Earlier this year, we covered a software audit legal case between Micro Focus and their customer Express Scripts and, having read through some of the court documents, there are some enlightening points to look through. It’s great that the customer took the win but first let’s look at some of the key information that came out during the trial.
It’s always sensible to have controls, processes, and training in place when it comes to sharing data with software vendors. In this case, a large part of Micro Focus’ argument was based on numbers taken from data given to them by the customer:
“But when Express Scripts sent its data of usage and access back to Micro Focus, what we learned is that they had installed the software on 14,945 workstations but were giving access to 35,236 users on Citrix. And this is the data they sent us. These are the reports from Express Scripts’ system showing 35,236 people had access to Rumba software via Citrix. That’s what Express Scripts’ own data showed.”
Although it’s said that numbers don’t lie, they can certainly mean different things to different people. Express Scripts’ case may have been easier if some clarification work had been done before sending the report across.
In a refrain that will sound familiar to many of you, when discussing what Micro Focus were pushing for, Express Scripts’ counsel described it as “a license for non-users to not use their software”.
They also said “There is no evidence that a single one of them ever used Rumba for any purpose ever. So Micro Focus can’t sue us for having too many users. We didn’t. Instead, what they say, is we had an agreement to pay them for providing non-users with access to software that none of them could use for any purpose.”
This is something prevalent in many audits, where customers are expected to pay for software what was never used.
The testimonies within the trial gave good insight into the approach to audits within Micro Focus. In 2014, “Micro Focus bought Attachmate, and with it … inherited Attachmate’s audit compliance group and … Attachmate’s senior compliance manager James Grant. …[Y]ou’ll hear Mr. Grant testify that he and the audit team get compensated based on the revenue they generate from conducting audits”.
Here, I’ve taken certain parts of testimony from Archie Roboostoff, part of the Micro Focus Product Management team, where he talks about the culture within Attachmate at the time of the Micro Focus acquisition.
Q: And, in particular, you say that Attachmate’s mandate is to, at all cost, protect and increase the ongoing maintenance revenue. Is that right?
A. Our assumption at the time was that Attachmate’s mandate was to do that, yes.
Q. And their strategy has been to basically sue their own customers for compliance. That was your understanding at the time?
A. That was my understanding.
Here Roboostoff talks about Attachmate’s options for increasing revenue:
“The impression was that they didn’t have a lot of other products in the portfolio to offer those terminal emulation customers. So their only choice for growth was to sort of go and look and make sure that their customers weren’t over deploying, which is fairly common in the industry. So that was their primary source of revenue. That was our understanding.”
Which it seems was primarily auditing rather than selling in additional product lines. The Micro Focus product manager went on to say:
“You know, I think we were nervous when the Attachmate team came…into Micro Focus, and we wanted to make sure that we reached out to the market and say that we weren’t that. You know, we always try to find a win-win with any sort of compliance engagement that we have. I mean, if a customer…overdeploy[s], we will work with them.
We always try to make it a win-win for these customers. Like, okay, if you did over deploy. We got it. Maybe let us look at some other products we can give you for that price or whatever. So, we typically make it a valuable exercise for both parties.”
Another sales rep testified regarding software audits that “half of her time as a salesperson…is dedicated not to sales but to audits because that’s where she generates revenue. And the audit group and the sales team both get paid based on generating sales out of these audits”.
Another Micro Focus employee who gave evidence was Richard Ford, a Major Account Rep, who gave some good insight into their strategy around maintenance. Similar to Oracle, customers need to have maintenance on either all or none of their licenses. Reading how Micro Focus position this gives a good example of the somewhat tricky language that’s prevalent in the world of software licensing:
“…if you want to go off a support for a particular license, that’s fine, but if it’s part of a maintenance contract, then you have to uninstall them. And so you don’t lose rights to them, you just can’t have them installed anymore” (emphasis mine).
This scenario is, I suppose, similar to how one can legally own a car but, without meeting further requirements, cannot drive it on the roads. However, it’s a good example to highlight how just because a license has perpetual rights, that doesn’t mean you can bank on using it forever without any further payments.
Another point that was touched on was about vendors charging list price for licenses purchased to fill a non-compliance gap found in a software audit, and whether those list prices are realistic. Often “list price” is a number far above anything that customers actually pay in normal circumstances so can it be considered a fair price to pay or does it become punitive?
Another section of the case centred on the use of terms such as “Enterprise license” and “site license” and what those actually meant – particularly around whether they imply any restriction on user counts. Both these terms were used interchangeably by Micro Focus when dealing with Express Scripts, but the argument was that they didn’t really convey any specific meaning as to what they contained or the type of rules by which they’d be governed. Something like this can become central to a software audit when the definition of that term can hugely alter the perceived non-compliance.
To me, “site license” definitely means an all you can eat style of licensing without a restriction on user count etc. but “Enterprise license” not so much – that makes me think more of enhanced features. It goes to show that just because a term is familiar and used a lot in the industry, if a definition isn’t agreed, and documented, between the parties – trouble can arise.
Part of this case focused on exactly what “access and use” means when it comes to software sitting on a Citrix server. The product in question, Rumba, gave access to legacy mainframe applications and while users could click on the Rumba icon, only those granted specific rights could use it to access the mainframe.
Lawyers for Micro Focus argued that this was analogous to taking a taxi to a restaurant, finding out the restaurant was closed, and refusing to pay the taxi driver.
Express Scripts countered with:
“[They] told you, you take a taxi to the restaurant and the restaurant is closed, you’ve still got to pay for the taxi. That is not what they are charging for. They are charging for the ability to see the taxi. They are charging…for the ability to stand on the sidewalk and get up to the taxi and have the option that you may access the taxi, but not for actually getting in”.
It’s great that Express Scripts won, and Micro Focus’ motion for a new trial was denied. To that point, the court said:
“Micro [Focus] seemingly takes umbrage that the Court did not give an instruction [to the jury] that was vague enough to allow them to front a legally and factually untenable argument in closing”
It’s good to see a decision like this go in favour of the customer. It shows that the threat of litigation over an audit doesn’t have to be a reason to fold – while going to court isn’t for everyone (for various reasons), this will embolden many customers. This case helps shed light on a few things:
And it sets a precedent to which future cases can refer. I’d highly recommend sharing this internally with various stakeholders (and their teams) across the business including procurement, legal, architects, infrastructure etc. to show them the problems that can arise with software licensing and what parts different teams play in all this – both in causing and resolving the problem!