risk of using pirated software and its impact on software protection strategies

Available online at www.sciencedirect.com

45 (2008) 504–516www.elsevier.com/locate/dss

Decision Support Systems

Risk of using pirated software and its impact onsoftware protection strategies

Samuel Shu Kin Kwan ⁎, Jeevan Jaisingh, Kar Yan Tam

Department of Information and Systems Management, Hong Kong University of Science and Technology, Hong Kong

Available online 23 June 2007

Abstract

The software protection strategy of software developer and the inherent risk to end user in using pirated software are two majorfactors that affect a user's decision on whether to purchase or pirate a software product. This paper analyzes the optimal protectionstrategy for software developer in horizontally and vertically differentiated markets. We find that the implementation cost ofsoftware protection constitutes the primary factor for software developers to determine their software protection strategies.However, in a vertically differentiated market, the lower quality product should always adopt a non-protection strategy, regardlessof the protection implementation cost. In other cases, protection would only be optimal if the protection implementation cost to thesoftware developer is relatively small. These findings are consistent with anecdotal evidence.© 2007 Elsevier B.V. All rights reserved.

Keywords: Software piracy; Software protection strategy; Horizontal differentiation; Vertical differentiation

1. Introduction

According to a global report by Business SoftwareAlliance [2], the software industry is said to have lostmore than $13.08 billion in business during the year2002 due to software piracy. It remains to be one of themost well known and persistent problems of the ITindustry. It is estimated that an average of 39% of allsoftware installed in 2002 were pirated versions [2]. Infact, the situation is deteriorating with the rapid andpervasive application of IT in the modern society.

At the first glance, one may perceive software piracyas just another example of the illegal duplication of otherintellectual properties like books, journals, or mediacontents. However, there are at least two factors that

⁎ Corresponding author.E-mail addresses: [email protected] (S.S.K. Kwan),

[email protected] (J. Jaisingh), [email protected] (K.Y. Tam).

0167-9236/$ - see front matter © 2007 Elsevier B.V. All rights reserved.doi:10.1016/j.dss.2007.06.014

make software piracy a unique type of problem in itself.Firstly, software developers are able to implementprotection codes or mechanisms that can effectivelyand significantly increase the difficulty to pirate. Suchmeasures are usually not available to publishers andproducers. The protection of software products can rangefrom the use of hardware “dongles” to just requiring theuser to enter a cryptic product key code. Although onemay argue that these schemes are usually not unbreak-able, they increase the cost for pirates to use illegalcopies of software. Of course, the software developerwould also need to pay a certain implementation cost forthis type of software protection mechanisms. Secondly,there are inherent risks in using pirated software. Theserisks are unique to the software industry and makesoftware piracy quite different from other forms of illegalduplication of intellectual properties. For instance, due tothe unlawful nature of piracy, the quality of piratedsoftware can never be guaranteed. Very often the pirated

http://dx.doi.org/10.1016/j.dss.2007.06.014

mailto:[email protected]



1 In this study, we assume that software developers would notintentionally reduce the reliability of their software products for thepurpose of deterring piracy.

505S.S.K. Kwan et al. / Decision Support Systems 45 (2008) 504–516

software would have already been infected withmalicious computer virus before it arrives at the handsof the end user.

Also, software is seldom free of defects. Somedefects not only result in malfunctioning of the softwarebut also leave “vulnerabilities” for malicious computerhackers to exploit. Very often these defects would onlybe discovered after the consumer has purchased andused the software for a certain period of time. It is acommon practice for software developers to providepost-sale technical support to the legitimate users shouldthere be any subsequent problems. While these types oftechnical support may exist in a variety of forms,ranging from security patches, features updates, to emailor even telephone support, they are usually availableonly to the paying consumers but not to the pirates.Users of pirated software are at their own risk. It isreasonable to assume that some people would bedeterred from pirating in view of this risk.

Cheng et al. [3] attempted to exhaustively enlist thereasons behind people's software purchasing or piratingdecisions in an empirical study. In particular, they found“technical support in case of problems” as well as“worry about computer viruses” to be among the tenmost important reasons for people to purchase, ratherthan pirate software.

In the Internet age, the risk of using vulnerablesoftware cannot be overemphasized. The US-CERTVulnerability Notes Database [9] lists many popularsoftware products that contain critical security vulner-abilities. For example, the various “buffer overrun”vulnerabilities that exist in the popular Oracle 9i productwould require software updates available only toregistered users. In principle, users of pirated copies ofOracle 9i would have to bear the risk of future attacksexploiting these vulnerabilities, especially if their sys-tems are connected to the Internet. The risk in usingpirated software became quite apparent in the recent“Blaster” attack. “Blaster” was an Internet virus thatexploited a known vulnerability of the Windows XPsoftware. A timely patch to this vulnerability wasactually released by the vendor but was made availableonly to registered customers. As a result, machinesrunning pirated copies of Windows XP were forced todisconnect from the Internet to prevent from gettingexposed to the virus attack.

To summarize, both the software protection mecha-nism and the risk in using pirated software serve toreduce piracy. The former is mainly a preventive mea-sure that is available to the software developer whoneeds to weigh the cost and benefit before deciding onwhat type of protection mechanism, if any, should be

adopted. The latter can be considered as a deterrentwhich means that it is beyond the control of any singleparty. The effect of risk may depend on a number offactors such as the chance of virus infection through theuse of pirated software, the ultimate reliability of thesoftware product,1 etc. In this paper, we attempt to studythe optimal protection strategies for software firms in aduopoly software market, with the explicit considerationof the potential risk in using pirated software due to thelack of technical support. We develop an analytic modelthat assumes that people can overcome the softwareprotection by bearing a cost of pirating. Users areheterogeneous in the cost of pirating. We will also modelthe risk in using pirated software in our framework.

