By Pam Fulmer
Judge Hicks granted in part and denied in part Oracle's motion for partial summary judgment on cross use and derivative works. Here Oracle sought partial summary judgment on its first cause of action, copyright infringement, on Rimini’s second affirmative defense (express license) and seventh affirmative defense (fair use), and on Rimini’s first cause of action for declaratory relief. In ruling on this motion, Judge Hicks focused on two specific clients of Oracle, Campbell Soup and City of Eugene, and their Peoplesoft software.
The court concluded that Oracle had established its prima facie case of copyright infringement as it relates to the Campbell Soup environment. According to the Court:
The court next examined whether Rimini had a valid express license defense as it related to making RAM copies of the Oracle software in order to provide support to Campbell Soup. Essentially Rimini as the third party support provider steps into the shoes of Campbell Soup the licensee. But one major requirement of the license is that the updates, fixes and modifications must be for Campbell Soup's "internal information processing". And that is where Rimini hung itself.
Rimini “prototyped” or developed its Patient Protection and Affordable Care Act (“PPACA”) Phase 1 update HCM104286 in Campbell Soup’s environment. But it turned out that Campbell Soup had rejected the update and didn't want to use it. So the court reasoned that if Campbell Soup didn't want the update it could not have been developed for Campbell's internal information processing, and Rimini's use was outside the scope of the license.
Accordingly the Court rejected Rimini's express license defense regarding making RAM copies in this environment.
Express License: Cross Use
The court next examined whether Rimini's use of the HCM104286 update developed in Campbell's development environment was improperly delivered to another Rimini client, Toll Brothers.
Although Rimini argued that the use of of the update created in the Campbell environment and used with another client was only at best a breach of contract and not a copyright infringement, the court rejected that argument. Instead the court found that “internal data processing operations” is a copyright-enforceable condition rather than a contractual covenant and was therefore a copyright infringement because it was outside of the scope of the license. Thus rather than being limited to contract damages, Oracle will be able to realize the full benefits of copyright law at trial.
City of Eugene
Express License: Derivative Works
Oracle argues that Rimini infringed on its exclusive right to create derivative works when
Rimini developed the PPACA Phase 3 update HCM104288. Oracle argued that not only was the individual update a derivative work, but the update as applied to City of Eugene’s environment was also a derivative work. Rimini contended that while the update combined with the development environment may have been a derivative work, the update itself was not and that the development and testing was expressly licensed.
The court rejected Rimini's argument finding that the update was a derivative work and that by using it in City of Eugene's environment as a prototype for other clients, Rimini committed a copyright infringement as the use did not relate to City of Eugene's internal data processing operations. The court expressly rejected Rimini's "know-how" argument.
The court further found that Rimini's cross use of the update developed in the City of Eugene environment also violated the prohibition in the license on no distribution or sale of modifications to the software.
The court again found the "no marketing or sale" provision was a condition and not a covenant making Rimini's use a copyright violation.
Finally, the court rejected Rimini's fair use defense. Weighing each of the four fair use factors, the court found that they were either neutral or weighed in favor of Oracle.
Tactical Law will provide further updates on the court's ruling as they become available.
By: Pam Fulmer
In a 94-page opinion, Nevada Federal District Court Judge Larry Hicks handed Oracle a huge win against arch rival Rimini Street. There are lots of interesting points in the Order that will continue to provide fodder for future blog posts, and I am not intending to cover everything here today. This post will focus on Oracle's "win" involving its cease & desist letter to Rimini barring Rimini from accessing the Oracle support website in order to download patches and updates on behalf of Oracle customers. But first we will describe what has been decided in the motion generally, before we focus in on the legality of Oracle's cease & desist letter.
Both Oracle and Rimini had brought cross-motions for partial summary judgment and the Judge sided with Oracle most of the time giving Oracle key wins on certain claims against Rimini and eliminating certain key Rimini defenses. Oracle filed 5 motions for partial summary judgment and Rimini filed two motions. Both of Rimini's motions were denied. Oracle won its first summary judgment on its cease & desist letter to Rimini outright, and the 4 other motions were both granted and denied in part. This litigation has been extremely hard fought. As the Judge pointed out in his Order, "[this is a massive lawsuit which follows a prior massive lawsuit. Over sixty attorneys have been admitted to represent the two sides in this case alone, approximately thirty for each side, and for the pending seven motions, the briefings exceed 2,800 pages and the supporting exhibits, declarations, and appendices exceed 43,000 pages." It is easy to understand why the motions have been submitted and pending for some time given the scope of what the Judge needed to consider to rule on the motions.
The Judge frames the central issue in the case as follows:
Another key issue in the case concerns a cease & desist letter that Oracle sent to Rimini demanding that Rimini stop downloading updates and patches on behalf of fully licensed Rimini customers. Here is what the Judge had to say on this point:
The court relied on this language and the Facebook case to rule that permission by the Oracle licensee alone was not sufficient to guarantee Rimini's ability to access Oracle's support website. Rimini must also have Oracle's permission for access.
The court also granted Oracle summary judgment on Rimini's claim for intentional interference with contractual relations, but only as it relates to Oracle's cease & desist letter denying access to the Oracle support website. Oracle did not move for summary judgment on Rimini's request for declaratory relief that Oracle interfered with contractual relations by (1) making misrepresentations to Oracle customers that Rimini was acting illegally providing the support in order to try to strong arm the customer into returning to Oracle; and (2) using selective audits to harass Oracle customers who moved their support requirements to Rimini. Those claims for declaratory relief are still alive and have not been adjudicated.
Essentially the Court found that Oracle had an absolute right to deny Rimini access to the support site and thus could not be liable for intentionally interfering with Rimini's contractual relations with its customers.
The court also granted summary judgment on Rimini's Section 17200 claims as they relate to the cease & desist letter under both the unfair and unlawful prongs. Thus that claim is now gone.
