Trading Technology

02:02 PM
Louis Lovas
Louis Lovas
Commentary
50%
50%

Breaking the Code Theft Brain Drain

As firms embrace algorithmic trading, they must secure their codes from those outside the office - and inside as well.

Maybe it happened in the dead of night, maybe it happened in plain sight. But the allure was too great. Over the past year there has been an increase in real and alleged code thefts by those very individuals entrusted to devise a trading firm's most prized possession, the algorithms used within their trading engines.

The trading industry is highly competitive and analysts report that 80 percent of hedge funds will be trading algorithmically within three years, joining a wealth of fully automated quant funds. An ever increasingly competitive algorithmic pack is chasing after a diminishing pot in that elusive hunt for alpha. Profitable algorithms are such a business critical asset firms will go the extra mile to protect them as the capital investment for their creation is deep and laden with risk.

Looking at a chronology of thefts over the past eight months they all have a similar earmark, that of a fool's errand. Former employees moving to a new employer decide to take a little extra with them.

November 2010: Samarth Agrawal, a former Societe Generale employee was found guilty of stealing HFT programming code and bringing it to a prospective new employer.

December 2010: Goldman Sachs programmer, Sergey Aleynikov convicted of code theft.

January 2011: Quantlab sues SXP Analytics in Texas federal civil court, accusing the owners (some being former Quantlab employees) of stealing mathematical formulas.

February 2011: Goldman Sachs code theft conviction reversed.

May 2012: Bo Zhang, programmer pleaded guilty to stealing software code from the Federal Reserve Bank of New York.

May 2012: Yihao Pu, former Citadel Investment Group software engineer indicted of stealing the firms high-frequency trading code.

June 2012: Citadel accuses Jump employees of stealing secrets.

Why is this happening? What would possess seemingly law-abiding individuals to cross over allegedly to the dark side? The lure of a bigger salary is a clear motivation behind programmers and quants moving to a new firm. The former Goldman programmer Sergey Aleynikov earned nearly $400,000 a year and his new job with Teza Technologies would have paid him about $1.2 million. Yet a hefty salary is hardly reason to risk so much.

A big salary equates to a high profile position, however, and the strong desire to repeat past successes can be overpowering. When a profitable technique is discovered through long-painful analysis, loosely analogous to pharmaceutical company's efforts in the pursuit in the treatment of disease, it's like striking gold and it's coveted emotionally.

Acts of theft are premeditated and daring; the opposite of glib acts and they are born out of a sense of entitlement made stronger when there is an emotional tie to the code behind a profitable algorithm. The thinking goes, "I wrote this code therefore I own it."

The reversal of the decision against Aleynikov was also a tipping point. In the prosecution and exacting of criminal intent to steal intellectual property, the original conviction was theft of trade secrets under the Economic Espionage Act. Aleynikov's conviction was overturned on a technicality stating that the law is for interstate commerce and does not apply to intangible property, like computer code. Unfortunately the precedent will only further engender the hubris in future offenders, prosecution appears easy to subvert.

In the midst of difficulty lies opportunity

Algorithms are changing the world of finance, for multi-asset trading, risk management and cost analysis, yet firms' fear of theft is analogous to production computers being deployed unprotected by anti-virus software. No such deployment would occur; fortunately the tools to prevent viral infection are ubiquitous and uncomplicated. Theft prevention, on the other hand, is nascent on many fronts.

Future software and algorithm development platforms including trading systems and language IDE (Integrated Development Environments) tools for java, C++ and C# must incorporate stronger security and encryption schemes to prevent unauthorized manipulation of stored program code and if copied maliciously rendered invalid. Authorization certificates can be controlled independently away from the hands of programmers. The base technologies for this exist today and are likely in practice, possibly for highly secure military applications. However, development tools need to incorporate such features as built-in standard practice.

Another avenue to deter theft is employment contracts for quants and senior developers. They may take on language similar to that of bonded employees, entrusting them with a fiduciary duty. When a company bonds an employee it is protecting its financial standing with an insurance policy that protects it from loss due to employee theft or negligence. A difficulty will be asserting value for the fiduciary bond. It's not the value of program code, but its valuation as an irreplaceable asset for present and future revenue. Bonding won't prevent theft but it is an insurance against loss given the perilous path to conviction.

The road to success is fraught with peril for firms and employees alike. Algorithms are born out of the mathematical ingenuity of quants and become the lifeblood of trading firms. Profitable algorithms are part genius, inspiration and perspiration and their complexity is accelerating. Theft has become a catalytic and a compelling character in the subplot adding a nefarious element to the narrative of algorithmic trading. Laws, contracts and development technology have to play catch up.

As David Brooks of The New York Times recently wrote, a person's moral desire "to balance their virtuous self-image with their selfish desires" has been put to the test in these high-profile theft cases. Will your firm pass the test?

Louis Lovas is director of solutions for OneMarketData.

Comment  | 
Print  | 
More Insights
More Commentary
Data Integrity: A Necessity, Not an Option
Financial institutions that have taken on the data integrity task in the past now have to spend more money on hardware, software, and people just to keep up with the demand.
What Colombia’s New IT Campaign Means for Latin American Tech Investment
Colombia’s campaign is the latest example of how Latin America is trying to edge into the global technology space.
Initial Margin: When Does More Turn Out to Be Less?
Changing margin regulations are set to affect the OTC derivative market, including initial margin risk models for non-cleared OTCs.
The Mainframe Innovation Drag
It may be time for a consortium of firms motivated around the objective of eliminating the mainframe. What if every self-clearing firm decided to participate in building a modern, back-office system as an open-source, cloud-based project?
Big Data DIY
Now that we have passed the initial hype phase of big data, companies are searching for real business value from their investments. Consultants can play a part, but only if financial firms insist on a new partnership model.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.