities are legally licensed for all
applications on of shipment and should come with supporting
documentation.

If your computer came from another source, review the

licenses and documentation to verify the software's
legitimacy. If you're buying a used computer, all installed
software should come with license agreements, registration
and original installation disks and manuals. Call Support
Systems to evaluate and/or remove any software that you
can't verify.

Information Security Office

I want to use some software but the
publisher is out of business. Is it okay
to get a copy from my friend?
No. All software is copyright-protected, and the copyright is
enforceable for 95 years, no matter what. Your best bet is to
ask the copyright holder for written permission to copy the
software.

Information Security Office

The University of Arizona
Policy Governing Use and
Duplication of Computer
Software

https://sitelicense.arizona.edu/copyright.html

Information Security Office

 Copyright Infringement

The unauthorized duplication of copyrighted

material, such as books, music, movies, artwork,
photographs, and other types of intellectual
property, as such materials are known.

The use of University resources to duplicate

or distribute unauthorized copies of
copyrighted materials is strictly prohibited.

Information Security Office

 Copyright
Copyright law gives authors, artists, composers, and
other such creators the exclusive right to copy, distribute,
modify, and display their works or to authorize other
people to do so.

Works are protected by copyright law from the very

moment that they are created - regardless of whether
they are registered with the Copyright Office and
regardless of whether they are marked with a copyright
notice or symbol (©).

Information Security Office

 Copyright (cont’d)
That means that virtually every e-mail message,
Usenet posting, web page, or other computer work
you have ever created - or seen - is copyrighted.
If you are not the copyright owner of a particular e-
mail message, Usenet posting, web page, or other
computer work, you may not copy, distribute, modify,
or display it unless:
 Its copyright owner has given you permission to do so; or
 It is in the "public domain"; or
 Doing so would constitute "fair use"; or
 You have an "implied license" to do so.

Information Security Office

 Copyright (cont’d)
It’s usually easy to tell whether you have permission
to make a particular use of a work - the copyright
owner will have told you so expressly, either in writing
or orally - but it’s not always so easy to tell whether
the work is in the public domain or whether what you
want to do constitutes fair use or is covered by an
implied license.

Information Security Office

 Copyright (cont’d)
Placing a work on the Internet is not the same
thing as granting that work to the public domain.
A work found on the Internet, like a work found
anywhere else, is in the public domain only if
 its creator has expressly disclaimed any copyright
interest in the work, or
 it was created by the federal government, or
 it is very old.

Information Security Office

 Copyright (cont’d)
P2P direct connections utilize an astounding
amount of network bandwidth, that clogs and
overwhelms the system.
Results in
• network-wide slowdowns,
• hardware failures,
• Loss of e-mail service,
• shared network drive failures,
• Internet service interruptions - all these problems can
be partly traced to the negative effects of network
overload due to illegal downloading of copyrighted
material

Information Security Office

 Copyright (cont’d)
P2P programs can also leave a computer
vulnerable to use by hackers as a means of
masking their activities.

Information Security Office

 Rule of Thumb for Public
Domain Music
 Works published in the United States with a copyright date of
1922 or earlier are in the public domain in the United States.

 Copyright protection outside the USA is determined by the

laws of the country where you wish to use a work. Copyright
protection may be 95 years from publication date, 50 to 70
years after the death of the last surviving author, or other
criteria depending on where the work was first published and
how the work is to be used.

Information Security Office

 DATE OF WORK PROTECTED FROM TERM

Created 1-1-78 or after When work is fixed in Life + 70 years1(or if work of

tangible medium of corporate authorship, the
expression shorter of 95 years from
publication, or 120 years from
creation2

Published before 1923 In public domain None

Published from 1923 - 63 When published with 28 years + could be renewed

notice3 for 47 years, now extended by
20 years for a total renewal of
67 years. If not so renewed,
now in public domain

Published from 1964 - 77 When published with 28 years for first term; now
notice automatic extension of 67
years for second term

Created before 1-1-78 but 1-1-78, the effective date Life + 70 years or 12-31-2002,
not published of the 1976 Act which whichever is greater
eliminated common law
copyright

Created before 1-1-78, the effective date Life + 70 years or 12-31-2047

1-1-78 but published of the 1976 Act which whichever is greater
between then and 12-31- eliminated common law http://www.unc.edu/~unclng/p
2002 copyright ublic-d.htm

Information Security Office

In very general terms, a particular use of a work is
"fair" if:
 it involves only a relatively small portion of the work,
 is for educational or other noncommercial purposes, and
 is unlikely to interfere with the copyright owner’s ability to
market the original work.

