Discussion:
Possible open source violations by Goldman Sachs?
David Rosenstrauch
2013-08-03 02:37:34 UTC
Permalink
Was just reading the recent article up at Vanity Fair about the arrest,
trial, conviction, and jailing of developer Sergey Aleynikov who was
accused of stealing code from Goldman Sachs.
(http://www.vanityfair.com/business/2013/09/michael-lewis-goldman-sachs-programmer)

I didn't realize it until reading this article, but apparently the case
greatly involves open source code. The article seems to indicate that
Goldman often intermingled their own code with open source (and rarely,
if ever, contributed back their own enhancements). And according to the
article Aleynikov's rationale for making copies of the code in the first
place was so that he could at a later date re-use and/or contribute back
the enhancements he had intermingled with the original open source.

No violation on GS' part so far, of course. But what really caught my
eye is where it mentions that Goldman treated all code - even open
source - as Goldman property, and that at trial Aleynikov's attorney
even help up 2 copies of the same code - one with an open source license
on top, and then an identical copy with a Goldman copyright. If this is
true - and if Goldman did indeed do this habitually - then this could
constitute numerous violations of open source licenses on their part.

The article doesn't specifically say whether any of the code in question
was GPL. But with GPL code being so prevalent these days I'd guess
there's a decent chance that at least some of it was. I'd imagine that
either the article's author, Aleynikov, and/or his attorney might be
open to sharing some additional information with interested parties on this.

Hope this is helpful/useful info to someone.

Best,

DR
TJ
2013-08-03 11:04:52 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Was just reading the recent article up at Vanity Fair about the arrest, trial, conviction, and jailing of developer Sergey Aleynikov who was accused of stealing code from Goldman Sachs.
(http://www.vanityfair.com/business/2013/09/michael-lewis-goldman-sachs-programmer)
I didn't realize it until reading this article, but apparently the case greatly involves open source code...
It would be useful to check the trial transcript.
Solomon Peachy
2013-08-03 11:38:40 UTC
Permalink
attorney even help up 2 copies of the same code - one with an open
source license on top, and then an identical copy with a Goldman
copyright. If this is true - and if Goldman did indeed do this
habitually - then this could constitute numerous violations of open
source licenses on their part.
At the end of the day though, the question is if GS ever distributed (or
"conveyed" or whatever) that internally-modified software to third
parties outside their walls. One of the main points of the article is
that GS was particularly rabid about keeping all of "their" software
pretty close to their chest.

So what GS did is pretty despicable, but highly unlikely to be a GPL
violation.

- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Delray Beach, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum viditur.
luke.leighton
2013-08-04 09:49:37 UTC
Permalink
Post by Solomon Peachy
attorney even help up 2 copies of the same code - one with an open
source license on top, and then an identical copy with a Goldman
copyright. If this is true - and if Goldman did indeed do this
habitually - then this could constitute numerous violations of open
source licenses on their part.
At the end of the day though, the question is if GS ever distributed (or
"conveyed" or whatever) that internally-modified software to third
parties outside their walls. One of the main points of the article is
that GS was particularly rabid about keeping all of "their" software
pretty close to their chest.
So what GS did is pretty despicable, but highly unlikely to be a GPL
violation.
yes. i have been in this situation before (of working in a class 2
military environment). so i researched whether there were any GPL
violations, and i came to the conclusion that there were not.

the logic is as follows:

* in the case where the developer has signed over all rights, what
would normally be "distribution" is NOT distribution, it is "Company
A's Copyright Material" being handed over to "Company A".

* as there is NO DISTRIBUTION, the requirements of the GPL to
distribute source DO NOT APPLY. they DO NOT APPLY because there IS NO
DISTRIBUTION OF THE PROGRAM OCCURRING.

my understanding on this is that it even applies if the individual
concerned *hasn't* signed over all copyright rights (in the employment
or other contract).

my understanding is that there is only one case where the individual
would be able to distribute the source code, and that's if it was
written "outside of company time".... and then handed over *NOT* as
part of the contract.

however... this has nothing to do with Goldman Sachs claiming that the
ENTIRE source code is their copyright. if that actually occurred,
then that's plain theft.

l.
Jeroen Massar
2013-08-03 17:32:35 UTC
Permalink
On 2013-08-03 04:37, David Rosenstrauch wrote:
[..]
Post by David Rosenstrauch
The article doesn't specifically say whether any of the code in question
was GPL. But with GPL code being so prevalent these days I'd guess
there's a decent chance that at least some of it was.
Even if the original code is GPL licensed, as long as they used it
inside their own organization (and GS is a real registered one unlike
some of the flamewars on this list ;) there is no requirement for them
to release it outside of their organization unless they give it to third
parties, they could contribute back, but they are not required to.

