Legal writing can read like a detective thriller. Here's an example.
On March 2007 Oracle, an American software company, began a court case in which the first paragraph of its Complaint alleges "corporate theft on a grand scale, committed by the largest German software company - a conglomerate known as SAP." You can read below the overview of this thriller and our practical advice. Otherwise go direct to Oracle's 44 page Complaint placed on its website.
The takeaway for this post is that, whatever the result of Oracle's case, its Complaint is a clear reminder that monitoring computer access logs in a business makes excellent business sense.
This is especially so today given the increasing use of extranets, intranets, and high capacity USB drives - to name just a few of the means available for unauthorised access, copying and use of valuable data.
1. Oracle's alleged facts
1. This case is about corporate theft on a grand scale, committed by the largest German software company – a conglomerate known as SAP. Oracle is a leading developer of database and applications software, and SAP is Oracle’s largest enterprise applications software competitor. ...
3. In late November 2006, there occurred unusually heavy download activity on Oracle’s password-protected customer support website for its PeopleSoft and J.D. Edwards (“JDE”) product lines. ...
6. For example, in January 2007, a user on an SAP TN computer signed in as Oracle customer Honeywell International, Inc., a Fortune 100 technology and manufacturing company, to access Oracle’s support system and copy literally thousands of Oracle’s Software and Support Materials in virtually every product library in every line of business. ...
7. Oracle has found many examples of similar activity. Across its entire library of Software and Support Materials in Customer Connection, Oracle to date has identifiedmore than 10,000 unauthorized downloads of Software and Support Materials relating to hundreds of different software programs. ..
9. In many instances, including the ones described above, SAP employees used the log-in IDs of multiple customers, combined with phony user log-in information, to gain access to Oracle’s system under false pretexts. ...
35. Oracle’s license agreements define Oracle’s confidential information to include, without limitation, Oracle’s software, its object and source code, and any associated documentation or service offerings. ...
43. On January 7, 2005, Oracle completed its acquisition of PeopleSoft to emerge as the second-largest provider of business software applications in the world and the first to rival SAP AG in market share, size, and geographic and product scope. ...
61. Oracle has now solved this puzzle. To stave off the mounting competitive threat from Oracle, SAP unlawfully accessed and copied Oracle’s Software and Support Materials. ...
2. Oracle's claimed legal grounds for claims based on the above facts
The Complaint lists the following 11 legal grounds for the Oracle claim:
Violation of Federal Computer Fraud and Abuse Act (18 U.S.C. §§ 1030(a)(2)(C) & (a)(4)
Computer Data Access and Fraud Act - Cal. Penal Code § 502
Intentional Interference With Prospective Economic Advantage
Negligent Interference With Prospective Economic Advantage
Unfair Competition - Cal. Bus. & Prof. Code § 17200
Trespass To Chattels
Aiding and Abetting
3. Oracle's claimed legal remedies
Oracle seeks an injunction, return of property and punitive damages. Not surprisingly it also demands a jury trial.
4. Brief commentary
Another recent Lightbulb article illustrated the benefits of monitoring computer access logs - DuPont foils a US$400 million trade secrets heist.
That case was about unauthorised use of intellectual property by an employee that was about to leave. The case begun by Oracle last month involves action against a competitor, SAP.
Trade secrets law, more commonly known as confidential information law in Australia, is a category of IP law. It is often used by businesses to act against theft by employees, competitors and others.
The facts, legal rights and remedies overviewed above in the Oracle case resemble those that can be marshalled in Australia to legally protect against breach of business secrets and confidential information.
5. Advice for proactive protection of confidential information
The best advice is to be proactive. Put into place measures to reduce the opportunity for theft, for example:
Contracts for products and services, eg licence agreements for software, end user agreements for extranets, merchant agreements for collaborators. Oracle relies in its case on its software licences and Legal Download Agreement;
Employment contracts and policy and procedure manuals.
Process documentation, such as confidentiality statements, records and agreements to be used in negotiations and discussions with third parties.
File use arrangements, such as limiting access to a "need to know basis" for confidential information ie establish levels of privilege.
File security arrangements, eg establish passwords, keys , locks and other security systems to regulate access to and disposal of information. Not surprisingly Oracle relies in its case on mandatory use of password protection.
This list is not exhaustive. For further information or an overall framework see also The joy of IP strategy - top 10 questions list.
2 SEP 2011 UPDATE: In November 2010 a jury awarded Oracle $US1.3 billion in damages. The sum was a record for copyright infringement.
However, on appeal U.S. District Judge Phyllis Hamilton in Oakland, California called the jury award "grossly excessive" and asked that Oracle either accept a lower $US272 million payment or submit to a new trial. The case is Oracle Corp. v. SAP AG, 07-01658, U.S. District Court, Northern District of California (Oakland).