| Preface | Contents | Chapter 1 | Chapter 2 | Chapter 3 | Chapter 4 | Chapter 5 | Chapter 6 | Chapter 7 | Chapter 8 | Chapter 9 | Appendix A | Appendix B | Appendix C | Appendix D |
| Questions regarding this chapter should be directed to the following individual: | ||
| Carol Hagstrom | (860) 702-3437 | carol.hagstrom@po.state.ct.us |
| Name (Print) | Phone Number | E-Mail Address |
Purpose - These accounting procedures are established to set agency standards for governing the use of approved and/or licensed software by State agencies, to maintain inventory control of software and to establish a uniform policy for the prevention of software copyright infringement.
All software either purchased or leased by the State of Connecticut will be registered with the State of Connecticut named as the license holder (preferred) or its subdivision if required by the terms of the license agreement (for example, to qualify for an educational discount). Under no circumstances will an individual be named as the license holder of any software bought, leased or owned by the State of Connecticut, or purchased with non-State funds for use by the State.
Oversight Responsibility - The Office of the State Comptroller is responsible for defining and disseminating procedures for the establishment of software inventory databases for use by agencies of the State. This inventory may also be used to provide source documentation to verify an agency's compliance with the Copyright Act, United States (U.S.) Code - Title 17. The Department of Information Technology will provide the administrative oversight and support and monitor changes in technology that might necessitate revisions to this policy.
Policy
Agency Responsibilities
Software Code of Ethics - This is the State of Connecticut policy concerning software duplication. Under this code, all employees shall use software only in accordance with its license agreement. Unless otherwise provided in the license, any duplication of copyrighted software, except for backup and archival purposes, is a violation of the Copyright Act, which is found in Title 17 of the U. S. Code. Any unauthorized duplication of copyrighted computer software not only violates federal law and is contrary to the State's standards of conduct, but also is also considered computer crime under Section 53-451(b)(e) of the Connecticut General Statutes. The following principles are to be followed to comply with software license agreements.
Audits of Software - Application programs installed on any individual stand alone computer(s) or on a LAN environment may be audited. The results will be reconciled to the registered license agreements and the corresponding purchase documents.
It is up to each agency to make sure that this information is readily available for management and audit purposes and is maintained with a high degree of accuracy. Original registration cards and certificates of authenticity (or equivalents), where applicable, may be maintained on site but a duplicate record must be kept at a central agency designated location.
Software Control Record - Agency developed software which the state has ownership to and is capitalized and reportable on the CO-59 and classified under the software category must be recorded within the Asset Management Module of Core-CT. The following format may be used for purchased software not owned by the state included within the agency software inventory. Software licenses are not owned assets, but must be included in the software inventory.
The property control record must contain the following minimum data:
An agency may choose to expand upon the reporting requirements stated herein. LAN applications need only to reference the file server and not individual computers if the agency has only installed a central copy of the software.
Information for Developing an Agency Plan - The following information is provided as a resource for developing an agency plan for implementing the State's Software Management Policy.
United States Copyright Law - Software is automatically protected by federal copyright law from the moment of its creation. The rights granted to the owner of a copyright are clearly stated in the Copyright Act, which is found at Title 17 of the US Code. The Act gives the owner of the copyright "the exclusive rights" to "reproduce the copyrighted work" and "to distribute copies of the copyrighted work" (Section 106). It also states that "anyone who violates any of the exclusive rights of the copyright owner is an infringer of the copyright" (Section 501), and sets forth several penalties for such conduct. Persons who purchase a copy of software have no right to make additional copies without the permission of the copyright owner, except for the rights to (i) copy the software as an essential step in the utilization of the computer program and to (ii) make "another copy for archival purposes only," which are specifically provided in the Copyright Act (Section 117).
