Let’s do IT with a dongle

If I build something physical, say a chair, and you steal it, I have lost the benefit of my labour. Now I think no one in their right mind would suggest such an action is ethical or defensible.

But if I build a piece of software and you take a copy without paying me, there are many people who would not judge your actions as harshly as your theft of the chair. “Well,” many would say, “it is just software, not a real thing like a chair.”

But the reality is that the theft of the software represents a real loss to me. The fact that I can make an infinite number of identical copies for next to nothing is irrelevant. The work of creating the software was every bit as real as the work I put into making the chair, and my rights to my creation and the profit from it should not be violated.

So given that there is a prevailing sentiment that software theft is somehow OK and many otherwise ethical people share and act upon that idea, it seems we need to address the problem in a practical way.

If we don’t do something concrete, there will be consequences. These consequences could well be increased software prices for “quality” titles, a reduction in the number of vendors (not enough money to go around), a drop in software quality because of lack of competition (although many might argue that this already has happened), and increasingly Draconian laws that address the vested interests of lobbyists but don’t address the real problem and just make life harder for law-abiding IT folk.

After all the commentary I have read by industry pundits and vendors and the feedback I have received from readers concerning Microsoft Windows XP product activation and software piracy, I have come to the conclusion that there is only one solution: we need to return to dongles.

For those who don’t recognize the term, a dongle is a hardware device that attaches to your computer to provide a physical confirmation that you have the right to run a specific software title.

Dongles fell out of favour some years ago because users complained that the devices were clumsy. Today, only a handful of vendors use this technology – AutoCAD is a prime example – and while there are problems, the system seems to work well enough for those products that use it.

The great thing about dongles is that a lot of the messy business of establishing your rights to use a product is eliminated by having to possess a physical “thing.” Yeah, I know that bogus dongles could be made, but I’m thinking that the dongle would have content, or even onboard processing, to make forgery orders of magnitude more difficult.

So here’s my thinking: We need an open standard for a dongle mechanism that attaches to PCs to provide the authentication required to run a given software title. The dongles could be plugged into a reader attached to a Universal Serial Bus port, and adapters to convert USB to serial or parallel ports for non-USB equipped machines could be supplied.

The dongle would have to be quite small, as the system would have to be capable of supporting hundreds of them – Dallas Semiconductor’s iButton (www.ibutton.com) looks like a promising technology for this.

The dongle could be as simple as a read-only device containing a licence key or as complex as the Dallas Semiconductor Java-Powered Cryptographic iButton, which could even provide the PC with portions of the application to be run.

This would be simple for end users. Want to install an application on multiple machines? Go ahead. To run the application, just plug in the dongle. Vendors could let users merge dongles so a single dongle could service multiple applications.

This would require a set of underlying industry standards to make the concept practical. It would also require the support of rational, ethical users to drive its acceptance. Does that include you?

Gibbs is a contributing editor at Network World U.S. Cries of fury or applause to nwcolumn@gibbs.com.