118 comments

[ 5.2 ms ] story [ 166 ms ] thread
Can someone explain the context for this?
This article is among my first google results: https://gizmodo.com/the-due-diligence-report-on-otto-and-ant...

"Levandowski mysteriously quit his job at Waymo in January 2016 (back when it was still part of Google) and went off to start Otto. Then, a few months later, Uber bought Otto, a fledgling startup that had just launched. Fast forward to this February, and Waymo accused Uber of orchestrating the entire thing to get its hands on thousands of confidential documents Levandowski downloaded before his departure."

Waymo (Google's self-driving car venture) has a big lawsuit against Uber alledging patent violations (since dismissed), trade secret infringement, and assorted other claims. This is all revolving around their hiring of a senior Google manger (Anthony Levandowski) who quit google to form a bunch of companies that were then acquired by Uber.

Waymo/Google have claimed that Levandowski was negotiating with Uber to steal their secret stuff well in advance of leaving Google, met Uber executives during this time, and following his meeting with them, stole a bunch of files (a big SVN checkout of their hardware repo). He also did a bunch of other bad stuff that I'm not going to get into. They've also claimed to have evidence that Uber was using their IP through some stolen boards.

The pre-trial case has been really, really bad looking for Levandowski, but Waymo's been having trouble finding a smoking gun to implicate Uber as a whole.

However, one of the key pieces of evidence here was a due-diligence report prepared by Stroz Friedberg that went into exactly what info Levandowski still had from Waymo/Google. Uber and Levandowski, ESPECIALLY Levandowski have been fighting really hard to prevent Waymo from getting it's hands on the report - going all the way up to the Federal Circuit Appeals court. They lost all of these, and the report was handed over a few weeks ago.

This is that report. As to how big of a smoking gun it is... I'm still reading. Waymo's been claiming it is in their filings up through last week, but I haven't been able to see anything past that - something's up with either PACER or RECAP and there aren't any updates/filings on the case in over a week on RECAP for some reason. (If anyone's got a pacer account...)

(comment deleted)
(comment deleted)
Thanks for writing all that out. Much easier to understand the whole story now.
(comment deleted)
> all the way up to the Federal Circuit Appeals ...

I'd be curious to know what's the most procedurally complex trial out there. I.e. One where the distance between the original suit, and the issue at hand has the most steps. I.e original suit spawned a separate suit on the admissibility of evidence which got escalated and then spawned another suit on the procedural ... etc

SCO v. IBM, which spawned SCO v. Novell, SCO v. Red Hat, and a couple others that I forget. Started in March 2003, and currently in the Tenth Circuit Court of Appeals.
I logged into PACER to take a look and wow, this is the longest docket I've ever seen in PACER - just the last 3 days take up my entire screen. So it's not that the case has been quiet... Might be a RECAP problem, since I don't see any RECAP links for recent filings. (I took a look at a few recent filings, but too detailed and too many redactions to make much sense of.)
The abridged timeline has an amusing series of trips to the hard drive shredder and deleting texts daily.
Reminds me of Carmack's involvement in the Oculus fiasco. When people with four-digit IQs start Googling things like "how to destroy a hard drive," you can bet that numerous lawyers are going to enjoy elevated job security in the near future.
How did that fiasco end? I lost track of the events after the initial accusations.
I never heard, actually. I believe Palmer Luckey ended up in somewhat more legal and/or financial trouble than John Carmack, but the magnitudes involved are probably under appeal.
Correction: at least one is an alleged trip to the hard drive shredder with little supporting evidence. The report mentions that the folk working at the shredder couldn't ID Levandowsky from a picture, and a receipt for the day in question could not be found. He also says he had paid in cash so there are no credit card transactions to corroborate the transaction.
This screams of shifty dealings.
Just wondering - How is Uber claiming to be non-complicit in this? The report is damning on Levandowski's behavior. But Uber to hire him in spite of all this is surprising at best.

