Oracle Blog of Tactical Law Group LLP

The Beat Goes On: Rimini Street Victorious at the Ninth Circuit as the Court Vacates and Remands Key Parts of the Case for Further Proceedings

12/17/2024

By Pam Fulmer

Yesterday a three-judge panel of the Ninth Circuit issued a significant ruling in the longstanding copyright and false advertising dispute between Oracle International Corporation and Rimini Street, Inc., a third-party software support provider and Oracle competitor. This latest decision, vacating and remanding key aspects of the district court’s permanent injunction, brings new clarity to derivative works under the Copyright Act, defenses under Section 117(a), and the application of the Lanham Act to commercial statements and what constitutes puffery versus actual misrepresentations.

Case Background
Oracle, a developer of enterprise software including Database and PeopleSoft, has been in litigation with Rimini since 2010. In prior rulings, Rimini was found to have infringed Oracle’s copyrights through processes like “cross-use,” where copies of Oracle’s software were stored on Rimini’s systems. Following these decisions, Rimini restructured its business model into “Process 2.0” and sought a declaratory judgment that its new methods no longer infringed. Oracle counterclaimed for further copyright infringement and false advertising under the Lanham Act.

The district court sided with Oracle, issuing a sweeping injunction requiring Rimini to delete software files and correct alleged misstatements.

The court vacated rulings that Rimini infringed Oracle's Database and PeopleSoft copyrights. For Database, the licensing agreement did not prohibit third parties from possessing copies to support clients' operations. For PeopleSoft, the district court's rulings relied on an erroneous view of derivative works. The court found that the district court erred by focusing on mere interoperability of the software and emphasized that instead the analysis must focus on whether the work substantially incorporates the copyrighted work. The court also found that the lower court must conduct a further analysis as to whether the Oracle customers owned a copy of the software so as to make a Section 117(a) defense potentially applicable. Finally, the Ninth Circuit ruled that several of Rimini's marketing related statements were not actionable as mere puffery, but did find that Rimini's statement that it provided a "holistic" and "multilayered" security actionable. All in all a big win for Rimini, and a crippling loss for Oracle. What were the key holdings from the case?

Key Ninth Circuit Holdings

1. Derivative Works (Copyright Act)

A copyright owner has the exclusive right to prohibit or authorize the preparation of derivative works.  The Ninth Circuit found that “[t]he district court held Rimini-written files and updates developed during the “Process 2.0” period were infringing derivative works because they “only interact[] and [are] useable with” Oracle software. Oracle Int’l Corp., 2023 WL 4706127, at *66. The Ninth Circuit criticized the district court for adopting “an “interoperability” test for derivative works—if a product can only interoperate with a preexisting copyrighted work, then it must be derivative.”

“A derivative work must actually incorporate Oracle’s copyrighted work, either literally or nonliterally.”

The panel emphasized that “mere interoperability” is insufficient to establish derivative status under the Copyright Act, vacating the lower court's findings.  According to the Court:
Here,

“[t]he examples of derivative works provided by the Act all physically incorporate the underlying work or works.” Lewis Galoob Toys, Inc. v. Nintendo of Am., Inc., 964 F.2d 965, 967 (9th Cir. 1992). Take a “translation.” Translating a novel from English incorporates the original expression of the novel in a new language. A motion picture takes elements of the novel’s original expression and incorporates them into an audio-visual experience. The same goes for an abridgment—it incorporates the novel’s original expression into a condensed version. Thus, Congress’s list of examples suggests that a “derivative work” must be in the subset of works substantially incorporating  the preexisting work. Once again, whether a work is interoperable with another work doesn’t tell us if it substantially incorporates the other work."

Based on this textual analysis, we’ve said that “a work is not derivative unless it has been substantially copied from the prior work.” Litchfield v. Spielberg, 736 F.2d 1352, 1357 (9th Cir. 1984); see also 1 Nimmer on Copyright § 3.01 (2024) (“A work is not derivative unless it has substantially copied from a prior work.”). And we have held that “[a] derivative work must incorporate a protected work in some concrete or permanent ‘form.’” Lewis Galoob Toys, Inc., 964 F.2d at 967.

