In March 2011, Aleynikov appealed the conviction, asking the Second Circuit to review the District Court's decision denying his original motion to dismiss the indictment for failure to state a claim.[9]
On February 16, 2012, the United States Court of Appeals for the Second Circuit heard oral argument on his appeal and, later that same day, unanimously ordered his conviction reversed and a judgment of acquittal entered, with opinion to follow.[10] Aleynikov was released from custody the next day.
On April 11, 2012, Dennis Jacobs, Chief Judge of the United States Court of Appeals, published a unanimous decision in a written opinion[10] stating:
On appeal, Aleynikov argues, inter alia, that his conduct did not constitute an offense under either statute. He argues that: [1] the source code was not a "stolen" "good" within the meaning of the NSPA, and [2] the source code was not “related to or included in a product that is produced for or placed in interstate or foreign commerce” within the meaning of the EEA. We agree, and reverse the judgment of the district court.[9]
In the course of these events, Aleynikov has spent 11 months in prison. Aleynikov has divorced, lost his savings, and his career is ruined.[11]
The government did not seek reconsideration of the Second Circuit's ruling, thus ending federal action against Aleynikov.[12]
On August 9, 2012, Aleynikov was re-arrested and charged by Manhattan District Attorney Cyrus Vance, Jr.[14] on behalf of New York state, with the offenses of "unlawful use of secret scientific material" and "unlawful duplication of computer related material"[15] based on the same conduct. The state prosecution was initiated based on a signed complaint by the same federal agent, McSwain, who led the investigation of the failed federal prosecution.
[..]
[..] and rejected the prosecutors' plea offer of accepting a single count offense and serving no jail time.
--
If that isn't malicious, I don't know what is. Charging someone acquitted for the same conduct, only to then offer him a plea deal of no prison time? What is the point here?
Should there be?
Goldman Sachs had every right to request that he be prosecuted, but no matter how the case turned out, his life would be ruined. I don't know of a good solution to this issue, but it just seems very wrong. I'm sure there have been countless instances of this happening though.
Maybe a good solution would be to lessen the penalties for this type of crime.
Maybe a legal requirement for a public apology and for the prosecutor to have to pay back legal costs? A portion of this restitution should come out of that courts budget or the department that perused the case without doing their due diligence.
Did Sergey sign something saying that he could never remove code from the building or use it in another project? I'm not sure that it simply being company policy is enough, in my opinion.
Has anyone here ever taken code from one employer with the intent of using it again if needed, simply to save time and not having to duplicate research? Should you be considered a criminal for that? Should you have to pay back the time the company paid you to write that code?
It seems like the lessons are:
1) Don't talk to police, even if you did nothing wrong and they tell you they are on your side. Lawyer up.
2) Don't steal code, but if you do then encrypt it and put it on a portable media device. Uploading to a foreign SVN repository using the companies network wasn't very smart, don't do that.
3) Ensure that your employees know the company's policy on removing code from the premises. It seems pretty obvious but I believe that Sergey honestly didn't think he was doing anything wrong.
0) Don't work for Goldman Sachs. Dance with the sharks, and they'll bite your arm off eventually.
1) Avoid GS like the Satan. Actually avoid the whole financial industry.
Goldman Sachs didn't "jail" this person. Goldman Sachs is a corporation, and therefore doesn't prosecute nor jail people.
Please leave this nonsense on Reddit.
Quotes from the book, p.148 (EDIT: These quotes are in the article here also!!):
"What Serge did not yet know was that Goldman has discovered his downloads- of what appeared to be the code they used for their proprietary high speed trading stock market trading- just a few days earlier, even though Serge had sent himself the first batch of code months ago. They'd called the FBI in haste and had put McSwain [FBI agent who arrested Serge] through what amounted to a crash course in high-frequency trading and computer programming. McSwain later concluded that he didn't seek out independent expert advice to study the code that Serge Aleynikov had taken, or seek to find out why he might have taken it. "I relied on statements from Goldman employees", he said. He had no idea himself of the value of the stolen code ("representatives of Goldman told me it was worth a lot of money"),or if any of it was actually all that special ("representatives of Goldman told us there were trade secrets in the code")."
"The FBI's investigation before the arrest consisted of Goldman explaining some extremely complicated stuff to McSwain that he admitted that he didn't fully understand- but trusted that Goldman did. Forty-eight hours after Goldman called the FBI, McSwain arrested Serge."
So effectively Goldman got Serge arrested, using a clueless agent as a pawn. Some of the code was originally open source, none of the code involved trading strategies (the really valuable stuff) and Goldman's word was enough to convince the FBI that Serge was a dangerous criminal and a flight risk, and ruined his life.
Here is his Github account:
You can find his posts on Erlang's mailing list once a while.
Two of his interesting project I am following:
https://github.com/saleyn/erlexec -- a utility to control OS process from Erlang.
https://github.com/saleyn/eixx/ -- Erlang to C++ interface.
