Interesting case. Horrifying (I kept imagining myself in his place) but interesting. Show just how inadequate the judicial system is for dealing with highly technical matters.
It seems to me to be a bit of a stretch to say that it was nothing. The Second Circuit’s opinion (pdf) describes his conduct as “in breach of his confidentiality obligations to Goldman” and “dishonest in ways that would subject him to sanctions,” and it describes him as having stolen highly valuable information.
However, the US Government (somewhat inexplicably, in my view) opted to charge him under two statutes that were inapplicable to this particular theft, and hence he is now a free man. He was charged under the National Stolen Property Act, which the Court of Appeals found not to apply to intangible items such as computer code, and the Economic Espionage Act, which the appellate court found not to apply to a company’s in-house technology that is not meant for sale in interstate commerce. The opinion implies that if Aleynikov had been charged with criminal copyright violation, such a conviction might well have been upheld. As the article notes at the end, Aleynikov has now been indicted on state charges by the Manhattan DA, and those proceedings are pending.
He was charged over stuff that programmers routinely do when they move job to job. There is no indication whatsoever that he used any of GS’s proprietary code anywhere.
I’ve saved a few of my programs as I went from job to job. Maybe a dozen total. But nothing like what he took. 32MB of source code is massive. Programs are just text files and very small. Several thousand lines of code are just a few kb’s for a program.
It’s the exe files that get big. I wouldn’t keep those. 1. they are platform dependent. 2. I don’t need them. I occasionally reuse blocks of source code that I wrote and know. Never an entire program.
I have a bubble sort routine that I wrote in college. I still use it once in awhile for sorting small tables.
Thankfully I never worked anywhere that had security concerns. That’s a different environment.
Once again, Terr, you assert as true broad factual statements that dramatically overstate the reality.
The trial court found, as a matter of fact, that Aleynikov uploaded to an external server over 500,000 lines of source code for Goldman’s HFT system, including code for a substantial part of the infrastructure, and some of the algorithms and market data connectivity programs. It’s true that the code also contained some licensed open-source work, but the majority of the pilfered code was proprietary.
So when you say “There is no indication whatsoever that he used any of GS’s proprietary code anywhere,” that’s a complete misstatement of the facts as found true by the trial court.
Isn’t it?
The same 8 MB, x 4. Still very big but 1/4 as big.
No, it isn’t. There is no indication whatsoever that he used any of GS’s proprietary code anywhere. Copying is not using. It would take a year to wade in code and separate wheat from chaff. You take bulk, then you pick the portions to use that you know you are allowed to.
Fascinating article. Most telling, to me, is that he readily admits to screwing up.
[QUOTE=Vanity Fair]
It wasn’t an entirely innocent act. “I knew that they wouldn’t be happy about it,” he says, because he knew their attitude was that anything that happened to be on Goldman’s servers was the wholly owned property of Goldman Sachs—even when Serge himself had taken that code from open source. When asked how he felt when he did it, he says, “It felt like speeding. Speeding in the car.”
[/QUOTE]
And his explanation is a bit iffy. ( The following quote is not the words of Serge, but rather a summary of conclusions from the unofficial Vanity Fair dinner trial):
[QUOTE=Vanity Fair]
Grabbing a bunch of files that contained both open-source and non-open-source code was an efficient, quick, and dirty way to collect the open-source code, even if the open-source code was the only part that interested him. It would have made far less sense for him to hunt around the Internet for the open-source code he wanted, as it was scattered all over cyberspace. It was entirely plausible to them that Serge’s interest was confined to the open-source code because that was the general-purpose code that might be re-purposed later. The Goldman proprietary code was written specifically for Goldman’s platform; it would have been of little use in any new system he wished to build.
[/QUOTE]
So there’s a bunch of open source code, which he could get from anywhere, and some GS proprietary code that he claims he doesn’t care about. Neither of those are worth sending to yourself for later. It seems that what he’s saying is that he’s made some modifications to some open source code, stuff that’s not really relevant to GS, and that he wants to extract those modifications and possibly give them back to the OS community. Except GS expressly forbade him from doing that, and I’m sure he signed an employee agreement that states that any code he produces while working at GS is the property of GS, even if it’s silly open source stuff that they don’t really care about. It sucks, but that’s the deal.
Of course, this is all grounds from some kind of a civil suit, not 8 years of federal pound-me-in-the-ass prison. It seems telling that the new charges, even if he’s convicted, won’t result in any additional jail time. This all seems like a ridiculous power play by a big corporation. I don’t like it.
Do you mean to take the position that he can copy all sorts of proprietary code and remove it from his employer, but this should be considered harmless unless the employer can show that he actually compiled it elsewhere?
What actually constitutes “use,” in your view, then? Compiling? Executing the compiled code? What if it’s interpreter code, or script? Must it be “used” in production, or does using it in a test, or development context count?
I am suggesting, of course, that your distinction – your odd definition of the word “use” – is useless.
So how come GS gets to take open source software and make it proprietary software by fiat? How can you steal something that anyone can acquire for free?
I take the position that copying code is a standard practice among programmers moving from job to job.
Placing the code into a program that benefits him or his new place of employment. Whether it is for internal use or production. There is no indication anything like that happened.
Really? You think if stuff sits on your hard drive it is being “used”?
If I download a video game ROM that is “sitting on my hard drive” without owning the actual copy of the game, that is not legal.
I’m not sure if the two conflate at all legally, but it makes sense to me. I could be wrong.
I disagree with Terr that copying code, even if it’s standard practice, is always kosher; everywhere I’ve worked has made me sign away the rights to anything I produce on company time. If I take stuff when I leave, it’s only because I don’t work for Goldman-freakin’-Sachs.
That said, it doesn’t sound like he *used *any of the code he took, in any normal sense of the word. The entire point of the Vanity Fair article (did you read it?) is that nobody involved in the chain of events really understood what they were upset about. Goldman Sachs painted a picture for the federal government of a guy who stole code to give to a competitor and then covered his tracks. This picture is absurd, but I have no doubt that everyone believed it – Goldman Sachs, the FBI, the AG, the judge, and the jury. Fuck, even the article mistakenly refers to the “subversion repository”, as though it’s a repository for subversive things. SubVersion is a product name, a play on the word “Version”, as in a Software Version Management system.
If you download an OS package and change one line, that one line is most definitely proprietary. Most OS licenses will allow that sort of thing, especially for internal use.
Sure – it’s a resource that you can draw on if needed.
Exactly. And if you have a piece of compiled code that used eight methods from an open-source code repository and one method of your own creation, the resulting object is proprietary.
Righ. It’s a resource you can use. But it is not used until it is.
Every company in the world[sup]1[/sup] uses open-source software as part of their proprietary or internal products.
[sub]1. Perhaps a slight exaggeration.[/sub]
I just can’t imagine pursuing a criminal trial for this. Especially since he never tried selling the code. Its shocking to realize he actually went to prison.
Maybe a civil trial but even that seems vindictive by Goldman Sachs.
Wikipedia summarizes the case.
Every time that Goldman Sachs is mentioned, I like to remember Matt Taibbi’s description of the company as “a great vampire squid wrapped around the face of humanity, relentlessly jamming its blood funnel into anything that smells like money.”