The answers people have given to that and other questions reveal sharp divides between the habits and outlooks of users in emerging and developed markets. Those differences help explain why the global piracy rate hovered at 42 percent last year while a steadily expanding marketplace in the developing world drove the commercial value of software theft to $63.4 billion.

Here’s a brief overview of the study’s findings:

Visit www.bsa.org/globalstudy for all the details.

Where do we begin to look for what’s next? Today, IP is one of the most important economic assets fueling the digital economy. The legal framework for protecting copyright, patents, and trademarks is a fundamental building block for most developed economies.

What is perhaps more interesting is to consider the growing importance of IP in emerging markets. At a roundtable event in Beijing earlier this month, US Ambassador to China Gary Locke spoke of the growing importance of IP protection to Chinese innovators who are increasingly creating intellectual capital of their own. “Stronger IPR enforcement is essential to protect the work of Chinese writers and musicians, to provide incentives for Chinese firms to invest in research and development, and to help China foster an innovative and prosperous society,” he said. While problems in IP protection in China exist in abundance, IPR is no longer an issue for foreign companies alone. There are growing numbers of Chinese innovators who realize that IPR protection is fundamental to their economic prospects.

It is not just China sitting on the precipice of an IP revolution. Emerging economies as a whole are outpacing mature markets in their rate of growth. In no industry is this shift more prominent than technology, wherein emerging markets took in more than half of the world’s new PC shipments in 2011, and now account for more than half of all PCs in use. With the burgeoning cloud computing market bringing infinitely scalable computing power to businesses and consumers around the world, the foundation is being laid for a new leap forward in the IT revolution. This puts enormous pressure on governments in emerging economies to modernize their copyright and intellectual property laws to keep pace with technological developments.

WIPO Director General Francis Gurry says in his World Intellectual Property Day message, “Intellectual property is, by definition, about change, about the new. It is about achieving the transformations that we want to achieve in society.” So while we recognize the significant achievements that have come before; today we also celebrate the promise of new ideas to come. BSA and its member companies will continue to work with governments, policymakers, and organizations to advance practices and policies that encourage and protect future innovation.

That was how John Landwehr, Vice President for Digital Government Solutions at Adobe Systems, put a fine point on the need for efficient and effective sharing of cyber threat information. He spoke at a packed briefing BSA hosted today on Capitol Hill to help educate House staff on issues involved in cyber legislation now pending in Congress.

Landwehr used the analogy of a home invasion to illustrate what information ought to be shared, with whom, and for what purpose: You would want to know how the break-in occurred so you could take appropriate steps to protect your house from the same type of crime. You would want others in the neighborhood to know, too, so they could take similar steps. And you would want the police to know, so they could track down the thief.

It is similar with cyber threat information, so there needs to be an appropriately robust and well-functioning system for sharing warnings. Jeff Greene, Senior Policy Council with Symantec, described it at today’s briefing as “tri-directional” sharing: Actionable information needs to flow from government to the private sector, from the private sector to government, and between entities in the private sector.

Some of this kind of sharing is already occurring, Greene noted. Some. But it is not nearly as efficient as it needs to be. Greene said there needs to be much faster processing of information to effectively combat threats, and key obstacles need to be removed, such as legal restrictions. Greene also noted that legislation to promote information sharing needs to be precise about what can be shared — namely, pertinent threat information — and what it can be used for: taking appropriate protective and enforcement measures against cyber threats and crimes.

Effective information sharing in the private sector might be where there is the biggest “bang for the buck.” But government leadership also is critical in bolstering the country’s cyber readiness, said panelist Angela McKay, a Senior Security Strategist at Microsoft. McKay outlined three forms government leadership should take: leadership by example, leadership by empowerment, and leadership through long-term commitment.

For the government to lead by example, McKay said Congress should reform the Federal Information Security Management Act to ensure that federal agencies no longer go through bureaucratic “check-the-box” exercises to inspect their systems but instead engage in continuous monitoring and improvement. For government to lead by empowerment, legislation needs to facilitate an information sharing process that gets warnings about specific threats not just in front of those who “need to know” but also in front of those who “need to act.” Finally, to bolster the country’s security for the long term, legislation should promote investment in cyber training, research and development. All of these issues are addressed in bills set to be debated on the House floor next week.

The striking thing in the unfolding cybersecurity debate is the extent to which diverse stakeholders agree on the practical outlines of what ought to be done, legislatively. Civil liberties advocates have voiced substantive concerns with the privacy implications of provisions currently contemplated in the Cyber Intelligence Sharing and Protection Act, sponsored in the House by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.). But Greg Nojeim, Senior Counsel at the Center for Democracy & Technology, made clear they agree with the basic idea of beefing up cyber readiness through information sharing — as long as legislation carefully defines what kind of information can be shared with government and how it can be used.

Nojeim argued for a definition of actionable threat information that will be easy for IT professionals and their companies’ lawyers to understand and apply. Nojeim also outlined restraints CDT would like to see on how wide a net can be cast in monitoring for potential threats and how information gleaned from the private sector can be used by government.

BSA Director of Government Relations Tim Molino, who moderated today’s briefing, said it is clear legislation must strike the right balance between America’s dual interests in bolstering cybersecurity and protecting privacy.

The good news is there is time and opportunity to address remaining concerns in the bill. Rogers and Ruppersberger have opened their doors to stakeholders — and they, their staffs, and groups like CDT and BSA are actively engaged in a constructive dialogue.

Software publishers figure prominently in that picture by, among other things, directly employing approximately 260,000 US workers in 2010 while exporting more than any other IP-intensive, service-providing industry.

This report is the second major government study in a year to underscore the stakes involved in protecting US intellectual property rights at home and abroad. Last May, the US International Trade Commission found that lax enforcement of IP rights in China alone costs IP-intensive companies in the United States nearly $50 billion a year — and it may cost the broader economy more than twice that amount, putting in jeopardy as many as 2.1 million jobs.

The new Commerce Department report notes, “The granting and protection of intellectual property rights is vital to promoting innovation and creativity and is an essential element of our free-enterprise, market-based system.” It goes on to explain:

Patents, trademarks, and copyrights are the principal means used to establish ownership of inventions and creative ideas in their various forms, providing a legal foundation to generate tangible benefits from innovation for companies, workers, and consumers. Without this framework, the creators of intellectual property would tend to lose the economic fruits of their own work, thereby undermining the incentives to undertake the investments necessary to develop the IP in the first place. Moreover, without IP protection, the inventor who had invested time and money in developing the new product or service (sunk costs) would always be at a disadvantage to the new firm that could just copy and market the product without having to recoup any sunk costs or pay the higher salaries required by those with the creative talents and skills. As a result, the benefits associated with American ingenuity would tend to more easily flow outside of the United States.

That neatly summarizes the reason the Founders included a copyright clause in the US Constitution, and it is why the Administration and Congress are right to place IP protection at the top of the country’s economic agenda today.

If likely president-to-be Xi Jinping is interested in improving bilateral relations, as he suggested during a recent visit to America, then addressing that problem would be an excellent place to start.

As things stand today, a troubling gap in the rule of law between China and the West costs America as much as $100 billion annually in sales and exports, at the expense of more than 2 million jobs. Those estimates come from the International Trade Commission, which investigated how American products that are supposed to be protected by copyrights, patents and trademarks — everything from software to pharmaceuticals to brand-name clothing — are instead being misappropriated on a jaw-dropping scale in the Chinese marketplace.

The Obama administration has won a series of commitments from Chinese officials to crack down on this rampant intellectual property theft. But a recent case of software copyright infringement gives a small glimpse of what will be involved in bringing real law and order to China’s anything-goes commercial sphere.

A Shenzhen-based online gaming company called ZQ Game was found to be working with unlicensed copies of software programs made by U.S.-based Adobe Systems and Autodesk. But rather than cooperate with a court-authorized investigation and copyright infringement suit filed on Adobe and Autodesk’s behalf by the Business Software Alliance, the chairman of ZQ Game flew into a rage. He called a meeting on the pretense of negotiating a settlement and then demanded that the infringement suit be dropped. He lashed out at the BSA’s lawyer for having the temerity to pursue legal action against his company and then beat her over the head with a chair, inflicting injuries that kept her in the hospital for more than a week.

Local law enforcement at first appeared to shrug this off. It was only after a series of appeals to higher authorities in the city of Shenzhen, the local courts and the U.S. Consulate that the intimidation stopped and ZQ Game’s chairman agreed to compensate the lawyer for her injuries. The original case of copyright infringement is ongoing. Its outcome remains to be seen.

This is an extreme example, to be sure. But ineffectual enforcement of intellectual property laws in China appears to encourage a general disregard for them.

That helps explain why market research firm IDC estimates that nearly eight of 10 software programs installed on PCs in China are pirated.

China’s governing State Council seems determined to advance intellectual property protections at its own halting pace. But it recently signaled it would make a series of policy changes that could be noteworthy. The State Council intimated it would revise copyright laws and related criminal and civil procedures, and said it would start holding government officials responsible for more effectively enforcing intellectual property violations.

Perhaps most significantly, the State Council also said it would create a new national office under Vice Premier Wang Qishan to coordinate enforcement efforts. This is encouraging. But bridging the legal gulf that now separates China from most of the world’s advanced economies will require Mr. Wang, encouraged by Mr. Xi, to strengthen every link in the chain of intellectual property enforcement. Authorities need to send a stronger signal of deterrence so that end users like ZQ Game start showing a higher regard for the law.

Originally posted in the San Jose Mercury News on March 20, 2012.

In January, BSA outlined a series of policy priorities for cybersecurity legislation. Since then, Senate Homeland Security Chairman Joe Lieberman (I-Conn.), Ranking Member Susan Collins (R-Maine), and Commerce Committee Chairman Jay Rockefeller (D-W.V.) introduced a robust bill, the Cybersecurity Act of 2012 (S.2105), which covers the most important bases, and Sens. John McCain (R-Ariz.), Saxby Chambliss (R-Ga.), Kay Bailey Hutchison (R-Texas), along with a group of other key Republicans, have introduced the Secure IT Act (2151), which covers much of the same ground.

