The informant’s story: I bust my boss to the BSA

The fast-growing company Chris* had put his “heart and soul into” for more than two years was making solid profits with a successful line of specialist devices loaded with proprietary software. It fiercely guarded its intellectual property – despite the fact much of it had been developed using unlicensed software.

By George Nott Jun 25th 2018
iStock-932827098-informant-whistleblower.jpg

It was the hypocrisy that really riled him.

The fast-growing company Chris* had put his “heart and soul into” for more than two years was making solid profits with a successful line of specialist devices loaded with proprietary software. It fiercely guarded its intellectual property – despite the fact much of it had been developed using unlicensed software.

The use of cracked copies of various computer-aided design and enterprise software was an open secret within the company, which then had around 30 employees across offices in two states but has since expanded. “They had no shame,” Chris tells CIO Australia.

So he raised the issue with his manager.

“Don’t you find it ironic that you’re so – as you should be – so keen to protect your IP as far as your software development goes and yet you’re willingly stealing software from which you develop our products?” he says he asked them.

The irony was lost.

“And I thought – are you fucking kidding me? The arrogance and that sanctimony. I just thought – how can you?”

So he decided to dob them in.

A cursory Google search found the BSA, a global advocacy group for the software industry, sometimes known as The Software Alliance. Chris filled out the BSA’s online ‘quick end-user piracy questionnaire’ in minutes, kicking off a chain of events that ended up costing his firm more than $100,000 in one of the highest value unlicensed software settlements in Australia that year.

Drawing the line

Chris is one of a fast growing number of workers across Australia that makes a report against their employer to the BSA. Established by Microsoft in 1988, the Alliance’s membership is made up of the world’s most powerful technology companies, including Adobe, Apple, Amazon Web Services, IBM, Intel, Oracle, SAS and Salesforce.

It acts on their behalf in a ‘bad cop’ role, pursuing companies believed to be using unlicensed software with threats of audits and legal action. The BSA says it has delivered more than $400 million in ‘legalisation revenue’ – most commonly from out of court settlements – to its members since 2010.

Last year in Australia it settled more than $347,000 worth of damages across 28 cases arising from unlicensed software usage. It closed 2016 with a record $589,000 in damages.

To find out about non-compliant companies, the BSA relies heavily on informants like Chris, who provide tip-offs and insider information.

The group told CIO Australia that virtually all settlements (90 to 95 per cent) reached come as the result of an informant’s assistance.

“Informants with reliable information are critical to the BSA program. Copyright infringement is a serious offence, and we need the evidence and cooperation of such informants to bring commercial offenders to justice,” a BSA spokesperson told CIO Australia.

The BSA has in the past aggressively marketed the rewards it offers in return, appealing to disgruntled employees eager to get back at their boss and receive cash in return.

Past campaigns have run on billboards, banner ads and social media using language like ‘Hit 'em where it really hurts’; ‘Bust your boss’; ‘Need a vacation already?’; and ‘Plump up your wallet’.

Although the reward is appealing to some – with up to $20,000 available to informants that provide evidence and witness statements leading to settlements – many are driven by principle alone.

“I’m realistic. People put dodgy software on their computers, but where I draw the line is where that’s done for making profit, and I draw the line again when it’s not just people making profit but when it’s a big company making profit. It’s just so many levels up,” says Chris.

“People seem to see that software theft as not theft at all. It doesn’t feel the same as going and stealing a tangible object… But what surprises me is a company whose main product is actually to do with developing software and code – and they obviously want to protect that because it costs them a lot of money to develop – to then go and steal someone else’s?”

In 2015, the BSA received 73 ‘leads’ from insiders dobbing in their bosses, a figure which rose to 200 in 2016 and 308 last year.

They often prove the trump card in negotiations with suspected software pirates. As the BSA puts it: “The fact that the BSA has an informant is usually appreciated by the employer and sufficient for the matter to settle.”

For the informants the process can be long and arduous. Many run the risk of losing workmates and careers as they covertly gather evidence to be used against their superiors.

“And now that I’ve gone through it,” Chris says, “yeah that risk is real.”

‘Just a couple of copies’

Chris filled out the online form, giving the company’s name and address, an estimate of how many PCs were running pirated or unlicensed software, the types of software used and his contact details.

He hit submit.

“I’d already thought it through for long enough, probably a couple of months before I actually did it,” he says, “So when I hit the send button it wasn’t like ‘oh what have I done’. I’d already hesitated about it.”

He was then contacted by Sydney law firm Harris & Company which pursues cases on behalf of the BSA in Australia, and was Chris’ main contact throughout the process.

They asked him follow-up questions – How many staff are there? Who sits where? Could he sketch the office layout? He then began to gather evidence in the form of screenshots of files and software in use – taking care not to be caught in the act.

It wasn’t easy. Soon after Chris submitted the form, the company was hit with an audit letter which led to a “wiping all computers to make them look squeaky clean”. But the cover-up didn’t last long.

Files were soon made accessible via a central repository where multiple users could make edits.

Chris – usually after hours when most of his colleagues had left for the night – captured screen shots of the repository’s log, showing who submitted which files and when.

“That was pretty damning because I could access that log all the way back to revision one, the very first file that was ever put on the repository. It allowed me to get a pretty concrete beginning date and a pretty comprehensive list of how many people had been doing it. That was the meatiest evidence I was able to get,” he says.

There was a weeks-long period of back and forth between Chris and the legal firm which itself was going back and forth with the company to negotiate a settlement.

Chris was asked to sign off on statements and clear screenshots that had been redacted to conceal his identity. “I was pretty paranoid,” Chris says, “it is a weight on the mind.”

From the legal firm Chris heard how the company was responding, he says.

“Their story went from outright denial of everything at the very beginning to ‘ah well it was a couple of bad staff who have put it on there and management didn’t have any knowledge of it and our company would never steal software’, to ‘ah yeah we did know about it but it was just a couple of copies’,” he says.

Eventually, knowing the legal firm had solid evidence the use of unlicensed software was the norm across the business; the company was “dead to rights,” Chris said.

Chris was preparing to go on the record in a civil proceeding against the company, when he got word a settlement had been reached. He was never told for how much.

“It was a bit of a mix of being happy, but maybe a bit disappointed that I couldn’t find more evidence for them… the company I was working for probably got away with it pretty lightly,” he says.

“I’m pretty sure they would have had a few more skeletons in the closet.”

Over the last four years the total amount won by the BSA in settlements annually in Australia has averaged at $381,000. The settlement with Chris’ firm was among the highest in value that year.

Sense of justice

Chris no longer works for the company and the reward he received for assisting the BSA has nearly dried up.

“It’s helping but that money disappears pretty quick when you’re out of work,” he says.

He is unsure whether the company ever found out it was him who dobbed them in. There may have been “little indicators” that gave him away, he thinks. He didn’t hear from the BSA or the legal firm again, until he was approached to participate in this article.

“I did feel a little bit like ‘we’ve got what we need, thanks for playing, see you later’,” he says.

Nevertheless, he believes it was worth the trouble. That he did the right thing.

“It’s not like they were stealing software to try and save a drowning company. I would have sympathy for them then possibly. But that’s not the case, that’s not what they were,” he says.

“It just really rubs me the wrong way to for them to be preaching about company values and that kind of thing. I have a pretty strong sense of justice and fairness and what is right and for them to be preaching company values when they’re liars and cheats – that just rubbed me the wrong way.”

* Not his real name