We consider a duopoly market under two forms ofproduct differentiation: horizontal and vertical [8]. Byhorizontal differentiation, we mean that software firmscompete with each other by designing features that areunique from its competitor. On the other hand, in avertically differentiated market, firms compete in thequality of their products. Our main objective is to ana-lyze the optimal protection strategies for software firmsunder each situation. The rest of the paper is organizedas follows: To begin with, we will examine the relevantprior research in the area of software piracy first. We willthen develop an analytical model conforming to ourobservations mentioned above. In particular, we willanalyze the problem using two well known marketcompetition paradigms, namely the horizontally differ-entiated market and the vertically differentiated one.

2. Background literature

Intuitively thinking, the existence of piracy shouldreduce demand and thus profit. It follows that the beststrategy for software firms would be to increase theprotection level as much as possible so that potentialpirates would simply find it very costly to pirate.However, Conner and Rumelt [4] argue that by takinginto account the effect of network externalities, ascommonly found in software products, a high level ofprotection may not be optimal for firms. They show thatin a monopoly setting, raising software protection wouldbe profit-maximizing only when there is only insignif-icant effect of network externalities. Otherwise, profitwould decrease with an increased protection level be-cause some would-be pirates are forced to do without

http://www.kb.cert.org/vuls

506 S.S.K. Kwan et al. / Decision Support Systems 45 (2008) 504–516

the software, rather than buying it. However, the modelused does not consider strategic interactions in a com-petitive market as well as the inherent risk in usingpirated software.

The work by Shy and Thisse [7] further develops theanalysis of optimal software protection strategy by theuse of a horizontally differentiated duopoly model.Their findings are similar to those by Conner andRumelt in that when externalities effects are strong, non-protection would be optimal for competing softwarefirms. Their model assumes dichotomization in twodimensions. Firstly, consumers are dichotomized intosupport-oriented or support-independent ones. Support-oriented users choose to buy rather than pirate if theprice of software is less than the utility they derive fromthe support service. Secondly, rather than treating thelevel of protection level as a continuous variable, firm'sprotection strategies are dichotomized into either fullprotection or nil protection. This conforms to the realityin that software products usually come only with asimple protection mechanism that checks for a validproduct key, or are just completely unprotected.

However, their model also assumes that end userswould have no way to use pirated software if softwareprotection is in place. Unfortunately this is often not truein real life. In fact, end users can usually obtain piratedsoftware with protection mechanism already compro-mised. Also, most of the time software is only protectedby a product key code that can be easily duplicated.Therefore, we believe that it should be more realistic toassume that people can still pirate even though asoftware product is protected, only that they would needto pay a cost of pirating. The cost for pirating can differby individual but in general should be small comparedwith the price of software.

The dichotomization of support-oriented and sup-port-independent consumers does not fully represent theinherent risk in using pirated software as discussedpreviously. In Shy and Thisse's model, technical supportonly brings a fixed amount of utility to support-orientedusers. However, we believe the lack of technical supportwould introduce a risk that essentially discounts, in thesense of expected utility, the benefits derivable fromusing the pirated software.

The concept of risk in using pirated software was firstused by Banerjee [1] in his analysis of the software piracyproblem from the perspective of social welfare andgovernment policy. In his model, end user simply cannotbe certain that a piece of software obtained from illegalsources would indeed work as expected. However,his focus was mainly on governmental monitoring ofcounterfeiting business.

We believe that the concept of risk is not onlyapplicable to cases when end user purchase softwarefrom pirates, but also to cases when end users makeillegal copies of licensed software themselves. In fact, aspointed out earlier, the study by Cheng et al. [3] revealsthat there are other risks in using pirated software, suchas the lack of technical support in case of problems andcomputer viruses. In the following, market competition,dichotomization of software protection level, as well asthe risk in using pirated software will be incorporatedinto our analytical model.

3. Horizontal differentiation

We start with the horizontally differentiated marketsetting. Namely, we consider the case when competingsoftware firms aim at the same application area (e.g.symbolic computation, graphics design, web authoring,etc.) but produce software with features differentiatedfrom each other. Moreover, each consumer would valueeach of these differentiated features differently.

For example, consider the desktop operating systemsprovided by Apple Computer and that by Microsoft.Both operating systems are designed to provide an easy-to-use graphical user interface for end users to managetheir personal computers. However, some of the featuresthey provide are unique from each other and thesedifferentiated features are valued differently by differentcamps of consumers.

For simplicity, we model the market as a duopoly andrepresent the heterogeneity in consumers' preferences forthe two different software products using the “linear city”model [6]. In the real software market, very often therewould be an innovator firm at the beginning, followed bya number of other software developers who believe itwould be profitable to sell similar products in the sameapplication area. However, due to fierce market compe-tition among software developers, usually only a fewmajor players might remain when the market becomesstable. Such a phenomenon of market consolidation canbe found in many application areas such as productivitytools, graphics packages, etc. We thus believe that ourduopoly model represents an acceptable approximation ofreality. We denote the two competing products software1 (sw1) and software 2 (sw2) respectively.

3.1. The firms

Before the software is actually developed, the firmwould decide on whether to implement any protectionmechanism against unauthorized copying. As discussedearlier, a dichotomization of protection strategy should


be more appropriate than a continuous level of protec-tion because software products nowadays are usuallyshipped with protection by simple product key codechecking, or without any protection at all. We denotetheir decisions on protection strategies by ηi∈{0,1}(i=1,2) where ηi=0 means firm i has chosen not toimplement protection. However, if a firm chooses toimplement protection (ηi=1), an implementation cost kwould be incurred.

