I sat down this morning with a cup of coffee or four and read through the 43 pages of Oracle’s lawsuit against SAP. It makes for fascinating reading, but I was disappointed to discover that the alleged skullduggery doesn’t quite live up to the hype of the complaint’s memorable first sentence: “This case is about corporate theft on a grand scale, committed by the largest German software company – a conglomerate known as SAP.” “Grand scale” feels like an overstatement, and despite the hint of corporate jingoism in that opening sentence, Oracle doesn’t present any hard evidence that the scheme went beyond one SAP subsidiary in the very American state of Texas.

The story begins in January 2005, when Oracle completed its acquisition of PeopleSoft, a major supplier of enterprise resource planning (ERP) applications and a big SAP competitor. (PeopleSoft itself had recently acquired another large ERP supplier, J.D. Edwards.) That same month, and in response to the Oracle acquisition, SAP bought TomorrowNow, a small Texas firm set up by former PeopleSoft employees that was in the business of providing support to companies using PeopleSoft programs. Buying TomorrowNow (subsequently renamed SAP TN) allowed SAP to get its foot in the door of some PeopleSoft customers, many of whom were unhappy with PeopleSoft’s merger into Oracle. In addition to getting support revenues from PeopleSoft clients, SAP clearly hoped that it would be able to convince some of them to switch to SAP applications – through what it called its “Safe Passage” program.

TomorrowNow’s central pitch was that it could dramatically reduce the ongoing support and maintenance fees that corporations pay to the vendors of complex ERP applications to keep the systems running. Oracle alleges that the reason TomorrowNow was able to keep its fees so low was that its employees broke into PeopleSoft’s customer support website and downloaded the software and documents required to maintain, troubleshoot, and update PeopleSoft software. In other words, according to the suit, instead of developing its own intellectual property, SAP TN simply stole PeopleSoft’s (and hence Oracle’s). As the suit charges:

It was not clear how SAP TN could offer, as it did on its website and its other materials, “customized ongoing tax and regulatory updates,” “fixes for serious issues,” “full upgrade script support,” and, most remarkably, “30-minute response time, 24x7x365” on software programs for which it had no intellectual property rights. To compound the puzzle, SAP continued to offer this comprehensive support to hundreds of customers at the “cut rate” of 50 cents on the dollar, and purported to add full support for an entirely different product line – Siebel [which Oracle acquired later in 2005] – with a wave of its hand. The economics, and the logic, simply did not add up.

Oracle has now solved this puzzle. To stave off the mounting competitive threat from Oracle, SAP unlawfully accessed and copied Oracle’s Software and Support Materials.

In late 2006, Oracle says it noticed anomalies in certain customers’ use of the PeopleSoft support site. In particular, some customers were clicking through the site with “lightning speed” – indicating that an automated program was being used to rapidly scan and copy the site’s contents. Oracle launched an investigation and soon, it says, “discovered a pattern”:

Frequently, in the month before a customer’s Oracle support expired, a user purporting to be that customer, employing the customer’s log-in credentials, would access Oracle’s system and download large quantities of Software and Support Materials, including dozens, hundreds, or thousands of products beyond the scope of the specific customer’s licensed products and permitted access. Some of these apparent customer users even downloaded materials after their contractual support rights had expired.

Oracle says it traced the suspicious activity to an IP address at TomorrowNow’s headquarters in Bryan, Texas:

Although it is now clear that the customers initially identified by Oracle as engaged in the illegal downloads are SAP TN customers, those customers do not directly appear to have engaged in the download activity; rather, the unlawful download activity observed by Oracle and described here originates directly from SAP’s computer networks. Oracle’s support servers have even received hits from URL addresses in the course of these unlawful downloads with SAP TN directly in the name … The wholesale nature of this unlawful access and downloading was extreme. SAP TN appears to have downloaded virtually every file, in every library that it could find.

Oracle charges that “SAP TN conducted these high-tech raids as [parent company] SAP AG’s agent and instrumentality and as the cornerstone strategy of SAP AG’s highly-publicized Safe Passage program.” But the suit supplies, so far as I could see, no evidence that anyone beyond the TomorrowNow headquarters authorized or knew of the alleged “raids.” Oracle does say it has “concerns that SAP may have enhanced or improved its own software applications offerings using information gleaned from Oracle’s Software and Support Materials,” but, again, the suit itself offers no evidence to back up that charge.

Clearly, if SAP TN did what Oracle claims, it at the very least violated licenses and copyrights (though it’s worth remembering that the materials were contained in a public site open to thousands of Oracle customers). If it turns out that the scheme was a rogue operation carried out by a few TomorrowNow employees, it will cost SAP considerable embarrassment and, likely, some cash. If it turns out that it was part of a larger conspiracy of corporate espionage, and resulted in Oracle intellectual property being incorporated into SAP software, that would be a much, much larger problem for SAP. But, as I noted, we don’t have any clear evidence of the latter scenario.

The suit does raise some other issues. Not least is the apparent ineptitude displayed by both companies. If, as Oracle claims, the copying of the materials on its support site caused it “irreparable injury,” one has to wonder why it was so lackadaisical in protecting the site and the materials. By Oracle’s own admission in the suit, gaining access to all the code and documents on the site seems to have been almost farcically easy:

In many instances, including the ones described above, SAP employees used the log-in IDs of multiple customers, combined with phony user log-in information, to gain access to Oracle’s system under false pretexts … These “customer users” supplied user information (such as user name, email address, and phone number) that did not match the customer at all. In some cases, this user information did not match anything: it was fake. For example, some users logged in with the user names of “xx” “ss” “User” and “NULL.” Others used phony email addresses like “test@testyomama.com” and fake phone numbers such as “7777777777” and “123 456 7897.”

You’d think a big, sophisticated software company like Oracle might have been able to write some code that would sniff out “7777777777” as a suspicious phone number or “test@testyomama.com” as a fake email address. Weak security doesn’t exonerate theft, of course, but it does seem to undercut Oracle’s claims about the value of the contents of the site.

As for the alleged SAP TN trespassers – jeez, guys, couldn’t you have at least tried to cover your IP tracks a little bit? They were so blasé about getting into and copying the site, that you might almost think that such shenanigans are common in the enterprise software business. (One imagines that, as SAP prepares a response to the suit, it is rushing to comb through its own support site logs for any evidence of activity by Oracle employees.)

Finally, the vast quantity of patches, updates, and explanatory documents that were taken from the Oracle support site gives eloquent if unintended testimony to the enormous complexity of traditional enterprise software – and goes a long way toward explaining why so many companies have been eager to explore alternatives like open-source programs and the delivery of applications as services over the net. Maybe some day software support sites will be simpler affairs representing much less economic value – and hence providing a much less tempting target for pilfering.

UPDATE: Michael Hickins, of Internet News, examines some of the legal ramifications of the suit:

Eric Goldman, director of the High Tech Law Institute at the Santa Clara University School of Law, said that if allegations in the complaint are true, “then SAP is in a world of trouble.” According to Goldman, by law, each instance of copyright infringement costs the guilty party $150,000; Oracle has claimed that there are 10,000 such instances, but even if it can only prove 500 instances, that still amounts to $75 million. And that’s only the beginning. If found guilty, SAP would not only have to disgorge all of its “ill-gotten gains,” but reimburse Oracle for its losses. Given the extent of these claims, if true, the U.S. Department of Justice could step in as well and begin criminal proceedings.

I’m not a lawyer, nor do I play one on the Internet, so I have no way to evaluate Goldman’s assessment, but it does suggest that the suit’s stakes may be high.

In my commentary on the latest Financial Times Digital Business podcast, I look at Chris Anderson’s charge that chief information officers are turning into “dead weight.” In case you missed it, Anderson had a provocative post on his blog late last month titled “Who Needs a CIO?” He’d given a speech at a CIO Magazine conference and came away from the event disillusioned:

You might have expected, as I had, that most Chief Information Officers wanted to know about the latest trends in technology so they could keep ahead of the curve. Nothing of the sort. CIOs, it turns out, are mostly business people who have been given the thankless job of keeping the lights on, IT wise. And the best way to ensure that they stay on is to change as little as possible. That puts many CIOs in the position of not being the technology innovator in their company, but rather the dead weight keeping the real technology innovators – employees who want to use the tools increasingly available on the wide-open Web to help them do their jobs better – from taking matters into their own hands.

