People v. Aleynikov
2018 NY Slip Op 03174 [31 NY3d 383]
New York Court of Appeals
Decided on May 3, 2018
ISSUE:
Whether a source code can be an appropriated object in a larceny under Penal Law §155.00 (4) (a) where the defendant copied the source code, uploaded it to a server and downloaded it to his electronic devices and whether this establishes a tangible reproduction of the source code under Penal Law 165.07 – Unlawful Use of Secret Scientific Material.
HOLDING:
The New York Court of Appeals held that the uploading of a source code to a server made the source code tangible in the sense of “material” or “having physical form” because it took up physical space and was physically present on the physical hard drive. The courts define tangible as being “material” or “having physical form”. The statutory language includes all “mechanically or electronically reproducing or recording” of material. It was held that within Penal Law §155.00 (4)(a) “exercising permanent control over another’s property is sufficient, without more, for appropriations”. The source code was defined as “property” in a crime of larceny when a copy was made and took up physical space on the defendant’s hard drive. By virtue of falling under §155.00 (4)(a) it also falls under §165.07.
FACTS OF THIS CASE:
In May 2007, Goldman Sachs hired Sergay Aleynikov as a computer programmer. He worked on the firm’s high-frequency trading software, which traded securities and performed market data calculations using complex computer algorithms and electronic trading tools. This high-frequency trading system code is valued because of its “connectivity,” which “allows a computer program to speak to various stock exchanges or to have market data about what’s going on in the world.” It also contains business logic, which allows Goldman’s employees to make decisions about trade generation, pricing and when to buy or sell securities. Finally, this code is structured to ensure that the system runs efficiently throughout the trading day.
The defendant was primarily responsible for “the infrastructure components” and “upgrading on of the exchange connectivity components.” The defendant had complete access to the high frequency trading system’s source code, which was contained in the firm’s software library. The defendant and other software developers had the ability to “check out the code… make changes to it and test it logically, merge it with the changes of other individuals, and then have those changes become the production software that runs every day.”
While software developers could make changes to source codes, they were forbidden from removing a copy from the company’s network. Every Goldman employee signed a confidentiality agreement which stated “confidential and proprietary information and materials shall be used only as authorized and only for the purpose intended by Goldman Sachs.” Furthermore, accessing the source code while away from the office was restricted, with the only authorized access to the source code library being “remote log-in access to the employee’s desktop,” which provided an employee “a window onto the employee’s Goldman desktop computer, while all of the files and contents would stay inside of Goldman Sachs.” They were not allowed to email source code to themselves or others.
Prior to resigning from Goldman Sachs in Spring of 2009, the defendant accepted an offer of employment at Teza Technologies, a Chicago-based start-up company. Unlike Goldman, Teza had no equipment, no connectivity and no software for high-frequency trading at the time. They planned to develop high-frequency trading infrastructure and software from scratch and urged their new employees to “execute relentlessly.” The defendant was signed on as the “head of infrastructure” and “the system “architect.”
On the defendant’s last day, June 5, 2009, he uploaded large quantities of Goldman’s high-frequency trading source code via a German based website where remote servers were created for users to transfer code. He used the same username that was chosen for his personal email. The defendant wrote a computer script to compress data from Goldman’s source code library into a file. He then uploaded the source code to the server. The defendant concluded by erasing the file and “back dating the script” so that it appeared to have been created two years ago. Later, he downloaded the source code to his home computer.
On June 2009, the defendant uploaded the high-frequency trading software onto Teza’s web-based source code library. Around the same time, Goldman’s information security department found a series of unauthorized transfers of data from Goldman’s repository. The Goldman investigative team identified the device used as the defendant’s former work computer as well as inspected the record of commands issued by the defendant to the computer, known as the BASH history. The record showed the “data transfer commands related to the June 5 source code transfers” as well as “a command to selectively remove, from the BASH history stored in his own computer, the copying of source code.”
COURT’S ANALYSIS:
The federal case of United States v Bottone, 365 F2d 389, 391 [2d Cir 1966] serves as a relevant comparison. In Bottone, the defendant took home, photocopied and returned instructions for the manufacturing of antibiotics and a steroid from a drug manufacturing company. There was a heavy emphasis on the fact that the defendant did not keep the original documents permanently and so the issue arose: had the documents been “stolen” and “transported” under the National Stolen Property act, 18 USC §2314. This issue can be seen in the same light with Aleynikov. While in Bottone the Second Circuit decided that 18 USC §2314 would apply, the Revised Penal Law of 1967 sought to avoid possible gaps in legislature by attempting to criminalize embezzlement of intellectual property despite its lack of traditional taking. In short, tangible reproductions were protected material.
The State of New York Court of Appeals pointed out that the issue wasn’t with determining whether the source code was tangible or not but whether the defendant created a “tangible reproduction” of the source code. Due to the ambiguity of the meaning of the term “tangible”, the New York Court of Appeals finds “tangible” to mean “material” or “having physical form” and the use of the term in the statute “does not apply to ink and paper any more readily than to source code, and provides no workable criterion.” It is true that the source code itself does not have a physical form. Rather, it is an abstract piece of intellectual property. However, the representation of the source code was material. Any computer file which is stored onto a hard drive or CD is physically present on said hard drive or CD. Since it was stored on the computer’s drive, it took up physical space thus making it physical in nature.
Penal Law § 165.07 was written with the intent to punish a defendant who made a tangible copy of secret scientific material despite the original property being intangible. The statute states, “a person is guilty of Unlawful Use of Secret Scientific Material when, with intent to appropriate to himself or another the use of secret scientific material, and having no right to do so and no reasonable ground to believe that he has such right, he makes a tangible reproduction or representation of such secret scientific material by means of writing, photographing, drawing, mechanically or electronically reproducing or recording such secret scientific material.” The statutory language, on the other hand, is clear that the crime occurs when an individual “makes a tangible reproduction or representation…” In this case, the moment the defendant made a copy of the source code and uploaded it to the German server, the source code was made tangible in that it was now “material” or “having physical form”.
Under Penal Law §155.00 (4)(a) the courts analyze that “exercising permanent control over another’s property is sufficient, without more, for appropriations.” They defined the source code as “property” in a crime of larceny the moment a copy was made and began taking up physical space. Within the statute, appropriation does not imply depriving another of property. The concept of appropriating occurs when “he or she wrongfully takes, obtains or withholds such property from an owner thereof” Penal Law §155.05; accord People v Jennings, 69 NY2d 103, 118 [1986]. In this case, the defendant made an unauthorized copy of the source code and retained said copy with no intention of ever returning it. Therefore, while the defendant did not deprive Goldman Sacks of the source code itself, he “wrongfully” took this property from its owner.