Tactical Law will continue to parse this very interesting opinion. Check back for further updates.
Oracle Customers Beware of Potential Legal Risks of Financing ERP Deals Through Oracle Credit Corporation
Readers of our blog know that we are following a very interesting case in San Francisco Superior Court where Barrett Business Services, Inc. (“BBSI”) has sued Oracle for fraud, breach of contract and related claims arising out of a failed ERP installation. One aspect of the case that we have really not blogged on concerns the side litigation involving Key Equipment Finance (“KEF”), arising out of the financing of the ERP deal. Although KEF first brought its Complaint in federal court in Washington, the court there granted BBSI’s motion to dismiss on forum non conveniens grounds and KEF refiled in the San Francisco action involving BBSI and Oracle. When BBSI cross-complained saying that it should not need to pay OCC and its assignee KEF on the financing contract due to Oracle’s fraud and failure to perform, KEF attacked BBSI’s cross-complaint by filing a demurrer (similar to a motion to dismiss in federal court). KEF essentially claimed that as a holder in due course of the assignment, under California law "come hell or high water" BBSI would still need to pay the debt. Last week Judge Ulmer of San Francisco Superior Court overruled the demurrer saying that KEF’s status as a holder in due course under California law is a question of fact that could not be decided on demurrer. According to Judge Ulmer’s Order:
The dispute between KEF and BBSI arose as follows. The ERP contract between BBSI and Oracle was originally financed through an Oracle subsidiary called Oracle Credit Corporation (“OCC”). Sometime after OCC agreed to finance the ERP installation, OCC assigned its rights to receive payment to Key Equipment Finance (“KEF”). Eventually BBSI ceased paying on the financing deal when Oracle failed to deliver the functioning system on time and at the price that it had promised, and KEF brought suit against BBSI to collect the debt arguing that as a holder in due course, BBSI had no right to discontinue payments under the financing contract, even though Oracle did not meet its obligations under the ERP contract. According to KEF’s Complaint:
“Rather than paying out-of-pocket, BBSI opted to finance the purchase of the Oracle America software through a contemporaneous, but separately contracted, payment plan offered by Oracle Credit (the “Payment Plan Agreement” and “Payment Schedule”). As noted in the Ordering Document at Paragraph 18, BBSI was not obliged to sign the Payment Plan Agreement and Payment Schedule; but if it did, the payment terms of the Payment Plan Agreement and Payment Schedule would control. In turn, long before any dispute arose between BBSI and Oracle America, in April 2018, Oracle Credit assigned its rights to the Payment Plan Agreement and Payment Schedule to KEF. The Payment Plan Agreement and Payment Schedule are governed by California law.”
OCC’s assignment of its rights to KEF was not unusual, and OCC seems to be assigning quite a few of these financing deals to third party banking entities. In fact, we have noticed several other assignees of OCC bringing suit recently to collect payments relating to similar financing contracts put together by Oracle and its financing arm, OCC, relating to other Oracle ERP customers. These include several recent suits brought by Banc of America Leasing here in the Bay Area, where we expect that Oracle customers will make similar arguments claiming that they should not have to continue to pay where Oracle either failed to deliver or fraudulently induced the customer into entering into the ERP contract.
Oracle customers who have financed Oracle ERP or other software purchases including Oracle cloud through Oracle’s OCC subsidiary should take note. BBSI’s opposition to KEF’s demurrer does not paint a pretty picture of what Oracle was up to.
“Oracle sought to insulate itself from liability for its misrepresentations through onerous contractual provisions heavily weighted in its favor and then to sever BBSI’s monetary obligations from Oracle’s performance by causing Oracle Credit to assign the subscription agreement to KEF on April 20, 2018.
It was not until June 2018, after Oracle had firmly locked BBSI into a multi-year, multi- million subscription agreement for the HCM Cloud and an implementation agreement with Cognizant, that it was finally disclosed to BBSI that the HCM Cloud was actually riddled with massive design, functionality, interface, integration and performance gaps; that in order to bridge these yawning gaps, customization and implementation would cost $33 million instead of the $5.41 million quoted and that it would take not 1 year but over 2 years to do so.”
Similarly Judge Leighton of the Western District of Washington where KEF had originally filed suit also appeared to recognize the inequities inherent in the Oracle financing deal. In fact in his Order dismissing KEF’s complaint on forum non conveniens grounds, Judge Leighton noted that the arrangement most likely failed for lack of consideration. According to the court:
“[t]his clever arrangement seems designed to subdivide the payment and performance aspects of Oracle’s agreement with Barrett into different contracts, thus ensuring payment even if Oracle fails to deliver the promised services. The result is a disturbingly imbalanced transaction that preserves OCC’s ability to terminate Barrett’s rights to the cloud services if it fails to pay but denies Barrett the same opportunity to avoid payment if Oracle breaches. Unfortunately for Oracle, such an arrangement would likely be illusory or lacking in consideration. See 1 WILLISTON ON CONTRACTS § 4:27 (4th ed.) (contracts are illusory where one party can decide for themselves the nature and extent of performance).” Key Equipment Finance v. Barrett Business Services, Inc., NO. 3:19-cv-05122-RBL, 2019 WL 2491893, (W.D of Washington June 14 2019).”
We were pleased to see that BBSI’s cross-complaint against KEF will go forward, and at least so far Oracle’s “clever arrangement” designed to guarantee payment even where it failed to deliver what it promised, may yet be reviewed by a court.
We will continue to monitor the case, which is Barrett Business Services, Inc. v. Oracle America, Inc. and Cognizant, San Francisco Superior Court, CGC-19-572474 and related cross-claims.
