Free software: “licensing verification”
The leadership of the organization, which transferred its computers to the management of “free” operating systems, is constantly facing the threat of “business verification”. Among other things, it will also check the licensing of software installed on computers. And, of course, it will take the entire computer park away “for examination”, without finding the “licensed sticker” from Windows in the usual place.
Today we’ll talk about the reality of such an outcome and how to deal with such “checks”.
The fear of “checks” is reinforced by the now widespread illegal practice of holding accountable for all pirated software that has accumulated in an organization, one, or a director, or a system administrator. As a justification, it is often said that their duties include “control of the licensed cleanliness of software”.
True, supporters of this opinion find it difficult to answer the question of why it is necessary to bring to criminal, and not, say, disciplinary liability for violation of these "official duties". It is also unclear how, using the “job description”, this same criminal liability can be accepted.
Article 146 of the Criminal Code provides for liability for two types of actions. The first isactions with counterfeit copies of works committed in order to sell them. Secondly, it is illegal use of the work . Moreover, “use” is not understood to mean everything, but only those actions that are listed in the second paragraph of Article 1270 of the Civil Code .
In the case of software, the most common type of such use will be “reproduction,” that is, instantiation. Or, more simply, installation. And it is necessary to hold accountable under the law the one who personally installed software on the computer in the amount of more than fifty thousand rubles , and not the one who signed some kind of “job description”.
However, as already mentioned, the practice of unlawful criminal prosecution is widespread. It is beneficial, first of all, to the “organs”. Firstly, they always have an “extreme” one, and secondly, on this “extreme” one can “hang” all the pirated software in the enterprise without knowing which of the users dragged it and installed it. As a result, they have a "disclosed crime" under Article 146 of the Criminal Code. So simple.
Therefore, during any police check, it must be kept in mind that the inspectors will “dig” precisely in the direction of article 146 of the Criminal Code of the Russian Federation and the criminal case. This, as you know, exacerbates the situation. But I can reassure you: in the case of "free" software, criminal prosecution is impossible.
The criminal case presupposes the existence of a victim who must confirm the fact of copyright infringement and the cost of “spiral” software. In the case of free Linux, their zero price is well known, so there is no need to talk about criminal liability.
It is possible to bring to administrative responsibility, according to article 7.12 of the Administrative Code . In such cases, courts often look at violations of the law through the fingers, and this article does not provide for a minimum amount with which liability begins. But even so, the fears of possible “licensing checks” should be considered highly exaggerated.
As a rule, reviewers are aware of the existence of free operating systems, and no complaints arise in such cases. All that may interest them is the presence on the computer of a virtual machine with a copy of Windows installed, as well as programs for this OS installed under Wine.
Fears of checks are also actively used by companies selling Linux distributions and attaching “licenses” to them, just for this case. Sometimes other attributes of licensing are attached to “licenses”, for example, “license stickers”. This is a real “bear service” for users: thus, people far from computers get used to the fact that a sticker and other “licensing attributes” must be present without fail.
In addition, comparing any arbitrarily taken Linux distribution “ with a sticker ” and without , we can come to the conclusion that the price for it, to put it mildly, is too big.
Abroad, where a similar stage of the police’s struggle with Linux has already passed, methods of counteraction have already been developed, and the main one is confirmation of license by using the printed and translated text of that license, under which a specific distribution kit or program is distributed. Most often it is the GNU GPL. By the way, in the network you can download its translated and notarized copy.
There is one more document that can help in the difficult matter of “confirming the licensing” of free software. This is one part of the manual.Volume Licensing, compiled by the Nonprofit Partnership of Software Product Providers. It speaks about the features of licensing programs distributed under the terms of "free" licenses.
As for the tips contained in this manual, they are standard: keep more material evidence of the receipt of the program, print out the texts of licenses and put the software on balance. In addition, NP SPT publishes another manual, “Computer Piracy: Methods and Means of Combating,” which is intended for law enforcement officials. It has been circulating for a long time, so most law enforcement officers know what kind of organization it is, and they will listen to its opinion.
It is worth keeping all tangible evidence of your acquisition of the program: checks, packaging, contracts, if any. To demonstrate “legality”, you can also demonstrate program windows containing an indication of the license applicable to them, as well as the manufacturer’s website.
