The legal jujitsu of Goldman Sachs

By Felix Salmon
August 2, 2013

Vanity Fair has timed the publication of its latest 11,000-word Michael Lewis opus perfectly to coincide with Fabrice Tourre being found liable on six counts of misleading investors while he worked at Goldman Sachs. Lewis also profiles a former Goldman employee charged with serious misdeeds; in his case, it’s Sergei Aleynikov. And in both cases — Aleynikov and Tourre — the government ended up in a position of overstretch.

The big difference between the two cases is that while Tourre was defended by Goldman Sachs, Aleynikov was prosecuted by them: Lewis leaves the reader in no doubt that the decision to prosecute, along with all the supporting arguments, while nominally taken by the FBI, was essentially made by Goldman Sachs itself. The irony is painful: the government, acting against Goldman Sachs, could only manage a civil prosecution. But Goldman Sachs, acting through the government, managed to secure itself a highly-dubious criminal prosecution, complete with an eight-year prison sentence.

Lewis doesn’t delve too deeply into the jurisprudence here. But it’s obvious that the case would never have been brought without Goldman’s aggressive attempt to cause as much personal destruction as possible to Aleynikov — and it’s also obvious that Aleynikov neither meant nor caused any harm to Goldman whatsoever.

Goldman has consistently attempted to paint Aleynikov as a stealer of valuable secrets — but if anything in Goldman’s high-frequency trading code was valuable, it was Goldman’s trading strategies, and Aleynikov had zero interest in those. What’s more, he wasn’t interested in the code itself, a big buggy mess which he was happy to leave behind: his new job was to build an entirely new system from scratch, in a completely different computer language to that used at Goldman. All that Aleynikov did, in substance, was to email to himself a bunch of files which included open-source code he had managed to find, over the years, online. He thought it might come in handy, one day, but it never really did: most of the files, when they were seized, were unopened.

The story of Aleynikov’s prosecution is a depressing one — one of the experts Lewis assembled to judge the coder’s claims was literally nauseated by the bank’s actions. The story is pretty simple: there are smart HFT shops, and then there’s Goldman Sachs. The smart shops execute their strategies using lightweight, open-source, flexible code. Goldman, by contrast, considers its enormous, clunky, proprietary codebase to be a source of competitive advantage — it has to, in order to justify the bonuses it gives to the people in charge of that codebase. Goldman knew that Aleynikov was its best programmer, but it never really grokked why he was good: he was an expert at replacing clunky Goldman code with much simpler and more elegant open-source solutions.

So while Aleynikov thought he was streamlining Goldman’s technology, Aleynikov’s bosses got million-dollar bonuses by claiming that he was adding to a proprietary codebase in which they placed enormous value. And when Aleynikov thought that he was simply emailing his own notes to himself, Goldman decided that he was stealing proprietary information of enormous value — and that, since it was enormously valuable, of course Aleynikov intended to use that code against Goldman in his new job.

Or, maybe that’s the charitable explanation, and the real explanation is just that Goldman lost their star programmer, and reacted with violent petulance.

In any case, I’m increasingly coming to the conclusion that America’s system of jurisprudence simply isn’t up to the task of holding banks and bankers accountable for their actions. The only people who ever get prosecuted are small fry and insider traders, rather than the people who really caused the biggest damage. And the lesson of Sergei Aleynikov is that if and when the laws get beefed up, the banks will simply end up taking advantage of those laws for their own vindictive purposes, rather than becoming victims of them. Given the ease with which Goldman got the FBI to do its bidding, one has to assume that, most of the time, the government will be working on the same side as the big banks, rather than working against them. Do we really want to give those banks ever more powerful weapons?


We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see

Eh, my reading of the piece was that he did in fact walk away with proprietary code. But that code consisted mainly of minor modifications to open-source software.

It’s a sad fact of working most places that unless you go through the proper channels that is in fact the property of your employer, however silly (or ultimately irrelevant before the law) that is.

Both you and Lewis seem to think it’s important he didn’t open the files. It isn’t. If I stole a bunch of modified utility code from my employer I wouldn’t expect to open it until I needed it, and I wouldn’t expect to need it for a while. It doesn’t speak too much to its importance, and it doesn’t speak to whether it was stolen.

Posted by absinthe | Report as abusive

“America’s system of jurisprudence simply isn’t up to the task of holding banks and bankers accountable for their actions.” How good a job does America’s system of jurisprudence do in holding people in general accountable for their actions? You can find plenty of miscarriages of justice outside the financial realm—-bad laws and bad decisions by prosecutors, judges, juries. There’s nothing special about banking.

Posted by Philonous | Report as abusive

I haven’t read Lewis’ piece, but, depending on the license, “minor modifications to open-source software” is by definition “open-source software” and thus not legally proprietary. In fact, GS may have had a legal obligation to publish their modifications.

Posted by wgh | Report as abusive

Not having read the story yet (it looks promising, but…), there’s a bigger lesson here that nobody should come away without understanding:

All work that you do on your employer’s nickel is theirs. No matter how trivial it may seem, any organizations of public data are more than just “public data” — otherwise, why would you have spent time to organize it and why spend time (and company resources) to send it on for possible use again?

This may be a shocking over-reach on Goldman’s part, harmful to their ability to get savvy people to work for them in the future, and deeply unfair to somebody whose judgements and actions weren’t actually far from right — again, it’d be above my pay grade even if I had the full facts.

But others who find themselves in similar circumstances should be forewarned: you don’t have a leg to stand on if your employer can show that you took company resources that might be used competitively against them. If things go wrong, they can go badly wrong.

