Recently, a friend of mine was the victim of tech support malpractice. To sum it up, a person posing as a freelance technical support professional charged my friend a pretty penny for installing an illegal copy of Windows XP on my friend’s network, and then he disappeared.

I was livid when I heard the story, because that kind of “support” damages the reputations of ethical tech support pros. This week, I’ll share what I learned about software copyright issues when I sought advice from an attorney. I’ll also pass along advice from an information systems auditor on how businesses can avoid violating copyright laws.

No troubleshooting skills and no ethics
The friend who was scammed is a physician. In his office, he has a two-computer LAN running Windows 2000 and a proprietary billing application. The system ran smoothly for as long as the office staff could remember, until, for no apparent reason, the workstation and the server began locking up on an almost daily basis.

The good doctor asked his “computer person,” someone who had repaired his home computer and who works for a local computer support/repair shop, to stop by to troubleshoot (and hopefully resolve) the problem. Instead of diagnosing and fixing the problem, however, the support tech installed Windows XP, picked up his check, and then left without telling the doctor what he had done.

The doctor reached the support person by phone once after that and asked him why he had installed XP. The support person said, “Oh, that was the only way to fix it.”

The problem was, the system wasn’t fixed. It continued to lock up. Furthermore, the support tech didn’t leave behind any CDs or documentation of any kind.

Since that initial office visit, the doctor has left a dozen messages for this freelance support tech, saying things like, “The system is still locking up,” and “I need to know if this copy of XP is legal.” Unfortunately, the untalented, unethical hack cashed his check and disappeared.

Who is the pirate?
While my friend stewed over the way this tech had taken advantage of him, I spoke with J. Allan Cobb, an assistant commonwealth attorney for the state of Kentucky. Mr. Cobb is in charge of prosecuting computer crimes and is the author of one of Kentucky’s current computer crime statutes, Kentucky Revised Statute 434.845, “Unlawful access to a computer in the first degree.” In general, that statute makes it a Class C felony to use a computer to obtain “money, property, or services” under fraudulent pretenses.

Cobb said he would not prosecute the physician’s freelance technical support person for installing an illegal copy of Windows XP. “I’m more concerned with white collar crimes than with copyright violations, which are more a federal area,” he said, referring to the Digital Millennium Copyright Act.

He added, “I did prosecute a guy once who had a hundred illegal copies of PrintMaster Pro. We charged him with criminal possession of a forged instrument, under second-degree felony forgery statutes.”

When I asked about my friend’s illegal copy of Windows XP, Cobb said, “The physician hasn’t technically infringed on Microsoft’s copyright; the support person has. But the physician should go and buy his own copies of the software, and then report the support person to the Business Software Alliance.”

“The BSA functions as a quasi-governmental agency,” Cobb said. “Realistically, they [the BSA] may not spend time going after someone who pirates one or two copies of XP. They’re more interested in the people who copy a piece of software 50 times or 500 times.”

Respecting copyright laws in your organization
If your business is providing freelance technical support services, and if you’re an ethical person, you should never try to save your customers a few bucks by pirating software for them.

But suppose you’re in charge of providing technical support for a small business or a large enterprise. Do you open up the candy store every time an end user asks you to install a new application or upgrade an existing one?

According to Melissa J. Perry, the correct answer is no. Perry is an information systems auditor for a Fortune 500 healthcare provider. Her duties include conducting periodic software audits to determine the organization’s compliance with copyright laws and other federal regulations. According to Perry, copyright statutes aren’t the only laws broken when software is pirated; the Internal Revenue Service may ask how business software is accounted for in the company’s financial statements.

For best practices on managing a company’s software assets, Perry relies on Control Objectives for Information and related Technology (COBIT), published by the Information Systems Audit and Control Foundation (ISBN 1-893209-17-2).

“Businesses need to establish policies that meet the objectives in the acquisition and implementation section,” Perry said. “For example, section 1.13 states that ‘software product acquisition should follow the organization’s procurement policies.’” In other words, no business would procure a company car by stealing it, and neither should a business procure software by pirating it.

Perry goes on to quote the first sentence of section 1.15, which states, “Management should require that for licensed software acquired from third-party providers, the providers have appropriate procedures to validate, protect, and maintain the software product’s integrity rights.”

Resistance (to copyright laws) is futile

For more on this topic, read, “Turning in the thieves,” which tells the story of a company that tried to force its employees to install illegal copies of software onto custom-built computers. To share your opinion on software piracy, please post a comment or write to Jeff.