Software creates unique problems for copyright owners because it is so easy to duplicate, and the copy is usually as good as the original. This fact, however, does not make it legal to violate the rights of the copyright owner. Although software is a medium of intellectual property, its protection is grounded in the long-established copyright rules that govern more familiar media, such as records, books, and films. The unauthorized duplication of software constitutes copyright infringement whether it is done for sale, for free distribution, or for the copier's own use. Moreover, individuals who copy are liable for the resulting copyright infringement whether or not they knew their conduct violated federal law. Penalties include liability for damages suffered by the copyright owner plus any profits of the infringer that are attributable to the copying, or statutory damages of up to $100,000 for each work infringed. The unauthorized duplication of software is also a Federal crime if done "willfully and for purposes of commercial advantage or private financial gain." Criminal penalties include fines of as much as $250,000 and jail terms of up to five years.
To Summarize the United States copyright Law: A "Software Package" may be used on any compatible computer, but only on one computer at a time unless otherwise specified by the licensee. Each user is authorized to make archival copies of the software for the sole purpose of making a backup diskette to protect his/her investment from loss. Software purchased for Local Area Networks (LANS) will be available only to the maximum number of simultaneous operators as specified by the license. Each package must be evaluated individually, based upon how the manufacturer has designed it to operate in a network environment. In any case, a single package cannot be installed on multiple stand-alone networks. The rule for making LAN-based software backups is the same as that for stand-alone PC software (one back-up copy for each LAN application). Under no circumstances is a state employee allowed to download an application from the LAN server to a local hard drive as this will be in violation of the licensing agreement. This would result in two copies per one LAN licensed copy.
Self Audit - Objective: Each agency may conduct its own audit to determine whether they are complying with applicable software license agreements. Software compliance is a legal responsibility for state agencies and non-compliance can impact an agency as they may be held financially liable for unlicensed copies. Agencies may be advised to pursue this course of action as a prelude to an audit by the Auditors of Public Accounts.
The purpose of a self-audit is:
a) to provide a reference point for agencies establishing software
inventory,
b) to determine what application software is installed on networks and
stand-alone computer systems,
c) to remove and replace any unauthorized software found, and
d) to evaluate the current state of agency compliance.
Pre-audit procedures:
a) Collect and review all software purchase records.
b) Collect and review all software license agreements.
c) Select a date for the audit.
d) Decide whether employees will be notified in advance.
e) Use auditing software to search networks and stand-alone hard drives and
portable computers.
Post-audit procedures:
a) Compare audit results with records of authorized software.
b) Address use of state-owned software on home computers as determined by
the software license and agency policy.
c) Either remove or destroy unauthorized software or purchase a license for
it, as appropriate.
d) Analyze results to determine future software purchasing needs.
Usage Standards by License Type
The license agreement is a contract between the software publisher and the user. The precise wording of the license agreement varies with each software vendor and each vendor has a policy governing the use of its product. The purchaser/licensee of software is only purchasing the right to use a particular application from a software publisher. Software publishers vary in terms and types of their licensing agreements. These variations do not preclude any agency from ignoring the terms under which a purchase of software is made. If a user is not sure, he/she should ask his/her agency representative or call the software publisher to clarify the issue. Do not make assumptions or interpretations of legal language. A confirming letter should back up all telephone conversations with the publisher. Do not put the agency or any individuals in jeopardy.
