Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

Usage of non-genuine software (counterfeited and pirated) has always been a thorn in the Indian software industry. Research suggests that the current piracy level remains at a staggering 68% in India in 2008. A recent KPMG study has shown that the security implications of deploying non-genuine software includes direct threats that affect the end-user and an organizations security, as well as indirect threats leading to increased cost of protection and remediation. Considering these serious implications, the government is working towards ensuring effective implementation of the legal and regulatory framework, and facilitation of faster and punitive action for non-compliance. The Indian President, Pratibha Patil, has already provided approval to a proposal that will make Maharashtra the first state where selling as well as buying pirated CDs and DVDs will land one in prison. The state government had forwarded a proposal to the Center suggesting that both buyers and sellers be booked under the stringent Maharashtra Prevention of Dangerous Activities (MPDA) Act. Other states are also expected to follow the path taken by the Maharashtra Government. While this is largely focused on film piracy, the government should include non-genuine software also under such laws for more effective mitigation of the security risks arising out of using non-genuine software.

The Charm of Piration
It is the price difference between pirated/counterfeited ones and original programs that attract consumers to purchase the non-genuine copy. Imagine having to spend thousands of rupees for a license of a high-end picture editing software such as the latest Adobe Photoshop CS3, when the pirated copy is available at a mere Rs 150. Pirated versions are not only easily available through physical media like CDs and DVDs, but also through the Internet. In fact with its global reach and continuously increasing penetration, the Internet has become one of the leading channels for acquiring non-genuine software. Several websites and peer-to-peer (P2P) networks offer installable non-genuine software, product keys, and key generators.

The Flip Side
Using non-genuine software may be tempting to those who are not familiar with the risks. What customers generally miss out is the fact that it may be cost-effective in short-term, but can turn out to be a lot more expensive when one considers the long-term effects. At the very least, it can lead to software incompatibility and viruses, driving up maintenance costs, and at worst, it can cost ordinary consumers hundreds or thousands of rupees and lost time due to identity theft and the exposure of personal information. A recent KPMG study has shown that in the context of individuals and businesses, increased vulnerability to malware, damage to reputation, reduced operational efficiencies, and increased total cost of ownership are some of the downfalls of deploying non-genuine software. The security implications of deploying non-genuine software are multi-dimensional for individual computer usersboth direct as well as indirect. Direct impact may include security threats like loss of privacy and data confidentiality arising from phishing attacks, malware and botnets, and ransomware. Indirect security threats of deploying non-genuine software usage include the user unknowingly becoming part of a larger nexus of anti-social elements funding and operating illegal pirated software businesses, and be a part of the network of organized crime.

From a broader macro-economic perspective, the use of non-genuine software has the potential to adversely affect employment, tax revenues, industry growth as well as national security.

The Repercussion
It is a common misconception that use of non-genuine software leads to cost reduction. Non-genuine software can incur significant operational downtimes and maintenance costs, thus making the use of non-genuine software an expensive proposition in the long run.

The potential security implications of deploying non-genuine software are huge. Using non-genuine software can put ones personal information, reputation, and financial security at risk.

Recent report from Symantec1 shows that 82% of threats to confidential information in Asia Pacific Japan (APJ) region were classified as threats that export user data.

Individuals, academic institutions, government sector organizations, and unsecured business environments have become potential victims to the consequences brought about by the usage of non-genuine software. Information security has now become an issue of national importance.

Owing to marginal cost of production, software piracy remains a high margin business and thus, a lucrative mean of generating revenue for anti-social elements. The profit from selling non-genuine software is often used up to fund counterfeit products, prostitution, weapons trading, and possibly even terrorism

Internet has become one of the most common means of obtaining non-genuine software. But most of these products do not come free. Malicious software, or malware, come as a packaged deal with them. The malware infects the host system, and often accesses and sends out sensitive data from the system

Students often spend a lot of time on P2P sharing networks. These networks are a common medium of sharing software and other tools. However, most of the files contain trojans and worms, which can lead to security issues for the academic institutions

In recent times we have seen the governments share of IT spending increase consistently. If one of the departments decides to install a non-genuine software, significant amount of important information would be accessible to the outside community

Any organization or individual caught in the act of copyright infringement can be criminally prosecuted. They can be fined anything from Rs 50,000 to Rs 2,00,000 and a minimum jail sentence of seven days going up to three years can be levied

The Road Ahead
Even though the IT Act, 2000 (and now the IT Amendment Act, 2008) relating to data security and data integrity, and the Copyright Act, 1957 provides protection of intellectual property rights (IPR) in software, implementation continues to pose challenges. A satisfactory solution to the business software piracy problem has proven elusive to the software industry. But this doesnt mean that the concerned authorities have given up.

The Indian government has set up CERT-IN (Computer Emergency Response Team, India) with the charter to become the nations most trusted referral agency of the Indian community for responding to computer security incidents as and when they occur. Many businesses today have created special roles in the ranks of chief security officers (CSO)/chief information security officers (CISO) to limit the hazards of information security threats. By educating users about copyright laws and the benefits of legal software, third-party organizations are striving to create an environment that respects intellectual property rights.

India has witnessed the piracy rate fall by 6% points in the last five years. Though non-genuine software continues to threaten the future of software innovation, with appropriate measures India can fight and overcome this evil. However, this fight cannot be a success without the efforts and contributions of individuals. As long as there is demand for cheap counterfeited and pirated software, there will be suppliers. Even if individual consumers cant stop the production of non-genuine software, they need to stop promoting it.

Despite all measures, the pandemic cannot be controlled if the subjects dont take adequate precautions. Usage of non-genuine software is similar to a pandemic which cannot be controlled adequately if we all the end users dont exercise restraint.

Akhilesh Tuteja
The author is executive director, IT advisory services, KPMG, India
maildqindia@cybermedia.co.in

Page(s)   1