Thryv, Inc. Hits Micro Focus With Texas DJ and Breach of Contract Action over ULA Type Certification
By Pam Fulmer
Those readers who follow the software industry and our blog know that Micro Focus has areputation for its brass knuckles audit tactics deployed against its customers to increase revenues. On a new twist to the Micro Focus audit playbook, Plaintiff Thryv, Inc. ("Thryv") alleges in a new suit that Micro Focus has breached the parties' license agreement and seeks a declaration from the Texas court that it owns certain perpetual licenses arising out of an unlimited license agreement certification process. According to the Complaint Thryv seeks a declaratory judgement "finding that Micro Focus has conveyed perpetual licenses to Thryv under the Agreement consistent with the certification it provided in July 2016, and that Thryv has no further payment obligations under the Agreement." Oracle customers certifying off Unlimited License Agreements ("ULA") may also find this case instructive.
Thryv is a "print and digital marketing company that delivers cloud-based business
software on a subscription basis as well as a host of marketing products to over 400,000 small businesses in the United States." Thryv contends that in late 2014 it "requested a proposal from Micro Focus to supply software for a specific project known as kGen/Monarch." Not knowing the exact configurations for the system, Micro Focus "proposed a "Volume License Addendum (“VLA”), whereby Thryv would be licensed to deploy and use an unlimited amount of specific types of Micro Focus software for a specified period of time." The parties agreed that at the end of the time frame "Thryv was to certify the deployment of the software and Micro Focus would then grant a perpetual license for the actual quantities of software deployed at that time (the “Certification Date”)."
Thryv contends that as the Certification Date approached, and as the contract was vague as to what information would be required, it requested a certification template from Micro Focus. After some delays Micro Focus provided such a template. Thryv claims that "the template was vague and requested information that was not required by the Agreement," and that "Micro Focus did not provide any other information to Thryv on how to complete the certification." The request for information not required by the Agreement is something we see frequently in Oracle ULA certifications. According to the Complaint, "Thryv timely and accurately listed all user counts and core counts that were deployed as of the Certification Date and provided the required certification under the Agreement to Micro Focus. Micro Focus acknowledged receipt of the certification document and indicated in writing that it would contact Thryv when the certification had been reviewed, if it had any questions. Micro Focus did not verify the certification as required by the Agreement. In fact, Micro Focus never contacted Thryv regarding the certification." Thryv alleges that under the Agreement the number of core and user counts specified by Thryv "as of the Certification Date became the maximum entitlement under the perpetual license going forward." Again this is very similar to an Oracle ULA certification.
Thryv contends that in November of 2018, over two years after it completed the certification form, Micro Focus commenced an audit. The Complaint alleges that only In mid-2020, nearly eighteen months after the audit began, "Micro Focus for the first time provided documentation indicating that it had not granted license entitlements for all items listed in the certification." Now Micro Focus claims that it disagrees with Thryv's interpretation of the certification requirements under the contract with Thryv's claimed license entitlement, and that Thryv owes it millions of dollars in licensing fees and back support. Specifically Thryv seeks a "declaratory judgment finding that Micro Focus has conveyed perpetual licenses to Thryv under the Agreement consistent with the certification Thryv provided in July 2016, and that Thryv has no further payment obligations under the Agreement." Thryv also seeks damages of between $200,000 to $1 million, dollars and the recovery of its attorneys' fees pursuant to the license agreement and Texas law.
Certainly a bad fact for Micro Focus is that it never responded to the Certification and apparently gave no indication to Thryv that it did not agree with the user and core count that Thryv had provided, and did not follow-up with any questions concerning the certification. Thryv will no doubt argue that Micro Focus is estopped from changing position now and that it has an express or at least an implied license to use the software given the conduct of Micro Focus.
This is a cautionary tale that American businesses using enterprise software should take note of. Customers certifying off unlimited license agreements involving Oracle, Micro Focus or other software vendors should consider retaining experienced legal counsel to advise them on what the contract requires, and potential risks and how to mitigate those risks involved in the certification process.
Tactical Law will be monitoring the case for further developments. Check our blog for periodic updates about the case. The case is Thryv, Inc. Vs. Micro Focus (Us), Inc., TX District & County - Tarrant District (141st District Court), Case No. 141-319074.
By Pam Fulmer
Recently Rimini filed its opposition to Oracle’s motion for an order to show cause why Rimini should not be held in contempt in the Rimini I litigation. Many of the legal arguments made by Rimini have already been previewed in the briefing on the various motions for summary judgment pending before the court in Rimini II. Below are some observations of some of the key arguments for those following the litigation and this blog.
Rimini claims that it does not host any Oracle software itself but instead accesses the software only from siloed, client hosted and client specific environments. Our readers may remember that the Nevada federal court and the Ninth Circuit took issue with Rimini’s legacy support model (Process 1.0), in which Rimini locally hosted its clients’ software environments on its own systems and used generic development environments to create updates. Rimini contends that under Process 2.0 no copying of Oracle code happens outside of the client’s siloed and specific environments and the client’s Oracle license allows such copying for that client. As a result, Rimini asserts that there is no violation of the injunction in its completely new and redesigned process. As for any objection that the code is copied into RAM, any RAM copies created are not copyright infringement as they are made in the client’s environment, which is fully licensed.
Rimini also asserts that the Process 2.0 was not actually litigated in Rimini I. Rimini argues that where a redesigned process is more than colorably different from that previously adjudicated process, adjudication of that new process in a summary contempt proceeding, which is what Oracle is trying to do, is not appropriate or constitutional. In fact, Rimini filed the Rimini II litigation for the purpose of getting a declaration from the court that its process is legitimate and does not constitute copyright infringement.