The most obvious difference between the two Senate bills is that the Lieberman-Collins-Rockefeller package contains a specific section that aims to bolster security around critical infrastructure while the McCain-Chambliss-Hutchison alternative aims to improve critical infrastructure through its information-sharing provisions. This is an admittedly tricky issue. Lieberman, Collins, and Rockefeller believe critical infrastructure such as nuclear plants and water facilities would be a prime target in a cyber-9/11 scenario, so more federal involvement is warranted. McCain, Chambliss, and Hutchison fear that overregulation could end up undermining security with ineffective bureaucracy that slows down our abilities to react to real-time threat information and rapidly address vulnerabilities. They are pressing for more shared responsibility in the exchange of information between government and industry to protect critical infrastructure. The gap between the two bills is bridgeable, however. Indeed, Lieberman and McCain have directed their staffs to work on a compromise.

In the House, Energy and Commerce Committee Chairman Mary Bono Mack (R-Calif.) reportedly plans to introduce a bill similar to the McCain-Chambliss-Hutchison package — likely mirroring a forthcoming revision. Meanwhile, Rep. Mike Rogers (R-Mich.) has sponsored an information-sharing bill (H.R.3523) that already has cleared the Intelligence Committee, collecting nearly 90 cosponsors along the way. And Rep. Dan Lungren (R-Calif.) has a bill (H.R.3674) that promotes information sharing while also directing a review of existing security standards for critical infrastructure. More bills on other key issues are likely to follow.

It is especially heartening that all of the aforementioned Senate and House bills put improving information sharing front and center, because that issue is at the core of the cybersecurity problem. Entities in the private sector need incentives, liability protection, and as little red tape as possible to encourage them to share warning signs they detect about potential cyber threats so that suspected public and private-sector targets can be hardened and attacks can be averted. At the same time, it is important to signal that government, too, can do a better job of sharing real-time threat information with trusted entities in the private sector.

It also is encouraging that both of the leading Senate bills would improve the way federal agencies secure their IT systems by reforming the Federal Information Security Management Act of 2002 (FISMA). Both would boost research and development. And both would promote international standards and coordination, which is critical given the global nature of the Internet.

These many commonalities underscore that an opportunity for legislative compromise on cybersecurity is near at hand. Now is the time to seize it.

But in a first-of-its-kind study of the global policy landscape, BSA has come to the troubling conclusion that a patchwork of conflicting laws and regulations threatens to prevent the cloud computing market from reaching its full potential on a global scale. Above all, the BSA Global Cloud Computing Scorecard finds there is a pressing need for governments to better harmonize their policies to smooth the flow of data across borders.

The Scorecard benchmarks the cloud readiness of 24 countries that together make up 80 percent of the global information and communications technology market. It shows which countries are best positioned to drive the cloud computing revolution; it reveals barriers to growth; and it outlines a set of guiding principles that all countries would be well advised to follow.

In ranking countries’ cloud-related policies, the report finds a sharp divide between advanced economies and the developing world. Japan ranks first overall because it has comprehensive privacy policies that don’t inhibit commerce, a full range of criminal and intellectual property protections to foster innovation, and robust IT infrastructure. The United States and EU countries also have established solid legal and regulatory bases to support the growth of the cloud, while developing countries like China, India, and Brazil show the most room for improvement.

These findings may not be surprising. But the study warns that many high-ranking countries are beginning to wall themselves in with technology preferences and market-distorting regulations. Lawmakers in some EU countries, for example, are doing things to keep non-European firms waiting at the border while favoring local cloud providers. This does not bode well, because it effectively chops the global cloud into little pieces.

To have a truly global cloud market, we don’t need every country’s laws to be identical. But they need to be compatible. In the report, BSA offers governments a seven-point policy blueprint for expanding economic opportunity in the cloud with a more level playing field:

1. Protect users’ privacy while enabling the free flow of data and commerce.
2. Promote cutting-edge cybersecurity practices that counter threats by drawing on the innovative capacity of the market.
3. Battle cybercrime with meaningful deterrence and clear causes of action against criminals.
4. Provide robust protection and vigorous enforcement against misappropriation and infringement of cloud technologies.
5. Encourage openness and interoperability among cloud providers and technologies.
6. Promote free trade by lowering barriers and eliminating preferences for particular products or providers.
7. Provide incentives for the private sector to invest in broadband infrastructure, and promote universal access to it among citizens.

Click here to visit an interactive microsite where you can browse or download the full report plus individual country summaries.

But this pricing argument does not hold up under close scrutiny. Never mind that software is in fact typically priced lower in emerging markets than in developed markets. Consider all this instead:

First, the correlation between income and software piracy itself breaks down upon inspection. Just look at China and India. China has more than twice the per capita GDP of India (roughly $7,600 versus $3,500). Yet India has a considerably lower software piracy than China (64 percent versus 78 percent in 2010), and it spends three times more on legal software per PC currently in use — $31.40 versus just $9.15 annually. (The math: India had $1.5 billion in legal software sales in 2010 divided among the 49 million PCs that were in use there, according to IDC, while China had $2.2 billion in legal software sales divided among its installed base of 240 million PCs.)

Second, look at the gap between hardware spending and software spending. If the software-pricing hypothesis were to stand up, then you would expect to see something at least vaguely similar in the hardware market — namely, computers would have to be priced considerably lower in emerging markets than in more developed markets in order to achieve similar sales. But that is not the case. In fact, the average price of a new PC in the four so-called BRIC markets was $726 in 2010 versus $704 in the US. This, while new PC sales were surging an average of more than 32 percent in the BRIC markets, compared to less than 6 percent in the US. Indeed, China this year will pass the US to become the world’s largest market for new PCs.

Finally, remember that the most concerning sort of software piracy around the world, economically speaking, is enterprise software piracy — the piracy that occurs when otherwise legitimate businesses buy a few copies of the programs they need and then ignore the licensing terms by installing the software on too many computers. (In large companies, that can quickly become hundreds or thousands of illegal copies, and avoiding those costs amounts to an unfair competitive advantage.) It simply defies logic to believe that medium-sized and large companies in emerging markets — companies that may own sophisticated industrial equipment, operate factories, and export products to global markets — would be pirating software because it costs too much. How do they afford all the rest of their plants, equipment — not to mention their PCs — if they can’t afford software to run them?

The answer is they most certainly could and should pay for it. But in many developing markets, ineffectual enforcement of intellectual property laws encourages a general disregard for them. Too often, companies act as if software licensing terms need not be taken seriously. This has broad economic impact. So it is in every country’s interest to enforce the law in a way that sends clear deterrent signals to the marketplace.

The facts of the megaupload case are straightforward.  Ten days ago, the Department of Justice revealed that seven individuals involved in the operation of megaupload.com and related sites were indicted for operating a criminal enterprise responsible for “massive worldwide online piracy of copyrighted works.”  Four of those indicted were taken into custody in New Zealand.  The investigation was led by the FBI’s Intellectual Property Rights Unit, and was supported by multiple law enforcement agencies around the world.

Bringing down megaupload.com was a significant step in law enforcement’s efforts to protect copyrighted material online.  But the true impact of the DOJ’s efforts goes beyond this case. Over the last week and a half, a number of prominent online storage sites (also known as “one-click hosting sites” or “cyberlockers”) have taken voluntary steps to prevent illegal file sharing on their sites.  It is too soon to tell if these are permanent changes by these sites, or how many other sites will follow suit, but the initial and positive ripple effects from the megaupload case are clear.

BSA champions the rapid innovation we are seeing in online offerings and services.  Sites that enable the legal storage and sharing of material are a good thing.  And so is enforcing laws against criminal enterprises that profit from the illegal sharing of copyrighted material.  After all the attention has died down, the most important impact of this case may well be that it makes clear that law and order extends to all areas of the web.

The Commission’s effort accomplishes many long-overdue improvements to the EU’s current data privacy regime.  It will replace the current overlapping – and often contradictory – system with a single set of rules that applies in all EU member states and covers all types of businesses.  These changes will enable a more-unified Single Market within the EU and reduce confusion for both enterprises and consumers.

But other elements of the EU proposal threaten to undermine those very constructive goals.  Certain elements of the data protection framework, including the “right to be forgotten,” are troubling because implementation will be complex both as a matter of how the technology works and also in terms of aligning with existing laws.  Still others – including the draft regulation’s provisions on breach notification, administrative sanctions, and even the definition of personal data – will require significant clarification in order to understand their potential implications.  Many of these problems stem from the underlying premise that addressing privacy concerns requires sharp prescriptive rules.  In dynamic digital environments, such snapshot-in-time prescriptive rules could chill innovation and digital progress.

We believe in addressing privacy with a flexibility that is commensurate with the rapidly changing digital environment. By focusing too sharply on the narrow issues of today, the EU runs the very real danger of adopting a privacy regime that will be outdated tomorrow and forsake the “future-proof” framework that the European Commission intends to create.  That approach is good for no one.  Neither for the businesses that will be constrained in their ability to grow and benefit the economy, nor for EU consumers who will be deprived of the full range of products and services that would otherwise be available.

Privacy is a vital component of the technologies that have become so integral to our daily lives, and the European Union is right to stress companies’ responsibility to clearly describe and take responsibility for how users’ data is being collected and used.  BSA member companies each already fully embrace the duties that emanate from data stewardship.  They have each implemented comprehensive privacy policies, which they update regularly as to reflect users’ and customers’ needs and the companies’ ever-evolving software, computer and cloud services.  BSA members believe this approach is essential to ensure that individuals can make informed decisions about the firms with which they share their most intimate information.  This mutual trust between companies and their customers is one of the most relevant and crucial aspects of the Digital Age.

But our privacy expectations and the ways in which companies will use data to improve our lives is not a static environment.  Consider, for example, the growth in social media in the past few years.  A method of communicating that was – when the EU last considered its privacy rules – largely limited to conversations over coffee has exploded into an internet-enabled phenomenon that allows users to communicate with people around the world in a matter of a few simple keystrokes. 

Good privacy law will allow that growth to continue, and it will be built around a reasonable standard of privacy that focuses on the context in which information is shared.  To do otherwise would threaten to lock us into the static world of today – and to bar the progress of tomorrow.

The world is at a critical turning point in the continued evolution of technology, and the European Union has the opportunity to capitalize on this new era.  It should do so by embracing privacy considerations that are dynamic and flexible and will ensure users have access to the full range of new and exciting digital technologies.

