Nvidia sued for stealing trade secrets: blunder showed rival company's code

Nvidia did hire him precisely for his previous experience at this rival company, on the very same project that the two companies were partnered on, which is the same project that Nvidia hired him for.

Yes, this happens all the time.

There is no argument to be made that Nvidia wasn't aware he'd be coming with secrets.

This is not a logical conclusion from the above. Hiring for the exp is fine. Hiring for the trade secrets obviously is not. No serious company would do the latter, esp a company the size of Nvidia.

I don't have direct knowledge of this company or the parties involved but I would be highly doubtful that Nvidia would want to have an employee steal the secrets of a competitor/partner. In my experience, companies of this size would aggressively not want tainted IP inside their companies. He would need to be bringing across something as valuable as AGI, cure for cancer, etc for it to be even worth considering. There are numerous examples of companies being offered trade secrets of their competitors and reporting it back to the FBI just so they can avoid even the suspicion of stealing corporate secrets.

If you think about it for a second, it is kind of obvious. Pretty much every technology is reproducible with the right amount of talent, funding and time. Why commit a crime when you can simply throw money (of which you have a lot) at the problem? Responsible corporate officers know this and act accordingly.

A problem here is that while the companies will generally make very clear that they don't want you to have any single line of code, any schematic, any drawing, anything at all from your previous company; they may also expect you to bring "experience" from the previous company, thereby pressuring more junior employees into doing exactly that - bringing some docs from the previous company - but not telling about it. Through my career I have been to several meetings where everyone was, notebook in hand, expecting to hear the "experience" from the new guy. That is obviously as legal as it gets, but the pressure for the junior employee to have kept a couple of notes is there, and you'd never know.

i.e. I suppose no one was aware that he had this code, and it's unlikely it went into nvidia's codebases or that nvidia wanted it; but it also doesn't mean nvidia did not pressure the guy into doing that.

So... noncompetes, except for the hiring company?

I wonder if this would become more common with things like ChatGPT.

Let's say you've been working in place A, you show your code to an LLM service (like the dozen or so Copilot-like services) and tell them to refactor. And for the sake of argument, let's say the LLM uses your code and questions for its next training dataset.

A few years pass, then you go to work at Place B, and ask a question that happens to be related to the problem that Place A's code solved, and they give you Place A's code as is.

There is tremendous upside. You can look like a rockstar at the new company and propel yourself upwards with that momentum.

Maybe he was offered the job at Nvidia on the condition that he arrives with Valeo's code.

Is printing out and pinning the prints to the wall still a thing done IRL and not just a movie thing? We had to do prints to green-bar back in school days when we only had shared time at the school's computer lab. But I haven't considered printing code out since the early 90s. It seems so out of place in today's time

You’re assuming all/large portion of the stolen code was developed by him and he could have even written all of it at the NVIDIA.

Maybe he needed all that to actually perform in the new job.

You can be lazy and get lots of promotions and bonuses. That's why. People risk major felonies to steal $5k from a bank. Getting fired on the (let's be real) low risk you get caught is nothing

Rationally seen, you'd at least have to assume to get caught at some point, and you'd have to assume the company will do anything to hold you alone accountable for damages, therefore making any possible upside a terrible risk reward scenario for you - so far true.

Also if it was your own code, stealing it to "kickstart" your position at your new employer also feels like a rather bad deal: just bringing your knowledge and spend a good part of your time recreating something you already know how to do sounds like low effort for big money, a much better deal for you if your aim was to get better comp and job security.

The one thing that might skew this equation, and can only be theorized about with the knowledge we have here would be if your new employer DID collude with you and proposed tremendous returns for giving them access - eg a kind of off-the-record deal where you'll engage in corporate espionage & theft of ip for big cash following through some hidden compensation construct.

Assuming the latter would border on conspiracy theories and i don't want to suggest this would have been the case here. Just a play of thoughts to add to the reasoning that YOU doing it on your own for ill-guided hypothetical benefits might not be the sole factor leading to such theft at all.

If nothing else, it seems pretty silly to have the stolen source accessible from the new work computer. That's just asking for the ruse to be detected too easily (automated backups, virus scanning, etc which could fingerprint the data). Keep the illicit goods on an air-gapped, encrypted, personal computer that you can reference as required.

As far as I know, they were never able to find the Waymo files that Anthony Levandowski stole, because he was at least crafty enough to not load everything directly onto Uber hardware.

Here's a good example of an ex-Uber employee who stole / took his excel-in-browser to his next employer: https://basta.substack.com/p/no-sacred-masterpieces

"but I took the code and shoved it into my back pocket for a rainy day."

Discussion: https://news.ycombinator.com/item?id=37527720

There's little-to-no personal upside, and only horrible downside if you get caught.

Here you just mention upsides with very small chance of small downside. See the case for Anthony Levandowski which was much more serious crime as he knowingly created and sold a company with only moat being Wyamo docs and everything bad that could happen to him did happen. He spent 6 months in jail and now he rejoined as CEO in Pronto. The much more probable case is he got to enjoy $680M that Uber gave him and not have to worry about money again.

