Menu Home

Thievery considered harmful

A bit of a tempest in finance news involving accusations of sensitive code stolen from a major trading desk. For emerging details see:

For me this triggers some strong (and sad) personal memories.

No matter what inappropriate “Robin Hood” intellectual property fantasies you have this (if true) is just wrong. I have never been a huge fan of the ACM Code of Ethics (which does cover this situation, but fails to seriously address much beyond having responsibilities to your employer) but this sort of incident reminds me why computer science needs some approximation of a shared set of ethics that we can try to refer to.

A particularly sad part of the story that attracted my attention was the reliance on “bash history” to try and establish what happened. Attempting to “prove” something using a “bash history” is something I have painful experience with. The “bash history” system is incredibly inadequate even for what it was designed for (caching recent commands). Simply having two shells open can cause non-deterministic overwriting, deletion, clobbering and time disorderings in the history file. Furthermore bash history has no dates, times, directories or any other contextual hints written into it. Finally bash history has no hashes, signatures, nonces, sequence numbers or any other device that helps establish authenticity.

Now for my story. We (by chance) caught somebody walking off with our group’s entire source tree. In the end all we had to go on was the bash history. To hostile eyes bash history is nowhere near what you would call “forensic grade evidence.” Unfortunately for us the theft was intramural, the thief was merely taking the code to another group in the same company to later mine and represent as their own work. At this point even language worked against us- every time we accidentally said something like “our code” (as in the code we produced, not the code we own) we were perceived as being anti-company. Evil prevailed (the thief was promoted) and I looked stupid for working so hard to try to interpret such low-quality evidence. But we live in an objective world- just because you can’t prove something doesn’t mean there isn’t some buried ugly truth.

So what was stolen? Not the code, that moved from one pocket of the corporation that owned it to another pocket of the same corporation. What was stolen was reputation. The thief presumably appeared to out-produce both his old colleagues and his new ones (who don’t have a few absconded person-years of development to draw from). So an apology to anyone who was asked why they could not code as fast as our escaped “genius,” it was certainly not our intent to so equip him. And a larger apology to the rest of the team, sorry we could not prove the misappropriation of your work.

Of course Shakespeare said it much better (from Othello):

Good name in man and woman, dear my lord,
Is the immediate jewel of their souls:
Who steals my purse steals trash; ’t is something, nothing;
’T was mine, ’t is his, and has been slave to thousands;
But he that filches from me my good name
Robs me of that which not enriches him
And makes me poor indeed.

Categories: Opinion

Tagged as:


Data Scientist and trainer at Win Vector LLC. One of the authors of Practical Data Science with R.

1 reply

  1. Great one. Thanks. I now have a better thievery story to tell you. I will wait until we meet.

%d bloggers like this: