By Pam Fulmer
Readers of this blog will remember that we have discussed previously a declaratory judgment lawsuit filed by Fairview Health Services against Quest Software, Inc. and Quest’s affiliate One Identity LLC arising out of an audit by Quest. Essentially Fairview contends that when it notified Quest that it was canceling maintenance & support, Quest immediately issued an audit notice and made multi-million non-compliance findings, which Fairview vigorously disputes. Tactical Law has been monitoring the case and we now have a ruling by Judge Susan Nelson on Quest’s Motion to Transfer Venue and Fairview’s Motion to Dismiss Quest’s Counterclaims. Quest lost its motion to transfer venue but successfully defeated a motion to dismiss its contract and copyright based claims.
Quest Motion to Transfer Venue
With regard to the venue motion, Quest essentially contended that because a 2013 license purchase of 2700 licenses (out of a total of 38,081 total licenses purchased) incorporated a new license agreement, that the 2013 license agreement governed and replaced the 2004 Software License Agreement (“SLA”). We have seen Quest make similar arguments before and we have pushed back on such assertions. The 2013 Software Transaction Agreement (“STA”) contained a dispute resolution clause making Texas the forum for resolution of disputes, and Quest sought to transfer the action there.
The Court denied the motion basically saying that based on the record as developed so far it did not appear that the 2013 STA governed, as many more licenses were purchased under other agreements. The court teed up the positions of the parties as follows:
“The disputed forum-selection clause applies to “[a]ny action seeking enforcement of this Agreement or any provision hereof.” (2013 STA § 17(a).) Fairview argues that its declaratory judgment action does not “seek enforcement of” the 2013 STA; indeed, Fairview maintains that the 2004 SLA, not the 2013 STA, governs the parties’ licensing dispute. In response, Quest argues that the 2013 STA superseded the 2004 SLA, and that Quest’s counterclaim for breach of the 2013 STA renders this action one “seeking enforcement of” the 2013 STA”.
The court reasoned that to decide the issue, she must decide which of the agreements governed the dispute. According to the court:
“In order to determine whether this is an “action seeking enforcement of” the 2013 STA, the Court must first examine the extent to which the 2013 STA governs the parties’ relationship. Initially, Fairview purchased at least 18,101 Active Roles licenses pursuant to the 2004 SLA. (Am. Compl. ¶ 17.) These licenses were perpetual, unlike the annual maintenance services component of the transaction. (See 2004 SLA §§ 2, 10.) Quest argues that the 2004 SLA could not apply to Fairview’s deployment of the Active Roles version 6.9 software, because that version did not exist in 2004. However, the 2004 SLA, by its plain terms, entitled Fairview to “new versions and releases of the Software” as part of the maintenance services component of the transaction—and Quest has admitted that proposition. (Id. § 10; Answer & Countercl. ¶ 19 (“[D]uring the maintenance period, maintained licensees are entitled to upgrade their licensed software to the most recent version that has been released at no additional cost.”).)”
The court then examined the 2013 agreement and pointed out language that made it clear that the 2013 STA clearly applied to licenses that were purchased under that particular Ordering Document. However, the court was unable to say that the STA superseded the earlier agreement. According to the court:
“The Court finds that the 2015 quotations unambiguously bound Fairview to the 2013 STA with respect to the 2,700 licenses purchased in 2015, but did not supersede the 2004 SLA with respect to previously purchased licenses.”
This is important as Quest argues during audits, just as it did here, that the click-through agreements that come with new purchases, annual maintenance & support or product updates somehow supersede and replace previous perpetual license agreements. It is to Quest’s advantage to do so, as with each passing year it makes its license agreements more favorable to Quest, and less favorable to the licensee. But it is to your advantage the licensee, to keep the benefits of what you bought and paid for, in the past. In fact, as we have noted previously, oftentimes the older perpetual agreement will contain language providing that the agreement may not be amended unless in a writing signed by authorized representatives of both parties. The court focused on this important point here.
“Finally, Quest argues that Fairview was required to review the 2013 STA and click “agree” while installing the Active Roles version 6.9 software update on its computer systems. But the 2004 SLA, by its terms, may not be “modified or amended except by a writing executed by a duly authorized representative of each party.” (2004 SLA § 17(j).) The click-wrap agreement allegedly executed by Fairview has not been presented to the Court, and the limited record available at this stage does not establish that the agreement constitutes a “writing executed by a duly authorized representative” of Fairview. Accordingly, it is unclear whether the click-wrap agreement caused the 2013 STA to supersede the 2004 SLA with respect to the licenses purchased under the 2004 SLA. In sum, based on the limited record available at this stage of the proceedings, the Court can only conclude that the 2013 STA governs 2,700 of Fairview’s 38,081 licenses. Because Fairview’s declaratory judgment claims do not “seek enforcement of” the 2013 STA and Quest’s counterclaims based on the 2013 STA pertain to such a small sliver of the dispute, the Court cannot yet say that this is an “action seeking enforcement of” the 2013 STA. Accordingly, the Court finds that the record at this stage does not support transfer, and denies Quest’s motion.”
The court also rejected Quest’s argument that somehow by agreeing to maintenance & support agreements, that such agreements replaced prior perpetual license agreements. According to the court:
“Quest also points to the 2017 purchase quotation and the 2018 Support Renewal Quotation. In the 2017 quotation, Fairview agreed that the “Maintenance Services for the One Identity Products set forth above,” which included all 38,101 licenses, “will be provided by One Identity . . . pursuant to the terms and conditions of the [2013 Software Transaction Agreement].” (2017 Quotation at 3.) Thus, under the 2017 quotation, the maintenance services provided in 2017 were governed by the 2013 STA. But the parties’ dispute revolves around the licenses granted in § 2 of the 2004 SLA and 2013 STA, and the true-up provisions found in § 15 and § 16 of those agreements—not the maintenance services provided for in § 10 of the agreements. Because the parties’ dispute does not pertain to the maintenance services provided in 2017, the 2017 quotation does not entail that the 2013 STA’s forum-selection clause applies to this action.”
What is the lesson learned here? If you are a company being audited by Quest look carefully at what Quest is alleging and look for arguments that newer agreements do not supersede or replace earlier agreements. Expect that Quest will make these arguments and be prepared to combat them during negotiations.
Fairview Motion to Dismiss
Breach of Contract Claim
Fairview also moved to dismiss Quest’s claims for breach of contract and copyright infringement, which motion was denied. With regard to the contract based claim, Fairview had moved to dismiss arguing that exceeding its allowed number of licenses did not constitute breach under the plain terms of the contract, as the contract contained a true-up provision, which provided:
“If Customer’s deployment of the Software . . . is found to be greater than its purchased entitlement to such Software, Customer will be invoiced for the over-deployed quantities at Dell’s then current list price plus the applicable Maintenance Services and applicable over-deployment fees. (2013 STA § 15.)”
According to the court, “Fairview argues that because the agreement contemplated that Fairview might over-deploy the Active Roles software and provided a mechanism for compensating Quest in the event of such an over-deployment, over-deployment does not constitute a breach of the contract”.
The court however, disagreed reasoning that the over deployment was not the only breach that Quest was alleging. Instead, the court found that Quest had stated a breach of contract claim because it demanded payment, and Fairview did not pay the demand as required by the true-up clause.
Fairview also argued that Quest could not state a copyright claim as the true-up provision was a covenant and not a condition and thus over deployment did not exceed the scope of the license. Fairview relied on a ruling in Quest Software, Inc. v. DirecTV Operations, LLC to make this argument, where a California federal court had ruled against Quest. However, in denying the motion, Judge Nelson reasoned that the provision at issue in DirectTV was different then the case at bar. The court found that the contract at issue in DirectTV:
“expressly gave the defendant the right to exceed the number of licenses granted in the contract. See id. at *8 (“Under the terms of the License Agreement, Defendant had the ‘right to increase the aggregate number of CPU’s . . . by up to 10% per product . . . at no additional fee.’ Defendant could exceed this 10% threshold on the condition that it paid Plaintiff additional license fees.”). By contrast, the 2013 STA granted Fairview a license only to “the quantities of each item of Software identified in the applicable Order.” (2013 STA § 2(a).) While the true-up provision provided a remedy should Fairview be found to exceed that quantity, the true-up provision did not expressly give Fairview the right to do so. (See id. § 15.) Thus, Quest has plausibly alleged that by exceeding the numerical limitation on Fairview’s licenses, Fairview exceeded the scope of its license”.
We analyze this covenant vs. condition distinction in one of our previous blog posts, for readers wanting a deeper understanding of the issue.
For Quest licensees, be prepared that Quest may claim that later click-through agreements superseded earlier perpetual license agreements. Quest licensees should consider arguments that such agreements do not rise to the level of written amendments signed by authorized representatives of both parties.
Tactical Law will continue to monitor the case. Check back for future updates.
Thinking Of Going With An Oracle ERP System? Multiple Lawsuits Allege That Oracle Overpromises, Underdelivers And Leaves Customers With A Big Bill To Boot
By Dee Ware
Perhaps your company decides that it needs to add an enterprise resource planning (“ERP”) system or to replace its existing system and contacts Oracle to learn about Oracle’s capabilities and product offerings. Or maybe Oracle has proactively reached out to you to sell its software and services. In some instances, customers contend in public court filings that they have found themselves out-of-pocket or owing significant amounts of money to Oracle or its assignees with little or nothing to show for it.
In Elkay Plastics Co., Inc. (“Elkay”) v. Netsuite Inc., Oracle America, Inc., et al., San Francisco County Superior Court, Case No. CGC-20-583152, Elkay, a supplier of flexible packaging for the food service, healthcare and industrial markets with multiple service and distribution centers in the United States concluded that its legacy ERP system was no longer suited for its business needs. As a result, it issued a Request for Information to a number of software vendors, including to NetSuite, which is a wholly owned subsidiary of Oracle. (Joint Case Management Statement filed Aug. 28, 2020 at page 3, lines 7-16). Based on representations made by Oracle as to the suitability of the NetSuite software, purported skill and experience of Oracle employees and contractors and a promised high level of performance, Elkay executed a contract in May 2018 for the implementation and use of the NetSuite software. Id. at page 3, lines 20-23. According to Elkay:
“NetSuite and Oracle attempted to implement their software. The implementation was an unmitigated failure. Processing speeds and latency times for all transactions that were input into the ERP software varied between 4.1 and 30.35 seconds, with the NetSuite server taking up to 29 seconds. By way of comparison, Elkay’s 1995 legacy ERP software system’s processing times were approximately 2 seconds.” Id. at page 3, lines 24-28.
“NetSuite and Oracle urged Elkay to implement additional functionality and customizations in order to resolve the processing speeds, including purchasing additional software functionality and making at least 20 additional customizations to the software—all at Elkay’s expense. . . . However, despite paying for the performance profile and implementing NetSuite and Oracle’s recommendations, transactions speeds failed to materially improve.” Id. at page 4, lines 4-10.
In the end, Elkay reported paying NetSuite and Oracle approximately $1,282,401 and being obligated to pay an additional $1,645,897 through March 1, 2023 for an ERP system that did not perform according to industry standards, address Elkay’s core business processes or meet NetSuite and Oracle’s performance and functionality representations. Id. at page 4, lines 13-18.
Elkay’s experience is not dissimilar from what has been alleged in other recent lawsuits, including Barrett Business Services, Inc. (“BBSI”) v. Oracle America, Inc., et al., San Francisco County Superior Court, Case No. CGC-19-572474 and Banc of America Leasing & Capital, LLC (“BALC”) v. Janco Foods, Inc. (“Janco”), et al., United States District Court, N.D. CA, Case No. 3:20-cv-05152 LB.