What does it means to incorporate a work in the software context?  According to the Ninth Circuit:

[T]he incorporation of a preexisting work can take several forms. First, the incorporation can be “literal.” See Best Carpet Values, Inc. v. Google, LLC, 90 F.4th 962, 971 (9th Cir. 2024) (holding that a website’s source code is a “copyrightable literal element[]”). So copying substantial portions of PeopleSoft’s copyrighted code outright would be an example of literal incorporation.

Second, the incorporation can be nonliteral, such as copying the “total concept and feel” of a preexisting work. Litchfield, 736 F.2d at 1357; see also SAS Inst., Inc. v. World Programming Ltd., 64 F.4th 1319, 1326 (Fed. Cir. 2023) (stating that the nonliteral elements of a computer program “include the program architecture, structure, sequence and organization, operational modules, and user interface”).

The Court vacated the lower court’s ruling that Rimini created a derivative work based solely on Rimini’s “programs’ interoperability with Oracle’s programs.”

2. Section 117(a) Defense: Ownership of a Copy Survives

It is well settled that no copyright infringement exists under the Copyright Act if an “owner of a copy of a computer program . . . mak[es] . . . another copy or adaptation of that computer program” for certain purposes, such as when it’s an “essential step” in using the program. 17 U.S.C. § 117(a). Courts have described this provision as an “affirmative defense to infringement.”   According to the Ninth Circuit:

To determine whether a party is an “owner of a copy” of a computer program, we look to whether the party has “sufficient incidents of ownership” over the copy of the software program. See UMG Recordings, Inc. v. Augusto, 628 F.3d 1175, 1183 (9th Cir. 2011) (simplified). And the question is not about ownership of the copyrighted material—it’s about ownership of a copy of the copyrighted material.

The court vacated the district court's ruling striking Rimini's affirmative defense under 17 U.S.C. § 117(a). The court ruled that other incidents of ownership should be considered to determine if Oracle's customers are owners or licensees of the software copies. The Ninth Circuit ruled that labeling an agreement a “license” does not automatically foreclose ownership claims, and is just one factor to be considered.

On remand, the district court must examine the “totality of the incidents of ownership,” such as transfer restrictions or limitations on use.

3. False Advertising Under the Lanham Act

The court reversed most of the district court's rulings on Rimini's security-related statements as false advertising under the Lanham Act. Many statements were deemed puffery rather than actionable claims. However, the court affirmed that Rimini's claim of offering "holistic security" was false advertising. Notable rulings include:

Statements of superiority (e.g., Rimini’s security is “more effective” or “better than Oracle’s”) were non-actionable puffery, as these are generalized claims not grounded in objective metrics. Surprising to this author, these specific statements were found to be puffery and thus non-actionable:
- “Security professionals have found that traditional vendor security patching models are outdated and provide ineffective security protection.”
- Oracle’s [Critical Patch Updates] are unnecessary to be secure.
- It is not risky to switch to Rimini and forgo receiving [Critical Patch Updates] from Oracle.
- Virtual patching can serve as a replacement for [Oracle] patching.
- “Virtual patching can be more comprehensive, more effective, faster, safer, and easier to apply than traditional [Oracle] patching.”
- “Rimini Security Support Services helps clients proactively maintain a more secure application compared to [Oracle’s] support program which offers only software package-centric fixes.”
- Rimini provides more security as compared to Oracle.
- Rimini’s [Global Security Services] can “pinpoint and circumvent vulnerabilities months and even years before they are discovered and addressed by the software vendor.”
Holistic Security. However, Rimini’s claim to provide “holistic security”—interpreted as multi-layered security including source-code-level patching—was found false and actionable, as Rimini failed to offer such a service.
Security Patches. The court found that this was a closer call but ultimately found these statements non-actionable:
- Oracle’s [Critical Patch Updates] provide little to no value to customers and are no longer relevant.
- Once an Oracle ERP platform is stable, there is no real need for additional patches from Oracle.
- If you are operating a stable version of an Oracle application platform, especially with customizations, you probably cannot apply or do not even need the latest patches.

