Anti-Piracy Security Firm Embroiled In Unlicensed Software Fiasco4:00 PM EST Tue. Oct. 23, 2012
In the spring of 2003, Columbia Pictures and Revolutions Studios were gearing up for the release of a new Eddie Murphy comedy titled "Daddy Day Care," a film that was viewed as a potential blockbuster. But the studios were concerned about the growing problem of "bootlegging," a crude form of movie piracy where perpetrators sneak in camcorders and record films from the seats of a theater.
While the quality of such recordings was often poor, the practice portended a larger problem -- instead of the old days when movie pirates would record a bootleg movie and then sell the knock-off version to a single unsuspecting customer on a street corner, pirates could now take the bootleg version of a movie, upload it to the Internet and allow millions of people to view the film before it was even released, potentially damaging box office receipts for the opening weekend.
To counter this problem, the studios hired Andrews International, a security consulting firm based in Los Angeles. Founded in 1988, Andrews had started out providing private security and eventually grew into a full-fledged security and risk management consulting firm, offering everything from investigative services for IP theft to high-level corporate security.
Now the company was getting into the potentially lucrative business of helping movie studios protect their content. Andrews had formed a special division called the Anti-Piracy Unit, which was dedicated to stopping movie piracy, and "Daddy Day Care" would be its first project. The objective was simple -- provide security at pre-release screenings of the movie (such as press events or test screenings) and prevent any bootlegging. To do this, specially-trained Andrews personnel were outfitted with night-vision goggles to detect any potential camcorder recordings in the theater.
The Anti-Piracy Unit's first project was a success; no bootleg recordings of "Daddy Day Care" emerged prior to the film's widespread release. Nearly a decade later, Andrews solidified its position as one of the foremost experts in piracy prevention for the film industry -- which made the next turn of events terribly ironic.
WHISTLEBLOWER SPURS INVESTIGATION
Sometime around late 2011 or early 2012, a whistleblower inside Andrews International contacted the Business Software Alliance (BSA), an IT industry association dedicated to, among other things, curbing commercial software piracy through awareness campaigns, education and legal action. The whistleblower filed a confidential report on the BSA's Web site alleging that Andrews was using pirated software. Soon after the BSA began an investigation of the company that would eventually yield surprising -- if not shocking -- results.
While the results of the investigation were not made public, the BSA announced in March that Andrews agreed to pay a settlement of $137,500 to resolve claims that it was using unlicensed Microsoft software on its computers (the degree of which, along with the exact products in question, was not disclosed).
Andrews issued the following statement to CRN: "Andrews International did enter into a settlement with BSA with regard to BSA's claims that Andrews International had allegedly used unlicensed copies of Microsoft's software. The settlement was not an admission of guilt, but to avoid additional cost and distraction of further litigation. The company conducted an internal audit to ensure that all software use is legitimate and licensed and has confirmed that they are fully compliant."
Peter Beruk, senior director of compliance marketing at the BSA, said he did not know the specifics of the allegations against Andrews but did say the company was "cooperative" with the BSA's investigation.
"If we pursued the matter via litigation, then we'd have filed motions to perform the audit," Beruk said. "Andrews needed to destroy all unlicensed software at the company. Then they had to purchase legal licenses for all that software."
Andrews did. But the case indicates an apparent double standard in the war against piracy. If you couldn't count on a security firm with an anti-piracy business to refrain from using unlicensed software, then who could you count on?
"It's a classic situation where companies don't apply the same standard evenly," Beruk said." They're hired to protect their clients' IP but they weren't applying the same approach to someone else's IP."
In an interview with CRN, D.C. Page, senior vice president of consulting and investigations at Andrews International, said he was unfamiliar with the BSA case. Rei Reid, Director of Andrews' Client Support Center and Anti-Piracy Unit, also said she was unfamiliar with the matter and couldn't comment.
Andrews International has not responded to additional requests for comment on the case.