He's a very friendly guy and was quite willing to work with me on the patches I contributed to erlexec.
The Criminal Justice and Public Order Act 1994 provides statutory rules under which adverse inferences may be drawn from silence.
Adverse inferences may be drawn in certain circumstances where before or on being charged, the accused:
* fails to mention any fact which he later relies upon and which in the circumstances at the time the accused could reasonably be expected to mention;
* fails to give evidence at trial or answer any question;
* fails to account on arrest for objects, substances or marks on his person, clothing or footwear, in his possession, or in the place where he is arrested; or
* fails to account on arrest for his presence at a place.
Where inferences may be drawn from silence, the court must direct the jury as to the limits to the inferences which may properly be drawn from silence. There may be no conviction based wholly on silence. Further it is questionable whether a conviction based mainly on silence would be compatible with the European Convention on Human Rights.
> while I appreciate this is a US legal case, in the UK the right to silence can be used against a defendant
as you correctly identified, only inferences in a somewhat defined range of cases can be made.
> One thing that puzzles me, though, is how am I supposed to know what I will rely on in court before I am on trial?
if you fail to answer a question during the investigation, and then later rely on the answer of that question in court. before you get anywhere near a court room, you must know what you have been charged with, arrested, and interviewed, etc. (unless of course you're a terrorist, then, you know, fuck you)
and yes, the ECHR wouldn't be happy with any inferences drawn from silence. i'm sure if a case hinged on these inferences, and the defendant was found guilty, an appeal to them would likely be successful.
although you wont want to hold your breath waiting for it, ~7 years is a long time..
If, on the other hand, I have said nothing other than "I'm not speaking without discussing with my lawyer first", it's much easier for your legal counsel to paint you as just a cautious individual, rather than someone that is trying to cover up a lie.
tldr, "don't talk to the police" is also good advice in Commonwealth countries, not just the US.
I'd love to attend that guy's lecture (what school is this? what is his name?), it's informative, he's funny. Makes me want to retake the LSAT.
An organisation counts the same as an individual, and as long as code stays within the organization that doesn't count as 'distribution', and Goldman Sachs is under no obligation to release the code. They even retain the rights to prevent the code being released.
It's easy to hate on Goldman Sachs for many things, but in this case they didn't violate the GPL, and Aleynikov did commit a crime.
A strange exception - somewhat at odds with the GPL's goals, surely? - but it doesn't seem to follow from the text of the GPL itself.
> Each licensee is addressed as “you”. “Licensees” and “recipients” may be individuals or organizations.
> To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
> All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program.
> You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force.
You state in your profile that you are a student of philosophy. As a person who studies philosophy too, I am really curious, how would you describe your philosophical views?
As for HFT and Goldman Sachs, people are simply bashing based on jealousy of more successful individuals in a different sector, without actually investigating the topic. Like here, where apparently many don't actually read the GPL.
As for philosophy, that's a topic in itself, but let's just put it this way - I had one foot inside the door of a monastery (figuratively), instead chose a different path. Regardless, in worldly matters I prefer a rational approach to knee jerk sentimentality and sensationalism..
This infuriates me to no end. These engineers need to be rounded up, and given a serious life lesson on the reality of markets. Knowing your product/service's worth is step 1 of any free market activity.
Engineering is the only profession where the most talented engineers occupy the lowest compensation brackets with respect to their worth. All sorts of bullshit excuses are made up for this (my favorite - they're "Specialists"), but the bottom line is they are not being compensated at anywhere near what they're worth.
This is why startups, and consulting firms, are so key. If the market you're trying to enter is too big for a small operation (like Wall St.), then just consult. Those 20 superstar programmers need to meet up and start a consulting firm. Then, they sell their services to these banks and charge them whatever they want (read: a lot).
They then use this compensation to hire the best engineers from across the world, and keep them out of Wall St's hands. This wouldn't be too difficult, because Wall St would never match salaries because they are traders, and would die before they paid an engineer more than themselves.
To all of HN: please don't underestimate your worth. It hurts everyone, including yourself.
and aren't they being underpaid because they are seen as replaceable?
I work in a similar environment and I'm fully aware that if I do something remotely like bringing my code from work home, holy crap I'm committing a very VERY serious crime and my employer would go after me as viciously as they could. Very especially if I were to be going somewhere else where this code would set me up to make a new competing engine.
Pushing stuff to SVN and mailing seem innocuous... but depending on what you are actually passing around they can be extremely serious crimes.
It's really not that difficult to comprehend. And it's really not as bad as it sounds, if you want to work in your projects for fun, you do it in your own time. And you can still leave, it's just that if they catch you doing shit like this, it's not going to go down well.
Wait, what?
$> history
...
12345 some_command --username myusername --password mypassword
This comes up fairly often with poorly designed CLI's. Wiping your bash history after running the command isn't an unreasaonble hack.
