Goldman Sachs sent a computer scientist to jail over 8MB of open source code

I read the original Vanity Fair article. I have to say that the whole thing looks like nothing more than Goldman using its governmental influence to send a message to its programmers that if they leave for another firm, there will be hell to pay. After he won his federal appeal and was released from federal prison, Goldman convinced the State of New York to file charges for the same conduct. That case is pending and he is out on bail. A recent motion to dismiss that case based on double jeopardy was denied. Welcome to the USA - where money buys you all the justice you could ever want.

Link bait title -- <i>It was open source code mixed with Goldman Sachs proprietary code</i>. This is also a summery of a much larger and more complete Vanity Fair article [1].<p>[1] <a href="http://www.vanityfair.com/business/2013/09/michael-lewis-goldman-sachs-programmer" rel="nofollow">http:&#x2F;&#x2F;www.vanityfair.com&#x2F;business&#x2F;2013&#x2F;09&#x2F;michael-lewis-gol...</a>

The most interesting part of the reaction from the Vanity Fair piece for me is how so many geeks had no idea of this story until it was spelled out to them by a mainstream magazine (even though the Aleynikov case was extensively covered here on HN).<p>Now would be a good time to highlight the cases of hackers that Michael Lewis doesn&#x27;t have time to write about: Bo Zhang, Michael Meneses, the Madoff programmers, John Kane (has had most charges dropped now), the Liberty Reserve guys and almost everybody ever charged with Computer Fraud and Abuse Act

I love to stick it to Goldman as much as anyone else here, but I think the story is probably more nuanced than &quot;Goldman jails innocent programmer for leaving the firm&quot;. I know that I have on occasion kept copies of source code for projects that I&#x27;m proud of (and there was often some open source code involved; that changes nothing). Not to give it to someone else, but because I was proud of the work.<p>That is probably a breach of contract but I don&#x27;t think it should be a crime punishable by jail time (unless someone can prove that said code was used to aid another company).

The article talks about the <i>requirement</i> to release source code to the public, if modifications are made. This is a common misconception, but generally not the case, depending on the license. Typically, source code release is required if the software is distributed. If you&#x27;ve modified open source software for internal, private use, you typically are not compelled to release the source code, because you are not distributing the software.

It could have as easily been phrased (and likely would by a prosecutor) as &quot;a cache of source code longer than the King James version of the bible.&quot; The defence could respond &quot;only about three millionths of the amount of data in a human cell&#x27;s nucleus.&quot; &quot;More than seventy times the amount of software needed to land on the moon!&quot;. The amount is irrelevant. He released proprietary source code which is an offence under current law, with fairly well established sentencing guidelines. I agree that the law should be changed, but if you protest a law by breaking it, the results shouldn&#x27;t come as a surprise.

Hmmm. Ok so this guy uploaded both OS and Goldman-authored code - as stated in the article. And uploading pure OS code wouldn&#x27;t make sense anyway as it would be available anywhere. And did so immediately prior to taking a principle role at a competitor start up - no wonder they checked. He knew he was doing something wrong - as stated in the article - and his reason for deleting his bash history makes no sense (surely bash doesn&#x27;t cache passwords) - indicating he was trying to cover his tracks.<p>They&#x27;re gonna want to protect their IP - particularly when it could give a competitor a huge advantage. It&#x27;s not surprising they went after him.

The original Vanity Fair article tries very hard to paint a picture of a stereotypical overly naive techy.<p>Little carefully inserted details such as pain-the-back side of having to mow the lawn, all these details should be creating a picture of life-unsavvy coding reclude in reader&#x27;s mind. The reader supposed to chuckle &quot;how naive, anyone who is on $270K can just hire gardener to take care of the lawn!&quot;<p>I have personal knowledge of programmers taking the code with them when leaving employment for no particular reason except for &quot;in case I might need it as a reference&quot; and then never ever looking at it again. In my mind it&#x27;s very much akin to hoarding.<p>I have very little doubt that the code would be unusable outside of GC infrastructure.<p>What does seem unusually harsh is the punishment for the crime when no damage was ever done to the victim; to me this is an attribute of a show-case trial.

Linkbait title to blogspam for a vanity fair article, contains copypaste snippets from the original.

Previous discussion here:<p><a href="https://news.ycombinator.com/item?id=6146446" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6146446</a>

Since when is a crime measured in megabytes?