Typically, when describing the audit procedure, it is customary to refer to the laws “ On Police ” and “ On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the State and Municipal Control and Supervision ”, which regulate in detail the procedure for inspecting organizations and their frequency. According to them, a resolution should be issued on the inspection of the chief, in which the police officers conducting the inspection should be listed.
In January last year, these laws were made to change , significantly limiting the police the right to carry out such checks. The police lost the opportunity to verify compliance with tax legislation in the law " On operational search activity”And the Code of Administrative Offenses were amended, requiring the inspectors to issue copies of documents to the person from whom they were seized, and also regulated the seizure procedure in more detail. By the way, a document in electronic form is also a document, and when you remove a computer, you should demand the ability to copy the contents of the hard drive.
However, the police quickly found an antidote. In order to go to any office “with verification”, it simply writes a “report” of the security officer that he has “operational information” that counterfeit software is installed on computers at such an address. The head of the ATS is given instructions to carry out checks on the grounds of an offense under Articles 144 - 145CPC. The police go and carry out an “inspection of the scene of the incident,” and, if necessary, seize computers during this inspection.
A separate question is about where such “operational information” comes from: there is reason to believe that in most cases reports on its availability are simply fabricated, just to conduct an audit. The operative-search activity is secret, so no one will tell you about who “tapped” you, and it’s useless to appeal this refusal to the court.
The thing is that the Code of Criminal Procedure does not contain such strict requirements as the law “On Police”: it does not require the frequency of inspections, the issuance of copies of documents when seizing originals, and everything else. His 84th article states that copies of documents may be provided to the person from whom the originals were seized - at his request. And they may not be at the discretion of the investigator. And the law “On the protection of the rights of legal entities ...” does not apply to the conduct of preliminary investigations at all.
So the police, most likely, will insist that they conduct an audit on “signs of a crime” and act only in accordance with the CPC. In this case, you must refer to the instructions“On the procedure for police officers to conduct inspections and audits of financial, economic, entrepreneurial and commercial activities”, which, firstly, regulates the verification in the presence of signs of crime, and secondly, determines in detail the inspection procedure and requires that the law also be guided "About the police."
This instruction, as well as the laws mentioned, should be printed out and kept at hand (preferably one copy per office, in case employees are prohibited from leaving the premises, as is often the case).
In addition to printing suitable laws and regulations, it is worthwhile to conduct an audit of the software in the organization in advance and remove anything that raises doubts about “licensed cleanliness”. By the way, if you have completely transferred workstations under Linux, do not think that this is enough to protect yourself. Through the efforts of the Wine developers, under this "non-emulator" a large number of Windows programs work seamlessly, each of which may turn out to be "pirated." They are installed in the user directory and to install them you do not need to know the root password. So it’s worth considering this when organizing an audit.
If you still have a check, do not, during the course of it, require you to remove only the hard drives, or, conversely, only the entire system unit, or calculate the checksum of the files on the hard drive, or something like that. There is no specific procedure for seizing computers, so they are seized at will. The only requirement is a description and sealing of the seized, but the law has not established its order.
It also makes sense to identify in the organization the persons authorized to be its representative in such inspections. This must be done by order, as it should be, and a copy of this order should be attached to the printouts of the laws mentioned above.
An additional signal that you can be checked can be a letter from a local representative of one of the manufacturers of "commercial" software or law enforcement agencies - that you have allegedly installed "pirated" software. This letter has its purpose. At the very beginning, we talked about the practice of criminalizing the director or system administrator appointed by the "extreme". Such a letter, according to this practice, is considered "evidence of intent": the allegedly "guilty" director, knowing that he has a counterfeit, continues to use it, which "indicates the presence of intent."
For some reason, this overlooks the fact that the letter does not contain indications of specific computers with a "pirate". With the same success, one can consider “evidence of intent” in any crime simply the fact that the accused knew that “it is not good to do this”. Moreover, failure to eliminate the consequences of a crime is not complicity in it. However, such "evidence" appears in many criminal cases involving counterfeiting. So after receiving such a letter, you should prepare for the upcoming verification. Well, of course, you should read in advance all those regulatory documents referenced in this article. It is best to start defending them by examining your rights.
