Sergey Aleynikov Came Thisclose To Spending The Next Eight Years In Jail

One of my favorite recent acts of journalism is the Journal’s amazing series about how everything you could possibly do is a federal crime, which is both a true fact with serious policy implications and also an important thing for you to remember if you want to stay out of federal prison, which I do; you may disagree but you are wrong. Here’s a pro tip though that you will not (yet) find in the Journal series: there is a decent chance that reading Dealbreaker is a federal crime where you are. The reason for that is that there is a federal statute that says that if (1) there is a computer and (2) someone tells you not to do a thing on it and (3) you do that thing on that computer, then (4) PRISON! And if you work in finance then (1) yes, (2) maybe?,* (3) yes, and (4) no but it could happen.

An important qualifier to that is: as of yesterday, if you’re in California, feel free to read Dealbreaker from your work computer. Hell, go nuts, check Facebook. That’s what a Federal appellate court ruled yesterday, finding against the government, who were prosecuting a guy named David Nosal for violating his employer’s computer use policy. Here’s how the court characterized what the government wanted:

Minds have wandered since the beginning of time and the computer gives employees new ways to procrastinate, by gchatting with friends, playing games, shopping or watching sports highlights. Such activities are routinely prohibited by many computer-use policies, although employees are seldom disciplined for occasional use of work computers for personal purposes. Nevertheless, under the [government’s] broad interpretation of the CFAA, such minor dalliances would become federal crimes. While it’s unlikely that you’ll be prosecuted for [reading Dealbreaker**] on your work computer, you could be. Employers wanting to rid themselves of troublesome employees without following proper procedures could threaten to report them to the FBI unless they quit.

FBI’ing someone out of a job no longer flies on the west coast. But other federal appeals courts have gone the other way, so violating your office computer use rules is still a federal crime in Chicago, Houston, and other places. New York is still unclear.

All in all though this has been a good week for people who do naughty things on their work computers. Remember Sergey Aleynikov, the programmer who stole some high-frequency trading code from Goldman and got sent to jail for 8 years, but he got better? An appellate court released him in February but the opinion was just released today. So stealing high-frequency trading code from Goldman: now not a crime in New York.

Don’t get too excited about that either though. It’s actually kind of a weird opinion: the court says he can’t be guilty of stealing stuff because he didn’t steal any physical stuff, just code, which he took on his own flash drive; it appears that if he’d taken the code on a GS flash drive he’d still be doing eight years. And he can’t be guilty of corporate espionage because Goldman wasn’t selling its high-frequency trading algorithm, which is sort of crazy. The court says that “there is a limitation–that products be “produced for” or “placed in” interstate or foreign commerce–in the statute Aleynikov is charged with violating,” and:

Goldman’s HFT system was neither “produced for” nor “placed in” interstate or foreign commerce. Goldman had no intention of selling its HFT system or licensing it to anyone. It went to great lengths to maintain the secrecy of its system. The enormous profits the system yielded for Goldman depended on no one else having it. Because the HFT system was not designed to enter or pass in commerce, or to make something that does, Aleynikov’s theft of source code relating to that system was not an offense under the EEA.

So I was pretty excited when Aleynikov got released because the court letting him out right after oral argument, before issuing the opinion, is kind of unusual and emphatic and sends a strong message of “you can’t just put people in jail for doing shit like this.” But reading the opinion, it’s not that strong a message. Like, if he’d stolen code that GS sells to customers instead of code that it uses for exploiting customers, or if he’d stolen the exploiting-customers code on a CD he’d taken from the supply closet: eight years!

Anyway I guess the lesson is be careful out there. Another lesson is that you should take seriously all the complaining about how the feds aren’t being tough enough on individuals connected with the financial crisis. The response is always along the lines of “well, if they didn’t commit any crimes, we can’t really put them in jail.” I’ve always found that response pretty compelling though I am clearly in the minority. But if I were an enterprising and unscrupulous prosecutor, I’d be reading the Journal’s series, and the Nosal and Aleynikov opinions, pretty closely for a road map to crack down on unpopular financial types. Maybe you can’t prove beyond a reasonable doubt that Dick Fuld committed a crime by blowing up Lehman – but did he ever check Facebook at work?

Court: Checking Facebook on Your Work Computer Isn’t a Crime [Law Blog]
Court Limits Scope of Corporate Espionage Laws in Goldman Programmer Case [DealBook]

* For instance here is Morgan Stanley’s fairly typical policy:

Generally, you should use Morgan Stanley’s systems and property only for Morgan Stanley business and reasonable personal use. Do not access systems or locations that are not reasonably related to your responsibilities, and report any suspected misuse or theft of our assets. Under no circumstances should you use our systems to send or store unlawful, discriminatory, harassing, defamatory or other inappropriate materials.

Is Dealbreaker a “system or location”? Did you “access” it? Is it “reasonably related to your responsibilities”? Is reading it a “reasonable personal use” of your work computer? I don’t know but as your lawyer I advise you not to think too hard about those questions. Anyway, if you work somewhere with a policy like that maybe you’re okay, but a stricter policy – “no personal use of work email” or whatever, which is on the books but unenforced at a surprising number of places – means jail.

Oh, also: welcome Morgan Stanley readers!

** I mean, he said some boring thing, whatever.

(hidden for your protection)
Show all comments

17 Responses to “Sergey Aleynikov Came Thisclose To Spending The Next Eight Years In Jail”

  1. quant quant says:

    Am I the only one to find this ruling entirely counterintuitive?

  2. TL DR says:

    Stars reading…begins to drift off…scrolls up and sees author's name…now it makes sense. At least have the decency to give us a TL DR at the end for chrissakes. Time to hit the back button and look for a Bess post.

  3. Guest says:

    What if they are using this system for the benefit of their customers? Would a HF which uses a similar strategy to generate returns for their clients be considered to be "selling" their code? Is a GS shareholder different than a HF LP in substance?

  4. The Bobs says:

    More like Sergey we're Alettinimoff, amirite?

  5. Female HFT says:

    What is more painful, reading through Matt's never ending articles or going to prison for it? ;)

  6. Player says:

    Back in Soviet Russia we used to kill for much less than zat!

  7. JamesGorman says:

    Dealbreaker is blocked at Morgan Stanley.

  8. Sick Bastard says:

    I guess I'd feel a little better bout this if i knew he got ass-raped a couple times in the shower..

  9. uGgoV0 Awesome blog post. Want more.

  10. iphone4s says:

    Rattling wonderful info can be found on this web blog.

  11. SEO Cardiff says:

    Hey, thanks for the article post.Really thank you! Awesome.

  12. Thriiee says:

    AFAIC that’s the best ansewr so far!