It is one of the few freedoms the GPL gives you.

And most other open source licenses want you to use it and typically do
not have a 'must contribute back' clause.

Greets,
Jeroen
Joseph Heenan
2013-08-04 16:40:20 UTC
Permalink
Post by Jeroen Massar
[..]
Post by David Rosenstrauch
The article doesn't specifically say whether any of the code in question
was GPL. But with GPL code being so prevalent these days I'd guess
there's a decent chance that at least some of it was.
Even if the original code is GPL licensed, as long as they used it
inside their own organization (and GS is a real registered one unlike
some of the flamewars on this list ;)
I wonder if you could have a pretty good argument that there may well be
"distribution" going on given the huge number of different companies
that make up GS:
http://opencorporates.com/viz/financial/index.html#goldman//1272

I would speculate that some of these companies are not part of the same
organisation as far as the FSF consider organisations, due to the
complications of the way they exist on paper to fit within various
taxation rules.

Still, albeit probably not violating the GPL, removing the original
copyright statements does feel very wrong, but I have no idea what law
if any it violates.

Joseph
Ian Stirling
2013-08-04 17:25:54 UTC
Permalink
Post by Joseph Heenan
Still, albeit probably not violating the GPL, removing the original
copyright statements does feel very wrong, but I have no idea what law
if any it violates.
Joseph
As I understand it - it means your code isn't licensed. (GPLV2)

'4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt otherwise
to copy, modify, sublicense or distribute the Program is void, and will
automatically terminate your rights under this License.'

'0. This License applies to any program or other work which contains a
notice placed by the copyright holder saying it may be distributed under
the terms of this General Public License'

If you modify it, and remove the copyright - you have no licence to the
subsequent code - even if you don't distribute it, making the
distribution clause irrelevant.
luke.leighton
2013-08-05 16:16:03 UTC
Permalink
Post by Ian Stirling
Post by Joseph Heenan
Still, albeit probably not violating the GPL, removing the original
copyright statements does feel very wrong, but I have no idea what law
if any it violates.
Joseph
As I understand it - it means your code isn't licensed. (GPLV2)
'4. You may not copy, modify, sublicense, or distribute the Program except
as expressly provided under this License. Any attempt otherwise to copy,
modify, sublicense or distribute the Program is void, and will automatically
terminate your rights under this License.'
'0. This License applies to any program or other work which contains a
notice placed by the copyright holder saying it may be distributed under the
terms of this General Public License'
If you modify it, and remove the copyright - you have no licence to the
subsequent code - even if you don't distribute it, making the distribution
clause irrelevant.
now why the fuck didn't his defense lawyer spot that at the time, and
have the case thrown out, on the basis that goldman sachs were
criminally infringing copyright??

they even *said* in court that the two identical pieces of code were
held up, side-by-side, one criminally-infringing of copyright by
having the original authors copyright removed, and the original
showing the correct authors.

l.
David Rosenstrauch
2013-08-05 18:46:02 UTC
Permalink
Post by luke.leighton
Post by Ian Stirling
Post by Joseph Heenan
Still, albeit probably not violating the GPL, removing the original
copyright statements does feel very wrong, but I have no idea what law
if any it violates.
Joseph
As I understand it - it means your code isn't licensed. (GPLV2)
'4. You may not copy, modify, sublicense, or distribute the Program except
as expressly provided under this License. Any attempt otherwise to copy,
modify, sublicense or distribute the Program is void, and will automatically
terminate your rights under this License.'
'0. This License applies to any program or other work which contains a
notice placed by the copyright holder saying it may be distributed under the
terms of this General Public License'
If you modify it, and remove the copyright - you have no licence to the
subsequent code - even if you don't distribute it, making the distribution
clause irrelevant.
now why the fuck didn't his defense lawyer spot that at the time, and
have the case thrown out, on the basis that goldman sachs were
criminally infringing copyright??
they even *said* in court that the two identical pieces of code were
held up, side-by-side, one criminally-infringing of copyright by
having the original authors copyright removed, and the original
showing the correct authors.
On possible reason: the code might not have been GPL. (It's not clear
from the article what library it was or what license it had.)