A classic example is quoting a few sentences or paragraphs of

a book in a class paper. Other uses may also be fair, but it is
almost never fair to use an entire work, and it is not enough that
you aren’t charging anyone for your particular use. It also is not
enough simply to cite your source (though it may be plagiarism
if you don’t).

Information Security Office

An implied license may exist if the copyright owner has acted in
such a way that it is reasonable for you to assume that you may
make a particular use. For example, if you are the moderator of a
mailing list and someone sends you a message for that list, it’s
reasonable to assume that you may post the message to the list,
even if its author didn’t expressly say that you may do so. The
copyright owner can always "revoke" an implied license, however,
simply by saying that further use is prohibited.

Facts and ideas cannot be copyrighted. Copyright law protects

only the expression of the creator’s idea - the specific words or
notes or brushstrokes or computer code that the creator used —
and not the underlying idea itself.
• it is not copyright infringement to state in a history paper that the
Declaration of Independence was actually signed on August 2,
1776.

Information Security Office

Exactly how copyright law applies to the Internet is
still not entirely clear, but there are some rules of
thumb:

You may look at another person’s web page, even though

your computer makes a temporary copy when you do so,
but you may not redistribute it or incorporate it into your
own web page without permission, except as fair use may
allow.

You probably may quote all or part of another person’s

Usenet or listserv message in your response to that
message, unless the original message says that copying is
prohibited.

Information Security Office

You probably may not copy and redistribute a private e-
mail message you have received without the author’s
permission, except as fair use may allow.

You probably may print out a single copy of a web page

or of a Usenet, listserv, or private e-mail message for
your own, personal, noncommercial use.

You may not post another person's book, article,

graphic, image, music, or other such material on your
web page or use them in your Usenet, listserv, or private
e-mail messages without permission, except as fair use
may allow.

You may not copy or redistribute software without

permission, unless the applicable license agreement
expressly permits you to do so.

Information Security Office

 Copyright Infringement
Copyright and the Web
http://uaweb.arizona.edu/council/copyright.shtml

Information Commons and Library users are expected to

respect Copyright and intellectual property rights. For a
summary of applicable laws, see
www.library.arizona.edu/copyright/
http://dizzy.library.arizona.edu/library/type1/libraryservices/data/copyright.html

Library Contacts
Eulalia Roel
626-5516 [email protected] (Primary Contact)
Karen Williams (DMCA Agent)
621-6433 [email protected]

Information Security Office

 Summary
Common sense, some simple rules and a
few pieces of technology can help you
protect yourself.

Important to remember that by protecting

yourself, you're also doing your part to
protect the University

Information Security Office

Final Thoughts
If not you,
who?
If not now,
when?

Information Security Office

Resources at the University
of Arizona
Kerio Firewall
https://sitelicense.arizona.edu/kerio/kerio.shtml

Sophos Anti Virus

https://sitelicense.arizona.edu/sophos/sophos.html

VPN client software

https://sitelicense.arizona.edu/vpn/vpn.shtml

Policies, Procedures and Guidelines

http://w3.arizona.edu/~policy/

Security Awareness
http://security.arizona.edu/~security/awareness.htm

Information Security Office

 University Information Security Office
Bob Lancaster
✔UniversityInformation Security Officer
✔Co-Director – CCIT, Telecommunications
✔[email protected]
✔621-4482

Security Incident Response Team (SIRT)

✔[email protected]
✔626-0100

Kelley Bogart
✔Information
Security Office Analyst
✔[email protected]
✔626-8232

Information Security Office