By Pam Fulmer
Yesterday a three-judge panel of the Ninth Circuit issued a significant ruling in the longstanding copyright and false advertising dispute between Oracle International Corporation and Rimini Street, Inc., a third-party software support provider and Oracle competitor. This latest decision, vacating and remanding key aspects of the district court’s permanent injunction, brings new clarity to derivative works under the Copyright Act, defenses under Section 117(a), and the application of the Lanham Act to commercial statements and what constitutes puffery versus actual misrepresentations. Case Background Oracle, a developer of enterprise software including Database and PeopleSoft, has been in litigation with Rimini since 2010. In prior rulings, Rimini was found to have infringed Oracle’s copyrights through processes like “cross-use,” where copies of Oracle’s software were stored on Rimini’s systems. Following these decisions, Rimini restructured its business model into “Process 2.0” and sought a declaratory judgment that its new methods no longer infringed. Oracle counterclaimed for further copyright infringement and false advertising under the Lanham Act. The district court sided with Oracle, issuing a sweeping injunction requiring Rimini to delete software files and correct alleged misstatements. The court vacated rulings that Rimini infringed Oracle's Database and PeopleSoft copyrights. For Database, the licensing agreement did not prohibit third parties from possessing copies to support clients' operations. For PeopleSoft, the district court's rulings relied on an erroneous view of derivative works. The court found that the district court erred by focusing on mere interoperability of the software and emphasized that instead the analysis must focus on whether the work substantially incorporates the copyrighted work. The court also found that the lower court must conduct a further analysis as to whether the Oracle customers owned a copy of the software so as to make a Section 117(a) defense potentially applicable. Finally, the Ninth Circuit ruled that several of Rimini's marketing related statements were not actionable as mere puffery, but did find that Rimini's statement that it provided a "holistic" and "multilayered" security actionable. All in all a big win for Rimini, and a crippling loss for Oracle. What were the key holdings from the case? Key Ninth Circuit Holdings 1. Derivative Works (Copyright Act) A copyright owner has the exclusive right to prohibit or authorize the preparation of derivative works. The Ninth Circuit found that “[t]he district court held Rimini-written files and updates developed during the “Process 2.0” period were infringing derivative works because they “only interact[] and [are] useable with” Oracle software. Oracle Int’l Corp., 2023 WL 4706127, at *66. The Ninth Circuit criticized the district court for adopting “an “interoperability” test for derivative works—if a product can only interoperate with a preexisting copyrighted work, then it must be derivative.” “A derivative work must actually incorporate Oracle’s copyrighted work, either literally or nonliterally.” The panel emphasized that “mere interoperability” is insufficient to establish derivative status under the Copyright Act, vacating the lower court's findings. According to the Court: Here, “[t]he examples of derivative works provided by the Act all physically incorporate the underlying work or works.” Lewis Galoob Toys, Inc. v. Nintendo of Am., Inc., 964 F.2d 965, 967 (9th Cir. 1992). Take a “translation.” Translating a novel from English incorporates the original expression of the novel in a new language. A motion picture takes elements of the novel’s original expression and incorporates them into an audio-visual experience. The same goes for an abridgment—it incorporates the novel’s original expression into a condensed version. Thus, Congress’s list of examples suggests that a “derivative work” must be in the subset of works substantially incorporating the preexisting work. Once again, whether a work is interoperable with another work doesn’t tell us if it substantially incorporates the other work." Based on this textual analysis, we’ve said that “a work is not derivative unless it has been substantially copied from the prior work.” Litchfield v. Spielberg, 736 F.2d 1352, 1357 (9th Cir. 1984); see also 1 Nimmer on Copyright § 3.01 (2024) (“A work is not derivative unless it has substantially copied from a prior work.”). And we have held that “[a] derivative work must incorporate a protected work in some concrete or permanent ‘form.’” Lewis Galoob Toys, Inc., 964 F.2d at 967. What does it means to incorporate a work in the software context? According to the Ninth Circuit: [T]he incorporation of a preexisting work can take several forms. First, the incorporation can be “literal.” See Best Carpet Values, Inc. v. Google, LLC, 90 F.4th 962, 971 (9th Cir. 2024) (holding that a website’s source code is a “copyrightable literal element[]”). So copying substantial portions of PeopleSoft’s copyrighted code outright would be an example of literal incorporation. Second, the incorporation can be nonliteral, such as copying the “total concept and feel” of a preexisting work. Litchfield, 736 F.2d at 1357; see also SAS Inst., Inc. v. World Programming Ltd., 64 F.4th 1319, 1326 (Fed. Cir. 2023) (stating that the nonliteral elements of a computer program “include the program architecture, structure, sequence and organization, operational modules, and user interface”). The Court vacated the lower court’s ruling that Rimini created a derivative work based solely on Rimini’s “programs’ interoperability with Oracle’s programs.” 