The court declined to find these statements actionable noting that Oracle’s customers are “some of the most sophisticated companies in the world” and “take the security of their systems seriously.”   The court found it:

"doubtful that any of Oracle’s customers would be fooled about its own security needs merely based on Rimini’s fanciful but vague statements. Indeed, Oracle could not identify “any customers that left Oracle and went to Rimini because of a statement about security.” Nor did Oracle present any evidence of a security breach suffered by a Rimini client. So while these statements border on falsehood, we cannot say that they are so specific and measurable to become actionable under the Lanham Act. We thus reverse."

Notably, Judge Bybee dissented in part, arguing that Rimini’s statement that Oracle patches were “no longer relevant” was sufficiently specific and absolute to be actionable.

4.  The court vacated rulings that Rimini infringed Oracle's Database and PeopleSoft copyrights.

Database

For Database, the licensing agreement did not prohibit third parties from possessing copies to support Oracle customers’ operations.  The court noted that
[t]he plain language of the Oracle Database licensing agreement did not prohibit third-party support providers, like Rimini, from possessing a copy of Oracle’s software to further a client’s “internal business operations.” Rimini St., 81 F.4th at 854–55. In the appeal of the contempt proceedings, “Oracle [could not] point[] to [any] location restriction” in the Oracle Database licensing agreement. Id. at 855. Nor did the district court here identify a “location restriction” in the use of Oracle Database. While we affirmed any activity that directly fell within Rimini I’s injunction, we declined to extend it to a “different situation.” See id.
We thus vacate the district court’s ruling that the 18 “gap customer” environments containing Oracle Database violated Oracle’s licensing agreement.

PeopleSoft

For PeopleSoft, the district court's rulings relied on an erroneous view of derivative works. Rimini challenged the district court’s ruling that both (1) its use of “automated tools” to deliver PeopleSoft updates from one client to another and (2) the “outright” delivery of PeopleSoft updates to clients without further testing in the clients’ environments constitute copyright infringement.

The Ninth Circuit instructed the lower court to reexamine the use of automated tools in light of the legal standard articulated for “derivative work” before deciding whether Rimini’s “automated tools” violate copyright laws.

With regard to “outright” delivery, the district court found that Rimini violated Oracle’s copyright when it developed an update in the City of Eugene’s PeopleSoft environment and then delivered it “outright” to three other clients. But again based on the derivative use standard articulated in the decision, the Panel found that the lower court’s analysis did not go far enough.  Instead,

"The district court must first determine whether this update copies Oracle’s protected expression, either literally or nonliterally. If the district court finds protected expression in this update, it would be relevant to know if any extra copies of the update were created in the City’s environment solely because Rimini planned to distribute the update to other clients. In other words, further explanation is required of why “prototyping” the update in the City’s environment for non-City clients “necessarily” violates the “internal data processing operations” provision."

Implications

This decision has far-reaching implications for software providers and third-party support businesses. By rejecting an overly broad definition of “derivative works” and reinforcing the Section 117(a) defense, the Ninth Circuit has provided stronger defenses to software users and their support partners. Simultaneously, it highlights the risks of overstating service capabilities under the Lanham Act, but also demonstrates a reluctance to reign in misleading statements, as long as the statements are made to sophisticated companies like the ones who use Oracle database software.

The Ninth Circuit vacated significant portions of the injunction and remanded the case for further proceedings under its clarified legal standards.  All in all, a huge win for Rimini Street and a bitter defeat for Oracle.  One thing is guaranteed.  We have not heard the end of it.

0 Comments

How Oracle Uses Online Agreements for “Free Software” to Trap Companies into Paying Large Licensing Penalties: The Hidden Costs of Oracle Java SE and VirtualBox Software

12/1/2024

0 Comments

By Pam Fulmer

In the world of enterprise software, Oracle stands out not only for its expansive product offerings but also for its aggressive tactics in enforcing licensing compliance. Among Oracle's most controversial practices is its use of online agreements for software like Java SE and VirtualBox. These agreements allow individuals to download the software free of charge for "certain non-commercial uses," but when those conditions are violated—often unwittingly—companies find themselves on the receiving end of hefty licensing demands.

