Made4Biz Dynamic IT Security News
A new cold war irrupted just because they didn't use Dynamic! Security
Oracle charges 'corporate theft,' slaps SAP with lawsuit
Todd R. Weiss
March 22, 2007 (Computerworld) Painting a picture of what it calls "corporate theft on a grand scale," enterprise software vendor Oracle Corp. today sued German software rival SAP AG, alleging that SAP "has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers."
In a 44-page lawsuit (download PDF) filed today in U.S. District Court in the Northern District of California, Oracle alleges that SAP "has copied and swept thousands of Oracle software products and other proprietary and confidential materials onto its own servers" as part of a plan to compile "an illegal library of Oracle's copyrighted software code and other materials."
"This storehouse of stolen Oracle intellectual property enables SAP to offer cut rate support services to customers who use Oracle software, and to attempt to lure them to SAP's applications software platform and away from Oracle's," the lawsuit alleges. Oracle said it filed the suit to "stop SAP's illegal intrusions and theft, to prevent SAP from using the materials it has illegally acquired to compete with Oracle and to recover damages and attorneys' fees."
A spokesman for SAP
The amount of damages being sought by Oracle was not revealed in the lawsuit.
The suit cites 11 claims, including allegations that SAP violated the Federal Computer Fraud and Abuse Act and the California Computer Data Access and Fraud Act; engaged in unfair competition; engaged in intentional and negligent interference with prospective economic advantage; and civil conspiracy.
The lawsuit also alleges that "SAP is engaged in systematic, illegal access to -- and taking from -- Oracle's computerized customer support systems. ... SAP gained repeated and unauthorized access, in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support Web site."
The alleged incidents were discovered in late November 2006, according to the lawsuit.
The case may reflect a recent trend, as third-party support services firms try to lure IT managers away from getting their support from the original software vendor toward lower-cost options from other providers.
The lawsuit alleges that "the access and download activity Oracle observed on its systems in late November and December 2006 did not resemble the authorized, limited access to which its customers were entitled. Instead, SAP employees using the log-in credentials of Oracle customers with expired or soon-to-expire support rights had, in a matter of a few days or less, accessed and copied thousands of individual software and support materials."
In one case, using one customer's credentials, "SAP suddenly downloaded an average of over 1,800 items per day for four days straight (compared to that customer's normal downloads averaging 20 per month)," according to the suit. "Other purported customers hit the Oracle site and harvested software and support materials after they had canceled all support with Oracle in favor of SAP's TN division.
"Oracle has found many examples of similar activity," the lawsuit said -- including more than 10,000 unauthorized downloads of material relating to hundreds of different programs.
The downloads originated from an Internet Protocol (IP) address in Bryan, Texas, which is the location of an SAP America branch office and home to its wholly owned subsidiary SAP TN. SAP TN, according to the lawsuit, provides technical support services for versions of Oracle's PeopleSoft and JD Edwards applications. The lawsuit goes on to allege that SAP's motivation for its activities began after Oracle's January 2005 acquisition of PeopleSoft.
"SAP AG had no answer for the business proposition the new Oracle offered," the suit alleged. "Not only do many SAP AG customers use Oracle's superior database software programs, but now Oracle offered a deeper, broader product line of enterprise applications software programs to compete against SAP AG."
"Rather than improve its own products and offerings, SAP AG instead considered how to undermine Oracle," the suit states. "One way was to hit at Oracle's customer base -- and potentially increase its own -- by acquiring and bankrolling a company that claimed the ability to compete with Oracle support and maintenance services on Oracle's own software products."
An Oracle spokeswoman also declined to comment on the lawsuit.
Charles King, principal analyst with Pund-IT Inc. in
SAP provides a wide range of end-to-end business software applications, which is what Oracle has been trying to do through its acquisitions over the last several years, he said.
"For SAP, the database is one part ... but simply one part of the technical underpinnings" needed by users. "Oracle started on the database side, and as time has gone on, the company has recognized that being a database specialist [alone] was not a way to sustain growth."
Oracle reacted by adding other application lines and becoming more like SAP, King said. "I think they've become very successful at pursuing that strategy."
Mervyn Adrian, an analyst with Cambridge, Mass.-based Forrester Research Inc., said that until the case is dissected, it's important not to assume that any of the alleged actions were done by SAP as corporate policy. Instead, any activity could have been the work of individual employees.
"One always has to be careful to separate the acts of individuals from corporate acts,"
It is, however, "pretty routine for people [and companies] to look at each other's [Web] sites and grab whatever they can," he said. In cases such as those alleged in the Oracle lawsuit, that "usually represents misguided behavior on the part of individuals," he said.
"This may turn out to be a tempest in a teapot," with someone ultimately being found to have done something wrong and then being disciplined,