
‘Flash Boys’ Programmer in Goldman Case Prevails Second Time - chollida1
http://www.bloomberg.com/news/articles/2015-07-06/-flash-boys-programmer-in-goldman-theft-has-charges-tossed-out-ibrz5tyj
======
acqq
The most interesting part of the story about him is that the laws were changed
inspired by his former acquittal:

[https://en.wikipedia.org/wiki/Sergey_Aleynikov](https://en.wikipedia.org/wiki/Sergey_Aleynikov)

"On April 11, 2012, Dennis Jacobs, Chief Judge of the United States Court of
Appeals, published a unanimous decision in a written opinion[11] stating:

On appeal, Aleynikov argues, inter alia, that his conduct did not constitute
an offense under either statute. He argues that: [1] the source code was not a
"stolen" "good" within the meaning of the NSPA, and [2] the source code was
not “related to or included in a product that is produced for or placed in
interstate or foreign commerce” within the meaning of the EEA. We agree, and
reverse the judgment of the district court.[10]

In the course of these events, Aleynikov has spent 11 months in prison.
Aleynikov has divorced, lost his savings,[12] and, according to his lawyer,
"[his] life has been all but ruined".[13]

The government did not seek reconsideration of the Second Circuit's ruling,
thus ending federal action against Aleynikov.[14]

Later, on December 18, 2012, the law was changed by Congress, in order to
punish acts like the ones Aleynikov committed in future rulings, in a law
referred to as the "Theft of trade secrets clarification act of 2012".[15]"

~~~
tpatke
No. The most interesting part is that this is an example of a vindictive
employer ruining someone's life.

I used to work at Goldman's and can tell you that they are paranoid about this
kind of thing. They are trying to make an example out of Sergey. We used to
get daily updates (on the corporate intranet) about the progress of the case.
There is no telling how much money Goldman's has spent going after this guy.
Both directly and indirectly through lobbying. You have to ask why, after a
year in jail with no conviction, the government still trying to prosecute him?
Could it be because Goldman has a very powerful lobbying arm which is
particularly strong in New York?

If you are leaving your employer, don't upload any code. Sure. ...but that was
over 6 years ago and the guy has already done time. Try getting a job with a
prison record. I can tell you that in the banking industry it will not happen.

I wouldn't be the least bit surprised if they keep coming after him. Poor guy.

One last point. There is no market for stolen code. If I stole Google's search
algorithm, who would I sell it to? Microsoft wouldn't be interested and it is
not like you can take out an ad on ebay. Who would have the brains to figure
it out? If you had those brains, wouldn't it be easier to just write it
yourself? What is true for Google's code is also true for any complex system
such as trading software.

~~~
arbitrage314
My best friend works at Goldman, and used to sit next to Sergey. Three things:

1\. There were definitely NOT daily updates about the progress of this case

2\. He WAS absolutely trying to steal code. Goldman high-frequency code isn't
great (except in options market making). The thing that ultimately flagged him
was that he kept trying to clear his .history file.

3\. He wasn't planning on selling it. He was planning on taking it to Teza, a
place that has a notorious reputation for poaching people and code.

~~~
fnordfnordfnord
>The thing that ultimately flagged him was that he kept trying to clear his
.history file.

I'll assume you mean .bash_history This discussion has been had here before.
There are plenty of good non-sketchy reasons to delete it, and at some places
it is mandatory.

~~~
arbitrage314
Yeah, it was the .bash_history file. My bad.

He also encrypted the files, uploaded them to his remote computer, and then
deleted the programs used to encrypt and upload them.

~~~
fnordfnordfnord
Oh boy, this thread again. see:
[https://news.ycombinator.com/item?id=9044805](https://news.ycombinator.com/item?id=9044805)

    
    
      user@somemachine.gs.com:~/ >svn export --username Aleynikov --password Hunter2 \
      --non-interactive svn://subversion.ZOMG.think.of.the.children.com/plundered/exportFile
      user@somemachine.gs.com:~/ >rm .bash_history
    

It's also not unheard of to encrypt files for transit, and for storage on
untrusted remote machines. I'm sure someone else around here could show you a
few dozen ways to pipe that through gpg, a few of which might also require a
password to be used in the command, necessitating the deletion of
.bash_history

You may criticize him for using encryption but what would you have him use,
plaintext and ftp?

------
joesmo
Cyrus R. Vance Jr. is a real prick who enjoys wasting taxpayers money trying
to prosecute an innocent man who has already had his life ruined because of
inappropriate charges and spent time in jail for crimes he did not commit.
While, not illegal, his pursuit of Aleynikov is a hundred percent self-
centered and illogical (as this decision shows). I hope the people of New York
vote him out and choose a prosecutor with the people's interests in mind, not
his own personal gains. After all, he is supposed to represent the people of
his district.

~~~
rayiner
I don't agree. Aleynikov did not win on the aspects of the case that folks in
the tech industry rallied around (e.g. copying open source code). He won on
narrow issues of statutory construction: 1) The National Stolen Property Act
does not extend to intangible property; 2) The Economic Espionage Act does not
encompass code used internally for commercial purposes, only code sold or
licensed in commerce; 3) New York's law against unlawful use of secret
scientific material did not apply because trading code wasn't "scientific
material."

I think Vance should have left well enough alone after the first prosecution
failed, and the New York "scientific material" charge was clearly the weakest
of the three. But the federal prosecution was perfectly reasonable. The
statutes at issue were intended to make that sort of conduct illegal. But they
hadn't been updated for the digital era. Had Aleynikov made photocopies of the
code instead of uploading it, the first conviction would have been upheld.

~~~
cwp
So, by "narrow issues of statutory construction," you mean the laws he was
charged with breaking don't actually apply to what he did?

I wouldn't go so far as to call him "innocent", but it sounds to me like his
defence is perfectly reasonable. What he did may have been a breach of
contract, copyright, and common decency, but it wasn't illegal. And given the
way Goldman is clearly out to get him, and the abuse of power on display by
both the federal and state prosecutors, he's the least dirty of all the
parties involved.

~~~
marcoperaza
This guy was probably getting a fat paycheck during his time at GS, and then
when he left he tried to take some of the code that he worked on. It's long
been illegal to take intellectual property (even if you made it) from your
employer. But to make a law, you have to define things like "take", to exclude
the case of an employee taking home his work to be more productive, which may
be against company policy but shouldn't be illegal. Inevitably, the law fails
to capture the full complexity of the universe and ambiguities are resolved in
court. There's nothing wrong about the government and damaged party pursuing
charges in cases where the law is ambiguous. That's what courts are for. When
the federal courts ruled that federal law didn't cover Sergey's actions, the
New York state prosecutor thought that a unique element of New York law might
make things different in state court. Nothing wrong with that.

------
rhino369
From another source (law360, which is paywalled):

"prosecution failed to prove that Aleynikov made a tangible reproduction of
the source code he was accused of appropriating, as required by the statutory
language."

Damn this guy keeps winning on statutory issues. This must be pretty damn
embarrassing for the state's attorney.

The guy served a year in prison and there is no indication that he used the
misappropriated code. I can't imagine the judicial resources are best used
continuing the case.

Though, anyone leaving a company shouldn't take this as a signal that you are
allowed to just take code and run out of the door. The federal law he was
acquitted under was amended to make what he did illegal. And in most states
he's definitely flirting with trade secret misappropriation laws. Don't take
any code with you.

~~~
rasz_pl
>I can't imagine the judicial resources are best used continuing the case.

Are you kidding? Its Goldman Sachs we are talking about here, nothing is too
good for our banker overlords.

------
gcb0
when i briefly consulted for a security firm working for banks, i learned that
most banks takes daily hits as high as 100,000 and they don't even get
reported to the police as to not generate any public record. most get reported
to the insurer, which also avoid reporting it in most cases. i confess i never
got the whole picture. but most issues I've been involved with was to try to
track down the internal people, if any, and the exact means used. and this
only over for criminal reports if we did find something conclusive and it was
overseas. if it was local it was usually dealt with lawyers and such out of
the records.

edit: forgot to mention it wasn't the us. but the banks were american.

------
topkai22
What I find interesting is that Aleynikov (and the sources I've read about
him) claim the code was open source. The issue of Goldman making false claim
to GPLed or similarly licensed code hasn't come up. If the court ruled that
modified GPLed code can't be taken by an exiting employee then that has a
whole host of other implications.

~~~
rayiner
The Second Circuit ruling expressly addressed that aspect:
[http://sunsteinlaw.com/wp/wp-
content/uploads/2013/01/2013_01...](http://sunsteinlaw.com/wp/wp-
content/uploads/2013/01/2013_01_IP_Update_Aleynikov.pdf) ("Aleynikov also
transferred some open source software licensed for use by the public that was
mixed in with Goldman's proprietary code. However, a substantially greater
number of the uploaded files contained proprietary code than had open source
software") (Page 5, Footnote 1)

~~~
fnordfnordfnord
Link appears to be broken.

~~~
rayiner
Fixed, thanks.

------
chollida1
There isn't a whole lot of content here but since this case has had a lot of
publicity I thought it would be nice to highlight when the programmer wins one
over the larger corporation.

~~~
vasilipupkin
I agree it's time for the prosecutors to let go of this one. But, he did take
Goldman's code. So, I don't quite share the sentiment that this is a hero
standing up to an evil corporation.

------
davidw
Hopefully he can return to hacking Erlang now.

~~~
arthurcolle
If you followed him on GitHub you'd see he has continued to be very active
hacking on erlexec, among others :)

see: [https://github.com/saleyn](https://github.com/saleyn)

~~~
davidw
Yes, I know :-)
[https://github.com/saleyn/erlexec/graphs/contributors](https://github.com/saleyn/erlexec/graphs/contributors)

That whole thing had to have been hugely distracting, though.

------
forinti
I find it absurd that someone should go to jail because of stealing code. At
most, the penalty should be a fine (if it should be considered a crime at
all).

EDIT: Of course, breaking into a building or hacking a network to get it is a
different matter altogether.

~~~
rhino369
It's really no more or less absurd than someone going to jail for stealing a
car. Though I have to admit I think sending people to jail for that is a
really bad idea.

~~~
msandford
A car is a physical good whereby for one person to have it, another must be
deprived it. Code is not a physical good so the rules can be very, very
different.

~~~
tormeh
Inany cases the value of a good depends on other people not having it. Why
this is hard to understand is beyond me.

~~~
bediger4000
That is absolutely untrue in many (but not all) cases of "intellectual
property". Let's take some extremely valuable "IP", Microsoft's "Word" word
processor.

If one person had exclusive use of "Word", the "IP" would be worth a great
deal less than it is right now, when almost everyone has "Word". The property
here is called "network effects", and it also applies to physical property. If
only two telephones exist, they're a good deal less valuable than if everyone
has a telephone.

~~~
tormeh
Typo: should be "in many" instead of inany

------
dataker
Quite unusual for the finance industry : a small win for capitalism and loss
for crony corporatism.

------
NoMoreNicksLeft
So, the prosecutor might appeal even though the man has already been punished
as much as he'd ask for anyway if the conviction is upheld?

Seriously, wtf?

------
pdevr
>> two jurors were dismissed after one accused the other of trying to poison
her lunch.

Is it common for both jurors to be dismissed in such a case? Or is it
determined on a case by case basis?

~~~
tedunangst
Seems like an expedient way to avoid appeals on the basis that the wrong juror
was excused.

------
s_q_b
Sounds like a familiar analysis... Oh that's right, I posted it the last time
this came up, and a certain prominent legal mind here shouted it down as
ignorant and insulted my intelligence.

No hard feelings. Cheers, sir.

~~~
jessaustin
Got a link?

~~~
scott_s
I think this thread, but to my eyes, the discussion remained civil:
[https://news.ycombinator.com/item?id=9044805](https://news.ycombinator.com/item?id=9044805)

~~~
tedunangst
sqb's primary argument in that thread is that the FBI should have done more
investigating instead of believing what GS told them. That doesn't appear
related to the analysis in the submitted article.

~~~
s_q_b
There was also a strong current of discussion about the legality of the
underlying actions. The tone did remained civil, after a few choice edits on
all sides.

Tptacek can bother me because he often presents the best possible form of the
counterposition, as can Rayiner. We have different minds about jurisprudence,
but I respect them both tremendously.

The discussion was in large part about the legality of the actions, as you can
see through Rayiner's comment: >"The Court concluded that he had in fact tried
to take 500,000 lines of valuable and mostly proprietary source code, but that
his conduct didn't fall within the reach of the two laws charged in the
indictment. Solid legal analysis, but an ordinary person would say that he got
off on a technicality."

Although my central point was indeed regarding the FBI's outsourcing of its
investigation to Goldman Sachs, a private corporation and interested party,
which seemed to offend fundamental notions of justice.

But the discussion most definitely significantly touched upon the legality of
Aleynikov's actions.

See e.g. Rhino paraphrasing Rayiner's analysis: >" _Aleynikov definitely
violated New York trade secret law._

He got off the federal charge because the trading software wasn't a product
for sale, it was a product for internal use. The law was poorly drafted and
once that came to light it was immediately fixed.

Like Rayiner said, in layman's terms, he got off on a technicality."

Or Rayiner himself: >"That was his defense. But the jury found that he had in
fact grabbed valuable proprietary software, and the Second Circuit agreed that
the 500,000 lines that he uploaded were mostly proprietary, valuable code."

For example, this exchange:

"tptacek: >I have a passing understanding of the policies and procedures
binding on developers at trading firms. I dispute the idea that any senior
developer could work at Goldman Sachs on an HFT infrastructure and believe
that they were authorized to --- or, indeed, that they would not be immeditely
fired for --- uploading the code to a proprietary automated trading system to
a random SVN host in a different country. This is the code we, as security
testers, were never allowed to see, even after owning up the machines hosting
it. These firms are not kidding around about this stuff. It is a huge smoking
gun to have uploaded any of it to some off-brand foreign svn host.

These are firms where you can be fired for plugging a thumb drive into your
computer, or for using the company network to access Dropbox. I have worked
for more than one financial firm that spent literally millions of dollars
merely on the problem of detecting their network users trying to reach Google
Mail. I also dispute the idea that because developers commonly use ssh, gzip,
and svn, that it is common practice to (1) gzip a tarball of source code, (2)
encrypt that source code, (3) commit that compressed encrypted blob to svn,
(4) remove all traces of the encryption key from their work computer. That's
something happens zero times on normal dev machines. The conviction was
overturned because the technical details of exactly what Aleynikov took from
GS didn't fit the ambitious charge the DOJ filed against him. But the appeal
doesn't refute the finding of facts from the original trial, which include:
There was more than sufficient evidence presented at trial, however, for a
rational juror to conclude that Aleynikov intended to steal Goldman Sachs'
proprietary source code. First, it was undisputed at trial that Aleynikov
actually did take proprietary source code from Goldman Sachs. As Aleynikov
concedes in his motion papers, the code he took from Goldman Sachs included a
“purposefully designed” portion of the Goldman Sachs “proprietary, custom-
built trading system.” Indeed, the evidence showed that Aleynikov took a
significant percentage of the proprietary source code for that system. While
Aleynikov attempted to show that there was open source code embedded within
the proprietary code and to identify the files in which that might be true,
his expert witness was only able to identify one file among those taken by
Aleynikov that both bore a Goldman Sachs copyright banner and appeared to
contain open source code.

I'm just fine with Aleynikov's conviction being overturned. Again, the charges
against him seemed ambitious. But this is a forum full of software developers.

Rayiner is a lawyer and a compiler developer. It's somewhat insulting to
everyone's intelligence to pretend that people here are unfamiliar with ssh
and svn. We understand how software development works. What happened here was
extremely sketchy. You can't play the "well in the world of software
development, this is totally normal" card on HN.""

s_q_b: > "...Agreed, but it was established that he did this fairly
consistently throughout the course of his employment. It's idiosyncratic, but
not unexplainable. Sure, it was poor development practice, but I'm not
convinced it was malicious.

Again, if the intent was trade secret theft, why not take the valuable part,
the trading strategies?"

I held that his actions violated neither state nor Federal law, so I'm razzing
those that insisted his action were criminal, just a bit, all intended in fun.
Perhaps the language could have used a bit of softening :)

~~~
tptacek
Did the prosecution not establish that Aleynikov did in fact take software
that was instrumental to the implementation of trading strategies, useful
exclusively in that context, and labor-intensive to recreate?

I am not "pro-prosecution", but I am anti-"default position that evil
banksters are behind prosecutions".

~~~
s_q_b
Was he guilty of violating the law with intent to unfairly profit from stolen
intellectual property? No.

And in this case, it was not so much the _default_ position as the _actual
position_.

~~~
tptacek
I'm not sure I understand your first interrogative.

~~~
s_q_b
Did he steal code for profit? No.

~~~
tptacek
It sounds like you're stipulating that he stole code. Ok. Then:

He stole that code for use in his next job, for which he was paid handsomely,
and recruited based on his experience working with that code at GS.

What does "for profit" mean, if not "for use in a commercial project"?

~~~
s_q_b
Wow, do you really not understand what was stated, or are you simply
attempting to manipulate words for your purpose?

Allow me to rephrase.

Assuming arguendo that their was any such admittance, which there was not, in
plain English two courts have now found him legally not liable for any crime,
and one court found that he was subject to an illegal arrest and search.

No crime was committed. I cannot write this either in more simple English, nor
in more precise terms.

I refer you to the court documents and the appeals court decisions for further
discussion of this now legally established fact.

~~~
tptacek
I genuinely thought you were trying to stipulate he'd stolen the code, from
your first comment (where you made a point of talking about his intent) and
your second, where you simplified not to "did he steal code" but "did he steal
code for profit".

Since we're at that unproductive point in the discussion where we're spending
more time parsing than actually discussing, I'm going to go ahead and bow out
now.

~~~
s_q_b
Ah, fair enough, I see your interpretation of my comments. It wasn't what I
intended but your's was a fair understanding.

And you're right, we're parsing semantics and having meta-arguments now. We've
said our peace, and as usual we can let the readers can decide.

~~~
tptacek
We disagree and don't hate each other! _It 's an Internet miracle!_

(Checks morning toast for image of Blessed Virgin.)

