Yesterday Oracle and technical support arch rival Rimini Street Inc. (“Rimini Street”) took their court fight to the U.S. Supreme Court. The battle is over what constitutes awardable costs for a prevailing party in a copyright lawsuit. Oracle argued that the “full costs” provision of the Copyright Act is broader than the preset categories of “costs” defined elsewhere in the federal code. The Ninth Circuit has previously agreed with Oracle’s interpretation holding that an award of “full costs” should cover a larger list of things including expert and jury consulting fees as well as e-discovery expenses.
During oral argument Justice Sotomayor expressed skepticism over Oracle’s interpretation of the meaning of the statute opining that it was too “open-ended” and doesn’t provide Judges with a “reasonable manner” of exercising their discretion. The government also sided with Rimini Street’s more narrow interpretation.
Tactical Law Group will be monitoring this case and the other remaining litigation between Oracle and Rimini Street that is still winding through the federal courts. Check back here for periodic updates.
House of Brick Technologies has recently published a very interesting blog post about how Oracle often approaches concurrent device licenses during audits. If your company has an older license agreement from the 1990s, you may very well have such licenses included in your entitlement. Oracle appears to dislike these licenses because the Concurrent Device metric is more flexible than Named User Plus (NUP). But there is another consideration. When using the Concurrent Device metric, unlike in NUP licensing, processors are not counted. These licenses essentially allow any number of users or devices to share a single license provided that only one user or device at a time uses the license. Thus, they can be very beneficial from a licensing standpoint as the focus is not on counting processors, with all the complexities that may entail.
Although Oracle often assures its customers in connection with initiating audits that it will work to optimize a customer’s Oracle license entitlement, Oracle licensees should take such assurances with a very large grain of salt. We are aware of instances where Oracle recommended certain actions such as canceling licenses, and later the cancellations came back to bite the customer during the audit.
Licensees also need to be alert as Oracle often points to various non-binding policy documents when auditing customers and attempting to assert that customers are bound by these policy documents. One such area involves virtualization and VMware where Oracle asserts a licensee is bound by its non-contractual Hard Partitioning Policy, which we saw in the Mars case. With regard to concurrent licenses, House of Brick reports in its blog post that it is aware of instances where “Oracle License Management Services (LMS) and the Oracle sales team” attempted to “place these per-processor restrictions on clients with valid contracts that contain no per-processor minimums for Concurrent Device licenses”.
Licensees should not be misled by Oracle’s assertions. Oracle license agreements are fully integrated contracts, which can only be modified by a writing signed by both parties. Oracle by unilaterally posting “policy” documents that are not part of or referenced by the license agreement, and that are not signed by both parties, cannot make them magically part of the contract. Under California Civil Code Section 1636, "a contract must be so interpreted as to give effect to the mutual intention of the parties as it existed at the time of contracting;" see also DVD Copy Control Ass'n, Inc. v. Kaleidescape, Inc. (2009) 176 Cal. App. 4th 697, 712 (“interpretation of the License Agreement is guided by the principle that it “must be so interpreted as to give effect to the mutual intention of the parties as it existed at the time of contracting, so far as the same is ascertainable and lawful.”). California Civil Code Section 1638 provides that "the language of a contract is to govern its interpretation, if the language is clear and explicit, and does not involve an absurdity." See also People ex rel. Lockyer v. R.J. Reynolds Tobacco Co. (2003) 107 Cal. App. 4th 516, 525. Oracle license agreements containing the Concurrent Device license metric are clear and unambiguous, and they are not tied to per-processor minimums or other restrictions.
So, what if you are an Oracle licensee who relied on Oracle’s representations and canceled your Concurrent Device licenses or accepted Oracle’s assertions about per processor minimums and lost money or were otherwise damaged? You may very well have options. Oracle license agreements typically have a California choice of law provision. California has a very strong law to protect consumers and other businesses known as Business & Professions Code Section 17200, which prohibits unfair, unlawful or fraudulent business practices. California courts have interpreted what constitutes a business practice broadly. A business “practice” is doing something habitually, more than once, or repeatedly. It includes a succession of similar acts, habit, and industry custom. California courts have found that even “sporadic” statements made by a defendant’s lower level employees regarding contractual language can be a “practice”. People v. Dollar Rent-A-Car Sys., Inc. (1989) 211 Cal. App. 3d 119, 129. Clearly if Oracle’s stance on Concurrent Device licenses is part of a larger License Management Services (“LMS”) playbook, which we think it may be, then a court could find that false or misleading statements made by Oracle LMS or Oracle Sales to Oracle customers concerning Concurrent Device licensing requiring processor minimums may be actionable under the statute. Although damages are not recoverable under Section 17200, restitution is available giving licensees a path to recover monies spent in overpayment on licenses or alleged areas of non-compliance.
