Policy —

Court overturns conviction for theft of Goldman source code

A federal appeals court has thrown out the conviction of a programmer who …

The outcome might have been different if Aleynikov had smuggled the source code out on a thumb drive
The outcome might have been different if Aleynikov had smuggled the source code out on a thumb drive

A federal appeals court has thrown out the conviction of a former Goldman Sachs programmer who stole source code from the firm's high-frequency trading (HFT) system. The court holds that the defendant's actions did not fit the definitions of the federal crimes for which he had been convicted. "We decline to stretch or update statutory words of plain and ordinary meaning in order to better accommodate the digital age," the court wrote.

Sergey Aleynikov was a top programmer for Goldman Sachs until he left in 2009 to work for a start-up firm planning to build a competing high-frequency trading system. Just before he left, he uploaded a copy of Goldman's HFT code to a remote server. He later downloaded the files to his home computer, but his actions were discovered and he was arrested by the FBI a few weeks later.

Aleynikov was indicted under two federal statutes, the National Stolen Property Act (NSPA) and the Economic Espionage Act (EEA). He was convicted by a lower court in 2010, but the United States Court of Appeals for the Second Circuit overturned his indictment, releasing its opinion on Wednesday.

The NSPA makes it a crime to “transport, transmit, transfer in interstate or foreign commerce any goods, wares, merchandise, securities, or money." The government argued, and the lower court agreed, that the source code met the definition of "goods, wares," and "merchandise." But the Second Circuit reached the opposite conclusion, ruling that these terms only include tangible objects.

The court suggested it might have reached a different conclusion if Aleynikov had smuggled the source code out of the building on a CD or thumb drive. But because he uploaded the source code via the Internet, it could not be described as "goods, wares," or "merchandise."

As for the EEA, it prohibits stealing trade secrets that are "related to or included in a product that is produced for or placed in interstate or foreign commerce." Again, the lower court ruled that Aleynikov's actions met this definition, and the Second Circuit disagreed.

Goldman's HFT system was strictly for the firm's internal use. It had not sold or licensed it to anyone else, nor did it intend to do so. According to the Second Circuit, this meant that the HFT system was not "produced for" or "placed in" interstate commerce. And so stealing its source code wasn't a crime under the EEA.

This isn't to say that the Second Circuit has legalized stealing an employer's source code. The court said that Aleynikov had engaged in "conduct that Aleynikov should have known was in breach of his confidentiality obligations to Goldman, and was dishonest in ways that would subject him to sanctions." He may still be vulnerable to a civil lawsuit.

But as Reuters points out, the ruling is the latest setback in efforts to criminally prosecute employees who steal their employers' secrets. On Tuesday, another court threw out an effort to prosecute employees who misuse legally-obtained corporate data under the Computer Fraud and Abuse Act. Thanks to these rulings, employers will bear a larger share of the burden of policing the misuse of their confidential information.

Listing image by Photograph by Vincent Ignace

Channel Ars Technica