Oracle had begun legal proceedings against SAP, alleging: “SAP is engaged in systematic, illegal access to – and taking from - Oracle’s computerised customer support system…. SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers.”
Court papers filed by Oracle continue: “SAP gained repeated and unauthorised access, in many cases by use of pretextual customer log-in credentials, to Oracle’s proprietary, password-protected customer support website”.
The legal profession is making lucrative fees around the software industry at present, much of it focused around the protection of intellectual property (IP). This case will add to the revenues of this part of the industry.
Most legal cases in software have focused on product-related IP. This case is different, in that it focuses on the IP around a support and service offering. It is interesting on two fronts.
First, because support services are one of the highest margin parts of a software business, and companies will act to protect profitable businesses. Secondly, an increasing amount of work is going on across the entire industry to “productise” people-based services, in a bid to make these services more repeatable, better quality for customers and at lower cost. However, this is a harder area to protect since there can often be a fine line between implicit know-how and explicit IP.
There are two primary scenarios that may emerge from the case. Firstly, it is possible that the case will fizzle out very quickly and simply disappear from view. Secondly, it could drag on for some time, distracting the industry while simultaneously entertaining journalists around the world.
If the latter scenario plays out, and assuming there is a demonstrable case to answer, then SAP could do worse than look at how HP CEO Mark Hurd handled their recent boardroom farrago – this was handled with proper gravitas and grace by the HP executive. The two cases have similarities and lessons can be learned. However, Oracle first needs to demonstrate the veracity of its case.
One group of people that must not be forgotten in this turmoil is the customers of both SAP and Oracle. Many of them are now wondering whether they have inadvertently benefited from this breach – not assuming that the case is well founded but doing a sensible risk-based analysis, in case it is.
Our initial analysis is that there should be no major causes for concern but there are some areas of doubt. From the details - still sketchy - that have emerged there appears to be no accusation that SAP has embedded Oracle IP into SAP products. On that basis there should be no customer concern around them inadvertently breaching IP rights by using SAP products.
Consuming a service that is based on improperly licensed IP is a more grey area, and one that customers of SAP’s Safe Passage programme or SAP’ TomorrowNow subsidiary will be mulling over more than most. However, we can see no strong basis for those customers to be concerned, nor can we see a business case for Oracle pursuing them - but this is not cast iron.
Oracle has no beef with SAP customers, only with SAP. Oracle could remove customer concerns by declaring that it would not pursue SAP customers for any breech of IP that SAP may or may not have undertaken. Not only would this give some welcome customer re-assurance, it would also demonstrate that customers will not be punished for changing software or service providers. We encourage Oracle to re-assure customers along these lines.