Goldman Sachs Code Theft Not Quite So Cut and Dried

The New York Times has some interesting details that are surfacing about the recent charges brought against Sergey Aleynikov, the programmer who allegedly stole code from Goldman Sachs on his way out the door to another job. "This spring, Mr. Aleynikov quit Goldman to join Teza Technologies, a new trading firm, tripling his salary to about $1.2 million, according to the complaint. He left Goldman on June 5. In the days before he left, he transferred code to a server in Germany that offers free data hosting. [...] After his arrest, Mr. Aleynikov was taken for interrogation to F.B.I. offices in Manhattan. Mr. Aleynikov waived his rights against self-incrimination, and agreed to allow agents to search his house. He said that he had inadvertently downloaded a portion of Goldman's proprietary code while trying to take files of open source software — programs that are not proprietary and can be used freely by anyone. He said he had not used the Goldman code at his new job or distributed it to anyone else, and the criminal complaint offers no evidence that he has."

open source... Likely defence

[Anonymous+Cowar]

Here's the thing, Open source or not, taking it directly from his employer was a bad idea. If you modify a piece of software for in house use and don't distribute it outside, you don't have to distribute the source. If he wanted open source software, i know of a few places where he might find copies. (no links because you should know about google and source forge by now). So, if the source code HAD to have been taken from GS's servers, then it probably had proprietary in house changes which may not be re-licensed under the gpl (the gpl is a distribution license and kicks into effect as soon as GS starts distributing). That might still be theft of in house IP, which is bad.

Anywho, in summary, weak sauce excuses are weak sauce.

Re:open source... Likely defence

[Anonymous+Cowar]

So what you're saying is that he was in the right because he was impatient?

Re:open source... Likely defence

[digitalunity]

What he did was wrong, but not for the reasons you think.

Superfast trading puts all other traders at a disadvantage and essentially lets day traders manipulate the market. The SEC doesn't see fit to step in and stop the madness. They're a leech on the market and the frequency and volume of their trades hampers the ability for real investors(meaning people) to determine the volatility and legitimate trade volume of a stock.

Some day the SEC will pull their head out of their ass and put a mandatory ownership period on all stock purchases of 48 hours or something. Addicted day traders might stop gambling away their retirement and it might put an end to these fast traders.

Re:open source... Likely defence

[Dr+Damage+I]

In order to prove that theft has taken place, it is necessary to prove that the accused intended to steal. Or to put it another way: actus non facit reum nisi mens sit rea, which means that "the act does not make a person guilty unless the mind be also guilty". Thus, if indeed, taking the proprietary code was inadvertent, he is not guilty of theft.

Re:open source... Likely defence

[Tanktalus]

a) tell the jury that

b) how often does "but I didn't mean to steal it!" work in real-world (as opposed to academic or TV) court?

Re:open source... Likely defence

[pz]

Here's the thing, Open source or not, taking it directly from his employer was a bad idea. If you modify a piece of software for in house use and don't distribute it outside, you don't have to distribute the source. If he wanted open source software, i know of a few places where he might find copies. (no links because you should know about google and source forge by now). So, if the source code HAD to have been taken from GS's servers, then it probably had proprietary in house changes which may not be re-licensed under the gpl (the gpl is a distribution license and kicks into effect as soon as GS starts distributing). That might still be theft of in house IP, which is bad.

Anywho, in summary, weak sauce excuses are weak sauce.

Agreed. It might well be argued that knowing which open source packages were used is in itself proprietary, and therefore the mere copying of the packages from his employer, demonstrating a clear and discerning knowledge of valuable operational information, is sufficient for prosecution. Assuming he is just stupid and is not lying, he should just have waited until he was at his new job to grab the code from the original distributor (SourceForge, or wherever).

I'm disinclined to believe that the copying was innocent. A number of my friends, and my spouse, work in the financial industry, and nearly every action taken in life is scrutinized. Exiting a position, doubly so. Everyone knows this, and there is a good reason: when salaries are in the 7-digit range, people's motivations become rightfully suspect.

Re:open source... Likely defence

[Chyeld]

No offense, but they were idiots then. Why did they have CD burning capabilities in these PCs and why did they trust that the CD you handed them was the one you just burnt and you hadn't palmed one under your desk with the actual stolen code.

