Saturday, March 24, 2007

SAP subject to criminal charges?

John Pallatto brings up some interesting points in an opinion piece for eWeek on Oracle's lawsuit against SAP alleging theft of Oracle's intellectual property (IP). If Oracle is successful in its civil lawsuit, it probably opens up SAP--and individuals within SAP--to criminal prosecution.

He writes,
The next question that comes to mind is whether any of this activity, if it occurred, was done with the knowledge and approval of top SAP executives, or whether it was some mindless rogue operation carried out at SAP's TomorrowNow subsidiary in Texas.

If Oracle can prove its civil charges that SAP employees systematically looted intellectual property from the Web site, the next step could be state and federal investigations that could result in indictments.

Unless SAP can come up with some plausible explanation as to why people inside its organization were apparently downloading "vast libraries" of Oracle products, a lot of SAP jobs, reputations and cash could go down the drain. The very existence of the company would conceivably be threatened by this brewing scandal.
I did a quick check for cases of criminal IP theft and found this news site on intellectual property cases, which is maintained by the U.S. Department of Justice (DoJ). In addition to cases related to counterfeiting of branded products and software piracy, there are also examples such as these:
These are all criminal cases, which means the defendents could potentially face fines and jail time. There are many, many more examples on the DoJ website. (I should emphasize that the last two cases mentioned above are only indictments, and that the charges have not yet been proven in court.)

So, Oracle's civil complaint against SAP is serious, and it would appear it could lead to criminal charges.

Pallato also brings up an interesting point regarding Oracle's investigative strategy. He writes,
It's clear that rather than block the expired and bogus customer accounts from accessing the Web sites, Oracle chose to quietly monitor and trace the activity to investigate who was doing it and why. The results are this lawsuit.
It appears that Oracle has known about SAP's alleged downloading of Oracle materials for some time. But instead of locking the door, it continued to monitor these activities, building its case. If true, SAP has handed Oracle a potent weapon in the form of this lawsuit.

I've also been wondering about the apparent lack of security in Oracle's customer support website. Apparently, anyone with a customer ID could download anything, even materials for which the customer was not licensed--even internal documents that no customer was authorized to receive. If Oracle took such little care to protect its intellectual property, could that be a point that SAP could use in its defense?

Yesterday, SAP responded to Oracle's complaint to say that it would fight the lawsuit. "SAP will not comment other than to make it clear to our customers, prospects, investors, employees and partners that SAP will aggressively defend against the claims made by Oracle in the lawsuit," SAP's Steve Bauer said in a statement.

The discovery phase of this litigation is going to be interesting, potentially even more interesting than the DoJ's failed attempt to block Oracle's takeover of PeopleSoft.

Related posts
Oracle sues SAP and its TomorrowNow unit

No comments: