Software Asset Management (SAM)

ITS Offsite Workshop 2002

Software Asset Management (SAM)

The Whats and WhysOf

Software Asset Management

ByKevin Yau

Senior Computing OfficerInformation Technology Services Office

Agenda

What is Software Asset Management (SAM)?

Global Piracy RaidsCopyright Law in Hong KongPolyU Real Cases of Software

Abuse

What is SAM?

Simply put, SAM is the enforcement of the use of legal software through the use of software management tools

What is Software Asset Management (SAM) ?

SAM is a set of

policies, procedures, technologies, and culture within an organization

to manage the software assets

SAM is an on-going processInitially compliant compliant

forever

SAM is a

Management

Issue, not a

technical

issue

Benefits of SAM

Software licensing is an investment.

An organization typically invests thousands, if not hundreds of thousands of dollars, each year in software acquisition, distribution and use, yet few people recognize its impact on the organization’s mission and goals.

Benefits of SAM

Besides reducing the risk of copyright infringement, proper SAM can maximize the benefits from IT investment– Control software acquisition cost– Avoid unnecessary hardware cost– Control software support cost– Ensure software quality and reliability– Increase employee productivity

Global Piracy Raids

A large-scale synchronized action was taken in Dec 11, 2001 as part of a global crackdown on software trading

Three separate multi-agency US Federal operations, along with law-enforcement counterparts from other countries, executed over 100 search warrants nearly simultaneously worldwide on Dec 11

Seizures were conducted in at least 27 US cities and 6 other countries

Global Piracy Raid at US universities

Piracy raids were carried out at :- – Massachusetts Institute of Technology, – University of California at Los Angeles, – Purdue University, – Duke University, – University of Oregon, – Northeastern University, and – Rochester Institute of Technology

Piracy Raid at MIT

MIT’s Economics Department system administrator was alleged to have illegally distributed computer software from the file servers which he had control

Federal agents seized 3 computers from the Economics Department

US Customs Service investigators questioned the alleged and seized 1 computer from his apartment

Piracy Raid at MIT

The investigators searched through records kept on the seized computers and might charge the individuals who were frequent software buyers as indicated by the server logs

The alleged was reported to have resigned on Jan 4, 2002

Might risk up to 3 years of imprisonment under the Federal Law

Piracy Raid at MIT

The above information is taken from the Tech – MIT’s newspaper on web, Jan 16, 2002, Volume 121, Number 68

http://www-tech.mit.edu/V121/N68/68piracy.68n.html

A Recent Hong Kong Case

A Hong Kong Court ruling on 10 October 2002

Microsoft awarded damages in the amount of HK$ 35,832,570

Against HK computer dealer Able System Development Limited (Able) for selling of unauthorized software

Ref: http://www.bsa.org/hongkong/

Copyright Law in Hong Kong

Earlier Law– Copyright was previously protected in Hong

Kong under the United Kingdom Copyright Act 1956 and the Hong Kong Copyright Ordinance (Cap 39)

Copyright Law in Hong Kong

Copyright Ordinance 1997 (Cap 528)– The HKSAR’s new copyright law came into

effect on 27 June 1997– It provides comprehensive protection for

recognized categories of literary, dramatic, musical and artistic works, films, television broadcasts and cable diffusion, and works made available to the public on the internet

– Only those involved in the commercialized use of infringing works would face criminal charges

Copyright Law in Hong Kong

Loophole in the law– A business, for example, that sold clothing but

used an infringing accounting software might escape conviction as the possession of the infringing software was not for the purpose of trade of the infringing work

– To plug this loophole, the phrase “for the purpose of trade or business” was changed to “for the purpose of, in the course of, or in connection with, any trade or business” in the next law

Copyright Law in Hong Kong

Copyright Ordinance as amended by Intellectual Property (Miscellaneous Amendments) Ordinance 2000 – Came into effect on 1 April 2001– One of the main aims of the amended law is to

combat corporate copyright piracy activities (according to an unofficial estimate, about 50% of all computer software used in business is pirated)