Anderson continued:

… many CIOs are now just one step above Building Maintenance. They have the unpleasant job of mopping up data spills when they happen, along with enforcing draconian data retention policies sent down from the legal department. They respond to trouble tickets and disable user permissions. They practice saying “No”, not “What if…”

Christopher Koch, the executive editor of CIO Magazine, took umbrage at Anderson’s missile-like missive. On his own blog, he wrote:

Wow, did Chris Anderson, editor of Wired magazine, get some bad shrimp at the buffet when he spoke at our CIO conference a few months ago? [Anderson’s] premise for this post – that CIOs are business people exiled to the wasteland of IT – is completely without basis. Of the more than 500 CIOs we survey every year for our State of the CIO Survey, 80 percent have a technology background, not a business background – and that number has remained consistent since we started doing the survey in 2002. If there is a problem for CIOs these days, it is that their technology background gives business people the perception that CIOs are incapable of coming up with ways that IT can benefit the business … I would also argue that part of IT’s resistance to Web 2.0 can be traced to the fact that it isn’t really Web 2.0 at all. It’s Web 1.1. There are no FUNDAMENTALLY new ways of connecting people or exchanging value here, which makes a lot of it seem redundant to a CIO charged with maintaining application integrity, security and network performance.

There are a couple of different skirmishes going on here – over the identity of CIOs as well as over the value of new Web technologies – but, as I note in the FT commentary (pardon the self-quote), “what’s most interesting is that, once you peel back their rhetorical differences, you find that [Anderson and Koch] are largely in agreement. They both believe that most CIOs serve mainly a control function rather than one of innovation.” That’s a big change from the prevailing view about the direction of the CIO job at the dawn of this decade, when it was commonly assumed that the IT department would become the locus of not just IT innovation but business innovation in general.

But is “keeping the lights on” really so bad? One actual CIO, in a comment on Koch’s post, rose to the defense of the control role:

Keeping the lights on is important. Every morning, 1,500 people log in to our network and they expect their apps to work. Making sure their data is protected and that they have access to it 99.999% of the time is mission-critical to us … Our job is to find ways to use technology to advance the goals of the enterprise, not to find excuses to implement things because they’re new, cool, or will look good on our resumes.

It’s a fair point – running a tight IT ship is no easy accomplishment, particularly in a large organization – but I have no doubt that it’s not the last word in the seemingly endless debate about the role of the CIO. Of all “C-level” positions, the CIO post remains the least well defined and the most prone to identity crises. That’s probably a reflection of a deeper tension – the tension between the myth of business IT and the somewhat more pedestrian reality.

Wow. The Oracle-SAP battle just turned into a full-scale war. Reuters reports that Oracle today filed a suit against SAP accusing it

of gaining repeated and unauthorized access to [Oracle’s] password-protected customer support Web site. This allowed SAP to copy thousands of Oracle software products and other confidential materials onto its own servers to compile an illegal library of copyrighted software code, the lawsuit charged. “This case is about corporate theft on a grand scale …,” said the lawsuit, filed in United States District Court in San Francisco.

Here’s the full text of the 43-page lawsuit, which in addition to laying out the allegations in detail – Oracle claims SAP used the allegedly stolen code and documents to enable its TomorrowNow subsidiary to offer “cut rate support services” to users of Oracle applications as a means of getting them to shift over to SAP applications – provides an extensive discussion of the fierce competition between Oracle and SAP (from Oracle’s point of view, of course). Oracle is asking for a jury trial.

It will, to say the least, be very interesting to see SAP’s response.

Larry Dignan has more.

The “net neutrality” debate is a complicated one (witness Google’s recent twists and turns). Take the very important issue of competition. On the surface, it would seem that those in favor of making net neutrality the law of the land are fighting the good pro-competition fight. By preventing telcos, cable operators, and other pipe owners from giving favorable treatment to certain forms of data – allowing, say, video from TV studios to flow faster than video from amateurs – a net-neutrality law would keep the playing field level for the little guys.

In theory, that’s true. In reality, it’s a little more complicated.

