
Former Apple Employee Charged with Theft of Autonomous Car Project Trade Secrets - uptown
https://www.macrumors.com/2018/07/10/apple-employee-steals-trade-secrets/
======
_cs2017_
So the guy stole data and hardware. Instead of leaving immediately for China
before it's discovered, he went back to Apple and told them that he's leaving.
And not just leaving, but leaving to work for a competitor in the self-driving
car industry. If he wanted to raise any more suspicion, he'd need to show up
to the exit interview in a ski mask, carrying a crowbar.

And after that, he _still_ stayed in the US for over two months (April 28 -
July 7). This simply defies belief.

I don't even mention the fact that he admitted to the Apple security team that
he stole stuff. Presumably without any lawyer since no lawyer would let him
admit to anything. Why would he even meet with a security team, if he's not
under arrest? Even if he thought he can't get caught, surely he knew something
was wrong when the security team called him for an interview?

Maybe he thought it's impossible to prove what he did? But the guy is
intelligent, he was hired to an important project at Apple. He must know that
corporations have security cameras and also can check corporate device usage.

So I'm down to my final two guesses. Either the guy thought he didn't do
anything wrong (really? taking confidential documents and hardware??). Or the
article heavily distorts the facts.

Anyone has better explanations?

Edit: just saw the official FBI court filing at the end of the article. The
article did not distort anything. I have no words.

~~~
slivym
It could be that it simply never occured to him that he would get caught. When
you work somewhere for years you don't think "This security cameras on the
entrance could technically be used to track my activity". As the article says,
the repositories that he accessed are restricted to THOUSANDS of people. So
really the guy was probably right - if he hadn't been a dumbass and said that
he was going to work for a chinese competitor then his boss likely wouldn't
have thought to ask questions, no one would've noticed.

~~~
antpls
I don't understand how you can blame him and call someone a "dumbass" for
being honest.

It looks like the dumbasses are Apple project managers, or Apple lawyers, or
Apple security admins or whoever write Apple's policies

~~~
tomtimtall
Are you a dumbass if you are honest? No. Are you a dumbass if you steal and
then honestly tell that you did it? Yes. Now don’t get me wrong, all criminals
are bad. But you have to admit that there is a difference between smart
criminals and dumb ones. This person was a dumb criminal. Likely due to him
not even contemplating that what he was doing was criminal, in-line with
shoplifters who will tell you: “No it’s ok to eat the fruit inside the store,
as long as it’s gone before you get to the counter you don’t have to pay”

~~~
antpls
Following your argument, Apple could be a very smart criminal organization
that doesn't get caught.

Should we investigate further on Apple to make sure?

Edit : by the way, that guy could have been blackmailed. Someone may have said
"If you don't do it, we will harm your family". We shouldn't be judging
someone without investigating all the elements, especially when an individual
takes the risk of facing a gigantic organization. It should rings bells to
everyone.

------
melling
There’s information in the complaint that claims Apple has 5000 people working
on its autonomous car project:

[https://www.cnbc.com/2018/07/10/ex-apple-employee-charged-
wi...](https://www.cnbc.com/2018/07/10/ex-apple-employee-charged-with-
stealing-autonomous-car-trade-secrets.html)

~~~
andyfleming
"5,000 employees are working on it or know about it"

~~~
melling
They posted a correction.

“Correction: A previous version of the story mistakenly said that 5,000 Apple
employees are working on autonomous driving technology. The complaint says
5,000 people are "disclosed on the project," which includes employees working
on it or familiar with it.”

------
aresant
"[In their investigation] Apple found that just prior to Zhang's departure,
his network activity had "increased exponentially" compared to the prior two
years he had worked at Apple. He accessed content that included prototypes and
prototype requirements. .."

Seems like an oversight to find this out post-investigation vs. flagged up
front?

EG - seems like a basic usage algorithm could flag this stuff especially
across a small <5000 person universe w/cost-benefit vs. theft of tens-of-
billions in IP.