Edit/Addendum: Although there are other (perhaps better) ways to achieve the same effect, the main point is that doing a "history -c" should be considered no more suspicious than e.g. closing a document to clear your "undo" history.
read -p "Password: " -s password; some_command --username myusername --password "$password" US master spy Clapper says spies steal open source, then immediately
claims ownership and classifies it, and prosecutes if the material is
disclosed, like Goldman Sachs.
that cracked me up!
In fact it sounds as if the defendant actually phrased most of the confession himself...
Obligatory: http://www.youtube.com/watch?v=6wXkI4t7nuc
Sorry if I fail to have much sympathy. If you play in the big leagues, you should at least have some sense of self preservation.
Sergey's Legal Defense Fund - http://www.aleynikov.org/
1. Do I want to make unbelievable amounts of money?
2. Can I do so without running afoul of the law?
It's worth noting Aleynikov had over a decade of very relevant work experience prior to joining Goldman with a starting salary of $260k.
Yes, that's a good salary. However, it's not like top 1% developers with 10+ years of experience will have a tough time matching that outside of the financial sector.
These are things no sane person should do, especially if they're innocent.
"My code is freely licensed open source, Based on GPL, with the addendum that Goldman Sachs can go stick their head in a pig"
As I understand it, there is nothing preventing this from happening.
The freedom to run the program, for any purpose (freedom 0).There appears to be every indication that agent McSwain did everything short of taking explicit marching orders from GS.
The FBI either lacked the will or ability to understand the crimes they were tasked with investigating. I find that disturbing.
"Serge tried to explain why he always erased his bash history, but McSwain had no interest in his story. “The way he did it seemed nefarious,” the FBI agent would later testify." Whom is the FBI agent referring to, McSwain or Serge?
[GPL not mentioned in article; my recollection from the original court documents is that the code was largely LGPL and GPL code]
I also see no mention of the GPL, only open source. So the license could've been BSD or MPL etc.
Also this part might be illegal:
>Later, at his trial, his lawyer flashed two pages of computer code: the original, with its open source license on top, and a replica, with the open source license stripped off and replaced by the Goldman Sachs license.
I'd like them to share the information they create, but I think it steps on others rights if you start trying to force disclosure of information creation.
jeez, those banks pay a pretty penny.
The actions this guy was sued over are likely all things that he had done before.
* misleading title. Goldman Sachs stole nothing.
* This guy steals code from Goldman Sachs.
* Covers his tracks. There is almost no reason why your password ever ends up in your bash history. If it does, you edit out only the password. Or you put a space before the command you run. At any rate, this guy should have known how to prevent his password from getting in the shell history and had no reason to delete his history.
* The guy talks to the cops
* Waves his rights to a lawyer
* Signs a confession
* Lets cops into his house without a search warrant.
* Doesn't testify at this trial.
This guy fully deserved what was coming to him. Goldman Sachs did nothing wrong here.
As to clearing bash history, this isn't criminal, it's just a wise security measure. I've certainly cleared various log files when I knew they contained exploitable credentials. Why the heck would you waste time editing out specific statements? It's not like a bash history is valuable in any normal circumstance.
By the sound of it, he certainly didn't think he was doing anything wrong, otherwise he wouldn't have been helped the FBI so thoroughly.
Sounds to me like nothing he did would have been a problem if he'd have been upfront about it. Basically, Goldman encouraged an atmosphere where people went it alone, implicitly (but not formally) giving them permission to do what they want as long as it gets the job done. Now, after the job got done, they change the rules and screw their employee, who by all accounts did get the job done.
Frankly, if somebody needs to go to jail, it's his boss, by the sound of it.
* First and most importantly, if you want a true log of history this can and should be achieved using a different mechanism (not effected by history -c).
* There exist bad CLI's which require entering the password on the command line. See the conversation below -- it took six posts on HN before the correct solution (make sure certain env vars are set to the right values) came out. So, hardly common knowledge.
- In fact, you space trick doesn't always work. Can I fire you for negligence if someone finds your .history since everyone should obviously know everything about bash history?
* If you run "man history", the very first thing you see is the -c option. Therefore, if you want to clear a password from your history file, this is mostly likely how you'll do it. You're effectively attributing criminal intent to anyone who's not sufficiently unix savvy.
* If you're treating .history is a log file, then you're being pretty damn close to criminally negligent with your logging practices (equivalent of providing an editor for apache's access.log on your homepage).
* Bash history files are not backed up, except perhaps accidentally with the rest of ~.
* History files rotate out after X commands. There is no way of guaranteeing that temporally-defined backup policies snapshot ~ before X commands are run.
Bash history is a "log file" in the same sense as the stack used for Word's "undo" mechanism is a "log file".
http://stackoverflow.com/questions/6475524/making-sure-comma...
TIL! Good tip!