DIGITAL PIRACY

DIGITAL PIRACY: FILESHARING IN THE CORPORATE ENVIRONMENT

Introduction

With an online/digital revolution sweeping the music industry, it is not only the music industry, but companies in general, that need to adapt the way they run their businesses. Online copyright theft is no longer being allowed to run rampant on ISP networks under the guise of technological advancement with countries such as France and Britain today playing a leading role in the protection of intellectual property online. The music sector, but more importantly business in general, needs to accept that the carriers of digital content must play a responsible role in curbing the systematic piracy that is threatening the future of all digital commerce.

A perception exists that the unauthorised copying of music sound recordings only affects the music industry and recording artists. If it was ever the case, the obituary for that particular perception may have passed many companies by, without them taking proper notice of its demise. In the absence of adequate precautions, a company’s computer systems can become an illegal distribution hub for copyrighted material. This raises a number of legal and security risks for both the organisation and its employees. In order to ensure strict compliance with International Auditing Standards, chartered accountants and trainees must ensure compliance by their clients of the provisions of the Copyright Act vis-à-vis the reproduction of sound recordings on their clients’ computer systems. It is most certainly a contravention of the Copyright Act to download music illegally, yet many users disregard this and build up huge, illegal, collections of music. Walking out of a retail store without paying for physical CDs is theft. The principle is no different in the digital environment. Theft is a criminal offence that can put a hard earned qualification at risk. Don’t let this happen to you!

RiSA is the trade association of the South African recording industry and is affiliated to the International Federation of the Recording Industries (IFRI). RiSA’s activities are focused on matters that affect its more than 800 record company members collectively. The unauthorised reproduction of sound recordings is the primary focus of RiSA’s activities. Whereas RiSA has, since its inception, targeted the unauthorised reproduction of sound recordings for commercial purposes in physical format, e.g. Compact Discs, Cassettes etc., its activities also extend to copyright infringements in the digital domain, i.e. internet related activities. Although this article deals with copyright infringement in the digital environment, one should never overlook the ravaging effect that physical piracy has on the livelihood of the music community.

Corporate computer systems: work or play?

In an ideal world, dedicated employees use their computer equipment solely for work-related purposes, and never put their employer at risk (or waste the employer’s time), by downloading inappropriate or unauthorised content. Reality is rather different. In terms of the South African Copyright Act, as well as the relevant legislation in virtually every country, it is unlawful to copy or distribute someone else’s copyright material on the internet without their permission. Record companies and artists have a direct financial concern when theft of their copyright works is facilitated over the networks of corporate organisations. That is why the print and broadcast media report on legal action instituted against organisations and individuals that violate copyright on ‘file-sharing’ and other networks.

Security breaches

Quite apart from the legal risks that a company exposes itself to by allowing the unauthorised copying of copyright material by its employees, it also runs serious risks to its company data, confidentiality and IT security. Illegal websites and unlicensed ‘file-sharing’ services – the source of much illegal music, film, software and other copyrighted material – are notorious sources of computer viruses. These destructive elements can crash individual computers and spread through a company’s network.

A ‘file-sharing’ network exposes a company to a multiplicity of security risks. Because ‘file-sharing’ software typically demands an open port between the user’s computer and the internet, it creates a hole in the firewall that is used for network security. In times of sophisticated corporate espionage, the risk involved is more than a mere nuisance. The downloading of music files can also use up gigabytes of a company’s server and PC hard discs – capacity that is intended for business activities.

IFPI recently reported that research conducted by Ipsos-MORI for IFPI in the UK in November 2007 indicated that “one in ten office employees is using the workplace to download music, two thirds of them illegally, exposing their employers not only to computer network risks, but to legal risks too”.

RiSA urges the accountancy profession to note this potential threat and take the necessary steps to protect their clients’ IT systems. There are a number of steps that companies can take to manage the risks associated with unauthorised downloading. The following steps have been proposed by IFPI, and are endorsed by RiSA, as good governance guidelines in addressing the unauthorised copying of copyright material, via the internet, in the office environment:

1. Set a company policy
   Users, managers and IT personnel need to understand that unauthorised copying and transmission of someone else’s music or other works is copyright theft, which the organisation does not condone. This is best implemented in your organisation’s policy manual and terms and conditions of employment.
2. Take copyright inventories
   Many organisations already audit their systems for certain types of copyright material, particularly software. Inventories should also include music and other major types of copyright material. Music files are typically 3–5 megabytes in size, stored in .mp3, .wma or .wav format, and often found in\my music or\shared directories.
3. Delete unauthorised material
   Commercial recordings of music and movie DVDs are virtually never licensed for corporate or other multiple copying, or licensed for internet distribution, except through recognised, legitimate services. You should ask for and keep evidence to show that any copies of copyright material are legal. ‘Private copy’, ‘fair use’, ‘fair dealing’ and ’evaluation copy’ or other such excuses do not apply to corporate or internet copying.
4. Control file-sharing
   Many organisations ban unauthorised software installations and ‘file-sharing’ activity on their corporate machines as an easy way of reducing copyright and security problems. Software programs like freeware Digital File Check can scan for, block or remove file-sharing software from personal computers (obtainable at http://www.ifpi.org/dfc/downloads/dfc.html).
5. Set firewall rules
   Your internet firewall can be configured to screen out infringing files and illicit services in a number of ways. Particular internet addresses, ports or protocols on which ’file-sharing’ typically occurs can be blocked. Commercial vendors also offer sophisticated software that can selectively filter copyrighted material.
6. Control wireless access
   You should be sure that wireless connections to your network and the internet are encrypted and secure, so that these connections are not hijacked for illegal purposes. Wireless hub software lets you set access codes and the desired level of encryption.
7. Watch traffic levels
   Network monitoring software, which may have been supplied with your network equipment, allows you to check whether users or devices are hogging bandwidth. Check traffic ‘hot spots’ to see if there is a system problem or illegal activity taking place.
8. Maintain virus protection
   Anti-virus software can screen out rogue files containing viruses, spyware or other damaging material, and should be installed on every computer. Vendors update this software regularly to take account of new viruses. You should be sure that all copies of anti-virus programs are run regularly and kept up to date.
9. Maintain spyware protection
   Similarly, a range of commercial software programs can find and remove spyware, adware and similar programs from your organisation’s machines. Anti-spyware programs should be run and updated regularly.
10. Designate a compliance officer
    Someone in your organisation should be responsible for protecting against copyright theft on your systems. The person needs to be sufficiently senior (such as the IT or finance director) to insist on ongoing compliance with your organisation’s policy, to remove illicit material promptly, and to deal with notices and disciplinary actions should they arise.

Even though record companies, artists, governments and even some Internet Service Providers themselves, are beginning to accept that the carriers of digital content must play a responsible role in curbing the unauthorised copying of music over the internet, internet users and their employers must take responsibility for ensuring that they protect their own businesses from avoidable security and legal threats.

The accountancy profession has a vital role to play in protecting the interests of its clients and ensuring compliance with the provisions of the Copyright Act, 1978.

Bibliography

1. IFPI Digital Music Report 2008 http://www.ifpi.org/content/section_resources/dmr2008.html
2. IFPI Copyright and Security Guide for Companies http://www.ifpi.org/content/section_resources/copyright-guide-2005.html

David du Plessis is the Operations Director at RISA and Chairperson of SAMPRA.