
Goldman's Self-Defeating Case Against a Programmer - petethomas
http://www.bloombergview.com/articles/2015-05-04/goldman-s-self-defeating-case-against-serge-aleynikov
======
tptacek
_He is encouraged to use open-source code to achieve results faster, but he 's
not allowed to give anything back to the community that developed it. His
grander ideas are shelved, because the bank just wants quick fixes to its old,
messy platform. When someone offers him a better job, free of the legacy
system's constraints -- one that pays four times as much, as Aleynikov's new
job with Teza Technologies did -- the bank enlists the FBI's help in going
after him for saving some code on an outside server._

One reason that this is an outcome of the Aleynikov case is that Michael Lewis
made it so, despite the fact that it does not appear to be true: in both the
Second Circuit review of original federal case and according to his own
lawyer's stipulations in the new state case, the finding of fact is that the
majority of the code he took was not, in fact, open source. In fact, his own
expert witness in the first case was (according to filings, which may be
missing context or additional facts) only able to conclusively identify a few
files of open source code.

The idea that Aleynikov was victimized by Goldman's unwillingness to cooperate
with open source projects is a hacker-friendly narrative. We should generally
be wary of hacker-friendly narratives, like the FBI dragnetting Google
searches of pressure cookers; they tend to turn our brains off.

Corrections welcome; I've read some of the filings in this case, but not all
of them, and on this issue I am allergic to Lewis' reporting, which I believe
to be uncharacteristically and dramatically shoddy.

~~~
1971genocide
I know this is the law of the land but -

Any programmer's own code is open to whatever they want to do with it.

I want to put my code on pirate bay ? I should legally be allowed to do so.

The question that needs to asked is how is it allowed for companies to prevent
the author of a codebase from using it on their own disgression ?

There is a price to pay for this - we do not allow those poor multinational to
profit massively.

Programming in 2015 is socialism at its finest. How many programmers do you
know who work on isolated codebases ?

We live on the shoulder's of giants. Allowing companies to force programmers
to hide or take ownership from their own code is bad practice, and harms human
innovation.

It also allows companies to force modern day serfdom on their knowledge
employee.

~~~
baldfat
Who funds the code keeps the code.

You fund yourself have fun doing whatever you want with the code.

Company funds the code they are the owner of the code since they paid for the
code.

If your analogy holds you write code for a client on contract. After you give
them the code you can't just give/sell the code to the compeditor or put the
code on paste bin for everyone to see. You would be unethical and open for a
lawsuite.

~~~
tankenmate
From memory transfer of copyright requires a written contract in the US; so be
it your employment contract or a freelancers contract it needs to be written
down. I have had contracts where I have successfully negotiated having that
clause removed. Just because someone pays you to write code doesn't
necessarily mean that at the end they own the copyright. Some jurisdictions
however have implicit transfer of copyright in work for hire situations so
consult a lawyer and make sure it is always written down.

~~~
tptacek
No. In the US, works created by employees in the scope of their employment are
considered "for hire" explicitly by statute: 17 USC 101.

It's also true, as my sibling commenter points out, that boilerplate contracts
have CYA "for hire" provisions in them.

This is a bit of a silly digression, right, because if WFH was going to
exonerate Aleynikov, his very-expensive lawyers would have deployed it as an
argument. But it would be dangerous for readers to rely on an Internet
argument that their own employee work contributions might be their own
property, so it seems worth correcting this.

WFH is very relevant for contractors (who are by definition not employees),
but less so for full-time employees like Aleynikov.

Incidentally: you don't have to answer questions about US law "from memory".
The answer to this question --- which, by the way, is a whole pamphlet the
Copyright Office publishes specifically to resolve confusion on this question
--- is a Google search away.

~~~
tankenmate
Title 17 Circular 92 Chapter 2

§ 204 . Execution of transfers of copyright ownership

(a) A transfer of copyright ownership, other than by operation of law, is not
valid unless an instrument of conveyance, or a note or memorandum of the
transfer, is in writing and signed by the owner of the rights conveyed or such
owner's duly authorized agent.

So it would seem that I didn't realise that there was a clause "other than by
operation of law"; but you will also note that my last statement of my comment
said that you should get a lawyer...

~~~
tptacek
Your argument here being that 17 USC 101's plain and simple definition of
"work for hire" is "invalid"?

