Did Goldman Sachs Overstep in Criminally Charging Its Ex-Programmer? 186
theodp writes "Programmer Sergey Aleynikov holds the dubious distinction of being the only Goldman Sachs employee since the 2008 financial meltdown to have actually served time in prison. After leaving Goldman, Sergey was accused of stealing computer code from his former employer and sentenced to eight years in federal prison. Exactly what he'd done neither the FBI nor the jury seemed to understand, so Moneyball author and financial journalist Michael Lewis decided to give Sergey a second trial, assembling a jury made up of programmers and people familiar with high-frequency trading, and asking them to level a judgment. Their verdict? Not guilty. 'I think it's quite possible that Goldman itself didn't know what he had taken, the value of it, the purpose of it, or anything else,' Lewis concludes. 'There was such turnover at Goldman, and the system was such a hairball, that I think people knew pieces but they didn't know the whole. Serge might have been as close as there was to an expert on the how the whole system worked. I think the valuable thing that Serge took when he walked out the door was himself.' Aleynikov was released on appeal in 2011, but subsequently re-arrested on state charges the following year, so he's still not out of the woods yet."
Re:Lemme get this straight (Score:5, Informative)
Of all the people who wasted and squandered the money of thousands, if not millions, nobody did time in prison, the only person who did was actually not stealing from decent people but from the thieves, and for THAT he goes to jail?
Actually, that's not even entirely accurate. First, he was borrowing open source software. Goldman Sachs liked this because it meant faster development times, which meant faster profits. They didn't re-release modified code, even if it was only a few lines, of course, violating the licensing terms. Parts of the code he was working on he uploaded to an external server, because his company didn't have a proper code versioning system -- there was no way to track changes being made, and so he utilized an open source repository to store changes to chunks of code he was working on. This wasn't publicly available, it was simply put "in the cloud".
Unfortunately for him, overzealous managers and clueless FBI agents didn't understand what any of this meant, and frequently, and horribly, misinterpreted or misunderstood, what their own experts were telling him. His own attempts to explain what he had done weren't any better understood and were perceived as a confession.
This is a story of how law enforcement was criminally stupid, and believed what a middle-manager with no expertise in the subject and about five layers removed from what he was panic-striken over... that some immigrant they hired was "up to no good", when in truth, it was business as usual. Naturally, the FBI swung into action, believing the worst possible thing -- he was a terrorist, he was trying to destroy america, he was some kind of muslim radical... because the software he used was called Subversion, and when you add in terms like delete, modify, copy, remove... suddenly it looks like a bona fide CSI episode full of shadowy men exchanging pen drives with knowing winks and nods and death to america would surely follow if their crack investigative team didn't interrogate the suspects while brainy people in the forensics lab tossed around complex terminology and zoomed in on single pixels before saying "AH HA! We've got you now! This single pixel here proves he was the murderer!"
Criminal. Stupidity. That was the only crime here. It was CSI: FBI Edition... only without the special effects and soundtrack, and by people with their sense of humor surgically removed, rather than having actual personality and interesting dialogue.
Re:Lemme get this straight (Score:4, Informative)
I'm not conviced your interpretation is correct.
Clearly private copies count as copies otherwise no company would pay for more than one copy of Office.
The GPL is also somewhat quiet on the matter of copies and focuses on distribution. It therefore appears you can copy as freely as you like, it's only distribution which is in any way restricted.
Certainly for private use, you can put in proprietary code, copy it as many times as you like and everything is fine. You just don't have permission to -redistribute- the GPL portion without releasing your changes too.
Setting the ground there, but I suspect we would agree on the above points.
What seems to be the case is that the company (i.e. agents of the company) has added proprietary code. Any entity which is not the company has no right to copy those parts. It seems that "internal" distribution is OK because you're not redistributing to people as private individuals, but to agents of the company acting as a single entity.
IOW the private individual still has no right to copy the code.
IANAL, but this seems to be how the interpretation of it goes. I can't cite any precedent or the applicable law, but no one has ever attempted to uphold the GPL as meaning that internal redistribution meaning that anyone who touches a copy has permission to release it (or that the company has no right to redistribute internally).
Would be great to hear a real lawyer chime in with a completely non-binding opinion.