
Xiaolang is said to be looking to wash its hands of the matter, denying all knowledge of Zhang's plans
That would be quite an accomplishment, considering Xiaolang is his first name, and Zhang his last name.
An ex-Apple engineer has been hit with trade secret theft charges after allegedly pinching copies and samples of Cupertino's autonomous car technology. A US federal district court in northern California will hear the case (PDF) of Xiaolang Zhang, a techie who in 2015 was hired to work on the Cupertino music seller's ultra- …
The chinese standard is family name followed by given name, but sometimes these things get fliped up, either deliberatley(to westernise) or by hacks trying to do the same.
I think the copy should read:
Xiaopeng Motors is looking to wash its hands of the matter, denying all knowledge of Xiaolang Zhang's plans
but still they would wouldnt they, I bet he was offered a bonus for every key technology he could bring with him ...
According to prosecutors, Zhang took two circuit boards and a server
How the heck can one walk out of a company carrying a server and not be noticed or questioned? Every company I ever worked for that did any kind of engineering/research, etc. had security guards and if you carried something off and even had a piece of paper with signatures that it was ok, calls were made to ensure it was valid.
I wouldn't necessarily assume the "server" is the size of what we think of as a server. If it is designed to fit in a car, even a prototype would be considerably smaller. After all, a Raspberry Pi can be a server, and you could fit it in your pocket even wearing skinny jeans.
I agree that "act like you're allowed to be doing something" lets you get away with almost anything most of the time. I had an experience with that once, where I was supposed to be doing something that would have looked like grand theft, and nothing was said at the time, but my boss tried to use it against me at a later date believing I had been up to no good - luckily I was able to have him talk to the VP of Engineering whose permission I had!
I wonder how well acting like you're allowed to be doing something would work at a famously secretive and paranoid company like Apple though. Their security is probably told it is better to delay someone leaving a few minutes than let them leave with something they shouldn't.
I'll bet if you are supposed to be taking a piece of Apple-owned hardware out the door of the spaceship you need some paperwork, and probably have to leave through specific exits. And should plan for it maybe taking a little time in case your paperwork isn't in order...
Every company I ever worked for that did any kind of engineering/research, etc. had security guards
There's usually one weak security guard, like the guard that abandons his post to go to the can "just for a minute". Some are known for falling asleep.
Wonder if there was some quid-pro-quo between Apple and the FBI for this investigation?
FBI: you know, we'd like to help you out, but with these un-crackable iPhones we don't have the resources to investigate this.
Apple: Well, you know if you plug a standard USB-2-lightning connector into the slot it'll bypass the lockout timer...
FBI: We're arresting Zhang for this industrial espionage...
If Apple wanted to give the FBI a backdoor, wouldn't be it more like "plug this obscure 2003 era USB mouse into the phone and it'll bypass the lockout timer"? A backdoor that's easily discoverable isn't much of a backdoor, because once discovered it has to be fixed like any other bug. What are they going to do say "oh sorry, we meant to do that so we won't fix it, but we can't tell you why"?
Not that Apple should need to bribe the FBI to get them to do their job and arrest a guy for theft...
If you're going to steal your employers tech, do so BEFORE you announce you are leaving. Do it slow and only for data you have access to, a bit at a time. Preferably in a way that isn't noticeably different from your normal job flow. Don't steal anything you don't have normal access to.
It's not hard.
Or, alternatively, make an honest living and just be competent as an engineer without resorting to theft.
Was just going say the same thing. Do we keep hearing about all this criminally stupid criminals because most criminals are stupid, or the ones getting caught just the tip of the iceberg, and the more clueful criminals are simply not being caught?
It seems like such an obvious thing to me. If nothing else, a lot of companies will walk you out the door the moment you give your notice, and even if they didn't normally search employees at the exit they might do so for ones working on extremely secret projects like this one as they're being escorted out.
I think I can kind of understand the reason though - if I stole something valuable from an employer and then went to work the next day, I'd feel guilty and probably be afraid security will walk in at any moment and say "we have some questions for you". It is human nature to want to avoid that sort of conflict, so by doing it on your last day you insure that you won't face that situation. It doesn't stop you from getting caught though, and instead of corporate security coming to see you in your office, the police come to see you at your home.
If XiaoXiao Motors was indeed actively involved in any way, I'm going to go out on a limb and assume that they had a hearty laugh if Zheng ever told them "I'll get you a copy of the stuff I normally work with", then went "No, we'll give you a list of what you'll get us a copy of - printed on a roll of toilet paper partly due to its length and partly because you'll need it once you read it..."
Actually, it's in what you don't have normally access to that may be interesting for who's paying you....
Hiring people with the right knowledge is not a crime, and in states like California you can't forbid someone to go to work for a competitor (although Apple was found doing exactly that... together others) - and anyway they aren't valid abroad.
But someone with also someone else's knowledge copied is very valuable, for some companies.... especially if your own knowledge is not of that great value.
The Chinese government isn't going to sanction them and they're beyond the reach of US law, so all the risk is on whatever sucker(s) a Chinese company finds to try to steal US (or UK or whatever) tech like this. Even if 99% of them bungle the job and get caught, 1% will succeed.
Its sort of like being able to spin a roulette wheel and if you hit the right number you win $1 million, and any other number means someone gets killed. A psychopath (or a corporation, but I repeat myself) doesn't care about the rando getting killed, they'll keep spinning the wheel until they win the million bucks.
"It's not hard"
That depends on how much the firm in question is geared up to protect against data leakage. At the most basic level the peak in access just before someone leaves is trivial to implement and still quite effective at catching the idiots. At a second level you look for proportionately more access than the persons peers. For the firms that really care it's the full access review of the last 3 months activity, and perhaps more. I know of one place where this was all standard nearly 15 years ago.
discreet. 'Discrete' is clearly separated and, as it were, stand-alone itme (e.g. discrete units of time).
Also, if you are going off to a new job and want to nobble stuff, why wait until two days before you leave? You space it out. We once had a developer who (as was discovered) took a chunk of code at a time, buried in other documents, over four or five months. Admittedly, he didn't try to walk out with gear under his arm. Even we would ahve noticed that.
I wonder how many workers these days realize that their companies now do behavioral analysis on every computer activity in which they engage. This is an insider threat strategy that uses big-data analytics, and if you significantly change any of your digital behaviors, an analyst is going to review your activities.
What do you think? Should employees be officially advised of this kind of monitoring? Can legal cases subpoena this stuff? How should we feel about this? And, when people become conditioned to accept this kind of monitoring, how easy will it be for governments to just go ahead and make this a global law-enforcement and political-obedience practice? Dark enough for you?