Laws are 20 years behind the IPCI it is Supposed to Protect
Sergey Aleynikov was charged with and convicted of downloading and stealing source code from his employer Goldman Sachs. He was convicted under the National Stolen Property Act and the Economic Espionage Act and sentenced to eight (8) years in prison. It was a very high profile case used by federal prosecutors as an example of the Justice Department’s serious intent to prosecute the theft of intellectual property and trade secrets. Aleynikov admitted to stealing the code but stated that what he had done was not criminal as the code was not used in interstate commerce.
In February, Aleynikov was able to successfully have the decision overturned on appeal. The three appellate judges agreed that Goldman went to great lengths to secure the code and that the profits earned by Goldman through the use of this code only worked if nobody else had it. A clear sign that the judges recognized that the code was real solid Intellectual Property and Critical Information (IPCI).
The DOJ’s argument was trying to convince the judges that the IPCI was a tangible asset, a hard asset. The judges said that the 20 year old Economic Espionage Act was clear in it intent to address the transfer of money and not the theft of source code – IPCI.
Do not misunderstand the judges’ knowledge that Aleynikov was a thief and that he breached his agreement with Goldman Sachs. The judges knew he had stolen the source code from Goldman Sachs. Aleynikov downloaded hundreds of thousands of lines of code and stashed them on a server in Germany, and then tried to erase his tracks at Goldman. Goldman only noticed an anomaly in the volume of data leaving the network and only then began monitoring what was going on.
Goldman did everything right. I have looked at this case from afar and can see no serious errors on their part. Aleynikov was a programmer and had helped write some of this software code and he was entitled to access the code and work with the code. A spike in usage occurred and Goldman began monitoring Aleynikov. Goldman took their own action and got the Feds involved. The Feds did a good job – for the most part, except for their clearly not understanding the different between tangible and intangible property and having outdated laws to work with.
For a little fun – the Economic Espionage Act was passed in 1996. So, what else happened in 1996?
• Apple Computer officially unveils the Newton 2.0 operating system.
• Sun Microsystems ships the Java 1.0 development kit
• Microsoft releases the Windows 95 Service Pack 1 operating system update
• The Fox Broadcasting Company airs The Simpsons TV show in the US
• Palm ships the Palm Pilot handheld computer
• Linus Torvalds releases the Linux kernel version 2.0
• Microsoft releases Microsoft Internet Explorer 3.0
• Apple Computer buys NeXT, Steve Jobs’ software company
The fact is IPCI, its creation, use and deployment, is far, far ahead of the law. OPSEC, or as I prefer to call OPSEC in private industry OP-IPCI, is ever more mission critical for those who use IPCI as part of their tasks to insure exclusive use of their IPCI. Relying on the law, when the law is 10 to 20 years behind the IPCI – well, as you can see in this case with Aleynikov – it simply does not work! Loss prevention is the only reliable way to secure the IPCI assets.