U.S. v. Aleynikov: Source Code as a Stolen “Good” in a Case of Interstate Economic Espionage

On March 16, 2011, the Southern District of New York denied former Goldman Sachs programmer Sergey Aleynikov’s motion to dismiss his conviction for theft of trade secrets under the Economic Espionage Act (“EEA”). The court held that the evidence was sufficient to show that Aleynikov had stolen trade secrets and transported them across state lines, and further held that the stolen source code from Goldman Sachs’ high frequency stock trading system was a “good, ware or merchandise” under the National Stolen Property Act (“NSPA”). Aleynikov’s trial was one of two recent cases involving theft of source code for high frequency trading systems, both of which were tried in New York’s Southern District under the Economic Espionage Act.

 

High Frequency Trading

High frequency trading involves the use of computerized algorithms and highly sophisticated programs to trade securities. Firms that engage in such trading hold onto positions for seconds at a time, and generally end a trading day with no net positions. Decisions are made through high-speed mathematical analysis of market data, taking advantage of trading opportunities that open up for fractions of a second. The field is technologically complex, highly competitive, and very lucrative. High frequency trading systems require significant time and resources to develop and maintain. Court documents in the Aleynikov case estimate that it would cost roughly $10 million and two years to build a high frequency trading system from scratch.

 

Aleynikov – Theft, Subversion, and Espionage

Goldman Sachs employed Sergey Aleynikov as a programmer from May of 2007 to June of 2009, when he accepted an offer from a Chicago-based startup called Teza. About two months prior to his last day at Goldman Sachs, Aleynikov began uploading proprietary data to a subversion site on a German server. He went out of his way to avoid detection, deleting his encryption key and attempting to clear his bash history. The files he stole included, in the court’s words, components “connecting to the various securities exchanges; reading the incoming price data; pricing algorithms; trading strategies; the infrastructure for routing the trading decisions back to the exchanges; and applications for monitoring the performance of all of these intricate parts of the trading system.”

Members of the Goldman Sachs security team noticed Aleynikov’s theft of proprietary files shortly after he left the company, and immediately notified the authorities. On July 3, 2009, the FBI arrested Aleynikov at Newark airport as he was returning from a meeting with Teza in Chicago. He was carrying a thumb drive and laptop computer containing Goldman Sachs’ proprietary source code. His home desktop computer also held proprietary code. While in Chicago, he had uploaded at least two files containing proprietary Goldman Sachs source code to a Teza server. In an e-mail to his Teza colleagues, he implied that the source code contained in the two files he uploaded was his own, tacitly taking credit for Goldman Sachs’ proprietary work.

In December of 2010, a jury found Aleynikov guilty of three counts of theft of trade secrets under the EEA of 1996, and interstate transportation of stolen property under the NSPA of 1934.

 

Code as “Merchandise”

Perhaps the most innovative aspect of the court’s decision in the Aleynikov case was its focus on the statutory semantics of the NSPA. Unlike the EAA, whose enactment was meant to provide statutory protection for intellectual property, the NSPA was originally intended to protect more concrete interests.

The full title of § 2314 – the section of U.S. Code that contains the act – is “Transportation of stolen goods, securities, moneys, fraudulent State tax stamps, or articles used in counterfeiting.” It states, in relevant part: “[w]hoever transports, transmits, or transfers in interstate or foreign commerce any goods, wares, merchandise, securities or money, of the value of $5,000 or more, knowing the same to have been stolen, converted or taken by fraud . . . [s]hall be fined under this title or imprisoned not more than ten years, or both.” In his motion for dismissal, Aleynikov seized upon the words “goods, wares, merchandise” and argued that this was an indication that intangible items like source code are not covered by the NSPA. The court found that the evidence of a thriving market for high frequency trading systems, as well as the fact that such systems are designed for interstate commerce, confirmed that the stolen source code constituted a “good” under the statute.

 

Sentencing – Setting an Example

Just prior to Aleynikov’s trial, a former Societe Generale programmer named Samarth Agrawal was tried for a similar theft of trade secrets under the EEA. Agrawal was accused of stealing proprietary source code for Societe Generale’s high frequency trading system with the intent to sell it to Tower Research Capital, LLC, a hedge fund. There are two key differences between the outcome in Agrawal’s case and the outcome in Aleynikov’s case. The first difference is that Agrawal was prosecuted under the EEA, but avoided the NSPA by virtue of the fact that he never crossed state lines with his stolen source code; both his employer and the hedge fund he was hoping to do business with were in New York City. The second is that Agrawal was sentenced to three years, whereas Aleynikov was given a much stiffer 97 months. Judge Denise L. Cote noted that Aleynikov deserved “a significant sentence because the scope of his theft was audacious — motivated solely by greed, and it was characterized by supreme disloyalty to his employer.

Judge Cote’s words could just as easily be applied to Agrawal’s case. Why, then, the disparity in sentencing? It seems possible that the Southern District of New York, noticing two cases with similar fact patterns involving theft of trade secrets in the area of high frequency trading systems, decided to make an example of Aleynikov by enforcing a sentence much closer to the statutory maximum of ten years. As the court described, the market for high frequency trading algorithms and source code is significant, and barriers to the market are high. High frequency trading is certainly a market that could be very attractive to ambitious corporate spies and aspiring thieves. An eight-year sentence could be viewed as a significant deterrent to anyone considering actions similar to Aleynikov’s.

 

Implications

This case provides evidence of the court’s intent to protect the intellectual property of firms engaged in the development of high frequency trading systems. High frequency trading is a lucrative business, and a methodology that has become vital to the daily activities of many securities markets. Future cases involving high frequency trading will likely be handled with the same level of care, with a strong reliance on the EEA.

The most intriguing aspect is the court’s conception of source code as a “good, ware or merchandise,” which sets a strong precedent with regard to acknowledging the tangible value of non-tangible goods. The invocation of the NSPA was a bold indication of the court’s willingness to impose criminal penalties in cases where all or part of a product’s source code is compromised by theft, expanding existing protection of such code beyond the scope of the Copyright Act and Patent Act. Future cases involving sophisticated programming and technical concepts – whether for high frequency trading, gaming, or mobile devices – could benefit from the clarity provided by the court’s rational approach to source code in this case.

Cite as: Damion Jurrens, U.S. v. Aleynikov: Source Code as a Stolen “Good” in a Case of Interstate Economic Espionage, Berkeley Tech. L.J. Bolt (October 24, 2011), http://btlj.org/?p=1491.
This entry was posted in The Bolt and tagged , , , , . Bookmark the permalink.

One Response to U.S. v. Aleynikov: Source Code as a Stolen “Good” in a Case of Interstate Economic Espionage

  1. frank rhame says:

    Excellent review.

    I wonder if Teza still has the source code and how it might be gotten back or how Teza might now be kept from using it.

    I also wonder how Agrawal stole code without it ever crossing state lines. That must have taken some effort and avoided ever crossing the Hudson with a relevant thumb drive or emailing anything (surely one packet would have left NY)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>