Once the firms decide on their protection strategies,they also need to decide the selling price of their softwarePi (i=1,2). It is assumed that firms would act rationallyand choose their respective optimal prices to maximizetheir own profits. Assuming a zero marginal cost ofproduction for simplicity, the profit of a firm is given by:

pi ¼ pidi � kgi ð1Þ

where di denotes the demand of the software in concern.In order to determine the optimal price, a firm needs toanticipate the possible reactions of both its competitor andthe potential consumers, as detailed in the following.

3.2. The consumers

We will assume full participation by consumers inthat all consumers either buy or pirate one of the soft-ware. There are two main factors, namely benefit andcost, affecting the utility a consumer may derive fromusing a piece of software:

3.2.1. BenefitThe benefit of software would depend on the intrinsic

quality of it as well as how its features match thepreferences of the user. A piece of software that is highlyregarded by one user may not appear to be that useful toanother. In our model for horizontally differentiatedmarket, the intrinsic software quality is assumed to be thesame for both firms and is denoted by q. On the otherhand, consumers are ranked by their preferences of sw1 tosw2, with their relative preference positions denoted byx∈ [0,1]. Namely, a consumer with a smaller x wouldprefer sw1 more to sw2. Considering the deterioration inbenefit due to preference mismatch, we model the benefitof sw1 to a consumer at position x by q− tx where tdenotes the benefit degradation factor (i.e. the “transpor-tation cost”) due to preference mismatch. Similarly, thebenefit of sw2 would be q− t(1−x) to the same consumer.

3.2.2. CostThe cost would simply be the selling price of the

software in case a consumer purchases it. Prices are

denoted by p1 and p2 for sw1 and sw2 respectively. Inthe case of pirating protected software, a cost forpirating would also be incurred. It is assumed that thiscost would depend on individual's characteristics (e.g.technical know-how, available resources for pirating,etc.) but would be more or less similar across differenttarget software to be pirated. As such, the consumer'scost for pirating is modeled to be heterogeneous amongconsumers but the same for both sw1 and sw2. Forsimplicity, we define the cost for pirating as τz where τis the homogeneous scaling factor of piracy costs whilez∈ [0,1] denotes the consumer's heterogeneity in pirat-ing protected software. Essentially, some consumers paya higher cost than others to pirate a piece of protectedsoftware.

As a result, the utility Ub1 and Ub2 derived frompurchasing sw1 and sw2 would be:

Ub1 ¼ q� tx� p1 ð2Þ

Ub2 ¼ q� tð1� xÞ � p2 ð3ÞAs mentioned before, users of pirated software are all

subject to risk. We may express this risk factor by theexpected benefit of using a pirated software copy.Assuming a risk factor of ϕ∈ (0,1), the utility Up1 andUp2 for pirating sw1 and sw2 would respectively be:

Up1 ¼ ð1� /Þðq� txÞ � szg1 ð4Þ

Up2 ¼ ð1� /Þðq� tð1� xÞÞ � szg2 ð5ÞNamely, 1−ϕ is the probability that the pirated

software would work perfectly.

3.3. The market

Having introduced the essential characteristics ofsoftware firms and consumers, we are about to incor-porate the two in a competitive market. Namely, weconsider a competitive market in a three-stage non-cooperative game. In stage 1, software firms set theirrespective protection strategies (η1,η2). In stage 2, firmsdetermine their optimal prices (p1,p2) with the expec-tation that their profits would be maximized. Lastly instage 3, consumers choose whether to buy or pirateeither one of the software so as to maximize their util-ities. The game, in its extensive form, can be illustratedin the following game tree (Fig. 1):

We will study the problem using the Sub-gamePerfect Nash Equilibrium (SPNE) concept. That is, bothfirms would first anticipate the utility-maximizing deci-sions of consumers that would happen at stage 3. Based

Fig. 2. Utilities of buying and pirating sw1.

Fig. 1. Game tree.


on this anticipation and also considering the profit-maximizing behavior of its competitor, a firm determinesits profit-maximizing price under the 4 possible protectionstrategies, namely (η1=1,η2=1), (η1=1,η2=0), (η1=0,η2=1) and (η1=0,η2=0). Lastly, by comparing themaximized profits at each different protection strategy,the two firms set their optimal protection strategies atstage 1 based on the Nash Equilibrium concept. Beforeproceeding with the analysis, the utility function of theconsumer is restated as follows:

U ¼q� tx� p1 if buy sw1ð1� /Þðq� txÞ � szg1 if pirate sw1q� tð1� xÞ � p2 if buy sw2ð1� /Þðq� tð1� xÞÞ � szg2 if pirate sw2

8>><>>:

ð6Þwhile the profit functions of the two firms are given by:

p1 ¼ p1d1 � kg1p2 ¼ p2d2 � kg2

ð7Þ

One may easily note from Eqs. (6) and (7) thedynamics of such a market. Firstly, by setting protectionlevel and price, a firm is affecting the decisions ofconsumers on whether to buy or pirate sw1 or sw2. Suchdecisions would in turn affect the demands for sw1 andsw2. Finally, the profits of firms are actually determinedby the demands for their software, as can be seen fromEq. (7). To continue our analysis, we will first study thedemands for sw1 and sw2 that result from the utility-maximizing behavior of consumers.