Net neutrality exists in the abstract, in the realm of protocol. Because the content of any packet of data is invisible to the pipe carrying it, by protocological fiat, every packet is treated the same. If that was all there was to it – if theory and reality were one – then pro-neutrality would mean pro-competition. But it’s not all there is to it. In addition to the abstract realm of protocol, there’s the very real – very physical – realm of infrastructure. Regardless of protocol, superior infrastructure provides superior quality of service – ie, faster, more reliable transmission of data. To put it a different way, a company can buy a competitive advantage by buying (or renting) better infrastructure. So, for instance, if I have the money to contract with a caching company like Akamai to speed the delivery of my content, then I have an advantage over the saps who can’t afford such services.

As Akamai itself puts it: “Akamai’s technology … has transformed the chaos of the Internet into a predictable, scalable, and secure platform for business and entertainment. The Akamai EdgePlatform comprises 20,000 servers deployed in 71 countries that continually monitor the Internet – traffic, trouble spots and overall conditions. We use that information to intelligently optimize routes and replicate content for faster, more reliable delivery.” No wonder so many companies use services like Akamai’s – who wants to be stuck with all the little guys in the “chaos”?

Protocol is neutral. Infrastructure isn’t.

If net neutrality becomes law, it would prevent big companies from locking in an advantage at the protocological level – giving certain types of data privileged status – but it would allow big companies to lock in an advantage at the infrastructural level. And who has the best infrastructure? Well, Google, of course. Through billions of dollars in capital investments, it has created a kind of shadow internet for the express purpose of providing its content and services with an advantage in transmission speed and reliability. That’s great, because it means we all get our search results that much quicker. If the net were truly neutral, truly agnostic about what it carried, we’d spend a lot more time twiddling our thumbs.

But here’s the downside. As Google shifts into content and services businesses, that very expensive and very sophisticated infrastructure turns into a big entry barrier for would-be competitors. Think of the software-as-a-service (SaaS) market, for instance. For SaaS providers looking to serve businesses, the speed and reliability with which their applications run through the browser window are absolutely crucial to success. If I’m a small startup looking to compete against a Google (or a Microsoft or any other large company able to invest many hundreds of millions of dollars into its network), I start out at a big disadvantage at the infrastructural level. There’s no way in hell I can afford to build the kind of infrastructure that the big guys have. But perhaps I could, at a far lower cost, contract with the pipe owners to give my service privileged status. In this scenario, dismantling “net neutrality” (as commonly defined) could actually be pro-competitive by helping to counter the infrastructural advantages held by large companies. Embedding “net neutrality” into law would, by contrast, strengthen infrastructural advantages, creating ever larger barriers to entry over the long run.

I’m not trying to argue that protocological neutrality is a bad thing, and I’m certainly not suggesting that pipe owners should be trusted to promote competition. I’m just pointing out that it’s a dicey issue. Over the long haul, which would turn out to be more anti-competitive: a Net rendered non-neutral by protocol, or a Net rendered non-neutral by infrastructure? I don’t know. It’s a very good question to debate. But let the debate begin with an honest admission: The Internet is not neutral and never will be.

As for those who would look to politicians and lobbysists to maintain the net in its putatively Edenic state: Be careful what you wish for.

Some hard data is coming out this week on the adoption of Web 2.0 tools by companies. Yesterday, Forrester released some results from a December 2006 survey of 119 CIOs at mid-size and larger companies. It indicated that Web 2.0 is being broadly and rapidly brought into enterprises. Fully 89% of the CIOs said they had adopted at least one of six prominent Web 2.0 tools – blogs, wikis, podcasts, RSS, social networking, and content tagging – and a remarkable 35% said they were already using all six of the tools. Although Forrester didn’t break out adoption rates by tool, it did say that CIOs saw relatively high business value in RSS, wikis, and tagging and relatively low value in social networking and blogging.

Tomorrow, McKinsey will release the results of a broader survey of Web 2.0 adoption, and the results are quite different. In January 2007, McKinsey surveyed some 2,800 executives – not just CIOs – from around the world. It found strong interest in many Web 2.0 technologies but much less widespread adoption. McKinsey also looked at six tools. While it didn’t include tagging, it did include mashups; the other five were the same. It found that social networking was actually the most popular tool, with 19% of companies having invested in it, followed by podcasts (17%), blogs (16%), RSS (14%), wikis (13%), and mashups (4%). When you add in companies planning to invest in the tools, the percentages are as follows: social networking (37%), RSS (35%), podcasts (35%), wikis (33%), blogs (32%), and mashups (21%).

North American companies haven’t embraced Web 2.0 appreciably faster than companies in other countries, according to McKinsey. Although North American firms have been slightly more likely to invest in blogs and RSS, for instance, they’ve been slightly less likely to invest in social networks and wikis than their counterparts in some other regions. Perhaps the most surprising finding coming out of the McKinsey survey was that American companies are not poised to be the leaders in embracing Web 2.0 in coming years. If anything, they’re looking like laggards. Leading the way are Indian firms, 80% of which plan to increase their investments in Web 2.0 over the next three years, compared with 69% of Asia-Pacific firms, 65% of European firms, 64% of Chinese firms, 64% of North American firms, and 62% of Latin American firms.

In another sign of what the future holds for Web 2.0 in business, the Forrester survey found a clear preference among CIOs for buying a full suite of Web 2.0 tools from a large, established vendor. 74% of CIOs said they’d be more interested in investing in Web 2.0 if all the tools were offered as a suite, and 71% said they’d prefer the tools to be “offered by a major incumbent vendor like Microsoft or IBM [rather than] smaller specialist firms like Socialtext, NewsGator, MindTouch, and others.” Web 2.0 startups hoping to make inroads in the enterprise market, even among mid-sized firms, will continue to face big challenges, particularly as the larger vendors release their own suites of tools or incorporate them into existing products. You can bypass the CIO on a small scale, but it’s difficult to bypass the CIO when it comes time for a company to standardize on a particular product and vendor.

UPDATE: The McKinsey study is now available online.

Technology Review, which jumps on the Web 3.0 bandwagon in its current issue, reports that Stanford’s Clean Slate Design for the Internet program will be holding a coming out party this Wednesday. The interdisciplinary program seems to take the end of “net neutrality” as a given. Its thrust, in fact, is to make the Internet less Internety (at least as we’ve come to define the term) by redesigning it to be “inherently secure,” by making it possible to “determine the value of a packet … to better allocate the resources of the network, providing high-value traffic with higher bandwidth, more reliability, or lower latency paths,” and by “support[ing] anonymity where prudent, and accountability where necessary.”

Reports Technology Review:

The Internet may have revolutionized society, but [Stanford professor Nick]McKeown points out that there are still some basic things it doesn’t do well. There’s no reliable way of knowing whom data comes from, for example, because the Internet was designed in a way that makes it “ridiculously easy” to fake any information’s origin, McKeown says. It would be much easier to eliminate unsolicited e-mail messages if the sender could be verified because spammers could be quickly identified and prosecuted.

The intent of data can also be masked. Data packets that might look as though they were sent for a legitimate purpose could actually be intended to damage the network by spreading viruses or searching for secret information. When the Internet was first designed, “it was assumed that everyone would be well behaved, but we’re obviously in an era now where we can’t make that assumption,” McKeown says.

Commenting on the initiative, networking pioneer Bob Metcalfe goes even further, arguing that

there needs to be a way to ensure dedicated bandwidth. “The Internet was designed to get teletype characters echoed across the U.S. in under a half second,” Metcalfe wrote in an e-mail interview. “Soon we’ll have to handle [high-definition] video conversations around the world. The Internet must now allow bandwidth reservation, not just priority, to carry realtime, high-bandwidth communication – video in its many forms including video telephone.”

Maybe it will be the geeks rather than the suits who end up killing net neutrality.

And so at last, after passing through Email and Instant Messaging and Texting, we arrive in the land of Twitter. The birds are singing in the trees – they look like that robin at the end of Blue Velvet – and the air itself is so clean you can see yourself in it.