At this point, it doesn't matter if they took Waymo's files or not, just the appearance of something like this to happen reflects poorly on them.

It's actually pretty amazing how much of Uber's policies seems to be around "plausible deniability"

let's get [this] done! but, it is legal? no, it's mostly borderline towards full blown illegal. ok, make sure you empty the trash on your Mac before we get started.

The Scribd post (by Gawker, Gawker lives!) calls it a Due Diligence Report but that's not a phrase used anywhere in the document. Due diligence is something you'd do before making a decision. Investigation is what you do afterwards. Indeed Project Unicorn Investigation is what the document calls itself.

Mods: you might want to overrule the post and retitle the post as Project Unicorn Investigation.

In fact, I'd love to see the due diligence report for Uber buying Otto.

> Due diligence is something you'd do before making a decision.

There is such a thing as 'vendor due diligence' where a party that will sell something does their own DD in preparation to the DD by others to ensure they haven't missed anything obvious.

Other than that you are right though, this is an investigative report, but it would have been a lot smarter of Uber to have this stuff checked before making a deal, the optics are not pretty and the fact that they tried to hide this report makes it even less so.

I have seen a couple of these in the last few years that were 'exciting', this one is off the scale for me on a professional interest level, there are only three that I'd like to read more, the actual due diligence reports - if they exist - on this deal, Ubeam and Theranos.

Report says it was requested by Uber and Otto in March 2016, and it is dated Aug 5, 2016. Uber announced Otto acquisition on Aug 18. So this looks like an investigation that was part of the due diligence for the acquisition, and Uber would have had it well before the acquisition was announced.

Could be that when you're hustlin', making bold bets and being optimistic leaders[1], you don't get too concerned about (or read) a report like this.

1. https://www.quora.com/What-are-Ubers-14-core-cultural-values

(comment deleted)
It's a phrase that's been used incredibly heavily in all of the litigation, filings, rulings, etc. in the suit up until now, so it doesn't surprise me that's what the post calls it - it's what the judges and lawyers often do.
Exactly what I was thinking. The report is dated 5th August 2016 while the acquisition was announced on 18th August 2016. Awfully short time to go through the report, specially with the amount of red flags which were raised and acquisition being announced.
"He [Lewandowski] also said it was common practice to share work files via Dropbox"

Always interesting seeing company employees not using their company's products. Shows that what some view as a monolith is a bunch of smaller bands of people.

(comment deleted)
This is not common practice. Google has had a strict no iCloud, no Dropbox policy for a while. We can't even have code from the core codebase stored locally on our company issued laptops.
Is everything done on networked drives then?
Builds are run on servers, using Blaze: https://news.ycombinator.com/item?id=9257000
What about editing? Do you mount a network drive to edit files on your computer?
Roughly that, although it uses a Google-developed internal tool. Source code files can be transferred to one's workstation (which lives in a Google building), but not to one's laptop—all work on a laptop must be done through a remote session, either SSH, VNC, or via a (again Google-internal/proprietary) cloud-based editor.
Google uses FUSE extensively. Basically there are a bunch of daemons that make the various cloud source repositories look like a local disk.
But even those aren't allowed to be mounted to your corp laptop. Those clients can only be mounted on a workstation unless you are doing iOS development.
There's also several options for purely online editing (devving on a Chromebook isn't bad)
SWEs are issued a desktop machine, and a laptop. The laptop (Mac, Linux or Windows; employee's choice) is essentially a very expensive remote desktop client. All development work (except some OSS stuff) is performed on the desktop machine.

(Or that's how it was when I worked there until 2016.)

Are Chromebook Pixels a common SWE laptop then? That seems like almost the exact case that they're designed for
Yes chromebooks are very common developer laptops, up there in numbers with (still most popular) macbooks and linux laptops. They are more than sufficient for the lion's share of engineering roles. Corp engineering is pushing them hard because they are cheap and secure.
That's more of what I would expect!

