Companies suffering through an Oracle software audit are doubtless familiar with Oracle's overreaches involving an Oracle customer's use of VMware virtualization software. We have discussed in previous blog posts Oracle's notorious "Audit Bargain Close" ("ABC") tactic, and how Oracle uses non-contractual policies to attempt to broaden its contractual rights and claim a huge "shock number" for non-compliance, which it then attempts to leverage against the customer in audit resolution negotiations. We advise our clients to fight against such predatory tactics and to push back hard on all Oracle's arguments not grounded in the actual contract.
Oracle licensees must pay Oracle a licensing fee when they use the Oracle software. With regard to the processor metric, use is defined by the Oracle license as where the Oracle software is "installed and/or running." Despite this clear and unambiguous language, rather than running audit tools that can detect where Oracle software is installed and/or running in the VMware environment, Oracle's scripts instead grab information and count up servers in the entire VMware cluster. Again this ignores where the Oracle software is actually being used, instead focusing on where it might possibly be used at some speculative date in the future. This is how Oracle calculates its huge "shock number", which it then asserts as the compliance gap seeking to negotiate from there. However, with regard to processors, Oracle has been using the same definition of use since about 2000, well before the advent of widely accepted virtualization technology. And although it has amended its processor definition to include cores, Oracle never amended its processor definition to include speculative future use in a virtualized environment, instead sticking to its definition of use as where Oracle software is "installed and/or running."
A relatively recent lawsuit by health system provider Fairview Healthcare ("Fairview") filed in federal court in Minnesota accuses Quest Software of employing similar improper audit tactics. Fairview accuses Quest of using audit tools "intentionally designed for the bad faith purpose of over-estimating the extent of Fairview's (and potentially other licensees') deployment of licensed software, providing a claimed basis for Quest to make an inflated demand for payment of over-deployment fees contrary to the terms of the parties' agreements." Fairview also alleges in the Complaint that "Quest has become infamous in the software industry for its use of improper audit tactics to pressure its customers to pay inappropriate "over- deployment fees" or to purchase unnecessary additional software licenses and maintenance services-all to increase its revenue without providing any additional services or products."
The Quest license requires that the licensee pay a fee for the use of the Quest software. Fairview contends that the definition of enabled user account similarly anticipates that a license is required for accounts which "use" or are "managed by" the software. However, Fairview claims that the "audit report included any accounts which potentially could interact with the software, without regard to whether those accounts had actually used or interacted with the Active Roles software" resulting in grossly inflated numbers in Quest's "Reconciliation Summary." According to Fairview "under Quest's interpretation of the enabled user account definition, any account in a domain which might potentially be touched by the Active Roles software at some point in the future must be included for purposes of counting over-deployed licenses. This interpretation is illogical and unsupportable."
Our readers will see that both Oracle and Quest are ignoring the plain language of the contract and attempting to claim licensing fees for use that has not actually occurred. Such efforts by software publishers should be strongly resisted by licensees under audit, and licensees should explore whether they have their own claims for unfair trade practices or other causes of action when such predatory tactics are employed.
Fairview also has filed for declaratory relief concerning the identification of the actual governing contract and the interpretation of relevant provisions. We have also seen Quest claim that early licenses granting perpetual licenses were amended by click to agree agreements accompanying updates. Early Quest licenses provided for perpetual licenses and could not be amended unless by a writing signed by both parties. According to the Fairview Complaint the terms of the 2004 SLA explicitly state that the agreement, under which Fairview did purchase licenses, may not be, "modified or amended except by a writing executed by a duly authorized representative of each party" and that "no other act, document, usage or custom shall be deemed to amend or modify this Agreement." Despite this clear and unambiguous language, Fairview claims that Quest is contending that "when Quest made the most recent update of the Active Roles software available to Fairview in 2016, as it was required to do by virtue of Fairview's purchased licenses, Fairview agreed to the terms contained in the 2015 Software Transaction Agreement ("2015 STA"), a "click-to-accept license agreement" that accompanied the installation of that update (version 6.9) on Fairview's system."
Over the years Quest has been bought and sold multiple times. We have reviewed many of these licenses and almost every year Quest seems to have amended them to make the terms more favorable to Quest and less favorable to licensees without any additional consideration or true notice to the licensee of the material changes being made to the license. The changes included revisions to important clauses such as governing law and forum selection clauses. These material changes were included in click to accept agreements, associated with annual updates that had already been bought and paid for. We hope that Fairview prevails in its argument that such click to agree agreements executed by low level employees without proper notice of material changes, do not amend the agreements as they do not constitute "a writing executed by a duly authorized representative of both parties."
We wish Fairview well in its fight against Quest's predatory audit tactics. We will continue to monitor the case so check back for periodic updates. The case is Fairview Health Services, Inc. v. Quest Software Inc. and One Identity LLC, Case No. 0:20-cv-01326-SRN-LIB (District of Minnesota).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.