"On April 11, 2012, Dennis Jacobs, Chief Judge of the United States Court of Appeals, published a unanimous decision in a written opinion[11] stating:
On appeal, Aleynikov argues, inter alia, that his conduct did not constitute an offense under either statute. He argues that: [1] the source code was not a "stolen" "good" within the meaning of the NSPA, and [2] the source code was not “related to or included in a product that is produced for or placed in interstate or foreign commerce” within the meaning of the EEA. We agree, and reverse the judgment of the district court.[10]
In the course of these events, Aleynikov has spent 11 months in prison. Aleynikov has divorced, lost his savings,[12] and, according to his lawyer, "[his] life has been all but ruined".[13]
The government did not seek reconsideration of the Second Circuit's ruling, thus ending federal action against Aleynikov.[14]
Later, on December 18, 2012, the law was changed by Congress, in order to punish acts like the ones Aleynikov committed in future rulings, in a law referred to as the "Theft of trade secrets clarification act of 2012".[15]"
No. The most interesting part is that this is an example of a vindictive employer ruining someone's life.
I used to work at Goldman's and can tell you that they are paranoid about this kind of thing. They are trying to make an example out of Sergey. We used to get daily updates (on the corporate intranet) about the progress of the case. There is no telling how much money Goldman's has spent going after this guy. Both directly and indirectly through lobbying. You have to ask why, after a year in jail with no conviction, the government still trying to prosecute him? Could it be because Goldman has a very powerful lobbying arm which is particularly strong in New York?
If you are leaving your employer, don't upload any code. Sure. ...but that was over 6 years ago and the guy has already done time. Try getting a job with a prison record. I can tell you that in the banking industry it will not happen.
I wouldn't be the least bit surprised if they keep coming after him. Poor guy.
One last point. There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to? Microsoft wouldn't be interested and it is not like you can take out an ad on ebay. Who would have the brains to figure it out? If you had those brains, wouldn't it be easier to just write it yourself? What is true for Google's code is also true for any complex system such as trading software.
My best friend works at Goldman, and used to sit next to Sergey. Three things:
1. There were definitely NOT daily updates about the progress of this case
2. He WAS absolutely trying to steal code. Goldman high-frequency code isn't great (except in options market making). The thing that ultimately flagged him was that he kept trying to clear his .history file.
3. He wasn't planning on selling it. He was planning on taking it to Teza, a place that has a notorious reputation for poaching people and code.
This was an exaggeration that I did not think would be taken literally. We had updates as the case progressed. I would guess about once a month. These updates were on the corporate intranet home page which generally contained about 5 links to 'external news' or something.
>He WAS absolutely trying to steal code. Goldman high-frequency code isn't great...
You have written this in a weird way. I agree he was trying to steal code. The quality of what he stole is not relevant. The way you have written this, it could be read: "He tried to steal high-frequency code". This is very much debatable. I could easily argue that Log4J is part of Goldman's high-frequency code.
He did try to cover his tracks. What he did was wrong and he knew at the time it was wrong. Six years later, does the punishment fit the crime?
>He wasn't planning on selling it. He was planning on taking it to Teza
Yes. This is the interesting point. He wasn't planning on selling it because there is no market for it. By this, I mean that there is no place he could list the code for purchase because:
1. It would be illegal and other companies frown on that kind of thing (at least on paper).
2. The code would not be worth much without an understanding of what it does in the wider ecosystem.
Point two is key. Sergey understood the code. He was uploading it to help him remember the work he had done at Goldman's. There is very much a market for, "I did XYZ at Goldman's, I can do it for you too." I have no doubt that he would have been able to do it again without the source code, but he wanted his 'notes'.
GS didn't want him to apply his trade at another firm. Hence the 'vindictive employer' remark.
How long before another developer gets harassed by Goldman's because they printed off some technical documentation before leaving? What if the documentation is printed a month before leaving? ...a year? ...where is the line, exactly?
What you wrote above is basically hearsay, which is not allowed as evidence in the United States (barring some exceptions). Not sure why it should hold any weight on an online discussion forum.
>The thing that ultimately flagged him was that he kept trying to clear his .history file.
I'll assume you mean .bash_history This discussion has been had here before. There are plenty of good non-sketchy reasons to delete it, and at some places it is mandatory.
It's also not unheard of to encrypt files for transit, and for storage on untrusted remote machines. I'm sure someone else around here could show you a few dozen ways to pipe that through gpg, a few of which might also require a password to be used in the command, necessitating the deletion of .bash_history
You may criticize him for using encryption but what would you have him use, plaintext and ftp?
The value in the code is not the code itself, but the models it encapsulates.
For those interested, Teza uses (single-threaded) Java and Hadoop (or at least they used to), and Goldman Sach's high-frequency code was written in C++.
One last point. There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to?
Google's search algorithm might not be very marketable but I can think of tons of different uses for stolen proprietary trading algorithms. The potential for inflicting enormous economic damage is very real.
If the code allows someone to generate positive returns, then there is a tremendous market for it if the person who writes it comes with. (I do believe the value of code drops dramatically if the person who write it is gone) In this case, the person could take the code and generate money for another fund.
This doesn't mean that GS is doing the right thing going crazy after him, rather it's just an explanation that he could make money with it elsewhere.
One thing about this case puzzles me, and none of the news coverage I found explains it: what code did he actually take?! Details matter. Was it a tweak of something like Samba (obviously GPL)? Or was it part of a proprietary risk management system, derivatives models, or other direct money-making programs?
If he took the former, then I'd side with him — he took nothing of genuine value. If he took the latter, then, très uncool. (I witnessed several incidents of model theft while serving time on Wall Street in the mid-2000s, and none were publicly pursued like this one.)
In Flash Boys, he makes it clear that he did not take any trading strategies or in-house models.
They don't provide a ton of detail in the book, but it seems that he wanted to take some FOSS code he modified himself while at Goldman. All code ever used on a Goldman machine is licensed as proprietary, even if it was downloaded from a FOSS repository 1 µs beforehand. It's mentioned that some irrelevant infrastructure code may have been intermingled with the modified FOSS he took, though it doesn't seem Goldman was particularly incensed by any particular piece of code, simply by the fact that he took any to begin with.
Also in the book, Michael Lewis brings together a panel of HFT technologists to interview Sergey and assess whether anything he took was consequential. Their collective conclusion after meeting with him for several hours was that he took absolutely nothing of value.
By never distributing the result outside the company, and not caring about intermixing proprietary code with it? The GPL, like most other FOSS licenses, only applies to distribution; no distribution, no license compliance issues.
A comment elsewhere in the thread suggests that they put their own proprietary license header at the top. Which is legal if they never distribute the result.
The MIT license explicitly applies to those who obtain a copy of the code, not those who distribute it (although you are explicitly granted the right to distribute the code if you do obtain a copy of the code).
It also requires that all copies or substantial portions of the software maintain the copyright notice and the license text. If Goldman is just ripping off copyright notices and MIT licenses and slapping on their own copyright notice and license (or lack, thereof), they are doing it wrong. Way wrong (would not surprise anyone though).
>Copyright (c) <year> <copyright holders>
>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Not that simple. You can't just place your license above someone else's code even if you do not distribute externally, at a minimum you are going to distribute it internally. I'm not sure what legal avenues exist to prohibit this but this does not simply get a pass.
If it's permissively licensed, sure. But not just any license.
distribute it to whom? it was certainly distributed to the machines that are rented by a company which only assets is the fact it's close to the trading servers.
That is (generally) not how it works. HFTs rent rack space in which to insert machines that they themselves build, own, and maintain. The code never leaves the network/property of the company in usual circumstances.
In the book, Sergey says they simply rip the FOSS license off the header and replace it with a Goldman proprietary license. It's implied that the legality of this is a grey area.
Ripping software licenses of from software is extremely unlikely to be a grey area. The license is what gives a person permission, and if they remove it, so goes the permission. I would compare it to a person boarding a train, and then imminently throwing away the ticket.
What he took was proprietary infrastructure-related code that didn't involve any of Goldman's trading algorithms. His claim is that it was so tangled up with the open source code he wanted that he had to take it out to get it.
If you can't think of buyers for Googles secret sauce you should think again, just about every two-bit SEO guru would be willing to pay for that (assuming they could understand it) to be able to better game the system. Obviously this has value.
from Bloomberg[1]
"Under cross-examination by Assistant District Attorney Elizabeth Roper, Malyshev said that Aleynikov would have been the second-highest paid person at Teza, and that he was the only employee that he had offered to pay three times a former salary"
I can't find a citation, but he was worth that much to Teza precisely because of the HF trading models he was bringing with him. I've worked at hedge funds where quants did have rights to their own trading algorithms and under their agreement they could leave and take them to the next shop. If Sergey did not have such agreement, taking anything (even his own code) would be considered company property.
I am not familiar enough to say he did or didn't steal company property, but I would certainly not say that "there is no market for stolen code". If all he really took was open source code than this is indeed a witch hunt, but I don't see why any company would pay so much if they could just get the free open source code.
> I am not familiar enough to say he did or didn't steal company property, but I would certainly not say that "there is no market for stolen code".
He hasn't stolen anything (since the source code is still on GS' computers), he just copied it illegaly. Using the word "stealing" for this is plain propaganda.
> What is true for Google's code is also true for any complex system such as trading software.
I'm not sure that follows. Many trading companies operate as black boxes, and there are a hell of a lot more of them, and they have much fewer employees, and seem to exemplify a "get rich quick" attitude.
>There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to? Microsoft wouldn't be interested and it is not like you can take out an ad on ebay
This is just not the case. Google "sued trade secret misappropriation." The classic example is a company hiring someone with a wink and nod and they bring over all sorts of stolen documents.
Likely British usage. We pluralize company names in many cases: Goldmans, Tescos, etc, and refer to them plurally (so, "Goldmans are seeking to ruin Sergey" vs. "Goldman is seeking..."). Apostrophe is probably wrong :)
Yeah, I'm still not feeling much sympathy for him though. He did 11 months for a premeditated theft for which he tried to cover his tracks. Is that too harsh? Of course they're going to go after him. And you're worried about him getting another job?? I don't get it.
No. For a neanderthal leadership it doesn't take months to recreate code. It usually takes forever.
Goldman Sachs and many such large corporation, including the US Government, are led by a bunch of dinosaurs. People who do not understand what code is.
What they understand instead is bullying, setting an example like some sort of public execution, owning people to the point of slavery etc. They know what it means to prosecute and destroy lives of individuals. And enjoy parties and drinks on the side in the evenings.
And this is just one example of that tyrannical trait.
Cyrus R. Vance Jr. is a real prick who enjoys wasting taxpayers money trying to prosecute an innocent man who has already had his life ruined because of inappropriate charges and spent time in jail for crimes he did not commit. While, not illegal, his pursuit of Aleynikov is a hundred percent self-centered and illogical (as this decision shows). I hope the people of New York vote him out and choose a prosecutor with the people's interests in mind, not his own personal gains. After all, he is supposed to represent the people of his district.
I don't agree. Aleynikov did not win on the aspects of the case that folks in the tech industry rallied around (e.g. copying open source code). He won on narrow issues of statutory construction: 1) The National Stolen Property Act does not extend to intangible property; 2) The Economic Espionage Act does not encompass code used internally for commercial purposes, only code sold or licensed in commerce; 3) New York's law against unlawful use of secret scientific material did not apply because trading code wasn't "scientific material."
I think Vance should have left well enough alone after the first prosecution failed, and the New York "scientific material" charge was clearly the weakest of the three. But the federal prosecution was perfectly reasonable. The statutes at issue were intended to make that sort of conduct illegal. But they hadn't been updated for the digital era. Had Aleynikov made photocopies of the code instead of uploading it, the first conviction would have been upheld.
So, by "narrow issues of statutory construction," you mean the laws he was charged with breaking don't actually apply to what he did?
I wouldn't go so far as to call him "innocent", but it sounds to me like his defence is perfectly reasonable. What he did may have been a breach of contract, copyright, and common decency, but it wasn't illegal. And given the way Goldman is clearly out to get him, and the abuse of power on display by both the federal and state prosecutors, he's the least dirty of all the parties involved.
This guy was probably getting a fat paycheck during his time at GS, and then when he left he tried to take some of the code that he worked on. It's long been illegal to take intellectual property (even if you made it) from your employer. But to make a law, you have to define things like "take", to exclude the case of an employee taking home his work to be more productive, which may be against company policy but shouldn't be illegal. Inevitably, the law fails to capture the full complexity of the universe and ambiguities are resolved in court. There's nothing wrong about the government and damaged party pursuing charges in cases where the law is ambiguous. That's what courts are for. When the federal courts ruled that federal law didn't cover Sergey's actions, the New York state prosecutor thought that a unique element of New York law might make things different in state court. Nothing wrong with that.
The case was so perfectly reasonable the prosecutor failed to find relevant statute and instead offered up no relevance and caused an innocent man to suffer greatly?
It's not like the prosecutor missed or misread an unambiguous statute. There was essentially a loophole in one of the statutes that if read narrowly suggested the trade secret had to be about a product put into commerce. The court found that the code was for an internal goldman sachs service, not a product.
And the other statute on which the prosecutor lost was because the court didn't believe code on a usb was a "good." But if it had printed on paper it would have counted. A sort of stupid distinction.
The prosecutors lost on two narrow statutory interpretations. It happens and it isn't some sort of negligence.
Had he stolen the code from Windows division of Microsoft or had he printed it on paper he'd be guilty.
So Goldman got Federal prosecutors to prosecute a person for violations of commerce law where Goldman was performing no commerce?
Sounds like trumped up bullshit, actually.
According to Wikipedia, this guy was also pursued by the State of New York after being released from jail (since he did nothing wrong) on the same conduct and lost his double jeopardy appeal because a State judge claimed New York was a sovereign entity from the US Federal government and so his constitutional right to not be tried multiple times for the same behavior does not exist.
The State of New York also ultimately lost by failing to show actual violation of claimed statute.
> So Goldman got Federal prosecutors to prosecute a person for violations of commerce law where Goldman was performing no commerce?
Goldman was performing commerce: trading securities and commodities. And the software in question was used to perform that commerce.
Before it was amended, 18 USC 1832 applied to a "product that is produced for or placed in interstate or foreign commerce." The issue was what "produced for" meant. Was it enough that the product be "produced for" the purpose of effecting commerce, which the software was, or did the product itself need to be sold in commerce?
>So Goldman got Federal prosecutors to prosecute a person for violations of commerce law where Goldman was performing no commerce?
No, the distinction was that it was a service they used in commerce when the law only said "product." Now the law was amended to say product or service in interstate commerce.
>and so his constitutional right to not be tried multiple times for the same behavior does not exist.
Double Jeopardy only applies to to the same sovereign entity. If you do something that breaks federal and state law, that is on you.
That is how it has always been, it wasn't surprising that the court didn't agree with double jeopardy.
The fact that the statutes were quickly changed to make his actions illegal could be considered evidence it was generally thought that the previous statutes did apply.
To add to that, the name of the passed act is the "Theft of Trade Secrets Clarification Act of 2012". (Emphasis mine.)
My personal opinion is that Aleynikov violated the intent of the law, but not the wording. He basically got off on a technicality, a "bug" in the law that was quickly patched afterwards.
Regardless of why he won, the fact that he did win at the federal level and would serve no time even if convicted in NY clearly shows that Vance just wanted the conviction for his own selfish purposes. Probably for his conviction numbers. It does not serve society, only its detriment.
"Hey man, I don't make the rules." I'm sure more than one guard said and thought this at Auschwitz. And it's a pernicious problem in complex, political society, a rationalization that let's people do their jobs, even when they suspect that it's wrong.
Personal accountability is a good thing, and at the very least we shouldn't be repeating the whole "hey, they didn't make the rules" post hoc rationalization on people. Vance could have said no to pressure. The fact that he didn't is a very individual problem.
Godwin, anyone? Surely we have better analogies to show that this political behavior is shortsighted than to compare political prosecutions (for vaguely sketchy actions) to mass murder.
