Can you sue your software vendor? Interview with Pam Fulmer, Technology Litigator at Tactical Law Group LLP

Best practice

Can you sue your software vendor? Interview with Pam Fulmer, Technology Litigator at Tactical Law Group LLP

When confronted with a software audit and the pain and stress that goes with it, I’m sure many of you have wished the shoe was on the other foot. If only there was a way to turn the tables on those pesky software publishers…

I anticipate that the list of predatory software publishers will only grow in the future

Pam Fulmer, Technology Litigator at Tactical Law

Earlier this year we reported on a case that had the potential to do just that. As a result of a California Supreme Court ruling, Pam Fulmer, Technology Litigator at Tactical Law pointed out that “customers of Oracle who believe they have been victimized by predatory software audits, VMware overreaches or NetSuite SuiteSuccess failures may have a new tool in their toolbox to combat Oracle and certain of its alleged unfair trade practices.”

Can you sue your software vendor? We sat down with Pam to find out more.

Firstly, tell me about yourself and your experience

I was admitted to the California Bar in 1991 and have been practicing over 32 years. Much of my practice has focused on commercial contract disputes, with many of those involving software licensing disputes. I am also an IP lawyer who is experienced advising on copyright infringement related issues. Prior to founding Tactical Law in 2016 I was a partner in several large global law firms including DLA Piper, Jones Day, Dentons and others. My clients range from large global multinational corporations to start-ups here in the U.S. and abroad.

You recently wrote a blog post about how a new California Supreme Court ruling could open the door to software publishers being sued by their customers for predatory audits. Can you briefly summarise the case and the implications for IT Asset Managers?

Yes, the case is called Siry Inv. v. Farkhondehpour, 13 Cal.5th 333 (Cal. 2022) and was decided by the California Supreme Court last year. Prior to the decision, there was a split at the California Court of Appeal level about whether a claim for a civil theft of money in California business tort cases could be brought under the statute. Siry made clear that such claims could be made and if proven could result in the award of treble damages and the award of attorneys’ fees and costs. However, the California Supreme Court cautioned that “not all commercial or consumer disputes alleging that a defendant obtained money or property through fraud, misrepresentation, or breach of a contractual promise will amount to a theft. To prove theft, a plaintiff must establish criminal intent on the part of the defendant beyond mere proof of nonperformance or actual falsity. . . . This requirement prevents ordinary commercial defaults from being transformed into a theft.” Siry, 13 Cal. 5th at 361-362. So whether the claim could be successfully asserted depends on the facts of the case and what happened in the audit and how predatory were the tactics the software publisher deployed against its customer in the audit. It would be a case-by-case analysis, and not all audits will rise to this level. Certainly any licensee with a license agreement where California law applies, such as with Oracle, should consider whether they might have a viable claim if the customer believes that it ended up being coerced to pay money or buy software that it did not need or want due to the predatory tactics. The statute certainly will not apply in every case. 

From your experience, how likely is it that a company could successfully sue Oracle for a predatory audit as a consequence of this Supreme Court ruling?

It completely depends on the facts of the case. But looking at some of the allegations of the complaint in the Sunrise Firefighters case and other class actions against Oracle involving predatory audits and cloud sales, it certainly appears that could be the case. For example, say it turned out to be true that a company was strong armed into buying Oracle cloud and making a large payment to resolve an audit (as alleged in Sunrise Firefighters), but after the audit was closed the company learns that the millions of dollars in exposure that the software publisher said existed, was actually not true. Say that the company contacted Oracle and stated its case, but Oracle refused to return the monies. Then the licensee might very well have a claim. But you need to understand that the statute requires a theft of money. So it is not enough that Oracle or the software publisher made threats, and the licensee declined to pay. Instead, it appears that a payment must have been made so that the publisher is wrongfully withholding the money. If the enterprise software customer could establish a serious fraud had occurred such that it was a theft of money, it could potentially state a claim.

How would a company seek to prove that an audit was predatory or unlawful? Are there any warning signs that an organisation should look out for which could indicate that an audit is “predatory”? 

