At last, exactly two years later, the long-awaited sequel to my hit, if overly censored, blog post: Five Shades Of Grey (How software buyers and license managers should be compliant without being submissive). The trigger is the SAP vs Diageo verdict, which generated a lot of hysterical blogging and tweeting with dire predictions for SAP customers. IMO most commentators have overlooked the crucial parts of the judgment and therefore significantly overstated the case’s negative implications for SAP customers. I believe the judgement has actually made this grey area slightly more black-and-white. My analysis, subject to the usual IANAL disclaimer, is that the real implications are:
- Access requires interaction between the person and the software. I proposed this test in 2013 in my report Let's Clear Up The "Indirect Access" Mess. Mrs. Justice O’Farrell appears to agree with me. Her key findings use this concept of interaction to distinguish between scenarios that involve access and those that don’t. For instance, she writes “The sales representatives do not access or use mySAP ERP when they retrieve data for the purpose of their calls or visits to outlets, such as product data.” Most of the complaints I hear from clients about unreasonable claims from SAP salespeople involve this latter type of access – to the data – not to the synchronous software integration that the judge deemed to require user licenses. Therefore the judgement IMO actually strengthens SAP customers’ defence against indirect access abuse.
- Unlicensed use is abuse, whether its direct or indirect. It doesn’t matter how many layers of middleware you put between the human and the server, it is still access to SAP if the user interface needs SAP to be available and connected in order to complete his task. I’ve seen many tweets saying “SAP license fees are due even for indirect users” – that’s not news. The court didn’t consider the question of whether or not the alleged users logged into SAP themselves, or used its UI because those details are irrelevant. You shouldn't need a high court judge to tell you that ou're not allowed to abuse someone’s intellectual property by merely sticking your own UI on top of it. The core of these so-called "indirect access" disputes is always whether or not they are "access”, not whether or not they are "indirect”.
- Compliance requires consent. Just like in the film referenced in my title, both parties should agree beforehand what type of access they will permit. Few developers understand complex licensing issues such as multiplexing, so they need to involve knowledgeable sourcing or license managers in integration design decisions. It is too late to renegotiate or redesign when a software provider finds you have breached your license agreement. If you negotiate proactively you should be able to find a mutually acceptable solution, with the walk-away threat that you’ll simply manually rekey the data, or even stop using SAP for that process.
I sympathize with SAP as it tries to solve this major customer experience problem, because I experienced it from the software provider side when I was at QAD. Third party multiplexing software was killing the company until I helped the company close that loophole. There are a few parts of Justice O’Farrell’s judgement that I would like her to reconsider or clarify, but on the whole it should not alarm sensible, well-advised customers. For instance, she explains why a customer self-service use case represents use of SAP: “Each stage of the order process requires the customer to initiate the transmission of a message from Connect to mySAP ERP and a corresponding response to be received from mySAP ERP.” Who could reasonably argue that that isn’t “using the software”?
However, being right here does not mean that SAP is right everywhere else it makes indirect access claims. It gives salespeople too much lassitude to interpret contracts how they want to. SAP should also do more to provide reasonable ways to license common scenarios. For instance, it is reasonable to ask customers to pay for indirect use via eCommerce sites that interact with SAP, but wrong to insist that the only ways to license that scenario are by buying standard user licenses for each customer, or by buying SAP hybris.
Bottom line: Clarifying what “use” and “access” mean in today’s technology environment is a major issue for SAP and its customers. It’s a complex area, so you need top quality expertise to help you analyze what this judgment means for you. If you’re worried about the cost of that advice, look at the cost you might face if you reject such help.