News Lawsuit accuses Nvidia of stealing trade secrets — perpetrator busted with a screenshot of stolen code

Status
Not open for further replies.
Shouldda named the folder "work stuff". Nobody ever thinks to look there!
🤣

...as an aside, I've noticed more than one of my co-workers have a folder, where they collect all of the projects they're working on, and have named it "work". I'm thinking... "this is your work computer, so what else have you got on here?" In reality, it's probably just an unimaginative name. I use "prj" as the root directory of my project-specific files.
 
Shouldda named the folder "work stuff". Nobody ever thinks to look there!
🤣

...as an aside, I've noticed more than one of my co-workers have a folder, where they collect all of the projects they're working on, and have named it "work". I'm thinking... "this is your work computer, so what else have you got on here?" In reality, it's probably just an unimaginative name. I use "prj" as the root directory of my project-specific files.
I've mentioned i work in tech support.

We've found gigabytes of porn, games, emule, limewire, and of course, loads of videos and music "clearly" downloaded illegally.
If you have a folder labelled "personal" we are not allowed to look in it.
If its 50GB or 100GB, we might inquire to the user to keep their personal files elsewhere, preferably on a personal USB stick, which we have no right whatsoever to look into.
(Getting anything off the company machine to a usb stick is not easy, requires permissions, and explicitly precludes personal data that shouldn't be on the machine in the first place).
If you get fired, that personal folder, and anything else on the company's hardware, stays, until the company says it can be wiped or deleted.

We have a write protect USB policy by default, but you can read from usb ok.

Put anything like films/music etc, on a USB stick, and you're fine. Don't put it on work machines.

The worst is OneDrive or Box drive.
Things are NEVER deleted from those, even if you ask for it to be deleted.
It just never is.
Thats why we tell people all the time to never put personal stuff on the company cloud drives.
someone who was leaving the company, had gigabytes of personal photos on there, and was dismayed when told that the company would have to go through all of them, to see what she was allowed to keep, and make sure there was no company data being copied .

If your company doesn't allow USB keys, just use your mobile phone for everything personal, and don't copy anything onto the company machines.

Keep personal and professional life separate, even with the company phone 😉
 
Put anything like films/music etc, on a USB stick, and you're fine. Don't put it on work machines.
My company has a policy that prevents normal USB sticks from working. I think there's some kind of encrypted USB stick you can use, but they might still have policies limiting where/when/how those can be used.

The worst is OneDrive or Box drive.
Things are NEVER deleted from those, even if you ask for it to be deleted.
It just never is.
According to what they've said, the recycle bin does get emptied after a while. I'm sure there's also a time limit on how long backup are retained, but at least some backups are probably kept for years.
 
My company has a policy that prevents normal USB sticks from working. I think there's some kind of encrypted USB stick you can use, but they might still have policies limiting where/when/how those can be used.


According to what they've said, the recycle bin does get emptied after a while. I'm sure there's also a time limit on how long backup are retained, but at least some backups are probably kept for years.
multiple recycle bins for Onedrive.
Just in case you accidentally delete something.
But you can even get data that has been deleted from that extra recycle bin, and even months later.
Just in case you didn't mean to delete it, or something.
I think its 6 months, but just best to say never.

This was before GDPR, so it might legally be better now.
 
  • Like
Reactions: King_V and Order 66
It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.

As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods. I usually get permission to put such things on GitHub as open source or submit upstream.

I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.

Given the conviction,. I'm guessing he may have taken and passed on more than they should have. But given how litigious some organizations can get it's hard to know overhear. Especially since the law is an especially gray.
 
  • Like
Reactions: KyaraM and Order 66
It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.

As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods. I usually get permission to put such things on GitHub as open source or submit upstream.

I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.

Given the conviction,. I'm guessing he may have taken and passed on more than they should have. But given how litigious some organizations can get it's hard to know overhear. Especially since the law is an especially gray.
I'm not really sure either, on the surface it seems really bad, but that depends on how much he took.
 
  • Like
Reactions: atomicWAR
Keep personal and professional life separate, even with the company phone 😉

Maybe I'm just spoiled, as I can turn in any direction and have a PC/laptop in front of me, but I really do not understand the mentality some people have of using their work provided equipment for anything other than work.