Senate Majority Leader Harry Reid has informed Minority Leader Mitch McConnell that he intends to bring comprehensive cybersecurity legislation to the floor in the first working period of the New Year. The ranking Republican members of four key Senate committees countered with a letter to President Obama urging that cybersecurity legislation focus on four near-term measures for which there would likely be broad support: information sharing, reforming the Federal Information Security Management Act (FISMA), updating criminal penalties and enforcement tools, and ramping up R&D. The group recommended deferring action on more complex and contentious issues, such as regulation of critical infrastructure and supply chains.

The House has already settled on a piecemeal approach to cybersecurity. The first session of the 112th Congress came to a close with bills up for consideration on a range of discrete security issues, from data breach and notification rules, to information sharing, to cyber espionage.

As Symantec’s Cheri McGuire (no relation) wrote here recently, the growing volume and sophistication of cyber threats underscore the pressing need for effective cybersecurity policies. All the momentum in Congress offers hope. But election-year politics being what they are, pragmatism should be the watchword when lawmakers reconvene. Several measures should rise to the top of the agenda, because they would have a real impact on cybersecurity and should also garner bipartisan support:

• Promote information sharing about security threats with government and between companies.
• Improve the government’s own cybersecurity by reforming FISMA so agencies engage in continuous monitoring instead of “check the box” exercises.
• Deter and punish cybercrime by enacting strong laws, increasing law enforcement resources, and directing the US government to engage and cooperate internationally.
• Support cybersecurity R&D with incentives for the private sector and a national plan for basic and long-term research into technology solutions that are not commercially available.
• Require sensible data-protection measures and breach notification rules. As Robert Holleyman testified in June, those responsible for holding data should take appropriate security measures, consistent with the sensitivity of the data entrusted to them, and when a breach poses significant risk of harm, customers and consumers should be notified promptly.

Two sessions of Congress have come and gone since BSA released a Global Cybersecurity Framework that championed a set of core principles for cybersecurity — starting with trust, innovation, and calibrated risk mitigation. With luck and a measure of bipartisan resolve, the 2012 session may turn those principles into law.

Yet our IT systems are under constant attack from a malicious hackers, hacktivists, underhanded cybercriminals, corporate spies, and foreign agents. Symantec’s Internet Security Threat Report for 2010 found that the volume and sophistication of these cyber threats increased 19 percent last year from 2009, with more than 286 million unique variations of malicious software or malware. The economic toll of cybercrime, including direct and indirect costs, now approaches $400 billion globally, according to our 2011 Norton Cybercrime Report.

That’s why BSA earlier this year joined several other industry associations and a leading civil liberties group in offering a series of recommendations to bolster US cybersecurity through an enhanced partnership between the private sector and government. The principles outlined there — on issues ranging from risk-management standards to supply chain security — remain a good guide for policymakers considering how to shape cybersecurity legislation. I had an opportunity to highlight several that are especially important in testimony today before the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, which is considering a draft bill by Chairman Dan Lungren (R-Calif.) that would target federal systems and critical infrastructure. The bill marks a positive step forward in a number of respects:

First, it would promote better coordination between and among federal agencies and the private sector by designating a single entity to be the National Cybersecurity Authority and assume responsibility for coordinating cybersecurity efforts. Today, there are several agencies working on various aspects of cybersecurity, but there is no designated lead. That structure leads to a lack of coordination.

Second, recognizing that not all targets are created equal, the bill would take a risk-based approach to cybersecurity. It would focus attention on critical infrastructure and avoid imposing unreasonably stringent security standards on low-risk entities, such as small businesses. Instead, it would create incentives for enterprises to adopt risk-based performance standards that are developed by consensus and internationally recognized.

Finally, the bill would promote public-private information sharing by making it clear that the government must provide threat information to industry. The bill also would create a new National Information Sharing Organization to facilitate the process. However, questions remain about how we will continue to utilize Sector Coordinating Councils and Information Sharing and Analysis Centers under the proposed framework. This is an important issue to be resolved given the significant time and resources that companies have invested in these entities.

There is no silver bullet for cybersecurity, so there needs to be a shift in the policy debate from “solving” the problem to “managing the risk” associated with it. Effective coordination, risk assessment, and information sharing are critical steps in the process. Chairman Lungren’s bill makes valuable contributions on all of those fronts.

Take the example of a cloud computing service that offers software tools, data storage, and processing power for enterprise-level clients to use in running their operations. The technology architecture of such a service should easily allow the cloud provider’s physical headquarters to be located in one country, its servers to be located in another, and its customers to be spread all over Europe. (Such economies of scale are in fact the very point of cloud computing.) The cloud service provider’s client companies, in turn, could have their own customers in any number of different locations.

But which country’s privacy and security regulations would cover which sorts of enterprise data in which circumstances? And under what circumstances and under which rules can the data be moved from one location to another? Today, it is very difficult to know. There are different definitions of what constitutes personal data, different rules for how data can be processed and transferred across borders, and different legal obligations for data controllers.

The problem is that 1995 Data Protection Directive, which was intended to create a common set of rules for the EU, has instead allowed a great deal of leeway for member countries to interpret and implement its requirements. The result has been hopeless fragmentation, which has led to legal uncertainties for businesses, their customers, and consumers. But now the Directive is up for review, providing a welcome opportunity to fix its flaws.

The Business Software Alliance and 10 other associations have coalesced around a set of recommendations to create a robust legal framework that clarifies the rules for data protection in Europe. We are offering them today to European Commission Vice President Viviane Reding, who is overseeing the review. Our submission includes five concrete proposals:

1. To create a more cohesive Single Market, we suggest that the Directive be revised to create a single set of rules that covers all EU member countries and all types of enterprises, regardless of which technologies they use. To do this, the framework must be flexible and technology-neutral.
2. To eliminate confusion about which laws apply in which circumstances, we recommend adopting a “country-of-origin” principle. This would allow each data controller to be subject to a single set of rules across the EU. For example, the country of origin could be the EU member state where the data controller’s main establishment is located.
3. The Directive should streamline and simplify the rules for transferring data across international borders to ensure robust data protection while also allowing timely transactions and seamless operations. The current system makes it very cumbersome to send data in and out of the EU.
4. Revised data protection rules should reduce administrative burdens on entities that handle data by abolishing or streamlining unwieldy notification and registration requirements. As an alternative, there should be a harmonized way for enterprises operating across Europe to voluntarily appoint data protection officers who will be responsible for high-risk data breaches.
5. The new EU legal framework should introduce a context-based model of consent that allows data controllers to consider the circumstances of a given transaction and choose the most contextually appropriate ways of giving people necessary information, obtaining their consent, and empowering them to control how their data is used.

Together, these recommendations will help achieve the right balance between preserving privacy, protecting data, promoting innovation and enabling a free flow of information in a true Single Market for data.

Click here for a copy of the Joint Association paper on proposals for a “New EU legal framework on data protection.”

Last week, when the Committee held a hearing on SOPA, I listened carefully to Members’ statements and questions as to how this balance would be achieved. It is evident from what I heard that much work remains ahead for the Committee.

I believe the bill’s basic goals should be to promote creativity — something software and computer companies are very good at — while deterring bad actors that profit from selling copies of software and other works they do not own. BSA firmly believes these goals are compatible and achievable.

The idea behind SOPA, as Chairman Smith explained at last week’s hearing, is to remove pirates’ ability to profit from their theft. We think that is the right approach as long as it is done with a fine touch.

Valid and important questions have been raised about the bill. It is intended to get at the worst of the worst offenders. As it now stands, however, it could sweep in more than just truly egregious actors. To fix this problem, definitions of who can be the subject of legal actions and what remedies are imposed must be tightened and narrowed. Due process, free speech, and privacy are rights that cannot be compromised. And the security of networks and communications is indispensable to a thriving Internet economy. Some observers have raised reasonable questions about whether certain SOPA provisions might have unintended consequences in these areas. BSA has long stood against filtering or monitoring the Internet. All of these concerns should be duly considered and addressed.

BSA stands ready to work with Chairman Smith and his colleagues on the Judiciary Committee to resolve these issues.

On the final day of BSA’s Global Strategy Summit, we joined with technology business leaders from the Federation of Indian Chambers of Commerce and Industry (FICCI) for a discussion of the steps that would be most beneficial to improve the IT environment in India. There was widespread agreement from both Indian and multinational IT companies on key needs in the market, and a commitment to work together to help advance those shared goals.

As I look back on our meetings and discussions this week, I see opportunities in three areas, in particular.

First, given India’s size and stage of development, it is not surprising the market is still wide open to accelerate deployment and uptake of computer hardware, smartphones, and broadband Internet. When people and businesses have more access to those tools, demand for IT products and services will surge. Cloud computing services will likely prove to be especially important, because they will give Indian firms a new way of scaling up to do business globally. In that way, the cloud can act as a great equalizer.

Second, Indian policymakers can give a huge boost to technology innovation by strengthening intellectual property protections. In India, as in the rest of the global economy, it is important to recognize there are two sides to intellectual property: You have to foster it in the development phase (something India is becoming very good at), and then you have to protect it in the marketplace. There are a number of ways Indian policymakers could strengthen IP protection for software — starting with maintaining strong copyright and patent laws.

To enforce those laws, India also could form a national antipiracy task force, train enforcement officials, and create specialized IP courts — all approaches that have worked in other countries. Enforcement authorities also could use new and better policy tools. For example, when an enterprise pirates software, it is not just avoiding the cost of the software; it also is avoiding taxes. So policymakers could treat enterprise software piracy as a form of tax evasion.

Industry also has an important role to play, too, in protecting intellectual property. That is why BSA is partnering with the Government of India to spread best practices for complying with software copyright laws, which will help lower India’s 64 percent piracy rate.

Finally, India can open up access to its IT market and make it more competitive by forswearing the sorts of technology mandates that would, for example, favor one model for developing software over another. In public procurement, India also can avoid stringent preferences for local products and services and instead focus on acquiring the most effective and cost-efficient solutions for government’s needs.

India is already establishing itself as a leading IT hub in the global market. By continuing to build on its strong fundamentals, it has an opportunity to further accelerate the sector’s growth. By any measure, it is clear to me that India is open for business.

Fortunately, there is a proven, internationally recognized way to administer software assets effectively. It is called software asset management (SAM, in the industry vernacular) — and now the Business Software Alliance offers organizations a special certification when they implement it correctly.

Unveiled this week in New Delhi, BSA’s enterprise-level certification for standards-based software asset management, known as CSS(O), is the first and only program of its kind. Through a stringent assessment process, it certifies that an organization’s SAM processes are aligned to the standard set by the International Organization for Standardization (ISO). BSA’s certification attests that those processes are effectively implemented and that they are repeatable. This ensures the certified organization will be able to stay in compliance with its software licenses, avoid unnecessary legal and financial risks, accrue software and network cost efficiencies, and improve business performance.

Until now, organizations wanting to implement SAM programs had to rely on their own in-house processes or advisory firms, because there was no industry standard that reliably satisfied software publishers’ requirements. BSA’s CSS(O) program changes all that.
The latest evolution of BSA’s three-pronged CSS program — which also includes certifications for IT professionals and auditors — CSS(O) is the first and only enterprise-level certification that affirms an organization’s SAM processes are aligned to the ISO SAM standard and that the organization is operating in compliance with all its software license agreements.

In launching the CSS(O) program this week, BSA honored the first organization in the world to earn the certification — Symphony Services, a global software engineering and outsourcing company with operations in India. We expect Symphony to be the first of many others to come — first in India, with more markets to follow in 2012 — because the benefits of getting certified in standards-based software asset management are many. They include:

• Better alignment of software assets with operational needs;
• The ability to maintain and easily prove license compliance;
• A two-year audit forbearance from major software publishers;
• Avoidance of unnecessary legal and financial risks;
• Accrual of software and network cost efficiencies; and
• Improved business performance.

To learn more about CSS(O), read a case study about the Symphony program, and for additional information on our broader CSS platform, visit www.BSA.org/CSSO.

This observation is undeniably true, and India is well on its way to achieving its aspiration of harnessing technology innovation to become one of the world’s leading knowledge economies. As I mentioned in my post yesterday, India starts with a number of strategic advantages, and it is rapidly adding to them. Not least of these is the fact that the Government of India has articulated a clear plan for IT-driven growth and has shown an eagerness to collaborate with industry to achieve its goals.

To that end, BSA and India’s Department of Information Technology on Wednesday evening in New Delhi unveiled the details of a collaborative effort to strengthen the country’s IT ecosystem by promoting proven best practices that enterprises of all types and sizes can adopt to better manage the software tools they use to run their operations.

These software asset management practices are important for a number of reasons. First, they help organizations get maximum value from their investments in software. Second, they ensure organizations use only legally licensed programs, which helps them avoid the legal and security risks that come with pirated software. Third, software asset management practices help encourage more technology innovation by making commonplace a systematic approach to complying with copyright laws, which give innovators a financial incentive to commercialize new products.

In partnering with BSA to promote software asset management, India’s Department of IT has shown a keen awareness that it is not enough merely to have intellectual property laws on the books. Citizens, private industry, and public institutions also must be well-versed in how IP rights apply in practice. All parties share responsibility. That’s why BSA and the Department of IT are marshaling public and private sector resources in a three-track initiative to promote a secure and legal software environment that helps spur IT competitiveness and growth.

The first thrust of the initiative focuses on driving SAM implementation among the agencies of India’s central and state governments. Next, BSA and the Department of IT are partnering with the Federation of Indian Chambers of Commerce and Industry to raise awareness among small and medium-sized enterprises about the importance of intellectual property rights and the opportunity to use software asset management to increase efficiency and reduce business risks. Finally, BSA and the Department of IT are collaborating with the Confederation of Indian Industry to engage and educate the Indian public about the pitfalls of using pirated software and the advantages of using legally licensed products.

The Government of India is leading by example and sending an important message to the domestic and international marketplace that it is committed to fostering a world-class IT ecosystem. Other governments would do well to take notice.

Tomorrow, BSA’s General Counsel and Vice President for Antipiracy, Jodie Kelley, will give an overview of a related BSA initiative — our new certification program for standards-based software asset management, CSS(O).

India’s economy, now the tenth-largest in the world, has been growing at an annual rate of 8 percent. That’s thanks in no small part to the country’s thriving ICT sector, which accounts for 6.4 percent of all products and services and drives a quarter of all merchandise exports while employing upwards of 2.5 million people.

The roots of India’s strength in information technology are well known. They include dynamic human capital, robust research and development, and an improving business and legal environment. Those things — especially the first two — propelled India as it advanced a remarkable 10 ranking positions in two years to reach 34th place out of the 66 countries in the 2011 edition of the IT Industry Competitiveness Index that BSA released in September.

But even beyond its impressive market fundamentals, there are other reasons why BSA believes India is poised to have an outsized influence on the global software and IT markets. For one thing, India aspires to become a knowledge economy with a global role — and Indian government is eager to work with industry to bring its plans to fruition. For another, Indian industry itself is well organized and highly attuned to the global marketplace.

I will delve into the significance of both of those dynamics in subsequent blog posts this week, because we will have a great deal to report. Nearly two dozen executives from BSA member companies have made the trip to New Delhi for a series of meetings with top officials in India’s ministries of State Commerce and Industry; Communications and Information Technology; Finance; and Law and Justice. There also will be public events with policymakers, business leaders, and Indian media.

On Wednesday, BSA and India’s Department of Information Technology will unveil the details of a working partnership to strengthen India’s IT ecosystem by promoting cutting-edge practices for enterprises to manage the software tools they use to run their operations. On Thursday morning, we will hold a briefing for industry on BSA’s new certification program for organizations implementing software asset management programs that align with international standards, known as CSS(O). And later in the day BSA will join the Federation of Indian Chambers of Commerce and Industry (FICCI) for a discussion about steps India can take to further accelerate IT competitiveness.

It promises to be an eventful week. Please check back here for more updates.

In Volume I of the roadmap, the National Institute of Standards and Technology (NIST) has outlined the biggest questions still lingering around the standards for security, interoperability and portability, among other issues. As NIST sees it, these questions must be answered to pave the way for a speedier adoption of cloud solutions by the federal government and others. What’s more — in an even more telling indication of how the federal government is prioritizing cloud adoption — NIST also released a how-to manual for agencies to use in identifying and purchasing cloud solutions to fulfill their IT needs. These documents represent several months’ work under NIST’s leadership and will eventually make up a three-volume US Government Cloud Computing Technology Roadmap.

This is important first and foremost because it will allow government to capture the efficiency gains and budget savings that the cloud promises. But NIST’s efforts also position the United States to be a leader in cloud policy in much the same way that US businesses are the leaders in the cloud economy. This effort — and the leadership that the US government can continue to provide — has the potential to help set the tone for cloud adoption and policy-making by governments around the world.

For months, BSA and its member companies have been working with NIST to refine several cloud-related standards efforts. Looking ahead, NIST has asked industry representatives and other interested parties to comment on the first two volumes of the cloud roadmap. BSA and its member companies plan to review the documents carefully and contribute ideas. We look forward to further engaging NIST on this important project, and we credit NIST’s leadership for affirming the US government’s commitment to cloud computing.

That is why BSA joined a coalition of leading technology associations in urging the Joint Committee on Deficit Reduction to leverage information technology for deficit reduction. In an October 27 letter to the supercommittee’s co-chairs, Sen. Patty Murray (D-Wash.) and Rep. Jeb Hensarling (R-Texas), BSA and five other technology associations — TechNet, the Consumer Electronics Association, the Information Technology Industry Council, the Silicon Valley Leadership Group, and TechAmerica — proposed a series of tax reforms, targeted investments, and debt-stabilizing measures.

Taken together, the recommendations constitute a forward-looking agenda for spurring technology innovation. And the real beauty of the agenda is it comes with no new price tag, only positive returns.

Take the government’s use of information technology: BSA’s members are strong proponents of the Obama administration’s “cloud first” initiative, because cloud computing solutions can help transform the way government does its business while saving billions of dollars. Simply put, the cloud lets you do more with less. But even beyond that, embracing the cloud will also help position America to lead the growth of a critical new market.

That’s because there are a host of international policy issues that we have to get right for cloud computing to flourish — things like cross-border data transfers, and privacy and security rules. If the US government is an early adopter, America can stake its claim in that debate. It is the only way to ensure there is a level playing field for US companies to succeed in the cloud era the way they have in previous phases of the IT revolution.

The letter says: “we recommend greater investments in those activities with clear economic benefits because of their transformative potential.” It cites several examples, like scientific research and workforce development, which BSA strongly supports. But worthy of special attention are programs that protect intellectual property, because they are the sine qua non for spurring technology innovation.

In the global economy — especially the IT sector — America has long differentiated itself on its innovative capacity. If we want that to continue, then we have to keep setting the standard with programs that encourage and protect our innovators.

These technologies have raced ahead while the law has lagged behind. And not surprisingly, courts have interpreted ECPA inconsistently through the years, creating a confusing and uncertain environment for both service providers and law enforcement agencies.

The Digital Due Process (DDP) coalition, of which BSA is a member, has catalogued some egregious examples:

A single email is subject to multiple different legal standards in its lifecycle, from the moment it is being typed to the moment it is opened by the recipient to the time it is stored with the email service provider. To take another example, a document stored on a desktop computer is protected by the warrant requirement of the Fourth Amendment, but the ECPA says that the same document stored with a service provider may not be subject to the warrant requirement.

Most concerning, under ECPA the government can force service providers to turn over private communications and track their customers’ movements without a warrant from a judge.

As we mark the silver anniversary of ECPA, consensus about the need for reform is starting to gel in Washington. For example, Sen. Patrick Leahy (D-Vt.) introduced legislation this summer that would require law enforcement to obtain a search warrant to access personal communications and current location data from mobile devices. This week, Sen. Mark Kirk (R-Ill.) signed on as a co-sponsor to another bill introduced by Sen. Ron Wyden (D-Ore.) — and Reps. Jason Chaffetz (R-Utah) and Bob Goodlatte (R-Va.) in the House. It would require a warrant to obtain location data generated by a cellphone or other mobile device or by a covert law enforcement tracking device.

We must update ECPA to clarify its standards while preserving the tools needed to protect the public — making it relevant to both today’s technology landscape and the technology innovations of tomorrow.

The United States, even while grappling with a multi-year economic downturn, continues to set the global standard as the most competitive country in IT because of its strength in these foundation areas for technology innovation.