3.4. Demand and profit at equilibrium

We will consider the demand of sw1 first. To startwith, let us focus on the effect of x on the consumer'sutility and leave the effect of z alone for the time being.Fig. 2 shows the utility functions for purchasing and forpirating sw1 at each fixed value of z. Firstly, all utilityfunctions of the consumer are linear in x. For sw1, theutilities of the two choices (i.e. buying or pirating) wouldsimply be represented by the two downward-slopingstraight lines Ub1 and Up1. In particular, the slope forbuying is − t whereas that for pirating is −(1−ϕ)t. As ϕ

Fig. 4. Utilities of buying and pirating (horizontal differentiation).


must be within the interval (0,1), Ub1 would always besteeper than Up1. From Fig. 2, it can be easily seen thatconsumers in the range (0,xb1p1) would prefer buying topirating sw1. while those in the range (xb1pi,1) wouldprefer pirating to buying.

We can now consider the effect of z on the demand. Itcan be seen from Eq. (6) that different values of z wouldresult in different intercepts of the pirating utility, asshown in Fig. 3. Note that the intersection point xb1p1would also be changing with z. Considering z, theindifference point xb1p1 becomes a line of indifferencebetween buying and pirating sw1. The consumer's util-ity functions Ub1 and Up1 become 2-dimensional planesin the 3-dimensional space of (U,x,z). The demand forsw1 is simply the projection, on the (x,z) plane, of theregion where the plane Ub1 is the highest. Essentiallythis area is outlined by the indifference line xb1p1 withrespect to z within the interval z∈ [0,1].

More generally, we can derive the utility-maximizingdemands for software from the appropriate lines ofindifference, as will be shown later. It should be notedthat Ub1 and Up1 may not necessarily intersect withinthe interval of x=(0,1). This could happen when thevertical intercept of Up1 is larger than that of Ub1, and inthis case pirating would always undercut buying. Wewould not further analyze this case because the firm willdoubtlessly need to lower its price or abandon themarket as no consumer is buying the product. On theother hand, Ub1 and Up1 would also not intersect whenthe value of Up1 is smaller than that of Ub1 when x=1.In this case, buying would always undercut pirating.Again, we would not further analyze this case becausethere is actually no issue of piracy under such a situa-

Fig. 3. Effect of z on demand.

tion. We may now consider the situation when sw2 isalso put in the picture. Considering the 2-dimensionalspace of (U,x), the utility functions Ub2 and Up2 wouldsimply be two lines having slopes t and (1−ϕ) t respec-tively, as shown in Fig. 4.

We are only interested in the situation when there arenon-zero portions of users buying and pirating sw1 orsw2. This is equivalent to the following assumption thatposits the relations among the intersecting points:

1Nxb2p2Nxp1p2Nxb1p1N0 8 za½1; 0� ðC1ÞNow we can consider the 3-dimensional space of (U,

x,z). As explained previously, the demands for sw1 andsw2 can be derived from the indifference lines xb1p1 andxb2p1. In other words, the demands would simply be theprojections on the (x,z) plane as shown in Fig. 5. Basedon the utility functions of the consumer as given byEq. (6), the demands for sw1 and sw2 are:

d1 ¼Z 1

0xb1p1dz ¼ 1

2sg1 � 2p1 þ 2q/

t/ð8Þ

d2 ¼ 1�Z 1

0xb2p2dz ¼ 1þ 1

2sg2 � 2p2 þ 2q/� 2t/

t/

ð9ÞThat is, the utility-maximizing demands are now

entirely in terms of other model parameters, namely theexogenous q, ϕ, t and τ as well as the endogenous p1, p2,η1 andη2. Similarly, by substituting the anticipated second-stage demands into Eq. (7), the firms' profit functions π1

Fig. 5. Demand (horizontal differentiation).


and π2 can be expressed entirely in terms of the exogenousq,ϕ, t, τ and k as well as the endogenous p1, p2, η1 and η2.

Since firms need to determine optimal prices tomaximize their profits, their problems would be:

maxp1

p1 ¼ maxp1

p1d1 � kg1

¼ maxp1

12sg1 � 2p1 þ 2q/

t/

� �p1 � kg1 ð10Þ

maxp2

p2 ¼ maxp2

p2d2 � kg2

¼ maxp2

1þ 12sg2�2p2þ2q/�2t/

t/

� �p2 � kg2

ð11Þ

Proposition 1. In a horizontally differentiated softwaremarket, protection would be optimal for both firms onlyif kb sðsþ4q/Þ

16t/ . Otherwise, non-protection would beoptimal for both firms.

The Proof of Proposition 1 is shown in the Appendix.We denote the critical value of the protection cost k byk⁎ ¼ sðsþ4q/Þ

16t/ . Note that k⁎ is increasing in τ, the piratingcost. Protectionwould be optimal only if the protection costis below k⁎ which mainly consists of a square term of the

2 The condition τb2qϕ is likely to be valid because the pirating cost shoulof software piracy.

pirating cost τ of the consumer. This suggests that firmsshould prefer only a very simple and low-cost protectionmechanism or no protection at all.

As shown in the Appendix, the optimal prices,demands and profits of both firm should be symmetricalif they adopt the same protection strategy. In case ofprotection, the optimal price, demand and profit shouldbe p⁎1 ¼ p⁎2 ¼ sþ2q/

4 ; d⁎1 ¼ d⁎2 ¼ sþ2q/4t/ and p⁎1 ¼ p⁎2 ¼

s2þ4sq/þ4q2/2�16kt/16t/ respectively. In case of non-protection,

the optimal price, demand and profit would be p⁎1 ¼ p⁎2 ¼q/2 ; d⁎1 ¼ d⁎2 ¼ q

2t and p⁎1 ¼ p⁎2 ¼ q2/4t respectively.

It follows that the optimal profit is increasing in q butdecreasing t in, regardless of whether protection is inplace or not. Namely, optimal profit increases when soft-ware is of higher quality but decreases when the negativeeffect of preference mismatch (i.e. the transportation cost)is high. Also, when protection is in place, the optimalprofit is also increasing in τ, the pirating cost on theconsumer side. These very much conform to intuition.