In the BBSI case, Plaintiff alleges that Oracle solicited BBSI, a professional employer organization (“PEO”) to sell its ERP software product, and once Oracle gained a foothold at BBSI, Oracle and its implementation partner began aggressively pushing the HCM Cloud, misrepresenting its capabilities and fitness for BBSI’s business model, severely downplaying the system’s limitations and the level of customization required and the exorbitant cost and time to do so, and inflating its integration partner’s experience and expertise in configuring and customizing HCM Cloud for a PEO. (BBSI’s Memorandum of Points and Authorities in Opposition to Oracle’s Motion for Summary Adjudication, page 1, lines 6-8 and 10-16). According to BBSI, only after it signed a $15 million licensing deal with Oracle and a $429,268 Statement of Work with Oracle’s integration partner did BBSI discover that the HCM Cloud was riddled with design, functionality, interface, integration and performance gaps and that its out-of-the box capabilities would not meet BBSI’s needs as a PEO. Bridging some of the gaps would take over two years and customization work costing $33 million rather than the $5.9 million originally quoted. Id. at page 1, lines 17-23. BBSI’s lawsuit seeks over $12 million in direct and consequential compensatory damages from Oracle and its integration partner for what BBSI says are useless products and services. Id. at page 2, line 11; and Complaint, ¶47. BBSI is also litigating against Key Equipment Finance (“KEF”), the entity to whom Oracle’s financing arm, Oracle Credit Corporation (“OCC”) assigned BBSI’s financing contract. KEF contends that, even if Oracle failed to deliver the required functionality, “come hell or high water” BBSI must pay KEF for the entire amount of the assignment. At least one court in Washington state has expressed its view that such a scheme by Oracle and OCC may not be enforceable, as such a contract would be illusory and lack consideration. See Oracle Customers Beware of Potential Legal Risks of Financing ERP Deals Through Oracle Credit Corporation, Tactical Law Oracle Blog (Sept. 7, 2020), https://www.tacticallawgroup.com/oracle-software-audit-blog/oracle-customers-beware-of-potential-legal-risks-of-financing-erp-deals-through-oracle-credit-corporation.
Likewise, in the Janco case, in addition to battling Oracle, Janco is also being forced to litigate against BALC, the assignee of a financing contract assigned to it by OCC. Janco is a food service company, distributing food products and equipment to restaurants in the Houston area. (Complaint, ¶1). Janco too alleges that it was approached by Oracle, which represented that it could develop software, customized to meet Janco’s needs for a flat fee, which could “go live” within 100 days. Id., ¶¶1-2, 15-16, 26. The commissioned work was financed through a Payment Plan Agreement (“PPA”) with Oracle’s financing arm, OCC, just like in the BBSI case. Shortly thereafter, OCC assigned its rights to payment to BALC. (Joint Case Management Statement and Rule 26(f) Report filed Oct. 22, 2020 at page 2, line 25 – page 3, line 6). After nearly two years, Janco claims that Oracle never delivered a working product and says that it has been told by an Oracle employee that the system “will likely never work notwithstanding Oracle’s attempt to extract . . . an additional $40,000 to $50,000 for further ’customization‘ that Oracle was required to perform as part of the agreements with Janco.” Id. at page 3, lines 24-28. Nonetheless, Janco may still be on the hook to BALC for a sizeable sum. BALC contends that any alleged misrepresentations by Oracle do not invalidate the finance contract, that the subject PPA which Janco entered into with OCC contains a valid and enforceable California Commercial Code section 9403 waiver of claims and defenses against any assignee of OCC, and that Janco’s only recourse is against Oracle. Id. at page 5, lines 10-15.
