The following article, which was first published on December 6, 2018, was revised on December 5, 2019, to add key updates in the litigation between Oracle and Rimini Street.
Oracle’s nine-year legal battle with Rimini Street, a third-party provider of software support services, offers some important lessons for both industry players and the business customers they serve.
At the heart of the contentious battle has been whether Rimini Street has infringed Oracle’s copyrights in supporting its own customers, using what Oracle has called “an illegal business model.”
The legal proceedings also have brought to light the fact that Rimini Street’s discount services don’t include software security patches, a standard security practice Rimini Street founder and CEO Seth Ravin called “outdated” during his trial testimony.
The legal battle goes back to 2010, when Oracle filed suit against Rimini Street alleging software copyright violations. After a long journey through various courts, including a 2015 jury verdict in Oracle’s favor, the US District Court in Nevada issued a permanent injunction against Rimini Street in August 2018, while awarding Oracle $28.5 million in attorneys’ fees. To date, Oracle has received more than $90 million from Rimini Street via this litigation.
In addition, the US Supreme Court agreed to review a narrow legal issue in the case: whether the Copyright Act of 1976 allows an award of non-taxable costs (including expert-witness fees) to the prevailing party in a copyright infringement case.
Update: After the US Supreme Court ruled in favor of Rimini Street on a technical issue about which litigation costs an infringer can be ordered to pay under the Copyright Act, the Ninth Circuit Court of Appeals affirmed the permanent injunction and award of $28.5 million in attorneys’ fees against Rimini Street in August 2019.
“We are extremely gratified that the Ninth Circuit affirmed the permanent injunction and attorneys’ fees award,” said Dorian Daley, Oracle executive vice president and general counsel, “It is long past time for Rimini—a dishonest, serial infringer—to cease its unlawful conduct, to respect Oracle’s intellectual property rights, and to abide by the rulings in this case.”
Who Is Rimini Street?
Before digging into the details of the legal battle, let’s provide a bit of background. Rimini Street Inc., which provides support services not only for Oracle applications, but also for SAP, Microsoft, and other enterprise applications, was founded by Ravin in 2005. Based in Las Vegas, Rimini Street claims to have more than 1,600 enterprise and midsize customers in a range of industries.
Before starting Rimini Street, Ravin developed a similar business model at TomorrowNow, which Oracle rival SAP acquired in 2005. SAP shut down the unit in 2008 before a trial that ended with a $1.3 billion verdict against TomorrowNow and SAP for infringing Oracle’s copyrights. That amount was later reduced to $359 million. During the course of that trial, SAP CEO Bill McDermott apologized to Oracle for the TomorrowNow unit’s actions.
TomorrowNow also pleaded guilty to federal criminal charges of computer fraud and copyright infringement, paying a $20 million fine.
The Beginnings of a Legal Dispute
Believing that, like TomorrowNow, Rimini Street was using one customer’s software to support Oracle software used by other customers, Oracle filed suit against Rimini Street in January 2010, alleging copyright infringement.
Rimini Street filed a response to Oracle’s complaint, stating that its customer environments did not infringe Oracle’s copyrights, though Oracle discovered that Rimini Street had an unlicensed “Software Library,” which Rimini destroyed. Oracle filed a motion for sanctions, which the court granted in March 2013 for Rimini’s “spoliation of evidence” (destroying evidence).
Oracle subsequently filed a motion for summary judgment that was granted in February 2014. In Oracle’s motion, the company alleged that Rimini Street had infringed Oracle’s copyrights on its JD Edwards, PeopleSoft, and Siebel software. In that ruling, the court noted that Oracle’s PeopleSoft licenses specifically restrict use of the software to the customer’s “facility.” Since Rimini Street was using the software at its own facilities, it was infringing Oracle’s copyrights. The court also found that Rimini Street had used one customer’s software to deliver PeopleSoft software fixes and updates to other customers, which also constituted copyright infringement.
As for the JD Edwards and Siebel software, Rimini Street submitted sworn testimony at summary judgment asserting that it was storing that software on its systems only for archival purposes. At trial, however, Ravin admitted that Rimini Street used this software to support customers, not solely for archival purposes.
Oracle also moved for summary judgment on two additional matters: Rimini Street’s countersuit alleging defamation because Oracle had accused the company of “massive theft,” and Oracle’s allegation that Rimini Street had unlicensed copies of Oracle’s Database on its systems. Oracle won on both points, with the trial court finding that Rimini Street infringed Oracle Database copyrights and, as such, had indeed engaged in “massive theft” of Oracle intellectual property (for the purposes of copyright law). The trial followed.
The Trial: Oracle v. Rimini Street
At the end of trial, which began in September 2015 and concluded in October 2015, the jury awarded Oracle $35.6 million for Rimini Street’s infringement of 93 Oracle copyrights. It also awarded $14.4 million for computer fraud, since Rimini Street was deemed to have accessed Oracle computers without authorization when it automated software downloads.