Another reason why Oracle may so strongly dislike Concurrent Device licenses is Oracle would rather focus on processors and VMware in claiming large dollar amounts of alleged non-compliance. For certain customers with older licenses, if Oracle LMS had properly applied the Concurrent Device licenses, the alleged VMware processor deficiency claim could either evaporate or be significantly reduced causing Oracle to lose the benefit of this potentially multi-million dollar lever in the audit resolution discussions. We have discussed in other blog posts why Oracle's non-contractual Hard Partitioning Policy is not binding, and we routinely push back hard on Oracle's non-contractual VMware assertions.
Licensees with Concurrent Device licenses are advised to read their contracts carefully and do not fall for it if Oracle cites a “policy” document that is not part of the contract, and demands that you comply with it. If you find yourself the subject of an Oracle audit or believe that Oracle may have made false statements to you during an audit, consider hiring experienced outside counsel familiar with California law to help guide you through the process or advise you of your legal rights.
Oracle and Its Partners Sued for Negligent Misrepresentation and Breach of Contract Over Oracle Cloud Software Product
Oracle America, Inc. and its partners Kbace Technologies, Cognizant Worldwide and Cognizant Technology were sued by Barrett Business Services, Inc. (“BBSI”) in San Francisco Superior Court, for among other things, negligent misrepresentation and breach of contract arising out of one of Oracle’s Cloud service offerings. The Complaint seeks damages, restitution and rescission of the Cloud Services contract and a related agreement.
According to the Complaint, Oracle touted on its website and in various marketing materials that Kbace and the Cognizant companies demonstrated outstanding and innovative solutions with Oracle’s Human Capital Management (“HCM”) Cloud Products and that Kbace was a leading Oracle Cloud implementation partner. BBSI sought to implement an integrated enterprise system for its customers that would integrate complex payroll and invoicing, and made these requirements clear to Oracle and its partners. Oracle is alleged to have praised Kbace and assured BBSI that with Kbace as its implementation partner, Oracle’s HCM Cloud Product would meet all of BBSI’s requirements. BBSI contends that Oracle represented to BBSI that Kbace was its best payroll implementation partner, and that Kbace had implemented over 300 payrolls and was currently implementing a customer with payroll needs similar to BBSI. According to the Complaint, Oracle and the other Defendants represented that the cost of the project would be between $5.4 and $5.95 million with a “go live” date of mid-2018 for Phase I and an Accounts Receivable/Platform as a Service go live date of January 2019. Throughout the process, the Complaint alleges that BBSI stressed to Defendants the importance of quality and timeliness in the roll-out of the product.
In April 2018 BBSI discovered for the first time that the Oracle software product did not manage local tax configurations and that the HCM Cloud System did not include Oracle’s Time & Labor Application. According to the Complaint, BBSI could not use another payroll software due to the lack of functionality in Oracle’s HCM Cloud. It was not until June of 2018 that BBSI learned that Oracle’s HCM product simply did not include the functionality that BBSI required. At this time Kbace also admitted that contrary to the representations made by itself and Oracle, it had actually been eleven years since it had implemented a similar product, and that it did not currently have the capability to propose a solution that would meet BBSI’s needs.
In June 2018 Cognizant proposed a new plan for implementing the functionality sought by BBSI. However, the price of this new plan mushroomed from $5.4 million to over $33 million. In addition, the completion of Phase I was pushed from July 2018 to April 2019 and Phase II from January 2019 to May 2021. Despite the price jump the new plan failed to provide a solution as to how to customize Oracle’s HCM Cloud to meet BBSI’s needs. BBSI was forced to hire an independent consultant to advise the company on the situation. The independent consultant concluded that Oracle’s HCM Cloud was not a suitable solution as it (1) lacked required functionality; (2) had a poor user interface; (3) had minimal API’s; and (4) needed significant customization.
In the lawsuit, BBSI asserts claims against Oracle and its implementation partners for negligent misrepresentation, breach of contract and rescission of both agreements. BBSI claims damages in the form of the costs of hiring its own consultant as well as the costs of re-deploying internal resources to address the problems due to the defective performance, and related opportunity costs. BBSI also seeks restitution for monies it paid to the Defendants plus pre-judgement interest.
The case is Barrett Business Services, Inc. vs. Oracle America, Inc., Cognizant Worldwide, Cognizant Technology and Kbace Technologies, Inc., Case No. CGC-19-572574, San Francisco Superior Court. Tactical Law will continue to monitor the case. Check back for periodic updates.
Although the complaint in Mars vs. Oracle only contained one claim for declaratory relief, Mars likely had its own breach of contract claims, which it could have asserted against Oracle if the litigation had continued. Oracle audit customers need to remember that audit and termination clauses, even in a contract drafted by one of the parties, usually imposes obligations on both the licensor/drafter of the agreement and its licensee. That is certainly the case with the Oracle licenses that we have reviewed. As a result, Oracle licensees should understand their legal rights and obligations under audit and termination provisions so that they can best protect themselves during an Oracle audit, and hold Oracle to account for Oracle’s own breaches or other wrongful conduct.