Any corporate IT security officers care to comment on this?

~~~
meowface
This is known as insider threat detection / User Behavior Analytics (UBA). It
could also be considered part of Data Loss Prevention (DLP). Insider threats
are probably the hardest things to reliably detect on a large corporate
network (compared to all of the other types of information threats),
especially at a company where most of the employees are very active users of
technology. The field is still in its infancy, with lots of cool-looking "AI-
driven / ML-powered / buzzword-optimized" products from startups which
typically end up generating an absurd amount of anomaly detections per day,
usually with a 99.9% false positive rate. Of course I'm generalizing and I
imagine some companies have implemented a fairly effective UBA program, but I
think they're rare.

It's just trying to find a needle in an extremely large haystack. When you're
dealing with technology departments, normal behavior can easily be a modest
amount of network traffic for a few days followed by a huge burst of downloads
and uploads from/to internal services and databases and cloud storage and any
number of things. Suspicious website browsing could be innocuous research and
curiosity. That personal USB drive plugged in is probably some developer with
a deadline who never got around to requesting a corporate drive and can't wait
a few days for it to be approved and needs to physically transfer files ASAP.

It's just not an easy problem. There are probably hundreds of other instances
of an Apple employee not looking at any prototype data for months and suddenly
poring over tons of it. Maybe they're preparing for a presentation or a new
project. Adding lots of red tape and restrictions and wasting time
investigating employees who've done nothing wrong (or perhaps who violated
policy but with no real bad intent or serious negligence) and telling people
they can't do certain things which make their job more efficient takes a huge
toll on everyone. It's a necessary evil, but trade-offs always have to be
considered. Apple wants their autonomous car program developed as quickly as
possible, and the more they restrict access and require lengthy approval
processes, the slower things will get done.

And fundamentally, unless you're in a weird situation, probably ~0.1% of your
employees are insider threats, and probably ~0.01% are significant insider
threats which could actually affect your business. The odds are stacked
against you.

Occasionally you'll run across a smoking gun that's easy to detect with basic
logic like "email sent to webmail account with no subject and over 6
attachments", but if you're dealing with a smart insider threat - especially
one working on behalf of a superpower government's intelligence apparatus -
you're not going to find something so blatant. I have sometimes run across
things like that, but it's usually something gray like a developer emailing
themselves some code so they can continue to work on it at home. The worst
thing I've ever found was a salesperson emailing themselves proprietary
leads/contact lists shortly before their resignation date. A spy is never
going to get caught from such low-hanging fruit detections.

You have to start with the basics: strict policy guidelines, least privilege
principle, log _everything_ , a good team of people to investigate anomalies
and write up employees who are violating policy, and then finally you can
shell out a lot of resources on automated detection and baseline and tune for
a long time until you have a manageable number of dashboards and reports and
alerts that the team can respond to. Apple will presumably restrict access
more carefully after this incident, and implement some new statistical anomaly
detection, but insider threats will always be hard to detect.

Dabbling in UBA also made me realize some of the issues faced by agencies like
NSA. I'm sure they have strong policies against unauthorized data access (like
looking up information about romantic partners), fully intend to enforce them,
and have lots of manual and automated detections, but in reality the amount of
data and number of daily data accesses is probably way too high to
consistently catch bad actors. I think that's one of many strong practical
arguments to not let them have have easy access to such a big trove of
sensitive data, even if you make the assumption they're behaving completely
ethically and responsibly.

~~~
Tenhundfeld
Yes, from my very limited to exposure to this (not in SV, but in healthcare),
these are two key points:

 _absurd amount of anomaly detections per day, usually with a 99.9% false
positive rate_

 _Adding lots of red tape and restrictions and wasting time investigating
employees who 've done nothing wrong_

What I've seen/heard about is that you end up with some EVP pissed off that
IT/SEC is bothering their people – rightly or wrongly, it'll inevitably get
used an excuse for why something is late. So the EVP (virtually) marches into
the office of the IT/SEC director and issues an edict that everyone in <this
super special department> are too important to be bothered and any access
restrictions or investigations affecting <the department> must get prior
approval from the EVP's office. That's of course a huge pain in the ass, which
results in that department effectively being exempt, i.e., a perfect place for
an internal spy.

The IT/SEC director, often several rungs down from the angry EVP, usually has
the authority to stand up to the EVP, technically, but that is a risky move,
can easily start a turf war.

So, for these programs to be effective, they must get buy-in from the absolute
highest levels with no exemptions, which is not easy in the highly political
world of huge organizations.

~~~
TeMPOraL
And here I always thought it's EVPs that come up with those ridiculous
security measures, not IT/SEC guys, and that's the lower-level managers that
have to fight to actually get something done. At one of my previous jobs, it
was our direct boss that fought tooth and nail to shield our programming teams
from the consequences of the whole corporation deciding to level up some more
in ISO standards...

Don't get me wrong. I understand the need for security measures in a company.
But there must be some middle ground - some way of securing data and networks
without incurring a 1000% penalty on productivity for all your programming
teams.

~~~
Tenhundfeld
Yeah, I've been in environments where they completely locked down internet
access, and we had to "fight tooth and nail" to get an exemption for a handful
of sites like StackOverflow. I agree it can be a huge productivity problem.

Again, my experience is very limited compared to many, but the best mix I've
seen is programmers had basically wide open internet access BUT everything was
still logged. And they must have had some type of automated review. A coworker
was planning her wedding, and while sitting on conference calls, browsed
around a bunch of wedding sites. She got an email from IT asking about that.
(It wasn't a big deal, just embarrassing.) Also, certain categories of data
could not be copied to a local computer; they had to be manipulated on a
server. Technically you could transfer data from the server (again logged),
but it was a firing offense if you were found with sensitive data from on your
laptop.

------
huebnerob
Good. This was a flagrant and deliberate violation. To argue Apple is
overstepping here is to suggest Apple employees are exempt from the law.

------
Animats
The comments from Apple indicate that what they're really concerned about is
disclosure to the media, not someone copying their self-driving technology,
such as it is. Apple put 5000 people on this project and failed. What they
don't need is an insider writing an "Apple's Biggest Failure" book. I wonder
if we'll ever see a technical post-mortem on this.

~~~
trhway
>Apple put 5000 people on this project and failed.

not sure. These are still driving around their Sunnyvale campus:

[https://www.macrumors.com/2017/08/25/apple-new-autonomous-
dr...](https://www.macrumors.com/2017/08/25/apple-new-autonomous-driving-
suvs/)

Btw, one of the best sensor suites around (except for Google who seems to have
reached kind of optimization stage where they started to remove the "extra"
sensors). And Apple has highest number of self-driving permits in CA if i
remember correctly. Though i don't see them in "disengagement reports"
([https://www.dmv.ca.gov/portal/dmv/detail/vr/autonomous/disen...](https://www.dmv.ca.gov/portal/dmv/detail/vr/autonomous/disengagement_report_2017)
\- interesting reading, Google's average human driver reaction time was 0.91s)

~~~
jurip
I wonder about the assumption in that MacRumors article that it's a self-
driving car, given this article about Apple building their own Maps data set:
[https://techcrunch.com/2018/06/29/apple-is-rebuilding-
maps-f...](https://techcrunch.com/2018/06/29/apple-is-rebuilding-maps-from-
the-ground-up/)

Given that the MacRumors article says that the Lexus was parked, it might be a
human-driven car for gathering maps data?

~~~
trhway
the quick way to tell between self-driving and mapping car sensor suites -
density of the point cloud it collects, ie. type/number of sensors with the
self-driving is unnecessary dense for mapping and their directionality - the
self-driving is more forward looking as well as immediate vicinity of the car
while the mapping is sideways and doesn't care about the immediate vicinity.
I'd speculate that Apple, historically being weaker when it comes to [higher
level] software, seems to have issues with building of dynamic scene
perception from the big can Velodyne stream and are trying to solve it
"hardware way" by structuring the perception data in more time/space
consistent way inside limited sectors/planes.

------
chubbyrabbit
These recent incidents make me wonder how many people got away with a little
bit better op-sec.

------
8bitsrule
"he told his supervisor at Apple he was leaving the company and moving to
China to work for XMotors"

Doesn't sound like a heavy-duty spy ... else would never have admitted that.
Probly a naif.