License agreements generally fall into the following categories:
a) Individual and Machine/PC Licenses,
b) Concurrent License,
c) Network License,
d) Site/Enterprise License,
e) Font License,
f) Bundled Software,
g) Shareware, Demonstration Software,
h) Freeware or Bulletin Board Software,
i) Personal Software
j) Secondary Installation of Software
| a) . | Individual and Machine/PC Licenses - Individual licenses apply to single
users or to specific computers. An example would be a word processing program
designed to operate on a single workstation. An individual license is exactly
as the name implies: a license for one user, or for use only on one machine. |
| License Per Individual - Software can be licensed to a particular individual,
meaning that a specific person can only use it. This method of licensing is most
suitable for software that will be used only by one person and at other times is
idle. For example, the organization's accountant might be the only person who
needs to run a tax preparation program. While this method makes it clear what
can run the software, it also raises other issues: i.e., can the licensed
individual use the package both at work and at home? |
|
| Individually licensed software is licensed to one user for use on one workstation. Loading software onto another machine (even if owned by the same user) may constitute a violation of copyright. However, some software manufacturers allow the user of the software to make additional copies. Again, where permitted, this may allow the licensed individual, under the terms of the license, to make a copy of the software for a home PC and/or lap top computer as well as an office workstation. | |
| The idea here is that the user cannot be in more than one place at a time;
therefore, the software can only be used at one place at a time. Users wishing
to run one copy of software on multiple machines should read their license
agreements carefully and contact the publisher with any questions. |
|
| LAN managers report that tracking licensed individuals on a network is
time-consuming and complicated. In organizations with considerable employee
movement and turnover, monitoring software use under individual license is
nearly impossible. This method is least popular with LAN managers. |
|
| License Per Machine - Software licensed per machine requires that customers
purchase a license for each PC that might use the software. For example, if the
agency has an environment with 100 PC's, the agency would need to buy 100
licenses. Many software managers purchase software in this manner because it
almost guarantees they won't violate the license agreement or the copyright law.
Common examples of this type of license include operating system software, such
as DOS, screen savers, or software that is explicitly tied to the workstation's
hardware. |
|
| Duplicate Media - Some publishers put both 3-1/2" disks and CD-ROM in the
same box, but there is still only one license. These disks should be considered
as the same license. Both copies have been provided simply for ease of
installation. The agency cannot give the unused set of disks to any one else. |
|
| Software Suites - A suite is a group of applications sold together. Though a suite contains different applications, it contains only one license. Different applications within the suite cannot be used concurrently by two separate people. For example, if the agency purchases "Word Perfect Office" (containing the products Word Perfect, Quattro Pro, and Presentations), the agency is not permitted to install "Quattro Pro" on one workstation, and install "WordPerfect" on another. All applications in the suite must be installed on the same PC. | |
| Upgrades/Updates - An upgrade, sometimes called an update, is an improvement
to the original version of the software. The software publisher may have added
additional features in the program, or made other substantive improvements.
When a software publisher offers version 5.0 of a product, and subsequently
releases version 6.0, the 6.0 version is an improvement to version 5.0. |
|
| For the software user using version 5.0 of the product, the following two
scenarios can take place when considering upgrading to the new version: |
| A. | If the agency is using version 5.0 and decides to upgrade to version 6.0,
the agency only has one license for both versions. Remember that the upgrade is
an improvement to the original. It does not create a second license and there
can only be one hardware installation of this software product under the
original terms. In order to obtain the upgrade, the agency will have to
demonstrate ownership of version 5.0. Ownership may be proved with the first
page of the manual or original disks. The prior version becomes a back-up copy
and cannot be passed to another employee within the organization, nor can it be
resold. |
| B. | If the agency is using version 5.0 and decides to purchase version 6.0
without utilizing the publishers upgrade program, the agency is then permitted
to re-sell the prior version, if permitted in the license, or give version 5.0
to an associate. In this example, the agency would be paying the normal retail
price for version 6.0 and would not have to demonstrate ownership of version
5.0. As the agency purchased version 6.0, the agency then has two licenses-one
for version 5.0 and one for version 6.0. |
| It is extremely important for the software manager to keep an accurate
accounting of upgrades and new product purchases. Some software managers that
go with option A, above, mark the disks, manuals and purchase records with a
"U", signifying an upgrade from a prior version. |
|
| C. | Competitive Upgrades are used by many software companies as a
means to gain market share. A competitive upgrade is nothing more than a special offer
to the agency from a software publisher. |
| For example, the agency is currently using Lotus 1-2-3, and Microsoft would like the agency to start using their spreadsheet, Excel, instead. Microsoft will sell the agency a license for Excel at a deeply discounted price in order to get the agency to become a registered user. Since the competitive upgrade is a special sales offer, acceptance of the offer does not obligate the agency to cease use of the older product. In the above example, the user's license to continue to use a previously purchased copy of Lotus 1-2-3 may not be revoked by Microsoft. The agency has two valid licenses. For purposes of showing authorized software, the software manager will still need to retain roof of ownership for both pieces of software. |
Individual License Violations
With an individual license, software cannot be loaned to a friend, even if the software was delivered in both CD-ROM and 3-1/2" formats. It is a violation of copyright to keep one set of disks and lend or give away the other set.