The audit clause at issue in the Mars case is instructive: "Oracle may, at its expense, audit Client's use of the Programs. Any such audit shall be conducted during regular business hours at Client's facilities and shall not unreasonably interfere with Client's business activities. If an audit reveals that Client has underpaid fees to Oracle, Client shall be invoiced for such underpaid fees based on the corporate discount (such as a Project User Agreement) in place between Client and Oracle in effect at the time the audit is completed. Audits shall be conducted no more than once annually." (emphasis added)
Even though the focus of the audit clause is on use of Oracle software, Oracle sought information about servers where no Oracle software was installed. According to the public facing documents filed in conjunction with Mars’ motion for preliminary injunction, Oracle demanded that scripts be run, and data be provided about where Oracle software might be “available for use” at some future time. Oracle LMS also admitted in writing that it was seeking information about servers not running Oracle when it contended that given Mars’ usage of VMware 5.1 and higher, “all additional servers and/or clusters not running oracle must be licensed”. We have seen Oracle make similar demands of other Oracle customers.
Mars pushed back on Oracle’s demand for this information writing in a letter that the “contract defines the scope of Oracle’s audit rights” as being limited to Mars’ “use” of the Oracle software. With regard to Oracle’s demand for information about Mars’ servers running VMware, Mars stated that “[s]ervers and clusters that do not run Oracle are not probative of Mars’ use of Oracle software and are outside the scope of Oracle’s audit rights.”
Although Mars cooperated with the audit providing Oracle with over 233,000 pages of documents, it declined to provide Oracle with information about servers where no Oracle software was installed. Despite the audit clause clearly stating that Oracle’s audit rights extended only to Mars’ use of the Oracle software, Oracle embarked on a risky strategy by issuing breach notices that threatened to terminate the license agreement in 30-days if Mars did not capitulate to Oracle’s demands for information about servers not running Oracle software.
Importantly, like other Oracle licenses, the Mars’ license agreement did not give Oracle the unfettered right to terminate the agreement. Instead Oracle could only terminate the license if Mars was in material breach of the contract, after receiving 30-days written notice of the breach and an opportunity to cure. As Mars alleged in its Complaint, there was no breach as Mars had fully cooperated with the audit. Instead, Mars claimed that Oracle breached the agreement by issuing the notice of termination and refusing to withdraw it.
A court could find that Oracle’s audit tactics, including the issuance of multiple breach notices with threats of license termination to extract information to which it was not entitled (and the eventual license termination upon the expiration of the 30-days), had breached the termination provision and caused significant disruption to Mars’ normal business operations. In fact, not only did Mars need to deploy scarce internal IT resources to respond to the audit, but it had to spend money on hiring consultants and lawyers to push back on Oracle’s audit assertions. Ultimately, Mars prepared and filed its Complaint and Preliminary Injunction Motion, which resulted in further damage to Mars, as it defended its right to continue to license the software.
If you are involved in an Oracle audit and Oracle is making similar arguments or demanding information about servers where no Oracle software is installed and/or running, seek competent California legal counsel to advise you of your contractual rights.
We have included for the convenience of our readers a PDF copy of some of the key correspondence between Mars and Oracle that we discuss above.
Amazon Web Services, Inc. (“AWS”) has successfully intervened in Oracle Corporation’s bid protest now pending before the United States Court of Federal Claims involving the Joint Enterprise Defense Infrastructure (“JEDI”) Cloud procurement. Judge Eric Bruggink granted AWS’s motion to intervene on December 13, 2018 after AWS claimed that it “is entitled to intervene as of right … [and has] timely submitted a proposal in response to the RFP” seeking to be awarded the JEDI Cloud contract. AWS in support of its motion for intervention noted that “Oracle’s Complaint specifically alleges conflicts of interest involving AWS” resulting in AWS having “direct and substantial economic interests at stake in [the] case”.
Oracle, AWS, IBM and Microsoft all bid on the JEDI contract. The Pentagon expects to award the contract in April to a single company that will be tasked with building a $10 billion “war cloud”, which would host, process and analyze all levels of classified and sensitive military data worldwide.
The competition for dominance in the cloud is fierce and Oracle has been accused of predatory audit practices in an attempt to boost its cloud sales and compete more favorably against AWS, and other companies. According to the August 2018 securities class action Complaint brought by City of Sunrise Firefighters Pension Fund in federal court in the Northern District of California, “throughout the Class Period, Defendants [Oracle Corporation and several Board members] falsely attributed the Company’s revenue growth in its cloud segment to a variety of factors and initiatives, including, among other things, Oracle’s “unprecedented level of automation and cost savings,” as well as the Company being “customer-focused” and “intimate partners with our customer.” In truth, Oracle drove sales of cloud products using threats and extortive tactics. The use of such tactics concealed the lack of real demand for Oracle’s cloud services, making the growth unsustainable (and ultimately driving away customers). Among other things, the Company threatened current customers with “audits” of their use of the Company’s non-cloud software licenses unless the customers agreed to shift their business to Oracle cloud programs.” Complaint at ¶ 5.
