No. The most interesting part is that this is an example of a vindictive employer ruining someone's life.
I used to work at Goldman's and can tell you that they are paranoid about this kind of thing. They are trying to make an example out of Sergey. We used to get daily updates (on the corporate intranet) about the progress of the case. There is no telling how much money Goldman's has spent going after this guy. Both directly and indirectly through lobbying. You have to ask why, after a year in jail with no conviction, the government still trying to prosecute him? Could it be because Goldman has a very powerful lobbying arm which is particularly strong in New York?
If you are leaving your employer, don't upload any code. Sure. ...but that was over 6 years ago and the guy has already done time. Try getting a job with a prison record. I can tell you that in the banking industry it will not happen.
I wouldn't be the least bit surprised if they keep coming after him. Poor guy.
One last point. There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to? Microsoft wouldn't be interested and it is not like you can take out an ad on ebay. Who would have the brains to figure it out? If you had those brains, wouldn't it be easier to just write it yourself? What is true for Google's code is also true for any complex system such as trading software.
My best friend works at Goldman, and used to sit next to Sergey. Three things:
1. There were definitely NOT daily updates about the progress of this case
2. He WAS absolutely trying to steal code. Goldman high-frequency code isn't great (except in options market making). The thing that ultimately flagged him was that he kept trying to clear his .history file.
3. He wasn't planning on selling it. He was planning on taking it to Teza, a place that has a notorious reputation for poaching people and code.
This was an exaggeration that I did not think would be taken literally. We had updates as the case progressed. I would guess about once a month. These updates were on the corporate intranet home page which generally contained about 5 links to 'external news' or something.
>He WAS absolutely trying to steal code. Goldman high-frequency code isn't great...
You have written this in a weird way. I agree he was trying to steal code. The quality of what he stole is not relevant. The way you have written this, it could be read: "He tried to steal high-frequency code". This is very much debatable. I could easily argue that Log4J is part of Goldman's high-frequency code.
He did try to cover his tracks. What he did was wrong and he knew at the time it was wrong. Six years later, does the punishment fit the crime?
>He wasn't planning on selling it. He was planning on taking it to Teza
Yes. This is the interesting point. He wasn't planning on selling it because there is no market for it. By this, I mean that there is no place he could list the code for purchase because:
1. It would be illegal and other companies frown on that kind of thing (at least on paper).
2. The code would not be worth much without an understanding of what it does in the wider ecosystem.
Point two is key. Sergey understood the code. He was uploading it to help him remember the work he had done at Goldman's. There is very much a market for, "I did XYZ at Goldman's, I can do it for you too." I have no doubt that he would have been able to do it again without the source code, but he wanted his 'notes'.
GS didn't want him to apply his trade at another firm. Hence the 'vindictive employer' remark.
How long before another developer gets harassed by Goldman's because they printed off some technical documentation before leaving? What if the documentation is printed a month before leaving? ...a year? ...where is the line, exactly?
What you wrote above is basically hearsay, which is not allowed as evidence in the United States (barring some exceptions). Not sure why it should hold any weight on an online discussion forum.
>The thing that ultimately flagged him was that he kept trying to clear his .history file.
I'll assume you mean .bash_history This discussion has been had here before. There are plenty of good non-sketchy reasons to delete it, and at some places it is mandatory.
It's also not unheard of to encrypt files for transit, and for storage on untrusted remote machines. I'm sure someone else around here could show you a few dozen ways to pipe that through gpg, a few of which might also require a password to be used in the command, necessitating the deletion of .bash_history
You may criticize him for using encryption but what would you have him use, plaintext and ftp?
The value in the code is not the code itself, but the models it encapsulates.
For those interested, Teza uses (single-threaded) Java and Hadoop (or at least they used to), and Goldman Sach's high-frequency code was written in C++.
One last point. There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to?
Google's search algorithm might not be very marketable but I can think of tons of different uses for stolen proprietary trading algorithms. The potential for inflicting enormous economic damage is very real.
If the code allows someone to generate positive returns, then there is a tremendous market for it if the person who writes it comes with. (I do believe the value of code drops dramatically if the person who write it is gone) In this case, the person could take the code and generate money for another fund.
This doesn't mean that GS is doing the right thing going crazy after him, rather it's just an explanation that he could make money with it elsewhere.
One thing about this case puzzles me, and none of the news coverage I found explains it: what code did he actually take?! Details matter. Was it a tweak of something like Samba (obviously GPL)? Or was it part of a proprietary risk management system, derivatives models, or other direct money-making programs?
If he took the former, then I'd side with him — he took nothing of genuine value. If he took the latter, then, très uncool. (I witnessed several incidents of model theft while serving time on Wall Street in the mid-2000s, and none were publicly pursued like this one.)
In Flash Boys, he makes it clear that he did not take any trading strategies or in-house models.
They don't provide a ton of detail in the book, but it seems that he wanted to take some FOSS code he modified himself while at Goldman. All code ever used on a Goldman machine is licensed as proprietary, even if it was downloaded from a FOSS repository 1 µs beforehand. It's mentioned that some irrelevant infrastructure code may have been intermingled with the modified FOSS he took, though it doesn't seem Goldman was particularly incensed by any particular piece of code, simply by the fact that he took any to begin with.
Also in the book, Michael Lewis brings together a panel of HFT technologists to interview Sergey and assess whether anything he took was consequential. Their collective conclusion after meeting with him for several hours was that he took absolutely nothing of value.
