LEGISLATIVE COUNCIL PANEL ON
INFORMATION TECHNOLOGY AND BROADCASTING


Use of Unauthorised Software within Government



Introduction

This paper briefs Members on the measures taken to prevent the use of unauthorised computer software within Government.

Background

2. Government is fully committed to the protection of intellectual property rights. This commitment is underpinned by our respect for private economic rights and our recognition of the importance of a robust intellectual property rights protection regime to our economic growth.

3. The management and proper use of computer software is the responsibility of the user bureaux and departments. To assist Heads of Bureaux and Departments in discharging this responsibility, the Information Technology Services Department (ITSD) and the Intellectual Property Department (IPD) have laid down clear and specific guidelines on the use of authorised and licensed software within Government to guard against any infringement of intellectual property rights. These two departments also provide technical and advisory support to user bureaux and departments on an ongoing basis on matters relating to copyright in computer software.

Measures to ensure the proper use of software

4. ITSD has for many years promulgated a set of guidelines on the management and use of software in the form of circulars for reference by Government users. Topics covered include authorised sources of supply, maintenance of software inventories, software security control, user awareness of licensing requirements and legitimate copying and modification of software. A summary of the guidelines is at Annex A.

5. IPD will shortly publish a handbook called "Managing Intellectual Property in the Government". This handbook provides a brief introduction on the intellectual property law in Hong Kong as it affects the work of the civil service and subvented organisations (copy at Annex B). Specific reference is made to intellectual property issues related to the use of computer software in Government (pages 13-14 and 17-18 of the handbook refer).

6. To encourage the wide adoption of good practices on the use of computer software within Government, ITSD and IPD have adopted a range of measures encompassing prevention, education, monitoring, and action on violation. These are described in the following paragraphs.

Prevention

7. To ensure that all computer users within Government are aware of proper management and use of computer software, ITSD has asked Heads of Bureaux and Departments to re-circulate the relevant guidelines to users periodically (the recommended interval is every three months) and ensure that users understand the requirement that only authorised software can be used.

8. ITSD also provides technical assistance and advice on best practices in the implementation of the promulgated guidelines through its help desk and electronic publication on the internal network. Users are also advised to seek assistance from IPD if they have any enquiries about their rights and liabilities in specific cases.

Education

9. IPD arranges general training on intellectual property protection on a regular basis. ITSD also organises seminars on issues related to the management and use of computer software within Government. In March 1998, for example, ITSD, IPD, and the Business Software Alliance jointly conducted a seminar for Government users to discuss matters relating to intellectual property rights. A seminar on the proper use of software in the local area network environment will be organised by ITSD in July 1999.

Monitoring

10. An effective monitoring system will help to ensure compliance with the guidelines among Government users. To this end, ITSD has advised bureaux and departments to maintain an inventory of users' software and the installed location of such software for subsequent checking from time to time. Users are also reminded to regularly take inventory of the software licenses purchased, being used and disposed of to ensure that an up-to-date and consistent record is kept.

11. To encourage the setting up of an effective monitoring system in Government bureaux and departments, IPD recommends the implementation of an intellectual property Compliance Officer Scheme (pages 22-23 of the handbook at Annex B refer). Compliance officers are designated officers entrusted with the responsibility to assist Heads of Bureaux and Departments in ensuring compliance with the guidelines on the protection of intellectual property rights throughout the bureau/department. Their duties with regard to the protection of intellectual property rights pertaining to computer software include -

  1. ensuring that departmental training covers Government's intellectual property compliance guidelines;

  2. maintaining a software inventory record;

  3. carrying out computer hard-disk audits to ensure that computer software is licensed and is being used in accordance with the license conditions;

  4. regularly reviewing compliance issues with departmental local area network administrators; and

  5. being the first point of contact in bureaux/departments to advise on day-to-day compliance matters, and helping their bureau/department to seek further advice from IPD if necessary.

IPD provides advisory support to other Government bureaux and departments in the implementation of the Compliance Officer Scheme. It will also jointly organise seminars with the Civil Service Training and Development Institute in September 1999 to promote this scheme.

12. To assist users in managing their software assets, ITSD has conducted technical evaluation on software inventory management tools. These tools include scanning tools (which can detect installed software which has not been registered) and metering tools (which can prevent the use of software in excess of the number of licenses purchased for the software in a networked computer system). ITSD will continue to disseminate up-to-date technical information about these tools through technical publications distributed to bureaux and departments.

Actions on Violation

13. Bureaux and departments are advised to take positive and firm action in cases of non-compliance with the guidelines concerning the use of authorised software. In case any unauthorised software is found on Government computers, it will be removed immediately from the computers concerned. Individual officers found to have breached guidelines and regulations on the use of authorised software may be subject to disciplinary action in accordance with the Civil Service Regulations.


Information Technology and Broadcasting Bureau
July 1999

Annex A

Summary of Guidelines on the
Proper Management and Use of Computer Software within Government

  • Ensure all software that is installed or run on Government computers is obtained officially from an authorized dealer/supplier and is legitimately acquired. Unauthorised software should be removed immediately from the computers concerned.

  • Identify the owner of the software. All software licenses, media and documentation must be clearly marked with the identified owner, and they should be stored in a safe location. Responsibilities for the copying, protection and distribution of licensed software should be clearly defined.

  • Keep the license certificate for each software. Read and understand the licensing agreement attached to the software. Consult the software vendor or the Intellectual Property Department (IPD) if there is any doubt. For group license, it is also necessary to make sure that the number of installed software copies does not exceed the number of software licenses purchased.

  • Devise security control procedures to ensure compliance with all software licenses, purchase agreements and the existing legislation on copyright as advised by IPD.

  • Perform periodic reviews and audits of software assets to ensure an adequate software license coverage.

  • Ensure general awareness of all computer users on the proper management and use of computer software. Re-circulate the relevant circulars and guidelines periodically (say every three months) to remind users of the requirement that only authorised software can be used on Government computers.

  • Maintain an inventory of the software in use in the user bureau/department and the resident location for subsequent checking. Regularly take inventory of software licenses purchased, being used and disposed of to ensure that an up-to-date and consistent record is kept.

  • Verify the legality of all software currently residing on users' computers through regular/random spot checks or by using software inventory tools. When upgrades of software are purchased, the old version may be required to be disposed of depending on the purchase agreement.

  • Ensure that there is no unauthorized copying and modification of materials which will lead to violation of software license. Software on loan to others should be removed from the lender's computer first before it is delivered to the borrower. Moreover, the borrower should remove the software from the computer after use, before returning the software to the lender.

  • Staff must not bring software licensed personally or his own computer to the office to carry out office work.

  • Staff must not copy software licensed for Government use for his personal use.

  • Software should not be downloaded from the Internet to run on Government computers without the permission of the copyright owner and the Head of Bureau/Department.

  • Bureaux and departments should ensure that they are familiar with the guidelines and advice provided by IPD concerning the management of intellectual property within Government. Bureaux and departments should seek advice from IPD if they are in doubt about their rights and liabilities in specific cases relating to intellectual property.