Free software: “license check”
Before the leadership of an organization that has transferred its computers under the control of "free" operating systems, the threat of "checking economic activities" constantly looms. Among other things, it will also check the licensedness of the software installed on computers. And, of course, it will take the entire computer park "for examination", without finding the "licensed sticker" from Windows in its usual place.
We will talk today about the reality of such an outcome and how to deal with such “checks”.
')
The fear of “checks” is reinforced by the now widespread illegal practice of holding accountable for all pirated software that has accumulated in the organization, one person, or director, or system administrator. As a justification, it is often said that their duties include “monitoring the licensed purity of software”.
True, supporters of such an opinion find it difficult to answer the question of why it is necessary to bring criminal responsibility for violation of these “official duties”, and not, say, disciplinary responsibility. It is also not clear how with the help of the “job description” this same criminal responsibility can be assumed.
Article 146 of the Criminal Code provides for liability for two types of actions. Firstly, these are actions with counterfeit copies of works made for the purpose of their sale. Secondly, it is the illegal use of the work . Moreover, the term “use” means not everything, but only those actions that are listed in the second paragraph of Article 1270 of the Civil Code of the Russian Federation .
In the case of software, the most common type of use is “reproduction”, that is, the creation of an instance. Or, more simply, installation. And to bring to justice according to the law, you need someone who personally installed software on a computer for more than fifty thousand rubles , and not the one who signed some kind of "job description".
However, as already mentioned, the practice of illegal criminal prosecution has spread widely. It is beneficial, first of all, "organs". First, they always have an “extreme” one, and secondly, this “extreme” can be used to “hang up” all pirated software in an enterprise without knowing who it is from among users who dragged it and installed it. As a result, they have a "solved crime" under article 146 of the Criminal Code of the Russian Federation. That's how simple it is.
Therefore, during any police check, it is necessary to keep in mind that the inspectors will “dig” in the direction of Article 146 of the Criminal Code of the Russian Federation and the criminal case. This, as you understand it aggravates the situation. But I can reassure you: in the case of “free” software, criminal prosecution is impossible.
The criminal case involves the existence of the victim, who must confirm the fact of copyright infringement and the cost of the "spiral" software. In the case of free Linux, their zero price is well known, so there is no reason to talk about criminal liability.
Possible administrative prosecution, under Article 7.12 of the Administrative Code . In such cases, the courts often look at the violation of the law through their fingers, and this article does not provide for any minimum amount with which responsibility begins. But even so, the fears of possible “licensing checks” should be considered greatly exaggerated.
As a rule, inspectors are aware of the existence of free operating systems, and there are no complaints in such cases. All that may interest them is the presence on the computer of a virtual machine with a copy of Windows installed, as well as programs for this OS installed under Wine.
Fears of checks are also actively used by companies selling Linux distributions and “licenses” attached to them, just in case. Sometimes other attributes of licensing are attached to “licenses”, for example, “licensed stickers”. This is a real “bear service” for users: in this way people far from computers get used to the fact that the sticker and other “licensing attributes” should be present without fail.
In addition, by comparing any arbitrarily taken Linux distribution “ with a sticker ” and without , we can come to the conclusion that the price for it, to put it mildly, is too big.
Abroad, where this stage of the police’s fight against Linux has already passed, methods of counteraction have already been worked out, and the main one is to confirm the license with the help of a printed and translated text of the license under which a particular distribution kit or program is distributed. Most often it is the GNU GPL. By the way, you can download its translated and notarized copy in the network.
There is another document that can help in the difficult task of “confirming the licensing” of free programs. This is one of the parts of the methodical manual on volume licensing, compiled by the Nonprofit Partnership of Software Suppliers. It talks about the features of licensing of programs distributed under the terms of "free" licenses.
As for the tips contained in this manual, they are standard: to keep more material evidence of the receipt of the program, print the texts of the licenses and put the software on balance. In addition, the NPPPP issues another manual “Computer piracy: methods and means of struggle”, which is intended for law enforcement officers. It has been distributed for a long time, so most law enforcement officers know what kind of organization it is, and its opinion will be heeded.
It is necessary to keep all the material evidence of your purchase of a program: checks, packaging, contracts, if any. To demonstrate the "legality" you can also show the program windows containing an indication of the license applicable to them, as well as the manufacturer's website.
Usually, when describing an inspection procedure, it is customary to refer to the laws “ On Police ” and “ On Protection of the Rights of Legal Entities and Individual Entrepreneurs During State and Municipal Control and Supervision ”, which regulate in detail the order of inspections of organizations and their frequency. According to them, the inspection must be issued by the order of the chief, in which the police officers conducting the inspection must be listed.
In January last year, these laws were amended, significantly limiting the rights of the police during such inspections. The police lost the opportunity to verify compliance with tax laws, the Law on Operational Search Activities and the Administrative Code were amended to oblige inspectors to issue copies of documents to the person from whom they were seized, and also regulated the procedure for seizure in more detail. By the way, an electronic document is also a document, and when removing a computer, it is worthwhile to demand the ability to copy the contents of the hard disk.
However, the police quickly found an antidote. In order to enter any office “with verification”, simply “report” of the security officer is written, that he has “operational information” that counterfeit software is installed on computers at such an address. The head of the Department of Internal Affairs is instructed to conduct an inspection on the grounds of a crime in accordance with articles 144-145 of the Code of Criminal Procedure. The police goes and conducts "inspection of the scene", and if necessary, withdraws computers during this inspection.
A separate question is about where such “operational information” comes from: there is reason to believe that in most cases the reports on its presence are simply fabricated, only in order to conduct an inspection. Operational-investigative activities are secret, so no one will tell you about who “sounded” on you, and this refusal to appeal against the court is useless.
The fact is that the Criminal Procedure Code does not contain such strict requirements as the law “On Police”: it does not require periodic inspections, issuance of copies of documents in the seizure of the originals, and everything else. In his 84th article it is said that copies of documents may be provided to the person from whom the originals were confiscated - at his request. And they may not be - at the discretion of the investigator. And the law “On the Protection of the Rights of Legal Entities ...” does not apply to the preliminary investigation at all.
So, the police will most likely insist that they are checking for "signs of crime" and act only in accordance with the Code of Criminal Procedure. In this case, it is necessary to refer to the instruction “on the procedure for police officers to conduct inspections and audits of financial, economic, business and trade activities”, which, firstly, regulates precisely the inspection if there are signs of a crime, and secondly, defines in detail the procedure for conducting an inspection and It also requires that the law “On Police” be guided by this.
This instruction, as well as the mentioned laws, should be printed out and kept at hand (preferably one copy per office, in case employees are forbidden to leave the premises, as often happens).
In addition to printing the relevant laws and instructions, it is worthwhile to conduct an audit of the software in the organization in advance, and remove everything that causes doubts in the “licensed purity”. By the way, if you have completely translated workstations under Linux, do not think that this is enough to secure. Through the efforts of the Wine developers, under this “non-emulator”, a large number of Windows programs work seamlessly, each of which may turn out to be “pirated”. They are installed in the user's directory and to install them, you do not need to know the root password at all. So it is worth considering this when organizing an audit.
If you still came to check, you should not require only hard drives, or, conversely, only the entire system block, or calculating the checksum of files on the hard disk, or something similar, during the check. There is no specific order for the removal of computers, so they are withdrawn as they please. The only requirement is the description and sealing of the withdrawn, but the law has not established its order either.
It also makes sense to determine in the organization of persons authorized to be its representative during such inspections. This should be done by order, as it should be, and a copy of this order should be attached to the printouts of the laws mentioned above.
An additional signal that you can be checked may be a letter from a local representative of one of the manufacturers of “commercial” software or law enforcement agencies - that you have allegedly installed “pirated” software. This letter has its own purpose. At the very beginning, we talked about the practice of bringing the director or sysadmin appointed by the “extremes” to criminal responsibility. Such a letter, according to this practice, is considered “proof of intent”: the supposedly “guilty” director, knowing that he has a counterfeit, continues to use it, which “indicates the presence of intent”.
For some reason, it overlooks the fact that the letter does not contain instructions for specific computers with "pirate". With the same success can be considered "proof of intent" in any crime simply the fact that the accused knew that "it is not good to do so." Moreover, the non-elimination of the consequences of a crime is not complicity in it. However, such “evidence” appears in many criminal cases involving counterfeiting. So after receiving such a letter, you should prepare for the upcoming verification. Well, of course, you should read in advance all those regulatory documents referenced in this article. With the study of their rights is best to start their protection.