That somewhat counterintuitive finding is among the topline conclusions of the 2011 IT Industry Competitiveness Index, developed by the Economist Intelligence Unit and released today by the Business Software Alliance.

The reason for America’s continued leadership in the IT sector, according to one of the experts interviewed in this year’s study, is that “advantage begets advantage.” Along with other frontrunners in the global field — including Western European stalwarts such as the United Kingdom and its Scandinavian neighbors, and Asian powers such as Singapore, Taiwan, and Japan — America is reaping the benefits of years of investment in IT fundamentals.

But the field of competition is becoming more crowded as new players rise steadily to meet the standards that the leaders have set. India, for example, has leapt 10 spots in this year’s overall rankings by posting strong scores on indicators of human capital and research and development. Others, such as Singapore, Mexico and Poland, have climbed in the rankings by showing new levels of strength across the board, proving that investment begets advantage, too.

Meanwhile, countries that are treading water or drifting off course offer cautionary tales about the consequences of cutting corners or neglecting the fundamentals of IT competitiveness. China, for example, has seen its progress slow considerably compared to previous years, partly because of its poor enforcement of intellectual property rights. Canada has slipped for relaxing its standards in the same area. And the report points warily to “labor rigidity” in some European countries. These examples suggest that to neglect the fundamentals is to languish or be left behind in a sector that is unquestionably critical for long-term economic growth.

BSA has sponsored the IT Industry Competitiveness Index four times since 2007. With this year’s edition, we are proud to offer a deeper and richer presentation of the data on an interactive microsite, which you will find at www.bsa.org/globalindex. Along with the briefing paper pictured above, it also features dynamic ranking tables, detailed country summaries, industry case studies, and video interviews with IT experts. I encourage you to visit the site and explore the findings.

Three opportunities stood out:

1. The transition to cloud computing can save billions in energy costs. Energy use per user is reduced by at least 30 percent when organizations move business applications like email to the cloud. That is because cloud architectures use fewer servers to run more programs, and they match server capacity with actual demand.
2. Software can save energy by prioritizing building retrofit options. Buildings are the linchpin for national energy-savings goals because they account for 40 percent of all energy consumption. With software solutions, we can identify the most inefficient buildings and the most cost-effective means for cutting their consumption. Government, as the nation’s single largest landlord, can drive this process forward by piloting the software tools and kick-starting commercial retrofitting efforts that create clean-energy jobs, a priority for policymakers.
3. Software-driven communication tools can reduce the need for local and long-distance travel, dramatically cutting costs, boosting productivity, and saving enormous amounts of energy. Collaboration software, telepresence, VoIP, video conferencing and other software-enabled options for communicating offer a world of new possibilities for working productively with colleagues who are far away. Using those tools to replace 10 percent of business air travel could reduce carbon emissions by an estimated 36.3 million tons annually. Likewise, a study by the Telework Research Network has found the federal government could save nearly $3.8 billion from boosting telework as a result of reduced real estate costs, electricity savings, reduced absenteeism, and reduced employee turnover.

Taken together, the potential is almost as amazing as the technologies themselves. But we need to accelerate the use of modern software tools to achieve these savings. And over the long run, continued software innovation can be a vital catalyst for helping us address some of our national energy challenges, while also creating the new jobs and new cost savings we need to make the country more competitive.

We in the software industry see a number of ways we can contribute — from capturing economic efficiencies by accelerating deployment of cloud computing solutions to harnessing software innovations as a green-energy solution, which I’ll touch on at greater length tomorrow.

But another critical piece of the innovation puzzle is strengthening intellectual property protections. For software, that means curbing piracy. And here, there is an opportunity for the US government to build on its already impressive record of leadership in ways that convince other countries to follow suit.

Here is how.

In 1998, President Clinton signed an executive order requiring all executive departments and agencies to use only legal software. Leveraging that proactive leadership, US trade negotiators have since been able to encourage other nations to adopt similar policies. Indeed, software-legalization decrees have been part of all 14 free trade agreements concluded since President Clinton issued his executive order, plus the three FTAs now pending with Columbia, Korea, and Panama.

It is a tremendous record — one that we can build on by extending the policy to cover not just federal departments and agencies, but also the ecosystem of federal service providers.

Use of contractors has exploded in recent years as the government has outsourced more of its work, from $203 billion in 2000 to $537 billion in 2010. Today, more than 300,000 contractors are helping to carry out government projects and initiatives — often working from desks right next to federal employees. But they are not yet required to abide by the same standards when it comes to using legal software, so there is no assurance that federal dollars aren’t being used to acquire illegal software.

That should change.

A new executive order covering the federal ecosystem would give US officials greater leverage in trying to advance intellectual property protections in foreign markets — especially in the developing world, where software piracy rates are unacceptably high and governments wield outsized influence in the private marketplace. If we raise our own standards, we can ask others to follow. The benefits will accrue to innovators throughout the US and global economy.

How can government help unleash the full promise and potential of the cloud at home and abroad? That is one of the key questions being asked by the leading technologists participating in BSA’s CTO Forum this week in Washington. As I noted yesterday, the CTO Forum is an opportunity for the country’s top technologists from the public and private sectors to brainstorm opportunities to harness technology innovation to grow the economy and create jobs.

No opportunity stands out in quite the same way as the advent of cloud computing, so the technologists participating in this year’s CTO Forum are delving into several specific, cloud-related issues:

1. Removing obstacles to the free flow of data across borders by advancing a globally integrated policy framework. Because of the cloud’s global reach, its biggest benefits will likely come as it spurs efficiency gains and new business opportunities throughout the digital economy, which knows no national boundaries. That is why US leadership is critical. We must advance consistent policy principles that allow data facilities and computing functionality to be located wherever market opportunities exist.
2. Enhancing an identity ecosystem that gives people better ways to authenticate themselves online. It used to be said that on the Internet, nobody knows you are a dog. But today, many of the most powerful cloud technologies need to be able to authenticate who you are in order to provide the services you want. That is why BSA member companies are leading the way in developing and delivering advanced new identity systems and solutions. And it’s why we support government enabling an industry-led, market-driven system for providing multiple, interoperable solutions for consumers and businesses alike.
3. Deterring the malicious hacking of cloud accounts. For businesses and consumers to trust that cloud services are as safe and secure as they can be, we need strong deterrents to malicious hacking and new enforcement tools for investigating and prosecuting those who violate online security. BSA supports legislation that provides effective deterrents and clear criminal and civil causes of action against such illicit activities.
4. Accelerating government use of the cloud to capture operational efficiencies and budget savings. The US government can save as much as $5 billion a year by moving just a quarter of its $80 billion IT portfolio into the cloud. But in order to accelerate uptake of the cloud while preserving robust security, the government needs to implement the Federal Risk and Authorization Management Program, known as FedRAMP, to provide a standardized approach to evaluating the security of cloud services.

With its promise of greater efficiency, productivity and value for the money, cloud computing has emerged at just the right time for businesses, governments, and organizations looking to do more with less. Policymakers now have an opportunity to advance these benefits by ensuing cloud providers and users have the predictability that comes from uniform international rules, an enhanced online identity system, strong deterrents to malicious activity, and the example set by the US government’s leadership in cloud acquisition.

This year’s CTO Forum comes at a critical juncture in Washington — a time when policymakers are eager for new strategies to capture efficiencies to help streamline government, spur economic growth, and create jobs. BSA member-company CTOs will offer specific ideas around three inter-related issues:

1. Harnessing cloud computing to save money and transform the way the government does business. How quickly we reap the cloud’s benefits will be shaped by decisions being made by policymakers today.
2. Strengthening intellectual property protections to spur technology innovation. Reducing piracy is vital to the health of the commercial software industry and the broader technology ecosystem it powers.
3. Utilizing IT to reduce energy consumption. Software can be a catalyst for simultaneously cutting energy consumption, creating jobs, and saving money.

In addition to sharing their unique expertise and insights in these areas, BSA members will be sharing a vision of how new technologies can continue transforming the economy in the short, middle, and long term — and how policymakers can take practical steps to unleash technology’s full promise.

Joining me for these important discussions will be a distinguished group of technologists from nine BSA member companies, including Jeff Kowalski of Autodesk, Bhupinder Singh of Bentley Systems, Greg Bodine of CA Technologies, Paul Czarnik of Compuware, Eric Martin of Intuit, Craig Mundie of Microsoft John Bates of Progress Software, Mike Fulkerson of Rosetta Stone, and Joe Pasqua of Symantec.

They will meet with US Chief Technology Officer Aneesh Chopra, US Chief Information Officer Steven VanRoekel, US Intellectual Property Enforcement Coordinator Victoria A. Espinel, General Services Administration Associate Administrator Dr. David L. McClure, National Institute of Standards and Technology Director Dr. Patrick Gallagher, Advanced Research Projects Agency — Energy (ARPA-E) Director Dr. Arun Majumdar, and Deputy Assistant Secretary of State Ambassador Philip Verveer.

We expect to have provocative discussions about some of today’s most pressing technology issues. I will outline the substance of those issues in greater detail over the next several days.

What were they thinking?

In the past, we haven’t known very much about them. But now, thanks to the most extensive research effort ever undertaken on the subjects of software piracy and intellectual property rights, we do.

BSA commissioned Ipsos Public Affairs to survey roughly 15,000 PC users in 32 countries. Ipsos conducted between 400 and 500 interviews per country, in person and online. Today, based on the findings from those surveys, we are releasing an in-depth analysis of the attitudes and behaviors of the world’s software pirates.

Click here to download the white paper. (PDF)

The conclusions are striking:

• Nearly half of the world’s computer users (47 percent) acquire their software by illegal means most or all of the time, even though more than seven in 10 (71 percent) profess support for intellectual property rights and protections.
• In developing countries, the figures are even higher. In China, for example, 86 percent of PC users are regular software pirates. In Nigeria, it is 81 percent. In Vietnam, it is 76 percent.
• Business decision-makers are just as likely to be pirates as other PC users, which is troubling because enterprise settings account for a disproportionate share of the dollar value of global software piracy.
• Many of the world’s software pirates may not even realize they are breaking the law and betraying their own principles, which underscores the importance of concerted public-education and enforcement campaigns.

The survey makes it clear that the global software piracy epidemic is spreading fastest in China, which is now the world’s biggest market for new PCs. The 86 percent of computer users in China who are regular software pirates accounted for approximately 206 million PCs last year. That was twice as many pirate PCs as were running in the second-placed United States, even though America still had 40 percent more PCs in use overall — and it was an astounding seven times as many as were running in third-place Brazil.

