The Ethical System Administrator

On the question of making illegal copies of proprietary software—why should we care?

My editor asked me an embarrassingly difficult question a while back and I've been struggling for an answer. It forced me to consider questions of ethics as well as law. He asked, “What should a system administrator do when he discovers that others in his company are making illegal copies of licensed software?”

Under the laws of most states, nobody has a duty to be a good samaritan. You may remember the Biblical parable of the passerby who came to the aid of a Jew who had been robbed, beaten and left to die on the roadside. The kindness of the Samaritan was particularly admirable because Jews and Samaritans generally were enemies. Under the law, a good samaritan is someone who voluntarily renders aid to another in distress when under no duty to do so.

Since a system administrator doesn't have a legal duty to be a good samaritan, she owes no legal duty to the software vendor who supplied the software to do anything to stop the illegal copying.

Many companies have internal codes of conduct that obligate employees to report illegal conduct to their managers or company executives. If a system administrator fails to report illegal copying of software, she may be in violation of company policy and subject herself to possible termination. I always advise an employee to conduct herself according to the company's own published rules.

If a company doesn't have a published code of conduct, the system administrator should try to understand her company's implied code. Is open cheating tolerated within the company? Do senior managers condone or encourage illegal conduct? I once sued a company on behalf of an employee who was fired for refusing to dump toxic waste into the public sewer system leading to the San Francisco Bay. Unfortunately, as I came to discover, such behavior was sanctioned and encouraged by the most senior executives of the company. In such a company, reporting illegal behavior would be useless.

Would it be useless to report that your company makes unauthorized copies of software? If you were a system administrator for such a company, would you want to continue working for them? Would you want to stay at a company that openly encouraged copyright infringement?

What about a system administrator who herself was making illegal copies of software? She cannot excuse her own illegal act by claiming that her employer told her to do so, because an employee cannot knowingly violate a law and blame her employer for it.

As a practical matter, of course, if there were a lawsuit or a criminal complaint about illegal copying, it probably would be the most senior company official responsible who would be punished, not the low-level employee who was merely following orders. But I would still advise the system administrator not to risk liability by committing an illegal act. It is safer simply to refuse to do so or to quit.

An employee who is asked to perform an illegal act and refuses to do so is protected from retaliation in many states. An employee who reports illegal acts to more senior management or to an appropriate government agency is often protected by “whistle-blower” laws. A company can be ordered to pay substantial damages, including back pay, for retaliating against whistle-blowers.

But what about the ethical dimension to the question posed by my editor? Why do we care if a company makes unauthorized copies of a proprietary vendor's computer software? We don't have a good samaritan duty to help them, so why should we bother ourselves with their problem? After all, one major objective for the Free and Open Source movement is to make software available that can be freely copied, modified and distributed. By definition (e.g., the Open Source Definition, www.opensource.org/docs/definition.php) it is never illegal for a company to make as many copies as it wants of free and open-source software.

If proprietary software companies don't share our ideals, that's their problem and not ours? Right? I'm not so sure that is ethical.

One reason the open-source software model works is that we can rely on the copyright law to enforce our licenses. When a company takes GPL-licensed code and converts it into proprietary software, for example, we can assert the copyright law and sue them for copyright infringement to prevent them from misusing the software. How, then, can we ignore that same law and make illegal copies of proprietary software? Is it ethical to rely on a law to protect our own interests and to violate that same law when it comes to someone else's?

This is one reason why I encourage everyone NOT to make illegal copies of proprietary software. I am willing to let the copyright laws work for me, even as large proprietary software companies use that same law to compete against me.

As an ethical attorney—or at least an attorney who strives to be ethical—I must advise everyone to obey the law. Don't make unauthorized copies of software, and don't just sit idly by when you see others in your company doing so.

Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.

email: lrosen@rosenlaw.com

Lawrence Rosen is an attorney in private practice, with offices in Los Altos and Ukiah, California (www.rosenlaw.com). He is also corporate secretary and general counsel for the Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: The Ethical System Administrator

Anonymous's picture

Get more information on this issue from the crackmonkey ethics page.

Re: The Ethical System Administrator

Anonymous's picture

I believe you've missed a vital point.

Company ABC obtains a copy or copies of a software package for X amount of currency, safe in the knowledge that they may illicitly make Y copies.

If Y times X is more than ABC can afford, then it is reasonable to assume that had the company been law abiding a cheaper alternative would have been sourced.

A classic case is Photoshop. For all but the most demanding, the Gimp achieves what Photoshop does for free. Yet such is the availability of illicit copies of Photoshop that the Free alternative does not get considered.

Now I think of it, consider the relatively recent uptake of Linux at the expense of Windows XP, attributed in a large part to Product Activation. Is this because users are genuinely incensed about the invasion of their privacy or is it that it is now more difficult to make illicit use of the software?

Open and shut case IMO.

Re: The Ethical System Administrator

dmarti's picture

The more strictly you enforce the licenses of proprietary software, the more incentive you give your company to go with a free alternative.

Adobe Photoshop doesn't have "product activation" or a dongle because they _want_ you to learn on an illegal copy so you will depend on it when you go to work at a place that keeps track of software licenses.

Blow away illegal copies and you break their best marketing tool and create an opening for GPL replecements.

re

Anonymous's picture

INDEED!!! I agree. :)

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix