Slashdot Mirror
Goldman Sachs Code Theft Not Quite So Cut and Dried
The New York Times has some interesting details that are surfacing about the recent charges brought against Sergey Aleynikov, the programmer who allegedly stole code from Goldman Sachs on his way out the door to another job. "This spring, Mr. Aleynikov quit Goldman to join Teza Technologies, a new trading firm, tripling his salary to about $1.2 million, according to the complaint. He left Goldman on June 5. In the days before he left, he transferred code to a server in Germany that offers free data hosting. [...] After his arrest, Mr. Aleynikov was taken for interrogation to F.B.I. offices in Manhattan. Mr. Aleynikov waived his rights against self-incrimination, and agreed to allow agents to search his house. He said that he had inadvertently downloaded a portion of Goldman's proprietary code while trying to take files of open source software — programs that are not proprietary and can be used freely by anyone. He said he had not used the Goldman code at his new job or distributed it to anyone else, and the criminal complaint offers no evidence that he has."
Here's the thing, Open source or not, taking it directly from his employer was a bad idea. If you modify a piece of software for in house use and don't distribute it outside, you don't have to distribute the source. If he wanted open source software, i know of a few places where he might find copies. (no links because you should know about google and source forge by now). So, if the source code HAD to have been taken from GS's servers, then it probably had proprietary in house changes which may not be re-licensed under the gpl (the gpl is a distribution license and kicks into effect as soon as GS starts distributing). That might still be theft of in house IP, which is bad.
Anywho, in summary, weak sauce excuses are weak sauce.
"a server in Germany that offers free data hosting"?
They'll use rapidshare for anything these days!
Criminally negligent carelessness or a clever disguise for future criminal intent? Short of reading his mind, we may never know.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Can you really "waive your rights against self-incrimination"? Like, now that he's waived his rights, he's required to incriminate himself?
Breakfast served all day!
I'm in the wrong industry vertical.
You better watch out, there may be dogs about . .
He said that he had inadvertently downloaded a portion of Goldman's proprietary code while trying to take files of open source software
Why try to take open source software instead of downloading it when you need it?
He said he had not used the Goldman code at his new job or distributed it to anyone else.
It sounds like maybe he wanted to keep it around for possible later reference. Not uncommon, but not innocent either.
To steal code, you print screen and save it as an image file :)
$400k/year then $1.2mm and you use a public defender. Seems like someone is taking advantage of the system.
Yo, yo honah, check this shit out, yo.
Open Source, yo, it wants to be free, yo honah. So I took the code-izzle and put it on rapidshare, far out, yo honah.
And that is de end of the story, yo honah. I pleads da fif.
Keep your personal business and your company's business separate. For instance, I have a separate banking account whose sole purpose is to hold expense reimbursements until I pay the ccard. Why? Because it's just too damned easy to screw up and cause yourself trouble all out of proportion to the original mistake.
"As God is my witness, I thought turkeys could fly." A. Carlson
He is a developer so by definition he is computer literate; you don't "accidentally" copy the wrong files (especially since they have BASH LOGS of what he did). However, even if what he says is true WHY IN THE NAME OF FUCK would you copy Open Source Software from your development machine instead of directly from the source? The potential for the appearance of impropriety is bad enough. On top of that, according to the original Slashdot article a while back he also encrypted the files. WHY IN THE NAME OF FUCK would you bother to encrypt Open Source Software files? While everything he said is technically plausible, it just comes off as fraudulent in the same manner as Hans Reiser's defense; i.e. "I'm so smart and I have an answer for everything". I suspect the next thing we hear about this story will involve a plea deal.
...on the first day? The one that says something like "All code I write for the company and all derivative works are property of the company..." Looks like they were serious. Even though he may have been accessing freely available open-source files, if that code was on company servers, you can be damn sure they are going to scrutinize the heck out of him regardless of intent.
Why not just go home and get it off the internet? Why even risk it when you know how touchy companies can be about IP?
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
For once, I am hoping for the Russian dude to prevail.
I am a bit shocked that there have been no arrests at Goldman Sachs for market manipulation and illegal front running.
I guess the moral here is pretty much summed up by Napoleon Bonaparte.
"Never ascribe to malice that which is adequately explained by stupidity."
If our elected representatives no longer represent us, do we still live in a Democracy?
I'd like to see that shit scrutinised and publicised. Seems a tad shady, like most of the rest of that Wall Street business.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
Holy shit. Who the hell makes that type of money? I have a PhD from a top-school, and I make 5 digits.
Yes, you can waive your rights, no you aren't now required to. What it means is that you have said "I understand that what I say and what evidence I reveal can be used against me, and I'm ok with that." You would do this, presumably, because you are innocent and believe that the evidence thus won't be used against you because it won't implicate you.
More or less, waiving your rights is a formality that the police often go through, especially when related to searches, to make sure you can't change your mind later and trip them up. They get a signed statement that says that they can go ahead and search your house, ask you questions without a lawyer present and so on. If you then go in court and say "But I didn't agree to that!" They can say "Yes he did," and produce the document.
So while you have the right to not incriminate yourself, you also are free to ignore that right and to incriminate yourself. You can waive the right. Where something like that wouldn't be the case is with privileged communication. If you tell your lawyer something, they can't decide to waive privilege and disclose it because they feel like it. You can, they can't.
No evidence of wrongdoing has really been presented. The article (I did RTFA) seemed to say that because some files went out, the company immediately began legal proceedings without even knowing what they were. It seems like PHBs are declaring what the "valuable" files are. I'm also shocked the way the FBI has handled this - there has to be more than we're seeing.
Having said all of that - it does look like (at least the article makes it look this way) the established firms are manipulating the legal system to prevent new competitors from getting on their feet. Slap suits used to be civil only - I would think that attempting criminal slap suits would have some legal consequences for the one filing the false (or should have known they were false) charges.
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
He's a f*cking idiot, and probably watched too much CSI and other cop shows where they always show people talking without their lawyer. Don't talk to the police, or the FBI, or any authority without your lawyer. Doesn't matter if you are innocent, doesn't matter if you have an explanation, an alibi, whatever. Just don't do it, because you can and will say something that can be used against you in a court of law.
'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
What I want to know is, what open source code was worth such risk of being accused of inappropriate behavior.
That is not my glove!
"i lost my dignity on a slippery wiener"
quote from referenced NYT:
At a bail hearing three days later, a federal prosecutor asked that Mr. Aleynikov be held without bond because the code could be used to "unfairly manipulate" stock prices.
So let me get this straight. GS has code to unfairly manipulate stock prices? Mr. Aleynikov is getting prosecuted because he liberated code which is being used for unfair HFT? I suppose stealing from the mafia is a crime, too.
I understand the IP issues involved. He should do time for stealing. But, it's ok for GS to be able unfairly manipulate stock prices? Apparently, we trust a for-profit investment bank a heck of a lot more then we trust Mr. Aleynikov.
GS would never unfairly manipulate the markets. http://www.zerohedge.com/article/goldmans-42-100mm-trading-days-q2-absolute-unprecedented-record-just-two-days-trading-losses
The interesting part of the article is actually in paragraph 3 (i.e., before anything the submitter thought was important):
Of course, it's perfectly fine that Goldman-Sachs management and traders have code that could be used to "unfairly manipulate" stock prices. But when a private citizen gets their hands on something like that, look out! God knows we wouldn't want the hoi-polloi to have the same chance to "unfairly manipulate" stock prices that the big boys have.
That is all.
I have proof!
Exception handling used for process control.
Functions with 27 exit points.
GUI threads running I/O.
Databases with tens of thousands of tables with no referential integrity.
Odds are this guy is a 110'er. "Smart" enough to copy his code. Dumb enough to do it over the network.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
At least every day for the past three or four years I've gotten inquiries from recruiters for Solomon-Page and Bloomberg, and occasionally other New York City investment firms. They specifically want C++ coders, which is what I'm best at.
If I respond at all, it's to say that I don't want to live in new york city.
However, the last time any of them named a specific salary potential was back in 2002 or so. I guess the pay scale has increased since then.
