Oracle Sues SAP for Spying

Oracle has filed suit against SAP in a San Francisco federal court for “corporate theft on a grand scale.”

The complaint alleges that SAP employees have repeatedly stolen copyrighted software and other confidential information. Oracle said in its filing that SAP staffers at a Texas subsidiary posed as Oracle customers to log onto the company’s customer support Web site.

From September 2006 to January 2007, SAP downloaded more than 10,000 Oracle software and technical support documents, according to the suit.

The software and competitive information was then used as part of SAP’s Safe Passage program, a migration package SAP introduced to lure PeopleSoft and Siebel customers that were unsettled by Oracle’s acquisition of those vendors.

SAP did not have the necessary resources in-house to support Oracle’s products, according to the suit, which was one of the reasons behind the illicit raids on its customer Web site.

Oracle is seeking an injunction against SAP. It is also asking for unspecified general and punitive damages.

“SAP will not comment other than to make it clear to our customers, prospects, investors, employees and partners that SAP will aggressively defend against the claims made by Oracle in the lawsuit,” Steve Bauer, vice president for global communications, said in a statement provided to CRM Buyer. “SAP will remain focused on delivering products and services — including those from TomorrowNow — that ensure success for our customers.”

The Leader

The allegations, if true, are puzzling. The top vendors in the ERP (enterprise resource planning) space have traditionally played hardball with each other — and, on occasion, with their own customers.

SAP is — by far — the leader in the ERP space. Even considering Oracle’s US$20 billion acquisition spree of the last several years, it is still in the No. 2 spot, according to several industry analysts.

SAP led the space with a 42 percent share of the industry’s revenues, despite Oracle’s acquisition of PeopleSoft, according to an AMR Research report released in Q4 2006.

However, the race between the two behemoth companies has tightened considerably in recent years, partly due to Oracle’s acquisition strategy and its entrance into the applications arena.

While SAP grew 12 percent last year, Oracle grew by 110 percent, AMR Research found.

The risks to SAP of public disclosure are enormous.

“If everything that Oracle says in its filing about SAP is true, then SAP’s behavior is fairly extraordinary,” David Leit, a member of Lowenstein & Sandler, told CRM Buyer. “I have never seen anything like it.”

Among the laws SAP may have broken, he said — at a minimum — are access agreements and trespass to chattel, a legal term that applies to downloading information from a Web site without permission.

It is likely that Oracle will amend the suit to include copyright violations for software infringement, Leit added, though he noted that software is updated so frequently that it can be difficult for a firm to maintain a current copyright at all times.

Is It True?

There certainly is the possibility that SAP is an innocent victim in this debacle.

“When I read the complaint, my first thought was, ‘Why would SAP do this?’ as it is the market leader,” said Scott Braunzell, cybersecurity practice leader and senior managing director of Risk Control Strategies, a corporate security consulting firm.

“My second thought was, ‘If they did do it, they certainly wouldn’t do it from their own servers within their own networks,'” he told CRM Buyer.

It is suspicious enough to generate plenty of speculation.

“I don’t want to point fingers at anybody,” Braunzell continued. “A lot of discovery from a pure forensics standpoint will be presented at some point, and we will know a lot more.”