Nearly every organization has dirty little secrets. More often than not, IT knows where they're kept. Sometimes, it takes a geek to step forward and bring them into the light. But it's not easy.
Just ask Roger Smith (not his real name). As a computer science teacher at an East Coast high school, Smith became concerned when the district bought single-user licenses of Adobe Creative Suite and Microsoft Office, then installed them on network servers where 5,000 users could access them.
Smith says he approached his superiors and the district's IT department and explained why that was wrong, but to no avail. So one day he called the Business Software Alliance and reported them.
"With some software, we were on day 120 of a 30-day free trial," he says. "Part of what we're trying to do is to teach kids ethics. That's hard to do when the software you're using isn't licensed and the kids know that."
The BSA relies on tips from people like Smith, says Jennifer Blank, the BSA's senior director of legal affairs. Often it's disgruntled employees spilling the beans on their boss. Sometimes, though, it's just IT pros who want to do the right thing.
The BSA has its share of critics, who claim the trade group exaggerates the amount of software being pirated, targets smaller businesses that lack the resources to defend themselves, or acts as unofficial enforcers for well-heeled software makers like Microsoft.
"The people who call us names forget that the people they are defending are stealing software," says Blank. "You wouldn't go into Best Buy, put a copy of Windows in your pocket and walk out the door. Only in this case they're taking that copy of Windows and installing it on 100 computers, so they're 100 times worse."
But this dirty IT job is not for the faint of heart. On her blog, The Whistler's Ear, database administrator Nell Walton details her three-year legal battle with her former employer, credit card processor Nova Information Systems (now Elavon), after reporting rampant security breaches. She ultimately lost. The breaches were quite real, but the court decided that, as a database administrator, she could not have had a "reasonable belief" her employer was breaking the law, as required by Sarbanes-Oxley.
"This is not a path I would recommend to anyone unless you have a completely ethical reason for doing so, have a backbone of steel, and a very thick skin (don't think you will make a million dollars, in other words)," she writes. "Something all IT people in the USA need to be aware of [is that] we don't have a lot of protections when it comes to whistle blowing."