This doesn't surprise me. I knew someone that intentionally graduated with a specific major, so they could get a job in that industry and send trade secrets/IP back to China. The purpose was to create a competing company.
It didn't work out for them that well. They couldn't last more than 6 months at any one company and I think eventually gave up and went back home.
I don’t understand what you are saying here. How many months does one need to stay to hover up the trade secrets / IP? In software engineering you get access to the repos on day one, but even in other industries I guess what you don’t have access to after 6 months you won’t have access to realistically ever.
But according to what you said that was their plan all along. So in what sense did it not “work out for them”?
Some repositories needed to do your work, sure. Not necessarily all, and the more interesting work may not be available to just anyone who joins.
If it's a company like Google, you may not even end up at the group you interviewed for.
I would be very careful doing that at Google. Even if just about anything is accessible, I imagine most access is logged. If you are downloading everything not related to your job it could raise some alarms!
Didn't stop Anthony Levandowski
Presidential pardon is the one weird trick that employers hate, when you steal IP and get caught
I think the subtext here is that the “spy” in question was not the sharpest tool in the shed.
You need some level of intelligence and knowledge to know what is worth stealing and what to do with it.
Getting a major with the sole purpose of industrial espionage and then telling people about it indicates a lot about the person in question.
Yeah, yeah. I’m not saying it is easy business. What I am saying is that “bouncing around many companies in a quick succession and then leaving for their home country” is exactly the pattern one would exhibit with that plan. If one would want to show that their plan didn’t work out then one would be talking about other things. For example that they only got junior jobs with no access to the code/secrets, or that they were only hired in fields outside of their interest, etc etc.
I have a strong distrust for authority, but even I would report espionage and IP theft of this sort. Downloading a movie doesn't bother me. Running a site for others to download movies doesn't bother me. But being a snake to go defraud a company to steal the hard work of others so your own illicit company can turn a profit off said labor by others irks me. Do your own R&D.
Did you ever consider doing raising a red flag? If so, why did or didn't you?
I'm sorry, I really don't understand this. What part of the second statement doesn't apply to the first?
You give it away for free instead.
ad revenue
If anything is going to unite two groups of people who are “naturally” on opposite sides of a political spectrum, it’s going to be stopping treasonous activities.
I airquote naturally because it’s obvious that foreign interference is at play, based on the laissez-faire attitude towards this sort of thing by some groups.
Correct. The left and the right may be at loggerheads about the best way to manage america.
Yet, the vast majority of both camps still think of themselves as american. Neither group will take kindly for others to present themselves as american, to then proceed steal from other americans for the benefit of non-americans.
We are all part of the same macro-tribe after all.
Short of downloading literally everything and sending it back to a team, it's possible he didn't know enough after 6 months (while also trying to maintain his actual job) to get anything of value.
I've been at my company for almost 20 years. I have a lot of access, but if I was told, "go find some trade secrets." LOL, not a chance. The haystack is far too big and I don't even know what I'm looking for. Someone who has been at the company 6 months barely knows where the bathrooms are.
My prior employer was really worried about source code leaks.
I was more like, giving the direct competitor the code would more be like industrial sabotage for their sake. What could they possibly do with it. They would waste fte years dechiffering it instead of doing something useful.
But nah, rather keep your own engineers in the dark about secret plans and road maps.
I worked out quite well though, since the engineers did their thing withoit knowing what the higher ups wanted.
Because it is not your intention to do so. Think about how one can live a whole life locking and unlocking locks without ever accidentally lock-picking one. Yet they can be picked, and often quite easily if that is your goal.
If you are serious about it you don’t just bumble around randomly until a trade secret hits you on the head. You can ask yourself: what can that company do nobody else can? You can even ask this question before joining a company and thus selecting the right target and the right position to get access to it.
If you are an agent of a rival company or govt there may alreay be a "best practices" rulebook for stealing IP, a set of established procedures.
If you're going to steal secrets, do it slowly, don't pull a Levandowski and copy everything in a noticable way so that security gets alerted, at which point it may take you forever to exfiltrate data.
Presumably the more valuable the IP, the harder it is to access.
Did that person just go around disclosing their plan?
Having seen something like this happen once, what probably happened was the person OP is referring to was trying to get IP in order to start their own private sector startup, and probably get some seed funding from a regional government (eg. Beijing and Hangzhou did this in the 2000s to jumpstart their tech industry)
It's similar to the Israeli program in the 90s (who's name I'm blanking out on EDIT: Yozma I before it was privatized) because just like China in the 2000s-early 2010s, there wasn't a notable private sector VC industry yet.
Quite an allegation... any reference to them sponsoring/encouraging stealing IP or am I misreading and you simply meant it's a government sponsored startup accelerator program?
It's not really that damaging.
Israel never recognized American software or pharmaceutical patents, and most countries do some form of Industrial Espionage (France is fairly notable in the space as well [4]).
The wildest cases tended to be back in the 1990s, when Israel was trying to build a domestic armament industry, notably by stealing American IP and selling it to the Chinese [0][1][2][3] (most modern Chinese weapons systems today are based on that IP transfer in the 1990s).
This largely ended by the mid-late 2000s when the Israeli tech industry was much more established, and Ehud Barak (edit: Olmert - mixed up his surname and the Barak middle scandal) getting arrested on corruption charges, heralding the end of Israel's Wild West days in the tech industry.
Also, Tiannammen Era sanctions from the 1990s forced Israel defense companies to pivot to India, which doesn't allow vendors to sell SKUs to India which Pakistan and China have access to, and would leverage French and Israeli SKUs based on American designs.
I highly recommend reading this GAO report from the 90s [3]
[0] - https://www.jstor.org/stable/2538128
[1] - https://www.nytimes.com/1993/10/12/world/israel-selling-chin...
[2] - https://www.jstor.org/stable/1149008
[3] - https://www.gao.gov/assets/t-osi-92-6.pdf
[4] - https://www.politico.com/story/2014/05/france-intellectual-p...
Funny that you mention France when the USA is #1 in the world for corporate spying. Having been involved in western Europe for deal where US competitor were given "advantage", USA spying was always number one concern over all other countries (and this is how counter spying agencies brief companies) as it had more direct economic damage and is more difficult to identify than Chinese spying.
Few examples just for Airbus every few years you get report of US spying: * https://www.dw.com/en/airbus-fires-16-over-suspected-german-... * https://edition.cnn.com/video/news/2015/05/01/airbus-spying....
The American government will spy, but will not explicitly spy to provide IP directly to a private company like Boeing or Lockheed, as this enters felony level corruption territory due to the Procurement Integrity Act, Federal Acquisition Streamlining Act, and the Federal Acquisition Regulation.
The main difference is DGSE would explicitly attempt to steal American IP and then provide it to Thales or Dassault.
They may not provide direct R&D details but they will provide direct information about offers price, negotiation status etc. This is part of the Snowden leaks that people seems to have completely forgotten.
https://wikileaks.org/nsa-france/spyorder/#spyorder2
IANAL but Competitive Intel around pricing and SKUs isn't IP except in certain cases.
If they were, just about every single private sector company globally would be guilty of IP infringement, let alone Public-Private Partnerships like the ones I mentioned.
Intelligence agencies often have their own interpretation of the law, which coincidentally allows them to do what they want.
And if you don't like that, you can sue them in the special intelligence court where the evidence cannot be revealed, the proceedings are secret, and the judges are very unbiased.
Did you mean Ehud Olmert? I don’t believe Ehud Barak was ever arrested.
Also, not to nitpick, but would appreciate publicly accessible articles… from the abstracts I can only assume these are summaries made in the 90s of pre-90s shenanigans
EDIT: saw now the edits with 3-4, will look at when I have time (thanks!)
Yep. Brainfarted and merged Olmert and the Barak missles corruption case
Hence why I wrote "the Israeli program in the 90s".
It's significantly less egregious nowadays (imo de facto non-existent due to how integrated the Israeli innovation system is with the American system now and how simplified FDI is in Israel compared to the 80s-90s)
Internet based news wasn't really a thing until the post-Netscape era.
All you're stuck with are archives of print news or government articles, especially because this kind of behavior largely ended by the 2000s.
No problem! And like I mentioned before, most countries do this in some form to help domestic champions (eg. India and Pharma IP, France and Defense IP, socialist era Israel and Defense IP, 1970s-80s Japan and electronics IP, China and Defense+Software IP).
If a country allows almost 100% FDI, there's no reason for industrial espionage in that specific sector because foreign champions become integrated with domestic ones. Hence why Israeli and Indian companies don't steal hardware designs anymore because most Americans companies have design centers there that are closely integrated with domestic champions.
I think if someone actually had government handlers asking them to do this, most of those people wouldn't blab about it to their school chums. But there's a subset of people with grandiose delusions / general behavior problems who feel a compulsion to tell everyone about their grand plans/machinations to become rich and powerful.
Reminds me of that scene from Silicon Valley where Jian Yang has a bunch of new startup ideas on his whiteboard
https://www.youtube.com/watch?v=Km5XQxRrQvw
I think you are underestimating how tough it would be to be playing James Bond and not tell anyone.
You wouldn't have to be a delusional braggart to want to tell a friend this. Most spies are not going to be as much of a compartmentalized lunatic like Robert Hanssen or someone at that level.
It most likely wasn't a Handler/MSS type espionage.
It was most likely trying to grab IP to found a domestic competitor, and raise a Seed round from local government accelerators like those Beijing and Hangzhou have.
Hmmm that seems like a clear cut case to report to the FBI. Yeah, assuming that they were walking around telling people about it.
The FBI gets more credible reports than it has the labor to investigate. Not to mention in this example no crime even yet occurred.
I agree with the spirit of your statement that no crime has occurred. But this isn't a case where someone just expressed a vague interest in a related topic of national security, but their specific intent to steal secrets and give them to an adversary. And then go ahead and interview at certain companies with that intent.
This would be like someone specifically (not vaguely) stating their intent to commit a violent crime and then spend months preparing for it. Yeah, law enforcement, please definitely follow up on that one.
Trade secrets aren’t national security.
They definitely can be. In the US there are many different ways in which they can overlap as a matter of law. There are myriad frameworks similar to ITAR that place a national security interest on trade secrets or block public disclosure e.g. patents (which effectively turns them into trade secrets).
Your average web dev probably isn’t familiar but navigating this is a routine consideration in deep tech.
Real, and quasi-real national security projects require more stringent background checks than the ones unnecessarily used in most "average web dev" [sic] recruitment processes, and some come with citizenship requirements. I know, because that's one of the reasons I don't work on such projects.
ofc, like in any security-related field, many are LARPing instead of practicing, and that's a different issue.
It is more nuanced than this. A startup is virtually never a "national security project" even if they end up involved in an actual national security project. The kinds of background checks startups do are the same as any other company in any industry. It has nothing to do with national security. There are many things that can factor into a citizenship constraint depending on the type of business.
A "real" national security background check requires support and sponsorship from a national government, and governments don't provide that casually to anyone that asks. If a startup finds themselves with national security customers, there is no requirement for the startup to go full-on Secret Squirrel but governments will calibrate their trust in the startup by how seriously the startup takes security and how diligent they are when vetting employees. It does not involve everyone getting a security clearance, which would not be possible anyway if the startup works with multiple national governments.
I find the opposite situation is more common in practice: startups that find themselves in the national security space are often naive about what constitutes a baseline level of security, vetting their employees, and the pervasiveness and character of espionage programs.
It is important to recognize that national security considerations are starting to affect startups that never go anywhere near national security customers due to escalating concerns and increased rigor around software supply chains. You may not have an interest in national security but national security may take an interest in you. This has ramifications for many software business models.
They are indeed separate concepts but they may be both true. ASML can be a good example
That’s not what the department of commerce thinks. Just giving information to a foreign national can be considered “deemed export” and get your company in trouble.
https://www.bis.doc.gov/index.php/policy-guidance/deemed-exp...
Interviewing for a job with the prior stated intent of pilfering their IP is fraudulent.
Let the employer file civil case then.
The IP theft is a private concern. The national security implications are public. What OP describes seems worth criminal investigation.
Is it?
I mean obviously if the said person did pilfer, or attempted to pilfer, it would be illegal.
But is there any law against interviewing for a job, while having a prior statement of intending to pilfer? Or in a more general sense, interviewing for a position while previously saying that they intend to breach the contract?
I'd imagine that there could only be ground for a lawsuit if 1) a contract has been signed, and 2) the stated activity has at least been attempted.
Not to mention in this example no crime even yet occurred.
OP...you should definitely report this to the FBI.
If you try to hire a hitman, the FBI will definitely investigate even though no crime has been committed.
so, is there a clear line between: steal trade secret, and applied learned experience in new company the way everyone does?
If they are intentionally finding information that is outside the scope of their own role and then exporting the information itself as opposed to actually learning it then that would be clearly stealing trade secrets. Of course there are some lesser actions that would be in a gray area.
some call that a positive initiative. cross training between departments or some such corp speak is used so people can "fill in" or just have a better understanding of the other departments so you can possibly work better with each other or come up with novel solutions for someone else.
companies that silo everyone off and prevent open discussion between groups are horrible places to work. ask Oppenheimer.
There may be some grey, but copying information in writing is pretty clearly over the line.
No. Ultimately courts have to make judgements.
Repositories are rarely worth much.
Sure, some algorithms there might save you some time, but its often the design and the data where the money lies (what this guy focused on).
Clone google's repo and you'll likely struggle forever to get anything of substance running on a rando vm/docker/etc. not to mention about spinning the entire stack with interconnected services, certificates, shitty code, and layers upon layers of hacking that can only be resolved by relying on the tribal knowledge on whomever built the darn thing.
Compared to that - detailed design docs, a team of motivated Chinese dudes/ettes with some monetary support from the local party, and you can have a close-enough copy running natively on the Alibaba cloud in a few months.
Source code repo is like a very extremely detailed doc. You might not be able to actually easily run it due to all of the dependencies etc, but with couple of weeks of reading, you should be able to tease back out the high level design.
I've done enough code archaeology to say that looking at the code to understand the design is a good way to understand that the two halves of the bridge didn't mate up, but there was a deadline, so...
The design from a design doc can be replicated at almost any company. The actual code is specific to the company and their exact stack.
The company's business position is similarly hard to duplicate. You can understand a company's current capital, customers and money flows. Your new company has to either outcompete for those same flows or create or capture alternative flows, and do this with different capital. Having, say, the entire source code for FedEx doesn't make it easy to launch a competitor. It's practically irrelevant compared to the network of capital investments, corporate goodwill and contracts, etc.
There's probably some deep science AI-type stuff.
Or maybe useful for security exploits.
A copy of Google3 would take an outsider eons to replicate Borg for any of it to run on.
Did they tell you that, did you hear it second hand, or figure it out yourself?