By Pam Fulmer
Readers of this blog know that our firm is engaged every day in advising governmental entities and companies of all sizes how to successfully defend against aggressive enterprise software audits where software publishers often seek to unfairly inflate their audit findings by conducting predatory audits. Unfortunately, these audits are only on the rise, as enterprise software companies seek to maximize revenue, by often taking baseless legal positions not grounded in the contract, or even surreptitiously trying to switch out the old contract for a newer, more favorable one without proper notice. We advise our clients to stand firmly against capitulating to such tactics, because by giving in rather than fighting back, companies only find themselves victimized again a few years down the road. Rather than buying peace by making a large software purchase, many of the most notorious of these predatory software publishers will only view the company as an easy target in a future audit and strike again.
A recent lawsuit filed in Utah state court against Quest Software, Inc. (“Quest”), an enterprise software company that we have dealt with often and that is notorious for conducting predatory audits, illustrates the point. On September 18, 2023, HealthEquity, Inc. (“HealthEquity”), a business services company designated by the IRS as a health savings trustee for health savings accounts for individuals and businesses, filed a complaint against Quest seeking various declaratory relief and asserting a claim against Quest for breach of the implied covenant of good faith and fair dealing. In its lawsuit, HealthEquity tells the story of its recently acquired subsidiary, WageWorks which underwent a Quest audit in 2019. The Complaint alleges that WageWorks recognized that it did not have ideal controls in place to monitor usage of the Quest software. So rather than defend the audit aggressively, WageWorks made a large license purchase and in subsequent discussions with Quest asked for Quest’s advice as to what controls to put in place to ensure future compliance. The Complaint alleges that WageWorks and later HEI followed that advice and created a tracking system for Toad software access and “complied with those instructions to tightly control the number of employees who could access the Toad software products.” The Complaint goes on to allege that:
“This level of control was accomplished with the use of assigned serial keys provided to WageWorks by Quest for each seat license it purchased. Despite doing as Quest instructed just a few years prior, HealthEquity was being told in 2023 that licenses were required for every employee who could potentially access any server or individual device on which the software products were installed, regardless of whether those individuals could, or did, actually access and utilize the Toad software itself. This was contradictory to the direction previously provided by Quest, and contrary to the governing contractual terms.” Comp. ¶ 9.
Companies that have suffered through a Quest audit will recognize this argument immediately. Quest, and other companies such as Oracle when making its VMware argument, appear to be executing on strategies to attempt to charge companies a licensing fee even when the software is not being used. According to the Complaint:
“HealthEquity soon discovered that Quest’s audit processes were intentionally designed to include numerous individuals in its audit numbers who should not have been included as requiring licenses under the terms of the parties’ agreements. Specifically, HealthEquity’s audit report included any users who could access the servers on which the software was installed, rather than the users who could actually access and utilize the software products themselves. This over-inclusion resulted in the grossly inflated numbers in Quest’s “Reconciliation Summary.”” Compl ¶35.
Upon information and belief, Quest’s audit practices and interpretation of contract terms to its customers have been intentionally designed for the bad faith purpose of over-estimating the extent of the customer’s deployment and license requirements. This provides the basis for Quest to make an inflated demand for payment of over-deployment fees contrary to the terms of the parties’ agreements. Quest then leverages these inflated audit results to push its customers to purchase additional licenses and extend the terms of their licensing relationship with Quest for an additional period of years.” Compl. ¶36.
HealthEquity then alleges that although the Quest software contains tools that can confirm that no usage occurred, Quest ignores these tools because it prefers to use the inflated amounts as leverage to obtain the highest settlement possible.