I&#x27;m reposting one of the comments from the blog here for a bit more exposure. I think this gives a good alternative viewpoint on the case:<p>&quot;I worked literally side by side with Serge while at Goldman Sachs, so I have substantial perspective on this. Let&#x27;s be clear -- Goldman Sachs did not pursue him, the relevant district attorney of NY did. Goldman&#x27;s job is not to prosecute, it is to provide the facts of the case to the judicial system, which decides whether to go after him or not. We can argue about whether the punishment was excessive but let&#x27;s stop blaming a firm that is a private company which has no ability to prosecute. And I can tell you that what Serge did was incredibly against the terms of his employment agreement. The open source aspect is overblown, obviously if it were freely available and not substantially different he would have no need to upload it days before he left. The fact of the industry is people steal code all the time, he just happened to be one of the unfortunate programmers to be caught and made an example of. But it certainly doesn&#x27;t mean he&#x27;s a victim here. When a company is paying you 500k+ a year to write code on its time, the understanding is that they have the say as to what happens to it, not you. You can&#x27;t just say, I don&#x27;t think this is that materially different so I&#x27;m going to send it to myself before I work for a competitor.&quot;

This guy has made two mistakes: 1. He used OS code without consulting first with legal departament of the company. 2. Transferred the source code outside the corporate network without consulting first with legal departament. His boss may be not competent in this field, but the legal departament must be and, I beleive, they already have a policy for OS solutions. This developer made a measurable damage to the company, which should now take some efforts to clean up the OS code or face possibility of being required to release it&#x27;s own code under OS license. I clearly see this as a good reason to sue him.<p>The main problem with this situation is educational: &quot;brilliant scientists&quot; and &quot;smart developers&quot; (especially from ex-USSR countries) are not paying enough attention to the legal issues related to their jobs. They do not try to secure their rights and do not consider the possibility that they violate the other&#x27;s rights by their technical actions. It would be great if CS courses in universities will include a short talk about what&#x27;s good and what&#x27;s bad in legal field. For now, the more attention will be paid to such cases, the better for everyone.

Seriously, this part (if true) doesn&#x27;t really help him.<p>&quot;He pulled up his browser and typed into it the words: Free Subversion Repository. Up popped a list of places that stored code, for free, and in a convenient fashion. He clicked the first link on the list. The entire process took about eight seconds.&quot;<p>Pushing &quot;proprietary&quot; code to a repo without knowing that it is a) secure and b) allowed feels like a great way do not follow a NDA.

From the comments: &quot;Why are you putting him in jail? Again, Goldman has no ability to put people in jail. Only the justice system does. Why this kind of narrative continues to be OK with people, I have no idea.&quot;<p>This justice system didn&#x27;t decide out the blue to go after Aleynikov one day. G.S. <i>asked</i> them to do it. I suppose if you work for G.S. you need to be very good at rationalizing things in order to sleep it at night.<p>If I worked for G.S. I would probably tell myself: &quot;G.S. doesn&#x27;t cause the starvation of millions of people, we just speculate on food commodities.&quot; (Google &quot;goldman sach starvation&quot;)

From the indictment the source code contained &quot;the trading algorithms that determined the value of stock options&quot; and was &quot;hundreds of thousands of lines of source code&quot;.<p>Source: <a href="http://online.wsj.com/public/resources/documents/021110aleynikovindictment.pdf" rel="nofollow">http:&#x2F;&#x2F;online.wsj.com&#x2F;public&#x2F;resources&#x2F;documents&#x2F;021110aleyn...</a>

After reading the whole VF article I come to two conclusions.<p>1. If you work for a company which (as I&#x27;m sure GS does) has a policy forbidding you from uploading company data to the public cloud, don&#x27;t violate that policy. Especially if it&#x27;s source code you wrote while working there. (The open source argument is a red herring. It doesn&#x27;t matter.). And super especially if you&#x27;re about to leave for a competitor.<p>2. If you work in an industry and for a company that is being scrutinized by the Feds and is heavily regulated, really REALLY don&#x27;t violate policies like this arbitrarily and on your own, because you might go to jail.<p>Is it &quot;fair&quot; what happened to him? No. But lots of unfair things happen. He paved the way with his thoughtless actions.

Was he tried by a jury of software engineers?

Goldman is above the law...