Oracle sells hardware, software, and support and consulting
services to maintain those. But people
also use third-party vendors for support, and here Oracle sued two, alleging
that they duped Oracle’s customers into providing them with access to updates
to Oracle’s Solaris operating system.
Oracle customers get a Customer Support Identification number linked to
products covered by their support contract.
An active licensed customer can download covered software updates, but
isn’t allowed to share or use its access credentials for the benefit of others
or for the benefit of unsupported Oracle hardware. When third parties provide support services,
neither they nor their customers are allowed to use Oracle’s support website or
Oracle’s updates. However, defendants
allegedly told customers that they could lawfully provide that access and
support (TeRIX allegedly claimed to be an Oracle partner) and/or that customers
were entitled to obtain updates even without an active Oracle support contract
by virtue of their licenses to use the underlying OS in conjunction with their
Oracle hardware. Defendants allegedly
obtained access to Oracle’s secure support website under false pretenses or
directed others with access to download the software. In at least one instance,
they allegedly copied and distributed Oracle’s software. Oracle sued for copyright infringement,
violation of the CFAA, breach of contract, false advertising, tortious
interference with prospective economic relations, and unfair competition. Most of the claims survived, but not all the
CFAA claims.
I’m not going to cover the CFAA claims in any detail, though
notably the court declined to apply Rule 9(b) because, though the CFAA uses the
word “fraud,” a CFAA claim as alleged here didn’t necessarily require fraud in
the sense of conduct that is fraudulent under California law. “[T]he nub of Oracle’s complaint in this case
is that Defendants duped at least one Oracle customer into purchasing its
unauthorized service update by misrepresenting the customer’s right to updates
without a support contract with Oracle. It therefore was not Oracle, but
Oracle’s customers, that relied on the alleged misrepresentation.” Thus, even if Rule 9(b) might apply to
first-party claims of reliance, it didn’t here.
Also, defendants can’t be liable for trafficking merely for receiving
login credentials. However, Oracle
sufficiently alleged that defendants accessed its websites without authorization/exceeded
authorized access under US v. Nosal,
because unlike non-CFAA violators in other cases, defendants weren’t themselves
authorized to access the website—they didn’t just misuse information they got
from Oracle’s site (not actionable under the CFAA); rather, they weren’t
supposed to have access in the first place.
The breach of contract claims for violating Oracle’s ToS on
its website also survived. On whether
defendants sufficiently assented to the terms, that wasn’t an appropriate topic
on a motion to dismiss.
The copyright claims survived, with a twist. The updates at issue were unregistered
derivative works, and thus Oracle couldn’t sue on them. However, it could sue
for infringement to the extent that there was copied material common both to
the underlying registered work and the unregistered derivative work. Defendants’ defense that customers were
licensed to use the registered work (and that they could rely on these
licenses) was an affirmative defense not apparent on the face of the complaint.
Lanham Act false advertising: Oracle alleged that defendants
falsely advertised that they could provide legal copies of Oracle updates if
customers cancelled their Oracle contracts, including claims that defendants
could provide support as the customer’s agent under a claimed “right to
use.” Defendants argued that these were
nonactionable statements of opinion, and also that the statements at issue were
generic references to UNIX platforms, patch management, and software
distribution, not specific references to Oracle or its software.
Oracle rejoined that the statements were deceptive, even if
not literally false, and argued that it shouldn’t have to litigate its
infringement and CFAA claims to conclusion, turning opinion to fact, before it
could bring a Lanham Act claim. Despite
precedent that legal opinions from nonlawyers aren’t actionable because they
are neither true nor false, the court agreed with this clever framing—“the
court does not see a reason to first require Oracle to litigate its underlying
causes-of-action before bringing a Lanham Act false advertising claim.” Also, it refused to apply Rule 9(b), because
the Ninth Circuit has never required that for Lanham Act claims. Unsurprisingly, the state law unfair
competition claim also survived, as did the intentional interference with
prospective economic relations claim, since Oracle had sufficiently alleged the
necessary wrongful acts and expectation of future economic benefit.
Posts
No comments:
Post a Comment