In December 2010, a federal district court jury in New York convicted former Goldman Sachs computer programmer Sergey Aleynikov of stealing a huge portion of the Wall Street bank’s proprietary, high-frequency trading (HFT) software code to aid his new employer. It sentenced him to eight years in prison. Federal prosecutors heralded the verdict as an example of the government’s crackdown on employees who steal valuable company information in digital form.
But on Feb. 16, in an unusual move, a 2nd Circuit three-judge panel reversed the judgment just hours after oral arguments and ordered the defendant released. On April 11, the 2nd Circuit released its full opinion in U.S. v. Aleynikov.
Aleynikov acknowledged that he violated Goldman’s confidentiality policy, but contended he had not committed a crime. In agreeing with that, the 2nd Circuit limited prosecutors’ use of the Economic Espionage Act of 1996 (EEA), which makes it a crime to steal trade secrets, and the National Stolen Property Act (NSPA), which bars the transportation of tangible stolen material property across state lines.
“While there are other ways to protect these types of systems as trade secrets, such as under state uniform trade secrets laws, state or federal unfair competition laws, or through the Copyright Act, the decision is significant to the financial giants on Wall Street because it may destroy their ability to deter these kinds of thefts through criminal prosecution,” says Paige Mills, a member at Bass, Berry & Sims.
Aleynikov stood to increase his salary from $400,000 to $1.2 million by accepting a job offer from Goldman competitor Teza Technologies, which planned to build its own HFT system.
Just before his going-away party at Goldman, Aleynikov encrypted and uploaded to a server in Germany more than 500,000 lines of source code for Goldman’s HFT system. He then downloaded the code to his home computer. Later he took some of the code to a meeting with his new employer. As he returned home, the FBI arrested him at the airport. The FBI searched Teza computers but found no copies of Goldman’s code.
A jury found Aleynikov guilty of violating the EEA and the NSPA. On appeal, both prosecution and defense focused their arguments on whether the two federal criminal statutes applied in the case. The 2nd Circuit ruled that the indictment was insufficient as a matter of law.
The appeals court held the stolen code was not “related to or included in a product that is produced for or placed in interstate or foreign commerce” within the meaning of the EEA because Goldman never intended to sell or license it. The district court had held that the EEA applied because the software ultimately would have been used in a trading system that engaged in interstate or foreign commerce.
The appellate court also held that the code was not a “stolen good” within the meaning of the NSPA, because it was purely intangible property. It cited the 1985 Supreme Court opinion in Dowling v. United States, which held that the NSPA did not apply to an interstate bootleg music operation.
“We decline to stretch or update statutory words of plain and ordinary meaning in order to better accommodate the digital age,” 2nd Circuit Chief Judge Dennis Jacobs wrote in his opinion.
But Joseph Lazzarotti, a partner at Jackson Lewis, says the opinion suggests the theft might have been prosecutable if the code had been stolen in a tangible form, such as a printout or flash drive.
“Like a lot of things, the courts have not caught up with technology,” he says. “They would have protected this on a f lash drive but not when it is downloaded— it’s silly.”
In a concurring opinion, Judge Guido Calabresi said that while he agreed with the court’s analysis, it was hard for him “to conclude that Congress, in this law, actually meant to exempt the kind of behavior in which Aleynikov engaged.” Calabresi said he hoped Congress would clarify what it intended to make criminal activity under the EEA.
While congressional action may be needed to better protect digital IP, the case cautions in-house counsel about the importance of protecting trade secrets from theft in the first place. Best practices include requiring employees to participate in confidential-awareness training and incorporating computer theft statutes by reference in employee confidentiality provisions, Mills says. She also suggests a company enter into nondisclosure and noncompete agreements with consultants or vendors.
Lazzarotti recommends strict oversight and monitoring of a company’s data security apparatus, particularly if it is controlled by one person.
“With so much resting on information technology, to put so much power on one person can be bad,” he says. “Having another party overseeing it on a regular basis would help minimize the risk.” He adds that if an employee with access to critical information is leaving the company, as Aleynikov did, his computer access should be closely monitored.
Brent Cossrow, a partner at Fisher & Phillips, says there are many civil remedies that employers can pursue to obtain monetary and injunctive relief. Civil actions can be brought for conversion, breach of fiduciary duty and nondisclosure agreements and, in some states, violations of uniform trade secrets statutes.
But regardless of whether Goldman pursues civil remedies, Aleynikov did not get off scot-free. He served a year in prison, and, during the course of the prosecution, lost his home, wife and employment.