Tactical Law will continue to monitor the Oracle bid protest as well as the City of Sunrise Firefighters' Class Action. Please check back for periodic updates.
On August 10, 2018, Plaintiff the City of Sunrise Firefighters’ Pension Fund filed a class action securities lawsuit against Oracle Corporation and several Oracle Board members and senior executives. The suit filed in the Northern District of California is Case No. 5:18-cv-04844 BLF. The Complaint alleges several predatory audit practices allegedly committed by Oracle including allegations that Oracle inflated its cloud revenue in various regulatory filings. Especially interesting to Oracle audit customers are the allegations that Oracle used the audit clause contained in its license agreements to threaten its customers with audits and then coerce those customers into buying cloud, or risks audits of their non-cloud software licenses.
According to the Complaint, “[T]hroughout the Class Period, Defendants falsely attributed the Company’s revenue growth in its cloud segment to a variety of factors and initiatives, including, among other things, Oracle’s “unprecedented level of automation and cost savings,” as well as the Company being “customer-focused” and “intimate partners with our customer.” In truth, Oracle drove sales of cloud products using threats and extortive tactics. The use of such tactics concealed the lack of real demand for Oracle’s cloud services, making the growth unsustainable (and ultimately driving away customers). Among other things, the Company threatened current customers with “audits” of their use of the Company’s non-cloud software licenses unless the customers agreed to shift their business to Oracle cloud programs.” Complaint at ¶ 5.
“As a late comer to the cloud space, Oracle had ceded significant market share to its competitors. Instead of focusing on creating a better product, however, Oracle relied on improper sales practices to railroad its customers into purchasing the Company’s cloud offerings. One such practice was to “audit” customers’ use of the Company’s non-cloud software licenses and charge those customers hefty penalties unless they agreed to shift their business to Oracle cloud programs. Oracle’s use of audits was well known within the industry, but the extent to which the Company was using threats of audits to coerce customers to purchase cloud products was not known to investors, and expressly denied by the Company.” Complaint at ¶ 20.
“In addition to threatening customers with audits, Oracle also decreased its customer support for certain of its on-premises and hardware systems, in an effort to drive customers away from such systems and into cloud-based systems. Oracle also strong-armed customers by threatening to dramatically raise the cost of legacy database licenses if the customer chose another cloud provider.” Complaint at ¶ 21.
If you believe your company has been forced into an unwanted cloud purchase arising out an Oracle audit, you may have legal remedies. Please contact email@example.com if you would like to discuss your potential legal options.
Tactical Law Group LLP is continuing to monitor the litigation. Check back here for periodic updates.
By Pam Fulmer of TLG and Dave Welch of House of Brick
Tactical Law Group LLP and House of Brick work together frequently to defend customers when they are facing software audits from Oracle Corporation. We have learned much about the process, and while we cannot share confidential information, we do feel that it would be a benefit to publicly discuss some of the things that we think you should consider when preparing for, and defending yourself against an Oracle audit.
Because most of our work with customers starts with a conversation, we thought it would be best to present this information in the form of a Q&A.
Q: What is the most important thing that customers can do before an audit, or when they get an audit notice?
Pam: I think that it is important for the client to have a strong knowledge of their Oracle documents. This could include the license agreement(s), ordering documents and any emails or other correspondence that they may have had with Oracle employees. These are key documents and should be kept in one central repository, with your legal counsel able to access them easily. At Fulmer Ware, we also recommend that if you have actually gone through an Oracle audit previously, that you keep those prior audit records. They may come in handy in the future.
Dave: House of Brick consultants are not attorneys, and while we have success partnering with law firms such as TLG, we think it is important for customers to seek legal counsel early. Even if a client has inside counsel, we also recommend that audit customers consider retaining qualified outside legal counsel who have had experience with advising clients in navigating these Oracle audits. This is not because Oracle audits frequently turn litigious. Quite the contrary, Oracle rarely proceeds to legal action to resolve an audit. Having experienced legal advisors will simply help you avoid risky pitfalls that every Oracle audit customer seems to encounter.
Q: Is it better for IT Management to engage in numerous calls and meetings with Oracle to avoid miscommunication in an audit?
Pam: No, not in my experience. Some Oracle customers might think that documenting communications in email or other writings sends a signal to Oracle that you do not trust them and that is not the way to act towards a valued business partner. Oracle customers should remember that audits have legal consequences, and that discussions may turn adversarial over the course of the audit process. It has been my experience in advising Oracle audit clients that it is important to make and keep a written record of the things you are doing in the audit. If you happen to be in a meeting or call with Oracle, you want to take careful and thorough notes. In reliance on these client-taken notes, I have been able to go back to Oracle and say on such and such a date, you made this commitment to my client, and Oracle has indeed agreed to honor that commitment. Keep copies of any voice mail messages either Oracle Sales or LMS leave as these might be important as well. Oftentimes by the time I am retained, the client has had a difficult experience with the audit process, so they want some help in handling further communications. When we work with House of Brick, we are able to develop an effective technical and legal communication strategy that includes providing draft correspondence that the client can review and provide to Oracle.
Q: Is there an advantage to having multiple points of contact with Oracle during an audit?
Dave: No, not typically. During an audit, we have seen that it is usually best to limit the number of people on your team interacting with Oracle. This can help avoid a scenario where a team member inadvertently provides information to Oracle that is outside of what is contractually required, and which then might be used to allege inaccurate compliance gaps.
Q: How does making a written record actually help a customer who is undergoing an Oracle audit? Could this backfire?
Pam: What we have found in our experience with many clients is that often while trying to be collaborative and helpful, these clients might fall into the trap of making statements that may seem apologetic or worse, even agreeing with an allegation that they did something wrong without first investigating the facts. Customers should not be discouraged from keeping a written record of your actions. It could be very important to you down the road, if Oracle makes accusations that your company might not be complying with the audit provision of the license agreement.
Q: Will maximum cooperation with Oracle actually help us get out of the audit with a better deal?
Dave: Not necessarily. During these audits, Oracle may ask for a lot of information, only some of which they are likely entitled to receive according to the contract. When considering these requests, you should ask yourself, “Is the requested information actually related to my use of the Oracle programs?” Again, an experienced, qualified third party can help you understand what is and what is not appropriate to share.
Oracle is entitled to know where you are using its software. But that does not entitle Oracle to probe into other areas of your IT environment where Oracle software is not in use. We have seen that oversharing of information with Oracle may lead to inflated claims of non-compliance. It may also lead to additional unnecessary efforts to eliminate those claims.
Along these lines, we recommend that customers that are considering certifying off of an Unlimited License Agreement (ULA) also get qualified help to determine what the limits of Oracle’s ULA Certification involvement are and what information you are required to share.
Q: How might we be caught off guard?
Dave: Oracle license agreements are complex, and Oracle can take advantage of that complexity as a tactic to extract maximum concessions from the customer. That is why it is critically important to understand the contract, and stand confidently on your contractual rights. If Oracle reports a compliance figure that is shockingly high, we recommend that customers take the time to assess their findings for accuracy. House of Brick and TLG regularly assist companies with dissecting Oracle’s compliance assertions and understanding what, if any, is the true compliance gap.
Pam: One of the things we have observed is that Oracle early in the audit will demand information from the customer very quickly. People that are not used to these audits and these tactics unfortunately find themselves saying, “Oh, I apologize for the delay.” Most Oracle contracts that we review state that Oracle must give a 45-day written notice before the audit even starts. We recommend that you take every bit of that time to prepare your company for the actual audit. As we have discussed, you want to be careful in your communications with Oracle to not admit or imply that you have done something wrong when in fact you have not.
Q: Are there key take-aways from the Mars case that Oracle customers should be aware of?
Pam: Mars is the well-known candy company, which several years ago was undergoing an Oracle audit. From the public filings in the lawsuit we know that Oracle demanded a massive amount of information, much of which Mars contended Oracle was not entitled to receive. Oracle threatened Mars with a license termination, and to protect itself Mars filed a lawsuit in San Francisco Superior Court for declaratory and injunctive relief. It is clear from the public court filings that Mars did an excellent job of making its record as it responded to the audit, which helped it immensely in setting forth a strong legal position in its lawsuit. When you read the court filings you can see for yourself where Oracle Legal started trying to discourage Mars from making their record by saying in effect, “Let’s not write these lengthy letters back and forth,” and “Let’s not waste time setting up these legal positions.” You do not have to give into that kind of pressure. In the unlikely event that litigation is ever filed, the back and forth between Oracle and you the customer will be key in the Court’s eventual ruling. Setting yourself up to win by carefully making your record is critically important in dealing successfully with Oracle.
Q: Is it better to give Oracle everything that they ask for with the audit sooner rather than later?
Dave: You should really accept that these audits are a marathon, and not a sprint. While it is natural to want to be done with the audit quickly, that may actually set you up for sharing too much information, and ultimately paying too much and giving up your contractual rights. Do not be intimidated by a Power Point or a nice slide from Oracle that has dates on it and interaction obligations that may appear professional and reasonable to you. If you convey that you are growing weary of the audit, and just want it to end, that gives Oracle leverage to just press harder. Take your time and be deliberate. Think through each move like you would a game of chess, while validating your actions against your contractual obligations.
Pam: I agree with Dave. Clients sometimes ask me when the audit will be over. I caution them that this is a long game. If you try to rush the audit Oracle may sense that and hang tough on their assertions. You want to show that you can hang tough as well. If you have based your usage and audit responses on your contract, then good things come to those with the patience to wait.
Q: Is it better to deal with anyone at Oracle rather than the attorneys in the Oracle Legal Department?
Pam: I often see Oracle LMS threatening customers with escalation to Oracle Legal if the customer does not agree to Oracle’s non-contractual demands. The insinuation is that escalation to Oracle Legal is something that should be intimidating, and that the customer should avoid at all costs. If you are confident of your contractual position, then I would urge companies that are undergoing Oracle audits to not be afraid of this escalation to Oracle Legal. Escalation may even be the fastest way to an audit resolution. If you have made your record, by the time it gets escalated to Oracle Legal, you have actually documented that you have cooperated and that you believe that there have been certain inaccuracies and perhaps overreaches made by the Oracle audit team. So, it has been my experience that escalating to Oracle Legal may actually be the best strategy to get you on that path to resolution. If you are prepared, then there is no need to be afraid of that, but actually embrace it.
Q: What law applies to most Oracle license agreements in the U.S.? In the event of litigation, where would a lawsuit be filed?
Pam: Most Oracle agreements in the U.S. specify that California law applies and that in the event of litigation, the lawsuit is to be filed in certain venues in the San Francisco Bay Area. Our lawyers have been practicing California contract and copyright law in the Bay Area for years, and we are very familiar with the law and with state and federal courts in the area.
Q: What about companies that have resolved audits, either by purchasing something they did not want such as cloud credits, or by amending their contracts in an unfavorable way?
Dave: We frequently see Oracle propose audit close amendment language that would establish restrictive technical or architectural boundaries. The problem is that if those boundaries are ever crossed, the new architecture may become subject to new licensing obligations that were not in the customer’s original license agreement with Oracle. This situation is something House of Brick routinely helps customers avoid.
Pam: If you have been audited by Oracle and have purchased additional software, paid money, or amended your contract based upon Oracle’s assertions around VMware or other issues, you may have legal options to recoup some of those costs and/or reverse the amendment language.
Q: When do you think Oracle audit customers are most at risk?
Pam: I think they are most at risk when they wait for the audit report to be issued before actually considering their contractual rights, and even retaining counsel to validate their position. Many times, this is because they have not had adequate controls over the flow of information, and did not fully understand their contractual rights and the limits of the audit.
Q: I have a good relationship with my Oracle Sales rep. I would rather deal with that person than an auditor.
Dave: Based on what we have seen with regard to Oracle’s behavior during audits, it is our opinion that Oracle LMS and Sales may actually be collaborating with the intent to generate product or cloud services sales opportunities . We believe that Oracle’s typical practice of claiming an outsized compliance gap in the audit is intended to intimidate customers into looking for any opportunity to reduce that number. The LMS team then refers the customer to the sales team who encourages the customer to make an additional purchase to conclude the audit. In our experience, in most instances these purchases are unnecessary or overstated for establishing actual license compliance. Customers should be confident in encouraging Oracle to complete the audit based on actual contract terms. Do not allow Oracle to scare you with a number that may be inaccurate, and agree to a purchase simply to conclude the audit.
Dave: House of Brick has encountered organizations that attempt to spend their way into audit avoidance. While audit avoidance may be achieved in this manner, if you manage your licenses appropriately, audits are not something to be feared. I believe that concluding an audit while standing on strong contractual footing can be a badge of honor. It may be an indication that Oracle believes they are not getting enough revenue from you. The objective during an audit is to minimize customer effort, consulting expense, and outside legal fees. Your objective should not be to attempt to abbreviate the calendar time required to stand firm on your positions.
Pam: The key to successfully exiting an Oracle audit without overpaying is understanding your Oracle license agreement(s) and the scope of your contractual rights. I have assisted multiple clients to successfully navigate their Oracle audit. You do not need to be afraid of an Oracle audit, but do be prepared. Oracle customers receiving an audit notice letter should not try to wing it, or to go it alone. Instead, it pays to seek out experienced legal and technical advice.
Pam Fulmer is a partner and co-founder at Tactical Law Group LLP, an IP and commercial litigation boutique located in San Francisco, California. Pam is admitted to practice law in California and has over 27 years of experience litigating all types of intellectual property and commercial disputes in California and across the United States. In addition to her litigation practice, Pam has a great deal of experience defending audits by software companies including Oracle Corporation, and has dealt with various issues involving Oracle software such as VMware virtualization, ULA Certifications, as well as hosting and related alleged areas of under-licensing. She has worked with her clients to develop strategies to mitigate these positions and to push back successfully on the audit findings.
