By Brian Maass

DENVER (CBS4) – Denver taxpayers will be paying millions of dollars more this year for city use of Oracle software after the city admitted it violated its licensing agreements with Oracle and was threatened with a potential $10 million penalty for overuse.

“We are going to look at existing processes and make sure they get better and better,” said Scott Cardenas, Chief Information Officer for Denver Technology Services.

Despite repeated requests from CBS4, Cardenas declined to say precisely how the City of Denver got out of compliance with its software licensing and how far out of compliance the city had been.

(credit: CBS)

Denver had contracted with Oracle for years and most recently paid the company about $1 million per year for software and other services. But last summer Oracle informed the city it wanted to audit Denver’s use of Oracle software.

Hundreds of pages of emails between the city and Oracle representatives suggest that audit was well underway when Oracle’s Richard Luby sent Denver an email in December 2016 saying Oracle had concluded “the current over-deployment would require in excess of $10m (million) to license.”

The company went on to say however that it was willing to settle for $3 million “if Denver is in agreement on this number.”

(credit: CBS)

(credit: CBS)

Within a short period of time, Denver Technology Services put together a new five-year contract bumping up Oracle’s compensation for 2017 to nearly $4 million, quadrupling the previous year’s compensation; although city technology administrators insisted the increased contract amount was not a fine or penalty for their overuse of Oracle software.

Appearing before Denver city council’s finance and governance committee in February, Cardenas told councilmembers the quadrupling of payments to Oracle this year was a “true-up of our licensing going forward.”

However, in meeting with council members, Cardenas also acknowledged, “We were non-compliant with our licensing. We were using licensing that we had not updated our licensing model for.”

Asked by councilman Kevin Flynn if the increased payment amounted to a fine being paid to Oracle, Cardenas said, ”It is not a fine … it’s a true up … to get to the right licensing count.”

Jenny Schiavone, a spokesperson for the city, told CBS4, “The old one was an outdated licensing model for the city and the new one right-sized our agreement and modernized the service structure for our current and future needs … this was all part of a normal business model true-up for a technology department.”

(credit: CBS)

Craig Guarente, a former Oracle vice president of contracts and business practices, who now runs a consulting firm for government agencies and companies that run afoul of Oracle licensing requirements, said what Oracle did to Denver could have easily been prevented.

“Denver paid a price — a penalty — for being out of compliance, and it was millions of dollars”, said Guarente.

He made the comments after reviewing contracts between Denver and Oracle and the hundreds of pages of emails obtained by CBS under an open records request.

“And the city thought, ”We’ve been caught, so we need to pay up,” said Guarente.

He went on to say that Oracle makes it difficult for their customers to remain compliant with their licenses. He says the company then audits software usage, usually finding massive violations, leading to fat new contracts.

“If they (City of Denver) were on top of this and more proactive they might not have needed to do another deal with Oracle. If you are out of compliance and they find that they use that to pressure you to do things like give them millions of dollar,” said Guarente.

Katie Barron, a spokesperson for Oracle, told CBS4 the company would “decline comment at this time.”

Guarente said what Denver went through is commonplace for Oracle clients.

“They put a lot of fear and doubt in their client and the client caves. It’s like shock and awe,” he said.

He said Denver “dropped the ball and got what they got because they weren’t keeping their eye on the ball. If they had done what they should have done they wouldn’t be paying this money to Oracle.”

How did it happen? CBS4 repeatedly asked that question of Cardenas but he would not directly address the question.

“How did you guys get so far out of compliance?” he was asked.

”This was an exercise to get back into compliance,” Cardenas responded.

CBS4’s Brian Maass interviews Scott Cardenas, Chief Information Officer for Denver Technology Services (credit: CBS)

Amber Miller, a spokesperson for Mayor Michael Hancock, in January portrayed what happened between Oracle and Denver as a simple renegotiation with no connection to Denver’s mismanagement of software.

“Oracle offered the city the opportunity to renegotiate its bundle of services, and the city is in the process of negotiating with Oracle to right-size its licenses,” said Miller.

Cardenas said going forward the city will monitor its software usage more closely, likely reviewing usage on a quarterly basis instead of an annual basis.

“The controls were not as tight as they needed to be,” said Cardenas.

Guarente says other municipalities should pay close attention to what just happened to Denver and learn from the experience.

CBS4 has learned that Oracle has now contacted Denver International Airport asking to audit the airport’s use of Oracle software.

CBS4 Investigator Brian Maass has been with the station more than 30 years uncovering waste, fraud and corruption. Follow him on Twitter @Briancbs4.

Comments (4)
  1. With the compliance audit now behind you, right now could not be a better time to look at alternative support!
    Rimini Street has given us a massive win and a far more stable environment!

  2. SirJames Fl says:

    This is so funny, clear sign of incompetence by the city and who ever is the CIO this week. They are just mad they got caught. They love throwing tax payers money to solutions to problems of their own creation. I’d bet to say their out of compliance on alot of stuff. Lets send in Microsoft to do an audit on their VM Server deployments and other software. Oh and sorry I didnt deploy those other 20 licenses you paid 15,000 $ for…because you never used them and never noticed they were not there. You’ve got non IT people calling IT shots, ridiculous. Government waste at its finest. Drain this pond of IT people that saw a computer once and are now CIO….ooops too late, deal with it ! Next Cyber Security???what cyber security ???

  3. Larry Loesch says:

    Sounds like standard Oracle operating procedure to me. They have a complex and difficult to understand licensing system combined with a business plan that expects companies to not be in compliance. Search for “Oracle Audit” and you will even find ads for companies that specialize in helping you get through audits. Couple this with the fact that you can download a lot of their products for free for development purposes and you have a cash cow. You can even get out of compliance by simply upgrading the server that’s running one of their products. Throw in the usual user confusion over “per seat” vs “per user” licensing, deploy that in a large organization then sit back and wait.

  4. If I had been hired 15 years ago into the IT branch ( my wife was Clerk of Courts ). this software mismanagement would have never been allowed to start. As a professional IT person, I sometimes see violations and unofficially ask the customer to resolve this ( no, I don’t turn my clients in, I offer other, no fee solutions. I worked for JD Edwards before Oracle swallowed them up. No love lost on Oracle or it’s owner. In this case, Denver should convert from Oracle products to MySQL. That is what many private companies are doing. Since it is Open Source, THERE ARE NO FEES TO USE IT! Just add your ” seats or sites ” NO FEE!
    BTW, You will find the latest UBUNTU SOFTWARE works as good as Windows, NO LICENSE NEEDED, UNLIKE M$, WHICH HAS DECIDED TO MAKE WINDOWS ” PAY TO PLAY “, also known as ” monthly fees to use our products. UBUNTU has no fee to use it, they make their money on consulting and software mods AROUND THE WORLD.

Leave a Reply