Taken together, the survey data paint a statistical portrait of today’s archetypal software pirate: He is likely to be an 18- to 34-year-old man who lives in China, works at a company with less than 100 employees, and uses a computer in his job. In his attitudes and behaviors toward intellectual property rights and software, he is a walking contradiction, supporting IP principles and preferring legal software in theory, yet getting most of his software illegally because he doesn’t understand what’s okay and what isn’t. He also appears to be affected by his surroundings. For example, he believes software piracy is commonplace, and he thinks it is unlikely people who steal software will be caught.

It is shocking that nearly half the world’s PC users are regular software pirates. But it is also encouraging that most regular pirates acquire their software legally at least some of the time, because it suggests they can be persuaded to do it consistently.

Never before have we had such clear and convincing evidence of the need for industry and governments to redouble their public-education efforts and send stronger deterrent signals to the marketplace with vigorous enforcement of IP laws.

What’s more, the broader productivity gains derived from moving to the cloud — which industry has been quick to recognize — can help stimulate our whole economy. Obstacles exist, of course, and chief among these are impediments to the smooth flow of data across borders. But as Kundra noted in a New York Times opinion piece Wednesday, the United States has an opportunity to play a leading role in reducing the obstacles to international cloud computing. I wholeheartedly agree with this assessment, and hope policy-makers of all stripes in Washington will embrace a similar vision.

This is why it was notable that Vice President Joe Biden emphasized the US and China’s mutual interest in protecting IP rights in a speech at Sichuan University during his recently concluded diplomatic trip. Lest it be overlooked, here is an excerpt:

But it’s also why we are troubled when American investors are prohibited from having wholly owned, fully owned subsidiaries of their own company in many sectors in China and excluded from sectors, entirely excluded from competing in other sectors; restrictions that no other major economy in the world imposes on us or anyone else so broadly. That’s why we have pushed Chinese officials to protect intellectual property rights. We have welcomed the Chinese State Council’s recent campaign to enforce intellectual property rights, a commitment that President Hu made when he visited and he’s keeping. But the effort must be strengthened and extended.

According to the International Trade Commission, American companies lose $48 billion a year and tens of thousands of jobs because of pirated goods and services. These protections — intellectual property protections not only benefit the United States and United States workers, United States companies, but I would argue Chinese companies, as well, as they increasingly seek to safeguard their own creations.

You’re here at this great university. It’s very much in your interest that intellectual property be protected because some of you are the future artists, the future entertainers, the future innovators who will want to be able to have a market for what you do. But if it can be acquired cheaply and pirated, why would anybody pay you for the same service?

The Vice President’s full speech is available on the White House website.

It is sage advice that investigative journalists and law enforcement authorities have been following for generations to ferret out criminal activity. And by the same token, cutting off the flow of money to a criminal enterprise is a tried and true way of shutting it down. Indeed, law enforcement authorities this summer have ably demonstrated how closing the financial spigot can be an especially effective tactic in combating online software piracy.

As security blogger Brian Krebs has detailed, authorities have at least temporarily disrupted the highly profitable fake antivirus racket by tying up its finances so that websites hawking the bogus software can’t pay their advertisers. Researchers have pointed to a number of banks in particular that have been enabling the underground economy of fake antivirus software.

The US Justice Department and FBI, along with international law enforcement partners, are to be commended for jumping into the fray and seizing computers, servers and bank accounts belonging to a ring of cyber criminals who were scaring people into buying fake antivirus software and then stealing their credit card numbers in what amounted to a $72 million shakedown.

Policy-makers should study this episode carefully and consider how to create new and better legal tools for enforcement authorities to keep these software piracy enterprises from being able to conduct business. Otherwise, the hacker gangs behind them will be the ones laughing all the way to bank.

The country’s lead copyright authority, the Mexican Institute of Industrial Property (known by its Spanish acronym, IMPI), has taken a forceful leadership role in driving software legalization. It began by getting its own house in order — conducting a self-audit and publically disclosing the results — and now it is reaching out directly to corporate end-users, educating them about licensing requirements, the benefits of using legal software, and, critically, the security and related risks that companies face when they run software that is not fully licensed and updated. IMPI also is deploying its enforcement capabilities — raiding non-compliant companies, imposing fines on them, and referring them to tax authorities for further review.

Private industry has taken notice of all this and is doing its part. Earlier this week, for example, the Mexican Institute of Certified Public Accountants (MICPA) sent approximately 50,000 letters to accountants and auditors explaining that software is an intangible asset that must be accounted for properly. BSA will work with MICPA to ensure that its members are equipped to audit their clients for software license compliance.

BSA also is assisting several large corporations in their own audit efforts, helping them create network environments that are secure, efficient, and fully legal. This is part of a broader public-awareness campaign asking IT officers and decision-makers responsible for software assets in Mexican companies, “What’s on your system?” As these efforts conclude, we will work with our partners to publicize the results and demonstrate further that the benefits of software legalization are real and easily attainable.

Similar to the Special 301 process that the Office of the U.S. Trade Representative uses to spur America’s trading partners to improve intellectual property protections, the Gillibrand-Hatch bill would hold countries accountable when they fail to guard against cybercrimes that are directed at the United States. It would require the President to provide an annual assessment to Congress that identifies incidents of cybercrime originating abroad and proposes policy responses.

The bill includes provisions to accomplish a series of important goals:

• Identify the extent and nature of cybercrime that impacts the United States, including the effectiveness of each country’s cybercrime law enforcement;
• Assess measures taken by each country to protect consumers online;
• Provide assistance programs to help foreign countries curb cybercrime;
• Empower the President to withhold financing and foreign assistance to cybersecurity offenders;
• Elevate cybersecurity standards as a requirement for foreign countries entering into trade agreements with the US.

BSA has long been a proponent of globally integrated cybersecurity policies. We released a Global Cybersecurity Framework in 2010, because we firmly believe no country can achieve true cybersecurity in isolation. There must be international standards and worldwide policy convergence.

The Gillibrand-Hatch bill will advance that cause, and we urge Congress to support it.

Video of the entire BSA European Cybersecurity Forum is now available on YouTube and BSA’s website.

Here is a brief glimpse of the kind of thought-provoking ideas that were presented. Eugene Kaspersky, CEO of Kaspersky Lab, suggested there is a need for an international cyber police force and a system of Internet passports to help curb cyber-crime:

And there is much more where that came from. I encourage you to watch.

Will this be the year Congress finally pushes this boulder over the top of the hill, as Sisyphus himself never could? I certainly hope so.

This week, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade reported to the full committee Chairman Mary Bono Mack’s SAFE Data Act (H.R. 2577), a solid legislative framework that would require organizations holding sensitive personal information to implement reasonable security procedures, create market incentives to adopt strong security measures, and ensure consumers are notified when a breach puts them at risk of identity theft, fraud or other unlawful activity. By creating a uniform, national framework to replace the state patchwork we have today, it also would streamline compliance burdens. The net effect would be good for businesses and consumers alike.

There is reason to hope the full House Energy and Commerce Committee will adopt the SAFE Data Act in the next couple of weeks prior to the coming summer recess. In the Senate, meanwhile, the Pryor-Rockefeller Data Security and Breach Notification Act of 2011 (S. 1207) — which is nearly identical to the House SAFE Data Act — may have similar momentum in the Commerce Committee. Likewise, Sen. Patrick Leahy (D-Vt.), along with Sens. Charles Schumer (D-N.Y.) and Ben Cardin (D-Md.), has added energy to the debate by renewing the push in the Judiciary Committee for privacy and data security legislation.

Clearly, forces are aligned in the right direction. As I have said before on this blog and in testimony to lawmakers, the time is now. We just cannot afford, like Sisyphus, to keep starting over from the bottom of the hill in each new Congress.

That’s why BSA last year introduced an industry-leading software asset management training course and certification program — SAM Advantage — to help IT professionals increase efficiencies, control costs, and reduce the legal and security risks associated with ineffective software asset management practices. SAM Advantage is a self-directed, online program that is fully aligned with the global ISO/IEC 19770-1 software asset management standard, so the certification it offers is recognized globally by the business software industry and by BSA.

Today, we are excited to announce that we have incorporated feedback from SAM practitioners to upgrade the SAM Advantage experience. Our newly upgraded training course still allows users to complete the program at their own pace, but now it offers more intuitive navigation, an enhanced user interface and improved functionality.

With SAM Advantage 2.0, getting certified to implement efficient, effective SAM practices has never been easier.  Click here to get started.

One group, the Privacy Rights Clearinghouse, has recorded more than 2,500 breaches since 2005, involving more than 530 million individual records. In many cases, these records include data that are useful to identity thieves, such as Social Security, credit card, and driver’s license numbers.

Surveys find these breaches are causing people to question the security of online transactions. That is especially troubling because we are in the middle of an exciting new wave of innovation with the emergence of cloud computing, which offers tremendous new opportunities for economic growth by promoting greater efficiency and cost savings. We cannot allow breaches to erode confidence in the online world at this important moment for the Internet economy.

For years, BSA and its members have fought to protect data against cybercriminals by investing to reduce vulnerabilities and protect the integrity of the technologies they provide; by developing cutting-edge security solutions for businesses and consumers; and by leading the fight against software piracy — not only because it drains revenues from American companies, but also because illegal software commonly includes malicious computer code that hackers and other criminals use to steal data.

Importantly, BSA members are also at the forefront of the cloud computing revolution — which creates new opportunities to store data behind strong security walls.

But there is an urgent need for Congress to act, too. Those who are responsible for holding data should have a duty to take appropriate security measures, consistent with the sensitivity of the data entrusted to them. And when there is a breach that poses a significant risk of harm, customers and consumers should be notified promptly.

In the absence of a national law, all but a handful of states have already enacted their own data breach notification requirements. Unfortunately, this has created a legal patchwork that is unwieldy for businesses and potentially confusing to consumers. We need a uniform, national framework that protects consumers and preempts this patchwork of state laws.

