The Software Piracy Threat to the Global Semiconductor Industry

COVID-19 has created plenty of global havoc including anti-piracy challenges for professionals working from home. One underreported development is the uptick in software piracy that could range from 20% to 30% since the work-from-home (WFH) orders went into effect. While this trend may seem far removed from hardware design and the semiconductor industry ecosystem, it’s not. Software piracy is insidious even here as clever hackers crack the strongest online fortresses, the weakest and everything in between to steal software companies’ IP.

Sure, software piracy is nothing new –– it started soon after the first software products were unveiled. A company that considers software piracy to be the cost of doing business is at a huge competitive disadvantage. Any other that believes software is a victimless crime puts their business in jeopardy. Software piracy continues to thrive as hackers get more skilled and the cloud becomes a central resource and repository. The internet is full of pirates who don’t respect the law or think nothing of copyright infringement.

Illegal software usage –– software used without proper licensing –– takes many forms, both intentional and unintentional. Inadvertent or unintentional misuse may be employees sharing licenses by cloning their PC hardware, sharing license login credentials or making additional internal copies to install on a personal machine. Client-server misuse, often called “overuse,” happens when more users on a network access software than the license agreement permits. Sometimes it is done mistakenly. More often, companies deliberately ignore their license agreements and overuse software to save money.

Deliberate piracy, where illegal copies are made, used and sold, is another form of piracy. This includes employees intentionally making illegal copies of software they need for their job that their company has not provided legally. Certainly, the best-known and highest profile illegal uses are counterfeiting and internet piracy. Counterfeiting involves making illegal copies of copyrighted software products for personal use or, more generally, for distribution or sale. Internet piracy occurs when counterfeited software is made available to download over the internet for free or sold at a lower price.

Closer to home, software runs the semiconductor industry from design through manufacturing.

Take, for example, a small group of IC designers in Austin, Texas, building interface IP for a cell phone design. A large fabless semiconductor company licenses the block of IP for its SoC design, sends the GDSII file to the fab and then introduces the phone to the consumer electronics market to rave reviews and strong sales. Initially, the small company begins to collect royalties. In time, the cell phone company stops reporting royalties and the royalty spout dries up for the small company.

In another scenario, that same cell phone IDM sends the GDSII file to the fab with an added layer of detail about which company owns which block of IP on the SoC design as a means of traceability for each block and accountability. The fab, not wanting to get involved in royalty disputes, strips out that layer and the IP owners do not get royalty reports.

Over time, that same IP could be retargeted to another process node without the knowledge or consent of the small IP company in Austin.

While these three scenarios may not comply with the traditional definition of piracy, it is piracy nonetheless. Small and big software companies are impacted and need ways to protect their IP, their licenses and contracts, collect royalties and, in many cases, maintain the health of their business. Some companies resort to audits to ensure license compliance and maximize software revenue.

The theft of IP in the U.S. remains a systemic threat to the economy, inflicting an estimated cost in pirated software and theft of trade secrets that is more than $600 billion annually and growing. Software piracy is not just a domestic problem. Indeed, it’s a problem that affects global economies in terms of lost revenue and competitiveness.

Software companies such as those in the semiconductor industry are not passively allowing improper licensing to continue. In fact, after losing more than $46 billion a year, they are employing technological advances that help contain piracy through identifying illegal use and gathering data on where, when and how often their products are being used without proper licensing. This usage data can reinforce legal settlement negotiations to recover lost revenue and is being successfully used as supporting evidence in lawsuits. It is also being analyzed and leveraged to optimize trial evaluations, discover technical support issues, and re-negotiate enterprise license agreements.

Anti-piracy and license compliance programs are in place at notable semiconductor companies. Once they made the decision to implement such a program, they:

• Began hosting all or part of its software in the U.S., as well as manuals. This provides jurisdiction for a company to seek legal remedies and recover lost revenue in U.S. courts, typically easier and more successful than legal action in foreign countries.
• Put in place strong software license agreements for an advantage in a piracy dispute. A click-through agreement and up-front display of terms of use is essential, as is including a licensee recognition/agreement that the work is protected by U.S. copyright law. The agreement should stipulate it’s a license, not a sale.
• Included phone-home technology that can gather pertinent telemetry data on who is using the applications. This technology will detail whether the software is used illegally and will report back usage details such as where, when, and how often products were used illegally. This data can be used as strong evidence in a revenue recovery negotiation or to prevail in a lawsuit.
• Activated timely policing efforts because statutes of limitations can prevent recovery for unauthorized use in the past, particularly if the company knew and did not act immediately. Repeated “nice” letters and repeated threats with no follow-up generally don’t work.
• Prioritized efforts because not all software pirates are equal. Limited resources and competing interests make some pirates more attractive than others. Identify a company more easily persuaded to become a paying customer or that has U.S. contacts. Reputation can provide insights into whether the target’s management is reputable and unaware of the piracy. Companies need to consider low risk/high reward to determine if the pirate is a frequent user with fewer resources to fight or if the pirate is located somewhere that will be difficult and expensive to litigate.

As for the specific semiconductor industry scenarios described above, IP companies and IDMs must urge fabs to leave the traceability layer in their GDSII files to ensure proper license compliance. The small Austin-based IP group needs a stronger license compliance program and should regularly audit the cell phone company’s revenue to maximize its own revenue.

COVID-19 prevention measures remain in place for the foreseeable future and software piracy continues unceasingly. Software companies, recognizing piracy as an ongoing and serious threat, are equipping themselves with forceful anti-piracy strategies to remain competitive, protect their assets and maximize their review.

_________________________________________________________

About Ted Miracco
Ted Miracco is co-founder and CEO of Cylynt (formerly SmartFlow Compliance Solutions). His high-technology experience spans 30 years in defense electronics, RF/microwave circuit design, semiconductors, electronic design automation (EDA), and cybersecurity. Prior to Cylynt, Miracco co-founded EDA company AWR Corporation (now Cadence). In addition, he has worked with several Fortune 500 software companies, including Cadence and startup company EEsof Inc., acquired by Hewlett Packard in 1994 and now Keysight EEsof EDA. Miracco holds a Bachelor of Science degree in Electrical Engineering from Carnegie Mellon University.