by Giuseppe De Filippo and Chris Ip

Outsourcing Software Development to China: Leaks in the Great Wall

Jan 15, 20066 mins
Enterprise ApplicationsSecurity

An increasing number of software companies as well as CIOs from a variety of industries are looking to China to outsource some of their software development. Good experiences in India have made the prospect of going far offshore more palatable. And as prices in India and other markets rise, cost-conscious CIOs are looking for even less-expensive alternatives.

If done properly, outsourcing to China can be a great opportunity. Chinese development is considerably less expensive than in most other places now being used. And China’s capabilities are growing rapidly, thanks to increasing economic development and improving technology education.

But there is one big red flag that gets raised when U.S. executives talk about sending work to China—weak intellectual property (IP) protection. A recent survey by China’s Ministry of Information Industry found that 61 percent of foreign companies operating in China see software piracy as the number-one problem of doing business there. Indeed, the IP issue may be why the Chinese outsourcing industry is facing fragmentation and low market share. In 2004, China captured only $700 million (U.S.) of the global IT outsourcing market, valued at $198 billion, and there are virtually no outsourcing players there with more than a few thousand employees. Multinational companies based in the United States, European Union or Japan fear that disreputable service providers could resell their software under a different name or even sell the code to competitors.

However, while there has been a high rate of theft of personal productivity and entertainment software at the consumer level (software that usually ships in a few CDs and does not require customization or expert knowledge for installation), there are few, if any, documented cases of IP being stolen or compromised when a Chinese development company was involved. The low theft rate of Chinese-developed software is due in part to the fact that most of the software work now done in China is for the Japanese market, which splits the source-code development across many vendors so that no one vendor has access to the complete code.

In reality, software developed for corporations is difficult to copy because it invariably is tailored to specific business requirements and so is not easily replicable, and it’s likely to require expertise to install. The China head of a leading ERP software company confirmed that the company does not face issues with piracy in China because its software “does not come shrink-wrapped in a CD, and you cannot just press ’install’ to install it.” Its software requires complex configuration, and companies can’t derive business benefits until such configuration happens.

The perception that China is an unsafe place to develop code may be based on the fact that China’s enforcement of IP rights lags behind its enactment of IP laws. Historically, there has been little consequence to the domestic use of pirated software, especially if developed by foreign companies and used for personal use. In the recent McKinsey China Software Industry Survey, which surveyed the top 100 software companies in China, 60 percent of the executives interviewed were sympathetic toward local customers’ propensity to use pirated software developed by foreign companies. China tends to deal more harshly with stolen software sold to foreign entities than with software sold domestically. The laws themselves are not as clear-cut as those in the United States. An attorney from a leading IP law firm in China said that “laws to protect software copyright resemble those in Europe…There is a gray area as to what constitutes ’significant’ resemblance—hence, copyright infringement—of two products.”

The risks can be mitigated if companies follow some basic guidelines to manage the development environment, educate and manage the staff, and pursue breaches and illegal users. Companies that are outsourcing (or offshoring) successfully in China set and enforce standards in these three areas:

The Development Environment

It’s important to choose service providers that enforce physical protection. With proper safeguards, employees have no way of copying code or sending it outside the workplace. For example, one multinational with a development center in Hangzhou uses diskless computers on a closed network with no external connection and no printers. Access to the center is strictly controlled, and programmers may only download or upload data or code from the central server under strict supervision.

Key measures:

n Use computers with no USB or disk drives and no external network connection to prevent copying.

n Split the project into different pieces and different locations, so that no single employee has the complete code base.

n Use biometric and fingerprinting techniques to track who is doing what.

n Use a strict code-tracing technique to monitor copying.

Staff Education and Training

Successful companies proactively educate their staff about the legal aspects of IP, and they manage those issues on an ongoing basis. For the CEO of a 120-person company, “IP issues are central to the corporate culture and are reinforced by ongoing workshops and training.”

Key activities:

n Enforce IP protection in employment contracts, for example, through tough penalties.

n Have employees leave their personal effects in a locker room, then go to the computer room to work.

n Educate employees on IP rights and create an IP-focused environment.

It’s important to know that your outsourcing provider will aggressively pursue breaches and users. Choose companies with assets in the United States or Europe, where your legal agreement can be easily enforced and is legally binding for both partners.

Key measures:

n Use a nondisclosure agreement and related contract regulated under U.S. or E.U. jurisdiction.

n Prioritize companies with U.S. or E.U. operations so you can sue their U.S. or E.U. subsidiaries under overseas law.

n Require that all employees and subcontractors sign a nondisclosure agreement as part of their employment contract.

n Hire detectives to identify users of illegal copies and approach top management with your evidence.

n Maintain and publish lists of culprits and breaches.

Despite the perception that software piracy in China is rampant, there are few cases where foreign companies have been harmed by outsourcing to China. That’s because many foreign companies have managed to effectively deal with piracy and the leading outsourcing companies in China by adopting these measures. Multinational companies planning to outsource will soon face a shortage of skilled resources in the traditional outsourcing countries and must consider how to leverage the engineering talent pool that China offers.