And after that, he still stayed in the US for over two months (April 28 - July 7). This simply defies belief.
I don't even mention the fact that he admitted to the Apple security team that he stole stuff. Presumably without any lawyer since no lawyer would let him admit to anything. Why would he even meet with a security team, if he's not under arrest? Even if he thought he can't get caught, surely he knew something was wrong when the security team called him for an interview?
Maybe he thought it's impossible to prove what he did? But the guy is intelligent, he was hired to an important project at Apple. He must know that corporations have security cameras and also can check corporate device usage.
So I'm down to my final two guesses. Either the guy thought he didn't do anything wrong (really? taking confidential documents and hardware??). Or the article heavily distorts the facts.
Anyone has better explanations?
Edit: just saw the official FBI court filing at the end of the article. The article did not distort anything. I have no words.
In China you can't run away after you got on the radar of a serious investigation. Maybe he thought the same happens here? Like he thought Apple security is equivalent to FBI or CIA or something.
And then eventually someone told him he can just leave, but by then FBI was already interested?
Then the story is like this. The guy knew it's wrong to take stuff, but hoped nobody would notice. Told his former boss about the new job because why not.
Then Apple security team called, he got scared enough to tell them everything, but not scared enough to leave for China or at least get a lawyer. He even voluntarily gave his wife's computer to them. Maybe he thought it would ok if he was cooperating with them?
Then later, the FBI got involved at the end of June. He finally got seriously scared, bought tickets to China, but by then FBI was already monitoring his movements.
It would be interesting to see his side of the story.
Even after the poor sod fought so hard to win the techie version of the Darwin award, he still could have made it to safety. If only he stopped for a moment to think about what he did wrong and learned from his mistakes.
It's like watching a movie with a horrible plot.
Some poor sap then gets to scroll through it and see if anything looks odd. If it does, they ask someone with more context to have a look.
There is no excuse for expecting this kind of thing would go unnoticed, beyond simply assuming your employer is an idiot.
It never occurred to him that copy company data is wrong.
It looks like the dumbasses are Apple project managers, or Apple lawyers, or Apple security admins or whoever write Apple's policies
Should we investigate further on Apple to make sure?
Edit : by the way, that guy could have been blackmailed. Someone may have said "If you don't do it, we will harm your family". We shouldn't be judging someone without investigating all the elements, especially when an individual takes the risk of facing a gigantic organization. It should rings bells to everyone.
Also as a matter of personal experience, I've had a couple of my photographs stolen by popular Chinese newspapers who refused to attribute it to me.
P.S - I am not commenting on the morality of his action here, I'm simply suggesting the way their culture works is probably a big reason to him getting charged.
No data, but I believe that you can be extremely bright in a lot of things and dumb as a rock on other very basic things. Maybe arrogance plays a part too.
It's safe to assume that x% of Russian and Chinese employees do talk to, and plan to go back to the mothership. Must be the greatest ROI for the Chinese, tens of billion dollars worth of R&D in a hard-drive. (granted it's not the same since while researching you learn a lot of other things, but presumably the Chinese want those few things that they haven't figured them out already.)
If there's any highly political threads on the front page the comment section would be a perfectly illustrative example of this.
Important to note: there were no charge for him for all that time. That means they had very weak case. They might be specifically waiting for him to do at least that: just look how they accent that he "bought red flag last minute ticket" as if he knew he did something wrong. This also supports the idea that they had no proof of him doing what amounts to criminal industrial espionage (passing data to another company.)
Another standing out fact is that he was arrested minutes before boarding (he passed the border.) If he would be on exit control list, he would never be allowed pass the border. It means he was not nor on exit control list (people on it include convicts on probation, tax debitors, persons against whom a restraining order was issued i.e. people under investigation of a crime,) nor on the on-the-run list of criminals (he would've been detained immediately)
Third, how FBI ever knew of him buying a ticket? US is not East Germany where all ticket sales are wired to STASI in real time.