What lesson can be taken away from these cases? Companies considering entering into an ERP contract with Oracle should carefully review the proposed warranties and limitations of liability provisions and negotiate appropriate changes. Also, consider including specific deliverables in the contract with a definitive timeline for implementation and remedies benefiting your company if Oracle does not meet its commitments. For companies considering financing through OCC, think carefully before agreeing to any clause that would allow Oracle to assign the contract at its convenience but still require that your company remain on the hook for the full value of the assignment, even if Oracle has completely failed to deliver what it promised.
By Pam Fulmer
Many Oracle customers understand that Oracle is not their friend and Oracle has been accused by many of using hard ball audit tactics (if not downright fraud) against Oracle customers to boost sales of Oracle cloud and other software. Oracle’s notoriety for conducting predatory audits of its customers continues to grow and Oracle customers should be on high alert as we wait for a decision by the U.S. Supreme Court in the Google vs. Oracle case. In fact, we at Tactical Law are seeing an uptick in companies complaining of being contacted by Oracle about Java. Although we are not aware of Oracle conducting formal audits of its customers relating to Java, Oracle has been probing with sales and other teams to informally obtain information about the customer’s usage of Java. Don’t fall for this Oracle trap. Instead, take action now to identify any potential issues with your use of Java, and protect yourself from what we believe will be a new wave of Oracle audits of Java in the months to come.
What is Oracle doing now? From what we can tell Oracle has been assembling a team of, for the most part, recent college graduates with little prior job experience to speak of, to begin informally reaching out to Oracle customer’s concerning the customer’s use of Java. Do not pick up the phone or respond to any emails from the Oracle Java team unless you receive a formal audit notice. Also resist any questions concerning Java and your VMware environment from these informal Oracle probes. Cooperation now with these fishing expeditions will only get you in trouble, as Oracle appears to be attempting to assert its non-contractual view of what it means to “use” Oracle software as it pertains to processor based licensing and VMware environments.
Why are Oracle customers at risk as it pertains to their use of Java? In April of 2019 Oracle changed how it was licensing Java. As one Oracle expert consultant has explained:
“In the past, both OpenJDK and Oracle JDK were licensed under the same Binary Code License, which included a combination of both free and paid commercial terms. However, starting with Java 11 […], Oracle changed to using the “GNU General Public License v2, with the Classpath Exception (GPLv2+CPE)” license for OpenJDK and a commercial license (Java SE Subscription or Java SE Desktop Subscription) for Oracle JDK.” House of Brick Blog Post.
The Oracle Technology Network License Agreement for Oracle Java SE is a click-through agreement that you must agree to in order to download Java SE . Importantly we advise that companies ensure that their IT Departments have directives in place making clear that not all employees have authority to agree to such click-through agreements, and prohibiting them from doing so without the authorization of management after careful consideration of the potential risks.
The SE license provides that:
Oracle is willing to authorize Your access to software associated with this License Agreement (“Agreement”) only upon the condition that You accept that this Agreement governs Your use of the software. By selecting the "Accept License Agreement" button or box (or the equivalent) or installing or using the Programs, You indicate Your acceptance of this Agreement and Your agreement, as an authorized representative of Your company or organization (if being acquired for use by an entity) or as an individual, to comply with the license terms that apply to the software that You wish to download and access. If You are not willing to be bound by this Agreement, do not select the “Accept License Agreement” button or box (or the equivalent) and do not download or access the software.
We have seen examples where unauthorized employees have downloaded software and agreed to terms such as those in the Oracle Java SE license. Although perhaps there are legal arguments that those employees were not authorized to download the software, and therefore the company is not bound, it is better to not need to climb that hill in the first place.
What are the risks of agreeing to the Java SE license? Execution of this license by companies who are not thinking through the potential liability issues raise significant areas of risk. For example, the license provides that:
“License Rights and Restrictions Oracle grants You a nonexclusive, nontransferable, limited license to use the Programs, subject to the restrictions stated in this Agreement and Program Documentation, only for:
(i) Personal Use,
(ii) Development Use,
(iii) Oracle Approved Product Use, and/or
(iv) Oracle Cloud Infrastructure Use.
