It will be fascinating to learn what possible answers and defenses SAP has to offer to Oracles astounding charges that its enterprise applications archrival has engaged in wholesale theft of software and customer support documentation.
The 44-page complaint that Oracle filed on March 22 in U.S District Court in San Francisco contends that Oracle meticulously traced and monitored multiple unauthorized intrusions into its customer support Web site. Oracle claims that it tracked many “lightning-speed” downloads of software files and documents that went far beyond the scope of any single customers license agreement.
So far, all SAP is saying officially is that it is “still reviewing the matter” and as a result will follow its “standard policy of not commenting on pending litigation.”
The next question that comes to mind is whether any of this activity, if it occurred, was done with the knowledge and approval of top SAP executives, or whether it was some mindless rogue operation carried out at SAPs TomorrowNow subsidiary in Texas.
If Oracle can prove its civil charges that SAP employees systematically looted intellectual property from the Web site, the next step could be state and federal investigations that could result in indictments.
Unless SAP can come up with some plausible explanation as to why people inside its organization were apparently downloading “vast libraries” of Oracle products, a lot of SAP jobs, reputations and cash could go down the drain. The very existence of the company would conceivably be threatened by this brewing scandal.
This lawsuit has the potential of making the recent Hewlett-Packard corporate spying and “pretexting” scandal look like childs play, because it involves intellectual property potentially worth billions. Of course, Oracles lawyers have written the complaint to make it sound as sinister as possible. We have no way of knowing whether any allegedly purloined software and documents are even remotely as valuable and damaging to Oracles interests as it claims. We only have Oracles generalized words as to what was stolen and how much.
Oracle and SAP, which is based in Walldorf, Germany, have been locked in intense competition since SAP because a major player in the U.S. enterprise applications market. Every strategic move Oracle has made over the past five years has been aimed at supplanting SAP at the top of the ERP (enterprise resource planning) market.
Oracle is well known for taking any competitive edge that it can find. If even a fraction of the charges listed in Oracles complaint prove to be true, SAP may have made it a lot easier for Oracle to relegate its rival to also-ran status.
SAP acquired TomorrowNow in January 2005 to provide third-party support for PeopleSoft and JD Edwards ERP applications. As the Oracle complaint notes, SAP acquired TomorrowNow within a month after Oracle completed the acquisition of the PeopleSoft and JD Edwards product lines.
When SAP announced the TomorrowNow acquisition, executives of both companies said the purpose was to build a top-notch third-party IT support service for PeopleSoft and JD Edwards applications at a lower cost than Oracle itself would provide. TomorrowNow hoped to take advantage of customer dissatisfaction with Oracles buyout of PeopleSoft/JD Edwards.
Placing the Blame
Its hard to imagine how SAP could argue that TomorrowNow carried out the alleged activity on behalf of the PeopleSoft and JD Edward customers as part of its third-party support service, since Oracles licenses and the licenses of any other commercial software product bar the disclosure or transfer of software and documentation to any third party.
The lawsuit also raises the question of whether some of Oracles customers or former customers could find themselves parties to this lawsuit if it can be proven that they gave TomorrowNow access to their Customer Connection log-on IDs and passwords.
The Oracle complaint alleges that the intruders used “expired or soon-to-expire” log-on credentials of Oracle customers to gain access to the Customer Connection Web site. A lot of people could be feeling the legal pinch of these charges as this suit grinds through the wheels of justice.
The lawsuit also calls into question the effectiveness of Oracles own Web security protocols, since the intruders found it so easy to log in to the site using obviously bogus IDs such as “Null” and “User” along with e-mail addresses such as “test@testyomamma.com.”
If intruders found it so easy to penetrate and plunder Oracles Web servers, what does this mean for the security of any software companys intellectual assets that are stored for easy customer access on the Internet? Perhaps Oracle should strengthen the security measures protecting its Web servers to prevent future intrusions and thefts.
The complaint charges that SAP carried out more than 10,000 downloads between September 2006 and January 2007. Oracle is claiming that the intruders even took Oracle support documents that werent available “even to licensed, authorized customers or through normal access to Oracles Customer Connection system.”
Its clear that rather than block the expired and bogus customer accounts from accessing the Web sites, Oracle chose to quietly monitor and trace the activity to investigate who was doing it and why. The results are this lawsuit.
If the charges are proved to be accurate, SAP could find it is embroiled in perhaps the largest and worst intellectual property theft case in history of the computer industry.
It is inexplicable why SAP, a proud and respected software producer, would ever allow any of its employees or subsidiaries to engage in massive and systematic theft of software and documentation.
We must all reserve judgment until SAP has an opportunity to answer the charges and defend itself in court. Surely all companies in the software industry must respect the sanctity of each others intellectual property rights. Its unimaginable that any company would knowingly take the chance of putting such devastating legal weapons into the hands of a such a fierce competitor as Oracle.
But if it is true that people within SAP engaged in these purported systematic thefts, then the case is no different from any of the most egregious examples of identity theft and criminal fraud that have rocked the computer industry in recent years.
In that case SAP would deserve whatever it gets.
John Pallatto is a veteran journalist in the field of enterprise software and Internet technology. He can be reached at john_pallatto@ziffdavis.com.
Check out eWEEK.coms for the latest news, reviews and analysis about productivity and business solutions.