A BOOMING BUSINESS
According to Andrews' Web site, the company now employs more than 15,000 security personnel and is one of the five largest privately-owned security firms in America. Despite being less than 10 years old, Andrews International's Anti-Piracy Unit has become a significant part of the company's business.
Reid said the revenue generated by the unit is only about one to three percent of Andrews' overall revenue. However, Page said as the problem of piracy has grown, so too has the anti-piracy business. "This is an extremely robust operation," he said. "[Anti-piracy] is a big growth area for us."
In particular, Page said the investigative side of the business is "constantly growing." Currently, the Anti-Piracy Unit is involved in everything from securing a movie's replication facilities to buying bootleg DVDs on street corners in South America and performing computer forensics to determine the origin of the content.
While Asia has been cited by most studies as the main culprit for movie piracy, South America is a huge thorn in the side of the film industry. "I've been all over the world, and Paraguay has probably the most nefarious pirate economy," Page said. "Anything and everything that can be pirated or counterfeited will show up there."
Page said he was traveling with a movie producer in Paraguay two years and got a firsthand look at how severe the problem was. "We were walking down the street and there's racks and racks of DVDs and CDs along the sidewalks everywhere you go," he said. "And the producer starts laughing because he sees a DVD for a movie that hasn't even been released yet, and it looks like the real thing."
"The sophistication of the groups out there is incredible," he added. "The manufacturing, the rapid turnaround, the global distribution networks to get [pirated content] to the dark corners of the world is impressive."
That's led to huge opportunities for Andrews International. After working on "Daddy Day Care," the Anti-Piracy Unit attained a "pretty large client base" through word of mouth and referrals, Reid said, establishing relationships with a number of major movie studios.
"Most of our client relationships are long-standing relationships," Reid said. "We've never had a film pirated on our watch, and it's a reputation that we're proud of."
Yet Andrews' own alleged transgressions put the company in a different light, and one that could hurt the company's reputation as a premiere security firm. And it's possible the BSA settlement might never have been made public in the first place. Beruk said the BSA only publicizes "a fraction" of the cases and settlements it makes. "We do that to educate other companies to show how harmful these practices are," he said.
The BSA has publicized four settlement statements so far in 2012; of those cases, the Andrews settlement had smallest dollar amount at $137,500. The other companies to settle with the BSA include a Tennessee auto dealer, an Illinois copy services company, and a computer services firm -- PCS-CTS of Houston, Texas, which paid the BSA $500,000 to settle claims it was using unlicensed copies of Adobe, FileMaker, Microsoft, and Symantec.
In all four cases, the BSA was notified by anonymous whistleblowers via the BSA's online reporting site NoPiracy.org. And in all four cases, the software vendors involved were either Microsoft or Adobe or both.
The BSA press release on the Andrews International case makes no reference to the fact that the company has its own anti-piracy operation. How and why did such as large and successful security company -- one with its own anti-piracy division -- run afoul of copyright infringement? It's unclear, but CRN spoke with many solution providers who described a common scenario of lax oversight and general ignorance of copyright infringement at the management level, especially with larger enterprises, which leads to employees -- particularly IT staff -- abusing software licensing terms and even willfully downloading pirated software.
Beruk agrees with that depiction. "Very often, it's an IT staff member that tells us their company is using unlicensed software and that their manager tells them not to worry about," he said. "Meanwhile, upper management has no idea what's going on."
The BSA declined to provide more details about the Andrews International investigation, saying the organization does not typically provide any details outside of what's contained in the settlement announcement.
To be sure, Andrews isn't the first company to get caught in a double standard regarding piracy. Ironically, one of the first and most notorious cases involved "Daddy Day Care" -- after its general release. In 2004, six Fox Cable Networks employees in Los Angeles were charged with copyright infringement by the federal authorities for using a company server at Fox to host and distribute pirated movies such as "Daddy Day Care" and dozens of other films -- including several owned and distributed by Fox Entertainment.
Five of the six defendants pleaded guilty, while one defendant, Kevin Sarna, was found not guilty in 2005. All six employees were part of Fox's IT staff.
PUBLISHED OCT. 24, 2012