    
    
        A “work made for hire” is—
            (1)a work prepared by an employee within the scope of 
            his or her employment; or
    
        (no further qualification is made regarding A.1)

~~~
tankenmate
No that is not my argument; what I am saying is that we are both right. If
there is a matter that is covered under the law, for example work for hire
(which is covered under title 17), then there is no need for a written
contract (or other written conveyance of transfer). If however the transfer
happens under a matter not covered by law then a written contract is required;
say for example a transfer as a part of the sale of a company.

But my final point is still valid (as is supported by standard employment
contracts covering IP rights even though it is covered under title 17) that if
something is important to you get it written down in a contract and make sure
it is checked by your own lawyer.

------
tedunangst
> perhaps an immigrant like Aleynikov, unfamiliar with the intricacies of the
> U.S. legal system and not 100 percent confident in your English skills.

ah, yes, of course. That's why Aleynikov encrypted the source code, uploaded
it, then cleared his shell history to hide what he'd done. Because his English
wasn't good enough to understand the U.S. legal system.

The same thing almost happened to me once. We did a lot of XML parsing at
company A, for which we used the open source libxml. But work there got
boring, and I wanted to make a fresh start, so I went to company B, where I
also knew I'd be parsing some XML. For a while I considered encrypting the
libxml code and secretly uploading it on my last day so that I'd be able to
use it at company B. Fortunately, I grew up in the US and am familiar with the
customs here, so I decided instead to wait until I arrived at company B, and
then download libxml from xmlsoft.org. To think I was >this< close to jail...

~~~
oh_sigh
Why would you copy open source XML code from your own code base. Why would
that be the first option you thought of, instead of just downloading it from
the official repo?

~~~
alexdowad
He's being sarcastic. He's saying that the "hacker-friendly" version of this
news story is not plausible.

~~~
oh_sigh
Thanks. For some reason my sarcasm filter is turned off when I see the HN
style.

------
egwor
A lot of the other points in the article are "headline grabbing". That's a
rather disappointing article. I'd have liked to have seen a deeper analysis of
the arguments used. It seems to be a skim-read summary of all of the articles
I've already read on this, but with less actual substance/no new content.

From the article: "Imagine you're a highly skilled programmer, perhaps an
immigrant like Aleynikov, unfamiliar with the intricacies of the U.S. legal
system and not 100 percent confident in your English skills. ___You 're
probably more at ease dealing with machines and the abstract tasks they solve
when interpreting code than with people -- otherwise you'd do something else
for a living. ___"

What the heck?! What kind of professional writer writes something so child-
like/troll-like?

Another: "Traditional banks tend not to be such smart employers."

We're talking about Goldman Sachs here. You know, the guys who employ people
in tech (their CEO even referred to them as a Tech company) to keep ahead of
the curve and who regularly make some serious profit. Yahoo,
[https://uk.finance.yahoo.com/q/is?s=GS](https://uk.finance.yahoo.com/q/is?s=GS)
, shows I think 2 billion USD net profit per quarter.

And another: "Goldman may be hoping Aleynikov's case will set an example to
others like him, teach them to respect the bank's rules. ___Instead, it will
tell good programmers to go elsewhere and perhaps, sooner than necessary, make
Goldman obsolete._ __"

Perhaps this has changed GS, I don't know. Look at GSCollections
([https://github.com/goldmansachs/gs-
collections](https://github.com/goldmansachs/gs-collections)), something
internal that they've open sourced and is now used by a fair few projects
including spring.

[edit: better layout/formatting/grammar]

~~~
cm2187
Agree. And I find the idea of the poor immigrant who doesn't speak english and
didn't know it was bad to steal intellectual property very amusing. I have not
followed the case but I think I remember that Goldman caught him because he
was trying to temper with the logs on his machine to cover his tracks!

~~~
smsm42
Being an immigrant myself and working in the Silicon Valley where there are
many immigrants from various places around, I can not help but chuckle when
the author goes to "poor immigrant, hardly understands English" sob story.
Come on, we're talking about highly intelligent people in the field where
practically _everything_ is in English. It may be a good one to try on an
unsuspecting jury (worst thing, it doesn't work, but maybe it does) but
really, you can't take it seriously. Yes, some of the immigrants working in
tech may speak with a considerable accent, and some may struggle when reading
original Shakespeare, but you will be very hard pressed to find one that can't
understand English enough to understand the basic confidentiality
requirements.

Now, the intricacies of the US legal system is another thing - you don't have
to be an immigrant to get lost in it, I'm pretty sure 99.99% of US-born
population have pretty vague idea of the vast corpus of the existing law. But
that's much bigger question that does not get the fair treatment by trying to
sell us a condescending caricature of "poor immigrant doofus caught in the
world of complicated English words".

------
Retric
Aleynikov is hardly free of guilt. However, Goldman Sachs really dropped the
ball on this one. Personally, due to many such issues, I am not willing to
work with or for them in any capacity. That’s the kind of reputation effects
large company’s need to be careful of.

------
neonbat
People here are commenting that he stole code. That that's why Goldman is
prosecuting but what constitutes stealing code? I mean the definition is
"loosey-goosey-bullshit" at best. I used to work building trading algorithms;
there is no clear legal consensus on what constitutes "stealing" code. If I
just remember all the code because I have some kind of special photographic
memory is that stealing? If I created the code, it's in my mind. I mean if you
hire someone from a firm where they currently are part of the reason you're
hiring them is because they have a particular area of expertise and definitely
know what their current employer's code in this area looks like. That's WHY
you hire them, so they can do awesome stuff for you instead. The point of the
article is that in doing this kind of crap Goldman makes it extremely
uncertain for programmers who go to work there if they will be able to go and
work somewhere else exporting the skill set and tangible knowledge of code
they acquired at Goldman to a new workplace. This uncertainty makes
programmers NOT want to work for Goldman and will definitely kill Goldman.
Bershidsky has got it right.

~~~
o_nate
Don't know why this is being downvoted. This is a very valid point. Stealing
code seems to be like pornography, i.e, you know it when you see it. Except
there are lots of grey areas. What if instead of downloading the code on his
last day of work, he had downloaded it a few months earlier? What if he hadn't
erased his shell history? It seems that what constitutes stealing versus valid
copying depends on his intent - which is a pretty weird definition of stealing
when you think about it. Whether or not I stole your wallet doesn't depend on
my thought process at the time.

Edit: can't seem to reply to response below, so I'll just add here, if code
theft requires intent to "permanently deprive" someone of their property then
you need a pretty strange definition of "permanently deprive" as well.

~~~
DanBC
Well, theft means to take something with the intention of permanently
depriving its owner of it, which is why there are different crimes for TWOCing
(taking without owners consent) in UK and probably similar in US, so it's not
that unusual to consider the intent of the perpetrator.

Mens rea or something.

~~~
o_nate
OK, you guys got me. I'm not a lawyer. So the legal definition of theft does
depend to some degree on intent. I've learned something today. In that case,
allow me to reframe my argument. I'll be generous and replace the term "intent
to permanently deprive" with "intent to harm". Still, proving intent to harm
is (or should be) much more difficult in cases when you have only made a
virtual copy of something, and I think the bar is being set too low in some of
these cases. So I think there is some validity to the argument that these
financial firms are shooting themselves in the foot by being too zealous in
persecuting behavior that can (or should) fall into a grey area.

~~~
res0nat0r
Encrypting and uploading code offsite, that you know is proprietary and
against your employment contract should be a pretty clear black and white
issue of why it is illegal, especially in the surrounding context of this
case.

~~~
o_nate
I don't really get what encrypting has to do with anything in this context. In
any case, I'm less interested in the specific facts of this case than in other
similar but less publicized cases where companies have gone after people who
had copies on their home computers or had emailed code to themselves. Both
maybe against company policy, but certainly an understandable misstep if you
frequently work from home.

~~~
res0nat0r
Sure, but in this case it wasn't an accidental misstep, it was deliberate.
Other cases would also have to prove intentional harm vs. some harmless
oversight.

------
tsotha
>When someone offers him a better job, free of the legacy system's constraints
-- one that pays four times as much, as Aleynikov's new job with Teza
Technologies did -- the bank enlists the FBI's help in going after him _for
saving some code on an outside server_.

This is where the entire article just falls apart. They're trying to imply
people will be afraid to work for Goldman because they might get sued if the
work for someone else in the same industry.

But if you're actually taking code a former employer paid to develop to
another company it's perfectly reasonable for that former employer to seek
some kind of redress. Most people understand this.

------
anonu
I've read quite a bit about this story so this article doesn't really add much
that is new. However, there is an interesting note towards the end that
fintech is a $12bn market. They link this Accenture report:
[http://fsblog.accenture.com/capital-markets/wp-
content/uploa...](http://fsblog.accenture.com/capital-markets/wp-
content/uploads/sites/2/2015/04/Accenture-The-Future-of-Fintech-and-
Banking.pdf)