Re:open source... Likely defence

[MBGMorden]

and why did they trust that the CD you handed them was the one you just burnt and you hadn't palmed one under your desk with the actual stolen code.

Not saying they necessarily did this, but if the software was already set to kick off a warning to them, then it may very well have also included a checksum for the data burned to the CD. It wouldn't be hard to take the CD and recalc a checksum to see if it matched.

Re:open source... Likely defence

[Chyeld]

The first part would still stand, obviously any burning was unauthorized, and they still sell "read only" CD drives today.

The second part, with your jusification, would imply that they knew what was being copied and thus should have been able to simply determine that this wasn't something they cared about.

Unless they half-assed it.

Which given they appearently went to all the effort of coming up with a system to detect file copies without going the full nine yards of removing the actual ability to copy files off the system, isn't that hard to believe. But it still gives them the stupid label.

Re:open source... Likely defence

[ChameleonDave]

We both almost got fired from the shit-storm that followed. They didn't overreact one bit. We were wrong.

You appear to have a form of Stockholm syndrome.

Re:open source... Likely defence

[ChameleonDave]

Assuming he is just stupid and is not lying, he should just have waited until he was at his new job to grab the code from the original distributor (SourceForge, or wherever).

It's lovely, seeing with 20-20 hindsight, isn't it?

Re:open source... Likely defence

[codeguy007]

Because that's how dell and hp sell them. Purchasers don't care about IT security.

Re:open source... Likely defence

[benjamindees]

And the IT Dept is competent enough to monitor usage of the CD burner, but not to disable it?

Re:open source... Likely defence

[sumdumass]

If the burners were needed during the course of business, it may have been impossible to disable them without costing more in the long run.

I find it funny when people say "they should have disabled it" instead of the employee knows the rules and shouldn't have done X. I mean is it the employers fault that the employee was surfing porn at work because the sites he visited wasn't blocked by the content controls? Is it the employers fault for not putting the printing paper or pens under lock and key when the employees start taking it home for personal use? No, it's the employees fault for not following the rules. When employees cannot follow the rules, they need to become ex-employees instead of having the employer jump though hoops locking crap down.

Re:open source... Likely defence

[Saint+Fnordius]

I disagree about the mandatory ownership being draconian. After all, the entire idea of acquiring ownership is that you are assuming responsibility as an owner. Buying it only to sell it minutes later implies that you really weren't interested in the company.

We need to prevent treating the exchange markets like some huge gambling casino.

Mountain or molehill?

[davidwr]

Criminally negligent carelessness or a clever disguise for future criminal intent? Short of reading his mind, we may never know.

Weird phrase

[PCM2]

Can you really "waive your rights against self-incrimination"? Like, now that he's waived his rights, he's required to incriminate himself?

Re:Weird phrase

[DragonWriter]

Can you really "waive your rights against self-incrimination"?

Yes.

Like, now that he's waived his rights, he's required to incriminate himself?

No, it means that once he made the waiver, the statements he made to law enforcement can be used against him in a court of law and he cannot assert his Constitutional right against self-incrimination to have those statements excluded from evidence at trial (or, at least, provided that evidence shows that he did in fact waive those rights, an attempt to do so would fail.)

Holy JESUS

[BitterAndDrunk]

$1.2m a year to PROGRAM??

I'm in the wrong industry vertical.

Re:Holy JESUS

[cptdondo]

Well, you earn it. My sister used to work on wall st; got all sorts of perks. Catered dinners and a chauffeur home when she worked late, that sort of thing. Thing is, the late nights, killer pressure, and absurdly long weeks were the norm. Me, I make probably a tenth of what she did, but I show up at 7:30 and leave at 4, and sleep at night. I have time for my kids and family. I've never worked on a weekend on this job. So yup, you can make $millions; you can also lose your soul.

Re:Holy JESUS

Bullshit, your sister earned in 3 years what you do in a lifetime. 3 years aint that long.

Re:Holy JESUS

[mypalmike]

Lots of programmers work those kinds of insane hours without the $1.2 million salary. Indeed, the average game programmer does it for around $80K.

Re:Holy JESUS

[wandazulu]

It's not worth it. It's just not worth it. I have never been more miserable than when working in such an establishment. I never, ever, ever thought I could get used to being called an a-hole to my face for, well, anything...that's just how you referred to. And while the executive offices were likely very nice, I sat in a cube with ripped fabric, working under a flickering florescent light.

In addition to what others have said, insanely long hours, unbelievable pressure (I was told that if I didn't have something working in production by Sunday night that I should just assume I'm fired), I can say that in 1996 I took 3 days off: New Years, Thanksgiving, and Christmas. I worked every other day.

Not worth it. Absolutely not.

Re:Holy JESUS

[Lord+Bitman]

In exchange for no days off for one year of my life, I could be paid more money than my current prospects have me making (gross) for the next 40 years?

I'll call it worth it. Where do I sign?

Re:Holy JESUS

"Goldman (and others) do not make money on HFT because they are smart."

Don't go all hyperbolic. I work in this industry (hence posting as AC) and I can tell you the main reason you will make money is because you are smarter than the other guys. Relatively speaking you don't need that much capital to join in. Also, HFT is great for the small time investors as it smooths the curve and reduces the spread making your small trades cheaper. Not everything happening in the trading world is immoral. And ironically, open trading on exchanges is one of the few measures that will improve transparency. Most trades in the world happen (~60% by value) 'over the counter', i.e. in private with little or no oversight.

Re:Holy JESUS

[cptdondo]

How much is 3 years of your kids lives worths?

Re:Holy JESUS

[lewiscr]

Duh, do it before you have kids. I missed the boat.

Re:Holy JESUS

[gknoy]

That's an interesting question.

My time with my son is priceless. I don't know that I could deal with not seeing him except after he'd already gone to sleep. On the other hand, being able to be financially stable for the rest of my life, my wife's life, and being able to comfortably fund my kids' education has a certain appeal, too. Being able to work less later in life, when my kids want to go backpacking, or play soccer, or go to museums, that is pretty valuable time too.

Re:Holy JESUS

Sorry to post this as anonymous coward, but I work for one of those firms (and make that kind of $$$), and it's nothing at all like you are describing.

The firm I work for has fantastic vacation, fantastic benefits, and we sit in nice aeron chairs to program. It's possible that the firm you worked for was just a crappy one - there are plenty. But there are also good ones out there.

sounds fishy

[shadowofwind]

He said that he had inadvertently downloaded a portion of Goldman's proprietary code while trying to take files of open source software

Why try to take open source software instead of downloading it when you need it?

 

He said he had not used the Goldman code at his new job or distributed it to anyone else.

It sounds like maybe he wanted to keep it around for possible later reference. Not uncommon, but not innocent either.

Separation

[R2.0]

Keep your personal business and your company's business separate. For instance, I have a separate banking account whose sole purpose is to hold expense reimbursements until I pay the ccard. Why? Because it's just too damned easy to screw up and cause yourself trouble all out of proportion to the original mistake.

I don't buy it.

He is a developer so by definition he is computer literate; you don't "accidentally" copy the wrong files (especially since they have BASH LOGS of what he did). However, even if what he says is true WHY IN THE NAME OF FUCK would you copy Open Source Software from your development machine instead of directly from the source? The potential for the appearance of impropriety is bad enough. On top of that, according to the original Slashdot article a while back he also encrypted the files. WHY IN THE NAME OF FUCK would you bother to encrypt Open Source Software files? While everything he said is technically plausible, it just comes off as fraudulent in the same manner as Hans Reiser's defense; i.e. "I'm so smart and I have an answer for everything". I suspect the next thing we hear about this story will involve a plea deal.

Re:I don't buy it.

[owlstead]

I don't know, if I copy my "c:\java" folder at work I end up with literally gigabytes of open source libs, API's etc. all neatly arranged. It would take quite some time to get them back. Some sources are even hard to trace, I've got a open source Java version of the linux/GNU "file" command somewhere, taken from a media server or such. Can't find it anymore. If I would copy that folder I would have some general purpose libs that I compiled myself as well. Yes, I could just take the directory tree and be done with it, but why not copy the folder minus the company libs? And after that a mistake is easy to make.

Not that I would do such a thing, (besides being unable to move this much info from my system anyway), but I could imagine that it is likely that people do such things. Hey, maybe he was even developing the O/S software. Encryption? I am so used to encrypting *any* application that I am sending out of the door that I would probably do it automatically. If only to confuse the company virus scanner.

Re:I don't buy it.

[91degrees]

He is a developer so by definition he is computer literate; you don't "accidentally" copy the wrong files (especially since they have BASH LOGS of what he did).

Complex source tree. Closed source gets muddled up with open source somehow. He forgets to exclude certain files. Easy to do.

However, even if what he says is true WHY IN THE NAME OF FUCK would you copy Open Source Software from your development machine instead of directly from the source? You have 30 different applications each doing a little job. You can either copy them all into a tarball, or hunt them down individually on the internet.

On top of that, according to the original Slashdot article a while back he also encrypted the files. WHY IN THE NAME OF FUCK would you bother to encrypt Open Source Software files?

This one comes down to "why not?". Maybe he put them into a zip and always adds a password. maybe he just copied them to an encrypted drive. I'm not sure about this one myself. I'd like some more information about how the files were encrypted.

Re:the Goldman Sachs Code is illegal front running

[Red+Flayer]

Why would you be shocked?

I mean, I not a conspiracy theorist by any means, but have you looked at how many ex-Goldman Sachs employees are employed in the highest levels of the US and several state governments?

And I'm not just talking about Treasury Department appointments... also in the SEC, in elected office, etc. There's a joke I've heard that the SEC doesn't sneeze if they haven't asked GS for permission first.

At any rate, the funniest thing I've heard about the whole deal is that GS told the authorities that with this software, the guy who stole it could manipulate markets and gain an unfair advantage in trade, and disrupt global markets. And yet somehow those potentials are not possible with GS being the only part holding the software?

He's an idiot

[krou]

Mr. Aleynikov waived his rights against self-incrimination, and agreed to allow agents to search his house.

He's a f*cking idiot, and probably watched too much CSI and other cop shows where they always show people talking without their lawyer. Don't talk to the police, or the FBI, or any authority without your lawyer. Doesn't matter if you are innocent, doesn't matter if you have an explanation, an alibi, whatever. Just don't do it, because you can and will say something that can be used against you in a court of law.

Interesting...

[frank_adrian314159]

The interesting part of the article is actually in paragraph 3 (i.e., before anything the submitter thought was important):

At a bail hearing three days later, a federal prosecutor asked that Mr. Aleynikov be held without bond because the code could be used to "unfairly manipulate" stock prices.

Of course, it's perfectly fine that Goldman-Sachs management and traders have code that could be used to "unfairly manipulate" stock prices. But when a private citizen gets their hands on something like that, look out! God knows we wouldn't want the hoi-polloi to have the same chance to "unfairly manipulate" stock prices that the big boys have.

Dumb people write code every day

[RingDev]

I have proof!

Exception handling used for process control.
Functions with 27 exit points.
GUI threads running I/O.
Databases with tens of thousands of tables with no referential integrity.

Odds are this guy is a 110'er. "Smart" enough to copy his code. Dumb enough to do it over the network.

-Rick

Re:Wow - this seems assinine

[netruner]

From the article: "He said he had not used the Goldman code at his new job or distributed it to anyone else, and the criminal complaint offers no evidence that he has." Not to mention that 2.6% of a program (the amount he was quoted to have, including the OSS that is not proprietary) is a bit weak in my opinion.

Apparently I'm not alone (again, from the article): Harvey A. Silverglate, a criminal defense lawyer in Boston not involved in the case, said he was troubled that the F.B.I. had arrested Mr. Aleynikov so quickly, without evidence that he had made any effort to use or sell the code. Such disputes are generally resolved civilly rather than criminally, Mr. Silverglate said.

Possession of proprietary data happens every time one of these guys leaves a company - they have it between their ears. Using it is where they get nailed. The reason I'm so surprised at the FBI is that I know they're smart enough to not spring the trap before they have the guy dead-to-rights. Failing to do that is how perps walk and I expect more from our country's premier law enforcement agency.

The stamping out part is about Citadel, not GS and certainly not the FBI. (You may want to read the article - it's a pretty quick read)

Citadel and GS are either going off half-cocked or we don't have all the pieces.