By never distributing the result outside the company, and not caring about intermixing proprietary code with it? The GPL, like most other FOSS licenses, only applies to distribution; no distribution, no license compliance issues.
A comment elsewhere in the thread suggests that they put their own proprietary license header at the top. Which is legal if they never distribute the result.
The MIT license explicitly applies to those who obtain a copy of the code, not those who distribute it (although you are explicitly granted the right to distribute the code if you do obtain a copy of the code).
It also requires that all copies or substantial portions of the software maintain the copyright notice and the license text. If Goldman is just ripping off copyright notices and MIT licenses and slapping on their own copyright notice and license (or lack, thereof), they are doing it wrong. Way wrong (would not surprise anyone though).
>Copyright (c) <year> <copyright holders>
>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Not that simple. You can't just place your license above someone else's code even if you do not distribute externally, at a minimum you are going to distribute it internally. I'm not sure what legal avenues exist to prohibit this but this does not simply get a pass.
If it's permissively licensed, sure. But not just any license.
distribute it to whom? it was certainly distributed to the machines that are rented by a company which only assets is the fact it's close to the trading servers.
That is (generally) not how it works. HFTs rent rack space in which to insert machines that they themselves build, own, and maintain. The code never leaves the network/property of the company in usual circumstances.
In the book, Sergey says they simply rip the FOSS license off the header and replace it with a Goldman proprietary license. It's implied that the legality of this is a grey area.
Ripping software licenses of from software is extremely unlikely to be a grey area. The license is what gives a person permission, and if they remove it, so goes the permission. I would compare it to a person boarding a train, and then imminently throwing away the ticket.
What he took was proprietary infrastructure-related code that didn't involve any of Goldman's trading algorithms. His claim is that it was so tangled up with the open source code he wanted that he had to take it out to get it.
If you can't think of buyers for Googles secret sauce you should think again, just about every two-bit SEO guru would be willing to pay for that (assuming they could understand it) to be able to better game the system. Obviously this has value.
from Bloomberg[1]
"Under cross-examination by Assistant District Attorney Elizabeth Roper, Malyshev said that Aleynikov would have been the second-highest paid person at Teza, and that he was the only employee that he had offered to pay three times a former salary"
I can't find a citation, but he was worth that much to Teza precisely because of the HF trading models he was bringing with him. I've worked at hedge funds where quants did have rights to their own trading algorithms and under their agreement they could leave and take them to the next shop. If Sergey did not have such agreement, taking anything (even his own code) would be considered company property.
I am not familiar enough to say he did or didn't steal company property, but I would certainly not say that "there is no market for stolen code". If all he really took was open source code than this is indeed a witch hunt, but I don't see why any company would pay so much if they could just get the free open source code.
> I am not familiar enough to say he did or didn't steal company property, but I would certainly not say that "there is no market for stolen code".
He hasn't stolen anything (since the source code is still on GS' computers), he just copied it illegaly. Using the word "stealing" for this is plain propaganda.
> What is true for Google's code is also true for any complex system such as trading software.
I'm not sure that follows. Many trading companies operate as black boxes, and there are a hell of a lot more of them, and they have much fewer employees, and seem to exemplify a "get rich quick" attitude.
>There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to? Microsoft wouldn't be interested and it is not like you can take out an ad on ebay
This is just not the case. Google "sued trade secret misappropriation." The classic example is a company hiring someone with a wink and nod and they bring over all sorts of stolen documents.
Likely British usage. We pluralize company names in many cases: Goldmans, Tescos, etc, and refer to them plurally (so, "Goldmans are seeking to ruin Sergey" vs. "Goldman is seeking..."). Apostrophe is probably wrong :)
Yeah, I'm still not feeling much sympathy for him though. He did 11 months for a premeditated theft for which he tried to cover his tracks. Is that too harsh? Of course they're going to go after him. And you're worried about him getting another job?? I don't get it.
No. For a neanderthal leadership it doesn't take months to recreate code. It usually takes forever.
Goldman Sachs and many such large corporation, including the US Government, are led by a bunch of dinosaurs. People who do not understand what code is.
What they understand instead is bullying, setting an example like some sort of public execution, owning people to the point of slavery etc. They know what it means to prosecute and destroy lives of individuals. And enjoy parties and drinks on the side in the evenings.
And this is just one example of that tyrannical trait.
I used to work at Goldman's and can tell you that they are paranoid about this kind of thing. They are trying to make an example out of Sergey. We used to get daily updates (on the corporate intranet) about the progress of the case. There is no telling how much money Goldman's has spent going after this guy. Both directly and indirectly through lobbying. You have to ask why, after a year in jail with no conviction, the government still trying to prosecute him? Could it be because Goldman has a very powerful lobbying arm which is particularly strong in New York?
If you are leaving your employer, don't upload any code. Sure. ...but that was over 6 years ago and the guy has already done time. Try getting a job with a prison record. I can tell you that in the banking industry it will not happen.
I wouldn't be the least bit surprised if they keep coming after him. Poor guy.
One last point. There is no market for stolen code. If I stole Google's search algorithm, who would I sell it to? Microsoft wouldn't be interested and it is not like you can take out an ad on ebay. Who would have the brains to figure it out? If you had those brains, wouldn't it be easier to just write it yourself? What is true for Google's code is also true for any complex system such as trading software.