2. Section 117(a) Defense: Ownership of a Copy Survives It is well settled that no copyright infringement exists under the Copyright Act if an “owner of a copy of a computer program . . . mak[es] . . . another copy or adaptation of that computer program” for certain purposes, such as when it’s an “essential step” in using the program. 17 U.S.C. § 117(a). Courts have described this provision as an “affirmative defense to infringement.” According to the Ninth Circuit: To determine whether a party is an “owner of a copy” of a computer program, we look to whether the party has “sufficient incidents of ownership” over the copy of the software program. See UMG Recordings, Inc. v. Augusto, 628 F.3d 1175, 1183 (9th Cir. 2011) (simplified). And the question is not about ownership of the copyrighted material—it’s about ownership of a copy of the copyrighted material. The court vacated the district court's ruling striking Rimini's affirmative defense under 17 U.S.C. § 117(a). The court ruled that other incidents of ownership should be considered to determine if Oracle's customers are owners or licensees of the software copies. The Ninth Circuit ruled that labeling an agreement a “license” does not automatically foreclose ownership claims, and is just one factor to be considered. On remand, the district court must examine the “totality of the incidents of ownership,” such as transfer restrictions or limitations on use. 3. False Advertising Under the Lanham Act The court reversed most of the district court's rulings on Rimini's security-related statements as false advertising under the Lanham Act. Many statements were deemed puffery rather than actionable claims. However, the court affirmed that Rimini's claim of offering "holistic security" was false advertising. Notable rulings include:
"doubtful that any of Oracle’s customers would be fooled about its own security needs merely based on Rimini’s fanciful but vague statements. Indeed, Oracle could not identify “any customers that left Oracle and went to Rimini because of a statement about security.” Nor did Oracle present any evidence of a security breach suffered by a Rimini client. So while these statements border on falsehood, we cannot say that they are so specific and measurable to become actionable under the Lanham Act. We thus reverse." Notably, Judge Bybee dissented in part, arguing that Rimini’s statement that Oracle patches were “no longer relevant” was sufficiently specific and absolute to be actionable. 4. The court vacated rulings that Rimini infringed Oracle's Database and PeopleSoft copyrights. Database For Database, the licensing agreement did not prohibit third parties from possessing copies to support Oracle customers’ operations. The court noted that [t]he plain language of the Oracle Database licensing agreement did not prohibit third-party support providers, like Rimini, from possessing a copy of Oracle’s software to further a client’s “internal business operations.” Rimini St., 81 F.4th at 854–55. In the appeal of the contempt proceedings, “Oracle [could not] point[] to [any] location restriction” in the Oracle Database licensing agreement. Id. at 855. Nor did the district court here identify a “location restriction” in the use of Oracle Database. While we affirmed any activity that directly fell within Rimini I’s injunction, we declined to extend it to a “different situation.” See id. We thus vacate the district court’s ruling that the 18 “gap customer” environments containing Oracle Database violated Oracle’s licensing agreement. PeopleSoft For PeopleSoft, the district court's rulings relied on an erroneous view of derivative works. Rimini challenged the district court’s ruling that both (1) its use of “automated tools” to deliver PeopleSoft updates from one client to another and (2) the “outright” delivery of PeopleSoft updates to clients without further testing in the clients’ environments constitute copyright infringement. The Ninth Circuit instructed the lower court to reexamine the use of automated tools in light of the legal standard articulated for “derivative work” before deciding whether Rimini’s “automated tools” violate copyright laws. With regard to “outright” delivery, the district court found that Rimini violated Oracle’s copyright when it developed an update in the City of Eugene’s PeopleSoft environment and then delivered it “outright” to three other clients. But again based on the derivative use standard articulated in the decision, the Panel found that the lower court’s analysis did not go far enough. Instead, "The district court must first determine whether this update copies Oracle’s protected expression, either literally or nonliterally. If the district court finds protected expression in this update, it would be relevant to know if any extra copies of the update were created in the City’s environment solely because Rimini planned to distribute the update to other clients. In other words, further explanation is required of why “prototyping” the update in the City’s environment for non-City clients “necessarily” violates the “internal data processing operations” provision." Implications This decision has far-reaching implications for software providers and third-party support businesses. By rejecting an overly broad definition of “derivative works” and reinforcing the Section 117(a) defense, the Ninth Circuit has provided stronger defenses to software users and their support partners. Simultaneously, it highlights the risks of overstating service capabilities under the Lanham Act, but also demonstrates a reluctance to reign in misleading statements, as long as the statements are made to sophisticated companies like the ones who use Oracle database software. The Ninth Circuit vacated significant portions of the injunction and remanded the case for further proceedings under its clarified legal standards. All in all, a huge win for Rimini Street and a bitter defeat for Oracle. One thing is guaranteed. We have not heard the end of it.
0 Comments
By Pam Fulmer
In the world of enterprise software, Oracle stands out not only for its expansive product offerings but also for its aggressive tactics in enforcing licensing compliance. Among Oracle's most controversial practices is its use of online agreements for software like Java SE and VirtualBox. These agreements allow individuals to download the software free of charge for "certain non-commercial uses," but when those conditions are violated—often unwittingly—companies find themselves on the receiving end of hefty licensing demands. Oracle's strategy raises serious questions about transparency and fairness in software licensing. This blog explores the issues surrounding Java SE and VirtualBox, the potential legal implications of Oracle’s practices under California law, and potential remedies for affected companies. The Software at the Heart of the Issue: Java SE and VirtualBox Java SE (Standard Edition) and VirtualBox are two widely used Oracle products with free versions available for download. Both come with licensing restrictions that create traps for the unwary:
How Oracle Traps Companies The mechanics of Oracle’s entrapment are straightforward yet highly effective:
The Role of Click-Through Agreements The crux of Oracle’s strategy lies in the click-through agreements that individuals accept when downloading the software. These agreements are often dense and filled with legalese, making it unlikely that employees fully understand the implications. Oracle relies on these agreements to assert that:
Legal and Ethical Concerns Oracle’s practices potentially raise significant ethical and legal questions. In addition, under California law, which governs many of Oracle's contracts, companies might have claims against Oracle for deceptive business practices. Deceptive Business Practices Under California Law California’s Unfair Competition Law (UCL) (California Business & Professions Code § 17200) prohibits “any unlawful, unfair, or fraudulent business act or practice.” Oracle’s actions may fall within this framework for several reasons:
Employee Actions and Agency Law Another legal issue arises from whether employees have the authority to bind their employers by accepting Oracle’s licensing terms. Under general principles of agency law, employees typically do not have the authority to enter into contracts on behalf of their employer unless explicitly authorized. Companies could argue that Oracle’s reliance on click-through agreements to impose licensing obligations is invalid unless the employee had actual or apparent authority to act on behalf of the company in the IT context. What Companies Can Do to Protect Themselves Given Oracle’s aggressive tactics, companies should take proactive steps to mitigate risks:
The Path Forward: Legal Remedies for Companies Companies targeted by Oracle’s practices may consider legal action to challenge licensing demands. Potential claims may include:
Conclusion Oracle’s monetary demands for the alleged non-compliance are no joke and can run into the millions of dollars. Oracle’s use of online agreements for “free” Java SE and VirtualBox software creates significant risks for companies that have employees who unwittingly download and use the software. For companies, the best defense is a combination of proactive measures and legal vigilance. By restricting employee downloads, auditing software use, and challenging Oracle’s claims when warranted, businesses can reduce their exposure to Oracle’s aggressive licensing practices. Tactical Law assists companies that are contacted by Oracle about Java and Virtual Box non-compliance to resolve their licensing disputes with Oracle. |
By Tactical Law Attorneys and From Time to Time Their Guests
|