Trading Technology

02:02 PM
Louis Lovas
Louis Lovas
Commentary
50%
50%

Breaking the Code Theft Brain Drain

As firms embrace algorithmic trading, they must secure their codes from those outside the office - and inside as well.

Maybe it happened in the dead of night, maybe it happened in plain sight. But the allure was too great. Over the past year there has been an increase in real and alleged code thefts by those very individuals entrusted to devise a trading firm's most prized possession, the algorithms used within their trading engines.

The trading industry is highly competitive and analysts report that 80 percent of hedge funds will be trading algorithmically within three years, joining a wealth of fully automated quant funds. An ever increasingly competitive algorithmic pack is chasing after a diminishing pot in that elusive hunt for alpha. Profitable algorithms are such a business critical asset firms will go the extra mile to protect them as the capital investment for their creation is deep and laden with risk.

Looking at a chronology of thefts over the past eight months they all have a similar earmark, that of a fool's errand. Former employees moving to a new employer decide to take a little extra with them.

November 2010: Samarth Agrawal, a former Societe Generale employee was found guilty of stealing HFT programming code and bringing it to a prospective new employer.

December 2010: Goldman Sachs programmer, Sergey Aleynikov convicted of code theft.

January 2011: Quantlab sues SXP Analytics in Texas federal civil court, accusing the owners (some being former Quantlab employees) of stealing mathematical formulas.

February 2011: Goldman Sachs code theft conviction reversed.

May 2012: Bo Zhang, programmer pleaded guilty to stealing software code from the Federal Reserve Bank of New York.

May 2012: Yihao Pu, former Citadel Investment Group software engineer indicted of stealing the firms high-frequency trading code.

June 2012: Citadel accuses Jump employees of stealing secrets.

Why is this happening? What would possess seemingly law-abiding individuals to cross over allegedly to the dark side? The lure of a bigger salary is a clear motivation behind programmers and quants moving to a new firm. The former Goldman programmer Sergey Aleynikov earned nearly $400,000 a year and his new job with Teza Technologies would have paid him about $1.2 million. Yet a hefty salary is hardly reason to risk so much.

A big salary equates to a high profile position, however, and the strong desire to repeat past successes can be overpowering. When a profitable technique is discovered through long-painful analysis, loosely analogous to pharmaceutical company's efforts in the pursuit in the treatment of disease, it's like striking gold and it's coveted emotionally.

Acts of theft are premeditated and daring; the opposite of glib acts and they are born out of a sense of entitlement made stronger when there is an emotional tie to the code behind a profitable algorithm. The thinking goes, "I wrote this code therefore I own it."

The reversal of the decision against Aleynikov was also a tipping point. In the prosecution and exacting of criminal intent to steal intellectual property, the original conviction was theft of trade secrets under the Economic Espionage Act. Aleynikov's conviction was overturned on a technicality stating that the law is for interstate commerce and does not apply to intangible property, like computer code. Unfortunately the precedent will only further engender the hubris in future offenders, prosecution appears easy to subvert.

In the midst of difficulty lies opportunity

Algorithms are changing the world of finance, for multi-asset trading, risk management and cost analysis, yet firms' fear of theft is analogous to production computers being deployed unprotected by anti-virus software. No such deployment would occur; fortunately the tools to prevent viral infection are ubiquitous and uncomplicated. Theft prevention, on the other hand, is nascent on many fronts.

Future software and algorithm development platforms including trading systems and language IDE (Integrated Development Environments) tools for java, C++ and C# must incorporate stronger security and encryption schemes to prevent unauthorized manipulation of stored program code and if copied maliciously rendered invalid. Authorization certificates can be controlled independently away from the hands of programmers. The base technologies for this exist today and are likely in practice, possibly for highly secure military applications. However, development tools need to incorporate such features as built-in standard practice.

Another avenue to deter theft is employment contracts for quants and senior developers. They may take on language similar to that of bonded employees, entrusting them with a fiduciary duty. When a company bonds an employee it is protecting its financial standing with an insurance policy that protects it from loss due to employee theft or negligence. A difficulty will be asserting value for the fiduciary bond. It's not the value of program code, but its valuation as an irreplaceable asset for present and future revenue. Bonding won't prevent theft but it is an insurance against loss given the perilous path to conviction.

The road to success is fraught with peril for firms and employees alike. Algorithms are born out of the mathematical ingenuity of quants and become the lifeblood of trading firms. Profitable algorithms are part genius, inspiration and perspiration and their complexity is accelerating. Theft has become a catalytic and a compelling character in the subplot adding a nefarious element to the narrative of algorithmic trading. Laws, contracts and development technology have to play catch up.

As David Brooks of The New York Times recently wrote, a person's moral desire "to balance their virtuous self-image with their selfish desires" has been put to the test in these high-profile theft cases. Will your firm pass the test?

Louis Lovas is director of solutions for OneMarketData.

Comment  | 
Print  | 
More Insights
More Commentary
Why Settle for Less in the Front Office?
Recent research shows that sell-side firms are less than satisfied with their order management system (OMS) technology. Many front offices, however, continue to make do with their current solutions. Are they selling themselves short?
BYOD Policy: Don't Reinvent the Wheel
Financial firms still feel overwhelmed by BYOD risks and challenges. But these can be addressed by a good policy, and the guidelines are already out there.
The BYOD Challenge
Having a policy in place to manage mobile devices used by employees for work purposes is necessary in this current day.
Getting Onboarding Right in the Age of the Customer
Disparate “Frankenstein” systems slow down the onboarding process and impede customer service, says Pegasystems.
Performance Monitoring Key to Smooth Infrastructure Modernization
As banks consider how to shift infrastructure and storage solutions, they can’t afford to lose visibility into performance.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.