A company would need to look for non-compliance claims asserted by the publisher that are not grounded in the contract, and which the publisher has a pattern of asserting. Expert counsel would most likely be needed to make the determination. The company would need to be able to state a claim for fraud, which is a high bar. But a basic fraud claim would not be enough. In the case of a company seeking to assert a Penal Code Section 496 claim it would need to prove fraud and also something extra. And that extra would be that the publisher was acting wrongfully and intentionally in a way that could be construed as acting with a criminal intent. It is a very high bar. So say by just way of example, that Oracle had asserted a very large multi-million dollar VMware claim and was threatening to terminate the customer’s license if it didn’t buy cloud, or pay a large licensing penalty. Or say that the customer really did not have a large non-compliance gap but it ended up entering into an expensive ULA because it believed the publisher and did not see another way out. Depending on the facts, I do believe that it might be able to state a Section 496 claim.

What are the broader implications for the IT Asset Management industry of this ruling? Could it open the door to other software publishers being sued?

Yes. Any customer who can establish that it was defrauded and paid money to a publisher that it didn’t owe where the publisher knew that the customer did not owe the monies could potentially have a claim. Or maybe the customer was forced into a an expensive ULA that it did not want. That could potentially support a claim depending on the facts of what happened in the audit. But remember this is under California law so there must be a nexus to California.

Will software publishers change their audit strategies as a result of this ruling?

No, I do not believe so. I anticipate that the list of predatory software publishers will only grow in the future, and that we will see more of these companies adopt these brass knuckle tactics. Audits are a major source of income for software publishers and I expect we will see even more in the future.

Could the Supreme Court rethink its position? Do you think this opportunity to sue software vendors will be short-lived i.e. if the Court ruling is found to have opened the floodgates for companies to sue software publishers too easily.

Yes, the Supreme Court could reverse course in the future. Or the California state legislature could enact legislation that cuts back on the broad language of the statute. Hard to tell.

Is this opportunity limited to California or could it be applied in other states? Are there international implications too?

It is a California statute so there must be a nexus to California. Certainly Oracle license agreements with a California choice of law provision provide the opportunity to raise such a claim.

Oracle has garnered a reputation for using audits to force its customers onto its cloud, and in many instances threatening to cancel the customer’s licence agreement if they don’t settle. Yet no case has ever gone to court – Oracle always settles, no matter how strong their case appears to be. Why do you think Oracle is so keen to avoid going to court?

First, I don’t think that Oracle likes to sue its customers. It is bad publicity for them and lots of lawsuits might give prospective customers pause to license Oracle software, and they might decide to go with one of Oracle’s competitors instead. In my opinion Oracle will sue its customer if there is enough money to be made or the non-compliance is clear and they want to make an example of them, but generally they do not like to sue their customers, and in my opinion Oracle must believe they have a strong case to do so.

The art of what Oracle does is to know how to apply just enough pressure to force the client to agree to the sale, but not cause the customer to go running off to court to file a lawsuit. Oracle overplayed its hand with Mars and that resulted in Mars filing that very public lawsuit, which exposed to the public Oracle’s arguments around VMware. My opinion is that Oracle saw that lawsuit as a huge risk and became much more careful afterwards about how Oracle applied pressure. Oracle knows how to take its foot off of the gas when it senses litigation is imminent.

Rather than suing Oracle customers, instead Oracle would rather chase and sue competitors like Rimini Street who compete with Oracle in the lucrative software support market. Then Oracle is relentless. Second, it is my personal opinion that Oracle will not sue a customer where VMware has been raised as a big issue to try to inflate the non-compliance gap during the audit. It is also my personal opinion that Oracle knows that its VMware argument is weak and they do not want to risk litigating the issue, and getting a bad court decision. Imagine how risky it would be for Oracle if they got an adverse court ruling, and suddenly all those Oracle customers who bought cloud, agreed to a ULA, or paid large amounts of money to settle an audit based primarily on Oracle’s VMware assertions would be screaming for justice and to get their money back. In such situations, Penal Code Section 496 might prove especially significant as a potential cause of action. We are happy to talk to any Oracle customers who have questions about Penal Code Section 496 or are wondering if they may have a claim against Oracle arising out of a software audit.

Can’t find what you’re looking for?