Judge Dismisses Second Conviction of Ex-Goldman Sachs Coder 46
itwbennett writes: Back in May, former Goldman Sachs programmer Sergey Aleynikov was convicted by a jury for stealing 32MB of code for Goldman's high-frequency trading system, code that Aleynikov maintained he copied for intellectual pursuits and was, in fact, open-source. On Monday, Judge Daniel P. Conviser of New York's State Supreme Court dismissed the conviction, saying that Aleynikov acted wrongfully by taking the code, but his actions did not meet the standard under the law in which he was charged. "The evidence did not prove he intended to appropriate all or a major portion of the code's economic value," Conviser wrote.
'Open source' (Score:3)
I can't find details of exactly what licence, and how this aspect was found not relevant.
Re: (Score:1)
I believe I heard mention of GPL v2
Happy to know he got off
Re:'Open source' (Score:5, Insightful)
I was more meaning the circumstances - just because you find a GPLV2 'Copying' file in the file-tree does not mean that the whole thing can be distributed, as you have no way of knowing what the authors intent was.
If I put a COPYING file in my windows source tree, it doesn't make windows open-source unless I have the authority, legal clearance, and intent to release that code.
Re:'Open source' (Score:5, Insightful)
I was more meaning the circumstances - just because you find a GPLV2 'Copying' file in the file-tree does not mean that the whole thing can be distributed, as you have no way of knowing what the authors intent was.
If I put a COPYING file in my windows source tree, it doesn't make windows open-source unless I have the authority, legal clearance, and intent to release that code.
But there's another aspect of this. Say my company downloads the Linux kernel and we internally make some changes to it and use it on our servers in its modified form. Jim is one of the coders. Linux is released under GPLv2. Does that mean that Jim can take our changes home with him?
No.
The GPLv2 kicks in only when the company redistributes the code along with the modifications, and those modifications are available to the recipients that we've specified.
People often mistake "GPLv2" for "public domain" - the idea being that if my company is distributing GPLv2'd software then it's a free-for-all and anybody can have it. That's not the case.
So, even if Goldman Sachs was using GPLv2'd code unless they specifically gave it to him he can't legally have it. And my guess is that they're not about to give away the kind of code that was mentioned there.
Re: (Score:3)
Here's a scenario too. Company is creating software. One programmer decides on his own and without permission or legal advice to call it all open source code. Programmer drop in the GPLv2 copyright notice all over the place and the "Copying" file. Later programmer leaves with the source code and tells the authorities "it's ok, it's all open source!"
Not saying that this happened or not in this case, but that sort of scenario is happening in some places. If someone is being paid to write the code then it
Re: (Score:2)
But there's another aspect of this. Say my company downloads the Linux kernel and we internally make some changes to it and use it on our servers in its modified form. Jim is one of the coders. Linux is released under GPLv2. Does that mean that Jim can take our changes home with him?
No.
The GPLv2 kicks in only when the company redistributes the code along with the modifications, and those modifications are available to the recipients that we've specified.
This is a common argument but I'm not convinced that it is airtight. How about this:
But there's another aspect of this. Say my company buys a Windows DVD and we install it on 47 of our servers. Jim is one of the coders. Windows DVDs are not licensed for multiple installations. Does that mean that Jim can call up MS and pocket a reward?
No.
The Windows License kicks in only when the company redistributes copies of Windows, and those copies are available to the recipients that we've specified.
The problem with this argument is that copyright applies anytime you make a copy of anything. Copyright says you can't install Linux anywhere. What lets you install it is the license. The license for Windows says you aren't allowed to copy it at all except to install it once. The license for Linux says you're only allowed to copy it if the copy is GPLv2 along with any modifications you've made, and you make the source a
Re: (Score:2)
Simple access doesn't count as distribution in this case. The GPLv2 applies to code distributed under the GPLv2. It isn't a property of the code itself, and the fact that you have GPLv2ed code doesn't mean you have to give it to me, nor do I get the right to the code by simply having access. If you deliberately give me the code, you have to do so under the GPLv2, and I have all the rights that grants.
The FSF holds that having employees work on company code isn't distribution. Consider that I've got a
Re: (Score:2)
Simple access doesn't count as distribution in this case. The GPLv2 applies to code distributed under the GPLv2. It isn't a property of the code itself, and the fact that you have GPLv2ed code doesn't mean you have to give it to me, nor do I get the right to the code by simply having access. If you deliberately give me the code, you have to do so under the GPLv2, and I have all the rights that grants.
You give your employee the code when you give them access to it. Before they couldn't see the code. Now they can. They gave it to you.
The FSF holds that having employees work on company code isn't distribution.
That's nice, but they aren't the authors of the code in question, even if they're the authors of the license. If the kernel authors intended the code to be copyable by the employee and the license says that it is, then it is.
Consider that I've got a lot of company-owned proprietary code on my work computer. If that counted as distributing it to me, I'd own one copy of the code.
Well, you do have one copy of the code in your possession - the one on the server. That doesn't mean that you can make another copy of the code with
Re: (Score:1)
The GPL only applies to distribution though. Even the fact that it was GPL may have made it more illegal to copy if it was combined with other code not under GPL. Then not only the copyright of this other code is violated, but also the open source original.
Re: (Score:3)
still ruined the best years of his life (Score:1)
well, the whole ordeal still ruined the best years of his life, and probably his career in the financial industry. don't mess with the big boys, even if you're eventually cleared, you'll learn your lesson.
Re: (Score:1)
well, the whole ordeal still ruined the best years of his life, and probably his career in the financial industry. don't mess with the big boys, even if you're eventually cleared, you'll learn your lesson.
Sorry, but he sort of brought it on himself. As I understand it, he downloaded code from his old employer from home AFTER his job ended. Sorry, but that's a HUGE mistake. I don't care what his intentions were, once your job has ended you have absolutely no business accessing their network . Make any attempt to do so, and you can expect to be treated appropriately. (Note: I'm assuming he didn't download the code from a public web server)
A bull will be just as happy to make an example of you, and if you choos
Re: (Score:2)
So you are making assumptions just to attack him?
Re:still ruined the best years of his life (Score:5, Interesting)
You need to read "Flash Boys" by Michael Lewis to get the full story. The programmer made routine backups of the modifications he made to open source files for release back into the community. Something that Goldman Sach wasn't doing because they were routinely stripping out the GPL license headers and claiming ALL CODE as proprietary. They called the FBI on this guy to prevent him from working for someone else.
https://en.wikipedia.org/wiki/Flash_Boys [wikipedia.org]
Re:still ruined the best years of his life (Score:5, Interesting)
Re: (Score:3)
Re: (Score:2)
Such agreements are illegal in some US states, including California.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Right, the programmer only had the right to take the original unmodified GPL code, and had no rights to the modified code even if he was the one who made the modifications for hire.
Re: (Score:2)
What are the new charges? (Score:3, Interesting)
Appeal (Score:3)
There are two more levels of appeal in the NY court system [nycourts.gov]. This probably is not over.
Re:Appeal (Score:5, Insightful)
I'm surprised it got this far, considering the unlimited resources available to the other side. Eventually they'll bury him in so much paper that his legal fees will exceed the GDP of a small country and he'll have to give up.
Sweet! (Score:2)
"The evidence did not prove he intended to appropriate all or a major portion of the code's economic value," Conviser wrote.
So if I get my grubby little protuberances on some code that's worth £100m, but I only make £1m with it, I'm okay?
Re:Sweet! (Score:4, Informative)
You'd probably still be guilty of a lesser charge. You just wouldn't be smacked with the most gigantic penalty or most draconian criminal charge that they might level at you.
Note that even a misdemeanor on your record, even if it is a relatively light one, is enough to disqualify you from a position like his if you do what he did. I've heard of people who have convictions where HR remarked that if they'd only had a DWI or an assault charge instead of a theft, they could have been hired (if it was clear that they were cleaned up), but due to contracts with clients and insurance policies, any person with a theft on their record can't be placed in a position where money might change hands or be controlled by their code. It will vary based on who it is, of course, but his work in the financial industry is over. And honestly, despite the company's attempt to throw the kitchen sink at him, he really only needed to be convicted of petty theft under the wrong circumstances to end that line of work for him.
Hacking? No problem, if he'd only broken into some government system. Just don't, under any circumstances, steal or even look at electronic representations of money, if you manage get into a system.
Re: (Score:2)
So if I get my grubby little protuberances on some code that's worth £100m, but I only make £1m with it, I'm okay?
If the prosecutor tries to throw the book at you by overcharging you, then yes.
Michael Lewis's Vanity Fair article (Score:5, Informative)
This article - http://www.vanityfair.com/news... [vanityfair.com] - by Michael Lewis, makes the case look like extreme over-reach by our corporate overlords.
Not to mention that the code that Aleynikov allegedly stole is worthless without a substantial investment in supporting code and trading infrastructure to take advantage of it, not that the higher-ups at a place like Goldman necessarily understand this.
The double-jeopardy bypass is also astoundingly corrupt. Not so astounding is the arrogance by which Goldman takes advantage of open-source while ignoring the rules around it.
Re: (Score:1)
You mean the overreach like...?
Can't get a conviction on your murder charge? Let's get him for "civil rights violation" so we can try again.
Sometimes, it's like the criminal justice system is a cruel joke. Hey! You lucked out. You didn't get the life sentence, but you've been sentenced to fifteen consecutive ten year terms. Or maybe only five million dollars in civil penalties. That's so much better, isn't it?
Re:Michael Lewis's Vanity Fair article (Score:4, Interesting)
Not to mention that the code that Aleynikov allegedly stole is worthless without a substantial investment in supporting code and trading infrastructure to take advantage of it, not that the higher-ups at a place like Goldman necessarily understand this.
Worthless if you are trying to build your own HFT system perhaps. But not so worthless if you can reverse engineer critical parts of the code and demonstrate that its purpose is to front-run other people's trades rather than just being really fast. If you can show this, you can make a very good living testfying in civil court cases on behalf of clients that got screwed by Goldman Sachs.
Re:Michael Lewis's Vanity Fair article (Score:5, Informative)
That only works for clients of Goldman Sachs. It doesn't apply to the stock market in general. Because HFT is regular trading - by the time you are notified of the trade, it's already happened.
You don't need HFT to front-run a trade - if a client says they want to buy one hundred shares of XYZ Inc., you as the brokerage could front-run that yourself. You always could, and it doesn't take a computer to do that.
HFT just trades really fast. Once a trade takes place, it's broadcast to everyone who adds that trade to the algorithm. But once you hear about a trade, it's happened. The only way to "see into the future" is inquire into the bids and asks queue which will show you the most a buyer is willing to pay (and the amount they want to buy), and the lowest a seller will sell for (and the amount they want to sell). This spread is where everything happens. In an ideal world, if you want to sell stock, there will be a willing buyer at the price you want, and vice-versa, but if the bid-ask spread is high, then your stock is a lot less liquid - either you have to dump it because the bids are low, or you have to overpay because the asks are high. (Remember, you can't just sell stock - you only put it up for sale. The trade happens when buyers and sellers come together and agree - i.e., the buyer is wiling to pay the seller's price, and the seller is willing to accept the buyer's price).
Now there are isolated incidents where trading centers get confused and you get arbitrage happening, but that's a normal behavior as well - surely you must've thought about buying up a bunch of product that doesn't sell in your area, then reselling it where it's constantly sold out.
So many people don't realize how the stock market works, which is a shame, because the stock market is just like any other market or store. Just because you "sell" something doesn't mean it'll sell - all you did was put it up for sale. You can ask anything, but it's up to the buyer or seller to accept.
All markets work the same way - even eBay. Putting something up there doesn't guarantee a sale if the buyers feel the price is too high. Even "sniping" isn't a bad action - it's just putting a bid close to the end time of an auction to try to get the item at a price close to its current bid. But if someone put in a bigger bid earlier, that prevails.
In fact, there's a very accessible "stock market" that with some patience, you can earn a few bucks without any investment. Go get a Steam account, and wait for a sale, and do whatever you can to get cards. Then sell those cards In the marketplace. The marketplace works just like a stock market complete with bids and asks, and the Valve trading server will perform the sales as buyers and sellers agree on a price. You can see trendlines, volume, etc., and learn a lot. And it won't cost you anything - you can easily make $2-5 this way, which isn't a bad way to go for an education in how markets work.
You can experiment as well - sell too low and the trade happens immediately because you'll have buyers. You can be a buyer and put in a bid and see how long the bid takes to be fulfilled.
Re: (Score:2)
You can be a buyer and put in a bid and see how long the bid takes to be fulfilled.
And if it is filled too fast (meaning you bid too high) you can drop your network connection, cancelling the sale. Old trick. Possibly illegal. Or a violation of exchange rules at very least. But it's an effective way to probe the market at a very high speed looking for buyers and sellers.
Rules were created governing electronic exchanges to cover instances in which a purchase or sale could not be completed due to a network or server failure or software glitch. But exploiting these rules to gain a trading a
Re: (Score:3)
I'm not sure where you heard this, or which market you think this works in, but that sounds dubious at the very least. The realisation that a trade isn't for a good price in an order driven market isn't obvious until further trading moves the price away from touch against the position you have just taken. You can't place one order off touch, the market doesn't work like that.
If, say, this happened on a major market (say NASDAQ) there would be a serious number of broken trade messages, or alternatively, some
Everybody got off scott free then (Score:4, Funny)