I go out of my way to segregate the things I do with computers and have equipment dedicated for task/purpose. *shrugs*
 
Pretty sure Valeo Schalter und Sensoren is German based due to the words Schalter und Sensoren being German words for switches and sensors.
They are part of the Valeo group, based in Paris.

They are a German based company
Moniruzzaman had taken a job at NVIDIA in 2021, right after quitting Germany-based automotive-technology company Valeo Schalter und Sensoren, according to the lawsuit against NVIDIA by Valeo.
 
Maybe I'm just spoiled, as I can turn in any direction and have a PC/laptop in front of me, but I really do not understand the mentality some people have of using their work provided equipment for anything other than work.

I go out of my way to segregate the things I do with computers and have equipment dedicated for task/purpose. *shrugs*
Doing work at work? What, were you born in the 20th century or something?
 
It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.

As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods.
Companies always copyright their source code, even when it's open sourced. If they haven't open sourced it or given express permission for you to retain a copy of any subset, then it's absolutely illegal for you to do so. There's no ambiguity about this. The only question is whether they deem the IP you took to be worth the trouble of litigating over.

I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.
It's standard practice for employees to sign a NDA (Non-Disclosure Agreement) with their employer. Any sharing of non-public information with ex-employees or use of non-public information by a current or former employee outside the company would violate such agreements.

Given the conviction,. I'm guessing he may have taken and passed on more than they should have.
The correct amount is zero. Considering he went to an organization developing a competing product, taking any IP with him was an especially risky thing to do, but perhaps they'd have litigated no matter where he took the IP.

Especially since the law is an especially gray.
No, the law is very clear about this. The copyright holder gets to dictate the terms under which code is shared or used.

Decades ago, I'd heard of people doing things like you describe, but I've never heard anyone claim it's a legal grey area. That is dangerously bad information!
 
  • Like
Reactions: KyaraM
I guess the outcome of this lawsuit depends on whether or not they can prove that Nvidia actually used the stolen code. Else, it should stay with the conviction of the thief. Now the question is. Unless it's a direct copy-paste, how easy will that be to prove? And was the code shared with other Nvidia employees? What, if anything, was it used for? That's what needs to be found out. Also, did the guy act on his own, or was he paid?

The argument that the company itself is a newcomer and therefore unable to make such advanced code is only partially logical to me, honestly. When it comes to AI, Nvidia is literally one of, if not the, biggest player on the market, and that development started well before this incident iirc. They have plenty of experience in that regard and it should be of little issue to apply what they know to new markets. Also, how many people from the car industry did they hire? If they hired enough people from that market, then I don't quite see how it is an issue that the company itself is new to it since it's the employees that bring the experience in the first place, not some faceless company. The bigger issue on a trchnical level would be to make it work within the framework of the company's hardware architecture, which would be new to said hypothetical employees, but not that they are able to develop that in the first place. And I don't think stolen code would help much with that.

I don't want to say that Nvidia is innocent or anything, that's for the courts to decide. Just stating that the arguments used against them aren't exactly conclusive from my point of view as an outsider.
 
  • Like
Reactions: bit_user
I guess the outcome of this lawsuit depends on whether or not they can prove that Nvidia actually used the stolen code.
...
Now the question is. Unless it's a direct copy-paste, how easy will that be to prove?
Yes, this is going to be "fun". My guess is they'll subpoena Nvidia's self-driving code and have several outside engineers spend months in a "clean room" setting, going through and analyzing it for clear signs of copyright or trade secret infringement through both lexical and design analysis.

I think I've heard there are engineers or firms which specialize in doing such things.

was the code shared with other Nvidia employees?
Given that they reported it, upon becoming aware of it, I'd guess the only way they saw it was in the form of code he had claimed to write, himself. That should limit the volume to the plausible output of one person. Also, you can probably just look at the commits and merges performed by him.

Also, did the guy act on his own, or was he paid?
Since this isn't the first time Nvidia got burned by such problem, I'd think they wouldn't knowingly repeat the same blunder. However, self-driving is probably a new division with probably new managers, so it's not impossible his hiring manager was aware of his souvenirs from his old job.

 
  • Like
Reactions: KyaraM
Status
Not open for further replies.