Comparing the optimal prices and demands for pro-tection and non-protection, it can be seen that the optimalprices and demands for non-protection would always belower than those for protection. In this sense, the pro-tection cost contributes as themajor determining factor forfirms to adopt protection. On the other hand, the effects ofrisk (i.e.ϕ) on the optimal price, demand as well as profitare summarized in the following table of comparativestatics:

d be significantly low

Ap⁎1A/

er than t

Ap⁎2A/

he benefi

Ad⁎1A/

t of the s

Ad⁎2A/

oftware t

Ap⁎1A/

o make a

Ap⁎2A/

Both protect
+ + − − +′ +′ Both not protect + + 0 0 + +
+′: positive if τb2qϕ.

In general, optimal prices and profits should increasewith risk.2 It is also interesting to note that the optimaldemands would decrease with risk in case of protection.The intuition behind is that if the software is protected andthe risk becomes higher, the firm can charge a higher priceand reap a higher profit, although there are actually lessbuying consumers.

4. Vertical differentiation

Having considered the case of horizontally differentiated market, we now consider the case when software productsare vertically differentiated. By vertical differentiation, we mean that software products compete in quality. In general,

case


the higher quality firm can sell at a higher price and also the preference for quality is assumed to be different acrossdifferent consumers.

Vertical differentiation is indeed quite common in the software industry. Many popular software magazines anddownload sites (e.g. PCMagazine, Bytes, download.com, zdnet.com, etc.) offer ratings of software products in terms ofa common set of criteria such as ease-of-use, functionalities, etc. to assist consumers in making their purchasingdecisions.

Themain difference from the analysis of horizontal differentiationwould be in the formulation of the consumer's utilityfunctions. Namely, we denote the intrinsic qualities of sw1 and sw2 by q1 and q2 respectively. Consumers are now rankedby their preferences to the quality of software, denoted by θ∈ (0,1), instead of by their preferences of product features(i.e. x). A consumer with a larger θ would derive more utility from the quality of sw1 and sw2. As such, the benefits ofsw1 and sw2 to a consumer θ would be q1θ and q2θ respectively. Without loss of generosity, we assume q1Nq2.Therefore, the utility functions of the consumer are modified as follows:

U ¼q1h� p1 if buy sw1ð1� /Þq1h� szg1 if pirate sw1q2h� p2 if buy sw2ð1� /Þq2h� szg2 if pirate sw2

8>><>>:

ð12Þ

where the definitions of p1, p2, τ, z, η1, η2 remain the same as in horizontal differentiation.Consider the consumer's utility when pirating either sw1 or sw2. From Eq. (12), it follows that the slope of

consumer's utility with respect to θ when pirating sw1 would always be steeper than that of pirating sw2. It can beeasily seen that when (η1,η2) is either (1,1), (0,1) or (0,0), pirating sw1 would always dominate pirating sw2. When (η1,η2)= (1,0), pirating sw2 may dominate pirating sw1 for some consumers. Denote the point of indifference betweenpirating sw1 and sw2 as θp1p2, it can be seen that no one would pirate sw2 unless θp1p2N0.

Now consider the consumer's utility when buying either software. From Eq. (12), it is clear that the slope ofconsumer's utility with respect to θ when buying sw1 would always be steeper than that of buying sw2. We assume thatthe point of indifference between buying sw1 and buying sw2, denoted by θb1b2, lies somewhere between 0 and 1 (i.e.0bθb1b2b1). (Without this assumption, buying either software would always dominate buying the other.)

Consider the consumer's utility with respect to θ as shown in Fig. 6. Namely, there will be 4 groups of consumers.Those with θ∈ [θb1b2,1] would buy sw1 and those with θ∈ [θp1b2,θb1b2] would buy sw2. Moreover, those with θ∈ [θp1p2,θp1b2] would choose to pirate sw1 while those with θ∈ [0,θp1b2] (if (η1,η2)=(1,0) and θp1p2N0) would choose to pirate

Fig. 6. Consumer’s utility (vertical differentiation).

http://www.download.com

http://www.zdnet.com


sw2. However, we assume that even though sw2 is unprotected, it can only convert a certain portion of consumers frompirating sw1 to pirating sw2, mainly because the pirating cost should be relatively small. More formally, we assume therelations among the intersecting points to satisfy the following:

1Nhb1b2Nhp1b2Nhp2b28za½0; 1� ðC2ÞIntuitively, it implies that the price of sw1 is higher than that of sw2 and both prices are higher than the pirating

cost. Also, the risk of using pirated software is more significant than the quality difference between the products (i.e.q2N (1−ϕ)q1 such that Ub2 is always steeper than Up2).

Similar to our analysis on the horizontal differentiation case, the demands are given by the correspondingprojections of the utility planes onto the (θ , z) plane, as illustrated by the shaded areas in Fig. 7. Namely, the demandsfor sw1 and sw2 are given by:

d1 ¼ 1�Z 1

0hb1b2dz ¼ 1� p1 � p2

q1 � q2ð13Þ

d2 ¼Z 1

0hb1b2dz�

Z 1

0hp1b2dz ¼ p1 � p2

q1 � q2þ 12

sg1 � 2p2q1ð/� 1Þ þ q2

ð14Þ

That is, the utility-maximizing demands would be entirely in terms of the other exogenous model parameters q1, q2,ϕ, τ and k as well as the endogenous p1, p2, η1 and η2. Since firms need to determine optimal prices to maximize theirprofits, their problems would be:

maxp1

p1 ¼ maxp1

p1d1 � kg1 ¼ maxp1

1� p1 � p2q1 � q2

� �p1 � kg1 ð15Þ

maxp2

p2 ¼ maxp2

p2d2 � kg2 ¼ maxp2

p1 � p2q1 � q2

þ 12

sg1 � 2p2q1ðu� 1Þ þ q2

� �p2 � kg2 ð16Þ

Proposition 2. In a vertically differentiated software market, non-protection would always be optimal to the lower-quality firm. Protection would be optimal for the higher-quality firm only if kb

sð8q21/þq1s�8q1q2/�sq2Þ4ðq1þ3q1/�q2Þ2 .

The Proof of Proposition 2 is shown in the Appendix. Again, denote the critical protection cost k by

k⁎ ¼ sð8q21/þq1s�8q1q2/�sq2Þ4ðq1þ3q1/�q2Þ2 . It is apparent that k⁎ is always increasing in τ, the pirating cost. Protection would be

Fig. 7. Demands (vertical differentiation).


optimal only if the protection cost is below k⁎ which mainly consists of a square term of the pirating cost τ of theconsumer. This once again suggests that firms should prefer only a very simple and low-cost protection mechanism orno protection at all.

As shown in the Appendix, the optimal prices, demands as well as profits, if non-protection strategy is adopted byboth firms, would be:

p⁎1 ¼ 2q1/ðq1 � q2Þq1 þ 3q1/� q2

p⁎2 ¼ ðq1/� q1 þ q2Þðq1 � q2Þq1 þ 3q1/� q2

d⁎1 ¼ 2q1/q1 þ 3q1/� q2

d⁎2 ¼ q1/q1 þ 3q1/� q2

p⁎1 ¼ 4q21/2ðq1 � q2Þ

ðq1 þ 3q1/� q2Þ2

p⁎2 ¼ q1/ðq1/� q1 þ q2Þðq1 � q2Þðq1 þ 3q1/� q2Þ2

In particular, the higher-quality firm would charge a higher price and the optimal profit of the higher-quality firm isincreasing in q1 just like the case of horizontal differentiation. The optimal profit of the lower-quality firm is alsoincreasing in ϕ. In case the higher-quality firm chooses to protect, the optimal prices, demands as well as profits of thetwo firms would become:

p⁎1 ¼ ð4q1/þ sÞðq1 � q2Þ2ðq1 þ 3q1/� q2Þ d⁎1 ¼ 1

24q1/þ s

q1 þ 3q1/� q2

p⁎1 ¼ 1

ðq1 þ 3q1/� q2Þ2ð16q31/2 þ 8sq21/þ q1s

2 � 16q1q2/2

�8q1q2/s� q2s2 � 4kq21 � 24kq21/þ 8kq1q2 � 36kq21/

2 þ 24kq1q2/� 4kq22Þ

p⁎2 ¼ ðq1/� q1 þ q2 þ sÞðq1 � q2Þq1 þ 3q1/� q2

d⁎2 ¼ q1/ðq1/� q1 þ sþ q2Þðq1/� q1 þ q2Þðq1 þ 3q1/� q2Þ

p⁎2 ¼ q1/ðq1/� q1 þ sþ q2Þ2ðq1 � q2Þðq1/� q1 þ q2Þðq1 þ 3q1/� q2Þ2

Similar to the case of horizontal differentiation, it can be shown that the optimal prices and demands for non-protection would always be lower than those if the higher quality firm chooses to protect. Again, the protection costshould be the major determining factor for the higher quality firm to choose protection. The effects of risk on theoptimal price, demand as well as profit can be seen from the following table of comparative statics:

Ap⁎1A/

Ap⁎2A/

Ad⁎1A/

3 We mainlypirating costsoftware in ord

Ad⁎2A/

consider the case wshould be significaner for people to con

Ap⁎1A/

hen τb (4 /3)(q1−q2)tly lower than thesider pirating.

Ap⁎2A/

Only firm 1 protect
+″ +″ +″ −″ +″ +″ Both not protect + + + + + +
+ʺ: positive if sb 4ðq1�q2Þ3 ; −″: negative if sb 4ðq1�q2Þ

3 .

Namely, optimal prices, demands and profits would all increase with risk if both firms choose the non-protectionstrategy. In case the higher quality firm chooses to protect, the optimal prices and profits would still increase with risk3

but the optimal demand for the lower quality product would decrease. Intuitively, a higher risk would lead to a higherdemand for the higher quality product but that would essentially reduce the demand of the lower quality product,although it would still result in an increased profit for the lower quality firm due to the increased price.

protection. Furthermore, protection would be profit-

because thebenefits of

5. Discussion

We have considered the optimal protection strategiesunder two different types of market differentiations. Ouranalysis shows that in a vertically differentiated marketthe lower-quality firm would always prefer non-

maximizing only if the implementation cost is low.

4 If protection is chosen, this is subject to some technical constraintsregarding the pirating cost τ.


In reality, we observe that most software developersare still implementing some sort of protection mechan-isms in their software products although strongexternalities effects are quite universal in the widely-expanded software business nowadays. Apparently thisseems to be inconsistent with the findings from previousresearches [4,7]. It is also interesting to note thatcomplicated protection mechanisms are seldom foundnowadays. Most software products just employ a simpleproduct key code validation or registration process toguard against unauthorized usage. The duplicated usesof those product key codes are seldom really checked,nor would they prevent the actual usage of the software.The software protection mechanisms used nowadays areobserved to be converging to a very simple and commonform of product key code validation. It is reasonable toexpect that this sort of mechanisms would not be verycostly to implement and is likely to be reusable on othersoftware products developed by the same firm, furtherlowering the average implementation cost of protection.

Anecdotal evidence supports some of our findings.For instance, Maplesoft's Maple and Wolfram's Math-ematica can be regarded as two horizontally differenti-ated products competing in the area of symboliccomputation software. They are two incompatibleproducts with different sets of features and employdifferent file formats although their problem domainsare similar. Both of them adopt a simple product keycode validation mechanism for protection. It is interest-ing to find that apart from protection strategy, their listedprices are also very similar. These facts are consistentwith our analytical findings.

On the other hand, the Microsoft Office suite and SunMicrosystems' StarOffice package can be regarded asexamples of vertically differentiated products. AsMicrosoft Office has become a de facto standard inthe office productivity area, competitors in thisapplication area have to develop products that arecompatible with it. Unfortunately, Microsoft Office hasbeen adopting a proprietary file format that preventsothers from producing compatible products. StarOfficeactually originated from an open-source initiative thatattempted to reverse-engineer the proprietary fileformats used by Microsoft Office that was believed tobe over-priced. As a result, StarOffice is able to read andproduce documents and spreadsheets in MicrosoftOffice format. However, it never achieves full compat-ibility with Microsoft Office and users may perceive itas a lower-quality product in this sense. Interestingly,Microsoft Office is adopting a protection scheme whileStarOffice is not. Again, this is consistent with ouranalytical findings.

6. Conclusion and future work

Our findings show that the primary consideration ofsoftware protection strategies should be the implemen-tation cost. This may help explain why complicatedprotection mechanisms have mostly been driven out ofthe software market nowadays. Also, the softwaredeveloper of the lower-quality product would tend toadopt non-protection in order to compete with thehigher-quality product in a vertically differentiatedmarket. We have also considered the effects of risk inusing pirated software. In both horizontally differenti-ated or vertically differentiated markets, a firm's profit isfound to be increasing with the risk of using piratedsoftware.4 More interestingly, one may find that risk hasa similar positive effect on profit as product quality.

As mentioned in the beginning of this paper, theexistence of risk in itself does not prevent the use ofpirated software. However, consumers are deterred fromdoing so in view of the uncertainty introduced by the risk.Gopal and Sanders [5] showed that deterrent measureswould be more profit-maximizing than preventive onesfor dealing with software piracy. Our findings about theeffect of risk also support this argument. We attribute oneof the sources of the risk in using pirated software to theunavailability of technical support. However, it should benoted that in this study we do not assume risk to be aparameter controllable by firm. In real life, the risk inusing pirated software is subject to many other factorsbeyond the control of the software firm. We believe thatfirms can actually affect at least two factors: the reliabilityof software product and the quality of technical support.Ironically, the value of technical support increases whenthe reliability of software decreases. It would beinteresting to see how these two factors (i.e. reliabilityand technical support quality) would interact and affectthe firm's optimal strategy. We believe that futureextension of this study can be developed along this line.

Our analysis does not consider the effect ofexternalities. Intuitively, firms should merely have lessincentive to protect their software if there are strongexternalities effects. However, empirical observationshows that most software products are still implement-ing protection mechanisms, albeit only simple and low-cost ones. In this study, we mainly focus on the effects ofprotection costs and risk in a competitive market. Itwould actually be straightforward to extend our modelto include externalities effects as well. This could beanother possible extension of this work.


Appendix A

Proof of Proposition 1. Based on Eqs. (10) and (11), the respective FOCs and SOCs are:

FOC :Ap1Ap1

¼ 0 Z12�4p1 þ sg1 þ 2q/

t/¼ 0 SOC :

A2p1Ap21

b 0 Z � 2t/

b 0 ðA1Þ

FOC :Ap2Ap2

¼ 0 Z12�4p2 þ sg2 þ 2q/

t/¼ 0 SOC :

A2p2Ap22

b 0 Z � 2t/

b 0 ðA2Þ

By solving the FOCs of Eqs. (A1) and (A2) simultaneously, the optimal prices p1⁎ and p2⁎ are derived for the 4different possible protection strategies, namely (η1=η2=1), (η1=1,η2=0), (η1=0,η2=1) and (η1=0,η2=0). Theoptimal prices and resulting profits are shown below:

Firm 2: Protect
Firm 2: Not protect
Firm 1: Protect
p⁎1 ¼ sþ 2q/
4p⁎1 ¼ s2 þ 4sq/þ 4q2/2 � 16kt/

16t/

p⁎2 ¼ sþ 2q/4

p⁎2 ¼ s2 þ 4sq/þ 4q2/2 � 16kt/16t/

p⁎1 ¼ sþ 2q/

4p⁎1 ¼ s2 þ 4sq/þ 4q2/2 � 16kt/

16t/

p⁎2 ¼ q/2

p⁎2 ¼ q2/4t

2
Firm 1: Not protect p⁎1 ¼ q/
2p⁎1 ¼ q2/

4t

p⁎2 ¼ sþ 2q/

4p⁎2 ¼ s2 þ 4sq/þ 4q2/2 � 16kt/

16t/

p⁎1 ¼ q/2

p⁎1 ¼ q /4t

p⁎2 ¼ q/2

p⁎2 ¼ q2/4t

The SOCs in Eqs. (A1) and (A2) only require t,ϕN0 that thus should always be satisfied. Constraints in Eq. (C1) arealso verified. Comparing the profits resulting from different protection strategies, it follows that when kbτ(τ+4qϕ)/16tϕ, protection would be optimal for both firms. Otherwise, non-protection would be the optimal strategy leading tomaximum profit. □

Proof of Proposition 2. Based on Eqs. (15) and (16), the respective FOCs and SOCs are:

FOC :Ap1Ap1

¼ 0 Z�2p1 þ q1 � q2 þ p2

q1 � q2¼ 0 SOC :