Dave Welch is House of Brick Technologies’ CTO, Chief Evangelist and a co-founder. He is one of the Oracle license leads within House of Brick Technologies. Dave has participated in the optimization of hundreds of millions of dollars of hardware and software, especially related to Oracle licenses. His background is that of Oracle database administrator. Dave delivered the world’s first VMware session on an Oracle topic in 2007 and has spoken annually at VMworld ever since. Dave has a Business Management Bachelor of Science degree from Brigham Young University with a finance emphasis and minors in accounting and economics.
VMware Virtualization and the Oracle Audit: What Every Oracle Customer Needs to Know About the "Installed and/or Running" Language of the Processor Definition
From public documents, we know that the standard Oracle License and Services Agreement (“OLSA”) and the newer Oracle Master Agreement (“OMA”) typically provide Oracle with the right to audit the use of Oracle software by its customers, provided that the audit does not unreasonably interfere with the customer’s normal business operations. The contract allows Oracle to, in effect, take a snapshot of a customer’s Oracle software usage at a certain point in time, but it does not allow Oracle to go rummaging around and looking through other customer systems and data, which have no relation to Oracle software. Under the OLSA, customers pay Oracle a licensing fee only on those processors where Oracle software is used; i.e. where it is “installed” or is “running”. Although the OLSA does not entitle Oracle to audit servers not running Oracle, in the last few years Oracle has sought to stretch the “installed and/or running” language of the processor definition when a customer is running a software product by VMware, which allows customers to run multiple “virtual servers” on one physical server. Oracle claims that all servers running the VMware software require an Oracle license even when there is no Oracle software installed on them.
For example, in Fall 2015, Oracle threatened to terminate a license agreement that it had with global confectioner, Mars Corporation. Mars and Oracle battled it out for months via email during the audit over the meaning of the “installed and/or running” language of the processor definition, until Oracle finally pulled out the big guns and threatened to terminate the license. Mars responded by filing a lawsuit for injunctive and declaratory relief in San Francisco County Superior Court. The case did not last long, but it resulted in a treasure trove of Oracle-related documents coming into the public domain.
In correspondence, Oracle took the position that Mars needed to purchase licenses for all servers running VMware, even where the Oracle software was not “installed” or “running”. A letter from Chad Russell, Senior Counsel in Oracle’s Legal Department, is instructive. According to Mr. Russell, “Oracle programs are installed on any processors where the programs are available for use. Third party VMware technology specifically is designed for the purpose of allowing live migration of programs to all processors across the entire environment. Thus, Oracle Enterprise Edition is installed and available for use on all processors in a V-Center.” Exhibit 11 to Declaration of Eloise Backer, Mars v. Oracle, San Francisco Superior Court, Case No. CGC-15 -548606. Essentially, Oracle took the position that the mere fact that Oracle software might possibly be installed and run on one of these processors at some indeterminate time in the future, constituted a use of Oracle software and a licensing event for which Mars would need to pay a royalty at the time of the audit. Would a California court construe the mere possibility of a future event that may never occur as an actual “use” of Oracle software so as to trigger a royalty obligation? We think it highly unlikely. Moreover, Oracle may think it highly unlikely as well, which is why, to our knowledge, Oracle has never filed a lawsuit against any customer based upon its expansive interpretation of the “installed and/or running” language.
Based on the public correspondence filed in the Mars case, it appears that Oracle was unable to point to any actual contractual support in the OLSA for its novel definition of “installed” or what it means to “use” Oracle software. And, after defending multiple software audits on behalf of Oracle customers, we too are unaware of any language in the OLSA, which would support Oracle’s position. In fact, just the opposite is true. The fully integrated agreement does not contain contractual language or incorporate other documents or URLs, related to use of a product like VMware, upon which to base such an assertion. Further, to the extent Oracle is using its limited audit rights to gain access to confidential customer information about servers where no Oracle software is installed and/or running, a California court could find that such actions constitute a breach of the audit clause, as well as an unfair trade practice under California law. This is especially true if Oracle attempts to use the improperly obtained information to threaten license termination in order to pressure its customers to buy cloud credits or other Oracle software. And to the extent that Oracle succeeds in using its expansive interpretation of the “installed and/or running” language to move its customers out of VMware, Oracle customers may have a claim against Oracle for intentional interference with contract and other related torts.
California Civil Code Section 1638 provides that "the language of a contract is to govern its interpretation, if the language is clear and explicit, and does not involve an absurdity." See also People ex rel. Lockyer v. R.J. Reynolds Tobacco Co. (2003) 107 Cal. App. 4th 516, 525. Oracle's interpretation of the “installed and/or running” language cannot be deemed either clear or explicit and, in fact, is absurd. Indeed, just reading Mr. Russell’s lengthy and labored three sentence explanation of what it means to be “installed” shows the fatal flaw with this argument. Oracle, as the drafter of the OLSA, had the opportunity and burden to specifically define "installed" if it wanted to interpret it in this manner and not in its usual sense as “installed” is used in the software industry. It did not do so. Under California Civil Code Section 1644, "[t]he words of a contract are to be understood in their ordinary and popular sense, rather than according to their strict legal meaning; unless used by the parties in a technical sense, or unless a special meaning is given to them by usage, in which case the latter must be followed." Id. at 525-26.
Even if a court were to find the language ambiguous, California law requires that ambiguities be interpreted against the drafter of the contract, which is Oracle. See Cal. Civ. Code §1654 (contract should be interpreted most strongly against the drafting party); see also San Pasqual Band of Mission Indians v. State of Cal. (2015) 241 Cal. App. 4th 746, 761-62 (“In cases of uncertainty . . . the language of a contract should be interpreted most strongly against the party who caused the uncertainty to exist.” ). Finally, Oracle’s position that its programs are installed on any processors where the programs are available for use, if accepted, would lead to an absurd result, as it would require Oracle customers to pay a license fee for a speculative future event that may never happen. The license grant covers a customer’s actual use of the software, and not a potential use in the future.
Under California Civil Code Section 1636, "a contract must be so interpreted as to give effect to the mutual intention of the parties as it existed at the time of contracting;" see also DVD Copy Control Ass'n, Inc. v. Kaleidescape, Inc. (2009) 176 Cal. App. 4th 697, 712 (“interpretation of the License Agreement is guided by the principle that it “must be so interpreted as to give effect to the mutual intention of the parties as it existed at the time of contracting, so far as the same is ascertainable and lawful.”). Indeed, most likely Mars (and we suspect other Oracle customers) would have never entered into the license agreement, if it had known of Oracle's overbroad interpretation of "installed" and what Oracle contends it means in the context of VMware virtualization. Although Oracle’s “installed and/or running” language has been in place since the early 2000s, in 2009 when Mars and Oracle entered into their licensing agreement, the present VMware virtualization technology was not in widespread use by customers with their Oracle database, meaning Oracle’s novel interpretation of “installed” could not possibly have been mutually intended by the parties.
If your company has been notified of an Oracle audit, or you are under audit now, do not delay before seeking experienced legal counsel to assist you. Likewise if you have been audited by Oracle and have purchased additional software or paid money based upon Oracle’s assertions around VMware, you may have legal options to recoup some of those costs. In any event, do not go up against Oracle without knowing your legal rights. What you do not know, could and will most assuredly, hurt you.
Oracle customers seek our guidance on how to navigate an audit by Oracle. Many have had terrible interactions with Oracle, and by the time they finally seek legal advice they have had multiple run-ins with Oracle LMS. See for example articles here and here about what Oracle customers sometimes experience during an audit. Clients are seeking our guidance on how to deal with these audits and want to understand their legal options.
The story is a familiar one. A company’s IT manager receives a notice from Oracle that the company has been selected for an audit. Oracle seeks commencement of an audit quickly and asks for large amounts of information from the client. The information sought may go well beyond the technology actually licensed from Oracle and may involve third party vendors such as VMware or others. The company protests about the wide-ranging scope of the audit, and Oracle personnel may contend that the company is trying to hide its non-compliance with the license by refusing to cooperate. The rhetoric increases, more documents are demanded, additional forms must be filled out and then the final audit report is issued. The number that Oracle contends represents the amount of the overage may be staggering to the company, and for some companies, simply impossible to pay. Almost concurrently with the issuance of the audit report, Oracle sales representatives are reaching out and leaving messages that they have other, less costly solutions. All the company needs to do is buy more Oracle products. While the company is frantically trying to figure out its options, it receives a 30-day notice of breach letter that the license will, or may, be terminated if the company does not have a plan in place for compliance by the end of the 30-day period.
This is a scenario that is happening to an increasing number of companies. If you are a big company and think Oracle would never do this to you because you are an important customer, do not be complacent. According to reports in the media, Oracle likes to target companies that are large and have used its software widely because it knows how difficult it would be to switch enterprise software mid-stream. If you think you are too small to be targeted for an audit, do not be too sure either. According to the business press, Oracle appears to be pursuing this strategy to increase its cloud-based sales involving companies of all sizes.
So, what should IT professionals do if they receive such an audit letter from Oracle? If your company has a legal department, you should report the issue to your in-house counsel immediately. If you do not have a legal department, you should retain outside counsel to assist you with your response to the audit. Oracle salespeople and audit personnel are aggressive in their pursuit of higher margins and sales. Licensees often need professional legal help to balance the ongoing dialogue and gain leverage in the negotiation by understanding their true legal rights, rather than accepting what is being represented by Oracle’s sales and audit teams.
Our lawyers have advised clients on how to best position themselves for a favorable outcome after an Oracle audit. We have implemented legal strategies that have resolved the situation, without the necessity for lengthy and protracted litigation. We also have advised clients on how to respond to audits initiated by other software providers such as Autodesk and others. Our team is experienced in these situations and here to help, if you find yourself subject to a software audit.
Pam Fulmer of Tactical Law