Al Green Retires     Searching for a New CEO

Incentives, Deterrence, and Defence

In the fall of 1991, a heated debate erupted on the technical group's electronic mail system about how best to protect Release 12 from piracy, it having been determined that patching one bit in Release 11 enabled it to run without the hardware lock. As the debate spiraled upward into “if we do this and they do that and then we do this and they respond in this manner, well, then we'll do the other thing to keep them from sneaking around it by…,” I thought it was high time to step back and consider just why people pay for software at all rather than stealing it, especially since many of the most highly profitable contemporary software packages contained no protection whatsoever against unauthorised use. My hidden agenda was to get people thinking about what benefits Autodesk could provide our legitimate customers which could be easily denied to pirates and which might, in the mind of a moral mugwump, tilt the balance toward buying a legal copy.

In this letter I rolled out the idea of an “Autodesk Global Village” network of bulletin board systems to a broad audience for the first time—I'd been discussing it various people in private E-mail for a month or so.

Software Piracy:
Incentives, Deterrence, and Defence

by John Walker — October 14, 1991

Let me start by establishing some terminology for discussing the problem and potential solutions. When faced with the possibility of something nasty being done to you by somebody else, there are basically three approaches you can take to avert the unpleasantness.

Defence consists of active measures intended to make the event you're worried about impossible or at least unlikely to succeed. “If you try to hold up my store, you'll have to contend with the .45 Auto I keep in the cash drawer”. Or, “Go ahead, invade; we have three times the troops and twice the tanks, and we'd like the opportunity to even the score with you.”

Deterrence is a strategy based on persuading the opponent that doing whatever you're trying to prevent is a really dumb idea. Defence and deterrence are usually interrelated since a convincing defence is an excellent deterrent, but sometimes deterrence can be achieved without mounting a full defence. The “massive retaliation” strategy of NATO in the 1950's is a classic example: “Cross the border and we'll bomb you back to the Stone Age.” Bombers and missiles may seem expensive, but they're dirt cheap compared to the multi-million-man army it would take to actually defeat an invasion. Closer to home, consider radar traps on the highways. If you never know when you may be nailed for speeding, you're less likely to drive fast. At least that's the theory.

Incentive strategies attempt to tilt the balance your potential adversary uses to weigh alternatives. Certainly knowledge of an effective defence or belief in a credible deterrent creates incentives to think good thoughts and do good deeds, but incentives needn't be the products of negative, defensive measures. A country enmeshed in a web of trading relationships with other countries, commerce on which its own prosperity as well as that of its trading partners is based, is far less likely to ponder aggression against them since doing so would impoverish itself.

The three strategies are “nested” in the sense that defence always creates a deterrent and deterrence creates incentives, but it doesn't go the other way. Incentives needn't involve deterrence or defence at all, nor need a deterrent necessarily be based on a defence capable of defeating the adversary. In terms of cost, defence is the most expensive, deterrence less costly, and pure incentives often have a negative cost—if you create incentives by cooperation and mutual benefit, you generate additional wealth for both parties.

I believe there's a tendency to focus on defence and deterrence and neglect both the value and the efficacy of incentives in inducing the desired behaviour. Think about it. Fundamentally, why doesn't everybody go around holding up gas stations? Is it because all the guys at the pumps are armed? No. In practice, very few are. Is it because the cops might be lurking behind the Pepsi machine, or you're afraid the tireless minions of the law will track you down and drag you to justice? Perhaps, but not very likely. Basically, I think the reason you and I don't hold up gas stations, or at least don't do it any more, is because we'd rather live in a world where we can go to the gas station and fill up the tank in peace rather than live in something resembling an armed camp. Consider red lights. Do you really stop at red lights because you're afraid a flic is hiding behind a tree, or because you'd rather live in a world where you can drive through a green light without slowing to a creep and looking left and right for fear somebody who didn't stop at the red?

What about the guys who do hold up gas stations, roar through red lights, and, for that matter, invade neighbouring countries? Have they convinced themselves that the defence can't stop them? Almost always. Is it because they aren't deterred by what might happen if they try? Sure. But is that why they do it? I don't think so. They do it because they believe that it's worth trying; that what they stand to gain outweighs what they risk losing, all things considered. In such a situation, it's often wiser to try to work on the incentives rather than getting stuck on defence and deterrence. Consider the following alternatives a convenience store chain might adopt when faced with a problem of frequent hold-ups:

  1. Arming the third shift checkout clerks. (Defence.)
  2. Giving away coffee and doughnuts to the police so they stop in whenever they drive by. (Deterrence.)
  3. Never keeping more than US$10 in the cash register; all other money is in a dynamite-proof safe with a time lock. (Incentive.)

I would argue that item (3), once it had seeped through the thick skulls of the Beagle Boys, would do more to reduce the incidence of stickups than any of the other means.

What does all this mean for Autodesk and our problem of software piracy?

First, let's look at the different strategies we have adopted and can adopt to the end of preventing the theft of our products.

The hardware lock is our ultimate line of defence. We deploy it on the front lines of piracy and its mission is as simple and clear as that of a tank—to prevent any and all potential malefactors' running extra copies of AutoCAD by main force—by making it impossible. Like most kinds of defence, the hardware lock is expensive, virtually doubling the cost of goods for every locked copy we sell and burdening us with additional development, QA, manufacturing, and product support costs which are difficult to calculate but certainly run into the millions of dollars a year. Like the cost of maintaining an army, we justify these expenses by arguing that, however high, they're still less than the cost of risking the alternative—we'd lose even more in sales if we abolished the lock. Other copy protection schemes also constitute defence. And like defence in the modern world, there are never-ending promises of “cheap, guaranteed effective” technological fixes which never seem to pan out in practice or only trigger a costly game of technological leapfrog between the developers of defences and those attempting to circumvent them.

We exercise deterrence by such measures as serialisation, personalisation (in Release 11 and afterward), and by the efforts of the AutoCops and their brethren and sistren abroad in tracking down and bringing to justice those who use our product without paying for it. This is deterrence in the purest form; nothing prevents you installing a US-domestic version on 10 machines, or purchasing a copy of DONKEY to patch the AutoCAD executable to allow it to run without a hardware lock. But there's that lingering worry…. Might there be a little piece of code in there that, one bright Monday morning, will wipe everything on my network? Will that guy who quit and went to work for the AutoCAD dealer turn us in? What if that fella I lent my discs to lets them get away and suddenly there's half a million copies running around with my name and serial number on them? Do I really want the president of my university to have to issue a public apology after settling a lawsuit because I used 20 bootleg copies in my lab class?

I'm not saying that any of these means are ineffective, nor that there aren't ways in which we could reinforce our defence and increase the credibility of our deterrent. But keep in mind that anything we do in those veins is essentially defensive in nature and negative in effect. When I say negative, I don't mean that Autodesk and its dealers don't benefit from the reduction in piracy engendered thereby, but that no defensive or deterrent measure benefits the user in any way except in the most tenuous and indirect way conceivable—by improving the profitability of the vendor, thereby funding updates and upgrades. That's pretty abstract though, especially when you're faced with the alternative of buying a lock buster or forking over DM12,300 for a legal copy of AutoCAD R11+AME.

What are the incentives to own a legitimate, fully-paid copy of AutoCAD? Well, you get a nice, hardbound manual—generally of much higher quality than what you get with a bootleg copy, and certainly more complete and useful than the various “Buccaneer Books” which masquerade as “simplified user guides” but are primarily bought by people who knock off the software. You have a dealer you can go to who may be able to help you with various problems…but then you could just as well go the local user group or ask your brother-in-law. You have the right to buy updates without finding a bootleg copy of the update. And then…and then?

What could we do, if we applied the same creativity we've used in squeezing a mainframe CAD system into 640K or building a global sales and support organisation by developing our dealer channel, to increase the incentives for a user to own a legitimate copy of AutoCAD rather than running a pirated copy? What additional value could we provide to legitimate users which is denied, in principle, to those who make illegal copies?

I'm asking you, not trying to sell a list of my own.

Here are some examples of incentives I've stumbled across in the week or so I've been turning this issue over in my mind. These are intended to stimulate your creativity, not constrain the alternatives.

