
Sergey Aleynikov Sues FBI Agents Who Arrested Him - bko
http://www.bloomberg.com/news/articles/2015-02-12/goldman-sachs-ex-programmer-sues-fbi-agents-who-arrested-him
======
blackbagboys
I read Michael Lewis's article in Vanity Fair about this case back in 2013,
and I remember being struck by this excerpt in particular:

 _[Goldman] called the F.B.I. in haste, just two days before, and then put
their agent through what amounted to a crash course on high-frequency trading
and computer programming. McSwain later conceded that he didn’t seek out
independent expert advice to study the code Serge Aleynikov had taken. (“I
relied on statements from Goldman employees.”) He himself had no idea of the
value of the stolen code (“Representatives of Goldman told me it was worth a
lot of money”) or if any of it was actually all that special (he based his
belief that the code contained trade secrets on “representations made by
members of Goldman Sachs”)...The F.B.I.’s investigation before the arrest
consisted of trusting Goldman’s explanation of some extremely complicated
stuff, and 48 hours after Goldman called the F.B.I., Serge was arrested._

That, as the complaint highlights, the FBI instinctively acted as Goldman's
punitive arm rather than conducting an independent investigation into the
facts of the case is disturbing, regardless of the merit of the allegations.

[http://www.vanityfair.com/news/2013/09/michael-lewis-
goldman...](http://www.vanityfair.com/news/2013/09/michael-lewis-goldman-
sachs-programmer)

~~~
rayiner
The opinion vacating Aleynikov's convictions is here:
[http://www.ca2.uscourts.gov/decisions/isysquery/4ad04a2b-c61...](http://www.ca2.uscourts.gov/decisions/isysquery/4ad04a2b-c61e-4e5f-afec-5cd56fd0d0cb/1/doc/11-1126_complete_opn.pdf).

"Aleynikov’s last day at Goldman was June 5, 2009. At approximately 5:20 p.m.,
just before his going-away party, Aleynikov encrypted and uploaded to a server
in Germany more than 500,000 lines of source code for Goldman’s HFT system,
including code for a substantial part of the infrastructure, and some of the
algorithms and market data connectivity programs." [Page 5].

"Aleynikov also transferred some open source software licensed for use by the
public that was mixed in with Goldman's proprietary code. However, a
substantially greater number of the uploaded files contained proprietary code
than had open source software." [Page 5, Footnote 1].

He was convicted for violating the NSPA (National Stolen Property Act) and the
EEA (Economic Espionage Act). The conviction for the former was vacated
because the Second Circuit construed the NSPA not to extend to intangible
property. [Page 18-19]. And the EEA conviction was vacated because the statute
requires the product to be "produced for" or "placed in" interstate commerce,
while Goldman never intended to sell or license the software. [Page 27].

The Court concluded that he had in fact tried to take 500,000 lines of
valuable and mostly proprietary source code, but that his conduct didn't fall
within the reach of the two laws charged in the indictment. Solid legal
analysis, but an ordinary person would say that he got off on a technicality.
Which is fine--if you can lawyer your way out of a conviction, you deserve to.

But help me understand what the FBI did wrong, or Goldman for that matter. The
legal questions that were resolved in Aleynikov's favor were subtle ones. How
would additional investigation on the part of the FBI have helped? And what
exactly did Goldman do wrong in reporting him?

~~~
rev_bird
I think the most troubling part was that a huge, powerful company can get a
government agency on the phone and have someone locked up based pretty much
exclusively on them saying "You won't understand why, but he did _really bad
stuff._ Trust us."

~~~
rhino369
Most arrests are X telling government that you did Y, which the government
didn't directly see.

You don't have to understand the source code to know it is a trade secret with
enough certainty for probable cause. Goldman could be lying, but so could the
shop owner who claims you drove off without paying for your gasoline.

If someone walked out of Intel with the design docs and recipe for the latest
intel chipset, would you expect the FBI to understand it all before arresting
the person?

~~~
s_q_b
Yes.

The FBI has technical specialists on staff that could very quickly say, "Yes,
this complaint checks out." The problem here is that the agent apparently just
took Goldman at their word, and didn't conduct an independent investigation of
Goldman's claims, which is kind of their entire job. This is especially
relevant because the value of stolen property can seriously affect charging
and sentencing.

If you or I called the FBI and said "An employee stole proprietary code worth
millions," there's no way the FBI would take that at face value, if you could
even get their attention.