I testified today before the House Energy and Commerce Committee in a hearing to discuss draft legislation being introduced by Rep. Mary Bono Mack (R-Calif.), Chairman of the Subcommittee on Commerce, Manufacturing, and Trade. I endorsed the bill’s key provisions. In particular:

• BSA supports requiring organizations that hold sensitive personal information to implement reasonable security procedures. The draft bill takes into account an organization’s size, the scope of its activities, and the costs involved.
• We support creating incentives to adopt strong security measures. The draft bill will promote the use of technologies such as encryption, which render data unusable, unreadable or indecipherable to thieves if they manage to steal it.
• We support an approach that avoids unnecessarily alarming or confusing consumers. And the draft bill accomplishes that by only requiring notification when there is a risk of identity theft, fraud or unlawful activity.
• Finally, BSA supports the bill’s establishment of a uniform, national framework with federal enforcement — preempting today’s patchwork of state laws.

I testified two years ago, too, about the need for a national data breach law. Since then, at least 250 million sensitive records have been breached, according to the Privacy Rights Clearinghouse.

This is now the fourth Congress to consider data breach legislation. I urge Members to pass a federal data breach law this year. The time to act is now. The need is clear, as are the solutions.

The challenge of cybersecurity is made even more complex by the rapid innovation and change in technology — change that is being accelerated by the introduction and growth of cloud computing solutions and services. A colleague of mine, echoing Dr. Seuss, noted that business users and consumers want their data to be available “here, there and everywhere.” The cloud makes that possible. But how do you secure “here, there and everywhere?”

Governments around the world are working to do their part to protect cyberspace. In the European Union, data protection regulations are being revised and Commissioner Neelie Kroes announced earlier this year the creation of a European Cloud Computing Strategy. In the US, Sen. Patrick Leahy (D-Vt.) yesterday reintroduced a bill that would require companies to protect consumers’ data and tell them when it has been compromised. The Obama administration also has recently unveiled a National Strategy for Trusted Identities in Cyberspace along with a series of recommendations on cybersecurity.

These are important steps. But, given the complexity of our challenges and the speed at which the landscape is evolving, the solutions we develop today need to be flexible enough to address the challenges we face tomorrow. Getting it right will take the concerted and coordinated efforts of industry and governments from around the world. Next week, at BSA’s European Cybersecurity Forum in Brussels, US and European policymakers and industry leaders will come together to tackle these very topics. I’m looking forward to the discussion and to coming up with ideas on how best to secure “here, there and everywhere.”

Today, the stakes are much higher. Organized criminal enterprises are using the Internet to conduct large-scale scams in pursuit of big payouts. The tools of their trade include worms, viruses, adware, and links to fake websites, to name a few, which they use to steal valuable data from consumers and enterprises of all sorts.

The losses from this data-security crisis are huge. The Privacy Rights Clearinghouse maintains a chronology of data breaches, which recorded 215 breaches in 2009 involving more than 218 million individual records. The Ponemon Institute, meanwhile, concluded data breaches that year cost US organizations an average of $204 per breached record. That means the total value of data breaches in 2009 approached $45 billion.

An under-reported fact in all this is that software piracy and cybersecurity threats go hand in hand. That is because pirated software is often used to distribute malicious computer code that compromises individual computers and entire networks, putting companies, governments and consumers at risk. The research firm IDC found that one-quarter of the websites offering pirated software attempt to install malware.

What should be done to stem this tide of security threats? That question was on the table when I testified at a May 25 cybersecurity hearing of the House Judiciary Subcommittee on Intellectual Property, Competition and the Internet.

A good start would clearly be to curb software piracy, which leapt 14 percent in its global value last year to $59 billion, according to BSA’s recently released 2010 Global Software Piracy Study. BSA also supports well-crafted legislation, as I outlined in my testimony to the Judiciary Committee, to strengthen the hand of law enforcement and prosecutors, create uniform data security and breach-notification rules, and provide incentives for private companies to share information about threats with government agencies.

It is heartening that Congress and the Administration appear to be focused on cybersecurity issues, because the stakes are growing all the time.

The benefits of cloud computing increasingly are being recognized by policymakers and regulators around the world. Organizations of all kinds can now do more with less initial investment, making use of the best online technologies the software industry can offer.

The European Commission is mindful of these developments and the potential value of the cloud for businesses, governments and end users in the European Union (EU). Commissioner Neelie Kroes, the Directorate General for the Digital Agenda for Europe, in particular has embraced cloud computing’s promise to deliver “unprecedented flexibility and economies of scale.”

In order to ensure the best policy framework is enacted to support the development of a “European cloud economy,” Commissioner Kroes announced earlier this year the creation of a European Cloud Computing Strategy and subsequently a series of consultations with stakeholders to share views on how to set the right strategy for Europe.

This week, the Commission launched an online public consultation, which BSA welcomes and to which we will contribute views on a comprehensive approach to cloud computing in Europe.

In addition, as announced in Davos earlier this year, Commissioner Kroes has invited cloud providers and cloud users to Brussels next week to share views on the European Cloud Computing Strategy. BSA will join other industry stakeholders to help Commissioner Kroes determine the policy framework needed to allow cloud computing technologies to mature and develop in Europe.  

At BSA, we have been thinking about this for a while now. In February, we released a 10-step policy plan for cloud computing in Europe, the BSA Cloud Computing Policy Agenda for Europe, at a lunch with Member of the European Parliament Ivailo Kalfin. Central to BSA’s vision is that policy decisions on hitherto disparate issues like cybersecurity, data protection, interoperability and intellectual property rights, must be tackled in a holistic manner — with a view to their impacts on the future of cloud computing.

We believe this 10-step plan — partly legislative, partly not — covers the essential elements of a comprehensive cloud computing strategy for Europe that will boost users’ privacy and security in the cloud, promote the development of standards and infrastructures, and ensure the clarity necessary for computing innovations like cloud to deliver on their promises.

BSA is pleased to be part of this dialogue and we applaud Commissioner Kroes’ initiative. We look forward to the outcomes of next week’s meetings and future collaboration on the right approach for a European Cloud Computing Strategy.

Theft of software for personal computers leapt 14 percent around the world last year to a new record of $59 billion — an amount that has nearly doubled in real terms since 2003. It’s truly stunning to think about: For every dollar of legal PC software sales, another 62 cents worth of products are being stolen.

Emerging economies like China, Indonesia, and Russia are the driving forces behind the trend, as the chart on the right shows, because those high-piracy markets are also the places where PC shipments are growing the fastest. In fact, last year was a landmark year in that regard: For the first time, the number of PCs shipped to emerging economies accounted for more than half of the world total. Yet paid software licenses in emerging economies accounted for less than 20 percent of global sales.

The irony is that people everywhere value intellectual property rights, according to surveys of approximately 15,000 PC users in 32 countries, which were conducted by Ipsos Public Affairs as part of this year’s Global Software Piracy Study. As I noted here last week, 71 percent of the world’s PC users think innovators should be paid for the products and technologies they develop, because it provides incentives for more technology advances. Strong majorities also see clear economic benefits from IP rights and protections: For example, 59 percent think IP rights benefit local economies, and 61 percent think they create jobs.

On top of that widespread support for IP rights, eight out of 10 PC users around the world say legal software is better than pirated because it is more reliable and secure. But a striking finding is that too many people do not understand they are getting their software illegally.

The most common form of software piracy, our surveys found, is buying a single license for a program and then installing it on multiple computers. In an enterprise setting, that can quickly turn into hundreds or even thousands of illegal copies. Yet a stunning 51 percent of business decision-makers in emerging economies incorrectly believe the practice is legal in offices.

The global piracy rate for PC software dropped by a single point in 2010 to 42 percent. That remains the second-highest global piracy rate we have seen since partnering with the leading market-research firm IDC in 2003 to conduct these annual studies of software piracy.

Regional piracy rates rose by 1 percentage point in Asia-Pacific and Latin America in 2010, even though many countries in both of those parts of the world managed to cut their national piracy rates by a percentage point or two. That is happening because of the growing influence of big, rapidly growing countries with higher-than-average piracy rates.

A short video featuring John Gantz of IDC and Trent Ross of Ipsos delves into all these trends. It is well worth watching.

It is important to remember that software piracy is an urgent problem not just for the software industry but for the whole economy, because software is an essential tool of production. Businesses of all sorts rely on software to run their operations, so properly licensed companies are being unfairly undercut when their competitors avoid overhead costs by stealing software tools. That depresses legitimate product sales and imperils job creation.

The software industry is doing all it can to promote legal software use through public-education campaigns, software asset management programs for IT professionals, and other means. Now we need governments around the world to bring greater focus to the issue of software theft by stepping up their support for public education, enacting and vigorously enforcing strong IP laws, and leading by example.

There is more on BSA’s Blueprint for Reducing Software Piracy in the back of the white paper that accompanies this year’s study. You will find that, too, at www.bsa.org/globalstudy.

That issue will be on the table this week when President Obama’s economic team sits down in Washington with its Chinese counterparts for their annual Strategic and Economic Dialogue. The question is: Will this year’s S&ED mark a turning point or another in a long line of opportunities that China squanders?

The US delegation is keenly aware that China has made a number of recent commitments to curb software piracy, but it has yet to deliver. The most recent commitments came in January, when Chinese President Hu Jintao visited with President Obama in Washington, and last December, in ministerial sessions of the Joint Commission on Commerce and Trade.

Among other things, China has promised to ensure that all its government agencies use properly licensed software, and it has announced pilot programs to promote the same practice in state-owned enterprises. But the software industry has yet to see progress it can measure in increased sales. So US officials are pressing for answers.

“One of our priorities is to make sure that the important commitments that President Hu made when he came to Washington in January are fulfilled,” said David Loevinger, a special representative for the S&ED from the US Treasury Department, in a briefing last week. “We have been talking a lot with our Chinese counterparts, and we’ll continue to talk about how we can turn these very important agreements into tangible results on the ground.”

This week’s sessions will be the third annual meeting of the S&ED, but the first time that software theft has been a major focus. Credit for that is due to the Obama administration, which is doing everything it can to convince China to exercise the power it has at its disposal to curb piracy. In the end, though, change will not happen through bilateral negotiation. It will happen when China shows true resolve.

BSA has recently conducted public-opinion research that finds some cause for optimism, though. Consider: 71 percent of the world thinks innovators should be paid for the products and technologies they develop, because it provides incentives for more technology advances.

This finding comes from a global survey conducted by Ipsos Public Affairs, one the world’s leading public-opinion research firms, as part of the 2010 BSA Global Software Piracy Study, which is set to be released soon.