Does that make it feel more like he was intentionally storing company files in a personal account?

In my opinion, yes.
(comment deleted)
Given the bugs/missing features in the google docs lineup, I've never believed they are dogfeeding. It's been out for 10 years and it still has formatting issues. Change the zoom level of your browser and tab-aligned things will suddenly unalign. Made a report with pictures/figures? Good luck printing that, everything will move around as soon as you go to print it.

The only thing I know google uses google docs for is coding interviews. Which is just sad.

Fwiw, i was there for several years and every team i was on used it pretty much exclusively. I never came across the issues you describe, but have heard similar things from others: if you're not in a position where it matters how pretty your docs are, then I would imagine the issues you're talking about don't really matter. IME it was hard to find anything to complain about.

For example, I don't think I've printed a document in a decade, except when dealing with dinosaurs like govt or banks, which my team didn't deal with.

AFAIK from dozens of Googlers, it's used for everything from PRDs to financial models and contracts. So maybe you just don't know enough.
Isn't that even more damning, if they use it for everything and it's still riddled with issues?

At the very least it implies that they're naively unaware of a lot of their user stories.

Like with a lot of projects Google dogfoods, it's well-adapted to their values and has a lot of blind spots on things that are unimportant to Google.

Google executives don't care about formatting; the vast majority of them are technical, and culturally Google basically has a "don't care about superficial stuff, you have bigger problems to worry about" attitude. And the idea that you might want to print something out is a terrible anachronism; the whole reason we have multi-exabyte datacenters is so you never have to deal with paper again.

It's not naivete, it's arrogance. Basically Google wants to see you move into the 21st century, and if you don't, that's your problem, you'll eventually be forced to because the rest of Google's feature set is so good. Same reason IE support is pretty shitty on a lot of their products.

The only two real gaffes I can think of that really were naivete were the sound on the PacMan doodle, and the lack of privacy controls on Google Buzz. It basically never occurred to Googlers that you might get in trouble for having sound blaring out of your work computer (this, BTW, is my fault, I did the code review for the sound on the Pacman doodle), or that you might get in trouble because your boss knows about stuff you do on your personal time.

Forgotten last year's Gmail Minion Mic Drop incident already? People lost their jobs.
I haven't worked at Google for 3 years now, so anything recent I probably haven't heard about.

...but yeah, it would never have occurred to me that people would get in trouble for the mic drop April Fools joke. It's a different culture in tech, in Silicon Valley, and particularly at Google. I remember being told by a senior engineer that as long as I continued to do my work, there was basically nothing I could say to a senior executive that would get me fired.

I wasn't aware of it either, but looking it up now I see that someone outside Google lost their job because of it. That might be what the parent is referring to.
You gotta be kidding. Literally everything at Google happens in Docs. Every written doc of any kind.
google docs is not for typesetting; if you care what things will look like on a printed page it's not the right tool.

re tab-aligned things, are you using explicit tab stops or not?

A competitor to Microsoft Word isn't "if you care what things will look like on a printed page"?

That seems fishy to me.

Google Docs is not marketed as a complete replacement for Microsoft Word. It's marketed as "the 50% of Word's feature set that 99% of people need."
I would have guessed more than 1% of people need to print and/or turn a document into a pdf without having it change the page a picture is on.
Maybe I'm just bitter that there doesn't seem to be a good typesetter.

I used LaTeX for a while, but that randomly has tiny little issues that are seemingly impossible to solve. Try coloring the background of a table cell. It will cut off 1 pixel of the cell border on the top and left of the cell, regardless of the zoom level. If you zoom out enough, the border disappears. If you zoom in enough, its almost impossible to notice. It's infuriating. And the most commonly accepted answer online? Get rid of your cell borders, your table will look better.

Word is Word. Haven't used it seriously in so long I can't properly critique it.

Unfortunately there are some things you still have to print for (or at least convert to pdf). Most of the time, you can't turn in a google doc. For most companies, they don't want you emailing them a google doc. I don't need a ton of features, I just need consistent presentation of content.

The issue with the tabs is that the length of non-tab content changes a tiny bit when you change zoom levels. If that change goes past the start of a tab, suddenly a tiny change turns into an entire tab. Explicit tabs would probably fix that, but there's no point in trying, considering many tiny little issues like that there are.

It seems I'm wrong about them dogfooding. Apparently they just don't give a shit about these issues.

Yes we exclusively dogfood our GSuite products at every corporate level from entry to executive. All of our internal presentations are Google Slides, our docs are Docs, our sheets are Sheets.
> Our forensic examination of Levandowski's devices and accounts corroborates his assertion that he stored and accessed Google files on his personal laptop in folders labeled Chauffeur and Google. However, contrary to his belief that there were no or few Google e-mails on his laptop, Stroz discovered approximately 50,000 Google work e-mail messages that were downloaded onto Levandowski's computer on September 20, 2014. Ten of those e-mails were last accessed between September 1, 2015 and January 28, 2016. It is difficult to believe that Levandowski was not, prior to his interview, fully aware of the extent of the data that he had retained.

50K Project Chauffeur emails stored on his personal laptop. People have gone to jail for less.

> Levandowski also attempted to empty the Trash bin on his MacBook Pro while he was at Stroz Friedberg's office on March 22, 2016 at approximately 12:12 p.m., but our examination found no files were contained in his Trash at the time he attempted to empty it.

What kind of company does business with a shady character like this?

> What kind of company does business with a shady character like this?

A company that was already doing shady things?

What rules? Rules are for suckers!
(comment deleted)
>>What kind of company does business with a shady character like this?

Like in a mafia trial, the "snitch" is no angel, but that's the one that offered to d the deed. So, IMO, Uber wanted the stolen tech and the only person that gave them to them was ...drum roll. They would have bought them even from KGB. So, if you want stolen tech, you'll have to deal with a thief and then some.

Levandowski had done a lot of valuable stuff for google before, so they kind of gave him free reign even though he was known for not being easy to deal with.
Free rein*. The analogy is to horses, not to kingdoms, although I have heard that the one can be exchanged for the other.
sorry and thanks for correcting, not a native speaker.
I've seen native speakers do worse. :) That one is especially tricky because the meanings of the two words are actually kind of related, to the extent that "free reign" makes a kind of sense with nearly the same meaning, despite not being the original idiom.
How do you attempt to empty an empty Trash bin?

On my Mac the option is greyed out. Perhaps he ran a command or delegated a utility to do it for him.

"What kind of company does business with a shady character like this?"

Do you want your self driving cars or not?

This ridiculous idea that only a super select few psycho geniuses can do decent AI really has to stop. Do you really believe that? Why do people keep repeating that this guy had irreplaceable skills? It becomes something of a self-fulfilling prophecy.
No, I don't, actually. But the people giving out the money seem to. And, yes, that makes it a self fulfilling prophecy.
Lior Ron:

1/12/2016 Internet search on "how to securely delete files mac"

1/13/2016 Ron leaves Google

1/19/2016 Internet search on "can a MacBook be recovered after formatting the OS"

3/22/2016 A file labelled Chauffer win plan.docx is deleted, shortly before Ron's interview with Stroz Friedberg

"Chauffer win plan.docx" is this guy serious? Did he name his other incriminating file "if they find this im fucked.pdf"

Haha. Even funnier is Levandowski attempting to delete his trash bin contents while in Stroz's offices for the interview.
Does the report mention how they determined this? Was there monitoring software installed on the laptop, or is this part of standard macOS logs?
They mention a tool called Relativity being used. A google search turns up this website: https://www.relativity.com/

Though I am not sure if it is just collates data from MacOs logs or does some kind of deep analysis to pull data.

