Wall Street Software Scandal: When Does Open Source Become Proprietary Code

On the surface, it seems like an open and shut case: Financial juggernaut Goldman Sachs accuses its former programming whiz Sergey Aleynikov with trying to steal its super-fast, high-volume trading code. This type of “high-frequency trading code” will, in fact, bring in billions for Wall Street companies, like Goldman Sachs. It’s specialized and important.

The Russian Aleynikov had fled Goldman to join a startup trading company (Teza Technologies) in June and allegedly sent financial trading code to a server based in Germany before he departed Wall Street for Chicago, noted various news reports and court documents. And upon hearing Goldman’s allegations, the FBI swooped in and arrested Aleynikov a day before the Fourth of July. (For more on IT staffers gone bad, see When Rogue IT Staffers Attack: 8 Organizations That Got Burned.)

Case closed, right? Rogue Russian programming genius trying to take down Wall Street computing systems stopped by Goldman Sachs and FBI! News at 10!

Not exactly.

Many, many troubling questions have been raised since the arrest. (Aleynikov is currently out on bail and awaits his day in court.)

Among the myriad concerns over Goldman’s airtight allegations of theft and the possibility of a “substantial” financial loss to Goldman, are these: Aleynikov’s salary jumped from $400,000 at GS to $1.2 million at his new gig at Teza Technologies (seems stupid to do anything to mess that up); while in FBI custody, Aleynikov let agents search his house and waived his rights to self-incrimination, reportedly speaking to FBI agents for four hours (something to hide? hmmmm); and just how much damage could Aleynikov actually do, reportedly transferring less than 32 MB of Goldman proprietary code?

Aleynikov and his public defender maintain that Aleynikov had “inadvertently downloaded a portion of Goldman’s proprietary code while trying to take files of open source software,” as reported in a New York Times article. Aleynikov claims that he has not given the code to his new employers or used it there, and as the Times reports, “the criminal complaint offers no evidence that he has.”

What’s cloudy now is why the open-source code he was supposedly and ultimately interested in—the same open-source code that could be found for free elsewhere—was jumbled together with the Goldman code sent to the German servers.

That, of course, is the crux of the matter: A colossal and accidental mistake, or the makings of a sinister plot in an ultracompetitive industry? (For more on when IT staffers at Morgan Stanley and Wal-Mart went rogue, see How to Monitor Workers’ Use of IT Without Becoming Big Brother.)

But what’s more intriguing to me is this: At what point in the software development process does open-source code become proprietary software of the company from which a programmer is drawing a paycheck? Perhaps that will be spelled out by Goldman as the case unfolds.

In a Times op-ed piece, Michael Osinski, a former computer programmer who infamously helped write the “software bomb” that blew up Wall Street last year, writes that programmers are working on coding pet projects—some large scale—all the time.

Like a would-be novelist piecing together chapters in the Great American Novel, it seems, coders are constantly working through complex processes of building new applications in bite-sized chunks. As Osinski writes, “A piece of software is often one cog in a vast enterprise, relatively useless in and of itself.”

It’s more than likely that Teza Technologies was willing to pay Aleynikov $1.2 million a year because its executives wanted Aleynikov’s ideas about trading software and his well-honed development methodologies, which, as Osinski notes, are more valuable than any stolen Goldman lines of code.

If the reverse is true, and the software genius and Teza were up to no good, then Goldman Sachs will indeed write the ending to this story.

Do you Tweet? Follow me on Twitter @twailgum. Follow everything from CIO.com on Twitter @CIOonline.