Hold on to Your Code

By Laura Spadanuta

01 August 2012

Print Issue: August 2012

A RECENT U.S. Appeals Court ruling may have turned the world of corporate espionage on its head. At the very least, it may be much more difficult to prove that internal software theft is a crime.

The case involves Sergey Aleynikov, who downloaded thousands of files before leaving employer Goldman Sachs for a new job in 2009. Among those files was source code for Goldman Sachs’ high frequency trading system, a highly valued proprietary internal system.

Aleynikov’s action was reported to the FBI, and he was convicted of stealing trade secrets. But the U.S. Court of Appeals for the Second Circuit overturned the conviction, ruling that Aleynikov’s acts did not technically violate the laws under which he had been charged. Aleynikov did not violate the 1996 Economic Espionage Act (EEA) by his actions, because the code was used for an internal system, rather than placed in or produced for interstate commerce, the court said.

R. Mark Halligan, partner at Nixon Peabody, is among the legal experts who were surprised by the court’s decision in this case. Halligan points out that when the EEA was drafted, it was indeed meant to cover situations like this. “Clearly the Congress intended to criminalize what occurred in that case,” he says.

The EEA’s definition of trade secret is extremely broad, and it’s obvious that a highly guarded trade secret was stolen in this case, says Halligan. He says that he agrees, with the district court’s analysis, which points out that the stolen code does affect interstate commerce, though it is for an internal system.

Halligan says that “the potential harm to the victim and the consequences [were] as severe [as] or more severe than what you might see in some company where the trade secret relates to a product placed in commerce.” However, he adds that the appeals court’s “analysis is based on the literal language in the EEA.” Halligan admits that the secrets stolen by Aleynikov do not satisfy the interstate commerce requirement in a literal sense. Halligan says the appeals court’s reading of the law is very persuasive and reveals a flaw in the law.

The ruling will have an impact. Halligan says the gist of the ruling is that if someone steals a trade secret consisting of software used only internally, it’s not actionable outside of civil action or state criminal law unless the law is modified to close the loophole.

The prosecutors also tried to get the stolen code recognized as stolen property under the National Stolen Property Act (NSPA). The court found that it did not meet the definition under that law because the code was not a tangible item. Halligan is not surprised by that; he says that NSPA’s lack of acknowledgement for intangible property is part of the reason the EEA was passed. He adds that perhaps the best way to resolve this issue is to have Congress revisit the EEA and clarify that a situation like this would be covered.

Bart Perkins, managing partner at Leverage Partners, Inc., says this decision is important to companies and that they should be aware of it.

One step that IT departments can take to ensure that a very limited number of people can access all of the code in any program. Management should also educate various departments of the company about this new court decision—from executives and the IT department all the way through to legal and human resources personnel, who will have to draft employment contracts. Perkins says that it is also important for public relations departments to be made aware of it, because if the company sues a former employee for such theft, public relations personnel will have to know how to handle the story.