We polled a globally representative sample of approximately 15,000 personal computer users in 32 countries on their attitudes about software piracy and intellectual property rights. We asked a number of probing questions to get a clearer understanding of public attitudes toward IPR — and we found that world opinion comes down firmly in favor of innovation and intellectual property.

Here is how the question I have referenced was worded:

“The laws that give someone who invents a new product or technology the right to decide how it is sold are called intellectual property rights. Which comes closer to your view…”

• Statement A: “It is important for people who invent new products or technologies to be paid for them, because it creates an incentive for people to produce more innovations. That is good for society because it drives technological progress and economic growth.”
• Statement B: “No company or individual should be allowed to control a product or technology that could benefit the rest of society. Laws like that limit the free flow of ideas, stifle innovation, and give too much power to too few people.”

More than seven respondents in 10 chose paying innovators.

Make no mistake: We face significant challenges in protecting intellectual property rights around the world. The rest of the study we will soon be releasing illuminates several challenges in particular.

But when it comes to public appreciation for the core principle of intellectual property, there is also cause for optimism.

That is because the Obama Administration has unveiled the final iteration of its National Strategy for Trusted Identities in Cyberspace — known, as these things often are, by an acronym: NSTIC.

NSTIC represents a huge step forward, as BSA President and CEO Robert Holleyman notes, because it will give people better ways of authenticating themselves online, thereby strengthening security and privacy, which are the cornerstones of trust and confidence in cyberspace. This will help guarantee the continued growth of electronic commerce and communications.

From the very beginning of what has now been nearly a year-long process of discovery and consultation between government, industry and public stakeholders, there have been a few skeptics who have harbored misconceptions that introducing trusted identities online would mean creating a nationalized ID system for the Internet, with Big-Brother-like implications.

But the Administration’s plan creates something entirely different from that: an industry-led, market-driven system that will provide multiple, interoperable solutions for consumers and businesses. There will be a range of security and privacy options that offer anonymity or strong identity assurance, as circumstances warrant. And the system will be completely voluntary.

This is the right approach to enable the continued growth of e-commerce.

As with any plan, some particulars may still need to be worked out in the implementation phase. For example, the final iteration of the NSTIC appears to propose a preference for non-proprietary standards and solutions. The Administration’s stated policy is to promote the best technologies available to meet the security, privacy and other needs of government, businesses and private citizens. BSA looks forward to working with Administration officials to ensure NSTIC maintains that principle of promoting the best-available technologies without preconceptions or preferences.

As the forms of software piracy have transformed and expanded, so too has the fight against such intellectual property theft. Through its global Internet Enforcement Program, BSA has leveraged its diverse membership, existing global partnerships and vast anti-piracy expertise to mount an adaptable and widely-trusted effort to combat online software piracy. 

As part of that initiative, BSA recently launched a robust and interactive online resource focused specifically on Internet Piracy. It is our hope that such a resource will not only confirm BSA’s global commitment and leadership in the fight against Internet piracy, but that this site will also help educate others on this significant challenge and encourage them to join the effort in protecting intellectual property.

Whether you’re a business owner or everyday software consumer, BSA’s Internet Piracy page offers a variety of resources that provide additional information, tools and tips on issues related specifically to online intellectual property theft. From an interactive map featuring BSA’s global monitoring system to a regularly updated news feed, the site serves as a dynamic resource for our visitors.

To learn more about BSA’s Internet Enforcement Program and global trends in Internet piracy, visit www.bsa.org/Internet. To report suspected Internet software piracy, please email ABUSE@bsa.org.

However, last week, the European Parliament adopted amendments to the European Consumer Rights Directive which threaten to undermine consumer protection for digital services like software in the European Union. Its decision to apply the provisions intended for physical goods to software and other digital services could, in practice, weaken consumer protections for digital services and increase costs for consumers.

Take, for example, the rules on repair and refund. With a physical good, traders are responsible for product defects that exist on the date of delivery. Unlike a toaster or sofa, a software program is supplied under a license agreement, which routinely includes provisions for the delivery of patches and updates to protect consumers from viruses and malware throughout the software lifecycle — terms specifically tailored to software. Folding software under the rules for physical goods would mean traders are obliged only to deal with defects that exist on the date of delivery, providing consumers with less protection than current industry practice. This is counterproductive and clearly doesn’t make sense.

The European Commission has two studies underway to better understand the needs of consumers with regard to digital services and to determine whether and what measures are necessary to address consumer protection in the online world. Refocusing on these efforts will ensure appropriate safeguards are applied that protect consumers given the unique ways in which digital services are acquired, delivered, and used.

The Consumer Rights Directive is simply not the appropriate instrument in which to address remedies for digital services. The European Council and the European Commission have, so far, agreed.

The end game in this is effective protection for consumers — on that we agree. Last week’s vote is but one step in the process. We urge the Parliament to reconsider whether applying ill-fitting provisions intended for physical goods to digital services is the best means of modernizing the European consumer protection framework.

But the White House has put the lie to such misconstrued notions by unveiling an important new series of legislative proposals that would increase criminal penalties for IP offenses that, among other things, threaten public health and safety, affect national security, or are committed by organized criminal enterprises or gangs.

Released by US Intellectual Property Enforcement Coordinator Victoria Espinel, the Administration’s recommendations would not be necessary if they did not address very real threats: Counterfeit pharmaceuticals kill people. Counterfeit products in the military supply chain can compromise national defense. And dangerous criminal gangs are generating big profits by stamping out cheap, illegal copies of software, movies and music.

Espinel’s report cited the example of one of the world’s most brutal drug cartels — Mexico’s La Familia — which hauls in $2.4 million per day by manufacturing and selling counterfeit software programs.

These are real crimes with real victims.

In the case of software, the harms associated with counterfeiting and piracy are far-reaching. The theft has an obvious impact on all the software makers, distributers, retailers and service providers whose livelihoods directly depend on legal software sales. But the damage actually goes well beyond that because of software’s unique role as a tool of production for businesses in every sector of the economy.

As I testified yesterday before Congress, we have a terrible competitive imbalance between the United States — where the vast majority of companies pay for the software they use to run their operations — and high-piracy countries, where most companies do not. (The piracy rate in China, for example, is 79 percent, according to the BSA-IDC Global Software Piracy Study. In the United States, it is just 21 percent.) This creates an unfair cost advantage for companies in high-piracy countries, which undermines US product sales and displaces US jobs.

The Administration has done us all a great service by recommending policy responses commensurate with the gravity of intellectual property crimes. I urge Congress to take action on these new proposals.

Congress recently has been scrutinizing US trade policy to identify pressure points, obstacles and opportunities to open international markets for US goods and services. I testified before the House Ways and Means Committee last summer at a hearing on the far-reaching impact of China’s trade and industrial policies. And I testified today at another such hearing, this time before the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Mary Bono Mack (R-Calif.), which is examining how increased trade can boost job creation.

Leading US software companies count on international sales for roughly 60 percent of their revenues. That is how the industry contributes a surplus of $36 billion to the US balance of trade. And it is how the software and related services sector employs nearly 2 million Americans in jobs that pay twice the national average.

But one thing, above all others, stands in the way of further increasing US software exports, the Mount Everest of trade barriers: rampant software theft. It occurs most often when otherwise legitimate businesses make illegal copies of software for their own use. It also occurs online, as Michael Fulkerson, chief technology officer of BSA member company Rosetta Stone, explained at a recent hearing of the House Judiciary Subcommittee on Intellectual Property, Competition and the Internet. In all its forms, this software piracy claimed more than $51 billion worth of PC applications globally in 2009.

Reducing software piracy — particularly in the high-octane economies of the developing world, where PC sales are growing fastest — would send ripples of stimulus through the broader IT economy, thereby creating jobs, spawning new enterprises and driving growth. In fact, the BSA-IDC Piracy Impact Study shows how reducing the global piracy rate by 10 percentage points from its current level of 43 percent would spur $142 billion in new economic activity and create nearly 500,000 new jobs for the United States and its many trading partners.

The US government has a variety of tools at its disposal to persuade its trading partners to improve intellectual property protection and enforcement. These include the annual Special 301 review, negotiation of free trade agreements, and remedies under bilateral and multilateral accords, including the WTO TRIPS Agreement. We should consider all of these options. In particularly intractable situations, we may also need to consider bringing so-called “nullification or impairment” claims under Article XXIII of the General Agreement on Tariffs and Trade.

In the meantime, the US government should set the highest-possible standard here at home. For example, federal agencies are already required by executive order to use only legal software; the next logical step would be to promote the same practice among federal contractors. The administration is actively exploring that option and a series of additional actions under its Joint Strategic Plan on IP Enforcement. We should give responsible agencies the resources to continue executing this plan.

There is a great deal to do. But at the end of the day, we must be able to see the results of our efforts in increased software sales and exports to key markets that are now effectively closed off to us by piracy. That should be the simple measure of success.

But they want to be sure they get the implementation right on the first try, and that often requires working face-to-face with a certified professional.

In response to this demand, BSA is kicking off a SAM Advantage Challenge, in which IT professionals race to become the first person in their state to receive a Certification in Standards Based SAM (CSS).

The SAM Advantage Challenge aims to build an elite, nationwide network of IT professionals who have mastered the processes required to implement SAM programs conforming to the definitive SAM standard set by the International Organization for Standardization. That standard provides a foundation for SAM practitioners to work across multiple software platforms, and it provides them with an understanding of the business and technical challenges facing organizations in a broad range of industries.

To become a CSS professional, an individual must successfully complete BSA’s SAM Advantage program, a first-of-its-kind, global SAM training and certification course that helps users better manage their software assets, increase IT efficiencies, control costs, and identify and reduce IT risks. SAM Advantage was developed in collaboration with veteran practitioners, so it draws on the practical experience and technical expertise of software vendors throughout the IT industry. It is a self-paced course that is fully aligned with the ISO’s global SAM standard.

As part of the SAM Advantage Challenge, BSA is compiling a central directory of all CSS professionals in the United States. It will note the first CSS professionals to be certified in each state. The Challenge will conclude when at least one CSS professional has been certified in all 50 states.

To learn more about the SAM Advantage Challenge and to hear what IT professionals are saying about the course, please visit: www.bsa.org/samadvantage.