Since the 1990s, software piracy has steadily increased globally. Losses from software piracy are multifold—

• There is a significant loss in revenue for software publishers due to piracy, 
• Also, there is an increased risk of malware and cybersecurity attacks due to pirated software, which is significant to any individual or organisation.
• There is damage to reputation risk and brand value if found indulging in piracy. 
• Software piracy also impacts the economy as it slows down the pace of innovation by reducing the amount of money available for developing new products – which now needs to be put towards tackling piracy instead. 

With time, the software industries have ramped up initiatives to rein in piracy as the number of ways to obtain pirated versions has increased. 

Analytics India Magazine caught up with Neha Singh, a client partner at Fractal Analytics, to understand what it takes to measure, regulate and stop software piracy. 

AIM: How big is the problem of software product piracy? 

Neha: Piracy is a massive problem globally. Software, media and entertainment (including gaming) are the worst affected due to piracy. In a software-specific context, the Business Software Alliance Association conducts surveys regularly. The latest of these surveys was conducted in 2018 and stated that 37% of all PC software is pirated. So, essentially, it’s saying that roughly one in every three softwares installed is pirated, which is quite significant. 

Money-wise, the commercial value of pirated software in just the US amounts to USD 20 billion, which is huge. 

We are working with an organisation to help them tackle their software piracy through analytics. The company is a B2B software organisation. For them, the number of pirated software copies globally is twice that of legal copies. Unfortunately, this is likely to be the case for many other popular softwares in the market. 

So, the problem of piracy is a significant one. During COVID, this was further exacerbated as many lost jobs, and people were confined to their homes and hence resorted to options that were easily available and more economical (including pirated versions).

AIM: How do you differentiate between ‘misuse’ of software and piracy? Can these terms be used interchangeably? 

Neha: Software non-compliance is a broad umbrella, and piracy is only a part of it. There are other aspects, like subscription overuse and version misuse, to name a few. For example, an organisation XYZ has taken a licence contract for ‘ABC software with five concurrent users at any time’. But let’s say XYZ has eight concurrent users working with the software. This is out of line with their contract terms and is a type of misuse, but it’s not piracy. So, it’s important to distinguish between misuse and piracy because they’re not synonymous. The actions an organisation may take to address these would be different. However, both need to be tackled as both put a drain on the software publisher’s revenue and fall under the mandate of Licence Compliance teams of software organisations. Hence, a comprehensive solution must include piracy as well as misuse. 

AIM: What are the levers that can be applied to manage piracy? 

Neha: It’s important to understand why piracy happens in the first place. Firstly, many people aren’t even aware that piracy is a criminal offence and that there are consequences for it. People end up with pirated software without intending to do so – due to a lack of better knowledge. They are unsuspecting victims of it and not active offenders. So, educating people about what piracy is and how to identify and evade it needs to be done. Spreading awareness is the first lever. 

Secondly, it is also important to strengthen your software’s engineering and security features so that it is difficult for people to create and circulate pirated copies of it. Enhanced engineering practices can also make tracking pirated software easy. 

Thirdly, we need appropriate laws to curb piracy, but more importantly, these laws must be enforced at local and international levels. However, we must also recognise that taking the enforcement route is incredibly expensive for any organisation and is also very time-consuming and is typically the last resort in most business situations. 

Let us look at a hypothetical scenario. Let us say there is a B2B software company that works with 70 out of the top Fortune 100 companies as their clients. These clients use the software on a daily basis, but there is piracy happening. Taking the legal route will never be the first course of action because it will forever damage the software company’s relationship with such reputed clients. Software companies approach these scenarios as an opportunity to sell more. Suppose a client uses 100 licensed copies of your software A and five pirated copies of your software B, and you have evidence of piracy. In that case, this is an opportunity to expand the contract by adding 5 copies of software B perhaps at a discount. A cost (time, money, relationship, future revenue)-benefit (reducing piracy) analysis needs to be done before deciding to take a legal course of action. 

AIM: How has rapid digitalisation, escalated even more by COVID-induced lockdown, played a role in increased piracy and misuse of software products?

Neha: During the pandemic, many people lost their jobs, which put a financial strain on their ability to purchase legal software versions. So, people just used what they had access to, including (and many times preferring) pirated versions. [From our work, we have observed that piracy grew by around 20% during COVID in certain geographies 

The other thing that happened during the pandemic is that there has been an accelerated movement to the cloud. So, even the software companies creating desktop-based applications earlier, including Microsoft, are moving these applications to the cloud. In general, the industry anticipates that piracy in its traditional form might cease to exist because of this movement to the cloud or this shift to the Software-as-a-Service (SaaS) model. This is also why most organisations are pushing to move to the cloud-based model, as it helps curb piracy. But software misuse (through credential sharing, for example) might increase. Even if that does happen, organisations tend to have better control over managing software misuse because it’s more traceable and falls under the purview of the legal contract that exists. As mentioned earlier, a comprehensive solution is needed that addresses piracy and misuse together, which will also future-proof the solution with respect to the shift to SaaS. 

AIM: Are there specific laws to curb piracy?

Neha: There are quite a few of them in India and on the international level. We have the Copyright Act in India, passed in 1957, and its subsequent amendments that state how to help tackle infringement on intellectual property rights. Cyber digital crime units are being created—there’s one in Maharashtra now — to enforce this act. So, while creating the act is the first part, the other part ensures that it is enforced on the ground level via specialised units. 

On the global front, the WTO or World Trade Organisation has the TRIPS or Council for Trade-Related Aspects of Intellectual Property Rights Agreement. There’s a list of nations that participate in it and follow a common set of IP-related guidelines. The WTO has also formed a dispute management team to resolve issues between the two countries. 

AIM: How can AI help in dealing with software product piracy?

Neha: AI can play a significant role in helping organisations tackle software piracy. Whenever we are working with an organisation to build an AI solution, we take a decisions-backwards approach. We first try to understand what are some key questions the organisation is trying to answer and what are some of the key decisions they want to make. A few questions that a company would like to answer in the context of piracy are: 

• What is the level of piracy globally for the software that they are selling? This is a vital starting point for any organisation to know, and a breakdown of piracy by geography can help prioritise efforts to tackle it.
• Which clients are indulging in piracy, and by how much amount? This should include both evidence-based as well as probabilistic estimates of piracy. 
• Which of the clients are legally inclined (and will easily move to a legal version of the software with the right nudge), piracy inclined (will need a stronger incentive to shift to a legal version) and hardcore pirate (is intentionally so and will never move to a legal version)? 
• How do we best equip our License Compliance team with this information?

To answer some of these questions, we typically start with the telemetry data emitted by the software when installed or used. The telemetry data captures information about the device, IP, security or license key used to access the software, other softwares installed from the same company on the device etc. This data capture is as per the contractual terms of EULA. 

[We combine these various telemetries into master telemetry. Then, we overlay the master telemetry with some additional data around currently active contracts, external data like IP to Geolocation mapping, and IP range to Org mapping. Post this we use a combination of Descriptive statistics (for evidence-based piracy measurement) and Machine Learning as well as Deep Learning techniques (for probabilistic piracy measurement). Finally, these models are further enhanced and strengthened based on the findings of the Licence Compliance team and actions taken by them on the ground (in terms of how much piracy was identified and the strength of action that was taken to convert them). 

The metrics created and the confidence levels are presented to the Licence Compliance team globally through a simple dashboard front end. The entire solution involves a healthy mix of engineering (to create the master data and automated data pipelines), AI (for various piracy measurements) and Design Thinking (through a decision-backwards approach to ensure it is adopted and implemented).