Oracle's strategy raises serious questions about transparency and fairness in software licensing. This blog explores the issues surrounding Java SE and VirtualBox, the potential legal implications of Oracle’s practices under California law, and potential remedies for affected companies.

The Software at the Heart of the Issue: Java SE and VirtualBox

Java SE (Standard Edition) and VirtualBox are two widely used Oracle products with free versions available for download. Both come with licensing restrictions that create traps for the unwary:

Java SE: Oracle offers Java SE under a dual-license model. The free version is limited to personal use, development, or testing. For "commercial use," a paid license is required. However, Oracle’s definition of "commercial use" is broad and includes any use within a business environment—even if the software is not actively generating revenue. The software can be downloaded for free, and licensing obligations only arise if and when it is used commercially or outside of the limitations set forth in the online agreement.
VirtualBox: VirtualBox, an open-source virtualization software, is free to download for all uses including commercial. However, there is an Extension Pack (that offers a number of additional useful features) that is free for personal and educational use but commercial use requires a separate paid license.

How Oracle Traps Companies

The mechanics of Oracle’s entrapment are straightforward yet highly effective:

Individual Employees Download Software: Employees, often without knowledge of the licensing restrictions, download Java SE or VirtualBox for seemingly innocuous purposes, such as running a tool that requires Java or experimenting with virtualization. They are not asked for a credit card or otherwise charged at the time of the download.
Soft Licensing Audits: Oracle is notified of the download through certain monitoring related technology associated with the software. Oracle may then contact the company and assert that commercial use has occurred, triggering a licensing obligation. The interesting part is that Oracle first started charging for Java in April of 2019. Although it had information at that time about who was downloading the software Oracle apparently did not reach out and contact the companies to request a licensing fee. Instead, Oracle apparently let the fees rack up over multiple years before they started their soft audit campaign. This waiting game allowed them to demand exorbitant penalties.
Large Licensing Demands: Oracle typically demands not just a license fee for ongoing use but retroactive fees for the entire period the software was in use, sometimes stretching back years.
Ignorance Is No Defense: Companies often argue that the software was downloaded without corporate approval and without knowledge of the licensing terms. Oracle dismisses such defenses, relying on the online agreement to bind the company.

The Role of Click-Through Agreements

The crux of Oracle’s strategy lies in the click-through agreements that individuals accept when downloading the software. These agreements are often dense and filled with legalese, making it unlikely that employees fully understand the implications. Oracle relies on these agreements to assert that:

The individual user agreed to the licensing terms on behalf of their employer.
Any violation of those terms—such as using the software in a business context for a commercial use—creates a licensing obligation for the employer.
Violation of the terms automatically terminates the license, leaving the employer open to claims of copyright infringement by Oracle.

The unfairness of this approach is evident. Companies often cannot realistically monitor every software download by their employees, and Oracle’s reliance on these agreements exploits that gap.

Legal and Ethical Concerns

Oracle’s practices potentially raise significant ethical and legal questions. In addition, under California law, which governs many of Oracle's contracts, companies might have claims against Oracle for deceptive business practices.

Deceptive Business Practices Under California Law

California’s Unfair Competition Law (UCL) (California Business & Professions Code § 17200) prohibits “any unlawful, unfair, or fraudulent business act or practice.” Oracle’s actions may fall within this framework for several reasons:

Unfair Practices: By allowing free downloads of Java SE and VirtualBox, Oracle creates the illusion that the software is genuinely free. It then imposes retroactive licensing fees that were neither clearly disclosed nor reasonably understood by most users. And it lets these fees rack up over years to extract maximum monetary concessions from the unwitting company. Oracle’s use of complex and opaque click-through agreements could be construed as misleading, particularly if users are unaware that they are binding their employers to licensing obligations, and the employers never authorized or in many cases did not even know of the download.
Deceptive Soft Audit Approach: After passively sitting back and allowing years of non-compliance, the Oracle Sales Team makes its calculated move against the company, often in a way that is arguably deceptive. For example, the Internet is replete with real life stories that a friendly Oracle sales team requested detailed information from the company and claimed in initial communications that Oracle was contacting the company to ensure that the company’s data was secure and that it had the correct securities updates and patches in place. The company innocently provides the information, but the conversation turns ugly when the targeted company is presented with a large non-compliance bill by Oracle Sales.
Expensive Multi-Year Deals: Oracle will often use the alleged non-compliance to force the company into a multi-year Java or Virtual Box deal. There is something unseemly and unfair where Oracle has had knowledge of the usage for years but they let the non-compliance continue so they can claim a large licensing fee in order to move the company into an expensive multi-year licensing deal with Oracle.

