Oracle adds copyright infringement charges in amended complaint against SAP


BOSTON – Oracle Corp. went down to the wire in filing its first amended complaint against applications rival SAP AG last Friday in a bitter wrangle over the alleged theft of trade secrets.

Under a legal stipulation agreed in mid-May Oracle had until June 1 to file an amended complaint, while SAP must now respond to Oracle’s amended complaint by July 2.

Oracle added federal copyright infringement and breach of contract claims on top of its original charges, which included violations of the Federal Computer Fraud and Abuse Act and of California’s Computer Data Access and Fraud Act along with unfair competition and intentional and negligent interference with prospective economic advantage.

Oracle filed the original lawsuit on March 22 in the U.S. District Court for the Northern District of California against SAP, its SAP America division, its TomorrowNow subsidiary and 50 unnamed individuals Oracle claimed were SAP employees.

In both the original and the amended complaints, Oracle charged SAP with committing “corporate theft on a grand scale,” alleging that one or more staff at TomorrowNow pretended to be Oracle customers and illegally hacked into its secure support Web site for users of Oracle’s PeopleSoft and JD Edwards applications and downloaded a vast amount of material.

TomorrowNow provides third-party maintenance and support largely to customers using software Oracle acquired through its purchases of PeopleSoft and Siebel.

Oracle further alleged that SAP then copied the content it had accessed from the Oracle site and used it to offer Oracle customers cut-rate support services as the first step in eventually persuading the users to migrate over to SAP’s rival applications.

In a statement Friday, SAP noted the “repeated delays” in Oracle filing its amended complaint.

“Oracle now apparently has registered some copyrights, so it adds a copyright claim,” SAP said. “And, it adds a breach of contract claim based on previously stated allegations. SAP plans to respond to the amended complaint by July 2, in accordance with the Court’s schedule. At that time, SAP will set the record straight regarding Oracle’s allegations. We are eager to vigorously defend this case.”

Oracle said it had discovered the illegal access to its Customer Connection user support Web site after noting periods of unusually heavy download activity from the site in late November and December 2006. “The downloads spanned every library in the Customer Connection support Web site,” the vendor said in the complaint.

Using one customer’s credentials, those of Honeywell International, SAP allegedly downloaded almost 1,800 items per day for four days straight versus that customer’s normal download pattern of 20 items a month. Oracle alleged that it’s connected many of those downloads to a specific TomorrowNow employee Wade Walden, who previously worked at PeopleSoft.

Each customer searching on the Customer Connection Web site has to click on a button after each search to indicate if the search result helped solve their particular problem. Oracle compiled that data on a regular basis to see how well the system is performing and that’s how the vendor noticed sudden spikes in the number of clicks on that button, thousands of clicks per customer and each response occurred in a matter of seconds.

“Given the extreme speed at which the activity occurred, these clicks could not reflect real responses from any human customers actually reading the solutions they had accessed,” the complaint stated. Instead, Oracle believes an automated process was used to access the materials on the site “with lightning speed.”

Oracle claims to have found more than 10,000 unauthorized downloads of its software and support materials, which it then traced to an IP (Internet Protocol) address in Bryan, Texas, an SAP America branch office location and the headquarters of TomorrowNow. Oracle adds that the IP address is connected directly to SAP’s computer network. “Indeed, Oracle’s server logs have recorded access through this same IP address by computers labeled with SAP identifiers using SAP IP addresses,” the complaint stated.

Oracle listed customers whose identities TomorrowNow had allegedly purloined, including Bear, Stearns & Co., Border Foods, Interbrew UK, Merck & Co. Inc. and OCE-Technologies BV. SAP employees allegedly used bizarre user names including xx, ss, User and NULL along with fake e-mail addresses including and fake phone numbers such as 123 456 7897, Oracle alleged in the complaint.

“All of these customers whose IDs SAP appropriated had one critical fact in common: they were, or were just about to become, new customers of SAP TN [TomorrowNow] — SAP AG’s and SAP America’s software support subsidiary whose sole purpose is to compete with Oracle,” the complaint stated.

Oracle claimed the downloads occurred between September 2006 and January 2007. The complaint added, “Oracle also has concerns that SAP may have enhanced or improved its own software application offerings using information gleaned from Oracle’s illegally copied software and support materials.”

Oracle said in the complaint that it’s still unaware of the identities of the unnamed 50 SAP employees charged in the lawsuit. After discovery takes place in the lawsuit, Oracle hopes to unmask them and will amend its complaint accordingly.

In the amended complaint, Oracle stated that its software and support materials are registered with the Copyright Office and thus protected under the Federal Copyright Act. The vendor goes on to say that it has now obtained over 40 certificates of registration from the Register of Copyright covering the materials allegedly stolen by SAP. Oracle listed the certificates in the amended complaint; most of the materials were registered on April 26, 2007.

Oracle wants the judge in the case to stop SAP’s alleged “illegal intrusions and theft,” prevent the vendor from using the materials it’s alleged to have obtained and to recover damages and attorneys’ fees.

The case was originally assigned to U.S. District Court Judge Maxine M. Chesney in San Francisco, but she recused herself in early May for reasons that were not disclosed. U.S. District Court Judge Martin J. Jenkins, also in San Francisco, is now presiding over the case.

The amended complaint is on Oracle’s Web site at:

QuickLink 072656


Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now