In the case of Quest, this strategy is helped along by the fact that almost every year Quest changes the language of its standard licensing agreement, known as the Software Transaction Agreement (“STA”). These changes make the agreement more favorable to Quest and seek to take away rights from its licensees. In addition, Quest customers with older license agreements such as the one at issue in this lawsuit, govern the perpetual licenses purchased and contain clauses that say that no amendment to the agreement can occur without a writing signed by both parties. Nonetheless, and in contravention of its older agreements, Quest takes the position that by downloading updated versions of the software the customer is agreeing to the acceptance of the more recent STA, such as the 2018 STA promoted by Quest in this lawsuit. Compl. ¶39. This is problematic as later versions of the STA change key terms such as the choice of law and dispute resolution clauses. They also include language that allows Quest to charge the current list price for alleged over usage rather than the formerly negotiated price, and also includes penalties such as back maintenance & support and interest.
Based on these and other contradictions in the various agreements, HealthEquity has sought declaratory relief. This is a good thing as it would be really helpful to have a court weigh in and hopefully put an end to some of these predatory tactics. In addition to the declaratory relief, HealthEquity has asserted a claim for breach of the implied covenant of good faith and fair dealing. In that regard, the Complaint has the following to say:
“Quest violated this covenant by, among other things, providing instruction to HealthEquity as to how its license requirement would be calculated, how its compliance with license entitlement could be controlled, and the effects of installing Toad software products on a shared server in its environment. Quest then later asserted HealthEquity had violated its license agreements and was out of compliance with its license entitlement despite the fact that HealthEquity had closely followed Quest’s former guidance and tightly controlled access to the software products in its environment.
Quest has harmed HealthEquity by intentionally, and with bad faith, using a so-called audit to wrongly accuse HealthEquity of software over-deployment in an attempt to coerce HealthEquity into paying significant sums of money to Quest to which Quest is not entitled. Quest’s bad faith and unfair dealing have forced HealthEquity to expend significant sums of money to defend against Quest’s illegitimate audit claims.
Demonstrating its bad faith and unfair dealing, upon information and belief, Quest, as a matter of company policy and business strategy uses its audit group primarily to drive significant additional and undeserved revenue for Quest, not to ensure customer license compliance. Quest has executed this wrongful policy and strategy against HealthEquity.
Quest did not comply with its obligation to act in good faith and to deal fairly with HealthEquity, and to act consistently with HealthEquity’s justified expectations arising from the parties’ agreements and prior dealings.
Quest has failed to deal fairly and honestly with HealthEquity and has intentionally or purposefully destroyed and injured HealthEquity’s right to receive the fruits of its license purchases. For example, Quest’s actions, as alleged herein, have injured HealthEquity’s right to use its licenses within the terms of the parties’ agreements for the agreed upon purchase price.” Compl. ¶¶ 90-94.
In our view, the fact that this case needed to be filed shows how badly some enterprise software companies have run amuck with their audit abuses and unfair trade practices, and hiding the ball concerning various contractual provisions in undisclosed and hidden agreements. They are literally turning the entire law of contract on its head. Once upon a time, two companies would sit down at arm’s length and negotiate a deal and then they would document the deal in a writing. During the negotiation process risk would be accessed and allocated through price and other contractual means. Everything was above board, and the parties were rational actors knowing what they were getting in their bargained for exchange. That is the entire theory on which contract law is based. Our entire commercial system rests on this foundation. However, recently some enterprise software companies are turning this entire regimen on its head. Apparently, Quest tries to replace legacy agreements by surreptitiously slipping in new agreements with maintenance & support updates. Updates that are often performed by low-level employees who have no idea that Quest or another software company is going to claim that the agreement accompanying the maintenance & support update is the new governing agreement. Agreements that never reach the legal department and that the lawyers working for the company don’t even know exist until it is presented in the audit as a basis for a multi-million-dollar non-compliance claim. There is no fair notice here. Switching out choice of law, venue, audit clauses at will without sitting down and even notifying true decision-makers at the company that if they update their software they are agreeing to an entire new contract is not the way that contract law is supposed to work. Courts should put a stop to it and not let these abuses continue. We hope that HealthEquity wins its case.
Tactical Law will continue to monitor the progress of the lawsuit and provide updates periodically. The case is HealthEquity Inc. v. Quest Software Inc., Case Number 230906993 venued in the Salt Lake District, State of Utah.
By Tactical Law Attorneys and From Time to Time Their Guests