P1: IML/FFX P2: IML/FFX QC: IML/FFX T1: IML
Software ̇Piracy ̇OLE ̇revised WL040/Bidgolio-Vol I WL040-Sample.cls June 20, 2003 13:8 Char Count= 0
304 SOFTWAREPIRACYdownloaders. Finally, even if the legal action is success-
ful, an individual uploader may not have the means to
pay the penalties, and the software company would have
to be satisfied with a moral victory.
Prosecution of the online service provider (OSP) used
as an intermediary for software piracy may be a viable op-
tion. OSPs operate the computers on which reside bulletin
board systems (BBSs), Web pages, newsgroups, and chat
rooms, all of which can be used to exchange pirated soft-
ware. U.S. courts have held OSPs responsible for the copy-
right infringement activities of their customers under the
notions of contributory or vicarious liability. Contributory
liability is applicable if the OSP knew about the infringing
activity and took no action to prevent it. Vicarious liability
can apply if the OSP knowingly made available the means
to commit infringements, even if it did not monitor or en-
courage the infringing activity itself. In response to the
threat of legal action, many OSPs now enforce strict poli-
cies against infringing activities by their users, although
undoubtedly much pirating activity still goes undetected.
Prosecution of the OSP has several practical advan-
tages from the point of view of the software maker: the
OSP is an established firm that is easily identified, the
amount of damages that can be sought is large, and in
the event of a successful suit the OSP is likely to have the
resources to pay the judgment.
A recent development that makes prosecution of the in-
termediary harder is peer-to-peer (P2P) file sharing. The
novel idea behind a P2P service is that the files to be down-
loaded do not reside on a central server, but on the com-
puters belonging to the users of the service. The central
server, if there is one, only acts as a go-between by main-
taining lists of what files the users have made available for
download by others. Once a user has located a particular
file on another user’s machine, the file is exchanged di-
rectly from the one machine to the other without any fur-
ther involvement on the part of the server. P2P file sharing
was pioneered by Napster, which was originally designed
to allow users to share music files in MP3 format. How-
ever, the P2P protocol can be used equally well to share any
sort of digital content and many of the newer P2P services
support the sharing of software. Some have also adopted
an even more decentralized structure that is much less
susceptible to legal action.Technical Protection Mechanisms
Because legal protections alone have not sufficed, soft-
ware makers have devised various technical mechanisms
to prevent the unauthorized copying of their products.
The most commonly used protection mechanisms rely
on a special key code that must be entered by the user
during the installation process. Typically this key code is
provided along with the installation medium in each soft-
ware package. Key codes do not prevent softloading, be-
cause there is nothing to prevent the user from installing
the same software on multiple machines. The user can at
least be limited to using the software on one machine at
a time by means of a key disk or a dongle. A key disk is a
special diskette or CD, provided along with the software,
that must be inserted into the disk drive during opera-
tion of the application program. The program queries the
key disk from time to time to continually verify the user’sauthorization. For the key disk to be effective, of course,
it must be difficult to copy by the means at a typical user’s
disposal. A drawback of key disks is that they prevent the
disk drive from being used for other purposes while the
application is in use. A related alternative is the dongle, a
device that attaches to the parallel, serial, or USB port of
the computer. As with a key disk, the application queries
the dongle as it runs. Dongles are relatively expensive, typ-
ically adding $20 to $30 to the cost of an application, so
they are only practical for high-end software.
Media-limited installations are a way to prevent soft-
loading. In these schemes, the installation program counts
how many times the application has been installed and
refuses to exceed the limit. This method requires the in-
stallation medium, or at least a component of it, to be
writeable. Also, in order for the protection to be effective,
the medium must be difficult to copy by standard means.
Mechanisms such as key disks and media-limited in-
stallations were suitable during the 1980s when most soft-
ware was distributed on floppy disks. As applications grew
in size and distribution on CD became the norm, these
methods were less appropriate. Also, any copy protection
scheme that would prevent legitimate uses such as making
archival backup copies or reinstalling the software after
a hardware failure irritated customers. The result of the
consumer backlash against copy protection was that by
the early 1990s, relatively few packaged software applica-
tions that were being sold included any protection other
than an installation key code.
Protection measures that rely on special hardware,
whether key disk, uncopyable medium, or dongle, are not
well suited to the present time when much software is
distributed via the Internet. Often, the software can be
downloaded freely, but contains a “time bomb” that will
deactivate it after a trial period such as 30 days. Before
that period expires, the customer must register and pay
for the software, obtaining a key code that renders the
installation permanent.
Unfortunately for the software producers, all of the
methods that they have invented to deter the unautho-
rized use of their products can be “cracked,” or circum-
vented. Copy protection schemes suffice to keep the av-
erage user, who has no knowledge of the inner workings
of software, honest. It is virtually impossible to devise a
scheme that a skilled and dedicated cracker cannot defeat.
There is a whole underground society of crackers, individ-
uals who vie to be the first to defeat the copy protection
of a newly released program. They are very knowledge-
able about computers and programming and are often
as skilled as the programmers who produce the software.
Some crack programs as a hobby, others do it for profit.
Cracking a program typically involves reverse engineer-
ing the binary code, taking it apart to find where the key
code is checked or the dongle is interrogated, and bypass-
ing or disabling these sections. If the protection scheme
involves cryptography, this only adds to the challenge.
Cryptography is the science of scrambling the contents
of a file in such a way that it can be unscrambled only by
using a secret, randomly chosen key. It is a practical im-
possibility to crack a well-designed modern cryptographic
system by sheer guesswork, even using the fastest avail-
able computers. However, a fundamental problem facing