When the Federal government treats powerful corporations differently, to the
point of effectively outsourcing its investigation, that severely undermines
the principle of equality before the law.

~~~
rhino369
They confirmed that the guy took a ton of source code right? Taking Goldman at
their word that it was their IP isn't a huge stretch.

Taking the time to confirm that the code itself is a trade secret is a
monumental task, one that isn't needed to determine if there was probable
cause.

~~~
s_q_b
His argument was that most of it was open source, or modified open source with
licenses that required contributing back the source code. Basically, it sounds
like he grabbed his stuff because he wanted to get his utility functions and
open source modifications.

Here's the piece in Vanity Fair where the general consensus was that what his
actions indicate his intent was defintely not to steal valuable IP.
[http://www.vanityfair.com/news/2013/09/michael-lewis-
goldman...](http://www.vanityfair.com/news/2013/09/michael-lewis-goldman-
sachs-programmer)

Witness this exchange:

 _“Did you take the strats?” asked one (meaning Goldman’s trading strategies).

“No,” said Serge. That was one thing the prosecutors hadn’t accused him of.

“But that’s the secret sauce, if there is one,” said the juror. “If you’re
going to take something, take the strats.”

“I wasn’t interested in the strats,” said Serge.

“But that’s like stealing the jewelry box without the jewels,” said another
juror.

“You had super-user status!” said the first. “You could easily have taken the
strats. Why didn’t you?”

“To me, the technology really is not interesting,” said Serge.

“You weren’t interested in how they made hundreds of millions of dollars?”
asked someone else.

“Not really,” said Serge. “It’s all one big gamble, one way or another.”_

So if the essence of the crime is theft of a trade secret, then you absolutely
have to conduct an independent investigation that a trade secret was involved,
and that it was stolen to have probable cause.

The precedent here is a large corporation can use the government as an
enforcement arm, and will be taken completely at face value. Simple
allegations by individuals are subject to investigation prior to arrest, as
should be all allegations.

This boiled down to Goldman calling the FBI, and less than forty-eight hours
later arresting the person Goldman told them to arrest. They didn't interview
any witnesses or consult with any experts other than Goldman employees.

That's terrifying.

~~~
rayiner
> His argument was that most of it was open source, or modified open source
> with licenses that required contributing back the source code. Basically, it
> sounds like he grabbed his stuff because he wanted to get his utility
> functions and open source modifications.

That was his defense. But the jury found that he had in fact grabbed valuable
proprietary software, and the Second Circuit agreed that the _500,000_ lines
that he uploaded were mostly proprietary, valuable code.

> So if the essence of the crime is theft of a trade secret, then you
> absolutely have to conduct an independent investigation that a trade secret
> was involved, and that it was stolen to have probable cause.

> The precedent here is a large corporation can use the government as an
> enforcement arm, and will be taken completely at face value. Simple
> allegations by individuals are subject to investigation prior to arrest, as
> should be all allegations.

Probable cause does not require a mini-trial before an arrest. Goldman didn't
make "simple allegations." They backed up those allegations with evidence of
Aleynikov having sent himself 500,000 lines of code, under suspicious
circumstances (not just erasing his bash history, but doing so on his last
day, doing so contrary to company policy, and doing so right before going to
work at a competitor). The FBI didn't take any allegations at face value, and
when Aleynikov was acquitted, it wasn't because the software he copied wasn't
actually proprietary and valuable.

~~~
fnordfnordfnord
>under suspicious circumstances (not just erasing his bash history, but doing
so on his last day,

According to Michael Lewis, Aleynikov was in the habit of exporting his svn
repo weekly. So, not really suspicious at all.

>>He sent the files the same way he had sent himself files nearly every week,
since his first month on the job at Goldman.

source: [http://blogs.marketwatch.com/thetell/2013/08/01/michael-
lewi...](http://blogs.marketwatch.com/thetell/2013/08/01/michael-lewis-
retries-former-goldman-sachs-programmer-sergey-aleynikov/)

~~~
jholman
I'm confused, fnordfnordfnord; what is it you (and others in this thread)
think you're arguing about?

You and rayiner and Aleynikov all agree that it's fine and reasonable that
Aleynikov was pardoned. There's no argument to be had about that.

Aleynikov thinks that the FBI agents who arrested him did so improperly.
rayiner is doubtful, and would like to hear if anyone can convince him.

Your arguments for why the FBI agents acted improperly amount to "yeah, but it
turns out that ....". This arguments are not a good reason to not arrest
someone. They're a good reason to find someone innocent after trying them.

Sometimes circumstances are such that an innocent person looks highly
suspicious to reasonable people with a reasonable amount of evidence. In those
cases, it's reasonable, though unfortunate, that law enforcement arrest and
charge that innocent person. Isn't it?

As far as I can tell, rayiner is right.... we have no evidence that Aleynikov
was arrested improperly.

~~~
fnordfnordfnord
> rayiner is doubtful, and would like to hear if anyone can convince him.

I doubt I could convince rayiner of anything, but I'll at least refute some of
the more ridiculous things he says.

>Your arguments for why the FBI agents acted improperly amount to "yeah, but
it turns out that ...."

No, I've responded to rayiner's suppositions that because some activity might
be sketchy, it must be.

[rayiner
says]([https://news.ycombinator.com/item?id=9047068](https://news.ycombinator.com/item?id=9047068))
encrypting and exporting files to a repository in a foreign land is sketchy.

I say, ssh, gzip, and svn are pretty normal tools that programmers use
frequently. So are hosted servers in foreign countries.

rayiner says that deleting .bash_history is sketchy, I say it's a reasonable,
nay a responsible thing to do if failing to do so would leave sensitive
information (such as a password) available for others to peruse.

>This arguments are not a good reason to not arrest someone. They're a good
reason to find someone innocent after trying them.

IMO if the government is going to arrest a person, attempt to hold them
without bond, settle for mere $700,000 bond, (arguably depriving the person of
counsel); then the government's burden of "probable cause" ought to be a bit
more substantial than "some bros down at Goldman Sachs said...", and this guy
uses "subversion" software. We can't have the police running around arresting
everyone who might have possibly committed a crime. There needs to be actual,
you know, probable cause.

>Sometimes circumstances are such that an innocent person looks highly
suspicious to reasonable people with a reasonable amount of evidence. In those
cases, it's reasonable, though unfortunate, that law enforcement arrest and
charge that innocent person. Isn't it?

What do you make of the fact that:

>> _" In the New York state case, a judge ruled the 2009 arrest was illegal.
He threw out seized physical evidence, including computer hardware carrying
the source code."_

and

>> _" New York State Supreme Court Justice Ronald Zweibel also barred
prosecutors from using statements Aleynikov made to the FBI after his arrest
at Newark Liberty International Airport."_

Are these judges unreasonable? Sure, mistakes happen, everyone deserves a
Mulligan once in a while. That's not what we have here though. The FBI had
plenty of opportunities to check their work, which was shabby. Instead of
doing that, they forged ahead doing the bidding of Goldman Sachs,
uncritically. And, now that the federal case has failed, GS has their hand up
the back of a Manhattan DA. We can quibble about these little details more if
you want but this whole affair has got a stench about it.

>As far as I can tell, rayiner is right.... we have no evidence that Aleynikov
was arrested improperly.

No evidence? What's Zweibel's problem then?:

> _In a 71-page opinion, Justice Ronald A. Zweibel of State Supreme Court in
> Manhattan ruled that the F.B.I. “did not have probable cause to arrest
> defendant, let alone search him or his home.” The arrest was “illegal,”
> Justice Zweibel wrote, and Mr. Aleynikov’s “Fourth Amendment rights were
> violated as a result of a mistake of law.”_

~~~
tptacek
I have a passing understanding of the policies and procedures binding on
developers at trading firms.

I dispute the idea that any senior developer could work at Goldman Sachs on an
HFT infrastructure and believe that they were authorized to --- or, indeed,
that they would not be immeditely fired for --- uploading the code to a
proprietary automated trading system to a random SVN host in a different
country. This is the code we, as security testers, were never allowed to see,
even after owning up the machines hosting it. These firms are not kidding
around about this stuff. It is a huge smoking gun to have uploaded any of it
to some off-brand foreign svn host.

These are firms where you can be fired for plugging a thumb drive into your
computer, or for using the company network to access Dropbox. I have worked
for more than one financial firm that spent literally millions of dollars
merely on the problem of detecting their network users trying to reach Google
Mail.

I also dispute the idea that because developers commonly use ssh, gzip, and
svn, that it is common practice to (1) gzip a tarball of source code, (2)
encrypt that source code, (3) commit that compressed encrypted blob to svn,
(4) remove all traces of the encryption key from their work computer. That's
something happens zero times on normal dev machines.

The conviction was overturned because the technical details of exactly what
Aleynikov took from GS didn't fit the ambitious charge the DOJ filed against
him. But the appeal doesn't refute the finding of facts from the original
trial, which include:

 _There was more than sufficient evidence presented at trial, however, for a
rational juror to conclude that Aleynikov intended to steal Goldman Sachs '
proprietary source code. First, it was undisputed at trial that Aleynikov
actually did take proprietary source code from Goldman Sachs. As Aleynikov
concedes in his motion papers, the code he took from Goldman Sachs included a
“purposefully designed” portion of the Goldman Sachs “proprietary, custom-
built trading system.” Indeed, the evidence showed that Aleynikov took a
significant percentage of the proprietary source code for that system. While
Aleynikov attempted to show that there was open source code embedded within
the proprietary code and to identify the files in which that might be true,
his expert witness was only able to identify one file among those taken by
Aleynikov that both bore a Goldman Sachs copyright banner and appeared to
contain open source code._

I'm just fine with Aleynikov's conviction being overturned. Again, the charges
against him seemed ambitious.

But this is a forum full of software developers. Rayiner is a lawyer and a
compiler developer. It's somewhat insulting to everyone's intelligence to
pretend that people here are unfamiliar with ssh and svn. We understand how
software development works. What happened here was extremely sketchy. You
can't play the "well in the world of software development, this is totally
normal" card on HN.

~~~
dreamweapon
_I 'm just fine with Aleynikov's conviction being overturned. Again, the
charges against him seemed ambitious._

"Ambitious" is a bit charitable, in this context.

"Patently vacuous" \-- to an extent that suggested, at the very least, a
breakdown in the internal controls and safeguards (on the part of both the FBI
and the prosecutor's office) designed to present precisely this kind of a
fiasco from happening -- might be a better description.

~~~
rhino369
You are being ridiculous. Aleynikov definitely violated New York trade secret
law. He got off the federal charge because the trading software wasn't a
product for sale, it was a product for internal use. The law was poorly
drafted and once that came to light it was immediately fixed.

Like Rayiner said, in layman's terms, he got off on a technicality.

The FBI and DOJ being on the wrong side of a close call in statutory
interpretation isn't "patently vacuous."

~~~
dreamweapon
_Aleynikov definitely violated New York trade secret law._

That's not what the court found. Otherwise the charges wouldn't have been
dropped.

It sounds like you're conflating the issue of whether he violated the "spirit"
of the law (or whether he was, in your view, just plain morally culpable
somehow) -- versus what the law actually had to say about his actions.

 _Like Rayiner said, in layman 's terms, he got off on a technicality._

If you want to minimize any sense of exoneration or vindication the accused
might want to derive from the court's decision, by saying he "got off on a
technicality", that's fine.

But to claim that he "definitely violated" the law when the courts found that
he definitely did not -- I'm just not sure I see the point in that.

------
josu
While the article gives some background, here is a bit more from the wikipedia
article about Sergey Aleynikov [1]:

>Sergey Aleynikov is a former Goldman Sachs computer programmer. In December
2010 he was wrongfully convicted of two counts of theft of trade secrets and
sentenced to 97 months in prison. In February 2012 his conviction was
overturned by the United States Court of Appeals for the Second Circuit that
entered a judgement of acquittal, reversing the decision of the District
court.

The main reason why he is suing the FBI is beacause:

>On June 20, 2014, upon reviewing the evidence, Justice Ronald Zweibel
published a 71-page opinion in which the court ruled that F.B.I. “did not have
probable cause to arrest defendant, let alone search him or his home.” The
arrest was “illegal,” and Mr. Aleynikov’s “Fourth Amendment rights were
violated as a result of a mistake of law.”[2] Besides finding that he was
arrested illegally without probable cause, the court blocked the majority of
evidence passed by the F.B.I. to prosecutors at the NY State DA's office, as
that property was supposed to be returned to Mr. Aleynikov upon his acquittal.

[1]
[http://en.wikipedia.org/wiki/Sergey_Aleynikov](http://en.wikipedia.org/wiki/Sergey_Aleynikov)
[2] [http://dealbook.nytimes.com//2014/06/20/judge-throws-out-
evi...](http://dealbook.nytimes.com//2014/06/20/judge-throws-out-evidence-in-
sergey-aleynikovs-code-theft-case/)

~~~
ChuckMcM
While I agree it was egregious I think people may be missing the point. The
FBI is getting a huge black eye here, Goldman is already losing out. This is
how our system works.

Goldman over reached and through their efforts got this guy arrested. That
they could do that, is a problem, but now everyone involved has been
thoroughly spanked (with some bonus civil case spanking as well it seems). So
the next time Goldman call's the FBI, they are going to be treated much more
skeptically and the agents in charge are going to be unwilling to do anything
based on Goldman's "word". Because the agents will remember this and they do
not want to be the butt of interagency jokes, or up on civil liability.

~~~
loopholeclosed
[http://www.mondaq.com/unitedstates/x/215714/employee+rights+...](http://www.mondaq.com/unitedstates/x/215714/employee+rights+labour+relations/Understanding+The+New+Theft+Of+Trade+Secrets+Clarification+Act+Of+2012)

They've already "clarified" and "closed" that loophole. Next time, the
programmer actually would go to jail.

~~~
ChuckMcM
In a meta sense I'm curious why you had to create a new account just to post
this, although I know the position that the system we have in place actually
does work [1] is unpopular.

The system is messy, it doesn't travel in a straight line from broken to
fixed, and it takes a lot of time and energy to get right. Consider
Prohibition for a moment, it was freaking _unconstitutional_ to drink for a
while there. Yes it was broken, yes it got fixed. Just like Marijuana use is
getting fixed, slowly, inexorably, fixed.

Martin Luther King was jailed by a broken system, and slowly, over time, it
has been getting fixed.

You cannot see a tree grow, but it does. And many people cannot see that our
system of governing is working, but it does. As long as you take the long
view, it will. Believe that you are a helpless pawn and all is lost, and it
won't.

[1] Rights for same sex marriage anyone? Used strong encryption in email?

~~~
loopholeclosed
> In a meta sense I'm curious why you had to create a new account just to post
> this

Events led me to conclude that using the same account consistently was a bad
idea from an employment standpoint. It has nothing to do with this. It is just
what I do now. Hell, the password for this account should be easy to guess if
you start with the letter a and work your way to the right.

> You cannot see a tree grow, but it does. And many people cannot see that our
> system of governing is working, but it does. As long as you take the long
> view, it will. Believe that you are a helpless pawn and all is lost, and it
> won't.

It is my belief that wealthy people can (usually) get away with passing
whatever crap they want through Congress.

The only tool I have at my disposal is point out when this happens and hope
people get outraged enough to do something. I'm confused why you view that
with a belief that I'm helpless?

P.s. Given that I basically gave away the password, this is the last time I'll
use the account.

~~~
loopholeclosed
Upon further reflection, maybe I should just keep using it.

Demonstrating that multiple people could have access to the account makes an
excellent case for plausible deniability. In the right circumstances a court
could compel HN to distinguish between these users (or at least, prove that
the "multiple" aspect is a fiction), but the existence of doubt minimalizes
the professional risk. This feels like about the right level of security for
unpopular political meta-comments of this sort.

~~~
loopholeclosed
Ah, but are we paranoid or in possession of multiple personalities?

Then again, the risk of a court is never really a risk. This is perfectly
legal. :P

~~~
loopholeclosed
>Ah, but are we paranoid or in possession of multiple personalities?

Maybe for the former, the latter is true without a doubt.

------
happimess
It is worth remembering that part of the case against Mr. Aleynikov involves
his use of "subversion" software, which sounds, well, subversive.

From the Vanity Fair article[1]:

"The Web site Serge had used (which has the word 'subversion' in its name) as
well as the location of its server (Germany) McSwain clearly found highly
suspicious."

[1][http://www.vanityfair.com/news/2013/09/michael-lewis-
goldman...](http://www.vanityfair.com/news/2013/09/michael-lewis-goldman-
sachs-programmer)

~~~
protomyth
Yep, that's about par for the course reporting. If it sounds ominous, it must
be. I remember a small town newspaper that was all mad 10+ years ago about the
master / slave IDE toggle and how it was racist. It was not an Onion article,
sadly.

~~~
amitparikh
This quote was not about the reporter or the news outlet. Michael McSwain was
the FBI agent in charge of the case, and the reporting seems to suggest that
having 'subversion' in Sergey's Web history was a component of building
probable cause.

~~~
protomyth
Remind me to write a a source code control system called "Patriot". I really
don't want to know what they think of "git".

On a serious note, I guess the modern lesson is names are used by idiots to
attack us so pick your project names carefully.

~~~
gknoy
"Patriot is binary-compatible with Git ..."

    
    
      sudo cp /usr/bin/git /usr/bin/patriot
    

... of course that is likely not enough, as all the porcelain still says
"git". ;)

------
davidw
I hope he can, sooner or later, put these legal battles behind him and return
to programming. He's a pretty good Erlang coder:
[https://github.com/saleyn](https://github.com/saleyn)

This, in particular, is extremely useful for anyone using Erlang to interact
with external processes:
[https://github.com/saleyn/erlexec](https://github.com/saleyn/erlexec)

------
amalag
Interest that after reading the wikipedia article the NY state prosectors
messed up by trying to arrest him a second time. In that second arrest the
judge ruled that the arrest by the FBI was illegal. Thereby giving him this
opportunity for the civil case.

However the law is changed for future source code thefts. Here is an industry
perspective

[http://www.mondaq.com/unitedstates/x/215714/employee+rights+...](http://www.mondaq.com/unitedstates/x/215714/employee+rights+labour+relations/Understanding+The+New+Theft+Of+Trade+Secrets+Clarification+Act+Of+2012)

The only technicality that freed Aleynikov was that the source code was not
sold as a product itself.

~~~
antiics
Wow, that Mondaq article is really the opposite of objective. Author Dylan W.
Wiseman is really letting us know which side he's on with gems like "To
correct the obvious injustice of the Aleynikov ruling..."

~~~
rudolf0
Ignoring the obvious FBI blunders and them being far too buddy-buddy with
corporations, doesn't he have a point?

Aleynikov intended to monetize code which was technically Goldman's property,
even if he wrote most of it. It would be a different story if he simply wanted
to keep the code for archival and review purposes; he actually tried to help a
startup by using it.

It sounds like he did violate the spirit of the law, if not the letter.

~~~
Someone1234
After reading more into this, I agree.

However I would also like to add that 8 years (+3 under supervision) is
bonkers and completely disproportionate with the crime.

Just to put that into perspective, someone could commit rape twice and be out
of jail first (3 years piece approximately, or 6-7 years total).

It seems like as soon as a computer is involved in a crime, the sentence gets
quadrupled. Instead of breaking into someone's computer, you should just run
them down with your car, you'll likely get off easier in the latter case...

~~~
rudolf0
Funnily enough, after reading more into this myself I'm actually going to
partially retract some of my statements above.

I don't know if it was definitively proven that he copied the code with the
intent of helping the new startup. The evidence the FBI found was that he had
the code on a laptop when meeting some of their founders, but I don't believe
they had proof of what his intent was or proof that he shared it with them or
that they were even aware of it.

He claims he did not intend to do any such thing:

>When he left, Sergey Aleynikov took a segment of code with him that was based
on open source, but had some alterations that technically made it proprietary
Goldman Sachs software.

>According to Sergey Aleynikov, the software was of no consequence to his job
at Teza Technologies, but once they realized he had taken a segment of code
from their servers Goldman Sachs contacted the FBI and within 48 hours
Aleynikov was in custody.

So I would say the sentence should be based on the proven intent. If he really
did intend to use most or all of the codebase while at the startup to gain
them an edge, then I think a jail sentence is fair (though I agree 8 years is
way too long). Otherwise, probably not, at least depending on how accurate his
story is of what % of the codebase was open source originally.

------
datashovel
I think Goldman Sachs was more worried that he was taking his brain with him
to a competitor. The banking cartel certainly has to be high on Silicon
Valley's list of "industries that need to be disrupted". The sad thing is he's
probably being prosecuted for things he created within the walls of Goldman
Sachs and could probably easily re-create from scratch without them.

------
chrisbennet
Except of Flash Boys book from from the Vanity Fair article:
[http://www.vanityfair.com/news/2013/09/michael-lewis-
goldman...](http://www.vanityfair.com/news/2013/09/michael-lewis-goldman-
sachs-programmer)

 _" He agreed to hang around for six weeks and teach other Goldman people
everything he knew, so they could continue to find and fix the broken bands in
their gigantic rubber ball. Four times in the course of those last weeks he
mailed himself source code he was working on. (He’d later be accused of
sending himself 32 megabytes of code, but what he sent was essentially the
same 8 megabytes of code four times over.) The files contained a lot of open-
source code he had worked with, and modified, over the past two years, mingled
together with code that wasn’t open source but proprietary to Goldman Sachs.
As he would later try and fail to explain to an F.B.I. agent, he hoped to
disentangle the one from the other, in case he needed to remind himself how he
had done what he had done with the open-source code, in the event he might
need to do it again. He sent these files the same way he had sent himself
files nearly every week, since his first month on the job at Goldman. “No one
had ever said a word to me about it,” he says. He pulled up his browser and
typed into it the words: Free Subversion Repository. Up popped a list of
places that stored code, for free, and in a convenient fashion. He clicked the
first link on the list. The entire process took about eight seconds. And then
he did what he had always done since he first started programming computers:
he deleted his bash history. To access the computer he was required to type
his password. If he didn’t delete his bash history, his password would be
there to see, for anyone who had access to the system."_

------
harry8
Can I just make sure that someone mentions the most powerful motive that a
shop like GS _would_ _likely_ have?

HFT barrier to entry is expertise. Any firm has as their biggest competitive
risk their employees setting up with that expertise in competition. It happens
all the time. To counter that the optimal strategy of an HFT shop where an
expert resigns is to sue them as far and deep into the ground as they can why?

 _As_ _a_ _lesson_ _to_ _all_ _remaining_ _staff_

This gets an HFT shop additional barrier to entry from competition from
existing experts, their own.

Did GS deliberately follow this optimal tactic? I don't know, I have no
evidence. Maybe the fact it is optimal for other reasons is unrelated and
possibly even unknown to them. Form your own opinion on the balance of
probabilities there.

~~~
abalone
Couple points:

1\. They didn't sue him. They complained to the FBI and the government
criminally prosecuted him for violation of the Economic Espionage Act.

2\. The basis of the prosecution was that he exfiltrated 500,000+ lines of
source code.

Doubtful this particular "tactic" could be more generally applied unless staff
are engaging in similar activities now clearly prohibited under the EEA.

------
abalone
I'm new to this but after reading up on the background I think this case is
being somewhat mischaracterized in the comments here. I know we are all anti-
authoritarian hackers at heart but HN also stands for accuracy and fairness.

I would say the general tone here is "jack-booted FBI thugs falsely arrest
hacker because their pal at Goldman Sachs pulled some strings". The
implication being that this has all unravelled and he is now suing the
government for corrupt trampling his constitutional rights.

After reading up, I would say a fairer characterization is "guy who got caught
stealing proprietary code got off on a technicality because the law doesn't
actually cover HFT code due to shortsighted phrasing".

Before you hit that downvote button, here's my support: _the judge who
overturned it called this out_ and Congress passed a law in 2012 to close the
loophole through which he got his conviction overturned.

From the Congressional Record[1]:

Quoting the appeals court, _" just before his going-away party, Aleynikov
encrypted and uploaded to a server in Germany more than 500,000 lines of
source code for Goldman's HFT system ..... On June 2, 2009, Aleynikov flew
..... to Chicago to attend meetings at Teza. He brought with him a flash drive
and a laptop containing portions of the Goldman source code. When Aleynikov
flew back the following day, he was arrested by the FBI .....''"_

 _In his concurring opinion, Judge Calabresi [Cal-abress-E] directly called
upon Congress to clarify the scope of the EEA [Electronic Espionage Act] as he
wrote:_

 _[I]t is hard for me to conclude that Congress, in [the EEA], actually meant
to exempt the kind of behavior in which Aleynikov engaged .....
[n]evertheless, while concurring [in the opinion], I wish to express the hope
that Congress will return to the issue and state, in appropriate language,
what I believe it meant to make criminal in the EEA._

Specifically the EEA used to say "included in a product that is produced for
or placed in" interstate commerce, which the court thought didn't technically
cover HFT code, and now reads "a product or service used in or intended for
use in". That's it. That's the loophole.

If there ever was a case of violating the spirit, but not the letter of the
law, this is it.