No, it's actually more than appropriate to point it out because the point is that diffusion of responsibility easily ends up (to those involved) justifying mass murder. That shows that it of course justifies everything lesser to them as well.
And, it smokes out the Godwin trolls whose sole "contribution" is taking offense to everything.
"prosecution failed to prove that Aleynikov made a tangible reproduction of the source code he was accused of appropriating, as required by the statutory language."
Damn this guy keeps winning on statutory issues. This must be pretty damn embarrassing for the state's attorney.
The guy served a year in prison and there is no indication that he used the misappropriated code. I can't imagine the judicial resources are best used continuing the case.
Though, anyone leaving a company shouldn't take this as a signal that you are allowed to just take code and run out of the door. The federal law he was acquitted under was amended to make what he did illegal. And in most states he's definitely flirting with trade secret misappropriation laws. Don't take any code with you.
when i briefly consulted for a security firm working for banks, i learned that most banks takes daily hits as high as 100,000 and they don't even get reported to the police as to not generate any public record. most get reported to the insurer, which also avoid reporting it in most cases. i confess i never got the whole picture. but most issues I've been involved with was to try to track down the internal people, if any, and the exact means used. and this only over for criminal reports if we did find something conclusive and it was overseas. if it was local it was usually dealt with lawyers and such out of the records.
edit: forgot to mention it wasn't the us. but the banks were american.
What I find interesting is that Aleynikov (and the sources I've read about him) claim the code was open source. The issue of Goldman making false claim to GPLed or similarly licensed code hasn't come up.
If the court ruled that modified GPLed code can't be taken by an exiting employee then that has a whole host of other implications.
The Second Circuit ruling expressly addressed that aspect: http://sunsteinlaw.com/wp/wp-content/uploads/2013/01/2013_01... ("Aleynikov also transferred some open source software licensed for use by the public that was mixed in with Goldman's proprietary code. However, a substantially greater number of the uploaded files contained proprietary code than had open source software") (Page 5, Footnote 1)
Well technically, any modifications you make to GPL code are still owned by your employer. Now if the modified code gets distributed by your employer, THEY are the ones that are under obligation to make the source available. But if they don't redistribute any of the code, then the GPL specifically allows them to keep the changes proprietary.
No, he claimed he thought he was only uploading some open source code he had been working on (with approval) and that some proprietary firm code got thrown in the mix by mistake.
This comes up over and over but GPL code is owned by the employer, not paid employees who work on it. If it never leaves GS' computers (or those of its employees), that's not considered 'distribution', and changes don't need to be released. It's all spelled out in the GPL.
There isn't a whole lot of content here but since this case has had a lot of publicity I thought it would be nice to highlight when the programmer wins one over the larger corporation.
I agree it's time for the prosecutors to let go of this one. But, he did take Goldman's code. So, I don't quite share the sentiment that this is a hero standing up to an evil corporation.
I find it absurd that someone should go to jail because of stealing code. At most, the penalty should be a fine (if it should be considered a crime at all).
EDIT: Of course, breaking into a building or hacking a network to get it is a different matter altogether.
It's really no more or less absurd than someone going to jail for stealing a car. Though I have to admit I think sending people to jail for that is a really bad idea.
A car is a physical good whereby for one person to have it, another must be deprived it. Code is not a physical good so the rules can be very, very different.
I drive my car about twice a month, never on weekdays. If someone stole my car on Monday, they could use it all week and if they returned it on Friday with a tank of gas and $0.50 per mile for wear and tear, I'd be no worse off. Yet, that would still be illegal. But I would be deprived of the opportunity to rent my car to that person for a fee of my choosing. Similarly, I'm no worse off if someone squats on land I never use, or sneaks into my theater to watch a movie when half the seats are empty. But I am deprived of the opportunity to rent that land to the squatter, or sell a ticket to the movie watcher.
Property rights don't just grant you the right not to be made worse off, they grant you the exclusive right to profit from something.
Now, whether non-violent violations of property rights should be punished by jail time is a separate issue.
If we're going to suggest that code and physical property are the same, then I would ask you to touch code for me.
If you can do that I'm prepared to give code all the same rights as traditional property. If you can't then you might consider that physical goods and intellectual ones aren't the same and MAYBE different rules should apply.
Technically you're right of course. But functionally there's no difference. I go to the bank and ask for $1000 and they give me the cash and deduct the balance from my account. What their reserve ratio is immaterial most of the time. Except during crises and bank runs.
It's necessary but not sufficient for a loss of profits.
Further I was talking about code in general. To have separate laws or treatment of "financial" code versus "regular" code would be pretty silly. How would you even draw the line between the two?
You must be very good at yoga because that's a huge stretch. Property and intellectual property are completely different things to the point that intellectual property is a misnomer.
That is true, but it all ultimately comes down to some sort of financial loss. Car theft is damaging to the extent that the car is worth a certain amount of money. (This is ignoring the potential emotional connection which, while it can be strong, is mostly ignored in the law.) That we put car thieves in prison means that we're willing to imprison people for purely financial losses. If code theft causes a financial loss (and there's nothing inherently absurd about that as a possibility) then why wouldn't prison be a possibility there?
> If code theft causes a financial loss then why wouldn't prison be a possibility there?
The difference between stealing a car and putting it in a garage and stealing code and letting it sit on a flash drive in an office drawer is that the original owner of the car no longer has exclusive rights to use it, but the rightful owner of the code can continue to use their original property, often times exclusively. It's only when, as you eluded to, the stolen code gets used that a financial loss can be justified and I wouldn't argue against prison as a punishment.
But, I'm not really arguing that stealing code or any other intellectual property is _not_ wrong, but there really is a difference between the common analogy of stealing a car, which I think most people who do argue that position are trying to justify. I don't think that a person or company can truly claim a financial loss if they become aware of someone else or another company is in possession of their code until they have proof that the code was used either as reference or directly.
The value of a thing comes, in part, from the labor to get it. His employer paid hundreds of thousands of dollars to make this code. On the other hand, stealing it, unlike a car, results in a duplication with the original still in working condition.
Was anything lost, physically no, but he did commit a serious breach of contract rather than theft.
Sure the rules can be different, but why should they? The reason for punishing is the harm done.
I'd also argue that stealing code is depriving the owner the control of the code. The property interest is in the code in the non-tangible sense. It doesn't matter that I still have a copy.
This is especially true for code that is confidential. A lot of the value of Goldman's code is that nobody else knows it. Otherwise you can predict their trades, which can cost them money.
I just don't get the idea that millions of dollars of hard work can be stolen and it isn't a big deal because it's not physical. But everyone is okay when you throw a kid in jail for stealing a pair of Beats that cost 20 bucks to assemble.
>Stealing a car is a crime not because the defendant has a car, it's a crime because the true owner no longer has his car.
It's a crime because he has someone else's car. A property interest in the US common law system has always carried a right of exclusion and a right of control.
You are trying to limit it to just a right of possession.
>And while there may still be harm, it's certainly of a lesser sort.
Only because you insist that physical loss is always worse. Don't you think Goldman would be worse off if this code was taken vs. one of their cars? One is worth millions and the other several thousand dollars.
In fact, we have a very easy way of deciding which is worse. The economic damage is causes. That is actually how society judges how bad stealing is. Theft over a certain amount is worse than petty theft.
>This is a craftsman keeping a photograph of his work for a portfolio. Nothing more.
That is another matter entirely. I do agree the state should have to prove he intended to use it or disclose it to the public/goldman competitors.
It's sort analogous to borrowing vs stealing. Not every instance of taking without permission is stealing.
With the car analogy, you are depriving the owner of exclusive use of it. With code, you are depriving the owner of exclusive use of it. I see no difference.
with the car analogy, you're depriving the owner of any and all use of it, and also of its resale value.
with code, you are only depriving the owner of exclusivity, and then only if you use that code in the real world. and even then, it only becomes material harm if you actually use it to compete with them.
Yeah I think in the case of code or any intellectual property they should only be able to sue if you made actual use of it and it can be shown to have directly impacted the business. And in that case it should be handle as a civil lawsuit over criminal.
I feel the same should be done for counterfeit goods.
That is absolutely untrue in many (but not all) cases of "intellectual property". Let's take some extremely valuable "IP", Microsoft's "Word" word processor.
If one person had exclusive use of "Word", the "IP" would be worth a great deal less than it is right now, when almost everyone has "Word". The property here is called "network effects", and it also applies to physical property. If only two telephones exist, they're a good deal less valuable than if everyone has a telephone.
the value of a good that is being sold depends on the supply of that good in the marketplace. if there's no change in the supply in the marketplace (i.e. if the dude kept the sourcecode for personal reasons and never shared it), then there is simply no harm whatsoever.
Sounds like a familiar analysis... Oh that's right, I posted it the last time this came up, and a certain prominent legal mind here shouted it down as ignorant and insulted my intelligence.
sqb's primary argument in that thread is that the FBI should have done more investigating instead of believing what GS told them. That doesn't appear related to the analysis in the submitted article.
There was also a strong current of discussion about the legality of the underlying actions. The tone did remained civil, after a few choice edits on all sides.
Tptacek can bother me because he often presents the best possible form of the counterposition, as can Rayiner. We have different minds about jurisprudence, but I respect them both tremendously.
The discussion was in large part about the legality of the actions, as you can see through Rayiner's comment:
>"The Court concluded that he had in fact tried to take 500,000 lines of valuable and mostly proprietary source code, but that his conduct didn't fall within the reach of the two laws charged in the indictment. Solid legal analysis, but an ordinary person would say that he got off on a technicality."
Although my central point was indeed regarding the FBI's outsourcing of its investigation to Goldman Sachs, a private corporation and interested party, which seemed to offend fundamental notions of justice.
But the discussion most definitely significantly touched upon the legality of Aleynikov's actions.
See e.g. Rhino paraphrasing Rayiner's analysis:
>"Aleynikov definitely violated New York trade secret law.
He got off the federal charge because the trading software wasn't a product for sale, it was a product for internal use. The law was poorly drafted and once that came to light it was immediately fixed.
Like Rayiner said, in layman's terms, he got off on a technicality."
Or Rayiner himself:
>"That was his defense. But the jury found that he had in fact grabbed valuable proprietary software, and the Second Circuit agreed that the 500,000 lines that he uploaded were mostly proprietary, valuable code."
For example, this exchange:
"tptacek: >I have a passing understanding of the policies and procedures binding on developers at trading firms.
I dispute the idea that any senior developer could work at Goldman Sachs on an HFT infrastructure and believe that they were authorized to --- or, indeed, that they would not be immeditely fired for --- uploading the code to a proprietary automated trading system to a random SVN host in a different country. This is the code we, as security testers, were never allowed to see, even after owning up the machines hosting it. These firms are not kidding around about this stuff. It is a huge smoking gun to have uploaded any of it to some off-brand foreign svn host.
These are firms where you can be fired for plugging a thumb drive into your computer, or for using the company network to access Dropbox. I have worked for more than one financial firm that spent literally millions of dollars merely on the problem of detecting their network users trying to reach Google Mail.
I also dispute the idea that because developers commonly use ssh, gzip, and svn, that it is common practice to (1) gzip a tarball of source code, (2) encrypt that source code, (3) commit that compressed encrypted blob to svn, (4) remove all traces of the encryption key from their work computer. That's something happens zero times on normal dev machines.
The conviction was overturned because the technical details of exactly what Aleynikov took from GS didn't fit the ambitious charge the DOJ filed against him. But the appeal doesn't refute the finding of facts from the original trial, which include:
There was more than sufficient evidence presented at trial, however, for a rational juror to conclude that Aleynikov intended to steal Goldman Sachs' proprietary source code. First, it was undisputed at trial that Aleynikov actually did take proprietary source code from Goldman Sachs. As Aleynikov concedes in his motion papers, the code he took from Goldman Sachs included a “purposefully designed” portion of the Goldman Sachs “proprietary, custom-built trading system.” Indeed, the evidence showed that Aleynikov took a significant percentage of the proprietary source code for that system. While Aleynikov attempted to show that there was open source code embedded within the proprietary code and to identify the files in which that might be true, his expert witness was only able to identify one file among those taken by Aleynikov that both bore a Goldman Sachs copyright banner and appeared to contain open source code.
I'm just fine with Aleynikov's conviction being overturned. Again, the charges against him seemed ambitious.
But this is a forum full of software developers.
Rayiner is a lawyer and a compiler developer. It's somewhat insulting to everyone's intelligence to pretend that people here are unfamiliar with ssh and svn. We understand how software development works. What happened here was extremely sketchy. You can't play the "well in the world of software development, this is totally normal" card on HN.""
s_q_b: > "...Agreed, but it was established that he did this fairly consistently throughout the course of his employment. It's idiosyncratic, but not unexplainable. Sure, it was poor development practice, but I'm not convinced it was malicious.
Again, if the intent was trade secret theft, why not take the valuable part, the trading strategies?"
I held that his actions violated neither state nor Federal law, so I'm razzing those that insisted his action were criminal, just a bit, all intended in fun. Perhaps the language could have used a bit of softening :)
Did the prosecution not establish that Aleynikov did in fact take software that was instrumental to the implementation of trading strategies, useful exclusively in that context, and labor-intensive to recreate?
I am not "pro-prosecution", but I am anti-"default position that evil banksters are behind prosecutions".
Wow, do you really not understand what was stated, or are you simply attempting to manipulate words for your purpose?
Allow me to rephrase.
Assuming arguendo that their was any such admittance, which there was not, in plain English two courts have now found him legally not liable for any crime, and one court found that he was subject to an illegal arrest and search.
No crime was committed. I cannot write this either in more simple English, nor in more precise terms.
I refer you to the court documents and the appeals court decisions for further discussion of this now legally established fact.
I genuinely thought you were trying to stipulate he'd stolen the code, from your first comment (where you made a point of talking about his intent) and your second, where you simplified not to "did he steal code" but "did he steal code for profit".
Since we're at that unproductive point in the discussion where we're spending more time parsing than actually discussing, I'm going to go ahead and bow out now.
The way you've written your post reminds me of that time that Clinton aides stole critical computer hardware from the offices of the White House and the Executive Office Building during the transition from the Clinton administration in order to sabotage the efforts of the incoming Bush administration. Or, you know, to put it another way, they took all of the W's off of the keyboards.
I think part of the problem may be that you see them as "the pro-prosecution crowd". I don't think they are. tptacek explicitly said he's fine with the conviction being overturned. There's a difference between saying "I support the prosecution" and "I disagree with your argument against the prosecution".
My argument against the prosecution was the one used by the Judge. See e.g. the discussion of the FBI's arrest:
In a 71-page opinion, Justice Ronald A. Zweibel of State Supreme Court in Manhattan ruled that the F.B.I. “did not have probable cause to arrest defendant, let alone search him or his home.” The arrest was “illegal,” Justice Zweibel wrote, and Mr. Aleynikov’s “Fourth Amendment rights were violated as a result of a mistake of law.”
https://en.wikipedia.org/wiki/Sergey_Aleynikov
"On April 11, 2012, Dennis Jacobs, Chief Judge of the United States Court of Appeals, published a unanimous decision in a written opinion[11] stating:
On appeal, Aleynikov argues, inter alia, that his conduct did not constitute an offense under either statute. He argues that: [1] the source code was not a "stolen" "good" within the meaning of the NSPA, and [2] the source code was not “related to or included in a product that is produced for or placed in interstate or foreign commerce” within the meaning of the EEA. We agree, and reverse the judgment of the district court.[10]
In the course of these events, Aleynikov has spent 11 months in prison. Aleynikov has divorced, lost his savings,[12] and, according to his lawyer, "[his] life has been all but ruined".[13]
The government did not seek reconsideration of the Second Circuit's ruling, thus ending federal action against Aleynikov.[14]
Later, on December 18, 2012, the law was changed by Congress, in order to punish acts like the ones Aleynikov committed in future rulings, in a law referred to as the "Theft of trade secrets clarification act of 2012".[15]"