Monday, April 16, 2012

Sergey Aleynikov, and spam the trackers.

Back in July 2009 Sergey got Crabgrass attention, here, when things were becoming distressful for him because Goldman Sachs wanted him pilloried.

 He had crossed the mighty GS and they wanted their pound of flesh. They accused him of stealing proprietary high-speed trading software on his way out at Goldman from a comfortable six-figure salary [but in New York City] headed for an even more comfortable six-figure salary at a startup high-speed trading operation in Chicago, where he knew start-up people. In the course of things one affidavit against Sergey stated that one possessing the proprietary software and knowing how to use it, "could manipulate the market." So what, really, had Goldman, knowing how to use the software, developed the software for? That is a collateral question aside from the main thread of the story. Interestingly, it never got asked in judicial proceedings or in mainstream press coverage (although affidavit reporting did appear in a place or two online excerpting that part of the affidavit, and letting it speak for itself without further ado).

Anyway, Sergey is off the hook, according to the Second Circuit. You can do your own web search under Sergey's name, he has a Wikipedia page, and TechCrunch has good reporting on how the court panel held that the criminalizing parts of two acts did not apply to what Sergey had done, the TC report stating in part:

Contrary to some previous coverage, the court’s decision is focused not on whether software code is property capable of being stolen, but instead, on the specific scope of the NSPA and the EEA as enacted by Congress. The impact is smaller than it might have first appeared.

In fact, the decision is based on a careful consideration of prior legal precedent, the precise language of each law, relevant legislative history, and the well-reasoned principle that courts should favor narrow interpretations of criminal laws that are ambiguous.

But the decision is nonetheless a setback for businesses hoping to protect intellectual property trade secrets. Since the court concluded that the NSPA does not apply to “intangible” intellectual property, insiders may now have less to fear by stealing proprietary software. This reality will not be lost on unscrupulous employees: although Aleynikov clearly stole valuable proprietary software from Goldman, he was able to escape conviction by uploading the information to a remote server (rather than downloading and storing the code on a physical device, such as a flash drive).

Moreover, as proprietary software is increasingly integrated into business methods, the incentives and opportunities for theft will grow. The impact could be especially large for technology companies that develop and market software as their primary product. In particular, software-based trade secrets that are not actually designed for licensing or sale in the open market (like Goldman’s HFT system) will be especially vulnerable. Companies concerned about intellectual property trade secrets should therefore begin monitoring HTTPS transfers on their servers, paying special attention to any instances of large amounts of data leaving their network.

The court recognizes this negative impact. As argued by Justice Calabresi, who concurred in the opinion (although somewhat reluctantly it seems), courts should consider the actual “mischief” that a law is designed to address when interpreting its context and meaning. As Calabresi acknowledges, “[I]t is hard for me to conclude that Congress, in this law, actually meant to exempt the kind of behavior in which Aleynikov engaged…I wish to express the hope that Congress will return to the issue and state, in appropriate language, what I believe they meant to make criminal in the EEA.”

They wrote it in Congress as they did and this panel of judges, in a criminal prosecution setting, refused to stretch analysis to what Congress might have or should have intended and written. While interpreting the intent of the legislature is a guiding principle for the courts, they do not substitute wholly new reach beyond what a statute clearly says, when it is so clear to not be "ambiguous" (with lawyers trained and experienced to find real or imagined ambiguity favoring a client's position). If interested in reading more, follow the links within the items Crabgrass links to, and do a web search.

Spam the trackers.

There are products such as Ghostery, and Do Not Track Plus, which can be added cost free to a browser, to lessen tracking of user web searches and other traffic. The add-ons are more flexible for Mozilla Firefox than for Google Chrome, probably because Google's entire business plan is to sell user information for targeted advertisement, and collect revenue on a pay per click basis from advertisers who have targeted content clicked by targeted web users.

Web tracking has drawn FTC and Congressional attention as something presently unregulated which might benefit by explicit limiting rules. If you web-search Ghostery you will find it a product sponsored and offered by an advertising trade association in hopes of convincingly showing self-regulation is possible in ways that, if Congress acts at all, Congress will legislate flexible law allowing for a possibility of honest and meaningful self-regulation to function in place of iron rules. (That a self-regulating approach worked as it did during the financial services industry doing its self-policing of housing derivatives where AIG was allowed to write a profitable multi-billion dollar portfolio of hedging products without any required pool of cash to back up the stuff if the market made paying off on the products necessary, stands as evidence of the ultimate wisdom of self-regulating approaches; but tradesmen will always argue "our group, our trade, is different.")

Anyway, there is one product available across browsers, from researchers at NYU, that obfuscates tracking efforts by allowing a user to install the product in a full range of browsers, with it then generating random searches sent to the search engines, which become incorporated into your user profile, so that the profiling targets something random besides your own actual search history - i.e., your history plus noise upon that signal, a working approach so long as the tracking firms do not have good signal extraction software - the likely case unless and until such an add-on becomes popular enough to make a market-impact difference.

TrackMeNot is the product, it even allows a tool-bar display showing the different various noise searches it propogates, and it has configuration options for flexiblity. Links: chrome webstore, Firefox addons, plus here, here, here, here, here, here, and here. Do a web search for more if you wish.

Now, were I a skilled programmer with a mean streak, which I am not, I might decide to produce a similar product, except with tracking itself, and if the individual tracked appeared to be, say a Michele Bachmann supporter, I might then use non-random search noise, and use your imagination on how that could play out. So, trust going without TrackMeNot and being profiled - indeed some want profiling, so as to reenforce biases via creating a search bubble rather than having enlarged but possibly more irrelevant search returns relative to personal likes and dislikes - but if not that kind of person, trust TrackMeNot only if you feel that academic computer science researchers would not be hoodwinking you with tracking of their own. And a comparably advertised product, from say Mark Zuckerberg's operators at Facebook, might do the search obfuscation on an actual random and heavy basis while tracking everything but its own generated noise separately, so as to be able to sell advertisers a "clean stream" track and profile for you, and family. So: Enjoy the Internet. And presume the NSA knows much about you from the process.

Note that the random search TMN displayed in the toolbar when I began this sentence was "expecting a child with" and it switched during typing to "American multinational commerce." You can set differing frequencies at which spam search terms will be sent to the search engine firms, and you can target AOL, Google, Bing, and Yahoo. I waited, next spam search "poll released Thursday."

More TMN settings exist. As you will see if you decide to try TMN.

From having TMN installed, it seems to not slow actual searching or site loading.

There are other browser addons aimed at privacy protection. Or aimed at blocking advertising from distractingly displaying on your screen while reading.

I am unaware of what's possible with Microsoft's Internet Explorer because I only use it for a limited range of services. I prefer Firefox, and Chrome, in that order. Each of the three have substantial market share, and fans.

It seems there is a bit of a cat and mouse game between the helpful privacy-addon authoring world, and the world of firms wanting to advertise and sell stuff and firms with a business plan to make bucks as a facilitating intermediary for the latter.

However, consider whether search help such as Google provides would be developed without some attendant business plan to make money from it. Take the bitter with the sweet, look at and test the cat and mouse stuff, it's all a wild west shootout, still, on the web. There is an adage found many places on the Internet:

If you are not paying for it, you are not the customer, you are the product being sold.