Popular Posts

Wednesday, December 16, 2015

Software license audits challenged in French court


Software vendors (licensors) have increased the number of software license audits over the past few years to chase intellectual property infringement through illegal use of software. Infringing users (licensees) are required to pay additional licensing fees or else they will be sued. Even if the user is duly licensed to use the software, only limited rights are granted by the licensors. The purpose of license audits is to ensure that the licensee complies with the rights granted by contract.

However, licensees tend to challenge software license audits more often. Their claims are often legitimate: increased complexity of the license agreements, difficulty for the licensees to keep track of the licensing rights actually used, or even bad faith by certain vendors who would threat to launch an audit to pressurize the client at the time of contract renewal.

The amounts at stake are usually quite high for both parties, vendors and licensees.

Two recent French cases, both involving Oracle Corporation, illustrate the tension between vendors and licensees, especially at the time of renewing - or not - the existing licenses. (1) These cases raise the issue of the purpose, scope and limitations of a software license audit, and of the legal grounds on which a case may be brought when challenging the non-compliance between the rights granted and actual software use.


1. Purpose, scope and limitations of a software license audit

Software is protected by intellectual property law. (2) The author, or software publisher, enjoys exclusive rights over his/its work and is free to decide how to distribute it, including the scope of the rights granted and the licensing fees charged.

The rights granted to the licensees are provided in the software license agreement. The scope of the rights granted is different depending on the vendors. The licensing rights can be limited according to the type or number of terminals, or servers, number of named users or of CPUs, user volume, etc. Limitations can also be territorial, per location, facility, country or region.

Each vendor is also free to set its own fee system: through the payment of a one-time licensing fee, through a recurring subscription assessed according to the number of terminals or user volume, or through fees evolving with the software (upgrades), etc.

To ensure that the software is used in accordance with the rights granted, software vendors usually include software license audit clauses in their contracts.

However, one of the fundamental principles of civil law is that contracts must be performed in good faith (art. 1134 of the French civil code). Under this principle, software audits must not be carried out for a purpose other than the original objective or be used as a threat against the licensee at the time of renewing the contract, in order to put financial and operational pressure on the licensee or to overreach and access licensee’s proprietary confidential data.

Both examples were raised in the cases examined here.

- The Oracle vs. Carrefour judgment of 12 June 2014 (Summary judgment)
In this first case, Oracle sued Carrefour after the latter had resisted Oracle’s request to run its data collection scripts on Carrefour’s systems during the software audit process.

Two Carrefour affiliates, Carrefour SA and Carrefour Organisation et Systèmes Groupe had entered into a framework license agreement to use the Oracle Database Management software. On 27 January 2012, after the agreement had expired, Oracle France notified Carrefour its decision to conduct a software license audit to check the compliance of the software used with the rights granted under the license agreement. The notification included a request to run scripts allowing to assess the number of licenses used and to check the documents provided by Carrefour regarding the use of the software.

Carrefour didn’t resist the audit but refused the process imposed by Oracle, i.e. to run Oracle’s auditing tools. Carrefour considered that the scripts used by Oracle gave them access to Carrefour confidential information, which was unnecessary for the purpose of the audit and which imposed a security risk on its IT systems.

In a summary judgment rendered on 12 June 2014, the Civil court of Nanterre (Tribunal de grande instance de Nanterre) held that Oracle could not compel Carrefour to run Oracle’s scripts to collect data for the audit since this process was not imposed by the agreement nor by law.

The judges held that Oracle did however justify a legitimate reason to be granted an expert assessment to establish evidence of potential contractual breaches and intellectual property violations by the defendants. On the other hand, Carrefour was not compelled to run Oracle’s data collection scripts, but the judges confirmed that Oracle could use all necessary data collected during the expert assessment to check Carrefour’s compliance of the use of the software programs with the licenses granted.

- The Oracle vs. AFPA decision of 6 November 2014

In a second case opposing Oracle to the AFPA (Adult professional training association) before the Civil court of Paris (Tribunal de grande instance de Paris), the AFPA claimed that Oracle had overreached its software auditing right to put pressure on them at the time of their license renewal with the intent to limit competition and to abuse its right to bring legal action against the AFPA if they didn’t renew the licenses.

The AFPA claimed that Oracle was using their audit right abusively “by distorting its purpose” to put pressure on the AFPA to deter them to migrate to a competitor’s software at the time of the license renewal. This method allegedly resulted in limiting competition (per art. L.420-2 of the commercial code) on the SGF and RDBMS solutions markets.

The judges were not convinced by the AFPA’s claim regarding an abuse of dominant position by Oracle, as they considered that in this case, Oracle’s dominant position on the RDBMS market was not ascertained.

Regarding the abuse to bring legal action, the judges recalled that engaging legal proceedings is a right. If this right is used abusively, then the claimants must prove that a fault was committed, under article 1382 of the civil code (fault, damages and causality between the fault and the damages suffered).

However, although Oracle threatened the AFPA to launch an audit at the time of license renewal, in the present case, the AFPA didn’t demonstrate having suffered specific damages, other than the cost incurred in this legal procedure.


2. Characterizing an alleged non-compliance to the license: intellectual property infringement or contractual breach?

The case opposing Oracle to the AFPA raised a second interesting legal issue regarding the characterization of the dispute over the alleged non-compliance to the software license.

- The facts
Oracle distributes an ERP solution called Oracle E-Business Suite, comprising over 70 software application programs dedicated to enterprise management and clustered into “suites” (“Financials” for accounting and finance software, “Procurement” for purchasing management and suppliers).

Unlike most enterprise software, the E-Business Suite licensing system doesn’t work with activation keys used to manage licenses (blocking and unblocking access to the software, managing the license term, etc.), but instead is delivered on a CD which includes all the programs. The client or its service consultant is then responsible for the installation of the licensed programs on the client’s systems.

Following an RFP launched in September 2001, the AFPA executed an agreement with Sopra Group (an Oracle distributor and consulting company) for the provision of the Oracle E-Business Suite - Finance, for an initial group of 475 users.

In July 2008, Oracle France notified the AFPA its decision to carry out a software audit. The audit was actually conducted in May/June 2009, when the AFPA launched a new RFP to roll out the Procurement solution. According to the audit results, the AFPA was using 885 Purchasing software licenses. This software program was part of the Procurement suite, which was not included in the license granted.

After failing to settle the matter amicably, Oracle decided to bring an action against the AFPA on the grounds of counterfeiting based on the unauthorized use of the Purchasing software suite. To this effect, Oracle claimed the AFPA (and Sopra Group, under the contractual indemnification terms) to pay 3,920,550 euros as lump sum indemnification for the unauthorized copy and use of the Purchasing software for 885 named users, plus 9,487,731 euros as indemnification for the unauthorized use of the technical support services and Purchasing software upgrades, i.e. a total of 13,408,281 euros.

The defendants claimed that Oracle knew that the Purchasing software suite was part of the solution proposed by Sopra to the AFPA under the contract, the solution having been approved with the purchase order issued by Oracle. Indeed, Sopra had invoiced the AFPA for the installation, use and support services for the Purchasing program. The AFPA also claimed that they had been using Purchasing in good faith since the beginning of the contract term and that they had committed no breach.

- Disagreement over the legal qualification of the audit conclusions
In this case, the parties’ claims were based on conflicting legal characterizations resulting in  distinct legal consequences: intellectual property infringement vs. breach of contract

Oracle claimed that since the AFPA wasn’t authorized to use the software under dispute, they were infringing (counterfeiting) Oracle’s intellectual property rights. Counterfeiting is a continuing offense, not subject to prescription, and the counterfeiter cannot claim good faith.

Contrary to Oracle, the AFPA claimed that this was a contractual issue. According to the AFPA, the Purchasing suite was included in Oracle’s licensed software programs. If not, the AFPA claimed that they had performed the contract in good faith since the software programs had been installed by Sopra. Contractual claims are prescribed after 5 years (art. 2224 of the French civil code). Indemnification is governed by the rules regarding contract performance set forth in the Civil code.

- The Court decision

To characterize the dispute, the judges recalled that the only existing issue between the parties was whether the license included the Purchasing suite. Oracle never claimed that the AFPA had used counterfeit software or rolled out software not supplied by Sopra, or that the number of licenses did not correspond to the number of users. The judges therefore held that the dispute was only focusing on the scope and performance of the contract and not on a counterfeiting issue. Therefore, the 5 year statute of limitation and contractual indemnification rules applicable to the damage suffered as outlined in the French civil code are applicable.

Regarding the performance of the contract, Oracle had delivered four CDs, including one containing the Oracle Applications/E Business Suite II i solution, with the Financial and Purchasing suites. Oracle’s position was that although the Purchasing software was on the CD, it was not included in the license.

Based on the documents disclosed during the proceedings, the judges held that Oracle maintained doubt and confusion on what was really included in the software solution licensed: either the Purchasing software program wasn’t included in the scope of the AFPA license, and then it shouldn’t have been delivered to them, or it was included in the license since it was actually delivered in execution of the purchase order.

The judges decided that the AFPA used the Purchasing software suite without fault since this program had been included in the CDs prepared by Oracle. Oracle must have always understood and admitted that the license included the use of that software suite.

As a consequence of this legal characterization, the judges held that the AFPA didn’t infringe Oracle’s intellectual property rights since the software was presumably included within the contractual scope of the license. The judges therefore decided that Oracle’s claims against the AFPA were prescribed and Oracle’s claims of 13,408,281 euros were unfounded. In addition, Oracle had to pay procedural fees to the AFPA and to Sopra amounting to 100,000 euros (art. 700 of the procedural code). This decision is pending appeal.


    Based on this case law, software license audits are indeed legitimate tools for vendors to check that the licenses are performed within the contractual boundaries. However, audits should not be used outside and beyond their original purpose. As shown with these two cases, given the amounts claimed by the vendors, users no longer hesitate to challenge such practice, claiming bad faith or abuse from the vendors (although such claims much be proved legally). Another potentially valid claim could be the complexity of certain types of licensing rights which can be extremely difficult for licensees to manage effectively.

Although these cases didn’t raise the issue of license complexities, but were brought essentially because of misunderstandings and communication issues between the parties, we recommend that software vendors ensure that licensing rights are set forth in clear terms and that licensees can easily keep track of the rights used.


                                                        * * * * * * * * * * *

(1) Nanterre civil court of first instance (Tribunal de grande instance de Nanterre), summary judgment, 12 June 2014, Oracle Corp., Oracle International Corp., Oracle France vs. Carrefour, Carrefour Organisation et Systèmes Groupe ; Paris civil court of first instance (Tribunal de grande instance de Paris) 6 November 2014, Oracle Corp., Oracle International Corp., Oracle France vs. Association Nationale pour la Formation Professionnelle des Adultes (AFPA) & Sopra Group

(2) Article L.112-2 of the Intellectual property code

 
Bénédicte DELEPORTE
Avocat

Deleporte Wentz Avocat
www.dwavocat.com

December 2015

No comments:

Post a Comment