Connecticut's policy for responsible software management and control.
Since the introduction of the personal computer in the early 1980s, software has proliferated as a business tool, and software piracy has proliferated with it. Despite the federal copyright laws in place, many users of both office and home computers are unaware that borrowing or sharing software without holding an end user license agreement (EULA) is illegal. This "harmless" sharing is widespread and generally thought to be safe from penalty, but software piracy law enforcement is gaining momentum. Two industry groups in particular, the Software Publishers Association (SPA) and the Business Software Alliance (BSA), engage in dozens of enforcement actions every year. Two recent examples are described below.
* The City of Philadelphia, Pennsylvania, recently paid more than $120,000 to settle claims it illegally installed software on computers at its offices of air management systems and environmental health services. The illegal software use was uncovered by BSA. In announcing the settlement, the organization said, "Software piracy in the government sector is a problem that is pervasive throughout the country."
* When an anonymous tip led SPA to discover that the Ohio Lottery Commission was using unlicensed software, the state agreed to destroy all the illegal software and buy licensed replacement copies instead of facing further legal action. The investigation also led to Ohio's first statewide software audit.
To contain piracy in software, SPA, founded in 1984, maintains software public policy enforcement and education. BSA was founded in 1988 and enforces international public policy, education and enforcement programs in 65 countries throughout all of the Americas, Europe, and Asia. Their missions have been to advocate for strong intellectual property protection for legitimate business software. SPA represents 1,200 member companies producing 85 percent of the U.S. revenues in software. SPA filed lawsuits at a rate of two a week, receiving $5 million in settlements in 1995. BSA has filed more than 600 lawsuits worldwide. According to SPA, piracy costs the American software industry nearly $13 billion a year ($3 billion in the United States, $10 billion internationally), as shown in Exhibit 1. This amount exceeds the combined revenues of the 13 largest software companies. Piracy hinders the growth and innovation of the software industry, and its customers bear the burden of these losses.
For governments, software pirating represents both an internal property control problem and a public policy dilemma. The piracy of software results in lost jobs and wages, not to mention the penalties, potential for viruses, and lack of documentation and support from its creators. This problem is exacerbated by the fact that 78 percent of employees nationwide have little or no knowledge of computer misuse laws and 72 percent are not warned that computer use may be monitored. By 1985, 84 percent of corporate America had written policies on computer misuse. The State of Connecticut had none.
A Software Policy for Connecticut
State agencies in Connecticut during the past five years increased the use of personal computers by adding $42.3 million in new software licenses (Exhibit 2). Many agencies made personal computers available to all members of their staff. At the state comptroller's office, for example, there was a five-fold increase: from 50 computers to 250. In order to take full advantage of this equipment, several types of software were purchased, from simple word processing and spreadsheet programs to the more job-specific statistical, project management, and database programs. As there were no established standards for software usage, purchasing, and inventory, this proliferation rendered state agencies unable to monitor and control usage in the workplace.
The Connecticut State Comptroller's Office recognized in 1994 that the unregulated use of software meant that state agencies were wasting money on software inappropriate for an agency's needs or that had dubious business value. Software was being used by employees but was not licensed by the state. Software was documented as purchased but could not be located during an audit. The state also was made aware - through information provided by the SPA - of its liability for fines associated with software copyright violations for improper or illegal use.
A policy had been established in 1989 for the recording of state-owned software. It stated that an inventory of software must be maintained and that licenses for the software should be kept in a central location for audit purposes, but it did not address issues of software licensing or proper software deployment. Five years later, in the first single audit of the state, a citation was made concerning material weaknesses in Connecticut's property control.
In response to the audit findings, the comptroller's office began developing a revised state property manual that would also address software copyright issues. The multiagency task force that was assembled quickly recognized the need to protect the state from misuse of computer equipment and to publish a new policy manual specifically addressing the control of software. This new task force was made up of representatives from all of the central authorities (the department of administrative services, office of policy and management, and the state comptroller's office), the judicial and legislative branches of government, the office of the state auditor, the attorney general's office, and higher education. A representative from one small and one large agency were chosen for their expertise in data processing. This committee met for one year to craft the policy that was published in 1996.
Exhibit 1 ESTIMATED VALUE OF SOFTWARE PIRACY WORLDWIDE Value of Pirated Percentage Software Increase/ Year (billions) Decrease 1996 $11.2 -16% 1995 13.1 9 1994 12.2 -5 1993 12.8 Source: Software Publishers Association
Recommendations made by the committee members resulted in a policy that carried the approval of the highest officials in state government. The state comptroller, the secretary of the office of policy and management, and the commissioner of the department of administrative services jointly signed the statewide policy that was endorsed by the software management policy task force. This three-party agreement was important in that it presented a united front in enforcing the policy. The policy was incorporated into the statewide information technology plan and, in compliance with the guidelines of the software policy, was made a prerequisite for approval of agencies' orders to purchase data processing equipment, software, and services. This gave the policy a great deal of weight.
Exhibit 2 SOFTWARE AND HARDWARE PURCHASES BY THE STATE OF CONNECTICUT Software Licenses Hardware Installment Purchases Year (millions) (millions) 1996 $9.7 $52.0 1995 9.9 47.8 1994 9.3 55.4 1993 7.0 34.1 1992 6.4 30.2 1991 5.0 37.6 Source: State of Connecticut Expenditure Recap Reports
In Connecticut, accounting and property-control policy is promulgated by the state comptroller's office. Since it was decided that software policy would be considered property-control policy, the policy services division of the comptroller's office wrote, published, and distributed the directive. To assure that distribution was made to key agency staff, manuals were mailed specifically to those individuals whose agencies had designated them as data processing administrators.
The manual instructs agencies to:
* maintain controls over the use of authorized and/or licensed software,
* establish and maintain a software library or libraries and a software inventory,
* comply with the provision set forth in the Copyright Act, U.S. Code, Title 17 governing software license agreements,
* perform a self-audit,
* develop an educational program/action program for state employees so they can meet both legal and state policy requirements when using software in their work environments, and
* conform to a new software code of ethics.
In crafting the guidelines for software usage, Connecticut officials found helpful partners in SPA, BSA, and a major software vendor. SPA provided information on copyright laws and reviewed a draft of the manual. All three presented information at a seminar hosted for State of Connecticut data processing administrators. SPA also provided an independent review of a draft of the manual and praised it as the best it had seen.
Members of the software policy task force recognized that employees and administrators needed to be educated so they would understand their responsibilities under the new policy. For the 70,000 state employees, a flier explaining copyright law and its importance was distributed [ILLUSTRATION FOR EXHIBIT 3 OMITTED]. This flier was sent to each agency for inclusion with each employee's paycheck. A seminar was held with several speakers from a computer software company and from the national software publishers associations, the director of the Connecticut information technology office, and a representative of the state auditors. The attendance rate at the seminar was 90 percent of the state agencies, and the question-and-answer session lasted for a full hour.
Ongoing Policy Development
With the publication of the manual and the completion of agencywide training, questions on applying the policy began to pour in.
* How is this applied by educators who bring their own software when teaching courses?
* Can one agency make unused software available to other agencies?
* How can an agency determine if its plan is adequate to meet state policy guidelines?
It became obvious that the complexity of software and technology issues would make it difficult for one person to know all the best answers and that a statewide organization would be needed to answer the questions and to continue developing policy in the evolving field of information technology. The software management standing committee was chartered to meet this need. It comprises the same members of the task force that had originally crafted the software policy. The committee began operation in August 1996. It has reviewed each agency's plan for implementation of the software policy, and it is currently struggling with issues of Internet usage, access, and piracy. Privacy versus security is another heated issue. Having a multiagency committee collaborating on software developments strengthens the condition of the state's financial systems.
The overall awareness by state agencies that they must deal with the control and use of software in a responsible manner has produced several tangible and intangible benefits for the state.
* Agencies can better manage software resources by having uniform and defined regulations to follow.
* Agencies are developing software utilization standards for control purposes.
* Agencies have been prompted through software awareness programs to incorporate software virus protection into their control procedures.
* Employees are being made aware of the value of software and of their legal and ethical responsibilities when using it.
* The possibility for imposition of fines for improper or illegal use of software has been greatly reduced.
Controlling software use in an organization with 70,000 employees, seven diverse businesses, and $219 million in installment purchases of computer equipment in the last five years is not easy. It requires the cooperation of management, employees, vendors, and auditors. Education is crucial if software users are to follow vendors' agreements. Vendors, on the other hand, must become more proactive in developing other means to control the unauthorized use of software.
Although the future directions of data processing technology are unclear, what is clear is that it is the way states will be conducting business. Using information technology to its full capacity will benefit state operations and citizens in many ways. Ensuring that software developers are paid equitably for their intellectual resources is an important part of safeguarding these technological resources.
CONNECTICUT'S SOFTWARE POLICY IMPLEMENTATION PLAN
* Policy established for recording of state-owned software.
* Task force assembled to draft new policy manual specifically addressing software copyright and control.
* New policy published and incorporated into statewide information technology plan.
* Agencies instructed to control use of authorized/licensed software and to instruct employees on policy requirements.
* Education seminars held and brochures distributed to promote policy.
* software management standing committee chartered to answer questions and continue developing policy
JEANNE BERUBE is director of the policy evaluation and review division of the Connecticut Office of the State Comptroller and is responsible for setting and monitoring state accounting policy. She is a graduate of the University of Massachusetts, holding a master of management science degree, and is a corporate fellow of Hartford Graduate Center. Her e-mail address is email@example.com. A copy of the manual is also available on the Connecticut State Comptroller's web site at http://www.state.ct.us/otc/softmpm/mpmtitl.htm.
|Printer friendly Cite/link Email Feedback|
|Publication:||Government Finance Review|
|Date:||Oct 1, 1997|
|Previous Article:||Elements of a comprehensive local government debt policy.|
|Next Article:||Kentucky retirement systems quick access insurance rider program.|