My explanation: they did not have anything qualifying for a charge on him till that "last minute ticket purchase" which added more substance to allegations of criminal conduct.
This is supported by the fact that he was detained "minutes before boarding." Probably, it was only the fact of him passing the border control that was visible to FBI, the moment they saw it, they came with a rushed arrest warrant.
They can confiscate your passport to prevent you from leaving the country, and they have ways of knowing when you try to leave (via the airline, not TSA), but besides the TSA check (which is usually shared with domestic flights), there isn’t any persistent choke point and definitely no border control.
The TSA has exactly this system in place.
> This is supported by the fact that he was detained "minutes before boarding." Probably, it was only the fact of him passing the border control that was visible to FBI, the moment they saw it, they came with a rushed arrest warrant.
Or they were waiting for incontrovertible evidence of attempted flight from the country.
https://www.law.cornell.edu/uscode/text/49/44909 see (c).
Probably a bit of both. And also many other facts we don't know. Anyway, Apple only should be blamed, imho. If people efforts and project momentum are the real plus value, then data alone won't be sufficient to steal a technology.
It shows that international cooperation about global-impacting technologies should be the norm, rather than a race to monopolize a market.
That's a weird argument. No one said it's sufficient, but "stealing" data certainly helps.
Also, what do you mean by "people efforts"? The only way to prevent every single employee with access to trade secrets from leaving is to make workers corporate property and lock them up on a remote island. Surely, that's not what you're suggesting, is it?
IF the employee wasn't aware that he/she was stealing, maybe he was being told internally what he/she was doing was OK. Maybe someone suggested him to do so, only then to be accused after.
Anyways, the ability for an individual to transfer so much knowledge should remind you the MP3 and p2p era. The patents and secrecy of big corporations makes NO SENSE in a world where communication is instant and easy. Not better than China censorship.
That's ridiculous. There are degrees, shades of grey.
The old model is to see knowledge as words written down on a piece of paper, and only knew by a few people. It does not work in a modern world where knowledge can be shared easily, sent at speed of light and replicated on many support.
I don't know about you, but I don't have millions of dollars sitting in my bank account, I prolly don't care about previous investments and decisions made in a world I didn't exist, but I care about living a good life and living as long as possible. The investments should change direction.
I am very skeptical of patents as a matter of principle, because banning people from using their own original ideas just because someone else happened to have a similar idea seems extremely unfair and prone to misuse.
I am also skeptical of putting copyright interests above all else (although I'm not against copyrights in principle), going as far as building a global surveillance state and imposing draconian penalties in order to enforce extremist copyright laws without fail.
I am also skeptical of very restrictive no-compete clauses in employment contracts or any sort of anti-poaching activity by corporations.
And it's exactly _because_ I am skeptical of all the above approaches to protecting investment into knowledge generation that I'm very hesitant to also oppose keeping trade secrets.
Creating new knowledge has to have some direct economic benefit above and beyond the general benefits of human progress (which is also important of course).
I have two arguments :
1) The process of creating new knowledge alone won't be valuable once we have enough processing power to evaluate scenarii faster than a coordinated human effort. With vulgar words : AI will make the creation of knowledge a commodity, and my personal opinion is that it will happen before the next human generation, unless some people actively work against that idea to make sure it doesn't happen (because they try to defend previous investments for example.)
2) Knowledge alone is not enough to accomplish or execute anything in the real world. Actually building car requires factories, materials and logistics. Of course, if we have an AI solving all sort of problems, we may ask it to find an efficient way to build car. If we continue the reasoning, we enter a world where the meaning of an human life is completely different than today, with completely different forces acting on it. We may don't even need the cars anymore.
Edit : I mean, the argument of "it gives job to people" won't stand forever. We will have to seriously re-think the system at some point.
That's true, but if companies compete only on execution and not on innovation, I fear that the result will be less innovation.
Also, some of the digital artifacts that can easily be copied are largely on the execution side. Software being a prime example of that.
>AI will make the creation of knowledge a commodity
If and when AIs are that advanced they're going to have to sort out their own problems and fight over their own ideologies. But how will we even get there if everyone is busy executing and no one has an incentive to innovate?
That said, profit is certainly not the only incentive to innovate. It's one of the incentives though, particularly where it's closely intertwined with execution and product development.
“Correction: A previous version of the story mistakenly said that 5,000 Apple employees are working on autonomous driving technology. The complaint says 5,000 people are "disclosed on the project," which includes employees working on it or familiar with it.”
Seems like an oversight to find this out post-investigation vs. flagged up front?
EG - seems like a basic usage algorithm could flag this stuff especially across a small <5000 person universe w/cost-benefit vs. theft of tens-of-billions in IP.
Any corporate IT security officers care to comment on this?
It's just trying to find a needle in an extremely large haystack. When you're dealing with technology departments, normal behavior can easily be a modest amount of network traffic for a few days followed by a huge burst of downloads and uploads from/to internal services and databases and cloud storage and any number of things. Suspicious website browsing could be innocuous research and curiosity. That personal USB drive plugged in is probably some developer with a deadline who never got around to requesting a corporate drive and can't wait a few days for it to be approved and needs to physically transfer files ASAP.
It's just not an easy problem. There are probably hundreds of other instances of an Apple employee not looking at any prototype data for months and suddenly poring over tons of it. Maybe they're preparing for a presentation or a new project. Adding lots of red tape and restrictions and wasting time investigating employees who've done nothing wrong (or perhaps who violated policy but with no real bad intent or serious negligence) and telling people they can't do certain things which make their job more efficient takes a huge toll on everyone. It's a necessary evil, but trade-offs always have to be considered. Apple wants their autonomous car program developed as quickly as possible, and the more they restrict access and require lengthy approval processes, the slower things will get done.
And fundamentally, unless you're in a weird situation, probably ~0.1% of your employees are insider threats, and probably ~0.01% are significant insider threats which could actually affect your business. The odds are stacked against you.
Occasionally you'll run across a smoking gun that's easy to detect with basic logic like "email sent to webmail account with no subject and over 6 attachments", but if you're dealing with a smart insider threat - especially one working on behalf of a superpower government's intelligence apparatus - you're not going to find something so blatant. I have sometimes run across things like that, but it's usually something gray like a developer emailing themselves some code so they can continue to work on it at home. The worst thing I've ever found was a salesperson emailing themselves proprietary leads/contact lists shortly before their resignation date. A spy is never going to get caught from such low-hanging fruit detections.
You have to start with the basics: strict policy guidelines, least privilege principle, log everything, a good team of people to investigate anomalies and write up employees who are violating policy, and then finally you can shell out a lot of resources on automated detection and baseline and tune for a long time until you have a manageable number of dashboards and reports and alerts that the team can respond to. Apple will presumably restrict access more carefully after this incident, and implement some new statistical anomaly detection, but insider threats will always be hard to detect.
Dabbling in UBA also made me realize some of the issues faced by agencies like NSA. I'm sure they have strong policies against unauthorized data access (like looking up information about romantic partners), fully intend to enforce them, and have lots of manual and automated detections, but in reality the amount of data and number of daily data accesses is probably way too high to consistently catch bad actors. I think that's one of many strong practical arguments to not let them have have easy access to such a big trove of sensitive data, even if you make the assumption they're behaving completely ethically and responsibly.
absurd amount of anomaly detections per day, usually with a 99.9% false positive rate
Adding lots of red tape and restrictions and wasting time investigating employees who've done nothing wrong
What I've seen/heard about is that you end up with some EVP pissed off that IT/SEC is bothering their people – rightly or wrongly, it'll inevitably get used an excuse for why something is late. So the EVP (virtually) marches into the office of the IT/SEC director and issues an edict that everyone in <this super special department> are too important to be bothered and any access restrictions or investigations affecting <the department> must get prior approval from the EVP's office. That's of course a huge pain in the ass, which results in that department effectively being exempt, i.e., a perfect place for an internal spy.
