Software Asset Management (SAM) ITS Offsite Workshop 2002.
-
date post
21-Dec-2015 -
Category
Documents
-
view
218 -
download
0
Transcript of Software Asset Management (SAM) ITS Offsite Workshop 2002.
Software Asset Management (SAM)
ITS Offsite Workshop 2002
Software Asset Management (SAM)
The Whats and WhysOf
Software Asset Management
ByKevin Yau
Senior Computing OfficerInformation Technology Services Office
Agenda
What is Software Asset Management (SAM)?
Global Piracy RaidsCopyright Law in Hong KongPolyU Real Cases of Software
Abuse
What is SAM?
Simply put, SAM is the enforcement of the use of legal software through the use of software management tools
What is Software Asset Management (SAM) ?
SAM is a set of
policies, procedures, technologies, and culture within an organization
to manage the software assets
SAM is an on-going processInitially compliant compliant
forever
SAM is a
Management
Issue, not a
technical
issue
Benefits of SAM
Software licensing is an investment.
An organization typically invests thousands, if not hundreds of thousands of dollars, each year in software acquisition, distribution and use, yet few people recognize its impact on the organization’s mission and goals.
Benefits of SAM
Besides reducing the risk of copyright infringement, proper SAM can maximize the benefits from IT investment– Control software acquisition cost– Avoid unnecessary hardware cost– Control software support cost– Ensure software quality and reliability– Increase employee productivity
Global Piracy Raids
A large-scale synchronized action was taken in Dec 11, 2001 as part of a global crackdown on software trading
Three separate multi-agency US Federal operations, along with law-enforcement counterparts from other countries, executed over 100 search warrants nearly simultaneously worldwide on Dec 11
Seizures were conducted in at least 27 US cities and 6 other countries
Global Piracy Raid at US universities
Piracy raids were carried out at :- – Massachusetts Institute of Technology, – University of California at Los Angeles, – Purdue University, – Duke University, – University of Oregon, – Northeastern University, and – Rochester Institute of Technology
Piracy Raid at MIT
MIT’s Economics Department system administrator was alleged to have illegally distributed computer software from the file servers which he had control
Federal agents seized 3 computers from the Economics Department
US Customs Service investigators questioned the alleged and seized 1 computer from his apartment
Piracy Raid at MIT
The investigators searched through records kept on the seized computers and might charge the individuals who were frequent software buyers as indicated by the server logs
The alleged was reported to have resigned on Jan 4, 2002
Might risk up to 3 years of imprisonment under the Federal Law
Piracy Raid at MIT
The above information is taken from the Tech – MIT’s newspaper on web, Jan 16, 2002, Volume 121, Number 68
http://www-tech.mit.edu/V121/N68/68piracy.68n.html
A Recent Hong Kong Case
A Hong Kong Court ruling on 10 October 2002
Microsoft awarded damages in the amount of HK$ 35,832,570
Against HK computer dealer Able System Development Limited (Able) for selling of unauthorized software
Ref: http://www.bsa.org/hongkong/
Copyright Law in Hong Kong
Earlier Law– Copyright was previously protected in Hong
Kong under the United Kingdom Copyright Act 1956 and the Hong Kong Copyright Ordinance (Cap 39)
Copyright Law in Hong Kong
Copyright Ordinance 1997 (Cap 528)– The HKSAR’s new copyright law came into
effect on 27 June 1997– It provides comprehensive protection for
recognized categories of literary, dramatic, musical and artistic works, films, television broadcasts and cable diffusion, and works made available to the public on the internet
– Only those involved in the commercialized use of infringing works would face criminal charges
Copyright Law in Hong Kong
Loophole in the law– A business, for example, that sold clothing but
used an infringing accounting software might escape conviction as the possession of the infringing software was not for the purpose of trade of the infringing work
– To plug this loophole, the phrase “for the purpose of trade or business” was changed to “for the purpose of, in the course of, or in connection with, any trade or business” in the next law
Copyright Law in Hong Kong
Copyright Ordinance as amended by Intellectual Property (Miscellaneous Amendments) Ordinance 2000 – Came into effect on 1 April 2001– One of the main aims of the amended law is to
combat corporate copyright piracy activities (according to an unofficial estimate, about 50% of all computer software used in business is pirated)
Copyright Law in Hong Kong
