Guest Blog by Ted Miracco, CEO and Akshay Dhule, Application Engineer
With heightened global tensions, it is more important than ever for software companies to make sure their products are only exported and used by entities that are not subject to trade sanctions.
These sanctions may come from an international body such as the United Nations, or be specific to an economic group, such as the North American Free Trade Agreement (NAFTA) or the European Union (EU), or be specific to an individual government like the United States. An embargoed entity can be an entire nation state or a specific organization that has been subjected to trade restrictions for military, economic, or political purposes with the objective of pressuring that country’s government by prohibiting exports and imports of specific goods and services to that entity.
U.S. government sanctions are administered by two agencies, the Office of Foreign Assets Control (OFAC), which handles licensing and oversight of economic sanctions and the Bureau of Industry and Security (BIS), which handles licensing of certain exports and re-exports of technology and goods originating in the U.S., or foreign manufactured goods using U.S. technology. The consequences for being found guilty of breaching sanctions are serious. Several major companies have been subject to multi-million dollar fines and settlements with U.S. regulators for sanctions breaches. Most recently, China’s second-largest telecoms maker, ZTE Corporation, agreed to pay up to $1.2B for violating U.S. sanctions against both Iran and North Korea.
The illegal export or transfer of products to sanctioned countries is a problem software vendors face. It is illegal to sell or transfer U.S. software, along with hard goods and other products, to these countries: Balkans, Belarus, Burma, Cote d'Ivoire (Ivory Coast), Cuba, Democratic Republic of the Congo, Iran, Iraq, Lebanon, Libya, North Korea, Somalia, Sudan, Syria, and Zimbabwe.1 However, because software can be easily obtained over the internet, use of unauthorized software in embargoed countries is a serious issue, both because U.S. software cannot be obtained legally even if a company in a sanctioned country is willing to pay for it and also because advanced software such as electronic design automation (EDA) and computer-aided design (CAD) software, which is used for designing military and defense electronics, in the wrong hands can have disastrous consequences.2
Software Piracy and Embargoed Entities
Software is typically sold as a license that allows an entity to install and use the software with specific rights such as; number of computers or users, or sometimes within a geographic location. Software piracy is the modification of software to remove or disable copy protection so the software can be used without purchasing a license or re-installed on multiple computers in multiple locations. The use of pirated software is a worldwide epidemic, estimated by the Business Software Alliance (BSA) at 42 percent of all software installed globally. The 2017 IP Commission Report estimates that at the low end the annual cost to the U.S. economy of IP theft exceeds $22B, with the unknown cost of unreported theft possibly as high as $600B annually and this is only for U.S., which means numbers are much higher for the worldwide economy.
Software can be purchased and then illegally transferred or re-exported to sanctioned countries in several ways. It can be sold as a physical good on a CD by pirates or software vendors located in other countries where sanctions don’t apply, downloaded from a website offering pirated software, downloaded as a trial and hacked for use without a license, or hacked online in an environment hosted by the vendor for purposes of software as a service (SaaS). In some cases, software purchased by companies located in non-sanctioned countries is unwittingly transferred to employees located in sanctioned countries.
It is becoming increasingly imperative that software vendors adopt a license compliance (LC) program that can help them identify and control illegal usage of their software in sanctioned countries or sanctioned entities. An effective LC program can help software vendors not only identify and curtail illegal usage from pirated copies of their products, but also confirm that their software is or is not being used in an embargoed country.
Cylynt is a leading provider of software that helps vendors combat piracy, copyright infringement, and under-compliance. Automated tools enable users to identify software abuse and gather detailed data on who is illegally using the software and where and when the illegal usage is taking place. Several features within Cylynt are useful for identifying and curtailing illegal usage in sanctioned countries or identifying licenses that have been re-exported or transferred to sanctioned entities.
Cylynt's software development kit (SDK) provides features that analyze software from activation through to deployment, enabling developers to track their software installations and usage of those software licenses geographically. This is very helpful in many scenarios, including export compliance and license compliance. The Cylynt embargoed countries list feature allows customers to see if their software is being used in an embargoed country. In a scenario where the user has decided not to pursue any cases of illegal usage from embargoed countries, those cases can be easily filtered out.
Another scenario can occur if an entity buys a license from a software vendor for internal development, but then knowingly or unknowingly transfers or shares that license with another entity located in an embargoed country. Normally, any company will pursue or consider this case as a valid violation of the software license agreement. Cylynt enables the software developer to track the location and other details of the illegal software usage so action can easily be taken to educate the buying entity about export compliance so all parties are protected from potential government action for violating the trade sanctions.
The fight against software piracy needs advanced tools and capabilities to act on infringing entities. It is also important for software vendors to be able to track the location of the illegal usage so as not to run afoul of U.S. or international trade sanctions. Detailed evidence and an organized investigation strategy can help in suppressing the piracy issue, including transfers of licenses or re-export to sanctioned countries.
1 Embargoed and Sanctioned Countries (http://www.export.pitt.edu/embargoed-and-sanctioned-countries)
2 Cylynt Blog: Software Piracy, Don’t Wait for the Government to Come to the Rescue (https://www.cylynt.com/blog/guest-blog-cyber-piracy-dont-wait-for-the-government-to-come-to-the-rescue)
3 Wikipedia Image: United States Embargoes (https://en.wikipedia.org/wiki/United_States_embargoes)