Twitter is the telegraph system of Web 2.0. Like Morse’s machine, it limits messages to very brief strings of text. But whereas the telegraph imposed its limit through the market’s will – priced by the word, telegraph messages were too expensive to waste – Twitter imposes its limit through the iron law of code. Each message may include no more than 140 characters. As you type your message – your “tweet,” in Twitterese – in the Twitter messaging box, a counter lets you know how many characters you have left. (That last sentence wouldn’t quite have made the cut. It has 146 characters. Faulkner would have been a disaster as a Twitterer.)

Only on the length of each message is a limit imposed. Because there’s no charge to send a message and no protocol governing the frequency of posting, you can send as many tweets as you want. The telegraph required you to stop and ask yourself: Is this worth it? Twitter says: Everything’s worth it! (If you’re sending or receiving tweets on your cell phone, though, you best have an all-you-can eat messaging plan; Twitter is, among other things, a killer app for the wireless oligopoly.) You can also send each tweet to as large an audience as you want, and the recipients are free to read it via mobile phone, instant messaging, RSS, or web site. Twitter unbundles the blog, fragments the fragment. It broadcasts the text message, turns SMS into a mass medium.

And what exactly are we broadcasting? The minutiae of our lives. The moment-by-moment answer to what is, in Twitterland, the most important question in the world: What are you doing? Or, to save four characters: What you doing? Twitter is the telegraph of Narcissus. Not only are you the star of the show, but everything that happens to you, no matter how trifling, is a headline, a media event, a stop-the-presses bulletin. Quicksilver turns to amber.

Are you exhausted yet?

Dave Winer has succeeded in creating a New York Times feed through the Twitter service, as if to prove that everything is equal in its 140-character triviality. “All the news that’s fit to twit,” twitters Dave. The world is flat, and so is information.

my dog just piddled on the rug! :-) [less than 10 seconds ago]

Seventeen killed in Baghdad suicide bombing [2 minutes ago]

Oh my god I cant believe it I just ate 14 double stuff Oreos [3 minutes ago]

A conflicted Kathy Sierra explains why Twitter is so addictive. Boiled down to a couple of tweets, it goes like this: using Twitter presents us with the possibility of a social reward, while not using it presents us with the possibility of a social penalty – and the possibility of a reward or penalty is a far more compelling motivator than the reality of a reward or penalty. Look at me! Look at me! Are you looking?

Tara Hunt says, “Twitter is a representation of my stream of consciousness.” What used to happen in the privacy of the mind is now tossed into the public’s bowl like so many Fritos. The broadcasting of the spectacle of the self has become a full-time job. Au revoir, Jean Baudrillard, your work here is done.

Like so many other Web 2.0 services, Twitter wraps itself and its users in an infantile language. We’re not adults having conversations, or even people sending messages. We’re tweeters twittering tweets. We’re twitters tweetering twits. We’re twits tweeting twitters. We’re Tweety Birds.

I did! I did taw a puddy tat! [half a minute ago]

I tawt I taw a puddy tat! [1 minute ago]

Narcissism is just the user interface for nihilism, of course, and with artfully kitschy services like Twitter we’re allowed to both indulge our self-absorption and distance ourselves from it by acknowledging, with a coy digital wink, its essential emptiness. I love me! Just kidding!

The great paradox of “social networking” is that it uses narcissism as the glue for “community.” Being online means being alone, and being in an online community means being alone together. The community is purely symbolic, a pixellated simulation conjured up by software to feed the modern self’s bottomless hunger. Hunger for what? For verification of its existence? No, not even that. For verification that it has a role to play. As I walk down the street with thin white cords hanging from my ears, as I look at the display of khakis in the window of the Gap, as I sit in a Starbucks sipping a chai served up by a barista, I can’t quite bring myself to believe that I’m real. But if I send out to a theoretical audience of my peers 140 characters of text saying that I’m walking down the street, looking in a shop window, drinking tea, suddenly I become real. I have a voice. I exist, if only as a symbol speaking of symbols to other symbols.

It’s not, as Scott Karp suggests, “I Twitter, therefore I am.” It’s “I Twitter because I’m afraid I ain’t.”

As the physical world takes on more of the characteristics of a simulation, we seek reality in the simulated world. At least there we can be confident that the simulation is real. At least there we can be freed from the anxiety of not knowing where the edge between real and unreal lies. At least there we find something to hold onto, even if it’s nothing.

I did! I did taw a puddy tat!