~~~
noobermin
The fact he just plaining admitted to the FBI he did it seems like he was
doing for selfish reasons and had no idea the kind of consequences he could
run into.

~~~
8bitsrule
Yep. Or Maybe the PRC offered him a deal he couldn't refuse.

------
duxup
>Zhang was interviewed by the FBI in late June, where he admitted to stealing
the information, and he was later arrested attempting to leave to China on
July 7.

I guess he assumed he was going to get away with it but why wouldn't you just
skedaddle ASAP when you moved the data and / or hardware?

Granted he seems more like a flunky for someone rather than a super criminal
as he talked to the FBI...and admitted it.

~~~
gowld
He might not have realized what he did was illegal.

He might have thought that lying (or evading) the FBI is worse than the risk
of being convicted for stealing secrets. (It usually is.)

~~~
duxup
The first I would have trouble believing...

The second I could understand.

~~~
eganist
There's a common misconception among many engineers that they own the code
that they write when employed by many traditional valley firms. A thorough
reading of the employment contract would usually resolve this, but how many
engineers do you know who don't port some of their code between firms?

There's also a separate cultural clash between many Eastern cultures and many
Western cultures surrounding property and ownership rights around intangible
assets. I'm not well versed enough to adequately enumerate them with the
appropriate level of detail.

I'll bet a dollar, though, that depending on this engineer's upbringing, one
of these two applies and explains the "no big deal" mentality.

------
amarant
there needs to be a verb for this. i suggest "levandowski" ex: "Former Apple
employee levandowskies his way into a chinese startup"

levandowski -verb, reffering to the stealing of tradesecrets from self-driving
car project with the intention of bringing said secrets to a competitor,
especially if one is caught.

------
ohiovr
So where was Zhang headded with this stash? I think I can be sure those people
would just get a lawsuit instead of criminal charges.

------
r32rawgraegwta
My friend told me one of her coworkers left for a Chinese competitor without
returning corporate laptop. There seems to be a pattern here.

~~~
exolymph
Comically, what you're doing is called the Chinese robber fallacy:
[https://rationalconspiracy.com/2015/03/08/the-chinese-
robber...](https://rationalconspiracy.com/2015/03/08/the-chinese-robber-
fallacy/)

Also just an absurdly small sample of "one news story" and "something I heard
secondhand."

------
product50
Can China not innovate at all? Why are they so keen on stealing IP? Their
other homegrown products such as WeChat and Xiaomi seem pretty competitive and
very catered to the local market. This is just giving such a bad name to the
country and supporting Trump's broad claims that China thrives on IP theft.

~~~
abalone
Anthony Levandowski did exactly the same thing last year. Nobody concluded
that white Americans can’t innovate.

~~~
wavefunction
He wasn't headed back to some country of origin though. I take your point it's
not really the same.

~~~
abalone
Right, he headed from Mountain View to San Francisco. Nobody complained about
how keen San Franciscans are to steal everyone's IP.

~~~
RugnirViking
At the time, people actually did deride the culture of people gaining
knowledge then quitting to form their own startups, often with the goal of
getting bought by their old company.

Note: I don't think this means that chinese people have no capacity to
innovate I just figured you were a bit wrong suggesting noone made that
argument when they definately did

~~~
abalone
Show me the comment where someone said America can’t innovate after
Levandowski was caught.

------
thelastidiot
Didn't most of the people involved with this project, leave and went to work
for Tesla, Lyft, Uber, Waymo and NIO anyway? In that case, one can imagine the
bleeding of IP that went away will all this exodus of knowledge.