You may allow Your Contractor(s) to use the Programs, provided they are acting on Your behalf to exercise license rights granted in this Agreement and further provided that You are responsible for their compliance with this Agreement in such use. You will have a written agreement with Your Contractor(s) that strictly limits their right to use the Programs and that otherwise protects Oracle's intellectual property rights to the same extent as this Agreement. You may make copies of the Programs to the extent reasonably necessary to exercise the license rights granted in this Agreement.”
So say a company uses the Java SE in development. The license agreement provides that right.
“Development Use” is defined as “Your internal use of the Programs to develop, test, prototype and demonstrate Your Applications. For purposes of clarity, the “to develop” grant includes using the Programs to run profilers, debuggers and Integrated Development Environments (IDE Tools) where the primary purpose of the IDE Tools is profiling, debugging and source code editing Applications.”
However, should the company then begin using the software in production, the company would then be outside the scope of the licensed use. The Java SE license also contains an audit clause allowing Oracle to audit the companies use of the programs. As a result, once the software is used in production it is incumbent on the company to obtain a proper license. We will discuss more about this issue below.
Another potential pitfall is what constitutes “Oracle Approved Product Use”. According to the license:
“Oracle Approved Product Use” refers to Your internal use of the Programs only to run: (a) the product(s) identified as Schedule A Products at https://java.com/oaa; and/or (b) software Applications developed using the products identified as Schedule B Products at java.com/oaa by an Oracle authorized licensee of such Schedule B Products. If You are unsure whether the Application You intend to run using the Programs is developed using a Schedule B Product, please contact your Application provider.”
What does this mean? Certain types of Oracle products are included in the Oracle approved use and certain third party products may be as well. So companies should ensure that the Oracle products that they are using are included and that other applications the company is using are as well. The Java SE license provides that any other uses not specified require another license. According to the license agreement:
“[a]ll rights not expressly granted in this Agreement are reserved by Oracle. If You want to use the Programs for any purpose other than as expressly permitted under this Agreement, You must obtain from Oracle or an Oracle reseller a valid Program license under a separate agreement permitting such use.”
What happens if a company needs to obtain a Java license for commercial use? Companies who need to obtain a license for commercial use will enter into an Ordering Document with Oracle to purchase an annual subscription for Java. That Ordering Document will also require that the customer execute an Oracle Master Agreement (“OMA”). In the licensing definitions included in the OMA or Ordering Document, the customer will find the definition of what constitutes “use” as it pertains to the processor metric. This then is where Oracle will attempt to put into play its extra-contractual assertions of what it means for Oracle software to be “installed and/or running” In other words Oracle’s “prospective use” argument and its strained (and in our opinion incorrect) interpretation of what it means for Oracle software to be “installed and/or running”. Clients running VMware can expect that Oracle will likely allege large compliance gaps for use of Java in VMware environments given Oracle’s past audit track record. So be prepared.
How can a company protect itself now and prepare for the inevitable Oracle audit? Companies should take steps now to see seek legal and technical advice concerning what are the best practices for staying compliant and mitigating the risks associated with use of Java and its implications for future Oracle audits. Now is the time for companies to retain expert consultants who can analyze the company’s IT environment and identify what applications are Oracle approved products, etc. Such experts can also advise if there are ways to use OpenJDK instead of Oracle JDK, the commercial version, which can save on licensing costs and mitigate risks.
What is the lesson learned from this blog post? Companies should not respond to Oracle’s attempts at soft audits of its usage of Java. Ignore these overtures and instead take steps to understand your legal rights and your compliance position. It is much better to go to Oracle and put in your order for exactly what licenses you need to be compliant rather than allowing Oracle to come in and poke around in your environment and then serve up a large non-compliance bill.
By Tactical Law Attorneys and From Time to Time Their Guests