AutoCAD Global Village

This is my current obsession. If you're interested in this, please subscribe to the “Global_BBS” mail alias. Suppose that when you purchased a legitimate copy of AutoCAD you received an access code which would allow you, simply by dialing a local phone number (our goal would be that 95% of the AutoCAD users world-wide would be able to access AGV with a local call), to access every file contributed by any other registered AutoCAD user in the world, send mail to any other user or interest group, and access the combined knowledge of more than half a million other AutoCAD users. And if you had a pirated copy? Sorry, Charlie. (I'll leave means for access control and validation to those who know more about such matters than I—but I'm sure effective solutions exist.)

Anyway, here's a genuine and unique advantage of becoming a full-fledged member of the AutoCAD community. The AutoCAD community becomes, in fact, not just an abstract concept we talk about in publicity but something tangible—an electronic link connecting every AutoCAD user who wishes to participate with every other user in the world—providing access, in time, to the collected wisdom of virtually every being engaged in design on this planet.

In the distant past when I was a kid, there were lots of people who couldn't imagine a world in which anybody could pick up a telephone, punch 12 or 15 digits, and within seconds speak to anybody else on the planet with a similar instrument. How easily we adapt to miracles! When Autodesk was founded, most people couldn't even imagine a world in which virtually any business could send mail, within seconds, to any other business on the globe. Today, not only do radio stations in Los Angeles take requests by FAX, in the tiny village in Switzerland where I live, even the butcher takes orders by FAX, for pickup later in the day.

And still, to many people, a world in which any user of a software package can communicate, send files, access libraries, and ask questions of any other user of that product is something “utopian,” “futuristic,” or something that may happen “once Xanadu ships.” People, it's something that I believe is going to be an integral part of the applications that dominate the software market by the year 2000, and it's something that Autodesk can implement, simply by deciding we want to.

In about six months, more or less. Without any software development.[Footnote]

By doing this we can not only utterly tilt the incentives toward owning a legal copy of AutoCAD that connects you with the AutoCAD Global Village, but in favour of AutoCAD as opposed to the other CAD systems sold by less imaginative companies that encyst their users in little islands of computing rather than uniting them in the global web of design, engineering, architecture, and manufacturing.

(Please spare me mail about “our contract with CompuServe,” the “support burden,” the “need to wait for a market to develop” and all the other stuff. I'm talking about creating incentives that don't currently exist, opening markets that aren't currently saturated, and developing businesses that the analysts won't analyse until somebody creates them. As that great American philosophical institution, Burger King Corporation, once said, “Sometimes you gotta break the rules”.)

The CD-ROM

Including a CD-ROM with AutoCAD[Footnote] and treating it as an integral part of the value added of the product, not a glorified “bonus disc,” creates a large technologically-supported incentive for owning a legitimate copy. CD-ROMs are easy to copy but very expensive (for the next few years) to duplicate. Huh? What I mean is that if you're willing to buy 600 megabytes of hard disc and fill it with the contents of a CD-ROM, there's no problem doing so, but most users will opt for using the CD-ROM that comes with a legitimate copy instead. What would be on the CD-ROM? Use your imagination …a full hypertext indexed reference manual …annotated source code for model ADS applications …a library of a million useful symbols …ten thousand fonts…. Let your mind free run and see what you come up with.

Your Suggestion Here

Incentives! Think about it. Let's not only concentrate on “more software in the box”[Footnote] but also on “more value for the legitimate user.” Sure, let's continue to defend against piracy and deter people from thinking of it. But let's also scour our brains for ways we can deliver additional value to the good guys—our legitimate customers, while denying those benefits, inherently, to the black hats who choose not to pay.

There will always be software piracy; all efforts to reduce it must aim at reducing the incidence, not eliminating it. No vendor has been able to find a technological fix, an “Astrodome impregnable defence” against piracy. No vendor or consortium of vendors has been able to deter piracy, except at the margin, by threats of legal action. Let's see what we can do with incentives. Can we come up with things we can make our software and our company do which, together, make it obvious to the person tempted to pirate our software that they're better off, in a purely economic sense, being inside the circle with a legal copy than skulking outside with a bootleg one?

If we can, we could not only end the adversarial relationship between software vendors and users but establish a new partnership between vendors and customers. Autodesk could, by doing this, define a new standard of “customer-orientation” for the software business in this decade and those that will follow.

And the bottom line? Well, every dollar that makes it there came, originally, from the pocket of a customer.

Al Green Retires     Searching for a New CEO