Today we’ll talk about the reality of such an outcome and how to deal with such “checks”.
Is the threat real?
The fear of “checks” is reinforced by the now widespread illegal practice of holding accountable for all pirated software that has accumulated in an organization, one, or a director, or a system administrator. As a justification, it is often said that their duties include “control of the licensed cleanliness of software”.
True, supporters of this opinion find it difficult to answer the question of why it is necessary to bring to criminal, and not, say, disciplinary liability for violation of these "official duties". It is also unclear how, using the “job description”, this same criminal liability can be accepted.
Article 146 of the Criminal Code provides for liability for two types of actions. The first isactions with counterfeit copies of works committed in order to sell them. Secondly, it is illegal use of the work . Moreover, “use” is not understood to mean everything, but only those actions that are listed in the second paragraph of Article 1270 of the Civil Code .
In the case of software, the most common type of such use will be “reproduction,” that is, instantiation. Or, more simply, installation. And it is necessary to hold accountable under the law the one who personally installed software on the computer in the amount of more than fifty thousand rubles , and not the one who signed some kind of “job description”.
However, as already mentioned, the practice of unlawful criminal prosecution is widespread. It is beneficial, first of all, to the “organs”. Firstly, they always have an “extreme” one, and secondly, on this “extreme” one can “hang” all the pirated software in the enterprise without knowing which of the users dragged it and installed it. As a result, they have a "disclosed crime" under Article 146 of the Criminal Code. So simple.
Therefore, during any police check, it must be kept in mind that the inspectors will “dig” precisely in the direction of article 146 of the Criminal Code of the Russian Federation and the criminal case. This, as you know, exacerbates the situation. But I can reassure you: in the case of "free" software, criminal prosecution is impossible.
The criminal case presupposes the existence of a victim who must confirm the fact of copyright infringement and the cost of “spiral” software. In the case of free Linux, their zero price is well known, so there is no need to talk about criminal liability.
It is possible to bring to administrative responsibility, according to article 7.12 of the Administrative Code . In such cases, courts often look at violations of the law through the fingers, and this article does not provide for a minimum amount with which liability begins. But even so, the fears of possible “licensing checks” should be considered highly exaggerated.
As a rule, reviewers are aware of the existence of free operating systems, and no complaints arise in such cases. All that may interest them is the presence on the computer of a virtual machine with a copy of Windows installed, as well as programs for this OS installed under Wine.
"Confirmations of legality"
Fears of checks are also actively used by companies selling Linux distributions and attaching “licenses” to them, just for this case. Sometimes other attributes of licensing are attached to “licenses”, for example, “license stickers”. This is a real “bear service” for users: thus, people far from computers get used to the fact that a sticker and other “licensing attributes” must be present without fail.
In addition, comparing any arbitrarily taken Linux distribution “ with a sticker ” and without , we can come to the conclusion that the price for it, to put it mildly, is too big.
Abroad, where a similar stage of the police’s struggle with Linux has already passed, methods of counteraction have already been developed, and the main one is confirmation of license by using the printed and translated text of that license, under which a specific distribution kit or program is distributed. Most often it is the GNU GPL. By the way, in the network you can download its translated and notarized copy.
There is one more document that can help in the difficult matter of “confirming the licensing” of free software. This is one part of the manual.Volume Licensing, compiled by the Nonprofit Partnership of Software Product Providers. It speaks about the features of licensing programs distributed under the terms of "free" licenses.
As for the tips contained in this manual, they are standard: keep more material evidence of the receipt of the program, print out the texts of licenses and put the software on balance. In addition, NP SPT publishes another manual, “Computer Piracy: Methods and Means of Combating,” which is intended for law enforcement officials. It has been circulating for a long time, so most law enforcement officers know what kind of organization it is, and they will listen to its opinion.
It is worth keeping all tangible evidence of your acquisition of the program: checks, packaging, contracts, if any. To demonstrate “legality”, you can also demonstrate program windows containing an indication of the license applicable to them, as well as the manufacturer’s website.