My theory is that they're hoping that some manner of Software Magic is going to fix all their fux0r3d mortgage-backed securities lossage. If one could really do that with quantitative investment software, then one would earn such a collosal salary, but I would hate to have to live with all the pressure they would be putting on me.
Request your free CD of my piano music.
I think I remember a part of a Sci-Fi book in Snow Crash by Neal Stephenson relating to protecting the intellectual property of code in a programmers head. It went along the lines of wiping his brain or something like that. What will stop a person from recreating the code from his head? Would be the same thing as copying proprietary code.
The "hoi" in "hoi polloi" means "the." So when you said "the hoi-polloi," you not only put an incorrect hyphen in the phrase, but you also prepended an extra article.
If you want to appear smart and use fancy Greek phrases, get them right, or you just make yourself look stupid and pretentious and lose all credibility for your post.
(I am aware that my post has zero value, and that I am making myself look like someone who can't contribute anything more meaningful to a conversation than some nit-pick about some obscure linguistic structure about which nobody cares. But I am bored. And you are an easy target. Sue me. And while you are at it, sue me for putting an entire paragraph inside a parenthetical phrase, beginning sentences with "and" and "but," and having every fault for which I am criticizing you).
It slipped my mind just now that I actually used to work for a quant myself, as a consultant. It was a futures hedge fund. That is, it would buy and sell pork belly and crude oil contracts in such a way as to... print money.
The guy who owned the fund is the richest person I have ever met, or am ever likely to meet. Yet they tried to stiff me out of my last month's paycheck, and wouldn't pay me unless I removed from my homepage what their directory of research said of me: "Your code is by far the best in our codebase."
I just violated my termination contract by telling you that. Fuck 'em - I shouldn't have had to sign that contract just to get the paycheck they owed me anyway.
Request your free CD of my piano music.
If you modify a piece of software for in house use and don't distribute it outside, you don't have to distribute the source.
Maybe. Maybe not. AFAIK the issue has never been tested in court. But consider that, if you take a copy of Microsoft Office, and make lots of copies for internal use only, even though you aren't distributing the software externally you will still be guilty of copyright infringement. I would suggest that the same rules would apply to the act of internal distribution of GPL software - you either abide by the license, or you are guilty of copyright infringement. Copyright law does not distinguish between internal and external infringement, or between closed and open source infringement. Just as you cannot provide your programmers with pirated copies of Windows, you also can not provide them with pirated copies of GPL software.
That analogy is, unfortunately, wholly incorrect.
The GPL requires you to distribute the source code to everyone you give the binary. If you do not distribute the binary but keep it in house, there is nothing that forces you to hand out any changes you've made to the source.
This isn't even a loophole in the GPL, this is in there by design --- if I "buy" GPL software from someone, I own it --- I am free to modify it in any way I see fit, and unless I'm seeking to profit by re-selling it, I have no further obligations to the person gave or sold me that software.
They did, well after they had offloaded their stakes.
So tedious that one month he went on a month-long vacation cruise without paying us. Again, not just me - but all his employees.
You'd think that he'd be more careful, given the dependency his operation had on his employee's dedication.
But no, he also played a little game with us. He wouldn't pay anyone sometimes, until someone complained about their paycheck being late. And then that poor hapless victim would get a stern lecture about how they ought to save more of their money, so that a late check wouldn't be such a big deal.
Simple cruelty is what it was. I hope he rots in Hell. He was the very first thing I thought of when I read about how the quants were the likely cause of the world-wide economic collapse. I haven't heard from those folks in years, but I would be astonished if his economic model had any allowance for the subprime meltdown. I bet - I hope - he's flipping burgers now.
Request your free CD of my piano music.
Nah! BULL SHIT! Not competitive advantage... totally obviously Lehman didn't have any. Haven't you been reading the news?
So if it wasn't competitive advantage they were hiding, then what? Let's guess....
Ooh... I can guess, they were frantically trying to prevent any evidence of, ahh, umm, shall we be kind and call it, ah, losses and umm, where they were lost to.
And this means that if you distribute the binary only in-house, then you must distribute the source only in-house, and only UPON REQUEST. You don't have to give out source unless asked for. You aren't required to stuff it down anyone's throat. What part of company X is going to ask another part of X for the source, get denied that request, and then sue under the GPL? (Yes, it could happen...)
Any company using GPL internally that doesn't hand out source to everyone in the company is simply going to say "nobody asked" if the original author or FSF or whoever tries to sue under GPL.
I think everyone (or almost everyone) is missing the larger point here. This software, from Goldman Sachs, is what they are using to get the jump on everyone as part of their HFT (high frequency trading gambit). What they are doing is technically fraudulent and illegal, which was why they used their extraordinary influence with the US Government - which they, and the rest of the banksters now officially own - to IMMEDIATELY have Sergey arrested.
Also, all the Euro papers and blogs I perused stated that the code was originally uploaded to a server in London, United Kingdom. Something appears amiss here (and the game is still afoot, BTW).
the GPL defines publishing as submitting the code to "outside". For the purposes of a company, internal GPL code that never leaves company owned machines is just the same as your personal modifications on your personal machine. The Company, or their IT staff, is the Owner/maintainer, so it's not considered "publishing" to push changes onto company owned desktops or servers.
This is how Google keeps gobs of Linux customizations they make living on the GooglePlex pushing out google searches but the code never leaves Google's servers so it's not "published".... the Affero GPL is one of the licenses that adds clauses for webpages/ server side packages that the link to code must be visible from the network application ..GPL3 has a provision to include "about this code" links but it's not mandatory.
Goldman Sachs alumni also found at World Bank and IMF, as well as at least ten people in the Obama Administration (probably even more than that).
GS doesn't have a statistically impossible earnings record with HFT because they are smart, it's called cheating..cheating...cheating....what they have always excelled at. Didn't anyone read Matt Taibbi's outstanding article in the Rolling Stone mag the other month? Geez, they have their hardware positioned exactly right to make a killing -- no brains involved -- plus they own all the frigging exchanges (via a series of holding companies, 'natch). You others here, catch a clue, doods....
Could be GS disallows outgoing code, and that this guy might have had a collection of open source code gathered over a long time which he may not recall original locations for (or some may have disappeared). Still makes it a lousy idea to take from work; better to jot down the URLs and download at home if you want to keep the open src stuff...but part of the article's question was whether the guy stole GS code intentionally.
I suspect rather though, since he is obviously also a quant, not "just" a programmer, that the more serious question is what notes and algorithms he might have taken out of the place. Code for a specialized hardware/software platform is mighty hard to use anywhere else, but algorithms and techniques are golden.
There would possibly still be allegations of impropriety even with no evidence of anything leaving the company; this guy was writing code for many apparently key algorithms and could hardly be expected to have purged them from his head. Some of what is arguably his skill could be regarded by his former employer as valuable trade secret proprietary information. However, leaving the place even with a photographic memory of all he did is not illegal, and case law I have read about suggests it would not be a civil wrong either. Carrying anything out that can be a hook to claim that information was taken physically is in those circumstances just an invitation to lawsuits or criminal charges regardless of what actually was taken.
That said, one wonders why the material was landed in East Europe rather than some US server if it was in fact innocent. Wiping a disk free space is understandable. Where I am, it is ok to use company mail for personal purposes, provided it is not excessive and does not compromise company information. Some folks will have long trails of their lunch invitations, love lives, gossip and so on, basically innocently, but stuff that would embarrass them or others if disclosed and thus which ought to be erased. If someone sent them a phone number in confidence, for example, wiping it so the next user of that computer might not see it is the honorable thing to do. Still, far as I can see the best evidence of this guy's bona fides would be if he got a copy of the 32 megs of stuff, decrypted it and handed it back, so that if it really is all open material that could be seen, or if not it might be seen that it was a case of some sloppy stuff getting into a directory with the PD material. It would thus establish intent. If he told the truth, it might well show that what was done was not criminal at all. Violating GS policy almost certainly, but that is not criminal itself. Such a thing would also go far to show what the extent of damage actually was.
If the guy arrested were able from his memory to reproduce any secrets in the material, without recourse to them, then it would tend to show too that they were useless and not needed.