We will talk today about the reality of such an outcome and how to deal with such “checks”.
Is the threat real?
')
The fear of “checks” is reinforced by the now widespread illegal practice of holding accountable for all pirated software that has accumulated in the organization, one person, or director, or system administrator. As a justification, it is often said that their duties include “monitoring the licensed purity of software”.
True, supporters of such an opinion find it difficult to answer the question of why it is necessary to bring criminal responsibility for violation of these “official duties”, and not, say, disciplinary responsibility. It is also not clear how with the help of the “job description” this same criminal responsibility can be assumed.
Article 146 of the Criminal Code provides for liability for two types of actions. Firstly, these are actions with counterfeit copies of works made for the purpose of their sale. Secondly, it is the illegal use of the work . Moreover, the term “use” means not everything, but only those actions that are listed in the second paragraph of Article 1270 of the Civil Code of the Russian Federation .
In the case of software, the most common type of use is “reproduction”, that is, the creation of an instance. Or, more simply, installation. And to bring to justice according to the law, you need someone who personally installed software on a computer for more than fifty thousand rubles , and not the one who signed some kind of "job description".
However, as already mentioned, the practice of illegal criminal prosecution has spread widely. It is beneficial, first of all, "organs". First, they always have an “extreme” one, and secondly, this “extreme” can be used to “hang up” all pirated software in an enterprise without knowing who it is from among users who dragged it and installed it. As a result, they have a "solved crime" under article 146 of the Criminal Code of the Russian Federation. That's how simple it is.
Therefore, during any police check, it is necessary to keep in mind that the inspectors will “dig” in the direction of Article 146 of the Criminal Code of the Russian Federation and the criminal case. This, as you understand it aggravates the situation. But I can reassure you: in the case of “free” software, criminal prosecution is impossible.
The criminal case involves the existence of the victim, who must confirm the fact of copyright infringement and the cost of the "spiral" software. In the case of free Linux, their zero price is well known, so there is no reason to talk about criminal liability.
Possible administrative prosecution, under Article 7.12 of the Administrative Code . In such cases, the courts often look at the violation of the law through their fingers, and this article does not provide for any minimum amount with which responsibility begins. But even so, the fears of possible “licensing checks” should be considered greatly exaggerated.
As a rule, inspectors are aware of the existence of free operating systems, and there are no complaints in such cases. All that may interest them is the presence on the computer of a virtual machine with a copy of Windows installed, as well as programs for this OS installed under Wine.
"Confirmation of legality"
Fears of checks are also actively used by companies selling Linux distributions and “licenses” attached to them, just in case. Sometimes other attributes of licensing are attached to “licenses”, for example, “licensed stickers”. This is a real “bear service” for users: in this way people far from computers get used to the fact that the sticker and other “licensing attributes” should be present without fail.
In addition, by comparing any arbitrarily taken Linux distribution “ with a sticker ” and without , we can come to the conclusion that the price for it, to put it mildly, is too big.
Abroad, where this stage of the police’s fight against Linux has already passed, methods of counteraction have already been worked out, and the main one is to confirm the license with the help of a printed and translated text of the license under which a particular distribution kit or program is distributed. Most often it is the GNU GPL. By the way, you can download its translated and notarized copy in the network.
There is another document that can help in the difficult task of “confirming the licensing” of free programs. This is one of the parts of the methodical manual on volume licensing, compiled by the Nonprofit Partnership of Software Suppliers. It talks about the features of licensing of programs distributed under the terms of "free" licenses.
As for the tips contained in this manual, they are standard: to keep more material evidence of the receipt of the program, print the texts of the licenses and put the software on balance. In addition, the NPPPP issues another manual “Computer piracy: methods and means of struggle”, which is intended for law enforcement officers. It has been distributed for a long time, so most law enforcement officers know what kind of organization it is, and its opinion will be heeded.
It is necessary to keep all the material evidence of your purchase of a program: checks, packaging, contracts, if any. To demonstrate the "legality" you can also show the program windows containing an indication of the license applicable to them, as well as the manufacturer's website.