But it's also possible that his attorney didn't totally understand open
source licenses and their implications. (Or didn't think that the judge
or jury would.)

DR
Arnt Karlsen
2013-08-06 08:34:54 UTC
Permalink
On Mon, 05 Aug 2013 14:46:02 -0400, David wrote in message
Post by David Rosenstrauch
On Sun, Aug 4, 2013 at 6:25 PM, Ian Stirling
Post by Ian Stirling
Post by Joseph Heenan
Still, albeit probably not violating the GPL, removing the
original copyright statements does feel very wrong, but I have no
idea what law if any it violates.
Joseph
As I understand it - it means your code isn't licensed. (GPLV2)
'4. You may not copy, modify, sublicense, or distribute the
Program except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense or distribute the
Program is void, and will automatically terminate your rights
under this License.'
'0. This License applies to any program or other work which
contains a notice placed by the copyright holder saying it may be
distributed under the terms of this General Public License'
If you modify it, and remove the copyright - you have no licence
to the subsequent code - even if you don't distribute it, making
the distribution clause irrelevant.
now why the fuck didn't his defense lawyer spot that at the time,
and have the case thrown out, on the basis that goldman sachs were
criminally infringing copyright??
they even *said* in court that the two identical pieces of code
were held up, side-by-side, one criminally-infringing of copyright
by having the original authors copyright removed, and the original
showing the correct authors.
On possible reason: the code might not have been GPL. (It's not
clear from the article what library it was or what license it had.)
But it's also possible that his attorney didn't totally understand
open source licenses and their implications. (Or didn't think that
the judge or jury would.)
DR
..either way, he didn't do his job. Make him a co-defendant
next time? ;o)
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Rafal Malujda Law Office
2013-08-08 21:10:59 UTC
Permalink
Post by David Rosenstrauch
Post by luke.leighton
Post by Ian Stirling
Post by Joseph Heenan
Still, albeit probably not violating the GPL, removing the original
copyright statements does feel very wrong, but I have no idea what law
if any it violates.
Joseph
As I understand it - it means your code isn't licensed. (GPLV2)
'4. You may not copy, modify, sublicense, or distribute the Program except
as expressly provided under this License. Any attempt otherwise to copy,
modify, sublicense or distribute the Program is void, and will automatically
terminate your rights under this License.'
'0. This License applies to any program or other work which contains a
notice placed by the copyright holder saying it may be distributed under the
terms of this General Public License'
If you modify it, and remove the copyright - you have no licence to the
subsequent code - even if you don't distribute it, making the distribution
clause irrelevant.
now why the fuck didn't his defense lawyer spot that at the time, and
have the case thrown out, on the basis that goldman sachs were
criminally infringing copyright??
they even *said* in court that the two identical pieces of code were
held up, side-by-side, one criminally-infringing of copyright by
having the original authors copyright removed, and the original
showing the correct authors.
On possible reason: the code might not have been GPL. (It's not
clear from the article what library it was or what license it had.)
But it's also possible that his attorney didn't totally understand
open source licenses and their implications. (Or didn't think that
the judge or jury would.)
DR
what do you think about this one? (2009!):
http://news.techworld.com/sme/3200867/did-goldman-sachs-developer-steal-open-source-software/
Bruce Perens
2013-08-12 21:23:29 UTC
Permalink
Post by luke.leighton
have the case thrown out, on the basis that goldman sachs were
criminally infringing copyright?? they even *said* in court that the
two identical pieces of code were held up, side-by-side, one
criminally-infringing of copyright by having the original authors
copyright removed, and the original showing the correct authors.
The only reason I can think of is that it was not relevant to the case.
It sounds like the case was about misappropriation of Godlman's
copyrighted work, which might have been Aleynikov's work-for-hire. If he
took work that he had done for Goldman - or that someone else had -
outside of the company, potentially to distribute to the Free Software
community without Goldman's permission, that's actionable. If Goldman
was not exercising its due diligence regarding GPL compliance, this may
have incented Aleynikov to take the code outside and to attempt to
rectify the GPL violation on his own. But he didn't have the right to do
that. Only a properly-authorized officer of Goldman or the court would
have the right to do that.

We can't rectify GPL violations by stealing the offender's code, even if
our license potentially gives us rights over that code. We have to use
the courts to remedy the infringement, or convince the proper corporate
officer to do so without the courts.

Thanks

Bruce
luke.leighton
2013-08-05 22:01:56 UTC
Permalink
http://www.vanityfair.com/business/2013/09/michael-lewis-goldman-sachs-programmer

i read this in full. what struck me was how peaceful sergey has
become after his experiences in prison. although he attained all the
"normal" trappings associated with high-earning positions, he wasn't
*actually* that interested in them as such, and was likely quite
grateful for their enforced removal.

so my concern is this: to appeal to sergey and his former defense
lawyer, the normal "outrage" route that we as readers might be feeling
should be appropriate in approaching him for help would be unlikely to
be successful. he hasn't got "vengeance" on his mind as he's simply
not that kind of person.

what *might* appeal to him is the defense of the GPL in general,
namely that now that it has come to light (why in god's name nobody
spotted this earlier i don't know [*1]) that the removal of copyright
notices by goldman sachs are themselves GPL violations, it would be
dangerous for the *entire* free software world not to pursue criminal
infringment against goldman sachs, because this would give strength to
anyone - including goldman sachs - when pursuing estoppel defense
strategies (i believe it's "estoppel by laches" i.e. beyond a certain
time limit it's reasonable to "assume forgiveness" for breach of
contract... or in this case license - in germany you have i believe
it's only *30 days* to file a lawsuit, from the day of discovery of
breach of a license!)

as this is quite subtle, does anyone have any suggestions as to what
to do, here? my idea would be to contact the SFLC, see if they have
time to take this up.

l.

[*1] http://lists.gpl-violations.org/pipermail/legal/2013-August/004113.html
[*2] http://legal-dictionary.thefreedictionary.com/estoppel
Bradley M. Kuhn
2013-08-18 02:52:34 UTC
Permalink
it would be dangerous for the *entire* free software world not to
pursue criminal infringment against goldman sachs, because this would
give strength to anyone - including goldman sachs - when pursuing
estoppel defense strategies
I don't see your logic here. Generally speaking, latches doesn't come
up in issues copyright infringement, except with regard to seeking a
preliminary injunction to stop distribution. Admittedly, IANAL and
TINLA.
my idea would be to contact the SFLC, see if they have time to take
this up.
IIUC, SFLC doesn't do GPL enforcement anymore. At the very least, I
can tell you definitively that Conservancy is the center for
GPL enforcement for BusyBox, Linux, Samba, and a few other projects, and
SFLC doesn't represent Conservancy anymore.

Anyway, removal of copyright notices is nowhere near as horrible a GPL
violation as GPLv2§3 / GPLv3§6 violations, of which there are hundreds
of to be handled. We should focus on those.
--
-- bkuhn
Armijn Hemel
2013-08-18 09:03:58 UTC
Permalink
Post by Bradley M. Kuhn
At the very least, I
can tell you definitively that Conservancy is the center for
GPL enforcement for [...] Linux, [...]
+ "in the US" ;-)

armijn
--
------------------------------------------------------------------------
***@gpl-violations.org || http://www.gpl-violations.org/
------------------------------------------------------------------------
Bradley M. Kuhn
2013-08-18 17:19:40 UTC
Permalink
Post by Armijn Hemel
At the very least, I can tell you definitively that Conservancy is
the center for GPL enforcement for [...] Linux, [...]
+ "in the US" ;-)
Actually, Conservancy does enforcement around the world, too.

Anyway, I didn't intend to leave you out, Armijn, I had just noted that
you retired last year:
http://gpl-violations.org/news/20120805-armijn_retires.html :)

Also, Harald's mentioned to me a few times that he just doesn't have
time now to be active in enforcement anymore. I wish he were, of
course, as GPL-violations.org has had a lot of great success and I'd
love to see more. There are certainly plenty of violations to go
around.
--
-- bkuhn
luke.leighton
2013-08-05 16:17:40 UTC
Permalink
Post by Ian Stirling
Post by Joseph Heenan
Still, albeit probably not violating the GPL, removing the original
copyright statements does feel very wrong, but I have no idea what law
if any it violates.
Joseph
As I understand it - it means your code isn't licensed. (GPLV2)
question: how can more details be learned about what code has been
criminally infringed, and how can a case be brought against goldman
sachs for criminal copyright infringment and violation of the GPL?

l.
Loading...