The Ethical System Administrator
My editor asked me an embarrassingly difficult question a while back and I've been struggling for an answer. It forced me to consider questions of ethics as well as law. He asked, “What should a system administrator do when he discovers that others in his company are making illegal copies of licensed software?”
Under the laws of most states, nobody has a duty to be a good samaritan. You may remember the Biblical parable of the passerby who came to the aid of a Jew who had been robbed, beaten and left to die on the roadside. The kindness of the Samaritan was particularly admirable because Jews and Samaritans generally were enemies. Under the law, a good samaritan is someone who voluntarily renders aid to another in distress when under no duty to do so.
Since a system administrator doesn't have a legal duty to be a good samaritan, she owes no legal duty to the software vendor who supplied the software to do anything to stop the illegal copying.
Many companies have internal codes of conduct that obligate employees to report illegal conduct to their managers or company executives. If a system administrator fails to report illegal copying of software, she may be in violation of company policy and subject herself to possible termination. I always advise an employee to conduct herself according to the company's own published rules.
If a company doesn't have a published code of conduct, the system administrator should try to understand her company's implied code. Is open cheating tolerated within the company? Do senior managers condone or encourage illegal conduct? I once sued a company on behalf of an employee who was fired for refusing to dump toxic waste into the public sewer system leading to the San Francisco Bay. Unfortunately, as I came to discover, such behavior was sanctioned and encouraged by the most senior executives of the company. In such a company, reporting illegal behavior would be useless.
Would it be useless to report that your company makes unauthorized copies of software? If you were a system administrator for such a company, would you want to continue working for them? Would you want to stay at a company that openly encouraged copyright infringement?
What about a system administrator who herself was making illegal copies of software? She cannot excuse her own illegal act by claiming that her employer told her to do so, because an employee cannot knowingly violate a law and blame her employer for it.
As a practical matter, of course, if there were a lawsuit or a criminal complaint about illegal copying, it probably would be the most senior company official responsible who would be punished, not the low-level employee who was merely following orders. But I would still advise the system administrator not to risk liability by committing an illegal act. It is safer simply to refuse to do so or to quit.
An employee who is asked to perform an illegal act and refuses to do so is protected from retaliation in many states. An employee who reports illegal acts to more senior management or to an appropriate government agency is often protected by “whistle-blower” laws. A company can be ordered to pay substantial damages, including back pay, for retaliating against whistle-blowers.
But what about the ethical dimension to the question posed by my editor? Why do we care if a company makes unauthorized copies of a proprietary vendor's computer software? We don't have a good samaritan duty to help them, so why should we bother ourselves with their problem? After all, one major objective for the Free and Open Source movement is to make software available that can be freely copied, modified and distributed. By definition (e.g., the Open Source Definition, www.opensource.org/docs/definition.php) it is never illegal for a company to make as many copies as it wants of free and open-source software.
If proprietary software companies don't share our ideals, that's their problem and not ours? Right? I'm not so sure that is ethical.
One reason the open-source software model works is that we can rely on the copyright law to enforce our licenses. When a company takes GPL-licensed code and converts it into proprietary software, for example, we can assert the copyright law and sue them for copyright infringement to prevent them from misusing the software. How, then, can we ignore that same law and make illegal copies of proprietary software? Is it ethical to rely on a law to protect our own interests and to violate that same law when it comes to someone else's?
This is one reason why I encourage everyone NOT to make illegal copies of proprietary software. I am willing to let the copyright laws work for me, even as large proprietary software companies use that same law to compete against me.
As an ethical attorney—or at least an attorney who strives to be ethical—I must advise everyone to obey the law. Don't make unauthorized copies of software, and don't just sit idly by when you see others in your company doing so.
Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.
Lawrence Rosen is an attorney in private practice, with offices in Los Altos and Ukiah, California (www.rosenlaw.com). He is also corporate secretary and general counsel for the Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).
Webinar: 8 Signs You’re Beyond Cron
11am CDT, April 29th
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.Join us!
- New Products
- Users, Permissions and Multitenant Sites
- Not So Dynamic Updates
- March 2015 Issue of Linux Journal: High-Performance Computing
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Solving ODEs on Linux
- Non-Linux FOSS: MenuMeters