The law "On Police" and how to deal with it
Usually, when describing an inspection procedure, it is customary to refer to the laws “ On Police ” and “ On Protection of the Rights of Legal Entities and Individual Entrepreneurs During State and Municipal Control and Supervision ”, which regulate in detail the order of inspections of organizations and their frequency. According to them, the inspection must be issued by the order of the chief, in which the police officers conducting the inspection must be listed.
In January last year, these laws were amended, significantly limiting the rights of the police during such inspections. The police lost the opportunity to verify compliance with tax laws, the Law on Operational Search Activities and the Administrative Code were amended to oblige inspectors to issue copies of documents to the person from whom they were seized, and also regulated the procedure for seizure in more detail. By the way, an electronic document is also a document, and when removing a computer, it is worthwhile to demand the ability to copy the contents of the hard disk.
However, the police quickly found an antidote. In order to enter any office “with verification”, simply “report” of the security officer is written, that he has “operational information” that counterfeit software is installed on computers at such an address. The head of the Department of Internal Affairs is instructed to conduct an inspection on the grounds of a crime in accordance with articles 144-145 of the Code of Criminal Procedure. The police goes and conducts "inspection of the scene", and if necessary, withdraws computers during this inspection.
A separate question is about where such “operational information” comes from: there is reason to believe that in most cases the reports on its presence are simply fabricated, only in order to conduct an inspection. Operational-investigative activities are secret, so no one will tell you about who “sounded” on you, and this refusal to appeal against the court is useless.
The fact is that the Criminal Procedure Code does not contain such strict requirements as the law “On Police”: it does not require periodic inspections, issuance of copies of documents in the seizure of the originals, and everything else. In his 84th article it is said that copies of documents may be provided to the person from whom the originals were confiscated - at his request. And they may not be - at the discretion of the investigator. And the law “On the Protection of the Rights of Legal Entities ...” does not apply to the preliminary investigation at all.
So, the police will most likely insist that they are checking for "signs of crime" and act only in accordance with the Code of Criminal Procedure. In this case, it is necessary to refer to the instruction “on the procedure for police officers to conduct inspections and audits of financial, economic, business and trade activities”, which, firstly, regulates precisely the inspection if there are signs of a crime, and secondly, defines in detail the procedure for conducting an inspection and It also requires that the law “On Police” be guided by this.
This instruction, as well as the mentioned laws, should be printed out and kept at hand (preferably one copy per office, in case employees are forbidden to leave the premises, as often happens).
Training
In addition to printing the relevant laws and instructions, it is worthwhile to conduct an audit of the software in the organization in advance, and remove everything that causes doubts in the “licensed purity”. By the way, if you have completely translated workstations under Linux, do not think that this is enough to secure. Through the efforts of the Wine developers, under this “non-emulator”, a large number of Windows programs work seamlessly, each of which may turn out to be “pirated”. They are installed in the user's directory and to install them, you do not need to know the root password at all. So it is worth considering this when organizing an audit.
If you still came to check, you should not require only hard drives, or, conversely, only the entire system block, or calculating the checksum of files on the hard disk, or something similar, during the check. There is no specific order for the removal of computers, so they are withdrawn as they please. The only requirement is the description and sealing of the withdrawn, but the law has not established its order either.
It also makes sense to determine in the organization of persons authorized to be its representative during such inspections. This should be done by order, as it should be, and a copy of this order should be attached to the printouts of the laws mentioned above.
An additional signal that you can be checked may be a letter from a local representative of one of the manufacturers of “commercial” software or law enforcement agencies - that you have allegedly installed “pirated” software. This letter has its own purpose. At the very beginning, we talked about the practice of bringing the director or sysadmin appointed by the “extremes” to criminal responsibility. Such a letter, according to this practice, is considered “proof of intent”: the supposedly “guilty” director, knowing that he has a counterfeit, continues to use it, which “indicates the presence of intent”.
For some reason, it overlooks the fact that the letter does not contain instructions for specific computers with "pirate". With the same success can be considered "proof of intent" in any crime simply the fact that the accused knew that "it is not good to do so." Moreover, the non-elimination of the consequences of a crime is not complicity in it. However, such “evidence” appears in many criminal cases involving counterfeiting. So after receiving such a letter, you should prepare for the upcoming verification. Well, of course, you should read in advance all those regulatory documents referenced in this article. With the study of their rights is best to start their protection.
Source: https://habr.com/ru/post/106219/
All Articles