The government's effort to prosecute corporate espionage was dealt a setback today when a federal appeals court ruled that downloaded code did not qualify as stolen under a federal theft statute.
The 2nd U.S. Circuit Court of Appeals in New York ruled today that former Goldman Sachs programmer Sergey Aleynikov was wrongly charged with theft of property under the National Stolen Property Act, which makes it illegal to steal trade secrets.
Aleynikov, 42, was convicted in December 2010 of downloading code for Goldman Sachs' high-speed computerized trading operations and uploading it to an overseas server before he left the Wall Street investment bank in 2009.
"Because Aleynikov did not 'assume physical control' over anything when he took the source code, and because he did not thereby 'deprive [Goldman] of its use,' Aleynikov did not violate the NSPA," Chief Judge Dennis Jacobs wrote in the three-judge panel's unanimous decision (see below). "We decline to stretch or update statutory words of plain and ordinary meaning in order to better accommodate the digital age."
Aleynikov was sentenced to eight years in prison but was released in February when the judges found that Aleynikov had also been wrongly charged with espionage under the Economic Espionage Act of 1996.
While conceding that the code was "highly valuable," Jacobs said the code was never intended to be sold or licensed.
"The enormous profits the system yielded for Goldman depended on no one else having it," Jacobs ruled. "Because [the high-frequency trading system] was not designed to enter or pass in commerce, or to make something that does, Aleynikov's theft of source code relating to that system was not an offense under the EEA."
The ruling comes a day after an appeals court in San Francisco rejected the government's broad interpretation of a nearly 30-year-old anti-hacking law in trying to prosecute a man for misappropriation of trade secrets. The 9th U.S. Circuit Court of Appeals ruled yesterday that the government's interpretation of the 1984 federal Computer Fraud and Abuse Act could lead to millions of Americans being subjected to prosecution for harmless Web surfing at work.