When Neo consulted the 'Oracle' in the Matrix movies, he was left confused and uncertain as to whether the Morpheus-led campaign to name him the 'chosen one' was true. One of the Oracle's more famous quotes was that 'we are all here to do what we are all here to do'.
This is a sentiment that, back in the real world (which may or may not be a matrix like computer simulation), our own 'oracle' (being Oracle Corporation, of Redwood City, California) might well agree with, particularly in relation to third party support and maintenance providers. However, in a recent challenge, Oracle has distinguished itself from the 'Oracle' in the Matrix by leaving no uncertainty as to its position on third party support and maintenance providers.
To Oracle, we are, indeed, all here to do what we are all here to do, and third party software support and maintenance providers are here to do, well … nothing. They are, according to Oracle, certainly not here to provide support and maintenance services in relation to Oracle's Solaris software, especially where they are using Oracle-created software and other resources to do so.
Following on from major lawsuits against third party support providers such as Terix, CedarCrestone, SAP, TomorrowNow and Rimini Street, Oracle now has HP Enterprise (HPE) in its sights. This time Oracle is challenging HPE on its role as partner to Terix in providing third party support services for Oracle's Solaris software.
Whilst potentially not as exciting as dodging bullets in super slow motion or watching a few hundred Priscilla Queen of the Deserts dressed in suits pile on top of Keanu Reeves, Oracle's law suit could have a profound effect on the software support and management industry.
What are third party maintenance and support providers?
Before we get into the nitty gritty of Oracle's claim, it's important to deal with the basics. A third party maintenance and support provider is a business who provides support and maintenance for software that it did not develop and in which it does not own the intellectual property rights. Whilst these services often do not provide a customer with all of the benefits that it would get if it contracted directly with the developer for support and maintenance services (as they don't have access to certain resources, such as upgrades and bug fixes created by the developer), they often come with a significantly reduced price tag.
So one can imagine that, for a customer that has legacy systems that do not require any significant upgrades and has no plans for software investments in the near future, the reduced level of service for a reduced price may be appealing. However, if Oracle gets its way, there is a risk that the customer could be obtaining services in breach of software licences granted by software providers, and if those third party support providers use the customer's login to obtain support-related materials, they could themselves be infringing the software provider's intellectual property rights in those materials.
What is Solaris?
Solaris is a Unix operating system originally developed by Sun Microsystems and has, as of 2010, been owned by Oracle.
What did Terix and HPE do (according to Oracle)?
Back in 2013, Oracle claimed (successfully) that Terix 'engaged in a deliberate scheme to misappropriate and distribute copyrighted, proprietary Oracle software code' when providing third party support services to [its] customers for the Solaris operating system. Terix was downloading, from the Oracle website (access to which is restricted to customers), software patches and updates to the Solaris operating system and providing these to its customers as part of its third party support and maintenance service offerings.
The trouble was that the licensing terms and conditions for these patches and updates did not permit them to be obtained and used by third party support and maintenance service providers.
As a result of Oracle's claims, Terix was ordered to pay $57.7 million in damages and was prohibited from providing its customers with updates, bug fixes, patches, media kits or other proprietary support materials for Oracle's Solaris operating system that haven't already been made public. Importantly, Oracle is also permitted to conduct annual audits of Terix relating to Oracle hardware for the next five years. We can understand right about now why a third party software support and maintenance provider reading this is hoping this is 'The Matrix' and that it can unplug and wake up.
HPE did not itself support and maintain Solaris, however, according to Oracle, HPE 'sold support services to Oracle customers that included software support by Terix despite knowing that Terix’s software support included Solaris updates that Terix had no lawful right to provide'. Oracle's contention is that HPE was fully aware that Terix was applying updates to the Solaris OS without being licensed or entitled to do so because HPE has the same type of licence and support policies for its own software, 'HP-UX'.
In what seems to have been similar circumstances, SAP (a German tech giant) paid Oracle $360 million in settlement in 2007. This was compensation for the misdeeds of then-newly acquired TomorrowNow which downloaded and implemented Oracle's support resources from the customer service web page as part of its third party support and maintenance offering.
Would HPE's (alleged) conduct infringe copyright in Australia?
Whether such a claim would be successful in Australia would turn on a court's interpretation of section 101 of the Copyright Act 1968 (Cth), which extends liability to those who 'authorise' the copyright infringements of others.
'Authorisation' has traditionally been understood as 'sanctioning, approving or countenancing' an infringement. This requires a person to know or have reason to suspect that the particular act is likely to be done.This understanding has since been codified in the section 101(1A) factors a court must consider in determining whether an infringement has been authorised.In recent judgments, Australian courts have applied these factors and refused to find internet services providers liable for 'authorising' copyright infringement, primarily because any steps required to prevent or reduce the copyright infringements would not be reasonable.
However, beyond ISPs, the precise scope of 'authorisation' remains untested in most technological contexts, including software licensing. Whilst HPE is linked more closely to the infringements of Terix than an ISP is to the infringements of its subscribers, HPE may also fall short of the 'authorised liability' threshold.
HPE would be likely to argue that it assumed (and was entitled to assume) that Terix's actions were within the scope of any licence under which the Solaris materials were provided. Further, it seems likely that documents setting out the partnership arrangement between Terix and HPE would have contained specific provisions relating to use of third party intellectual property by Terix.Such circumstances indicate HPE had no reason to suspect Terix was engaged in the breach of copyright, and therefore, it was reasonable for it not to take steps to prevent the copyright infringement.
What does Oracle want?
In a word, compensation. But it appears to be more than just money for Oracle; it appears to want to send a message to the market that supporting and maintaining its software (and undercutting it in the process) is likely to land you in hot water if you use resources that are Oracle-created and licensed.