Piracy and software protection. Mitchell Kapor.
Software piracy--the illegal duplication of disks and documentation--is clearly a major problem for the software industry. While existing copyright and trade secret laws are generally regarded as adequate, but not optimal, the general lack of seriousness with which they are taken by end users has created an ugly problem and one which, to date, had defied solution.
Too many discussions of software piracy have had the stale flavor of cracker-barrel commentaries on the weather--all complaints, no control. Worse still, solutions proposed by software industry participants over-emphasized technical approaches to the exclusion of educational and other approaches. Such efforts, while clearly well-intentioned, are fundamentally misdirected and serve neither the industry nor end users well. Shoplifting and Piracy
In many ways, software piracy is like shoplifiting. A prudent retailer seeks to control shoplifting, while understanding that seeking to eliminate it entirely is not only unrealistic but contrary to his self-interest. In maintaining an acceptable upper bond on "inventory shrinkage" (a polite term for theft), certain technical measures such as closed-circuit cameras and electronic detection systems can be employed as deterrents. These keep honest buyers honest by reducing the opportunities for successful, casual theft. At the same time, an educational system and a culture which view theft as immoral, the existance of strong laws prohibiting it, prominently posted warning signs, and an advertised willingness to prosecute shoplifters serve to control those who will attempt to steal anyway. The problem of shoplifting is addressed by a mix of methods--some technical, other legislative and enforcement-oriented--coupled with communications which increase awareness of the issue.
Suppose all shoppers were forced to be strip-searched whenever they entered or left a store. Doing that would radically decrease theft, but in a totally unacceptable way. First, the actual dollar cost of such enforcement would be prohibitively high, thereby decreasing profitability.
Second, as anyone familiar with prisons knows, even the most stringent security can not completely eliminate the flow of contraband. Finally, and most importantly, such measures would rightfully be regarded as absolutely unacceptable infringements on the rights of consumers in a free society. In summary, there is a point beyond which theft control measures are too expensive, unworkable, and clearly inappropriate.
The parallels between shoplifting and software piracy should be obvious. The realistic goal of software providers ought to be the control, not elimination, of piracy. Technical efforts alone will clearly not be adequate to the task, though appropriate technical measures ought to be employed. The following points represent an emerging consensus on the technical side of software protection:
* No purely technical approach to software protection can provide a total solution to the problem of software piracy. There is no technical panacea.
* Any technical protection scheme can and will be cracked by technical means.
* The goal for technical protection should be adequacy, rather than completeness. Control of software piracy depends on a multi-pronged effort which balances technical, educational, legislative, and legal enforcement components.
* Whatever technical methods are employed must be minimally burden-some to the user and appropriate to emerging personal computer technology.
* There is a need for software protection, but these standards must be open. Software companies should and must free choice in the selection and implementation of protection technology. Technology vs. Attitude Everytime a so-called "unbreakable" software protection scheme has been examined by experts (at Lotus and other places), relatively modest efforts have succeeded in cracking it. State-of-the-art bit copiers are capable of reproducing even disks that have been physically even disks that have been physically modified so as to be supposedly uncopiable. Exotically named methods such as the laser hole, "weak bits," and "crap in the gap" fail to deliver the absolute protection they promise. Just as the U.S. Patent Office no longer examines applications for perpetual motion machines, the prudent software company shouldn't take seriously any more totally technical solutions. There is no such thing.
Users have a fundamental right not to be burdened by technical protection. With the widespread availability of hard disk based personal computers for the business market, complains are growing that end need to insert a specially encrypted floppy disk at the beginning of a program session is simply not acceptable. The day is not far off when many users may not even have floppy disk drives because they will be doing their personal computing on a workstation attached to a local area network system with shared storage.
Software providers have an obligation to evolve protection methods that are more appropriate to these new environments, not merely more absolute. Fortunately, the industry is beginning to take its responsibilities seriously. New standards for technical protection are beginning to emerge through the work of industry trade associations such as ADAPSO.
As the software industry matures and more fully meets its obligations to users, it is reasonable to expect users to play by the rules by not participating in software piracy and not condoning it in the organizations in which they work. Stronger corporate anti-piracy policies are clearly required. Software companies will take the initiative, not only in technical protection, but also in stimulating a societal awareness of the mutual obligations of buyers and sellers. Only a strong climate of public opposition to piracy as a moral issue will be sufficient to bring the problem under control. I am optimistic that efforts made in good faith by all parties will result in an atmosphere in which more software piracy is no more tolerated than shoplifting or any other form of theft.