> everybody is violating everybody else's patents

Violating patents is one thing, as you're only violating the concept/idea, but the implementation is still up to you meaning it will still be clean room design, whereas this guy also blatantly copied the source code and design files which is a slam dunk lawsuit, hence why no company ever wants to have competitors' IP on their systems.

For Nvidia, the most likely reason they've strongly avoided Open Sourcing their drivers isn't anything like that.

It's simply a function of their history. They used to have professional level graphics cards ("Nvidia Quadro") using exactly the same chips as their consumer graphics cards.

The BIOS of the cards was different, enabling different features. So people wanting those features cheaply would buy the consumer graphics cards and flash the matching Quadro BIOS to them. Worked perfectly fine.

Nvidia naturally wasn't happy about those "lost sales", so began a game of whack-a-mole to stop BIOS flashing from working. They did stuff like adding resistors to the boards to tell the card whether it was a Geforce or Quadro card, and when that was promptly reverse engineered they started getting creative in other ways.

Meanwhile, they couldn't really Open Source their drivers because then people could see what the "Geforce vs Quadro" software checks were. That would open up software countermeasures being developed.

---

In the most recent few years the professional cards and gaming cards now use different chips. So the BIOS tricks are no longer relevant.

Which means Nvidia can "safely" Open Source their drivers now, and they've begun doing so.

Given independent invention is apparently not a defense against infringement, that makes a lot of sense. I can’t even imagine trying to screen the codebase for that.

AMD has open source drivers so it's basically just NVIDIA that doesn't.

Unless you already want to count intel, not sure if they count as actual products or are still in early access.

and now we have AI violating everything.

Germans. We love printing, faxing and scanning stuff.

I do. I can't read any length of text on a screen. I pin stuff to the wall too, of quick sheet character. Like Emacs hotkeys, C operator precedence, pinouts, general specs etc.

I'd love to have a 100 inch hidpi eink wall.

>WTF actually prints out documentation?

Probably easier to exfiltrate confidential documents when printed, rather than digitally through the company internet which is logged and points straight to you.

If I print something confidential and take it home there's only the printer logs as proof that I printed it, but no proof that I also took it home (unless there's surveillance footage).

>Let alone pins it to their walls?

The man is proud of his work, wants to see it daily for motivation.

paste code from source files of projects they worked on for different companies

I wonder what would happen if legal action started between two companies and it turned out a coder pasted code from personal projects that predates both.

Or worse, they may just remember how they coded it last time and code it the same, or only remember subconsciously and code it the same without knowing.

Someday there will be technology to erase all memory of work you did in service of your corporate overlords and you’ll be able to start with a true clean slate at every job.

Coders will keep code snippets and thoughts in personal knowledge tools like Notion,

Do they? I’ve never personally done such a thing, though I may keep some code in public GitHub repos. I’ve rewritten quite a bit of the same logic at most places I’ve worked over the years.

The screen sharing incident is not the important thing that happened here. From the article:

Moniruzzaman allegedly gave his personal email unauthorized access to Valeo's systems to steal "tens of thousands of files" and 6GB of source code shortly after that development. He then left Valeo a few months later and took the stolen information with him when he was given a senior position at NVIDIA, the complaint reads.

what about this:

Valeo said its former employee admitted to stealing its software and that German police found its documentation and hardware pinned on Moniruzzaman's walls when his home was raided. According to Bloomberg, he was already convicted of infringement of business secrets in a German court and was ordered to pay €14,400 ($15,750) in September.

What does it mean for "Nvidia to know" something? Does it never count as a "corporation knowing" unless the executives are aware of it? Obviously this cannot be the standard by which companies are held accountable.

I am positive Nvidia has no part in this. A corporation of this size is severely allergic to foreign proprietary code and would not risk the lawsuit. Sounds more like this individual forgot to read the memo on IP, and the article says he was already sued by the German courts for prior misconduct anyway.

Kind of reminds me of the guys who do personal stuff on their work laptop and then get the entire company pwned. Do people not read the fucking manual anymore?

400 GH repos:

https://github.com/orgs/NVIDIA/repositories

Not to mention tons of other projects that live outside of the main org, contributions to other projects all over the place, etc.

So much hate for free software.

The “I hate Nvidia because all I know is their driver is proprietary” schtick is old.

They crossed the $1T mark in value solely because of the almost completely open source ecosystem (a large portion of which they directly develop and contribute to) that runs on top of their hardware and (yes, proprietary) driver.

They’re not angels but this position is something out of Slashdot circa 2005.

How is this morally theft anymore than hiring someone who has experience solving the problem to solve the problem again? As long as they aren’t reproducing the solution verbatim it’s already morally acceptable to hire experts for their experience. Why would “hiring” software for its “experience” be different?

never steal

Should just give the board of directors 100 lashes. Except of course if it turns out they didn't know about it, then they should get 200 lashes, have their genitals chopped off, and their immediate family be given 10 lashes. Just like the good old days.

How can you know that?

Judges and prosecutors should lose their immunity and be held accountable for their negligent and reckless actions. Legal systems can never be just until bad actors face repercussions, irrespective of what role they serve.

it is... but there's apparently a lot more discussion on this thread so maybe that one should be rolled into this one...

Or simply use procedural generators, such as llms. Those will rinse ip like it’s nothing.