Posted by WaltFrench | Report as abusive

Felix, this is a great post. And it suggests the real reason, beyond worry about systemic financial risks, that the biggest i-banks have to be broken up: the risk that this concentration of wealth and power presents to the political system.

Posted by EconWatcher | Report as abusive

absinthe – everything you say is, sadly, true. But I think the best example is one that Lewis quoted in his piece wherein a programmer analogises what Aleynikov did to what every single one of us do when we’re at a job, taking our own notes and jotting it down into a spiral notebook:
“If Person A steals a bike from Person B, then Person A is riding a bike to school, and Person B is walking. A is better off at the expense of B. That is clear-cut and most people’s view of theft. In Serge’s case, think of being at a company for three years and you carry a spiral notebook and write everything down. Everything about your meetings, your ideas, products, sales, client meetings—it’s all written down in that notebook. You leave for your new job and take the notebook with you (as most people do). The contents of your notebook relate to your history at the prior company, but have very little relevance to your new job. You may never look at it again. Maybe there are some ideas or templates or thoughts you can draw on. But that notebook is related to your prior job, and you will start a new notebook at your new job which will make the old one irrelevant. . . . For programmers their code is their spiral notebook. [It enables them] to remember what they worked on—but it has very little relevance to what they will build next. . . . He took a spiral notebook that had very little relevance outside of Goldman Sachs.”

Posted by GregHao | Report as abusive


A common misunderstanding about open source programming code is that because it is “free” it is completely without restriction. In fact, most “known” open source libraries are released under a license (e.g. GNU, BSD, Apache, etc) that designates the terms of usage including whether there are obligations to contribute improvements back into the common code base. So even if a license grants free and unlimited use for commercial purposes, it certainly does NOT grant the user permission to remove the license terms altogether from the code.

Lewis’ piece strongly implies a) that Goldman had little interest in contributing improvements to open source libraries even when a license dictated that as a rule of the road and b) much more damning that they removed the license from the code and slapped their own ownership language on the code. You simply can’t assert that just because code resides on your server.

By removing the original license terms and intermingling in-house code with open source libraries, Goldman was able to spin the govt a tale of theft where there was mostly shoddy housekeeping due to Goldman’s insistence on ignoring the open source rules of the road.

Interestingly, in a bit of corporate window dressing, Goldman does have a GitHub account ( ctions) no doubt to boost it’s geek cred albeit with a FAQ that reads a bit rich in light of Lewis’ account.


Posted by BrianTimoney | Report as abusive

Absinthe and WaltFrench, you are correct that whatever you do for the company while they are paying you is their property, and you shouldn’t take code, but that is a civil matter, not a criminal one. There have been many cases in the past where former employees brought some of their work to their new jobs, but they were sued, not prosecuted.

Also, GS is guilty of violating open source licenses, but not giving their mods back. That is a key part of almost every open source licensing agreement. And, as we have noticed over the last few years, the government has prosecuted individuals who have violated agreements that were entered into over the internet – if you do not adhere to the licensing terms for open source, which you entered into by using a computer, you are just as guilty of violating the Computer Fraud and Abuse Act, which has been used to prosecute and convict people whose crime has been to break user agreements, not laws.

Posted by KenG_CA | Report as abusive

This is a horrible case, which I hadn’t heard about before. What I suppose most people don’t understand is that that source code from one place is generally going to be of very little use to anyone at another company. As mentioned in the article, the value would be in stealing algorithms, historical data, etc. It sounds like the code talked about here is very different.

But the main issue here is that companies like this encourage and even demand people work all hours, at the office and from home. Results results results. Sure, use open source if it works, sure ignore those open source licenses, yeah, take bits home and work on them – and then suddenly when they want to, use the very working practices they encouraged to prosecute you! Makes me sick.

Posted by TotesEmosh | Report as abusive

Ken, under most licenses GS wouldn’t have to give mods back to the community. See section 2 of the GPL, “You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force.” Goldman ain’t handing out their code on street corners.

Posted by dfinberg | Report as abusive

Also, GS is guilty of financial frauds, to the tune of trillions of dollars. But IIRC, nobody has done any time.

Let me repeat – *nobody* has done *any* time.

Posted by Barry_D | Report as abusive

I am surprised that you still think otherwise–they help make the laws that supposedly govern them.

Posted by frdp | Report as abusive

What Ken and Barry said. And thanks for saying this, Felix. If the DOJ cannot resist the banks and instead treat them like clients, then there is literally no hope of oversight. It’s as if Elliot Ness spent his time helping the liquor smugglers fix their traffic tickets.

Posted by Dollared | Report as abusive

Well, the code is the property of the employer so taking it is wrong. The eight year sentence is monstrous, however, given the nature and extent of what it was that was taken.

Criminal penalties may be sought where removal of intellectual property was found to be unlawful but the standard of proof required of the prosecution is much higher than in civil cases.
Civil remedies are sought in cases of negligence, etc.

Posted by TehZeppo | Report as abusive

A disingenuous display of hypocrisy by an author who has no problem with financiers complicit in drug-running and homicide getting a free pass on any sort of sanction or prosecution, as demonstrated in the credibility-destroying post here - 12/12/13/why-the-us-didnt-prosecute-hsbc  /

The comment stream to the cited post is perhaps the best-ever on any Reuters blog, something those who still retain any admiration for the author would do well to study.

Posted by MrRFox | Report as abusive

Everything is very open with a really clear clarification of the issues. It was truly informative. Your website is very helpful. Many thanks for sharing!