Judge Dismisses Second Conviction of Ex-Goldman Sachs Coder

itwbennett writes: Back in May, former Goldman Sachs programmer Sergey Aleynikov was convicted by a jury for stealing 32MB of code for Goldman's high-frequency trading system, code that Aleynikov maintained he copied for intellectual pursuits and was, in fact, open-source. On Monday, Judge Daniel P. Conviser of New York's State Supreme Court dismissed the conviction, saying that Aleynikov acted wrongfully by taking the code, but his actions did not meet the standard under the law in which he was charged. "The evidence did not prove he intended to appropriate all or a major portion of the code's economic value," Conviser wrote.

'Open source'

[queazocotal]

I can't find details of exactly what licence, and how this aspect was found not relevant.

Re:

[ChoGGi]

I believe I heard mention of GPL v2

Happy to know he got off

Re:'Open source'

[queazocotal]

I was more meaning the circumstances - just because you find a GPLV2 'Copying' file in the file-tree does not mean that the whole thing can be distributed, as you have no way of knowing what the authors intent was.
If I put a COPYING file in my windows source tree, it doesn't make windows open-source unless I have the authority, legal clearance, and intent to release that code.

Re:'Open source'

[Trailer Trash]

I was more meaning the circumstances - just because you find a GPLV2 'Copying' file in the file-tree does not mean that the whole thing can be distributed, as you have no way of knowing what the authors intent was.
If I put a COPYING file in my windows source tree, it doesn't make windows open-source unless I have the authority, legal clearance, and intent to release that code.

But there's another aspect of this. Say my company downloads the Linux kernel and we internally make some changes to it and use it on our servers in its modified form. Jim is one of the coders. Linux is released under GPLv2. Does that mean that Jim can take our changes home with him?

No.

The GPLv2 kicks in only when the company redistributes the code along with the modifications, and those modifications are available to the recipients that we've specified.

People often mistake "GPLv2" for "public domain" - the idea being that if my company is distributing GPLv2'd software then it's a free-for-all and anybody can have it. That's not the case.

So, even if Goldman Sachs was using GPLv2'd code unless they specifically gave it to him he can't legally have it. And my guess is that they're not about to give away the kind of code that was mentioned there.

Re:

[Darinbob]

Here's a scenario too. Company is creating software. One programmer decides on his own and without permission or legal advice to call it all open source code. Programmer drop in the GPLv2 copyright notice all over the place and the "Copying" file. Later programmer leaves with the source code and tells the authorities "it's ok, it's all open source!"

Not saying that this happened or not in this case, but that sort of scenario is happening in some places. If someone is being paid to write the code then it

Re:

[Rich0]

But there's another aspect of this. Say my company downloads the Linux kernel and we internally make some changes to it and use it on our servers in its modified form. Jim is one of the coders. Linux is released under GPLv2. Does that mean that Jim can take our changes home with him?

No.

The GPLv2 kicks in only when the company redistributes the code along with the modifications, and those modifications are available to the recipients that we've specified.

This is a common argument but I'm not convinced that it is airtight. How about this:

But there's another aspect of this. Say my company buys a Windows DVD and we install it on 47 of our servers. Jim is one of the coders. Windows DVDs are not licensed for multiple installations. Does that mean that Jim can call up MS and pocket a reward?

No.

The Windows License kicks in only when the company redistributes copies of Windows, and those copies are available to the recipients that we've specified.

The problem with this argument is that copyright applies anytime you make a copy of anything. Copyright says you can't install Linux anywhere. What lets you install it is the license. The license for Windows says you aren't allowed to copy it at all except to install it once. The license for Linux says you're only allowed to copy it if the copy is GPLv2 along with any modifications you've made, and you make the source a

Re:

[david_thornley]

Simple access doesn't count as distribution in this case. The GPLv2 applies to code distributed under the GPLv2. It isn't a property of the code itself, and the fact that you have GPLv2ed code doesn't mean you have to give it to me, nor do I get the right to the code by simply having access. If you deliberately give me the code, you have to do so under the GPLv2, and I have all the rights that grants.

The FSF holds that having employees work on company code isn't distribution. Consider that I've got a

Re:

[Rich0]

Simple access doesn't count as distribution in this case. The GPLv2 applies to code distributed under the GPLv2. It isn't a property of the code itself, and the fact that you have GPLv2ed code doesn't mean you have to give it to me, nor do I get the right to the code by simply having access. If you deliberately give me the code, you have to do so under the GPLv2, and I have all the rights that grants.

You give your employee the code when you give them access to it. Before they couldn't see the code. Now they can. They gave it to you.

The FSF holds that having employees work on company code isn't distribution.

That's nice, but they aren't the authors of the code in question, even if they're the authors of the license. If the kernel authors intended the code to be copyable by the employee and the license says that it is, then it is.

Consider that I've got a lot of company-owned proprietary code on my work computer. If that counted as distributing it to me, I'd own one copy of the code.

Well, you do have one copy of the code in your possession - the one on the server. That doesn't mean that you can make another copy of the code with

Re:

[Anonymous Coward]

The GPL only applies to distribution though. Even the fact that it was GPL may have made it more illegal to copy if it was combined with other code not under GPL. Then not only the copyright of this other code is violated, but also the open source original.

Re:

[__aaclcg7560]

The license was GOLDMAN SACH, where the GPL license headers were stripped from open source code and ALL CODE claimed as proprietary.

still ruined the best years of his life

[Anonymous Coward]

well, the whole ordeal still ruined the best years of his life, and probably his career in the financial industry. don't mess with the big boys, even if you're eventually cleared, you'll learn your lesson.

Re:

[Anonymous Coward]

well, the whole ordeal still ruined the best years of his life, and probably his career in the financial industry. don't mess with the big boys, even if you're eventually cleared, you'll learn your lesson.

Sorry, but he sort of brought it on himself. As I understand it, he downloaded code from his old employer from home AFTER his job ended. Sorry, but that's a HUGE mistake. I don't care what his intentions were, once your job has ended you have absolutely no business accessing their network . Make any attempt to do so, and you can expect to be treated appropriately. (Note: I'm assuming he didn't download the code from a public web server)

A bull will be just as happy to make an example of you, and if you choos

Re:

[thaylin]

So you are making assumptions just to attack him?

Re:still ruined the best years of his life

[__aaclcg7560]

You need to read "Flash Boys" by Michael Lewis to get the full story. The programmer made routine backups of the modifications he made to open source files for release back into the community. Something that Goldman Sach wasn't doing because they were routinely stripping out the GPL license headers and claiming ALL CODE as proprietary. They called the FBI on this guy to prevent him from working for someone else.

https://en.wikipedia.org/wiki/Flash_Boys [wikipedia.org]

Re:still ruined the best years of his life

[tompaulco]

I've had similar happen to me. When I was let go they did not make me sign a non-compete, but when I was in talks with another company that was a possible competitor to them, they claimed (wrongly) that I had possession of their intellectual property and called in the lawyers demanding that I give it back. I didn't have any, so I was unable to do so. But then reading more carefully, what they were saying is that they gave me education on my particular area of expertise which I had been doing for 6 years before they hired me specifically for that knowledge and now they are claiming all of my knowledge in that area and claiming that I cannot work for a competitor because all of the knowledge I have belongs to them merely because they augmented it in some small way.

Re:

[__aaclcg7560]

I once worked at a video game company that tried to impose a broad intellectual property agreement on the testers. If I want home to create a video game, write a novel or do anything creative, it would become company property. The attorneys wanted a list of any prior patents and/or copyrights to claim that as company property. That created an uproar and no one signed the new IP agreement. HR backed down and restored the previous generic IP agreement that covered ideas during business hours.

Re:

[david_thornley]

Such agreements are illegal in some US states, including California.

Re:

[__aaclcg7560]

East Coast law firms don't care about California labor laws. I've worked under several such contracts in Silicon Valley. Whenever a push came to a shove, I politely informed my employer to review their contract with a California labor attorney. The last thing they needed was a wrongful termination lawsuit that has the judge declaring the contract null and void in the first five minutes.

Re:

[RobinH]

If the code they based their changes on was GPL'd and they never distributed it, then the GPL's share-alike clause doesn't kick in. Assuming he did the work for-hire and it was for internal purposes only, then the changes are still copyright Goldman Sachs and the programmer does *not* have the right to copy them to share with anyone else. In fact they can legitimately do anything they want with the GPL'd code including stripping out the headers as long as they never distribute it. Saying it's copyright G

Re:

[__aaclcg7560]

Goldman Sach claimed ALL CODE as proprietary. That's not the same as copyright. The FBI was told that the programmer stole trade secrets that could undermine the financial system, which they were never capable of determining if the code was trade secrets or open source. It was gibberish to them. If the programmer changed a dozen lines to improve an open source network code, it belonged to Goldman Sach and no one else.

Re:

[Darinbob]

Right, the programmer only had the right to take the original unmodified GPL code, and had no rights to the modified code even if he was the one who made the modifications for hire.

Re:

[__aaclcg7560]

Never mind that the modified open source code had absolutely nothing to do with trade secrets that Goldman Sachs called the FBI about.

What are the new charges?

[Anonymous Coward]

I see they address the Double Jeopardy laws, saying "New York state prosecutors then took up his case, charging him in August 2013 under different laws but for the same actions, avoiding a conflict with the U.S. Constitution’s Fifth Amendment protection against being tried twice for the same crime." Now as far as I know, there is a bit more to Double Jeopardy than just them being different laws; doesn't a new prosecution require different evidence as well to be a valid prosecution for the same action? Does anyoe know how different the charges are this time?

Appeal

[jklovanc]

There are two more levels of appeal in the NY court system [nycourts.gov]. This probably is not over.

Re:Appeal

[BVis]

I'm surprised it got this far, considering the unlimited resources available to the other side. Eventually they'll bury him in so much paper that his legal fees will exceed the GDP of a small country and he'll have to give up.

Sweet!

[wonkey_monkey]

"The evidence did not prove he intended to appropriate all or a major portion of the code's economic value," Conviser wrote.

So if I get my grubby little protuberances on some code that's worth £100m, but I only make £1m with it, I'm okay?

Re:Sweet!

[tnk1]

You'd probably still be guilty of a lesser charge. You just wouldn't be smacked with the most gigantic penalty or most draconian criminal charge that they might level at you.

Note that even a misdemeanor on your record, even if it is a relatively light one, is enough to disqualify you from a position like his if you do what he did. I've heard of people who have convictions where HR remarked that if they'd only had a DWI or an assault charge instead of a theft, they could have been hired (if it was clear that they were cleaned up), but due to contracts with clients and insurance policies, any person with a theft on their record can't be placed in a position where money might change hands or be controlled by their code. It will vary based on who it is, of course, but his work in the financial industry is over. And honestly, despite the company's attempt to throw the kitchen sink at him, he really only needed to be convicted of petty theft under the wrong circumstances to end that line of work for him.

Hacking? No problem, if he'd only broken into some government system. Just don't, under any circumstances, steal or even look at electronic representations of money, if you manage get into a system.

Re:

[despe666]

So if I get my grubby little protuberances on some code that's worth £100m, but I only make £1m with it, I'm okay?

If the prosecutor tries to throw the book at you by overcharging you, then yes.

Michael Lewis's Vanity Fair article

[DavidHumus]

This article - http://www.vanityfair.com/news... [vanityfair.com] - by Michael Lewis, makes the case look like extreme over-reach by our corporate overlords.

Not to mention that the code that Aleynikov allegedly stole is worthless without a substantial investment in supporting code and trading infrastructure to take advantage of it, not that the higher-ups at a place like Goldman necessarily understand this.

The double-jeopardy bypass is also astoundingly corrupt. Not so astounding is the arrogance by which Goldman takes advantage of open-source while ignoring the rules around it.

Re:

[Anonymous Coward]

You mean the overreach like...?

Can't get a conviction on your murder charge? Let's get him for "civil rights violation" so we can try again.

Sometimes, it's like the criminal justice system is a cruel joke. Hey! You lucked out. You didn't get the life sentence, but you've been sentenced to fifteen consecutive ten year terms. Or maybe only five million dollars in civil penalties. That's so much better, isn't it?

Re:Michael Lewis's Vanity Fair article

[PPH]

Not to mention that the code that Aleynikov allegedly stole is worthless without a substantial investment in supporting code and trading infrastructure to take advantage of it, not that the higher-ups at a place like Goldman necessarily understand this.

Worthless if you are trying to build your own HFT system perhaps. But not so worthless if you can reverse engineer critical parts of the code and demonstrate that its purpose is to front-run other people's trades rather than just being really fast. If you can show this, you can make a very good living testfying in civil court cases on behalf of clients that got screwed by Goldman Sachs.

Re:Michael Lewis's Vanity Fair article

[tlhIngan]

Worthless if you are trying to build your own HFT system perhaps. But not so worthless if you can reverse engineer critical parts of the code and demonstrate that its purpose is to front-run other people's trades rather than just being really fast. If you can show this, you can make a very good living testfying in civil court cases on behalf of clients that got screwed by Goldman Sachs.

That only works for clients of Goldman Sachs. It doesn't apply to the stock market in general. Because HFT is regular trading - by the time you are notified of the trade, it's already happened.

You don't need HFT to front-run a trade - if a client says they want to buy one hundred shares of XYZ Inc., you as the brokerage could front-run that yourself. You always could, and it doesn't take a computer to do that.

HFT just trades really fast. Once a trade takes place, it's broadcast to everyone who adds that trade to the algorithm. But once you hear about a trade, it's happened. The only way to "see into the future" is inquire into the bids and asks queue which will show you the most a buyer is willing to pay (and the amount they want to buy), and the lowest a seller will sell for (and the amount they want to sell). This spread is where everything happens. In an ideal world, if you want to sell stock, there will be a willing buyer at the price you want, and vice-versa, but if the bid-ask spread is high, then your stock is a lot less liquid - either you have to dump it because the bids are low, or you have to overpay because the asks are high. (Remember, you can't just sell stock - you only put it up for sale. The trade happens when buyers and sellers come together and agree - i.e., the buyer is wiling to pay the seller's price, and the seller is willing to accept the buyer's price).

Now there are isolated incidents where trading centers get confused and you get arbitrage happening, but that's a normal behavior as well - surely you must've thought about buying up a bunch of product that doesn't sell in your area, then reselling it where it's constantly sold out.

So many people don't realize how the stock market works, which is a shame, because the stock market is just like any other market or store. Just because you "sell" something doesn't mean it'll sell - all you did was put it up for sale. You can ask anything, but it's up to the buyer or seller to accept.

All markets work the same way - even eBay. Putting something up there doesn't guarantee a sale if the buyers feel the price is too high. Even "sniping" isn't a bad action - it's just putting a bid close to the end time of an auction to try to get the item at a price close to its current bid. But if someone put in a bigger bid earlier, that prevails.

In fact, there's a very accessible "stock market" that with some patience, you can earn a few bucks without any investment. Go get a Steam account, and wait for a sale, and do whatever you can to get cards. Then sell those cards In the marketplace. The marketplace works just like a stock market complete with bids and asks, and the Valve trading server will perform the sales as buyers and sellers agree on a price. You can see trendlines, volume, etc., and learn a lot. And it won't cost you anything - you can easily make $2-5 this way, which isn't a bad way to go for an education in how markets work.

You can experiment as well - sell too low and the trade happens immediately because you'll have buyers. You can be a buyer and put in a bid and see how long the bid takes to be fulfilled.

Re:

[PPH]

You can be a buyer and put in a bid and see how long the bid takes to be fulfilled.

And if it is filled too fast (meaning you bid too high) you can drop your network connection, cancelling the sale. Old trick. Possibly illegal. Or a violation of exchange rules at very least. But it's an effective way to probe the market at a very high speed looking for buyers and sellers.

Rules were created governing electronic exchanges to cover instances in which a purchase or sale could not be completed due to a network or server failure or software glitch. But exploiting these rules to gain a trading a

Re:

[Cesare Ferrari]

I'm not sure where you heard this, or which market you think this works in, but that sounds dubious at the very least. The realisation that a trade isn't for a good price in an order driven market isn't obvious until further trading moves the price away from touch against the position you have just taken. You can't place one order off touch, the market doesn't work like that.

If, say, this happened on a major market (say NASDAQ) there would be a serious number of broken trade messages, or alternatively, some

Everybody got off scott free then

[jandrese]

Prior to this Sergey Aleynikov was the only person connected with the global financial meltdown to receive any prison time at all in the US. Now that it has been dismissed we can say that nobody involved in destroying the savings and retirements of billions of people around the world was significantly punished. At least they gave their word that they wouldn't engage in the sort of risky behavior that collapsed the global economy again I guess, and we know that investment bankers are as good as their word.