On 22 March 2007, Oracle filed a lawsuit in the U.S. Federal District Court in the Northern District of California against SAP. Oracle alleges that SAP's TomorrowNow subsidiary used IDs of Oracle customers to illegally download more than 10,000 code and document modules for PeopleSoft and JD Edwards (JDE) applications between September 2006 and January 2007. Oracle has asked the court for unspecified monetary damages and injunctive relief.

Oracle has placed a copy of the lawsuit on its Web site at http://www.oracle.com/sapsuit/complaint.pdf .

This lawsuit claims that TomorrowNow allegedly misappropriated intellectual property (IP) in the form of proprietary product and support information from Oracle, through its activities in providing third-party support for Oracle customers. The lawsuit accuses SAP of using this IP to create an unfair competitive position in providing third-party support, and of using the IP in SAP's own application software products, to Oracle's detriment. While Gartner cannot comment on the merits of the lawsuit, and we consider it too early in the legal process to speculate on the potential outcomes of what it is likely to be a lengthy legal proceeding, we suggest that enterprises take time now to consider implications to any third-party support arrangements, irrespective of vendor or this lawsuit.

Since Oracle's acquisition of PeopleSoft in January 2005, Gartner has talked to clients who seek to run their existing PeopleSoft and JDE applications indefinitely, and who have expressed interest in third-party support vendors like TomorrowNow. PeopleSoft, JDE and some (not all) Siebel Systems contracts do include rights to source code for some functionality within the licensed software. Licensed customers and their systems integrators typically have accessed this source code for customization, implementation and ongoing support. Historically, software vendors have not challenged systems integrators providing support services on the customer's behalf during implementation or while in production, as long as the customer also continued to have an active maintenance agreement with the original software vendor. In this situation, TomorrowNow has replaced Oracle's maintenance and support entirely, and Oracle claims that such support is being facilitated by illegally accessing Oracle's IP, rather than by working directly with the customer's own copies of the Oracle source code. Specifically, Oracle is alleging that downloads of information were in excess of what the customer had licensed (for example, taking information for products the customer did not own) and that documents being obtained legitimately are being resold as support to other customers, which is illegal.

Still to be determined is whether TomorrowNow was acting on the customers' behalf and whether the customers' support agreement allowed TomorrowNow to act on the customer's behalf. More broadly, however, hundreds of third-party support companies exist today worldwide to serve as proxies for the license owner. Companies like TomorrowNow deliver support not only within U.S. jurisdiction, but on a global scale. Gartner believes that, in general, this approach to technical support will not likely change as a result of Oracle's suit against SAP. However, enterprises must take care to protect themselves contractually from potential misdeeds of the third-party support provider.

TomorrowNow customers:

• Evaluate your contracts with Oracle and TomorrowNow to ensure there are no conflicts regarding third-party support.
• Monitor the legal action's progress, as a ruling in Oracle's favor could result in disallowing third-party use of its products when providing support on the client's behalf. This would have a direct impact on the ability of TomorrowNow or any third party to provide technical support services.
• Ask TomorrowNow to provide written confirmation that it has not used your company log-on IDs to download software or support materials that your company is not licensed to use.

Oracle customers and customers of other software application products who are using or seeking alternatives to vendor-provided support:

• Evaluate existing application maintenance contracts to confirm that the contract language allows third parties to act on your behalf in accessing IP of the independent software vendor.
• If you are contemplating letting your application maintenance agreement with the vendor lapse, review the terms of your contract to confirm what rights you have to the software source code and compilers, and what limitations, if any, have been placed on using a third party for support services.
• Ensure that third-party support vendor contracts contain language providing indemnification from the third party regarding potential misuse of IP by the third party.
• If a third-party contract is already in place, monitor usage of customer service accounts to assure compliance with contract terms, especially if the third party is acting on your behalf, to ensure that your employees are accessing only those files, patches, fixes and other IP that you are entitled to and obtained prior to cancelling your application vendor's maintenance agreement. 

Additional research contribution and review: Jane Disbrow

• "Six Risk Factors to Consider Before Terminating Business Application Maintenance” — Users should consider six risk areas when considering going off the vendor's support program, even for apparently stable applications. By Pat Phelan
• "Switching to a Third Party for Business Application Technical Support Services” — Using a third party for technical support in lieu of the vendor's support program has its pros and cons beyond initial cost savings. By Pat Phelan

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)