[1] [http://thomas.loc.gov/cgi-
bin/query/z?r112:H18DE2-0051](http://thomas.loc.gov/cgi-
bin/query/z?r112:H18DE2-0051):

~~~
Lewton
I really recommend you read the vanity fair article posted earlier.

[http://www.vanityfair.com/news/2013/09/michael-lewis-
goldman...](http://www.vanityfair.com/news/2013/09/michael-lewis-goldman-
sachs-programmer)

It is quite clear that he did not violate the spirit of the law. There was no
clear intent to steal any "trade secrets" from Goldman Sachs, and the analogy
brought up in the last part of the article that compares it to taking home a
notebook you've used for scribbling down thoughts after you've quit your job,
is apt

~~~
abalone
_" It is quite clear that he did not violate the spirit of the law."_

Very, _very_ clearly, everyone from the legislature to the judiciary is in
agreement that he violated the spirit of the law.

Even the judge who overturned the conviction said it was hard for him to
believe that Congress didn't mean for the law to make his actions criminal.
And then Congress immediately updated the letter of the law, unanimously, all
the while explaining how it's unfortunate the previous letter of the law
didn't capture the spirit of what they intended, specifically mentioning this
case.

Also, the "it's just a notebook with scribbled down thoughts" analogy is poor.
That implies that it's just his own thoughts he took. He uploaded 500,000+
lines of source code, then tried to cover up his tracks. That is exfiltrating
extensive, proprietary trade secrets and was repeatedly cited by Congress as
just the sort of activity they wished to criminalize in the Economic Espionage
Act.

By the way, I don't think he should serve any more time. The sentence was too
harsh IMO. But there is _no question_ it is (now) illegal activity, because
Congress specifically updated the law to make his exact actions illegal,
_naming him personally_.

(Of course, they weren't technically illegal at the time he did them,
according to the appellate court, which is why he was set free.)

~~~
Lewton
He did not "try to cover up his tracks", he did what he'd do basically every
day as a normal software developer doing his job. The "encrypted it and
uploaded it to a server in Germany" is a red herring that shows exactly how
inept the judiciary was in interpreting his actions. Why does it matter that
the server was in Germany? Isn't it common sense that he would encrypt any
data he uploads?

And it's nonsensical to not try and interpret exactly what it is he copied and
why he did so. As the vanity fair article points out, he did not in fact copy
any of the vast amounts of valuable data he had access to. (He had access to
everything!). But he chose tedious infrastructure code instead, to get a sense
of what non-proprietary libraries that were used

~~~
abalone
_> he chose tedious infrastructure code instead, to get a sense of what non-
proprietary libraries that were used_

That is a generous speculation regarding his motives. As GS notes in their
response to Vanity Fair, "While some of those files included open source
software, the Court determined that 'a substantially _greater_ number of the
uploaded files contained proprietary code.'" (emphasis mine)

But as far as whether what he did violated the spirit, and now letter of the
law we have a conclusive answer direct from _Congress_ : Yes, he did.

------
spiritplumber
Whoever loses, we win?

~~~
negrit
We already lost.

Stupid shit like this done by the FBI is causing tax payer money. If Sergey
Aleynikov wins then guess where the money will come from...

I always thought people should be financially accountable for their actions.
The only thing that really work, is touching the wallet.

~~~
hurin
This.

We tend to cheer for social justice against government abuse of power, but
we're always the ones footing the bill.

Settlement and damage costs should come out of the agent's salaries across the
entire organization.

Maybe police officers will stop shooting black teenagers if everyone on the
force is docked $5000 for each application of lethal force.

~~~
fnordfnordfnord
No, then decent cops would leave, and we'd be left with jerks who have low
job-mobility (no other skills), but are adept liars who can cover their asses
when they get near trouble.

~~~
hurin
Most police officers already are jerks with low job-mobility - but I do think
a framework where the department suffers for an individuals actions (and not
the taxpayer footing the bill) would have a positive feedback effect.

If another officer's indiscretion or negligence were to reflect on _your pay
check_ , you would be _less likely_ to help cover it up or ignore it.

~~~
fnordfnordfnord
I think I'd prefer the idea (I forget where I first saw it) that officers have
to buy a bond/insurance. That way the worst ones would price themselves out of
the market. Having group rates for officers/departments might have the effect
you're looking for. I don't mind it terribly that local taxpayers have to foot
at least some of the bill for this kind of thing. Hopefully they will be
reminded come election time if a sheriff or a mayor has allowed deputies to
run rough shod over peoples' rights.

------
nikanj
Blergh, almost half of my screen real estate is taken up by the top bar. I bet
somebody got a bonus for that, as Raymond would say.

------
seesomesense
Would you employ Sergey ?

