The U.S. Trade Representative's office "has estimated losses to U.S. software development due to inadequate copyright protection to be approximately $4.1 billion a year" (United States, 1990:5).(1) The primary reason for this staggering loss is the widespread proliferation of software piracy. One federal agency indicates, that for every legally purchased copy of a computer program, there exists at least one Illegal copy (United States, 1990). The rampant software piracy phenomenon persists despite the passage of a flurry of federal (17 U.S.C. Sections 1-511) and state laws that make the illegal copying of computer software punishable by severe penalties and damage awards. Despite these enunciated legal penalties, many employees continue to make illegal copies of software for both professional and personal use. Unfortunately, many organizations do not know how to respond to the software piracy crisis because copyright is often misunderstood (Franklin, 1989).
The purpose of this article is to present the results of a survey that was mailed to the personnel directors of 200 public and private colleges and universities to assess (1) the use of software piracy policies; (2) the rationale behind the establishment of such policies; and (3) the types, degree, and history of policy enforcement activities. Based on the survey results in conjunction with established copyright and employment law, the authors identify organizational benefits (litigation-shielding) and risks (litigation-exposure) that currently exist in the presence of software piracy policy. Additionally, the survey results were tabulated and analyzed in the context of the existing personnel and copyright environment in order to derive recommendations for action on the part of the organization to avert legal disaster.
Previous statutory and case law indicate that an organization (private or public) could be liable for an employee's actions that injure a third party under two primary doctrines: (1) indirectly liable, under the doctrine of respondent superior(2) and (2) directly liable, when third parties are injured by an employee's negligence (Hames, 1988). In order for negligence to be a basis for legal action, four elements must exist (Hames, 1988:788):
[T]he employer must owe a legal duty or obligation to conform to a certain standard of conduct in order to protect the third party against reasonable risks; the employer must breach this duty; the breach of this duty must be proximate cause of the injuries sustained by the third party; and the third party must suffer actual losses or damages.
Software piracy lawsuits founded on employer negligence hold that employer directly liable due to the employer's breach of the duty to protect the third-party software vendor against illegal software copying. Such a duty might exist when the employer has knowledge that employees are predisposed to copy computer programs illegally and the employer fails to take effective steps to protect the software vendor's copyright.
Although it has been conceded that enforcement of copyright infringement against individuals is often too costly to pursue (Wilson, 1984), civil and criminal lawsuits against organizations are on the rise (Straub and Collins, 1990). One of the largest suits, in terms of compensatory and punitive damages being sought, was Louis Development's $10 million suit against Rixon, Inc. for making unauthorized copies of Lotus 1-2-3 and distributing them to its branch offices (Clevenger, 1988). This suit was eventually settled out of court for an undisclosed amount. More recent examples of infringement settlements in which the amounts are known are Parametrix Corporations's $350,000 settlement and Davy McKee Corporation's settlement for $300,000 (Feldman, 1881).
This increased vigilance in software copyright enforcement has not ignored the academic community. Public institutions of higher learning became particularly susceptible to such lawsuits by the enactment of the Copyright Remedy Clarification Act on November 15, 1990 (Pub. …