Law "On Police" and how to deal with it
Typically, when describing the audit procedure, it is customary to refer to the laws “ On Police ” and “ On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the State and Municipal Control and Supervision ”, which regulate in detail the procedure for inspecting organizations and their frequency. According to them, a resolution should be issued on the inspection of the chief, in which the police officers conducting the inspection should be listed.
In January last year, these laws were made to change , significantly limiting the police the right to carry out such checks. The police lost the opportunity to verify compliance with tax legislation in the law " On operational search activity”And the Code of Administrative Offenses were amended, requiring the inspectors to issue copies of documents to the person from whom they were seized, and also regulated the seizure procedure in more detail. By the way, a document in electronic form is also a document, and when you remove a computer, you should demand the ability to copy the contents of the hard drive.
However, the police quickly found an antidote. In order to go to any office “with verification”, it simply writes a “report” of the security officer that he has “operational information” that counterfeit software is installed on computers at such an address. The head of the ATS is given instructions to carry out checks on the grounds of an offense under Articles 144 - 145CPC. The police go and carry out an “inspection of the scene of the incident,” and, if necessary, seize computers during this inspection.
A separate question is about where such “operational information” comes from: there is reason to believe that in most cases reports on its availability are simply fabricated, just to conduct an audit. The operative-search activity is secret, so no one will tell you about who “tapped” you, and it’s useless to appeal this refusal to the court.
The thing is that the Code of Criminal Procedure does not contain such strict requirements as the law “On Police”: it does not require the frequency of inspections, the issuance of copies of documents when seizing originals, and everything else. His 84th article states that copies of documents may be provided to the person from whom the originals were seized - at his request. And they may not be at the discretion of the investigator. And the law “On the protection of the rights of legal entities ...” does not apply to the conduct of preliminary investigations at all.
So the police, most likely, will insist that they conduct an audit on “signs of a crime” and act only in accordance with the CPC. In this case, you must refer to the instructions“On the procedure for police officers to conduct inspections and audits of financial, economic, entrepreneurial and commercial activities”, which, firstly, regulates the verification in the presence of signs of crime, and secondly, determines in detail the inspection procedure and requires that the law also be guided "About the police."
This instruction, as well as the laws mentioned, should be printed out and kept at hand (preferably one copy per office, in case employees are prohibited from leaving the premises, as is often the case).
Training
In addition to printing suitable laws and regulations, it is worthwhile to conduct an audit of the software in the organization in advance and remove anything that raises doubts about “licensed cleanliness”. By the way, if you have completely transferred workstations under Linux, do not think that this is enough to protect yourself. Through the efforts of the Wine developers, under this "non-emulator" a large number of Windows programs work seamlessly, each of which may turn out to be "pirated." They are installed in the user directory and to install them you do not need to know the root password. So it’s worth considering this when organizing an audit.
If you still have a check, do not, during the course of it, require you to remove only the hard drives, or, conversely, only the entire system unit, or calculate the checksum of the files on the hard drive, or something like that. There is no specific procedure for seizing computers, so they are seized at will. The only requirement is a description and sealing of the seized, but the law has not established its order.
It also makes sense to identify in the organization the persons authorized to be its representative in such inspections. This must be done by order, as it should be, and a copy of this order should be attached to the printouts of the laws mentioned above.
An additional signal that you can be checked can be a letter from a local representative of one of the manufacturers of "commercial" software or law enforcement agencies - that you have allegedly installed "pirated" software. This letter has its purpose. At the very beginning, we talked about the practice of criminalizing the director or system administrator appointed by the "extreme". Such a letter, according to this practice, is considered "evidence of intent": the allegedly "guilty" director, knowing that he has a counterfeit, continues to use it, which "indicates the presence of intent."
For some reason, this overlooks the fact that the letter does not contain indications of specific computers with a "pirate". With the same success, one can consider “evidence of intent” in any crime simply the fact that the accused knew that “it is not good to do this”. Moreover, failure to eliminate the consequences of a crime is not complicity in it. However, such "evidence" appears in many criminal cases involving counterfeiting. So after receiving such a letter, you should prepare for the upcoming verification. Well, of course, you should read in advance all those regulatory documents referenced in this article. It is best to start defending them by examining your rights.