Another interesting Oracle argument is that Rimini can’t cross-use what it learns in one customer’s environment to solve a problem in another customer’s environment. Rimini argues that the conduct now accused by Oracle is the re-use of Rimini’s “know-how”, including Rimini work product not containing any Oracle code, gained by performing work for Client A to perform similar work for Client B. Rimini argues that this is not copyright infringement, but Rimini’s own knowledge that cannot be controlled by Oracle. In a heavily redacted Declaration, Rimini’s expert Professor Owen Astrachan has this to say:
Rimini also argues that Oracle’s copyrights have not been infringed as Rimini has not created a derivative work, which would require that Rimini “substantially incorporate protected material from the preexisting work.” That in turn requires that the new work be “substantially similar” to the protected work, requiring a substantial similarity analysis, including analytic dissection, which Rimini argues Oracle has not done. Rimini argues that it is irrelevant that the Rimini file, when later sent to and incorporated into a client’s PeopleSoft environment, causes that modified environment as a whole to become a derivative work (which is licensed and compliant with the injunction) because that does not make the stand-alone file (i.e., something 100% Rimini-created) a derivative work.
Another interesting issue in the litigation that Rimini argues was not litigated and decided in Rimini I involves the issue of cloud hosting. In Rimini I the injunction prohibited Rimini from reproducing, creating derivative works of, or using PeopleSoft software or documentation on, to or from “any computer systems other than a specific licensee’s own computer systems”. This requirement is a creature of the PeopleSoft license and not one of the exclusive rights granted by the Copyright Act. Rimini contends that the client’s cloud account where the software is hosted by Windstream is under the control of the client and thus is compliant with the requirements of the PeopleSoft license, which require the software to be hosted on the client’s “computer systems”. Rimini disputes that the physical hardware in the cloud environment needs to be owned by the client to be part of the client’s “computer systems”, and instead argues that the dispositive issue is control over the virtual environment and not ownership of the physical hardware.
Finally, Rimini argues that it has not violated the part of the injunction prohibiting distribution. For every single file that Oracle alleges Rimini “distributed,” Rimini argues that Oracle does not even contend, let alone prove, that the file contains Oracle code or is substantially similar to an Oracle copyrighted work. Rimini also argues that Oracle software has not been distributed as distribution under the Copyright Act requires proof of several elements, including that the work “changed hands” and that it was disseminated “to the public”, which Rimini claims is not the case here.
Tactical Law will continue to monitor the case. Check back here periodically for updates.
Oracle Hits Rimini With Order to Show Cause Why Rimini Shouldn't Be Held in Contempt For Violating the Injunction
On July 10, 2020, Oracle filed a Motion For an Order To Show Cause Why Rimini Should Not Be Held in Contempt for allegedly violating the Rimini I injunction. Oracle contends that Rimini has violated multiple provisions of the injunction involving its provision of fixes and updates for Oracle's PeopleSoft, J.D. Edwards and Database software products. Oracle contends that Rimini has "cross-used" Oracle software from one customer environment to support another customer in violation of the injunction. Likewise Oracle contends that Rimini has violated the injunction by preparing derivative works in violation of the Nevada court's order. Oracle seeks to bar Rimini from providing further support for its PeopleSoft and J.D. Edwards software product lines. In addition to a bar order, Oracle seeks to impound Rimini's "infringing copies and computer systems". Alternatively if the court declines to impound Rimini's copies and computer systems, then Oracle requests that such copies and systems be put in third party escrow. Oracle customers supported by Rimini may want to keep an eye on the progress of the litigation, and whether Oracle prevails in its motion. Rimini's response to Oracle's motion is due on July 31, 2020, and we will be watching for it.
Although Rimini has not yet filed its Opposition much of what it may say is previewed in various briefs filed in opposition to or in support of summary judgment in the Rimini II litigation. However, so much is redacted from those briefs that it is difficult to follow all of the issues and Rimini's factual assertions.
THIRD PARTY HOSTING
Rimini has opposed Oracle's Motion for Summary Judgment on Rimini's Migration and Windstream Hosting. In Rimini I the court ruled that Rimini could not host its customers' software on its own premises. In order to comply with the Court's ruling, Rimini contends that it moved certain PeopleSoft customer environments out of its own facilities and to third party hosts or clouds, and one of these is Windstream. Oracle contends that the mere act of copying the software to move it to these third party hosting sites was a copyright infringement. Rimini contends it was a fair use to comply with the Court's Order.
Now Oracle also appears to be alleging that for customers with facilities restrictions in their licenses, these customer environments cannot be moved to the cloud or hosted offsite, unless the customer has a physical ownership interest in the building where the software is hosted or owns the computer systems. Rimini claims that this is nonsense, and instead the issue is not who owns the building or computer systems but who exercises control over the software. This seems right to us. According to Rimini:
We look forward to seeing Rimini further flesh out its arguments in its upcoming brief.
Oracle contends that Rimini continues to use the IT environments of a small subset of Rimini customers' to create PeopleSoft updates ("prototype" environment) and then copies the updates into the environments of its other customers ("retrofit" environment). Oracle calls this cross-use and claims it violates the injunction. Rimini pushes back against Oracle's assertions and argues that "cross-use" is not an industry term.
Rimini contends that it now has separate development and QA environments for all clients, which is very different from what the Court found Rimini was doing in Rimini I. According to Rimini:
Although Rimini claims that the facts are different here, the explanation for what is different is redacted, making it hard to assess Rimini's contentions.
Rimini will also likely argue in opposing the Order to Show Cause, that there is no copyright infringement because every Rimini client has a license. And of course, license is a defense to a claim of copyright infringement.
Rimini also argues that contrary to Oracle's assertions it is not creating a derivative work. Citing the Micro Star and Galoob cases, Rimini argues that to constitute a derivative work in the software context, a "work must substantially incorporate protected material from the pre-existing work". Rimini denies that it does so, and expressly claims that the work that Oracle takes issue with is actually Rimini's own work, and does not contain any Oracle code or expression.
To the extent this work product does not contain any Oracle protected expression, Rimini argues that its own work product does not constitute a derivative work.
