Skip to main content


Reset A A Font size: Print

United States Court of Appeals, Ninth Circuit.

ORACLE AMERICA, INC., a Delaware Corporation; Oracle International Corporation, a California Corporation, Plaintiffs-Appellants, v. HEWLETT PACKARD ENTERPRISE COMPANY, a Delaware Corporation, Defendant-Appellee.

No. 19-15506

Decided: August 20, 2020

Before: MILAN D. SMITH, JR. and ANDREW D. HURWITZ, Circuit Judges, and C. ASHLEY ROYAL,* District Judge. Gregory G. Garre (argued), Elana Nightingale Dawson, and Charles S. Dameron, Latham & Watkins LLP, Washington, D.C.; Christopher S. Yates, Christopher B. Campbell, and Brittany N. Lovejoy, Latham & Watkins LLP, San Francisco, California; Dorian Estelle Daley and Deborah Kay Miller, Oracle America Inc., Redwood City, California; Jeffrey S. Ross, Oracle America Inc., Burlington, California; Dale M. Cendali and Joshua L. Simmons, Kirkland & Ellis LLP, New York, New York; for Plaintiffs-Appellants. Mark A. Perry (argued), Gibson Dunn & Crutcher LLP, Washington, D.C.; Samuel G. Liverside, Joseph A. Gorman, and Ilissa S. Samplin, Gibson Dunn & Crutcher LLP, Los Angeles, California; Jeffrey T. Thomas and Blaine H. Evanson, Gibson Dunn & Crutcher LLP, Irvine, California; Vaishali Udupa, Hewlett Packard Enterprise Company, Reston, Virginia; Deanna L. Kwong, Hewlett Packard Enterprise Company, San Jose, California; for Defendant-Appellee. William A. Isaacson and Samuel S. Ungar, Boies Schiller Flexner LLP, Washington, D.C.; Keith Kupferschmid and Terry Hart, Copyright Alliance, Washington, D.C.; for Amicus Curiae Copyright Alliance. Mark E. Ferguson, Bartlit Beck LLP, Chicago, Illinois; Abigail M. Hinchcliff, Bartlit Beck LLP, Denver, Colorado; for Amici Curiae Repair Association and Electronic Frontier Foundation.


Oracle America, Inc. and Oracle International Corporation (together, Oracle) own the proprietary Solaris software operating system. Oracle periodically releases patches for this software to address functionality, improve performance, and resolve security issues. As is relevant here, Oracle restricts use of the Solaris software, including software patches. It grants a customer a limited use license, and it requires a customer to have a prepaid annual support contract to access patches for a server.

Oracle brought copyright infringement claims, California state law intentional interference claims, and a California Unfair Competition Law (UCL) claim against Hewlett Packard Enterprise Company (HPE), alleging that HPE and nonparty Terix Computer Company, Inc. (Terix) improperly accessed, downloaded, copied, and installed Solaris patches on servers not under an Oracle support contract. On cross motions, the district court granted summary judgment for HPE. We affirm the district court's partial summary judgment for HPE on the infringement and intentional interference claims based upon the statute of limitations. We affirm in part and reverse in part the summary judgment on what remains of the infringement claims. We address all other issues in a concurrently filed memorandum disposition.


I. The Solaris Software

Oracle has owned federally registered copyrights for the Solaris software since it purchased Sun Microsystems (Sun) in January 2010. Various Solaris patches also have code registered with the United States Copyright Office. Oracle licenses use of the Solaris software to a customer when the customer purchases a server with preinstalled software. The Solaris versions at issue here are Solaris 8, 9, 10 and 11. The Binary Code License Agreement applies to Solaris 8 and 9. The Software License Agreement (SLA) applies to Solaris 10.1

Customers with a prepaid annual Oracle support contract can access Solaris patches through the password protected My Oracle Support (MOS) website.2 A customer must place every server for which it desires support on an active support contract. A support contract is subject to policies that also define a customer's right to access patches. With an active support contract, a customer can create an MOS username and password. Upon accessing the MOS, the customer must agree to additional terms of use concerning the software on the site.

II. Third-Party Support of Solaris Software by HPE and Terix

As is relevant here, HPE has a multi-vendor support business that serves as a “one-stop-shop” to support all servers an HPE customer has, including servers running Solaris software. HPE provides such support directly and indirectly. HPE subcontracted indirect support to Terix, a company which specialized in supporting Oracle software. For joint HPE-Terix customers, Terix arranged for a server to have Oracle support in the customer's name with a prepaid Terix-supplied credit card and created an MOS credential for the single-server Oracle support contract. Terix also provided customers with a form email to send to Oracle. Terix downloaded patches using the credentials to make copies for use on off-contract servers as part of the so-called “one-to-many” scheme. When a customer was not yet supported, Terix created credentials by using fictitious names, emails addresses, and credit cards.

Oracle sued Terix in July 2013, alleging copyright infringement concerning the Solaris patches, among other claims. Oracle Am., Inc. v. Terix Comp. Co., Inc., No. 5:13-cv-03385-PSG, Dkt No. 1, 2013 WL 3976353 (N.D. Cal. July 19, 2013). Following summary judgment for Oracle on Terix's license affirmative defense there, Oracle Am., Inc. v. Terix Comp. Co., 2015 WL 2090191 (N.D. Cal. May 5, 2015), Terix stipulated to a judgment for Oracle on the infringement and fraud claims without admitting liability. Thereafter, Oracle and HPE entered into an agreement, effective May 6, 2015, to toll the statute of limitations for any claims that Oracle might assert against HPE.

III. This Litigation

Oracle brought this suit against HPE in March 2016 for copyright infringement pursuant to 17 U.S.C. §§ 101, et seq., intentional interference with contractual relations (IICR), intentional interference with prospective economic advantage (IIPEA), and violations of the UCL, Cal. Bus. & Prof. Code § 17200. Among other affirmative defenses, HPE asserted express and implied license. Following discovery, Oracle moved for partial summary judgment on the infringement claims and some affirmative defenses, including the license defense. HPE cross moved on all claims. The district court granted summary judgment for HPE. Oracle timely appealed.


We have jurisdiction pursuant to 28 U.S.C. § 1291. We review a grant of summary judgment de novo. Shelley v. Geren, 666 F.3d 599, 604 (9th Cir. 2012). “We must determine, viewing the evidence in the light most favorable to the nonmoving party, whether there are any genuine issues of material fact and whether the district court correctly applied the substantive law.” Zabriskie v. Fed. Nat'l Mortg. Ass'n, 940 F.3d 1022, 1026 (9th Cir. 2019) (citation and quotations omitted).


I. The Statute of Limitations

It is undisputed that the May 6, 2015 effective date of the parties’ tolling agreement applies in this case. Thus, we consider whether the copyright infringement claims are barred for conduct before May 6, 2012 and the IIPEA claim is barred for conduct before May 6, 2013.3

A. The Copyright Infringement Claims

A copyright infringement claim is subject to a three-year statute of limitations, which runs separately for each violation. 17 U.S.C. § 507(b); Petrella v. Metro-Goldwyn-Mayer, Inc., 572 U.S. 663, 671, 134 S.Ct. 1962, 188 L.Ed.2d 979 (2014). “[A] copyright infringement claim accrues—and the statute of limitations begins to run—when a party discovers, or reasonably should have discovered, the alleged infringement.” Media Rights Techs., Inc. v. Microsoft Corp., 922 F.3d 1014, 1022 (9th Cir. 2019).4

Although Oracle repeatedly argues that it lacked actual knowledge of all the wrongdoing by HPE and Terix, constructive knowledge triggers the statute of limitations. “The plaintiff is deemed to have had constructive knowledge if it had enough information to warrant an investigation which, if reasonably diligent, would have led to discovery of the [claim].” Pincay v. Andrews, 238 F.3d 1106, 1110 (9th Cir. 2001) (citation omitted). We have previously explained that “suspicion” of copyright infringement “place[s] upon [the plaintiff] a duty to investigate further into possible infringements of [its] copyrights.” Wood v. Santa Barbara Chamber of Commerce, Inc., 705 F.2d 1515, 1521 (9th Cir. 1983).5 Even if the plaintiff “may not actually have conducted this further investigation, equity will impute to [the plaintiff] knowledge of facts that would have been revealed by reasonably required further investigation.” Id.; see also Bibeau v. Pac. Nw. Res. Found. Inc., 188 F.3d 1105, 1108 (9th Cir. 1999) (citation omitted), as amended, 208 F.3d 831 (9th Cir. 2000) (explaining that the “twist” of the discovery rule is that it requires “[t]he plaintiff [to] be diligent in discovering the critical facts,” i.e., “that he has been hurt and who has inflicted the injury” (citation omitted)).

Oracle concedes that it “had concerns” in November 2010 that Terix might purchase support for one system and reuse the patches for all other systems. Oracle also had suspicions about HPE as early as 2010 and certainly by October 2011. Critically, Oracle concedes that “it made inquiries of Terix and HPE after receiving reports of potential infringement.” In relevant part, Oracle relies on inquiries that occurred in 2008 and September 2011. Oracle, thus, had a duty to conduct a reasonable investigation. Bibeau, 188 F.3d at 1108; Wood, 705 F.2d at 1521.

The doctrine of fraudulent concealment does not help Oracle in this case. A plaintiff relying on this doctrine to toll the limitations period must show “both that the defendant used fraudulent means to keep the plaintiff unaware of his cause of action, and also that the plaintiff was, in fact, ignorant of the existence of his cause of action.” Wood, 705 F.2d at 1521. The doctrine does not apply if the plaintiff had actual or constructive knowledge of the facts giving rise to the claim. Hexcel Corp. v. Ineos Polymers, Inc., 681 F.3d 1055, 1060 (9th Cir. 2012). “The plaintiff is deemed to have had constructive knowledge if it had enough information to warrant an investigation which, if reasonably diligent, would have led to the discovery of the fraud.” Id. (citation omitted). Although Oracle singularly focuses on the means of the purported concealment, it is not accurate that Oracle “had no reason to suspect” infringement and thus no duty to inquire. Taylor v. Meirick, 712 F.2d 1112, 1118 (7th Cir. 1983). Oracle concededly suspected infringement of its patches by Terix and HPE well before May 6, 2012.

The remaining issue is whether Oracle conducted a reasonable investigation into the suspected infringement. Although “summary judgment is generally an inappropriate way to decide questions of reasonableness,” it “is appropriate ‘when only one conclusion about the conduct's reasonableness is possible.’ ” Gorman v. Wolpoff & Abramson, LLP, 584 F.3d 1147, 1157 (9th Cir. 2009) (quoting In re Software Toolworks, Inc., 50 F.3d 615, 622 (9th Cir. 1994)). Oracle's only evidence of any investigation concerns Terix.6 In April 2012—a month before the three-year lookback from the effective date of the tolling agreement—an Oracle employee searched the MOS for a “” email address to determine whether Terix downloaded Solaris patches or purchased support contracts. That search yielded no results.

The district court determined that this investigation was unreasonable because Oracle failed to use its contractual right to audit customers, despite knowing that Oracle customers were working with Terix. The court did not err in focusing on this issue. Oracle had already identified customer audits as a tool to protect its intellectual property. Critically, only a customer with an active support contract can access the MOS in the first instance. Furthermore, Oracle requires that its customers ensure that third party agents comply with the terms of use for the Solaris software.

Oracle does not dispute that it had the right to audit its customers. It asserts, however, that requiring it to have exercised that right would be “unprecedented,” “dilute the value of copyright ownership by increasing the costs of policing for infringement,” and “subject its clients to a hostile inquiry for the sake of tolling the statute of limitations.” Oracle cites no evidence or authority supporting these assertions, which are insufficient to preclude summary judgment. S. A. Empresa de Viacao Aerea Rio Grandense (Varig Airlines) v. Walter Kidde & Co., Inc., 690 F.2d 1235, 1238 (9th Cir. 1982) (“[A] party cannot manufacture a genuine issue of material fact merely by making assertions in its legal memoranda”). Because Oracle did not raise a triable issue about its investigation, HPE was entitled to summary judgment on the infringement claims for pre-May 6, 2012 conduct.

B. The IIPEA Claim

An IIPEA claim is subject to a two-year statute of limitations. See Cal. Civ. Proc. Code § 339(1). A cause of action does not accrue under California law “until the plaintiff discovers, or has to discover, the cause of action.” Fox v. Ethicon Endo-Surgery, Inc., 35 Cal.4th 797, 27 Cal.Rptr.3d 661, 110 P.3d 914, 920 (2005). A “potential plaintiff who suspects that an injury has been wrongfully caused must conduct a reasonable investigation of all potential causes of that injury.” Id., 27 Cal.Rptr.3d 661, 110 P.3d at 921. A defendant's fraudulent concealment will toll the statute of limitations “for that period during which the claim is undiscovered by a plaintiff or until such time as plaintiff, by the exercise of reasonable diligence, should have discovered it.” Bernson v. Browning-Ferris Indus., 7 Cal.4th 926, 30 Cal.Rptr.2d 440, 873 P.2d 613, 615 (1994) (citation omitted).

In concluding that Oracle's pre-May 6, 2013 IIPEA claims were time-barred, the district court analyzed evidence concerning Comcast, one of Oracle's support customers, and determined that Oracle constructively knew of HPE's interference with the Comcast relationship as early as 2011. Oracle has not challenged that finding here, and thus has waived that issue. Paladin Assocs., Inc. v. Mont. Power Co., 328 F.3d 1145, 1164 (9th Cir. 2003). Oracle nonetheless argues that it could not have known about the “broader one-to-many scheme to interfere with Oracle's relationships.” Relying on El Pollo Loco, Inc. v. Hashim, 316 F.3d 1032, 1040 (9th Cir. 2003), Oracle further argues that it could rely on the truth of HPE's and Terix's assurances that “they were not engaged in misconduct” even if an investigation would have disclosed the falsity of those assurances.

Although fraudulent concealment tolls a statute of limitations for the time that a plaintiff cannot discover its claim, Bernson, 30 Cal.Rptr.2d 440, 873 P.2d at 615, 619, Oracle was aware, at a minimum, of enough facts well before May 6, 2013 to discover its IIPEA claim against HPE. Oracle identified HPE and Terix in 2010, among others, as third-party maintainers of Solaris software who sought to attract customers from Oracle in the manner challenged here. And, in 2011, Comcast indicated that it would leave Oracle for HPE and Terix after HPE and Terix had made purported assurances to Oracle. In short, Oracle, was not “ignorant” of its IIPEA claim against HPE before May 6, 2013. Weatherly v. Universal Music Publ'g Grp., 125 Cal.App.4th 913, 23 Cal. Rptr. 3d 157, 161–62 (2004). Thus, the claim is time-barred for pre-May 6, 2013 conduct.

II. The Copyright Infringement Claims

Oracle asserted direct infringement claims concerning HPE's direct support customers, and indirect infringement claims concerning joint HPE-Terix customers. The claimed infringing acts were unauthorized downloading, copying, and delivery of patches, and patch installations. We consider separately the indirect and direct infringement claims, mindful that “[t]he test for summary judgment in a copyright case must comport with the standard applied to all civil actions.” Shaw v. Lindheim, 919 F.2d 1353, 1358–59 (9th Cir. 1990), overruled in part on other grounds by, Skidmore v. Led Zeppelin, 952 F.3d 1051, 1066 (9th Cir. 2020) (en banc).

A. Indirect Infringement Claims

A defendant may be held vicariously and contributorily liable for copyright infringement carried out by another. Luvdarts, LLC v. AT & T Mobility, LLC, 710 F.3d 1068, 1071 (9th Cir. 2013). But a plaintiff must show “[a]s a threshold matter ․ that there has been direct infringement by third parties.” Perfect 10, Inc. v., Inc., 508 F.3d 1146, 1169 (9th Cir. 2007). The district court concluded that Oracle could not prove direct infringement by Terix in the form of unauthorized patch installations.7 Oracle challenges the court's failure to consider evidence of Terix's pre-installation conduct. We briefly address that evidence and then discuss the deficiencies in the district court's analysis.

Direct infringement requires: “(1) ownership of a valid copyright, and (2) copying of constituent elements of the work that are original.” Seven Arts Filmed Entm't Ltd. v. Content Media Corp. PLC, 733 F.3d 1251, 1254 (9th Cir. 2013) (citation omitted). On the second element, we have made clear that “[b]oth uploading and downloading copyrighted material are infringing acts.” Columbia Pictures Indus. v. Fung, 710 F.3d 1020, 1034 (9th Cir. 2013). Oracle provided evidence of Terix's downloading and copying of patches for joint HPE-Terix customers. Terix downloaded some 11,500 copies of Solaris patches, including thousands of copies of registered protectable code by using customers’ MOS credentials. Terix employees copied patches to internal Terix repositories as well as to Terix-provided laptops so that it could provide patches on demand to joint customers. Terix reproduced and distributed patches on its servers so that customers could access patch copies.

Although this evidence appears to show direct infringement, the district court did not consider it because the court read “Oracle's support contracts to grant an Oracle customer, or an agent of the customer, a license to download, deliver, and install Solaris patches.” Reasoning that Terix was an agent of a customer with a license, the court thought that only patch installations could constitute infringing conduct.

An applicable license may be dispositive of an infringement claim. “Anyone who is authorized by the copyright owner to use the copyrighted work in a way specified in [the Copyright Act] ․ is not an infringer of the copyright with respect to such use.” Sony Corp. of Am. v. Universal City Studios, Inc., 464 U.S. 417, 433, 104 S.Ct. 774, 78 L.Ed.2d 574 (1984). Thus, an infringement claim “fails if the challenged use of the work falls within the scope of a valid license.” Great Minds v. Office Depot, Inc., 945 F.3d 1106, 1110 (9th Cir. 2019). And “[t]he existence of a license creates an affirmative defense to” an infringement claim. Worldwide Church of God v. Phila. Church of God, Inc., 227 F.3d 1110, 1114 (9th Cir. 2000). But “[w]hen a licensee exceeds the scope of the license granted by the copyright holder, the licensee is liable for infringement.” LGS Architects, Inc. v. Concordia Homes of Nev., 434 F.3d 1150, 1156 (9th Cir. 2006).

A court must construe the license to evaluate its effect on a claim of copyright infringement. “A copyright license ‘must be construed in accordance with the purposes underlying federal copyright law.’ ” Great Minds, 945 F.3d at 1110 (quoting S.O.S., Inc. v. Payday, Inc., 886 F.2d 1081, 1088 (9th Cir. 1989)); see also Cohen v. Paramount Pictures Corp., 845 F.2d 851, 854 (9th Cir. 1988) (same). “Chief among these purposes is the protection of the author's rights.” S.O.S., 886 F.2d at 1088. “Federal courts ‘rely on state law to provide the canons of contractual construction to interpret a license, but only to the extent such rules do not interfere with federal copyright law or policy.’ ” Great Minds, 945 F.3d at 1110 (quoting S.O.S., 886 F.2d at 1088).