Copyright Law in Hong Kong

Copyright (Suspension of Amendments) Ordinance 2001 (Cap 568)– To address public concern that the amendments

had hampered the dissemination of information in enterprises as well as teaching activities in schools

– Came into effect in June 2001

Copyright Law in Hong Kong

Copyright (Suspension of Amendments) Ordinance 2001– As a result, the criminal provisions in the

recently amended Copyright Ordinance will continue to apply, with a slightly narrowed scope, to computer software, movies, television dramas and music recordings only

Effects of Copyright (Suspension of Amendments) Ordinance 2001

Criminal liabilities– Anyone who knowingly possesses an infringing

copy of computer software, a movie, a television drama or music recording for the purpose of or in the course of any trade or business may be criminally liable

– The maximum penalty of the offence is a fine of $50,000 per infringing copy and 4 years’ imprisonment

PolyU Real Case 1

The PC of a PolyU RA was found to scan the http ports of other users and generate massive traffic on the campus network

When ITS helped the RA to clean the virus on his PC, the PC was found to have installed Simplified Chinese Windows 2000 server which is not licensed

Upon advice from ITS, the CLO of the department warned and asked the RA to remove the unlicensed software

PolyU Real Case 2

Three PCs used for demonstration to the public were bought without the operating system, but Windows (the OS) was installed

The department was advised by ITS to acquire the operating systems for the PCs

PolyU Real Case 3

A department provided 25 licenses of a software to a teaching staff who requested ITS to install them on 40 PCs in the Student Computer Centre so that all 40 students in his class can use the software

ITS advised the staff to acquire 40 licenses and have them installed on only 40 designated PCs

PolyU Real Case 4

Many staff installed a 30-day evaluation copy of WinZip on their PCs, but many used copies that were already expired

ITS acquired sufficient licenses to cover all staff

PolyU Real Case 5

Copyright Raid at PolyU Library By The Hong Kong Customs and Excise

Department on 6 September 2002 A number of books were seized Systematic download of hundreds of e-

journal articles were detected Suspension of Library database

Institutional Risks

Legal responsibilities Tarnish PolyU reputation Pirate software may contain malicious

codes and viruses with the potential to damage your PC and the attached network

Who is responsible for software?

If an organization uses illegal copies of software, criminal charges may be made against the officers of the organization under the concept of “vicarious liability”, even if they are unaware of the actual copying

Also, in contributory copyright infringement instances, management is held liable because it aids or encourages the making of the illegal copies

Will the employees be liable ?

Depending on the circumstances of the case, the following employees responsible for the infringement may also become liable:

– The IT manager of the company who knowingly installs infringing copies of software on his workplace’s computers

– Employees who know the software installed in their computers is infringing copies and continue to use it

This material is extracted from “Frequently Asked Questions – Amendments to the Copyright Ordinance” 2001 and is used with the permission of the Government of the HKSAR.

http://www.info.gov.hk/cib/ehtml/copyright_e.htm

What have PolyU ‘said’ to protect ourselves ?

The following advice were included in the Administrative Note No. 12/01 issued by HRO on 31 March 2001:– Any staff member using pirated computer

software installed in a PC in the University, or in a PC at home for the performance of business in connection with the University would make both the University and the staff member liable of an offence under the amended law

– And ….

What have PolyU ‘said’ to protect ourselves ?

– Heads of Department should ensure that sufficient licenses for the software are acquired for use by all staff in the department, and that staff members in the department do not install pirated software in their office computers

– Staff members are also reminded not to install pirated software in their computers at home

How to ensure compliance with the amended law ?

Advice from the government – Employers should implement proper Software

Asset Management (SAM) measures and ensure that all employees are aware of the requirement that only authorized software should be used.

– Companies should also conduct periodic software asset audit to reduce the employers’ risk of facing prosecution if the company falls under suspicion of breaking the law

The Whats and Whysof SAM

Thank You