Stealing code and reusing it after all leaves traces; it is possible to compare the original code and the copies and decide whether they are the same person telling the same story twice from memory, or whether partial or complete copying was in there. With the amounts of money involved, a competitor would be crazy to allow any such copying to take place, and the programmer would be nuts to risk it, knowing full well that such kinds of scrutiny were likely.
Finally, the skills of doing hard realtime programming are fairly widespread among at least retread physicists and probably among other kinds of activities where detection of events within nanoseconds (or less) is commonly needed. Not perhaps an enormous group, but they can be found...
Actually, I think it's only partially incorrect.
Point 6 of the GPL:
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
The question is whether an employee asked to use the software can be considered a "recipient" of the software. For this, I can see arguments both ways - and I do not believe it's been tested in court.
Yes. For instance, you can accept a contract to develop changes and agree not to release your changes until the client says ok. This is permitted because in this case no GPL-covered code is being distributed under an NDA. You can also release your changes to the client under the GPL, but agree not to release them to anyone else unless the client says ok. In this case, too, no GPL-covered code is being distributed under an NDA, or under any additional restrictions.
I think that would cover it.
I don't think it would. Consider the last sentence of the passage you quoted.
In this case, too, no GPL-covered code is being distributed under an NDA, or under any additional restrictions.
This is manifestly not the case when I am given a modified version of GPLed code and told I cannot distribute it.
Note specifically that in the examples above, it's a question of what someone agrees to do with code he has written. In our example, it's a question of restricting what someone agrees to do with GPLed code they were provided. If - a big if - the employees are taken to be recipients of the software, the employees are either implicitly licensed the software under the GPL or the company is in violation of copyright.
Dint they have the thing called Non-Disclouser-Aggrement(NDA)??? that should cover everything from open/close sources..i guess.
hmmmmm..
He got a new job...1+ billion salary...and got famous too...now will he come on fox news/cnn/lary king?
he must be sitting in teza and flaunting abt it..god..i envy...
http://www.gnu.org/licenses/gpl-faq.html#InternalDistribution is more appropriate. However, the answer seems US-centric, leaving open the question of whether other legal systems may treat employees as "individuals". The FAQ does suggest that if the work is not a "work for hire" (eg. if the employee is a contractor) then distributing to the employee is actual distribution and the GPL applies. This advice is also US-centric and it may be that in other legal systems, particularly ones where employees can't legally sign over copyright to their works (as I believe is the case in Germany), this would not apply.
Also, if the software is copied on to a PC, laptop, or memory stick that is the property of an employee rather than the company, then that would probably count as "distribution". What if the software is burnt to a CD and handed to an employee - it could now be fairly said that the employee owns the CD (since there is no rental contract or otherwise that would keep ownership with the company), is that distribution? Also, the FAQ question appears to predate the GPLv3 - do the wording changes to "propagation" and "convey" (see terms) make a difference here? While we can argue about whether "distribution" applies internally or not, the definition of "convey" is more clear ("any kind of propagation that enables other parties to make or receive copies").
The only way to answer these questions for difference legal jurisdictions is to actually have court cases in different jurisdictions.
Lol. A likely story. I'm SURE that companies like this store all of their top secret source code in the same directory as random open source stuff.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Why were they forbidding something while providing all the technical instruments to commit the infringement?
What is so difficult about removing the DVD/CD burner, removing any software capable of burning a disk and then securing the PC installation?
IANAL but write like a drunk one.
Big buyers can (and the technically literate will) request to remove or add devices as needed.
If you think Dell or HP will say no to a request from one of the big banks, as LB was back then, then I think you have not worked at that level, or your company didn't have enough cloud to force th issue on their favour.
And accepting without conceding that what you say is truth, how difficult is to pay a temp technician to remove all the DVD burners and auction them on eBay to make back some of the money?
IANAL but write like a drunk one.
The computer does not know if the person stealing data is the employee that read the company's policy or an outsourced janitor paid a fortune to dump a mirror image of the computer hard disk.
If you don't want a vector of attack you simply close it. It is that simple. If you need to get information out of the company then you create a procedure in which the data is reviewed and signed off by an independent party (auditors).
Sorry, but data is valuable, mishandling can land people in jail, so you ought to treat it seriously as you would treat any other company asset.
IANAL but write like a drunk one.
Anybody that has been awake in the last 10 years knows that you can't transfer data in that fashion.
What you do at work stays at work. It is that simple.
IANAL but write like a drunk one.
When the unrealistic deadlines arrived, I asked who are they going to bring to fix the mess.
Needless to say I worked several happy years there.
IANAL but write like a drunk one.
I have never worked more than 35 hours a week, and always have used all my holiday allowance.
If you don't take a stand for your own rights nobody else is going to do it.
IANAL but write like a drunk one.
You sign an agreement to abide by company policies. If you don't respect that you are toast.
Pretty simple really.
IANAL but write like a drunk one.
Copying data out of the network is most likely violating security policies of the company.
You sign agreements on this regard, and most likely rceive training once a year or thereabouts to remind you you of this and other responsibilities you have for working in a heavily audited environment.
Copying files out of your employer's network without their agreement is simply unacceptable.
IANAL but write like a drunk one.
> "We need to prevent treating the exchange markets like some huge gambling casino."
Actually there's a big difference already.
In casinos you typically gamble with your money and not a pool of money that you took from some pensioners to "invest". Or at least if you get caught doing the latter and lose big time, you go to jail.
In contrast in "high finance" you have companies gambling with other people's money, and during the winning streaks, the gamblers and their bosses pay themselves big bonuses. When there's a big loss, they pay themselves a smaller bonus and then tell the pensioners that the "perfect storm" happened and all the money is lost (or even ask for a bailout). And unless the gamblers have been really stupid (and/or doing it Madoff style), they don't go to jail. Many get new jobs months later to do the same thing all over again - they made their bosses rich, so why wouldn't similar companies hire them?
They're in the business of transferring money from the stupid to the smart.
That could work if a reasonable person would be confused, say, because someone had secretly replaced the real sounds/beepboing.mp3 file with a copy of a Beatles song, AND there was no reason to think you knew any better, or worse, knew of the problem and only downloaded the open-source package to get the Beatles song.
It's the same defense that might save you if someone replaced images/rightarrow.jpg with kiddie porn or doc/license.txt with plans to assassinate the President.
For this defense to work, you need:
*a good lawyer
*a good story
*hopefully, others with the exact same story
*nothing in your personal life that shows you would want to download such a file, either bootleg music, kiddie porn, or assassination instructions.
*the right balance of naivete and sophistication that says "yeah, you are sophisticated enough to be interested in the open-source package but naive enough to not notice an mp3 or jpg file that is many times larger than it should be."
If your case is obviously contrived the judge will never let the jury hear it. If your case sounds plausible but your background makes it sound like an excuse, the jury may hear it but they won't buy it and they'll be mad at you for thinking they are fools, even if you didn't intend to download the file. If you run a pirate torrent, good luck explaining the Beatles song. If you are a sex offender with a history of hurting kids or even someone with no criminal record who seems "creepy," good luck explaining the kiddie porn. If you are a vocal opponent of the government with a legal or especially illegal arsenal of firearms, good luck explaining the assassination instructions.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Not really. Some governments do the work in advance to issue their own advice on this - for example, the New Zealand government issued an entire essay on the use of open source and distribution between departments. The same advice could be used by a private company without much if any modification.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I stand corrected. The bankster cartel, which pretty much has merged with the oil cartel (or is GS really an oil company now, as well as JPM a precious metals company -- gold and silver paper??) controls everything. (Although the three major players always appear to be Goldman Sachs, Morgan Stanley and JPMorgan Chase, don't they?)
But to really get technical, it is the Financial-Intelligence Complex which really controls the big show. This crystallized for me after reading Richard Parker's scholarly biography on the brilliant economist, John Kenneth Galbraith. The chapter on his time with JFK's administration clearly demonstrates how the founders and creators of America's modern intelligence establishment (circa WWII) manipulated and outmanuevered (or attempted to manipulate and outmanuever) President Kennedy. Highly recommended reading.