The district court here, however, opined on Oracle's licenses without applying these principles, and it never identified a license provision that authorized the challenged pre-installation conduct.8 That was error. At summary judgment, “[t]he district court must not only properly consider the record ․ but must consider that record in light of the ‘governing law.’ ” Zetwick v. County of Yolo, 850 F.3d 436, 441 (9th Cir. 2017) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986)). “[W]here application of incorrect legal standards may have influenced the district court's conclusion, remand is appropriate.” Id. at 442. By applying no legal standard to interpret the licenses, the district court failed to apply the correct one. In doing so, the court excluded pre-installation conduct from its analysis. Thus, we remand for the court to properly analyze the licenses. The court must reconsider all infringement claims for pre-installation conduct, including the direct infringement claims for which the court also limited its focus to unauthorized installations.9

B. The Direct Infringement Claims

As is relevant here, direct infringement requires copying of a protected work by the defendant. Seven Arts, 733 F.3d at 1254. It is undisputed that HPE's installation of patches on unsupported servers would constitute infringement. But the parties dispute whether Oracle's evidence showed that HPE performed such installations for its direct customers. We address separately the non-Symantec customers and Symantec and conclude that triable issues remain.

1. Non-Symantec Customers

The district court reasoned that, to survive summary judgment on the direct infringement claims for non-Symantec customers, Oracle had to provide: “(1) evidence that HPE installed a patch on a server that was not supported by an Oracle support contract, and (2) evidence that the patch was released and downloaded while that server was not on contract.” Oracle does not challenge this application of the copying element, and thus, it guides us here.

Oracle relied on an analysis by its expert, Christian Hicks, of HPE-produced spreadsheet data for 35 HPE direct customers to show that HPE performed unauthorized patch installations. The spreadsheets had an “Installed on Date” column and a column identifying the hardware serial number. Hicks treated the “Installed on Date” column as showing actual installation dates. He found 210 instances of patching where “the ‘Installed on Date’ in HPE's data occurred after Oracle support for that server had ended.” He found that for 188 of those instances, Oracle had not released the patches until after Oracle support for the server expired. Crediting HPE's arguments, the district court concluded that Oracle could not prove with this data (a) unauthorized installations (b) by HPE. We disagree.

a. Unauthorized Patch Installations

The district court found an insurmountable “ambiguity” about whether the “Installed on Date” column reflected actual patch installations. The “ambiguity” stemmed from testimony by David Jensen, HPE's Rule 30(b)(6) witness and a former HPE employee. In considering this testimony, the court failed to draw all reasonable inferences in Oracle's favor.

Jensen testified that the “Installed on Date” column had three possible meanings. It could mean the date that: (1) a kernel patch was installed, (2) a patch was released from the vendor, or (3) a file was updated on the system, such as a deletion, modification, or change to the file. Although Jensen testified that one could not know which meaning applied, he explained that the field prioritized the first meaning. Only if actual installation data was unavailable would the entry reflect another meaning. This testimony supported the actual installation date meaning that Hicks attributed to “Installed on Date,” and it showed that that meaning was prioritized.10 In light of this evidence, the district court could not properly assume in HPE's favor that no entries reflected an actual installation.

The court also reasoned that even if all entries reflected installations, “Oracle could not identify any particular nonsupported server on which a protected patch was improperly installed.” That conclusion stemmed from what the court viewed as a concession by Oracle during the summary judgment hearing. Oracle, however, effectively explained that it would prove unauthorized installations circumstantially. “Proof of copyright infringement is often highly circumstantial,” Loomis v. Cornish, 836 F.3d 991, 994 (9th Cir. 2016) (citation omitted), “[b]ecause direct evidence of copying is rarely available,” Baxter v. MCA, Inc., 812 F.2d 421, 423 (9th Cir. 1987). Here, Oracle could identify protected patches and the spreadsheets showed installations that post-dated the release of a given patch. Drawing all reasonable inferences in Oracle's favor, a jury could find that at least one entry reflected an actual patch installation.

b. By HPE

A “direct infringement claim turn[s] on ‘who made’ the copies[.]” Fox Broad. Co. v. Dish Network L.L.C., 747 F.3d 1060, 1067 (9th Cir. 2014) (quoting Cartoon Network LP, LLLP v. CSC Holdings, Inc., 536 F.3d 121, 130 (2d Cir. 2008)) (emphasis in original). Oracle must “show causation (also referred to as ‘volitional conduct’) by the defendant.” Perfect 10, Inc. v. Giganews, Inc., 847 F.3d 657, 666 (9th Cir. 2017), cert denied, ––– U.S. ––––, 138 S. Ct. 504, 199 L.Ed.2d 385 (2017). This requires conduct by the defendant “that can reasonably be described as the direct cause of the infringement.” Id. (citation omitted) (emphasis in original).

Relying on Jensen's testimony, HPE avers that some entity other than it—Oracle, the customer, or some unknown third party—could have installed patches for its direct support customers. Jensen's testimony, however, could not foreclose that HPE installed patches. Indeed, he testified that when the data indicated that a patch was applied to a server, it “could mean” that a customer updated the patch, a customer-hired third party did it, or—critically—that HPE applied the patch if HPE had the responsibility to do so. HPE evades and the district court failed to acknowledge this third scenario, which plainly goes to causation by HPE.11

HPE further contends that Oracle cannot prove causation because Hicks did not know who performed any patch installations. Hicks, however, relied on the fact that HPE supported the servers identified in HPE's data and that customers specifically paid HPE to support their Solaris software to conclude that HPE made installations. We see no reason why a reasonable jury could not rely on these same circumstances. Viewing the evidence in the light most favorable to Oracle, a reasonable jury could find that HPE performed patch installations for direct customers. Thus, summary judgment was improper on the direct infringement claims concerning non-Symantec customers.

2. Symantec

Summary judgment for HPE on the direct infringement claims concerning Symantec was also improper. The testimony from HPE's employees permitted the reasonable inference that HPE installed a patch on an unsupported Symantec server. Indeed, the court acknowledged that testimony from HPE employees showed that HPE “had a practice of ․ installing patches downloaded from and delivered through Terix for Symantec's off-contract servers.” Because Oracle may prove infringement circumstantially, Loomis, 836 F.3d at 994, Oracle did not need to further show that a particular patch was installed on a particular off-contract server to survive summary judgment.12

HPE also argues that the district court held that Oracle did not show that any patch delivered to Symantec was protectable. If true, Oracle could not press infringement claims for such patches. Seven Arts, 733 F.3d at 1254 (observing that “ownership of a valid copyright” is a “basic element” of infringement) (citation omitted). The district court, however, does not appear to have granted summary judgment for HPE on this basis, but instead to have merely acknowledged HPE's argument. Although we may affirm on any ground supported by the record, Johnson v. Riverside Healthcare Sys., LP, 534 F.3d 1116, 1121 (9th Cir. 2008), the record supplied by the parties is insufficient for us do so. We have no obligation to mine the extensive district court record, and we decline to do so here. See In re Oracle Corp. Sec. Litig., 627 F.3d 376, 386 (9th Cir. 2010) (“It behooves litigants, particularly in a case with a record of this magnitude, to resist the temptation to treat judges as if they were pigs sniffing for truffles.”). The district court may revisit and clarify this issue on remand.


We affirm the partial summary judgment for HPE on the copyright infringement and IIPEA claims as time-barred. We affirm in part summary judgment on the indirect infringement claims for patch installations by Terix. We reverse summary judgment on all infringement claims for pre-installation conduct, and on the direct infringement claims for unauthorized patch installations by HPE.



1.   A customer-specific entitlement accompanies the SLA. Solaris 11 is governed by a license similar to the SLA.

2.   Oracle ceased Sun's gratis release of security-related patches, firmware updates, and new Solaris operating system versions.

3.   Oracle raised limitations arguments in its opening brief for only copyright infringement and IIPEA claims. Oracle has waived the IICR claim limitations argument it raised for the first time in reply. U.S. v. Alcan Elec. & Eng'g, Inc., 197 F.3d 1014, 1020 (9th Cir. 1999). In any event, our analysis on the IIPEA claim here would apply equally to the IICR claim. HPE has also waived its perfunctory argument that the UCL claims are time-barred. See Cal. Pac. Bank v. Fed. Deposit Ins. Corp., 885 F.3d 560, 570 (9th Cir. 2018).

4.   Oracle waived its argument in reply about the district court's treatment of the indirect infringement claims as accruing when Oracle discovered or could have reasonably discovered direct infringement. Alcan Elec. & Eng'g, 197 F.3d at 1020.

5.   Relying on O'Connor v. Boeing North American, Inc., 311 F.3d 1139 (9th Cir. 2002), Oracle argues that “suspicion alone” is not sufficient to trigger the limitations period. O'Connor concerned whether the discovery rule applied to 42 U.S.C. § 9658 preempted the California discovery rule in the context of personal injury claims for exposure to hazardous substances. Id. at 1146–49. We rejected “an interpretation of the federal discovery rule that would commence limitations periods upon mere suspicion of the elements of a claim” to “forestall” the filing of unnecessary and preventive claims. Id. at 1148. We did not, however, discuss Wood. As Oracle recognizes, Wood provides that suspicion of infringement triggers a duty to investigate. 705 F.2d at 1521. We apply that standard here.

6.   Oracle does not argue that it investigated HPE.

7.   Oracle does not challenge the district court's ruling concerning patch installations by Terix. Thus, we affirm the partial summary judgment for HPE on the indirect infringement claims as to that issue.

8.   HPE avers that the district court “held” HPE to its burden to identify a license provision authorizing the pre-installation conduct, pointing to an order in Oracle's case against Terix. Oracle, 2015 WL 2090191, at *1. But, in that order, the magistrate judge granted summary judgment for Oracle on the affirmative license defense, reasoning that Terix “violated the terms of the relevant licenses by using a customer's credential's to ․ download patches for any number of that customer's machines, whether covered by the license terms or not” because “[t]his type of use is clearly not contemplated on the face of the license agreements.” Id. at *6. And unlike the district court here, the magistrate judge there applied the relevant principles to construe the licenses for Solaris versions 7, 8, 9 and 10. Id. at *1, 7–9.

9.   We decline to resolve in the first instance whether Oracle produced sufficient evidence on the additional elements of secondary liability because the district court never considered those issues. Shirk v. U.S. ex rel. Dep't of Interior, 773 F.3d 999, 1007 (9th Cir. 2014).

10.   The district court also stated that the data had a “false positive” because Oracle identified a patch installation on an off-contract server before Oracle had released that patch. Such an entry can be explained as the date of a file update, consistent with Jensen's third meaning of “Installed on Date.” That “false positive” would not preclude that other entries reflect actual installations.

11.   We reject Oracle's assertion that Jensen's testimony suffices to award summary judgment for it. Although Oracle cross moved for summary judgment on its infringement claims, we must view the evidence in the light most favorable to HPE. At the very least, the testimony creates a dispute of material fact.

12.   HPE argues that “many” Symantec servers ran older versions of Solaris that are not at issue and that Symantec also asked HPE to install patches received from Terix onto servers covered by Oracle support contracts. This would not preclude the reasonable inference that HPE performed an unauthorized patch installation.

M. SMITH, Circuit Judge:

Copied to clipboard