The IT/SEC director, often several rungs down from the angry EVP, usually has the authority to stand up to the EVP, technically, but that is a risky move, can easily start a turf war.
So, for these programs to be effective, they must get buy-in from the absolute highest levels with no exemptions, which is not easy in the highly political world of huge organizations.
In hindsight, this is very scary given that I had access to production systems with loads of PHI, PII, etc. with no censoring or filtering in place.
Don't get me wrong. I understand the need for security measures in a company. But there must be some middle ground - some way of securing data and networks without incurring a 1000% penalty on productivity for all your programming teams.
Again, my experience is very limited compared to many, but the best mix I've seen is programmers had basically wide open internet access BUT everything was still logged. And they must have had some type of automated review. A coworker was planning her wedding, and while sitting on conference calls, browsed around a bunch of wedding sites. She got an email from IT asking about that. (It wasn't a big deal, just embarrassing.) Also, certain categories of data could not be copied to a local computer; they had to be manipulated on a server. Technically you could transfer data from the server (again logged), but it was a firing offense if you were found with sensitive data from on your laptop.
translation : it doesn't work
I guess that's the thing, a lot of us who are ignorant about such things have the benefit of hindsight now that we know he did it, and detection beforehand is just not that easy.
Especially in this case, where autonomous vehicles could have military applications...
Industrial espionage / theft of trade secrets is not in the realm of the Espionage Act (even if that industrial espionage is directed by a foreign state).
Apple's Neat Car That Drives Itself is not classified technology and is not national defense information.
See: Economic Espionage Act
No. On the contrary you need various kinds of security clearances to work in sensitive fields.
How about we be a little careful with the xenophobic talk, no?
not sure. These are still driving around their Sunnyvale campus:
Btw, one of the best sensor suites around (except for Google who seems to have reached kind of optimization stage where they started to remove the "extra" sensors). And Apple has highest number of self-driving permits in CA if i remember correctly. Though i don't see them in "disengagement reports" (https://www.dmv.ca.gov/portal/dmv/detail/vr/autonomous/disen... - interesting reading, Google's average human driver reaction time was 0.91s)
Given that the MacRumors article says that the Lexus was parked, it might be a human-driven car for gathering maps data?
Does that make Google's program a failure?
Apple decided it didn't make sense to work on building a car when the software to control such a car isn't close to being there, and moved their focus to software.
Basically, they have a solution that they are willing to put into limited testing in certain parts of Arizona, just as Apple has decided to do limited testing with autonomous employee shuttle vans between their campuses.
So Google has moved from "this is our moonshot program that we will solve in a couple of years" to "this will take decades of incremental progress".
Given that Google and Apple have both come to the concision that this is a long range incremental software problem, and given that you say that this represents an enormous failure on the part of Apple, how is this not also an enormous failure on the part of Google?
If it’s a consumer goods we choose to buy or not, we have a yardstick to decide (i.e. does its utility match the price paid?).
For an internal project not even acknowledged in the broad, what’s the yardstick?
The expectations we have based on our imaginations and dreams about the potential product and its timeline ?
Perhaps Apple sees it as failing the original goal, but really who knows ? (and to be honest why do we care what Apple thinks about it)
Then Apple announced they were going to put a sapphire coating on their screen glass. Fanboys then insisted that sapphire was the Next Big Thing, and phones without it were inferior.
Then Apple's sapphire scheme fell through, after they pressured their sapphire supplier into contract terms that put the company out of business. Apple went back to Corning's hardened glass. Fanboys followed the company line and insisted sapphire was unnecessary and would crack.
Kyocera and HTC make phones with sapphire screens, but Apple fans don't talk about that.
I could think of dozens of reasons one might do this. Sure they'd likely be wrong but I don't understand the view point of "it's obviously a failure but everyone is giving Apple a pass".
Doesn't sound like a heavy-duty spy ... else would never have admitted that. Probly a naif.