We look forward to reviewing Rimini's upcoming opposition brief to Oracle's motion. Check back here for future updates about the hotly contested litigation.
Oracle is not the only software company accused of using predatory audit tactics to drive sales of its software products. In 2013 an IBM employee named Paul A. Cimino filed a whistleblower suit under the False Claims Act alleging that IBM used an audit of its customer the Internal Revenue Service ("IRS") to fabricate alleged areas of non-compliance. In 2018 the Complaint was unsealed, and IBM moved quickly to dismiss the Complaint. Unfortunately, the District Court bought IBM's argument that the Complaint did not adequately plead fraud in the inducement, and dismissed the lawsuit. Mr. Cimino appealed to the D.C. Circuit Court of Appeals and the appeal appears to now be fully briefed. I am rooting for Mr. Cimino and his lawyers and truly hope that this injustice can be rectified, if the facts as pleaded are true. Until software companies using predatory and unfair audit tactics to drive software sales are held to account in a court of law, the bad behavior will only get worse.
The facts alleged in the Complaint about IBM's conduct are appalling. According to the Complaint:
Each day we see cases where software companies vastly inflate audit findings in a transparent attempt to obtain leverage over their customers, and force a large software purchase. There are strategies that can be employed before and during the audit to mitigate the risk of such excessive findings. Unfortunately many companies are "penny wise and pound foolish" and don't seek professional help before or during the audit, but instead wait till the issuance of the final audit report. This is a mistake.
Enterprise software customers really need to be proactive in managing their licenses well before the audit notice arrives. And do not let software companies use the audit as a tool to force your company to give up older and perhaps more favorable licenses. In our experience, enterprise software companies sometimes use audits to try to push their customers to migrate from older, more favorable licenses to ones that are better for the licensor. Companies buy perpetual licenses for a reason and should be skeptical of software vendors using inflated audit findings to force a customer to give up valuable contractual rights.
If a software company tells you that they are going to conduct a friendly audit to right size your IT footprint and to optimize your licenses, this should be an immediate red flag. Enterprise software companies are not out to help you, but only to sell more software. Plaintiff here alleges that IBM tried this very trick with the IRS. The IRS also made the mistake of telling IBM too much about its future plans, including that the IRS planned to move off IBM. According to the Complaint, IBM then used this knowledge against the IRS to force it into a new and more expensive contract.
Sometimes software vendors will hire third parties to conduct the audit. And that is what apparently happened here, with IBM hiring Deloitte as the auditor. Oracle on the other hand usually likes to conduct its own audits, through its License Management Services ("LMS") Group.
Before the audit is commenced, the licensee should hammer out the scope of the audit and set some ground rules. Be proactive, take control and most importantly, stand strong. Software vendors do not like squeaky wheels, and prefer easy targets. The more you push back and the harder you make it for the software company, the less likely the software vendor will be to target you in the future.
The Cimino Complaint alleges that the initial audit results found very little in terms of non-compliance. Plaintiff then alleges that IBM "suppressed" these results and "began to look for ways to artificially inflate them". Remember this is an IBM employee who worked on the software deal with the IRS who is making these allegations. According to the Complaint:
We also have observed software companies employing similar tactics during audits. In fact, it is our opinion that this is why Oracle usually comes up with a huge shock number in its Final Audit Report. Oracle does not quantify the shock number in the Final Report but just identifies the number of licenses Oracle claims the customer is under licensed. Oracle leaves it to the licensee to "do the math". In our opinion, this is all part of the Oracle playbook to create leverage for the follow-up by the Oracle Sales Team, which works hand in hand with the Oracle auditors.
The Complaint alleges that in order to avoid paying these penalties, the IRS agreed to enter into a new five-year deal with IBM, at a total cost to the government of $265 million. As a taxpayer and citizen this should be offensive to everyone, if true.
Cimino asserts that the IRS agreed to a new deal with IBM in order to get out from under the audit penalties and the fraudulent audit findings. We see this all the time in our practice. Enterprise software customers will enter into new deals with the software vendor to get out from under the huge "shock and awe" compliance gap. How about an Oracle ULA, anyone? In fact, technical consultants in the industry see the same fact pattern so often that they write extensively about it. Not just private companies fall for this trap. Municipalities and other government agencies also are extremely vulnerable to such tactics.
But in dismissing Cimino's Complaint, the Judge did not find it credible that the IRS would enter into a new and more expensive contract with IBM just to get out from under the audit penalties. Unfortunately the district court judge doesn't understand how these software companies work their customers over during audits. The entire process is designed to strike fear and uncertainty in the hearts of the software customer, and to rush the company into a quick sale to resolve the audit. Also by entering into the new contract with IBM in exchange for having the audit penalties waived, IRS management could basically bury the alleged non-compliance from public view. The penalties would be waived and the IRS would simply be entering into a new enterprise agreement. In other words, nothing to see here and the responsible parties within the IRS would not need to explain to others higher up in the organization or in the federal government why they were allegedly non-compliant. Who in IRS management could predict that an honest employee within the IBM organization itself would be so troubled by the predatory audit practices that he would blow the whistle and file a False Claims Act lawsuit against his employer IBM?
According to the Court, Relator (Cimino) failed to plead causation and to show that the fraudulent audit findings was what induced the IRS to enter into the new contract. As a result, the Court dismissed the Complaint:
Well Judge, you may not believe it, but I do. I think that the Court is wrong here. The Complaint pleads that it was the fraudulent audit findings and the desire to get out from under the audit findings and related penalties that drove the IRS to enter into the new contract. The IRS believed that it was non-compliant in reliance on what IBM and Deloitte were telling them. This is pled clearly in the Complaint. The government in its brief agrees:
In my view, this extremely important whistleblower suit should never have been dismissed at the pleading stage. Cimino should be given the opportunity to take discovery and go forward with his case. Cimino's brief says it best here:
Victims do not always admit they have been defrauded. That rings so true. Give Mr. Cimino his day in court and the chance to prove up his case.
Whether you are a Fortune 500 company or a municipality or governmental entity, you can be a victim of predatory audit practices by aggressive software vendors. We help companies and governmental agencies to fight back against such tactics.
The case is Paul A. Cimino v. International Business Machines Corporation, case number 1:13-cv-00907, in the U.S. District Court for the District of Columbia. Tactical Law will continue to monitor the case. Check our blog for further developments.
By Pam Fulmer
Tactical Law has defended companies being audited by Quest Software, Inc. ("Quest") and has thus far resolved the audits without the necessity of filing litigation. However, we read with interest a recent lawsuit filed by a long time Quest customer alleging that Quest acted in bad faith and engaged in predatory audit tactics during the course of the audit.
Fairview Health Services ("Fairview"), a Minnesota non-profit academic health system hit Quest this week with a declaratory judgment action in federal district court in Minnesota. Sadly, the tale told by Fairview in the Complaint is a familiar one. At the end of 2019 Fairview notified Quest that it was terminating its annual maintenance and support. Almost immediately Quest issued a notice seeking to audit Fairview's use of Quest's Active Roles software. Only two months after Fairview gave notice that it was canceling maintenance and support, Quest produced a "Reconciliation Summary", which purported to find an over deployment of 69,064 licenses above the more than 38,000 license Fairview had purchased from Quest." Quest "claimed Fairview owed a total of $4,183,178.85 in license and "over-deployment fees".
Quest Accused of Bad Faith and Predatory Audit Tactics
Fairview makes some interesting observations on information and belief about Quest's motives, which Quest customers would do well to keep in mind when dealing with Quest. This is not the same company that licensees may have contracted with in the early 2000s, but instead the company has undergone multiple changes in ownership. According to the Complaint:
With almost every change in ownership the governing law of the Quest license agreement seemed to change. We have seen public filings with Quest agreements designating California, Washington and Texas as the governing law. Also, with every new iteration of the license agreement, the terms became more favorable for Quest and less favorable for the licensee. Rather than call these changes out specifically to the customer and request a modification to the contract, Quest appears to have embarked on a sneaky strategy of incorporating major changes in clickwrap agreements, which accompanied their software updates. A big question for the court will be whether these clickwrap agreements somehow superceded or amended the original license agreement, and constituted fair notice to the licensee of major changes to the agreement and a writing signed by duly authorized representatives of both parties. Quest will claim yes, and Fairview will fight that interpretation. Tactical Law has similarly pushed back against such assertions by Quest on behalf of Quest audit customers.
Fairview disputes Quest’s contentions about what constitutes the governing contract and how it can be modified. Fairview points out that the governing agreement is the one it purchased the subject perpetual licenses under, which contains a provision requiring any amendment to be in a writing signed by both parties. This will be a hotly contested issue in the ensuing litigation. Cases involving courts interpreting consent to arbitration agreements may prove instructive.
Fairview asserts that the provisions of the 2004 SLA define software as including "corrections, enhancements, and upgrades to the Software" made pursuant to the Maintenance & Other Services Clause.
Yet Quest has taken the position that when Fairview clicked on the clickwrap agreement accompanying the software updates that somehow changed the governing agreement. In other words, Quest appears to be claiming that it could make major changes to the governing agreement without reasonable notice and without providing the licensee with additional consideration. And Quest is contending that the clickwrap agreement is a writing signed by authorized representatives of both parties.
Allegations of Invasive Audit Tools
Fairview accuses Quest of deploying tools during the audit that impermissibly seek information about Fairview's IT system, which go beyond Fairview's use of the Quest software. According to the Complaint:
This should sound very familiar to Oracle customers who have been targeted with Oracle's prospective licensing assertions involving VMware and the "installed and/or running" language of the processor definition. According to Fairview, Quest's tools sought information about potential interactions with the software but declined to collect data that would show whether those accounts had actually used or interacted with the software. Although we have been informed by technical experts that Quest like Oracle could use tooling capable of detecting where the software has actually been used, Quest and Oracle appear to have no interest in doing so. The reason is apparent. Taking the position that they are entitled to licensing fees for all servers or accounts that might access the software results in the vastly inflated over-deployment numbers about which Fairview complains. These inflated findings are then used as "shock numbers" to create FUD ("fear, uncertainty and doubt") in the heart of the licensee, which can then be used to sell more software and perhaps used as leverage to keep the customer from canceling support. According to the Complaint:
We are of the same opinion about the motivations of software vendors who may use such invasive tools while ignoring data that shows non-use. And it is important that Quest customers realize these overreaches and protect themselves from them during the course of an audit. Licensees should resist turning over confidential information unless it relates to the use of that vendor's software, and the licensor has provided a satisfactory explanation of why they require the information to conduct the audit. Assertions that the vendor always asks for it are irrelevant and do not pass muster. Do not be afraid to probe and question the software company or their auditors as to the relevance of the requested information. And don't let the auditors provide their answers orally. Make them commit in writing, so you have a strong record in the event a dispute arises and you end up in court. A strong record will also help you with negotiating a favorable settlement directly with the licensor. Demand that the auditor specifically identify what provision in the contract entitles them to the requested information. And whatever you do, don't fall for Oracle or Quest relying on policy documents that are not part of the contract as justifications for the request.
