Oracle – which recently won $1.3 billion in court damages for the theft of its trade secrets by an SAP subsidiary – faces a $100 million lawsuit alleging it engaged in similar behavior.
The complaint (PDF), filed in late December by Texas software company 2FA Technology, claims Oracle executives turned a blind eye when security company Passlogix stole source code for strong authentication and credential management software. Oracle went on to acquire Passlogix in November for $42 million and continues to sell rebranded Passlogix software containing the misappropriated code, the lawsuit alleges.
“Oracle's actions were done with the deliberate intent to injure 2FA's business, impede 2FA's recovery of its stolen property, and improve its own commercial advantage,” the complaint states. “By reason of the foregoing, 2FA has been damaged as a result of Oracle's illegal actions in amounts that will be determined at trial, but believed to be more than $10,000,000, plus interest.”
Including punitive damages, 2FA is seeking more than $100 million.
According to the 31-page complaint, Passlogix stole thousands of pages of trade secrets and hundreds of thousands of lines of source code after licensing 2FA's technology for credential management systems. Passlogix eventually used the code in its v-GO UAM product line, “in direct violation of the license agreement's non-compete and exclusive source provisions.” Oracle in turn folded it into its Oracle Enterprise Single Sign-on offerings.
According to 2FA, the license agreement expressly barred Passlogix from marketing its own credential management system. 2FA made the technology available to Passlogix under tightly restricted conditions, including provisions that allowed only programmers to see the code and secured servers that logged each person who accessed it. Despite the prohibitions, Passlogix Product Manager Gregory Simeone in July 2006 sent an email to many employees who had no required to access the source code. The material contained almost 100,000 pages worth of intellectual property and “hundreds of thousands of lines of source code.”
In April 2007, Passlogix presented its own credential management solution to a third-party prospect. In March of last year, the company released v-GO UAM and granted more than 10 million free licenses to a related product. In October, when Oracle announced its intention to acquire Passlogix, it cited customers' need to “provide stronger authentication mechanisms while reducing the number of passwords required." On the day of the announcement, Oracle's market capitalization spiked by more than $1 billion.
2FA's allegations in many ways resemble a case Oracle brought against SAP subsidiary TomorrowNow three years ago. In November, around the same time it was acquiring Passlogix, Oracle won a $1.3 billion jury verdict in the case and since pursued interest on that amount. ®