Oracle v. SAP Lawsuit Comments

By Eric Goldman

Oracle Corporation v. SAP AG, 3:07-cv-01658-EMC (N.D. Cal. complaint filed March 22, 2007)

I realize I’m a couple weeks late to this story, but it’s too important/interesting a case not to address.

TomorrowNow (TN) is a company started by former Oracle employees. They offer maintenance services for Oracle software competitive with Oracle’s standard maintenance program, but at much-reduced prices: Oracle charges 22%/yr while TN charges half that (11%/yr).

But how is TN able to undercut Oracle’s pricing so drastically? One possibility is that Oracle charges supra-market rates due to the lock-in effects of tying maintenance services to software licenses. On that front, I’ll note that back in the 1990s, my software vendor clients typically charged 15%/yr for maintenance–a substantially lower number than Oracle’s breath-taking 22% figure. So perhaps TN is able to charge 11% as a modest start-up discount off the industry-standard 15%, and Oracle’s been getting away with a great deal for a long time.

An alternative story, told by Oracle in its complaint, is that TN could undercut Oracle only by stealing. TN has a very thin development team compared to the Oracle behemoth, so Oracle might incur all of the development expenses necessary to provide maintenance services, and TN might just take those assets for free to engage in competitive free-riding. Specifically, Oracle alleges that TN gets switching Oracle customers to give TN their passwords to Oracle’s website/database for its maintenance customers and then send robots to download everything (manuals, patches, etc.) it can find, which then allows it to provide services comparable to Oracle’s.

Perhaps TN, even if had engaged in such a scheme, would have been a nettlesome gnat as a standalone company, but it got scooped up by German software giant SAP, one of Oracle’s main rivals. At this point, TN becomes problematic to Oracle in a variety of ways. TN is poaching some maintenance revenue outright, while it is putting price pressure on the maintenance business that Oracle retains. Further, Oracle customers who switch to TN have an easier path to migrate their overall software needs to archrival SAP.

Oracle has struck back in court with a tightly drafted complaint. Oracle claims that the scheme of getting former Oracle customer passwords and downloading lots of content from Oracle’s maintenance database violates (among other things) the CFAA and Cal. Penal Code Sec. 502 and constitutes trespass to chattels and interference with prospective economic advantage. This is a well-pleaded complaint, in the sense that there are no obvious deficiencies with Oracle’s pleadings. I don’t love everything about Oracle’s practices. For example, it makes no sense that Oracle made it possible for customers to root around the entire database for stuff, even if it didn’t relate to the customer’s software. Also, I would definitely have drafted and implemented the contracts differently than Oracle did. But these are quibbles; Oracle’s contracts and practices are serviceable for this lawsuit’s purposes.

Having said that, there are two obvious omissions from the alleged claims. First, Oracle didn’t allege copyright infringement yet because it needed to get its copyright registration applications on file, so it expects to file an amended complaint. Second, Oracle didn’t allege that the claimed misuse of switching customers constituted a 1201 circumvention. I’m not 100% sure why. It could be that this claim will be added along with the other copyright infringement claims, or it could be that Oracle is sufficiently deterred by the handful of cases holding that mere misuse of a legitimately issued password isn’t a circumvention.

Also, it’s noteworthy that Oracle didn’t sue its switching customers for allegedly providing their passwords to TN, although it seems like at minimum Oracle would have breach of contract claims against them. I assume Oracle isn’t suing customers because that’s never good for business. Indeed, part of the lawsuit is about wooing customers; there is some hilarious and gratuitous marketing language in the complaint designed to impress Oracle customers and to rattle the confidence of customers thinking of switching to SAP.

Putting aside what’s not in the complaint, if Oracle’s complaint accurately states the facts, SAP could be in deep legal trouble. Of course, it’s fairly typical for the plaintiff to draft a great complaint and the defendant then tells a very different story. As just one example, Oracle ties the downloads to TN via IP addresses; but IP addresses are spoofable, so it’s theoretically possible that someone spoofed TN. So we have to wait until we hear both sides before we can make any rigorous assessments of merit.

Even so, I’m a little unnerved by the software industry analysts who have claimed this lawsuit is no big deal. Perhaps in the grand scheme of things, this lawsuit won’t have a great deal of effect on the competitive position of SAP and Oracle. Sure, the lawsuit casts some doubts in the minds of customers who are thinking of leaving Oracle for lower-cost options that SAP/TN will be a long-term trustworthy vendor, but such doubt-sowing initiatives are fairly common the bare-knuckle competition for enterprise database software. Plus, if SAP just cuts off TN altogether, presumably the overall effect on SAP and Oracle revenues will be comparatively modest.

But this lawsuit could be a Big Deal because the facts alleged by Oracle might support criminal prosecutions for CFAA, CA Penal Code 502, criminal copyright infringement and other crimes. It’s not clear if the criminal prosecutors are going to get involved in this case or if Oracle even wants them to do so, but I suspect a number of SAP employees have procured their own personal attorneys. To the extent TN was a rogue operation operating without oversight or permission from SAP corporate, then again the financial impact may be small, even if the affected individuals might suffer severe consequences. But if TN wasn’t a rogue operation, any criminal prosecutions could have major ripple effects throughout the entire SAP organization.

I think the Cadence v. Avant lawsuits are illustrative, especially given the many parallels. In that case, a bunch of former Cadence employees started up a competitive company, Avant. However, to get a jumpstart on the competition, the employees walked out the door with Cadence source code. Perhaps aided by this unfair head start, Avant had a very successful marketplace run, growing into a major public company with hundreds of millions of dollars of revenue. But after the civil and criminal prosecutions, Cadence got damage awards of hundreds of millions of dollars, multiple Avant employees went to jail, and Avant was effectively knocked out of the marketplace.

I need to reiterate that we don’t know yet if Oracle’s alleged facts are true, or if anyone committed a crime, or if any criminal prosecutions will ever be launched. However, I think it’s too breezy for software industry analysts to brush this case off as a low-risk threat. If Oracle’s alleged facts are true, this isn’t business-as-usual; instead, this would constitute illegal marketplace behavior, with potentially severe consequences for the business generally and the decision-makers individually.

I have additional edgy things to say about this case in this interview. Other resources:

* WSJ Law Blog

* BusinessWeek article pitching this lawsuit as just bare-knuckle competition between giants

* A collection of industry analysts’ comments