Developing an Antipiracy Program
Security Management Magazine May 2009
By Richard C. LaMagna, CPP
The indicators are all over company balance sheets: counterfeiting and piracy are siphoning off incredible amounts of revenue from legitimate businesses.
The Organization for Economic Co-operation and Development (OECD) in The Economic Impact of Counterfeiting and Piracy, released in 2007, estimated that international trade in counterfeit and pirated products could have reached as high as $200 billion in 2005. The estimate does not take into account the number of domestically produced and consumed counterfeit products nor does it include music, video, software, games, and printed materials increasingly being distributed online. The United States Chamber of Commerce estimates that Intellectual Property (IP) makes up more than one-half of all U.S. exports, driving 40 percent of the country’s growth. Clearly, as manufacturing jobs move to developing countries, intellectual property becomes more critical to the economic survival of developed countries. The FBI estimates that the theft of IP costs the U.S. economy $250 billion per year and has resulted in the loss of 750,000 jobs.
The loss of jobs and both tax and corporate revenues results in less money for critical research and development and funding for much needed government programs and is especially harmful during the current recession. Unfortunately, the economic impact is only part of the problem: counterfeiting discourages innovation and undermines good governance, provides real risks to consumers in the form of dangerous and unregulated products, and generates profits that go directly to fund organized crime and terrorism.
The Argument for Strong IP Enforcement
Security managers need to provide a business justification to develop a brand protection program in any company, so the broader arguments in favor of enforcement are worth considering.
Public perception and attitudes towards piracy pose a challenge in that piracy and IP infringement are often perceived as victimless crimes. However, international research and the 2007 report by the OECD provides evidence to the contrary and shows that the negative effects of piracy are broadly distributed among rights holders, consumers, and government. In addition to the legal considerations reflected in copyright and trademark laws, counterfeiting and piracy have economic and social consequences in that they discourage innovation and inhibit economic and technological growth. Innovators are less inclined to devote time, money, and intellectual capital to developing new products if their ideas are likely to be stolen or copied by someone else. Investment funds will not be forthcoming if the business climate doesn’t protect IP, resulting in little or no return on investment. Ironically, developing countries that are often the source of counterfeits are hardest hit in the long run by failure to enact and enforce IP protection laws.
Research and historical trends show that countries with effective IP protection regimes enjoy stronger and more rapid economic development than those that do not. Furthermore, counterfeiters do not pay taxes, are often connected to criminal organizations, and operate in underground economies. When IP is not adequately protected, rights holders suffer from decreased sales and diminished brand value resulting in a loss of consumer confidence and commercial viability. Consumers have fewer choices and often must choose between either very costly authentic products or cheap and inferior knock-offs that not only perform poorly but also carry inherit risks to health and safety. The ever-expanding list of counterfeit products that ranges from pharmaceuticals to car and airplane parts has increased consumer risk with the rise of the globally integrated economy. After-market car or airplane parts manufactured in China, often without appropriate quality control, can end up in the U.S.
The U.S. Department of Homeland Security reported an 83 percent increase in the number of seized items for 2005-2006 and a total value of $196.5 million for 2007 seizures representing a 27 percent increase over 2006. Between 2000-2006, the European Union reported an 88 percent increase in the seizures of counterfeit goods. The World Health Organization estimates that 7-10 percent of all pharmaceutical products sold in the world are possibly counterfeit, with a rate as high as 30-40 percent in some African countries. The Business Software Alliance’s 2008 Annual Report asserts that the worldwide PC software piracy rate was 38 percent in 2007. Clearly the trend is toward more counterfeiting which poses higher risks to the public and has a significant impact on legitimate commerce. Lastly, the impact of counterfeiting, often controlled by organized crime, on governments in the form of corruption and weakened public institutions disrupts global commerce and erodes public confidence in government.
Making the Internal Business Case
Corporate security directors are often presented with a host of challenges when it comes to brand protection and IP enforcement. In many cases, CEO, CFOs, and other corporate executives do not see the need to fund antipiracy programs, regarding them as an unnecessary cost rather than a priority to protect the company’s brand and recover lost sales. In today’s climate of limited budgets, security managers are under pressure to articulate a sound business justification and a return on investment (ROI) for all programs.
Demonstrating that counterfeit items in the market represent a potentially displaced sale of genuine product requires reliable data. An impact assessment that examines market potential, the availability of counterfeits, and current sales of genuine products can help to provide such data. For example, the software industry estimates piracy rates by looking at the number of new computers shipped versus the number of genuine software operating systems sold and activated—the discrepancy is an indicator of pirated software installations since in most cases software operating systems (Original Equipment Manufacture versions) are installed at the factory. A sudden decrease in sales of a genuine product in a given market is another indication that piracy may be a factor and is often pointed out by sales personnel or distributors. Aggressive IP enforcement is not only a necessary deterrent but can also be a potential source of revenue to fund anti-counterfeiting programs through civil asset forfeiture and out of court settlements, while at the same time preserving brand integrity.
Often the sudden appearance of a particular counterfeit product on the market, a dramatic drop in sales, or a major seizure by law enforcement alerts the corporate leadership to the need for greater antipiracy enforcement. Unfortunately, when such an incident occurs, people often react by reaching for very costly “Band Aid” solutions. Instead, having an effective antipiracy program in place that consists of sustained enforcement effort and consumer education is a much better corporate strategy in the longer term. An added benefit of this approach is that law enforcement agencies are more inclined to work with companies that have well-developed programs and demonstrate a serious commitment to antipiracy enforcement.
The Assessment Phase
Because most managers need facts and figures to support budget and resource requests, an initial assessment is recommended to determine the scope and magnitude of the problem. Depending upon the type of product and the brand, on-site visits to sales outlets as well as Internet searches for the company’s products are critical. The latter has increasingly become a means of “direct- to – customer” sales and has changed the business model for counterfeiters, by eliminating the need for wholesale distributors.
One large organized crime group that operated from Russia sold thousands of “burned” or copied CDs of software programs directly to retail customers in the U.S. via the Internet, thereby circumventing wholesale distributors. They used thousands of affiliate sites as well as spam tactics to generate sales. Pirated or counterfeit software and games are sold in shops, flea markets, or so called swap meets, which are essentially the same as flea markets. Pirated goods are also offered on the Internet through independent web sites or auction sites. An online search for cheap software will produce hundreds of results. Other types of products such as batteries, razor blades, or car parts are often available on business-to-business (B-to-B) sites, while counterfeit or unapproved generic pharmaceuticals are sold on both B-to-B sites and illegal online pharmacies.
Many sites selling pirated goods are hosted in countries where cybercrime and IP enforcement are almost non-existent, making it very difficult to identify, much less go after the criminals. There are many companies that perform Internet searches, often called “web crawling”, to help locate where the imposter products are being sold. The searches are based upon specific search terms or logos or both provided by the IP rights holder. One often finds that spamming and the sale of counterfeit items and pornography on the Internet are ultimately controlled by the same organizations. It is important to find a search company with expertise and reliable baseline data in a specific industry to avoid the expense and time in the learning process.
In order to get an accurate picture of the size and nature of your company’s piracy problem you should have an experienced antipiracy investigator conduct a series of test purchases (TPs) from sales outlets and Internet sellers. Based upon guidance provided by the brand owner, the investigator should gather specific information regarding the seller, the product, the make, the model, the design, the title, the version, and other key characteristics, including product authenticity.
Proper product authentication by the IP holder is critical, since sales are not limited to counterfeits. So called “grey market” items that have been diverted from the intended distribution channel are one of the many challenging issues in the brand protection domain. The TP is designed to obtain samples and to determine origin, price, quantity, quality, accepted payment methods, shipping, and return policies. Once there is enough information to permit a good sampling of the products most often pirated, an analysis and interpretation of the data should be conducted with an eye towards identifying commonalities and vulnerabilities. They may be in violation of laws other than those related to copyright and trademark infringement.
For example, is the seller of your company’s pirated product also liable for wire fraud and money laundering offenses or involved with the sale of child pornography? These additional factors often make them more attractive targets for a law enforcement investigation. But it is important to remember that the initial goal is to assess risk and damages and not to conduct an investigation—that can come later. Some key considerations one should consider: Is there a health and safety risk? Are the products high-quality copies designed to deceive or cheap knock-offs? To what extent are they displacing sales of genuine products? What are the estimated losses of legitimate sales and which products and markets are most impacted? Are the products perhaps original equipment manufacturer (OEM) versions or stolen or fraudulently obtained genuine items?
If so, this may be an indication of an integrity problem within the distribution chain and with third-party manufacturers, distributors, or transporters and at some point a complete audit of manufacturing plants and distributors may be advisable. One company, for example, uncovered a huge problem with “leakage” of genuine products from its supply chain because they were leaving the plant marked as “scrap.” An investigation revealed that several warehouse employees had been compromised by an organized criminal group. Thanks to good liaison and private-public cooperation with the FBI, the case was thoroughly investigated and the organized criminal gang was brought to justice. In addition, the company recovered some of its losses by bringing civil action against a third party manufacturer.
This case also pointed to an internal management problem. The account representatives for the third-party manufacturing plant had failed to conduct regular audits as prescribed in their vendor contracts. Such audits would have discovered that the use of raw materials did not correspond with the amount of finished product and that the plant had failed to properly account for the destruction of surplus goods. In another case, during the closing of a plant, numerous master “stampers” for digital media, each with a value in the hundreds of thousands of dollars, had gone missing and were being sold for a high price on the illicit market. Thanks to an FBI informant and good liaison efforts the stampers were prevented from getting into the hands of counterfeiters.
One of the challenges in the assessment phase is obtaining reliable information concerning counterfeiting or piracy. Sharing and comparing trend information with various internal corporate entities can often provide useful information and insights. An internal company survey might also surface good information about piracy and lets employees know that the company is protecting its valuable IP. Coordination with the legal, sales, marketing, product development, packaging, and manufacturing teams is highly recommended and is indicative of a holistic approach to antipiracy. Corporate stakeholders can also become allies in the quest for executive support and budget for antipiracy operations. As the program develops, an antipiracy advisory board comprised of key company players and stake holders ensures that proper information sharing and coordination across the company are being accomplished.
Building the Team and the Program
Once the assessment is complete and executive sponsorship and budget are obtained for an antipiracy program, the next step is to build a good in-house team or to have a combination of in-house experts and external consultants devise an antipiracy strategy. Antipiracy programs can be costly, particularly with regard to investigative and legal support, and will inevitably involve corporate attorneys as well as outside counsel to develop legal strategies. Finding the right talent is crucial; many security managers have expertise in a variety of areas but not necessarily for antipiracy strategies and operations. Outside consultants can help develop the program in the early stages. Ideally, an in-house team under the Director of Corporate Security consists of a senior manager for investigations or an antipiracy manager, an attorney with prosecution or civil litigation and asset forfeiture experience, investigators with a physical and Internet investigations background, a paralegal, and a business analyst.
The analyst plays a critical role in analyzing and interpreting the information collected from the investigations, performing trend analysis, and preparing briefing materials. It is important to ensure that the team’s goals and brand protection efforts are in keeping with the overall company strategy. A monthly scorecard of metrics, highlights, and trends that can be shared with company stakeholders is essential in maintaining internal support for your team’s efforts. Often good work goes unnoticed because it isn’t properly presented and consumed at the right executive level. I was involved in one situation where millions of dollars were spent on Internet Piracy programs which were well-documented in monthly progress reports that were apparently never read by the senior executive in charge of the program. Not only was he unable to articulate the return on investment for the company, but also his subordinates who managed the program were unable to ascertain if the program was achieving management’s desired goals and objectives. We often felt as if we were on the proverbial rudderless ship.
While AP investigations are not vastly different from other types of investigations, there are some unique challenges. For example, identifying and prioritizing high-impact targets, managing a test purchase (TP) program and vendors, and analyzing data are key components. In addition, product identification, data and evidence collection and analysis, and coordination with attorneys and law enforcement authorities for criminal prosecution or civil litigation are all part of the continuum of an antipiracy program. Coordination of all of these program components towards the goal of protecting the company’s brand integrity is the main objective.
In my experience as Director of Worldwide AP Investigations at a large technology company, a multi-faceted strategy was very effective and reduced piracy by at least 10-15 percent over a four-five year period. It was a highly integrated approach and involved law enforcement referrals and prosecutions, aggressive civil litigation, asset seizures, and cease and desist notices. Web site takedowns, and robust consumer education and PR campaigns were also part of the strategy. In one case in California in November 2001, then U.S. Customs (now U.S. Customs and Border Protection) made the largest software seizure in history of a container load of counterfeit software and cigarettes worth more than $60 million.
Cases such as these are the result of extensive law enforcement liaison and training programs that not only assist officers in identifying the company’s products but also help build those all-important relationships that facilitate cooperation. Through this approach, we were successful in getting a broad range of law enforcement agencies such as the FBI; ICE; and many state, local, and foreign law enforcement agencies to investigate and prosecute our cases.
In addition to traditional enforcement measures, other program elements, such as legislation, are critical to support the effort. My company successfully supported a legislative initiative to close a loophole that allowed counterfeiters to break open software packages and sell the genuine components used to authenticate counterfeits. Internally we worked with product and packaging teams to adopt the latest security features and counterfeiting counter-measures and leveraged public relations opportunities and the company Web site to reach consumers. By employing all of these strategies in an integrated manner, over a five-year period the company saw a dramatic drop in the availability of counterfeit products and a shift towards the sale of genuine products. There were indications that counterfeiters were moving towards the counterfeiting of competitors’ products. Anecdotal information filtered back to us that the sellers and distributors were reluctant to sell counterfeits of our products due to our strong enforcement posture.
Measures of Success
Measuring effectiveness and success can be the most challenging aspect of an antipiracy program. As in law enforcement, it is often difficult to know if your efforts are truly having an impact. Can success be measured in seizure and arrest statistics? A qualified yes, if they are strategically targeted.
However, random seizures of counterfeit products have little impact. Does an increase in the seizure of counterfeits indicate that the strategy is working or does it suggest a greater availability of illegal product on the market? Focusing enforcement efforts on certain products, organizations, and markets can result in an increase in legitimate sales and should be measured in individual markets. Information campaigns surrounding enforcement actions can also be very effective as a deterrent and lets consumers know that the company is protecting brand integrity and consumer interests.
Consumer comment and feedback can also be a useful measure of effectiveness especially with regard to anti-piracy technologies. However, one must be careful about too much negative publicity that can result in a lack of brand confidence and rapid migration to a competitor’s brand. This may be particularly true in the pharmaceutical industry where there are often similar choices.
For example, Viagra is one of the most common counterfeit pharmaceutical products offered by illegal online pharmacies. Overexposure of this issue may lead consumers to think that they automatically reduce their risk by purchasing another erectile dysfunction drug. Changes in consumer behavior and buying trends can be another measure of success.
Target qualification and identification, case prioritization, and enforcement outcomes can be hard to establish and even harder to measure. Referrals to law enforcement agencies do not always yield immediate results and require patient liaison efforts. While federal agencies have broader jurisdiction and authority than state and local agencies, they invariably take longer to conclude the investigation. I know of numerous cases that were very successful in dismantling counterfeiting organizations but took in excess of one year to complete. In the meantime, counterfeits continue to flood the market and company executives are looking for results.
In addition, enforcement agencies often have other priorities and want to avoid being seen as working for one company as opposed to an entire industry—for these reasons, good law enforcement liaison is critical for success. When I managed a worldwide anti-piracy program our active law enforcement liaison and training program paid great dividends in terms of cooperation and our law enforcement colleagues knew that we were 100 percent committed to supporting them.
A good antipiracy program must also balance customer satisfaction and public image with strong security and enforcement measures. For example, while encryption and product activation keys are effective software antipiracy measures, they often create user frustration and inconvenience. Another consideration is how will strong enforcement affect the company’s image and brand reputation? Will it be seen as “heavy handed” in going after infringers? In recent years the recording Industry understandably took a very strong stand against unpaid digital downloading of music, but in the process it created a public relations problem by alienating its own customer base— young music enthusiasts. Targeting large-scale counterfeiters and distributors helps to avoid that perception and reinforces the point that strategic enforcement protects consumers’ interests.
Good data management and retrieval is critical to the conduct and the analysis of investigations as well as to the ability to measure success. One pharmaceutical company with which I am familiar had a very robust Internet antipiracy program; however, during the program evaluation by an independent management consultant, the success was difficult to quantify due to the inconsistency and unreliability of the data that was collected. In addition, the cost of “cleaning” the data so that consistency could be achieved was high. If data isn’t accurate and reliable the entire process and results are distorted and program effectiveness will be difficult to determine.
Globalization has impacted both legitimate and illegitimate commerce. Criminals operate across national borders, thus to be truly effective, investigations and strategies must be coordinated on an international basis and targeted on the source of the problem. Admittedly there are challenges in transnational cooperation and enforcement, not the least of which is a disparity in IP laws. Success, however, can be measured in terms of investigations, prosecutions, and convictions of major violators, closures of illegal plants, civil lawsuits, and forfeited assets. The money recovered through restitution and asset seizure can help finance antipiracy operations and cause a decrease in availability of the most frequently pirated products and an increase in your company’s bottom line.
Rich LaMagna, CPP, is the former director of Worldwide Anti-piracy Investigations for Microsoft and is the president of LaMagna and Associates, LLC, a Washington, D.C.-based consulting firm.