In calculating the final award, the district court determined that Oracle was also entitled to attorneys’ fees, costs, and interest, yielding a final judgment in excess of $124 million. The trial court also issued a permanent injunction against Rimini Street, prohibiting the company from further illegal acts of copyright infringement and computer fraud.
On appeal, the court of appeals agreed that Rimini Street had infringed 93 Oracle copyrights, but it disagreed with the computer fraud verdict. The appellate court also vacated the attorneys’ fee award of $28.5 million and the permanent injunction against Rimini Street, since the district court’s ruling had been based on both copyright infringement and computer fraud.
The appellate court sent the case back to the district court to determine whether Oracle was entitled to attorneys’ fees and the injunction based on copyright infringement alone. In August 2018, the district court, addressing only copyright issues, found in Oracle’s favor for the second time, awarding $28.5 million in attorneys’ fees and the permanent injunction against Rimini Street. Rimini Street is appealing both decisions.
The injunction bars Rimini from reproducing, preparing derivative works from, or distributing PeopleSoft, JD Edwards, or Siebel software and documentation unless it is working with a customer that has a valid, written Oracle license agreement; unless Rimini Street has documentation authorizing its use of the software for that customer; and unless Rimini Street’s conduct is consistent with the remaining terms of the injunction.
Update: In August 2019, the Ninth Circuit Court of Appeals ruled that the permanent injunction against Rimini Street for infringing Oracle’s intellectual property rights would stand. The Ninth Circuit’s ruling also affirmed the $28.5 million award for attorneys’ fees, which Rimini Street had already paid to Oracle.
Following the ruling, Oracle’s senior managing counsel, Jim Maroulis, said: “Rather than showing contrition, Rimini went out appealing that the injunction isn’t lawful.”
According to the American Bar Association, most courts consider four factors when deciding whether to grant an injunction, which the district court applied in this case:
- Whether the requesting party would suffer irreparable harm if an injunction is not granted
- Whether the party requesting the injunction is likely to succeed on the merits of the case
- The effect of issuing or not issuing an injunction on both parties
- The injunction’s possible effect on the public interest
Meanwhile, a second lawsuit, filed by Rimini Street in 2014, is attempting to justify its modified use of Oracle software, in part on the basis that the software is hosted on third-party servers rather than Rimini Street’s servers.
However, Oracle contends that Rimini’s “new” business model still violates Oracle’s copyrights, because third-party servers are not customer-owned, as Oracle claims is required by the applicable Oracle license terms, and because Rimini Street still uses software associated with one customer to support multiple customers. Oracle also contends that Rimini Street’s processes infringe Oracle’s copyrights in other ways, and that Rimini is liable for violating other laws as well.
Following a lengthy and complex discovery process, Oracle filed motions for summary judgment that essentially seek to end further copyright infringement and cross-use. Rimini Street also has filed summary judgment motions, seeking rulings that some of its practices are lawful and that Oracle is barred from pursuing certain claims.
Third-Party Support: The Takeaways
Oracle v. Rimini Street underscores why software vendors must be vigilant about the uses of their product licenses and related documentation. Even with such vigilance, it is still possible for third parties to build a competing software support business without the appropriate licenses, unlawfully causing the creator of the software financial harm.
Another important consideration is the impact on end customers. Rimini Street can offer low-cost support services because it didn’t incur the overhead of creating the enterprise applications it services, and it’s not providing the security patches and updates Oracle customers receive as part of Oracle-brand maintenance agreements.
Rimini Street CEO Ravin argued in court that security patching is “an outdated model,” saying customers are “responsible for their own firewalls and their own security protections.” That guidance runs counter to the warnings of security experts—and even the US government, which has urged companies to swiftly patch known software vulnerabilities to protect themselves from ransomware and other forms of cyberattacks.
It also runs counter to Oracle’s standard practice. “The only reliable method to fix a software vulnerability is at the source with a patch,” says John Heimann, Oracle vice president of security program management. “Oracle provides security fixes every quarter via regularly scheduled critical patch updates—and in fact has never missed a delivery date on a CPU. Only Oracle can provide patches that address the root cause of Oracle software vulnerabilities.”
Odds are increasingly great, Heimann says, that if companies don’t patch regularly, someone may compromise their business logic, bring their critical systems down, and/or steal or corrupt their critical data. “Clearly, this is not something you want to explain to the board,” he says.
However, some companies want to reduce their support costs by freezing their software in time even though the entire application environment—including the underlying operating system, database, business context, and so on—is constantly changing.
“The company that originally created the software is responsible for understanding what can impact the reliability and security of the software” says Juan Jones, Oracle senior vice president of global customer support. “Today’s companies are making critical decisions based on software. If the software behaves in an unexpected way because some third party has altered it, it can have severe ramifications.”