Wednesday, January 08, 2014

Oracle suit against third party claiming to provide lawful software updates proceeds

Oracle America, Inc. v. TERiX Computer Company, Inc., No. 13-cv-03385, 2014 WL 31344 (N.D. Cal. Jan. 3, 2014)

Oracle sells hardware, software, and support and consulting services to maintain those.  But people also use third-party vendors for support, and here Oracle sued two, alleging that they duped Oracle’s customers into providing them with access to updates to Oracle’s Solaris operating system.  Oracle customers get a Customer Support Identification number linked to products covered by their support contract.  An active licensed customer can download covered software updates, but isn’t allowed to share or use its access credentials for the benefit of others or for the benefit of unsupported Oracle hardware.  When third parties provide support services, neither they nor their customers are allowed to use Oracle’s support website or Oracle’s updates.  However, defendants allegedly told customers that they could lawfully provide that access and support (TeRIX allegedly claimed to be an Oracle partner) and/or that customers were entitled to obtain updates even without an active Oracle support contract by virtue of their licenses to use the underlying OS in conjunction with their Oracle hardware.  Defendants allegedly obtained access to Oracle’s secure support website under false pretenses or directed others with access to download the software. In at least one instance, they allegedly copied and distributed Oracle’s software.  Oracle sued for copyright infringement, violation of the CFAA, breach of contract, false advertising, tortious interference with prospective economic relations, and unfair competition.  Most of the claims survived, but not all the CFAA claims. 

I’m not going to cover the CFAA claims in any detail, though notably the court declined to apply Rule 9(b) because, though the CFAA uses the word “fraud,” a CFAA claim as alleged here didn’t necessarily require fraud in the sense of conduct that is fraudulent under California law.  “[T]he nub of Oracle’s complaint in this case is that Defendants duped at least one Oracle customer into purchasing its unauthorized service update by misrepresenting the customer’s right to updates without a support contract with Oracle. It therefore was not Oracle, but Oracle’s customers, that relied on the alleged misrepresentation.”  Thus, even if Rule 9(b) might apply to first-party claims of reliance, it didn’t here.  Also, defendants can’t be liable for trafficking merely for receiving login credentials.  However, Oracle sufficiently alleged that defendants accessed its websites without authorization/exceeded authorized access under US v. Nosal, because unlike non-CFAA violators in other cases, defendants weren’t themselves authorized to access the website—they didn’t just misuse information they got from Oracle’s site (not actionable under the CFAA); rather, they weren’t supposed to have access in the first place.

The breach of contract claims for violating Oracle’s ToS on its website also survived.  On whether defendants sufficiently assented to the terms, that wasn’t an appropriate topic on a motion to dismiss.

The copyright claims survived, with a twist.  The updates at issue were unregistered derivative works, and thus Oracle couldn’t sue on them. However, it could sue for infringement to the extent that there was copied material common both to the underlying registered work and the unregistered derivative work.  Defendants’ defense that customers were licensed to use the registered work (and that they could rely on these licenses) was an affirmative defense not apparent on the face of the complaint.

Lanham Act false advertising: Oracle alleged that defendants falsely advertised that they could provide legal copies of Oracle updates if customers cancelled their Oracle contracts, including claims that defendants could provide support as the customer’s agent under a claimed “right to use.”  Defendants argued that these were nonactionable statements of opinion, and also that the statements at issue were generic references to UNIX platforms, patch management, and software distribution, not specific references to Oracle or its software. 

Oracle rejoined that the statements were deceptive, even if not literally false, and argued that it shouldn’t have to litigate its infringement and CFAA claims to conclusion, turning opinion to fact, before it could bring a Lanham Act claim.  Despite precedent that legal opinions from nonlawyers aren’t actionable because they are neither true nor false, the court agreed with this clever framing—“the court does not see a reason to first require Oracle to litigate its underlying causes-of-action before bringing a Lanham Act false advertising claim.”  Also, it refused to apply Rule 9(b), because the Ninth Circuit has never required that for Lanham Act claims.  Unsurprisingly, the state law unfair competition claim also survived, as did the intentional interference with prospective economic relations claim, since Oracle had sufficiently alleged the necessary wrongful acts and expectation of future economic benefit.

No comments: