What's at issue here? There are legal, personal, and ethical reasons for doing a number of things here, and as IT personnel, it's your job to plot a path through this mess. You know there are wrongs, and those should stop. You know what would be right, and it's your job to ensure that happens (and sooner, rather than later).

So what do you do? Well, first off, keep everything on record, via e-mail BCC'd to one (or twenty, if you're paranoid) personal e-mail accounts you set up specifically for the purpose of documenting this.

First, you need to inventory what's going on. How many machines do you have, what software are they running? How many licenses do you have? Make a database of all of your licenses.

Secondly, it's your obligation via your position (as well as ethically) to let your employer know what's going on. It needs to be completely transparent to them what the current situation is, and how illegally the company is currently operating. If your boss is an unethical jerk; it's your job to tell HIS boss (if it's that large of a company) what's going on. Tell everyone who might get their ass kicked by the BSA what's going on. Yeah, they probably should know. But it's your job to make damn sure they do.

Third, propose options for fixing what's wrong. It'd be a lot easier on you to report them to the BSA, collect a fat check (maybe?), and go to Tahiti. It'd take some real gusto to actually break out a bucket o' elbow grease and fix this stuff. Find out what software you have and do an analysis if you really need it all. You mention Office, Acrobat, WinZip, and AVG, most of which have previously mentioned FOSS replacements. No, they won't be as *good*, but they will be legal, and in most cases they will do all that you need them to do. They will also be less likely to contain malware / keyloggers / other crap that I'm sure your employers would rather forego dealing with. You might even be able to find some commercial, non main-brand replacements for some apps (I recall some companies making PDF creators / editors that don't cost an arm and a leg, and will probably get the job done).

What were you hired for? Your company counts on you to:

1) make sure everything works so that business can continue
2) make sure everything is legal & licensed
3) minimize the cost of running the IT department while maximizing value

It's that last step that can lead people to consider employing unethical practices. We all want to save a couple of bucks. If you want to do your job and be able to look yourself in the mirror, you need to do everything you can to enact a swift transition to new practices. By all means, cover your ass by documenting your efforts and if need be quit your job & report the company, but try to do your job as much as you can before you resort to that drastic measure.

In my opinion, you'll be a hero if you can suggest some sort of a compromise that won't kill your company, but still make them legal. No, you can't go and uninstall every illegal piece of software right away, because the company will go under from a loss of productivity. But do try everything you can to fix the situation, write up a nice and pretty report that you can cc to all company management that gives them a good idea of what's going on (make sure to give them a summary that explicitly states the urgency of the situation), and for jc's sake put all the work you do on your resume.

In the end, you're doing this job for yourself. Don't accept the morals of the lowest common denominator, try to raise the lowest common denominator. Do some real good and bring another company up to compliance. People like you who want to do what's right are rare, and people who are willing to work 16 hour days for a week to get this done ASAP are even rarer. Work your butt off for a little while to bring more than just problems to your management, help them by bringing them solutions too.

What'll make you feel better? Sinking your company and dozens of jobs because of ignorant management, or convincing that management that you're doing everything you can to save them money and act legally, potentially saving the company and all those jobs from disappearing with one BSA report?

Don't blame me; I voted for Kodos.

Barack of Love: President Obama tours the world in Air Force One with the other leaders present at the G-20 summit. They face off in a series of challenges designed to test their mettle, in a style reminiscent of American Gladiator meets Real World meets Bromance, to see who is worthy of becoming Obama's best friend and top advisor. 19 enter, one will remain... 8PM / 7 Central, only on Fox.

In all seriousness though, I'm intrigued by the Twitter feed. Not so much the Facebook / MySpace thing.

Ugh... sigh... yeah that's the one, 4th not 9th.

Apologies. In the midst of schoolwork while writing that, must've gotten distracted.

Thanks for the correction ^^

I think I may have come across as too harsh in my original post.

I completely agree that any act done to cover up criminal activity should be punished. If my buddy felt like robbing a store, and I pulled up a big truck in front of the store to obscure the criminal activity, I would absolutely say that I was at fault and should be charged with something.

My main concern is with the idea that "if you have done nothing wrong, you have nothing to hide". While I in fact don't have anything to hide per se (from the government, at least), I feel that I do have the right to privacy. I personally would look at the third amendment (protection from unreasonable searches/seizures) as giving me the right to obfuscate my activity from such unreasonable searches and seizures. For example, if I'm walking around a public street shouting into my cell phone, anyone around can hear it. If I, however, stand in a corner and make sure no one's around before I speak into my cell phone (or do so in my own home), I would feel violated if someone was spying on me. Much in the same way, I feel like using the internet without certain means of securing your data in transmission, or obfuscating it from outside parties, would be akin to standing in a corner hoping no one is spying on you. It's fairly easy to intercept unencrypted wi-fi traffic, for example.

The trouble comes in making the distinction between the right to privacy that I believe each of us has or should have, and an illegal activity designed to hinder law enforcement. If I am always, 100% of the time, connected to a VPN to protect my personal information, and then don't purposefully disconnect before committing a crime, would that be considered "deliberately" avoiding being identified? I'd be willing to bet that most people would say that if I was connected to a VPN 100% of the time, that's not "deliberately" avoiding being identified, and is just something of a standard practice for me. What if I connect to the VPN ONLY when I do banking? If I connect 25% of the time I spend online, and happen to commit a crime while using a proxy/vpn, is that deliberate concealment of a crime?

That gray line is what can begin to erode citizens' privacy. If it starts with this, I don't think it's too far-fetched to see legislation that says "if you encrypt illegal information (mp3s/movies), we'll tack on 50% to your sentence". I like to encrypt my laptop because I have information that's sensitive to ME on it, pictures of loved ones, passwords to my e-mail, tax return information, et cetera. If that fell into the wrong hands, my personal life would be severely compromised, even though I have nothing illegal on my computer.

Well... that was a bit rambly... but anyhow, in addition to this, even though it was never really enumerated in the constitution, the supreme court has historically regarded the right to privacy as being an inherent right. Typically, it's attached to either the 9th (enumaration of rights in constitution shall not limit those not mentioned) or 14th (No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States) amendments.

And, for the record, I am pro-government. I don't think that this is what they're intending. However, if everything is just taken on 'good faith' without discussion, that could create considerable gray area that might be a problem in the future. I like my privacy, and don't want to see it go away :)

However, if one of the fundamental conditions of accessing said 'public space' is that you have to wear that mask, or you can't go outside, should you still be penalized more for wearing the mask?

Proxies are everywhere, and are even encouraged in many places. For example, my school encourages us to install a VPN client for use while connected to the unsecured school wireless network in order to protect sensitive data that may be transmitted (bank logins, e-mail logins, et cetera).

Oh; and I believe the section in question is at the bottom of PDF page 8, numbered page 6. Section 2B1.1.

All around, this seems pretty silly to me. If they want to increase the punishment for committing crimes on the internet, fine and dandy, but masquerading what SHOULD in all honesty be some basic internet safety practices as "sophistication in a crime"? That's just stupid.

His assets weren't seized for the use of "scary voodoo operating systems". Oh, and for future reference, his name is Riccardo Calixte.

Application for the search warrant:

http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-A.pdf

Here's a summary.

I) Why do we want his stuff?
      a) we think it's been used to commit a crime
      b) we think it contains evidence of said crime
II) What do we want to take?
      a) anything that can hold data (PCs, peripherals, phone, etc)
      b) documentation that may contain his passwords (computer manuals, post-its)
      c) evidence of ownership over systems used in offenses at the time of offenses
III) Where are we gonna find his stuff?
      a) his room.
IV) Why do we think we need to take his stuff?
      a) his roommate said that Riccardo hacked into the university computers to change peoples grades
      b) Riccardo was suspected of stealing a computer from the university previously
      c) the roommate's computer started acting funny after getting into arguments with Riccardo
      d) e-mails were sent out to the whole university saying that the roommate was gay
      e) network administrative staff said that according to their records, Riccardo did it
      f) Network Admin says: those e-mails came from their dorm, from a computer with the same name as one registered by Riccardo. additionally, a profile was posted on a gay dating site, screenshotted, and included in the e-mail. the only computer to visit said site within 5 days of the incident was Riccardo's. he accessed the site frequently 2 days prior to the e-mail.

It continues with more info as to why the originating officer is a good candidate to evaluate this stuff.

I think that's enough probably cause to warrant further investigation; but that's just me. I would encourage you all to actually read the thing, not just take my word for it, but hopefully this will quell some of the "omgz he wuz arestid fur uzing l1nuxz!!1" comments.