Cracking the Code on Protecting Code
Cracking the Code on Protecting Code
May 17, 2010
Goldman Sachs, UBS and Société Générale all have been involved in the last year in high-profile cases involving alleged thefts of computer code used in their algorithmic trading strategies for their clients and their own objectives.
The lesson: Even the biggest and best of breed in high-speed, complex electronic trading need to review the procedures they have in place for securing their source code-as well as other valuable trade secrets.
"The sophisticated technology that's allowed these types of trading strategies to proliferate has also made it much more complicated to keep that type of intellectual property from leaving the four walls of financial institutions," said Kevin McPartland, an analyst at research firm Tabb Group, based in Westborough, Mass.
The departures don't always take sophisticated hacking skills. In the Société Générale case in April, an employee allegedly copied part of the software into a Microsoft Word document last summer, then came in on a Saturday to print out hundreds of pages, prosecutors said. The employee, who was arrested on a charge of trading in sensitive code, was captured on surveillance cameras stuffing the printouts into his backpack.
If he had been less clumsy, could he have gotten away with it? Maybe. It's almost impossible to tell that another company has had a peek at your secrets, unless somebody rats them out.
"Some cases are dealt with privately, quietly and with the public never catching on," McPartland said.
Not all code theft cases are instances of deliberate malfeasance, he notes.
"When you create something in your job-whether a program or a PowerPoint-people tend to feel attached to what they created," he said.
In the case of UBS, three employees walked off with 25,000 lines of "trade secret algorithmic trading programs," according to papers filed by the firm last year, with plans to take them to rival firm Jefferies & Company. FINRA arbitrators ruled against UBS this past February, however, without providing any information about the rationale for their decisions. This is one reason why firms normally prefer to settle the cases privately.
"When companies go to the authorities in these matters, there's a risk that the company can lose control," said Brent Cossrow, an attorney in the employee defection and trade secrets practice group of Fisher & Phillips, a national employment law firm headquartered in Atlanta.
UBS declined to comment for this story, spokesman Doug Morris said.
In the case of Goldman Sachs, which did not respond to requests for comment, a programmer allegedly stole 32 megabytes worth of trade secrets, according to court documents. He was arrested by the FBI last summer as he tried to leave the country, and was indicted in February.
According to the indictment, he stole the code by first encrypting the files, then transferring them via the internet to a server in Germany on his last day on the job. Then he tried to erase the evidence of what he did by deleting the history of his actions on his computer. On previous occasions, he had also emailed files to himself at home, and stored copies of the code on PCs, a flash drive and other storage devices.