A2p1Ap21

b 0 Z � 2q1 � q2

b 0 ðA3Þ

FOC :Ap2Ap2

¼ 0 Z12�4q1/p2 þ 2p1q1ð/� 1Þ þ 2p1q2 þ sg1ðq1 � q2Þ

ðq1 � q2Þ½q1ð/� 1Þ þ q2� ¼ 0

SOC :A2p2Ap22

b 0 Z � 2q1/ðq1 � q2Þ½q1ð/� 1Þ þ q2�b 0

ðA4Þ

Then, by solving the FOCs in Eqs. (A3) and (A4) simultaneously, the optimal prices p1⁎ and p2⁎ are obtained for the4 possible strategies. The optimal prices and resulting profits are:

Firm 2: Protect
Firm 2: Not protect
Firm 1: Protect
p⁎1 ¼ ð4q1/þ sÞðq1 � q2Þ
2ðq1 þ 3q1/� q2Þ p⁎1 ¼ A


p⁎2 ¼ B� k

p⁎1 ¼ ð4q1/þ sÞðq1 � q2Þ2ðq1 þ 3q1/� q2Þ p⁎1 ¼ A


p⁎2 ¼ B

Firm 1: Not protect
p⁎1 ¼ 2q1/ðq1 � q2Þ
q1 þ 3q1/� q2p⁎1 ¼ C


p⁎2 ¼ D� k

p⁎1 ¼ 2q1/ðq1 � q2Þq1 þ 3q1/� q2

p⁎1 ¼ C


p⁎2 ¼ D


where

A ¼ 1

ðq1 þ 3q1/� q2Þ2ð16q31/2 þ 8sq21/þ q1s

2 � 16q1q2/2 � 8q1q2/s� q2s

2 � 4kq21 � 24kq21/þ 8kq1q2 � 36kq21/2 þ 24kq1q2/� 4kq22Þ

B ¼ q1/ðq1/� q1 þ sþ q2Þ2ðq1 � q2Þðq1/� q1 þ q2Þðq1 þ 3q1/� q2Þ2

; C ¼ 4q21/2ðq1 � q2Þ

ðq1 þ 3q1/� q2Þ2; D ¼ q1/ðq1/� q1 þ q2Þðq1 � q2Þ

ðq1 þ 3q1/� q2Þ2

B� D ¼ q1/sð2q1/� 2q1 þ sþ 2q2Þðq1 � q2Þðq1/� q1 þ q2Þðq1 þ 3q1/� q2Þ2

N0 and A� CN0 iff kbsð8q21/þ q1s� 8q1q2/� sq2Þ

4ðq1 þ 3q1/� q2Þ2

The SOCs for profit maximization are satisfied when q2Nq1(1−ϕ), which is actually one of our assumptions.Constraints implied in Eq. (C2) are also verified. It can be seen that the dominant strategy for the lower-quality firmwould always be non-protection (i.e. BNB−k and DND−k). To the higher-quality firm, protection would only beoptimal if kbsð8q21/þ q1s� 8q1q2/� sq2Þ=4ðq1 þ 3q1/� q2Þ2. □

References

[1] D.S. Banerjee, Software piracy: a strategic analysis and policyinstruments, International Journal of Industrial Organization 21(2003).

[2] Business Software Alliance, Eighth Annual BSA Global SoftwarePiracy Study: Trends in Software Piracy 1994–2002, (BusinessSoftware Alliance, 2003).

[3] H.K. Cheng, R.R. Sims, H. Teegen, To purchase or to piratesoftware: an empirical study, Journal of Management InformationSystems 13 (4) (1997).

[4] K.R. Conner, R.P. Rumelt, Software piracy: an analysis ofprotection strategies, Management Science 37 (2) (1991).

[5] R.D. Gopal, G.L. Sanders, Preventive and deterrent controls forsoftware piracy, Journal of Management Information Systems 13(4) (1997).

[6] H. Hotelling, Stability in competition, The Economic Journal 39(153) (1929) 41–57.

[7] O. Shy, J.F. Thisse, A strategic approach to software protection,Journal of Economics & Management Strategy 8 (2) (1999).

[8] J. Tirole, The Theory of Industrial Organization, MIT Press, 1988.[9] US-CERT, US-CERT Vulnerability Notes (http://www.kb.cert.

org/vuls), (US-CERT, 2004).

Samuel Shu Kin Kwan is the Head of WWWand Server Technology at the Hong KongUniversity of Science and Technology. He ex-pects to receive his PhD in Information Systemsin 2007.As an industry expertwith over 20 yearsof technical and managerial experience, he wasengaged in various R&D endeavours such asparticipating in the Internationalization (I18N)Working Group of the World Wide Web
Consortium (W3C) as well as designing the
first client-to-client Mondex Internet Payment solution. His currentresearch interests center around the phenomenon of digital piracy, itsbehavioral determinants as well as economic and organizational impacts.

Jeevan Jaisingh is an Assistant Professor atthe Hong Kong University of Science andTechnology. He received his PhD in MIS fromPurdue University. His research interests lie inthe areas of open source software, piracy,
privacy and vulnerability disclosure. His work has been published, or is forthcoming in Euro- pean Journal of Operational Research, Journal of Organizational Computing and ElectronicCommerce, Journal of Electronic Commerce
Research and Journal of Information Technology and Decision Making.

Kar Yan Tam is Chair Professor of Informa-tion and Systems Management at the HongKong University of Science & Technology.His research interests include adoption ofinformation technology, electronic commerceand web personalization. He has publishedextensively on these topics in major manage-
ment science and information system journals. He is currently on the editorial board ofInformation Systems Research and a number
of IS journals. Prof. Tam has extensive consulting experience withmajor companies including HSBC, Sun Microsystems, Symantec, andHutchison Telecommunications.

risk of using pirated software and its impact on software protection strategies

Documents