------
antpls
I want to work for a world with free flow of information, where individuals
should not be responsible alone for the mistakes of a multi-billions
organization. If any company can do it better than Apple somewhere in the
world, then let them build on what Apple developed. The culture of open source
should spread at all levels of research & engineering, in all fields.

Cost of information transmission and movements of people will continue to
decrease.

We should respect individuals rights about privacy, but disregard organization
level's attempt at secrecy, and aim for transparent organizations all around
the world. Such big organization should not be able to attack individuals
without anyone questioning the processes going on inside of it.

~~~
eanzenberg
I dont want my country’s IP obtained by totalitarian governments with awful
human rights track records.

~~~
antpls
Then work harder and faster than the people of that "totalitarian" country.

I don't want to rise a child who will waste his/her time with artificial
problems created by fake country's level competition. We don't live in the 70s
anymore.

Stop putting countries and governments before common-sense and people
happiness. A copy-paste of 1Go file is so easy to do, it's ridiculous. IPs and
patents were not created for the happiness of the majority.

Maybe that engineer is simply passionated about knowledge and building
autonomous cars, and he would like to make it happen wherever he goes. Why
stop him? If Apple really wanted to protect that IP, then just publish a
patent about it?

Instead of using the existing organizational systems, aka Patents (patents are
already bad enough), they attack an _individual_.

~~~
SXX
> Then work harder and faster than the people of that "totalitarian" country.

I really hope it's some very well hidden sarcasm.

> I don't want to rise a child who will waste his/her time with artificial
> problems created by fake country's level competition. We don't live in the
> 70s anymore.

Playing citizen of Earth is fun and well until you find yourself or your
family in said totalitarian country.

~~~
antpls
> I really hope it's some very well hidden sarcasm

It is.

> Playing citizen of Earth is fun and well until you find yourself or your
> family in said totalitarian country

No one will ever become a citizen of earth if no one tries. You can learn from
playing.

I prefer to work with an engineer who worked for both Apple and a Chinese
company than a fanatic nationalist engineer from any of the 2 sides,
regardless of government type.

Did you ever worked for a Chinese company? That engineer worked for both, he
works towards a borderless world.

Edit : oh, and he is transparent about it. That engineer has more integrity
than Apple.

Edit 2 : if I were able to give an anonymous dollar to that engineer in order
to help him, I would do it.

~~~
jexah
Uh, he didn't release the IP publicly. He was going to take it and give it to
another company that presumably is not transparent in the slightest. Doesn't
sound like striving for World Peace (c) to me.

~~~
antpls
Public knowledge is of course the best, but if you can't have that, at least
two actors with the same knowledge is better than only one monopolizing it.

~~~
jexah
I strongly believe the intent was not to move towards a free and open world,
based on the evidence provided. It was to move wealth from one company to
another, or worse, from one country to another.

------
jonknee
Apple has 5,000 people working on a me too project that will likely never go
anywhere while they are unable to ship announced products like AirPower and
Mac Pro. Oh and they admitted to a known flaw in the keyboard of their current
line of laptops that goes back _years_. This is frustrating.

------
trhway
>Shortly before Zhang's theft was discovered, Apple sent out a lengthy
cautionary memo to employees warning them against leaking data to the media.
In the letter, Apple said that in 2017, it caught 29 leakers, with 12 of those
individuals being arrested and charged.

being an Apple employee seems to come with statistically high risk of being
arrested and charged :) And autonomous car projects across the industry remind
the Klondike.

~~~
Bahamut
Compared to over 120k employees? Most employees aren't leaking major secrets,
much less leaking on a scale like this.

~~~
trhway
No, compared to Google, FB etc. 12/120K per year is a rate like that of being
killed by a non-autonomous car or shot by a non-autonomous gun.

~~~
terakilobyte
It isn’t random though. A better statistic to compare to would be suicide
rate. They do it to themselves.