Copyright (Suspension of Amendments) Ordinance 2001 (Cap 568)– To address public concern that the amendments
had hampered the dissemination of information in enterprises as well as teaching activities in schools
– Came into effect in June 2001
Copyright Law in Hong Kong
Copyright (Suspension of Amendments) Ordinance 2001– As a result, the criminal provisions in the
recently amended Copyright Ordinance will continue to apply, with a slightly narrowed scope, to computer software, movies, television dramas and music recordings only
Effects of Copyright (Suspension of Amendments) Ordinance 2001
Criminal liabilities– Anyone who knowingly possesses an infringing
copy of computer software, a movie, a television drama or music recording for the purpose of or in the course of any trade or business may be criminally liable
– The maximum penalty of the offence is a fine of $50,000 per infringing copy and 4 years’ imprisonment
PolyU Real Case 1
The PC of a PolyU RA was found to scan the http ports of other users and generate massive traffic on the campus network
When ITS helped the RA to clean the virus on his PC, the PC was found to have installed Simplified Chinese Windows 2000 server which is not licensed
Upon advice from ITS, the CLO of the department warned and asked the RA to remove the unlicensed software
PolyU Real Case 2
Three PCs used for demonstration to the public were bought without the operating system, but Windows (the OS) was installed
The department was advised by ITS to acquire the operating systems for the PCs
PolyU Real Case 3
A department provided 25 licenses of a software to a teaching staff who requested ITS to install them on 40 PCs in the Student Computer Centre so that all 40 students in his class can use the software
ITS advised the staff to acquire 40 licenses and have them installed on only 40 designated PCs
PolyU Real Case 4
Many staff installed a 30-day evaluation copy of WinZip on their PCs, but many used copies that were already expired
ITS acquired sufficient licenses to cover all staff
PolyU Real Case 5
Copyright Raid at PolyU Library By The Hong Kong Customs and Excise
Department on 6 September 2002 A number of books were seized Systematic download of hundreds of e-
journal articles were detected Suspension of Library database
Institutional Risks
Legal responsibilities Tarnish PolyU reputation Pirate software may contain malicious
codes and viruses with the potential to damage your PC and the attached network
Who is responsible for software?
If an organization uses illegal copies of software, criminal charges may be made against the officers of the organization under the concept of “vicarious liability”, even if they are unaware of the actual copying
Also, in contributory copyright infringement instances, management is held liable because it aids or encourages the making of the illegal copies
Will the employees be liable ?
Depending on the circumstances of the case, the following employees responsible for the infringement may also become liable:
– The IT manager of the company who knowingly installs infringing copies of software on his workplace’s computers
– Employees who know the software installed in their computers is infringing copies and continue to use it
This material is extracted from “Frequently Asked Questions – Amendments to the Copyright Ordinance” 2001 and is used with the permission of the Government of the HKSAR.
http://www.info.gov.hk/cib/ehtml/copyright_e.htm
What have PolyU ‘said’ to protect ourselves ?
The following advice were included in the Administrative Note No. 12/01 issued by HRO on 31 March 2001:– Any staff member using pirated computer
software installed in a PC in the University, or in a PC at home for the performance of business in connection with the University would make both the University and the staff member liable of an offence under the amended law
– And ….
What have PolyU ‘said’ to protect ourselves ?
– Heads of Department should ensure that sufficient licenses for the software are acquired for use by all staff in the department, and that staff members in the department do not install pirated software in their office computers
– Staff members are also reminded not to install pirated software in their computers at home
How to ensure compliance with the amended law ?
Advice from the government – Employers should implement proper Software
Asset Management (SAM) measures and ensure that all employees are aware of the requirement that only authorized software should be used.
– Companies should also conduct periodic software asset audit to reduce the employers’ risk of facing prosecution if the company falls under suspicion of breaking the law
The Whats and Whysof SAM
Thank You