We just learned that Goldman Sachs, the venerable investment bank and one of the major movers in the U.S. financial markets, suffered a major security breach, one that teaches just how vulnerable companies are to rapid theft and potential devaluation of their trade secret information.
We know of the breach because the United States just lodged criminal charges against a former Goldman employee, a highly paid ($400K per year) programmer and vice-president for equity strategy tasked with developing one of the firm's most sophisticated trading programs. The facts are startling: the programmer, before he left to work for a Chicago firm, transferred computer code directly from Goldman's server to a London-registered computer server in Germany. Goldman makes it money, in part, using programs like this one to execute trades. This program delivered millions of dollars of value every year to the bank. So sophisticated was the program that the United States alleges in the criminal filings that it could be used to "manipulate markets."
The stolen program thus fits consummately the definition of a trade secret. With its theft disclosed, what are Goldman’s next steps?
An unnamed source reports that the investment bank say it has "secured its systems," http://tinyurl.com/m2gctg, but has the damage been done? We do not know where the actual code is now, or whether Goldman and/or the United States have foreclosed any possible future transfer. In the hands of another bank, with the right implementation, the program could be used to devastating effect. We wonder, too, whether Aleynikov (and his new firm if it employed him for any length of time) will be the subject of a civil lawsuit by Goldman to enjoin any work on similar trading models.
Another major question is how Goldman allowed Aleynikov to purloin a "crown jewel" application in the first place. The detection and response systems may have worked well, as one commentator observes in a New York Times piece, http://tinyurl.com/klnn28, but shouldn't an institution as large as Goldman have had controls to flag the export and data transfer of such commercially sensitive code?
For businesses trying to protect their own confidential business information, the story is a caution and reminder that trade secrets are only as valuable as the reasonable precautions taken to prevent their disclosure. For online data, that means, for example, restricted access, password protection, and it may mean, in addition to regular monitoring, firewall and other protocols to limit data transfer.
-Andrew Flake
Andrew B. Flake is a partner in the Litigation Group at Arnall Golden Gregory LLP (andrew.flake@agg.com). Our firm serves the business needs of growing public and private companies, helping clients turn legal challenges into business opportunities. We don't just tell you if something is possible, we show you how to make it happen. Please visit our website for more information, www.agg.com.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment