What really is a source code? To the uninitiated, it is a kind of product DNA which software development companies carefully put together and it forms the base to develop software products that they sell, whether it would be individually designed for particular customers or a mass market product which could be sold over the counter.
The nature of a source code by itself is unique because it can be copied easily without causing any change to its original form, thereby making it vulnerable for theft. And finally, this is the lynch pin on which software companies can make or break. At the risk of sounding overdramatic, one could say that at the bottom of all this lies the tussle between the investors of a software company and its technical staff or in other words the software engineers.
While both parties are necessary in this equation, what ensues is an uneasy partnership, as the investor would always fear that the source code, developed over time and much resource, would be whiffed away in a moment to be sold or used by a rogue employee or a competitor. This can be a serious stumbling block in the development of sophisticated software that in this day and age is necessary to run commerce be it banks, telecommunications or intelligent buildings.
Unfortunately, there isn’t much technically that one could do to protect such intellectual property. The experts say it is the legal teeth a country has, that could act as a deterrent. But in a country like Sri Lanka, which openly subscribes to piracy, the question of protecting investors in this industry might not be a priority. Apart from that, there is the moral issue - do software engineers believe that it is unethical to pilfer a source code? Is there a code of ethics taught by universities and other educational institutions in Sri Lanka who train these software engineers?
Source code piracy
There was an unusual case reported in the news last April where, a Goldman Sachs employee who was accused of stealing a source code from the firm was convicted of the crime and sentenced to eight years in prison. However, the conviction was overturned on the condition that one cannot physically hold a source code.
The US Federal Bureau of Investigation (FBI) arrested Sergey Aleynikov, in July 2009 for taking a source code just before he left Goldman Sachs and started a new job. He was tried and sentenced in March of last year. However, his conviction has been overturned by a federal appeals court. It ruled that source code cannot be considered tangible property and cannot be made to fit the charges within existing laws in the US.
In another instance the theft of a source code from anti-virus giant Symantec for its software after it experienced a breach in 2006, led the company to release a statement to Symantec users, asking them to disable pcAnywhere until the company had time to update the software to ensure that hackers are unable to exploit holes they might find in the code.
If sophisticated societies like the USA are finding it difficult to solve this problem, then developing countries like Sri Lanka would face dire consequences if we are not able to manage this, thus leading to the entire IT industry to be in a position that is unviable and unsustainable.
Software development is one industry that does not need huge natural resources; it’s all about having the right equipment and intelligent people working with the right financial backing. Financial backing is not only required to pay salaries and bills but also in the marketing of these products and creating reliable brands that could be brought to run various businesses and industries within and outside the country.
The root of the problem however, lies with the ethics of the software engineer who is working in this maze of binaries (or whatever that goes into building source codes) and could easily steal the source code and sell it to his company’s competitor who would then go into the market and offer a perfectly formulated, mature product at a much lower cost. This could be easily done, as the rogue element would not have faced the start up cost of developing the source code!
What is the answer to this? To start with, like all issues related to software piracy, it can only be successful if there is consumer resistance. If the buyer who could well be a large corporate, knows that the cost is far below market price they should make sure that they are not buying stolen goods. If a company is totally dependent on making decisions to buy software on the rule of their procurement department there is always the possibility of going for the cheapest available. But purchasing software and the decisions surrounding it should not be left to rupees and cents only. And this is not merely because one is taking the moral high ground.
Just imagine this, if some unscrupulous element is actually selling an organisation some software – say, to run the company’s finances and they knowingly buy it simply because the price was right; who is to say that this entity would not have worked in a back door to the programme to siphon out information and valuable data from the buyer’s system?
This business is all about trust, about high morals, about integrity. It is these elements that can make the IT industry sustainable. The technical aspect of the software business is merely that - the mechanics of it; but software development is beyond mere technology or creating a source code. The overall dynamics of this business involves investment, marketing, brand development etc., which the developer community as well as consumers must understand.
It is time then that we in Sri Lanka looked sharp when we engage ourselves, be it in a simple download to our hand held device or in the buying of a large system to manage the finances, telecommunications or any other key area in our companies. If we allow theft to flourish simply because it is expedient to us, it may well become our Pandora’s Box.
(The writer can be reached via email@example.com)