Another very common misuse of an individual license is loading the software onto a file server (LAN) and configuring it in such a way that it can be used by multiple users. In addition, it would be a violation to take the same copy of software and install it on multiple PC's without having the appropriate number of corresponding licenses.
| b) . | Concurrent License - A concurrent license allows a limited number of
users to connect simultaneously to a software application. The number of users
may be limited to 5, 10, 25, 100 or more, depending on the publisher.
Concurrent licenses are becoming more popular due to the increased use of LAN
environments. |
| For example, if the agency has 25 users, but only 10 use a spreadsheet at any
given time, then the agency would only need to purchase 10 copies of the
program. Concurrent licensing is a potentially money-saving and attractive
option because the agency can purchase only the amount of software needed. It
is an ideal solution for those applications in which the peak usage rate is less
than the total number of potential users. However, the agency needs a method to
estimate this peak period. Some software vendors design their software to lock
out any extra users beyond the number authorized. Some do not. If the
publisher does not install this feature into its product, the responsibility is
then with the software manager to ensure its legal use. Many software managers
will install metering software to count the number of concurrent users, and also
lock out unauthorized users. |
|
| Each organization using software with a concurrent license has the
responsibility to conform to the license agreement regardless of whether or not
the software locks out the extra user trying to access the software. |
|
| Self-metering, concurrently licensed software often comes in a special file
server edition. The software includes a network setup disk with a counter
utility and a LAN pack. Vendors frequently sell LAN packs in increments of five
or more users. If more than five users need to access the software, the agency
must purchase additional LAN packs. Vendors usually offer these packs at
discounted rates compared with the cost of the five stand-alone copies. Many
software publishers have adopted concurrent use licensing for their application
software, but not for operating systems. |
Concurrent License Violations
When more users are using the software at one time than the license allows, they are in violation of the license agreement. For example, if the agency put a five-user software application on the network, but 50 people are using it, 45 of these users are violating the license agreement.
| c) . | Network License - How the agency defines a network and how a publisher
defines a network may be very different. Read the network license very carefully
to determine the publisher's definition. |
| A network license is generally limited to a Local Area Network (LAN) or
individual file server. The network license is different from the concurrent
license in that every member of the network is allowed to access the program.
Also, the software is installed on only one server on the network (rather than
on each computer, as is the case in the concurrent licensing). |
|
| The number of users is limited to the number of connections the network
operating system (NOS) allows to the file server. Software limited to a file
server is often coded so it cannot be loaded on to another file server, and the
license agreement generally prohibits the agency from installing the software on
multiple file servers. Therefore, it is the responsibility of the organization
to monitor software usage. |
|
| File server licenses are an excellent choice for system software programs and
network management tools because they don't require accurate user or PC counts.
Because the agency only installs a single copy, the software is easier to
install, administer and upgrade. |
|
| Selling software in this manner allows the vendor to present a cost-effective solution to organizations with large networks. |
Network License Violations
Copyrights are violated when the licensed software is loaded on more than one file server at a time.
| d) . | Site/Enterprise License - For purposes of software licensing, "site" has
multiple definitions, including: |
|
|
| When organizations purchase many software licenses, vendors sometimes offer a
volume discount or a site license. The discount can be applied to all forms of
software licensing. Organizations with 100 file servers may receive a discount
on software licensed by file server, while organizations with 100 PC's may get a
discount on software licensed by machine. A site license may consist of a
discounted price on multiple copies of software or it may allow unlimited copies
of a single disk. The vendor may adjust the price based on the number of nodes
on the network or the number of file servers. Obtaining a site license is
generally less expensive than purchasing individual copies for each user.
Generally, when acquiring a license such as this, the organization interested in
the site license must deal directly with the publisher. |
|
| Enterprise-wide license, also known as a "Gold Disk," is an unlimited use
license, but it has a set term of use that the agency must generally renew
annually. This type of license is usually more suitable for a large
organization with a large number of computers with multiple site locations. |
Site/Enterprise License Violations
Piracy occurs when this software is
loaded at one or more additional sites without purchasing another site
license agreement. Another copyright violation of the site license
occurs when users download the software for home use, even if it is used
for business-related purposes. The license may allow this. It is the
responsibility of the software manager to determine if this is an
allowed use per the license agreement.
| e) . | Font License - There are two fundamental models for the licensing of font
software, so called printer-based and CPU-based licensing. |
| "Printer-based licensing" licenses the font software to an output device, and
to any computers connected to that output device. For example, if there were
ten computers connected to one printer, one licensed copy of the font software
would allow the licensee to use the fonts on all ten computers connected to the
printer. If another printer were to be connected to the computers, an
additional license for the font software would be required. |
|
| "CPU-based licensing" licenses the font software to computers, not output
devices. In the example above, with ten computers connected to one printer, ten licenses are
required under a CPU-based licensing model if the licensee desires to use the
font software on all ten computers. However, no additional licenses are
required if additional output devices are connected to the computers. |
Font License Violations
The type of output device used and what type of license has been purchased determines violations. Printer-based violations occur when a single output license is purchased but multiple printers are used. Computer-based violations occur when a single computer is licensed for the font but it is used on multiple computers.
| f) . | Bundled Software - When a computer is purchased with "bundled" software
(sold as part of the unit), even though this software is part of the purchase
price, the software must be inventoried at this point. This fact must be
documented on an invoice or substantiated by other documentation. When upgrades
of the computer's "bundled" software are purchased, the new upgraded version
will become part of the software inventory. Any upgrade of software must be
installed on the computer with the original version. Under no circumstances may
any upgrade be separately installed on another computer as this violates
copyright law. The original version and the upgrade are joined together under
one license agreement. The old version's back-up copy is to be destroyed and an
upgrade copy retained in its place. |
| g) . | Shareware/Demonstration Software - This is software that is marketed by
freely distributing a limited or full version of the software through trade
shows, bulletin boards, World Wide Web sites, File Transfer Protocol sites,
Internet sites, E-mail, or by handing it from one user to another. |
| Potential users are encouraged to copy the program for "preview" purposes to
determine whether or not they want to purchase it. The rule with Shareware is
if the user likes the program and keeps it, the user sends the developer payment
for it. If the user keeps it but does not pay for it, the user is in violation
of the copyright. Almost all Shareware includes a "read me" file or an opening
menu stating that the program is Shareware and how and where to send the
payment. Use of this type of software must be approved in writing from the
administrator designated to oversee the software inventory. |
|
| If a state employee desires to install his or her own purchased program as
demonstration software for a possible future agency purchase, the agency must
develop written procedures and a form to document this type of installation.
