The Federal Trade Commission both announced charges of deception against Oracle and that those claims have been settled.  The claims relate to misleading statements made by Oracle relating to security vulnerabilities of the Java software.  Java is installed on 850 million personal computers, including yours.  Oracle represented to consumers that updates to the Java product corrected security issues with older versions of the software.  In fact, the updates only removed the most recent version of the software, leaving older, vulnerable versions of Java in place.  Hackers could exploit the old versions of Java to collect user names and passwords and to launch phishing attacks.

The proposed settlement has yet to be signed by a judge and the document released by the FTC does not include any money penalties.  Instead, Oracle agrees to help consumers remove old versions of Java.

The settlement agreement will make Oracle straight with the FTC, but not with victims of hacking and identity theft stemming from the Java vulnerability.

In the coming litigation fire storm, Oracle will shelter behind the damage waivers of its click-through software contract, while the class-action attorneys will attack the contract damage limitations based on Oracle’s fraud.  Stay tuned to find out who comes out on top.

— Robert Yarbrough, Esq.