Employee Actions and Agency Law

Another legal issue arises from whether employees have the authority to bind their employers by accepting Oracle’s licensing terms. Under general principles of agency law, employees typically do not have the authority to enter into contracts on behalf of their employer unless explicitly authorized. Companies could argue that Oracle’s reliance on click-through agreements to impose licensing obligations is invalid unless the employee had actual or apparent authority to act on behalf of the company in the IT context.

What Companies Can Do to Protect Themselves

Given Oracle’s aggressive tactics, companies should take proactive steps to mitigate risks:

Restrict Employee Downloads: Implement policies and technical controls to prevent employees from downloading software without prior approval. Centralized IT controls can help ensure that all software complies with licensing requirements.
Audit Existing Software: Conduct regular internal audits to identify any Oracle software that may have been downloaded and assess whether it is being used in compliance with licensing terms. We partner with technical consultants who can assist companies who decide to make this smart investment and embark on a self audit.
Educate Employees: Train employees on the risks of downloading software without approval, emphasizing the potential costs and legal consequences.
Block Access: Impose controls that would block access to oracle.com and java.com.
Challenge the Claim: If Oracle contacts your company with licensing demands, consider seeking legal advice to challenge all or a portion of the claims. Tactical Law has extensive experience advising companies with licensing disputes with Oracle over Java, and we have successfully negotiated multiple resolutions, which are usually much lower than the monetary penalties that Oracle was seeking to impose.

The Path Forward: Legal Remedies for Companies

Companies targeted by Oracle’s practices may consider legal action to challenge licensing demands. Potential claims may include:

Declaratory Judgment: Seeking a court ruling that no licensing obligation exists based on the specific facts of the case.
Unfair Competition Claims: Pursuing claims under California’s UCL for Oracle’s deceptive or unfair trade practices.
Copyright Misuse: Exploring whether the company may have a claim that Oracle is misusing its copyrights based on the deceptive practices.

Conclusion

Oracle’s monetary demands for the alleged non-compliance are no joke and can run into the millions of dollars. Oracle’s use of online agreements for “free” Java SE and VirtualBox software creates significant risks for companies that have employees who unwittingly download and use the software. For companies, the best defense is a combination of proactive measures and legal vigilance. By restricting employee downloads, auditing software use, and challenging Oracle’s claims when warranted, businesses can reduce their exposure to Oracle’s aggressive licensing practices.

Tactical Law assists companies that are contacted by Oracle about Java and Virtual Box non-compliance to resolve their licensing disputes with Oracle.

0 Comments

Oracle Blog

The Beat Goes On: Rimini Street Victorious at the Ninth Circuit as the Court Vacates and Remands Key Parts of the Case for Further Proceedings

How Oracle Uses Online Agreements for “Free Software” to Trap Companies into Paying Large Licensing Penalties: The Hidden Costs of Oracle Java SE and VirtualBox Software

By Tactical Law Attorneys and From Time to Time Their Guests

Authors

Archives

Categories

tactical law group llp

Oracle Blog

The Beat Goes On: Rimini Street Victorious at the Ninth Circuit as the Court Vacates and Remands Key Parts of the Case for Further Proceedings

How Oracle Uses Online Agreements for “Free Software” to Trap Companies into Paying Large Licensing Penalties: The Hidden Costs of Oracle Java SE and VirtualBox Software

By Tactical Law Attorneys and From Time to Time Their Guests​

Authors

Archives

Categories

tactical law group llp

By Tactical Law Attorneys and From Time to Time Their Guests