The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Former Google, Uber Engineer Hit With Trade Secret Theft Charges

by Chris Brook on Thursday August 29, 2019

Contact Us
Free Demo
Chat

The latest wrinkle to the Waymo/Uber case serves as evidence that some of the largest, most successful technology companies aren’t doing enough to protect proprietary data, including trade secrets.

Like Apple and Tesla before it, Google is ramping up litigation against a former employee who it alleges stole thousands of files pertaining to self-driving car technology before joining a company that was acquired by Uber.

A federal grand jury in San Jose on Tuesday indicted Anthony Scott Levandowski, a former Google engineer who worked on Google’s Light Detecting and Ranging (LiDAR) until resigning in early 2016. The LiDAR team - which is part of Waymo, formerly Google's self-driving car project but now a subsidiary of parent company Alphabet – is tasked with developing laser sensors that can see and gather data on a car's surrounding environment to help inform its autonomous technology.

While companies regularly protect their trade secrets by suing companies who misappropriate them, the outright indictment of a former employee on theft of trade secrets charges doesn't happen everyday.

The news is just the latest in what’s becoming a lengthy list of engineers stealing self-driving trade secrets from their employers. Tesla filed a lawsuit against one of its former scientists, alleging he took 300,000 files relating to its technology's source code, this spring. In 2018 there were at least two public cases involving former Apple employees who allegedly pilfered data from its self-driving car division in hopes of taking positions at similar firms in China.

According to the Levandowski indictment, unsealed Tuesday, before Levandowski left Google, he downloaded roughly 14,000 files from a server hosted on Google's network. The majority of the files contained critical data on hardware used in the project's self-driving vehicles and schematics for printed circuit boards used in LiDAR products. Three days later, according to the indictment, he moved those files from his company laptop to his personal laptop.

Those weren't the only files Levandowski purportedly took. He also downloaded 20 files from the project's Google Drive repository - a spot the team kept non-CAD files, like spreadsheets - including "instructions for calibrating and tuning Google's custom LiDAR and an internal tracking document setting forth, among other things, technical goals for each team within Project Chauffeur," the codename given to the team back then.

The indictment alleges Levandowski knowingly stole and without authorization, took 33 total trade secrets belonging to Google, including data on laser pulse driver designs, circuit designs, and instructions on how to ensure that the LiDAR lasers were calibrated correctly.

“All of us are free to move from job to job,” David L. Anderson, a United States attorney in the Northern District of California said at the indictment, “What we cannot do is stuff our pockets on the way out the door.”

While Levandowski didn't leave Google until early 2016, the indictment makes it sound like he had planned on leaving months before that, as early as September 2015. It's alleged in the indictment that Levandowski took the self-driving car data to serve as the foundation of a new self-driving truck firm, Ottomotto, which was eventually acquired by Uber.

Google obviously went to great lengths to protect its trade secrets. Only Google employees, after being authenticated, could access the Google Drive; engineers on the project had to email the administrator of the server in order to maintain access. That didn’t stop Levandowski, who also broke several employment agreements, including a confidential information provision, however.

The story adds a new wrinkle to the Uber/Waymo scandal that's been on the backburner since last year's trade secrets trial. In that case, Waymo alleged that Levandowski stole 9.7 gigabytes of data, including IP, and used it to jumpstart Uber's self-driving car program.

When Uber and Waymo went to court in February 2018, the two parties settled. Following that trial, US District Court Judge William Alsup referred the case to the US Attorney's office to look into the possible theft of trade secrets, something that definitively opened the door to criminal proceedings and jail time for Levandowski.

It just took two years for the charges to surface.

If Levandowski is convicted he could face as many as 10 years in prison and a and a fine of as much as $8.25 million - $250,000 for every count, plus restitution.

It can be argued the case, like the ones involving insiders at Apple and Tesla before it, serve as increasing evidence that some of the world's largest, most successful technology companies aren’t doing enough to protect their proprietary data, including trade secrets, hardware designs, and schematics.

While Google was able to determine exactly what files Levandowski took - there's an exhaustive list of file names and dates the data was stolen in the indictment - the fact that it couldn't stop the data from being taken in the first place is troubling and could hint that the project may have placed too much trust in employees instead of a form of data protection technology that's designed to secure sensitive data and prevent the theft of intellectual property.

Tags: IP Protection, Data Protection

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.