I guess he assumed he was going to get away with it but why wouldn't you just skedaddle ASAP when you moved the data and / or hardware?
Granted he seems more like a flunky for someone rather than a super criminal as he talked to the FBI...and admitted it.
He might have thought that lying (or evading) the FBI is worse than the risk of being convicted for stealing secrets. (It usually is.)
The second I could understand.
There's also a separate cultural clash between many Eastern cultures and many Western cultures surrounding property and ownership rights around intangible assets. I'm not well versed enough to adequately enumerate them with the appropriate level of detail.
I'll bet a dollar, though, that depending on this engineer's upbringing, one of these two applies and explains the "no big deal" mentality.
levandowski -verb, reffering to the stealing of tradesecrets from self-driving car project with the intention of bringing said secrets to a competitor, especially if one is caught.
Also just an absurdly small sample of "one news story" and "something I heard secondhand."
Note: I don't think this means that chinese people have no capacity to innovate I just figured you were a bit wrong suggesting noone made that argument when they definately did
That is how the game is played when you have nothing. You copy others, sell your product, use the profits for research and development and then come up with your own IP.
Indian Pharma companies do the same thing.
Anyway, the legal barriers of intellectual property have proven again and again to be futile and problematic as a means to drive innovation. Just look at the huge waste in IP litigation, the perverse incentives of IP trolling, and the utter impotence of DRM as a legal mechanism.
Trump’s claims about IP rights are as credible as his claims about bring manufacturing and coal mining jobs back to America. It’s just pandering to an audience that can’t or won’t keep up with the winds of change.
Cost of information transmission and movements of people will continue to decrease.
We should respect individuals rights about privacy, but disregard organization level's attempt at secrecy, and aim for transparent organizations all around the world. Such big organization should not be able to attack individuals without anyone questioning the processes going on inside of it.
Money isn't everything, especially when you have plenty of it
The problem is that it sort of is, at least in a publicly traded company. Shareholders demand growth, and growth demands innovation.
What you say? You don’t have the cash on hand? Well just take a loan, money isn’t everything right?
If I’m being to obtouse here. The point is that money is everything when you start a company, you need to pay electricity bills and people need to eat. And the money invested in companies is only given contingent on an assumption that it can be made back.
Apple may have started in a garage, but if there wasn’t money in it, then it would have stayed in the garage.
I don't want to rise a child who will waste his/her time with artificial problems created by fake country's level competition. We don't live in the 70s anymore.
Stop putting countries and governments before common-sense and people happiness. A copy-paste of 1Go file is so easy to do, it's ridiculous. IPs and patents were not created for the happiness of the majority.
Maybe that engineer is simply passionated about knowledge and building autonomous cars, and he would like to make it happen wherever he goes. Why stop him? If Apple really wanted to protect that IP, then just publish a patent about it?
Instead of using the existing organizational systems, aka Patents (patents are already bad enough), they attack an individual.
I really hope it's some very well hidden sarcasm.
> I don't want to rise a child who will waste his/her time with artificial problems created by fake country's level competition. We don't live in the 70s anymore.
Playing citizen of Earth is fun and well until you find yourself or your family in said totalitarian country.
> Playing citizen of Earth is fun and well until you find yourself or your family in said totalitarian country
No one will ever become a citizen of earth if no one tries. You can learn from playing.
I prefer to work with an engineer who worked for both Apple and a Chinese company than a fanatic nationalist engineer from any of the 2 sides, regardless of government type.
Did you ever worked for a Chinese company? That engineer worked for both, he works towards a borderless world.
Edit : oh, and he is transparent about it. That engineer has more integrity than Apple.
Edit 2 : if I were able to give an anonymous dollar to that engineer in order to help him, I would do it.
being an Apple employee seems to come with statistically high risk of being arrested and charged :) And autonomous car projects across the industry remind the Klondike.
For all other employees, it serves as a reminder that this stuff actually happens, to be on the lookout for it, and that Apple will protect the hard work they've done with their full legal might should someone try to do something like this.