The administrator may authorize an installation of this type only if the owner
can show proof of original ownership and that the use of this software will
benefit the State. At a minimum, this must include a. verification that the program has been checked by an agency approved virus program; b. verification
that the program is legally licensed to the employee: c. the test is limited to a
defined time frame. |
|
| Note - Any software that cannot be confirmed as a legally licensed copy may
not be brought into an agency and evaluated for any reason. |
|
| h) . | Freeware or Bulletin Board Software - Freeware, also known as "public
domain software," is software distributed for general use with no restrictions
placed on it by the developer. It is usually distributed in much the same way as Shareware, but no payment is
required from the end user. |
| Upgrade drivers or patches distributed by software vendors are also
classified as freeware. |
|
| While the terms of the Copyright Act automatically protect all software from
the moment of creation, the developers of Freeware voluntarily waive their
rights to the software when they choose to distribute it free of charge, and a
statement to that effect is usually found in a "read me" file or an opening
menu. In some instances, Freeware may be modified by the end user without
authorization from the developer. |
|
| Because of its nature, the individual may use and share Freeware without fear
of copyright violation. However, any installation on state-owned hardware must
have prior written approval as this type of software falls under the same
guidelines as "Shareware/Demonstration Software." Extreme caution should be
exercised to maintain virus control. |
|
| Note - Agencies may elect to prohibit installation of any shareware,
freeware, or demonstration software by their employees or limit the installation
to specific individual circumstances. |
|
| i) . | Personal Software - Personal software is software that is not licensed to
the State of Connecticut or its subdivisions. Personal software may not be
installed on any computer owned or leased by the State or the Federal Government
or purchased with Federal Funds for use by the State, except in those specific
instances covered in ”License Agreements” in this chapter. Any installation of
personal software may compromise the integrity of the State's compliance with
copyright laws and may expose the stand-alone computer or network file server to
the introduction of computer viruses. |
| j) . | Secondary Installation of Software - An installation of state owned
software on a home or field office computer must be permitted by that software
product's license agreement. Agencies are responsible for establishing written procedures to document this
installation as permitted by the license agreement and as necessary for the
efficient operation of an agency's functions. |
| These procedures need to identify the software installed, the installer,
location, date of installation, hardware, and subsequent date of the
un-install/removal of the software. |
|
| An agency provided with uninstall software program will document the removal of this secondary installation when it becomes necessary. |
Employee Education Program - Many State employees are generally uninformed with regard to how software is impacted by the Copyright Act. In most instances of copyright license violations, it is ignorance of the law rather than intentional abuse, that is the root of the problem. For this reason it is important for agencies to institute an employee education program with the commencement of this Software Management Policy.
It is crucial that all State employees understand their responsibilities with regard to the software programs that they access and use in their daily work environment. To accomplish this, information must be disseminated that addresses: types of software licenses; code of software ethics; copyright laws; agency software policy; and annual software audits.
Agency heads will be provided with an employee information pamphlet that will be developed for all state agencies. However, it is the agency's responsibility to educate its employees regarding this Software Management Policy.
Copyright Protection for State Developmental Software
The State of Connecticut is responsible for ensuring compliance with software
manufacturers' licensing requirements.
However, the State must also ensure that it protects its own interests when contracting with vendors to develop custom software. While a proposal is being examined, the State's right to the copyright or waiver of rights, with respect to future commercial applications in the public or private sector should be documented.
If the State decides to retain the copyright to the software (agencies should be aware that this right may increase the cost of the contract so the cost-benefit aspect of this decision must be weighed), specific contract language may be incorporated into the contract. Check with the respective agency Attorney General liaison. See Appendix D for specific contract language.
Computer Viruses
A computer virus may manifest itself as a self-replicating segment of
computer code designed to spread to other computers by sharing "infected"
software. Viruses may be "benign" or "malignant." Benign viruses replicate, but
do no malicious damage. For example, they may beep or display messages on the
screen, but they do no intentional damage. Malignant viruses attempt to damage
computer resources such as erasing a hard drive.
Some symptoms of computer viruses are: system crash; slower than normal program operation: change in file size; loss or change of data; and unusual and frequent error messages.
Agencies must develop procedures for system protection by designing, installing, and using virus detection software. These procedures must also incorporate the downloading of information from communications links such as America On-Line, Internet, World Wide Web sites, File Transfer Protocol sites, etc.
Disposal of Software - The procedures for the disposal of surplus software are outlined in chapter 8 “Disposition of Surplus Property” in this manual.
Return to Table of Contents
Return to Index of Comptroller's Manuals
Return to Comptroller's Home Page