The Audit Clause
The language of the 2004 SLA contains an audit clause, which provides that Quest may ask that Fairview verify no more frequently than annually its usage of the software by furnishing a document signed by the Licensee's authorized representative verifying software usage. In addition to demanding the verification, Quest has the right to review Fairview's deployment and use of the software for compliance. The entire clause is focused on current usage and not what may be used in the future. According to the Complaint:
During the course of the Fairview audit, Quest did not request the written verification but instead went right to using its tools to scope out Fairview's IT system. Tools that Fairview contends do not measure actual usage, but instead collect data on how many accounts could potentially access the software in the future. Use of such tools by software auditors should be red flags for the licensee. Ask the auditors exactly what information the tools are collecting and seek to pin the auditors down on what they are seeking and why they are entitled to the information. Misrepresentations about what information the auditor is collecting may be used against the licensor in the event a dispute arises. Again, insist that the auditors provide their answers in writing. Finally, we recommend retaining qualified outside counsel who have the technical experts in place to review the data output prior to sending to the auditors.
Fairview complains that Quest also seeks to take advantage of a phrase "managed by" the software, which is ambiguous and not defined in the contract. Fairview argues that to manage the software at least means that the account must interact with the software in some manner. Fairview should take the position that any ambiguity should be interpreted against Quest the drafter.
When going up against software companies such as Quest and Oracle, it is highly advisable to retain qualified outside counsel familiar with software audits to push back aggressively on any attempted overreaches. Licensees who believe that providing all the information requested by software companies will result in lower over-deployment numbers are in for a rude awakening. Be smart and do not be afraid to stand on your contractual rights.
The case is Fairview Health Services v. Quest Software Inc., Case Number 0:20-CV-01326, venued in the District of Minnesota. Tactical Law will continue to monitor the litigation. Please check back for periodic updates.
By Pam Fulmer
Oracle America, Inc. and Oracle International Corporation (collectively “Oracle”) recently sued health information technology solutions company, Perry Johnson & Associates, Inc. (“PJA”) for copyright infringement in the Northern District of California. Oracle contends that PJA has infringed Oracle’s copyrights on, among other things, its Enterprise Edition Database (“EED”) and Real Application Cluster (“RAC”) software. Specifically, Oracle alleges that PJA provided hosting services to third parties without a license from Oracle for Oracle Database. Oracle also contends that “PJA’s software architecture – including the number of sockets – exceeds the scope of any license that PJA may have". In addition to damages of over $3.2 million in unpaid licensing and support fees, Oracle is seeking injunctive relief, impounding of unlicensed copies of the software, an accounting, statutory damages, attorneys’ fees and interest. Oracle also seeks enhanced damages claiming that PJA’s infringement was willful.
The case involves a type of Oracle license known as an embedded software license. According to Oracle:
Interestingly enough, Oracle has not sued Arrendale Associates, Inc. (“Arrendale”) but pleads on information and belief that Arrendale has complied with its own license obligations to Oracle. Otherwise Arrendale might also be a target of Oracle’s lawsuit. According to the Complaint:
It appears that Oracle contacted PJA directly to attempt to ascertain how PJA was using the Arrendale software. It is unclear from the Complaint if these actions were taken pursuant to a formal Oracle audit of Arrendale or of Arrendale’s customer. Oracle may have asked Arrendale to audit its customer PJA or requested that Arrendale assign its audit rights to Oracle. Oracle embedded license agreements publicly available online do provide for audits of Oracle customers, and also contain provisions whereby Oracle may request assignment of its customers’ rights to audit the ultimate end-user. We just don’t know based on the facts as pled in the Complaint. But it is interesting that Oracle makes no mention of any audit. Could it be that with the Sunrise Firefighters Motion to Dismiss still pending, Oracle wants to ensure that no public filings raise any issues that could negatively impact the legal positions Oracle is asserting in that litigation with regard to how it audits it customers or end-users? The Complaint continues without providing details around any audit, almost as if PJA voluntarily provided information to Oracle:
Oracle has targeted PJA for the alleged unlicensed hosting. Tactical Law has noticed an uptick in the number of hosting issues that it is seeing Oracle raise in software audits of Oracle customers, and this trend is something we are watching.
Oracle may also be asserting some type of claim relating to PJA’s use of VMware. According to the Complaint:
If VMware is involved, PJA may want to aggressively pursue discovery from Oracle regarding Oracle’s stance on VMware in software audits, which often is a key factor leading to Oracle’s initial “shock and awe” number in its audit findings. It could also be relevant to any unclean hands defense against Oracle.
The case had initially been assigned to Magistrate Judge Sallie Kim, but on May 12, 2020 Oracle filed a pleading declining to have the case heard by a Magistrate Judge. The case was reassigned to Judge Chesney who has now recused herself from the case. Counsel for PJA recently made an appearance, and the case is in the process of being assigned to a new Article III Judge.
Tactical Law will continue to monitor the litigation and will report back with periodic updates. The case is Oracle America, Inc. et. al. vs. Perry Johnson & Associates Inc. (Northern District of California Case Number 3:20cv 2984).
By Anne-Marie Eileraas
Companies based outside California may be reluctant to accept California as the governing law for their contracts. While some companies base their view on first-hand experiences, others cite media reports and surveys placing California in the bottom ranks of states’ legal and regulatory environments. For example, in late 2019, the U.S. Chamber Institute for Legal Reform published results of its latest survey of how participating U.S. business executives view the states’ legal environments, specifically regarding litigation and liability. California, along with Illinois and several southeastern states, fell in the bottom 10 states.
Whatever one’s view of such surveys, what’s clear is that polls tend to home in on a narrow range of issues: the perceived fairness of consumer/class action litigation and “hometown” jury verdicts. They don’t shed much light on the typical economic issues that arise in business-to-business contracts. Is California substantive law unfavorable for companies who contract under it?
Part 1 of this blog post will touch on California legal issues relevant to business contracts; more specifically, technology agreements for services, XaaS/cloud agreements, and software licenses. (This article does not address agreements with individuals, such as for personal or consulting services, which are subject to very different considerations under California law.) Part 2, coming soon, will discuss California venue for business litigation.
Choice-of-law clauses under California law
If a contract properly specifies California governing law and venue, most likely a court will enforce it. There is a strong policy favoring enforcement of contractual choice-of-law provisions in California. Many California-based companies, such as Oracle, Cisco, VMWare, and Palo Alto Networks, routinely use California choice of law provisions in their contracts.
In California, the court (not a jury) decides issues of contract interpretation and the application of contract defenses, such as force majeure. That may be of comfort to contracting parties, since pretrial jury waivers are unlawful in California. California courts strive to give effect to the mutual intent of the parties at the time of contracting. However, if the language of a contract is ambiguous in light of all the circumstances, a court will consider extrinsic evidence relevant to prove a particular meaning.
Legal issues that may favor customers
Not surprisingly given courts’ latitude to interpret contracts, California contracts law has pros and cons for companies purchasing software or services, and the following issues under California law, on balance, could be helpful and protective of their interests.
• Good faith and “best efforts” in California contracts
Under California law, an implied covenant of good faith and fair dealing protects the express promises in a contract and prevents one party from exercising its discretion to deny the other party the benefits of the contract. Unlike in some states, the implied covenant is not absolute; California permits parties to contract out of it with express provisions, such as a right to terminate in a party’s sole discretion.
The implied good-faith covenant can be helpful to customers in scenarios where, as a practical matter, some terms cannot be finalized until a future time, when the contract is in effect. While an “agreement to agree” is not enforceable, an agreement to negotiate in good faith can be enforced and can permit a party to recover damages.
Also helpful to a customer of technology services, California courts interpret “efforts” clauses to require more of a party than just acting good faith. A provider contracting to use its “best efforts” to perform a service must use the diligence that a reasonable person would exercise under the circumstances. It’s not enough for a vendor to say “I tried…”
• Availability of damages and failure of exclusive remedies
A well-drafted liquidated damages clause can reduce uncertainty of remedies if the other party does not perform. Liquidated damages clauses are presumed valid in California, with the burden of proof on the party seeking to invalidate a clause to show that it was unreasonable under the circumstances existing at the time of the contract.
California law protects an aggrieved party’s right to get a fair remedy when the other party breaches a contract, despite language in the contract excluding or limiting recovery. California Commercial Code §2719 provides, “Where circumstances cause an exclusive or limited remedy to fail of its essential purpose, remedy may be had as provided in this code.” The commentary to §2719 notes “it is of the very essence of a sales contract that at least minimum adequate remedies be available. If the parties intend to conclude a contract for sale within this Article they must accept the legal consequence that there must be at least a fair quantum of remedy for breach of the obligations or duties outlined in the contract.”
Note the commercial code applies to sales of goods, which can include software under a case-by-case analysis of whether the essence of the transaction is for goods or services. The commercial code provides for specified remedies, but courts have also relied on it to invalidate exclusions of consequential damages. For instance, in RRX Indus. v. Lab-Con, Inc., 772 F.2d 543 (9th Cir. 1985), the court interpreting California law invalidated a consequential-damages waiver in a software agreement after the vendor’s “repair” remedy failed of its essential purpose.
• Force majeure clauses
California courts do not enforce force majeure clauses literally. California cases have equated force majeure clauses to the common-law doctrine of impossibility, and courts will read certain common-law elements of a force majeure defense into contract terms. Most notably, a force majeure event must be beyond the reasonable control of the party seeking to be excused; and the incident must truly impose extreme and unreasonable difficulty, rather than merely render performance harder or more costly (including consideration of the party’s reasonable efforts to mitigate). Courts will consider the context and determine whether a party’s obligations should be delayed or completely terminated, in whole or in part.
Additionally, force majeure clauses must be drafted with particularity to overcome the presumption that only events unforeseeable at the time of contract will be excused. Mere “boilerplate” clauses will not excuse a party from performing if the event claimed as a force majeure was reasonably foreseeable.
Parties have significant freedom to draft express contractual indemnity clauses under California law. Courts will enforce a properly drafted indemnity covering a party’s negligence, including negligent misrepresentations and non-disclosure of material facts. However, outside of the insurance context, if a party “seeks to be indemnified for its own active negligence, or regardless of the indemnitor's fault, the contractual language on the point ‘must be particularly clear and explicit and will be construed strictly against the indemnitee.’” Prince v. Pacific Gas & Electric Co., 45 Cal. 4th 1151 (Cal. 2009). It is against public policy for an agreement to indemnify a party from knowingly unlawful future acts. Cal. Civ. Code §2774.
California has adopted statutory rules for interpreting indemnity provisions that apply unless expressly overridden by the parties. Those rules require, among other things, that the indemnifying party must defend indemnified claims upon the request of an indemnified party. Cal. Civ. Code §2778.
With attentive drafting, customers can protect their interests under California law by including indemnity provisions tailored to manage the risks of the technology they are buying.
• No one-sided provisions for recovery of attorneys’ fees
California generally follows the “American rule” for attorneys’ fees, meaning that each party to a dispute must pay its own legal fees. However, California’s civil code overrides unilateral attorneys’ fees provisions in a contract. If a contract has a term awarding attorneys’ fees to only the seller in the event of a dispute, that provision will be interpreted to award attorneys’ fees to whichever party prevails in a claim for breach of contract. Cal. Civ. Code §1717. This can protect customers contracting under one-sided vendor forms.
Scenarios where California law may not be as customer-friendly
Companies should investigate how California law applies to their specific industries or to particular kinds of contracts. For instance, because California law in general is more protective of individuals (especially employees), customers should understand the implications for any business contracts involving individual services under California law. Companies should be especially cautious when retaining independent contractors or attempting to include non-solicitation and non-compete clauses in their agreements.
The content of this blog is intended to convey general information about legal issues that may be of interest to our readers. This information is not intended to, and does not, constitute legal advice, nor is it intended to create an attorney-client relationship. Tactical Law does not sponsor, endorse, verify, or warrant the accuracy of the information found at external sites or subsequent links.
Tactical Law Attorneys