Is stealing software different from stealing hardware?

Stealing PCs is theft pure and simple and you'd expect it to lead to a prison sentence; why do we think differently about software?
Written by Mary Branscombe, Contributor and  Mary Branscombe, Contributor

In court, stealing software gets a very different reaction from stealing hardware. If a company stole the PCs it used to run its business (RAM raiding, shoplifting, breaking and entering or credit card fraud - take your pick), it would be theft pure and simple and you'd expect it to end up in a prison sentence. But if a company doesn't pay for the software that's so critical to its business that it would be out of business without it - and that's something the company directors can't avoid knowing about - most magistrates in the UK don't think that merits more than community service (and barring them from being the director of a company for ten years).

In the summer of 2010, Trading Standards in Swansea made the first ever UK anti-piracy raid on a business under the 1998 Copyright act that makes stealing software a crime. The raid happened after a whistleblower said the directors knew that their business software had been downloaded illegally and John Lovelock, the Chief Executive of FAST was pleased that the council department went after the business: "€œIt is our intention to send a very loud and very clear message to businesses in the area; we will not tolerate intellectual property infringements and if we get evidence of this we will come after you."€ But he was less pleased at the fact that even if convicted, thieves may get little more than a slap on the wrist that effectively condones software theft.

Counterfeit software isn't the big problem for the commercial software industry, according to Lovelock - although it's a tricky problem because while there are actual counterfeiters pumping out fake software (Microsoft has a CSI-style lab in Dublin to help track them down by matching discs to the burners that created them rather like matching bullets to the gun that fired them), he claims many of the counterfeit boxes of software are produced on the same lines as the legitimate stuff, using the same master and the same materials. "They get an order for 100,000 discs, and they just run off 120,000 or 150,000 instead," he told us. With the right holograms and fake product keys, even professional software buyers can have problems telling them apart. The easiest way to deal with that is to buy a product key and download the software, which is conveniently enough the way the market is going.

But the vast majority of 'stolen' software is licensing; people installing ten copies of an app they only have one licence for (or downloading an app that doesn't have copy protection that they don't have any licences for). Is that theft, and - at the risk of sounding old-fashioned - if not, why not?

Is it a protest against unpopular software companies? BP was pretty unpopular over the summer but no-one was filling up their car with petrol and driving off without paying in protest. Is it philosophy? That seems a bit of an insult to the open source companies who both sell software and give it away. Open source is about choice and access, not simply price; free as in speech, not free as in beer.

Downloading software - or music - doesn't 'feel' like a crime when shoplifting a CD or a box of software does; but we often feel that downloading music is different from downloading software. Home taping is skill in music, as we used to say in the 80s - making a mix tape of the charts off the radio or taping an album for a friend was more about sharing music than avoiding the cost of a CD. Hear a track by a new band that you come to love and you're likely to buy the whole album on iTunes. But does pirating a copy of Word make you more likely to pay for Excel next week?

It certainly helps that it's so common; it's like the journalist who commented on the allegations about the News of the World hacking phones by saying "you don't think it's a crime if a ten year old schoolboy can do it". If it's easy and ubiquitous, can it really be wrong? Given that a recent survey says 30% of people who sell things in online auctions would lie abut the goods, public opinion and the law aren't always a good match, and there's a chicken and egg question (how did enough people feel that it was OK to do it that enough of them did it?)

Is that you can't steal something intangible like bits? Leaving aside the box, CD and whatever vestigial manual is in the box, what you're actually taking is the effort it took to create the software. It may cost a pharmaceutical company tuppence to stamp out a pill on the production line, but they spent a few billion developing it in the first place and everyone recognises that - but somehow it feels different. Your identity isn't physical; identity thieves aren't taking your post or your credit card as such - they're taking your credit rating, your reputation, the likelihood that you can actually afford what they're buying in your name. That's not tangible either, but we feel it's a crime.

Is it - and I think this is the crux - that it feels like a victimless crime? That you didn't take the software away from someone else the way you'd be taking a stick of RAM or a mobile phone away from them? That the software companies can afford it? That they wouldn't have made any money because the thief would never have paid for it? That they should just be Google and give everything away and let ads pay for it?

I was reminded while reading the 25th anniversary edition of Hackers that these are questions that have been around as long as there has been software. From the vendor's point of view the open source software model is less vulnerable to this double standard. If you're paying not for the software licence but for support then you have to pay when you need the support...

If we switch from boxed software to downloads and they come through app stores where you have to have an account then stealing software gets more difficult (though certainly not impossible). The move to cloud and software-as-a-service and 'freemium' versions of apps also mean you have to pay before you can use the software (or provide ad revenue instead of paying up front) - and you have to keep on paying. Sure you can get your data out of Salesforce, but try getting your business model out, especially if you've written Apex code.

But unless the PC of the future is going to be as locked down as the iPhone, Trading Standards officers are going to keep on raiding businesses for stealing something that we don't quite think of as stolen.

Editorial standards