Google has a hardcore TPM-verified boot with monitoring software installed on all company computers. I believe a good chunk of the userspace log collector is open source: https://github.com/google/grr

Not sure any of this tech was used by or on behalf of the company creating this document though.

Alphabet's Waymo Alleges Uber Stole Self-Driving Secrets | https://news.ycombinator.com/item?id=13718586 (Feb 2017)

> tajen How does Google build such forsenics? | https://news.ycombinator.com/item?id=13718970

> bitL: Alphabet just [...] revealed what they track internally to all their employees | https://news.ycombinator.com/item?id=13719728

These aren't Google devices though, are they? Presumably all of those were returned to Google when they quit.
I believe you are correct. The monitoring of company equipment detected the exfiltration from Google. Metadata from this could have been used to pinpoint the data flow on personal equipment, but it sounds like this document was prepared on the non-Google side.
If his machine was not configured to secure erase files (unlikely; not the default) when emptying trash, they can be "trivially" recovered by firms like this (HFS+ makes it harder than it should be)
"Secure empty trash" was removed in 10.11.[1] But that can't be what they relied on here.

Here's what the report says: "Levandowski also attempted to empty the Trash bin on his MacBook Pro while he was at Stroz Friedberg's office... but our examination found no files were contained in his Trash at the time he attempted to empty it."

Is this even possible? You can't "attempt" to empty a trash with no files in it from the GUI. The menu item is disabled. So that would suggest a terminal command, but supposedly there's no command line equivalent for "empty the trash".[2] You can of course delete specific files or folders, but then they'd say he'd try to do that, not "empty the trash bin".

The only user action that I can think of that would constitute "attempt to empty an empty trash" is hitting the keyboard shortcut for it (shift-command-delete). But is that even logged on a standard macOS installation?

The report references "Exhibit 17" for more detailed forensic analysis. I would be very interested in reading that.

[1] There's still a command line option but it may not work correctly with Flash storage, which is why it was removed from the GUI. https://support.apple.com/en-us/HT205267

[2] https://www.imore.com/how-force-empty-trash-your-mac-using-t...

Is opsec really as hard as all these people make it seem? If I were planning something shady there's probably a lot of stupid questions I'd need to Google for, but I'd at least do it on public library wifi and download a Tor browser or something. I dunno if that would protect me, but it's more than seems to have been done here.
Once you start using Tor and public Wifi, you admit that what you're doing is illegal. I think in these cases, many people tell themselves that they operate in some kind of gray area.
Which is why you should aim to always use Tor. That's one of the points made quite often by the Tor Project -- anonymity is useless if you only use it when you're doing something shady. The same applies to people who only encrypt shady emails, rather than encrypting all of them.
GP meant that doing so would force those involved to be forced to reconcile with themselves the illegality of their behavior.

Although ironically I think in this case your point actually still stands.

I thought it was considered rude (or at least hell on transmission quality) to play videos, etc. over Tor.
> Once you start using Tor and public Wifi, you admit that what you're doing is illegal.

Thankfully that’s not how law works. Also, I use Tor everyday, for totally legal things I want to keep private.

It's not how law works -- currently, in some countries. But it is how suspicion works, and governments in the US and UK, for example, seem highly suspicious of their populous.
In the US at least the law cannot devolve into suspicion being adequate burden of proof. This is a constitutional protection that has been strengthened, not weakened by the courts over time, with only infrequent temporary setbacks. It's unfortunate that's not how things operate on the other side of the pond, but that's connected to why the US is the way it is.
Sure, but it doesn't mean that the police can't start investigating people they find suspicious.
Aren't you talking about criminal rather than civil law?
> In the US at least the law cannot devolve into suspicion being adequate burden of proof.

Once an attacker knows or has guessed at your identity, they can focus their investigation and make it much easier to find admissible evidence against you. It's best to keep them from ever thinking of you in the first place, if you can. That means not doing anything visibly suspicious.

On your work computer? :-)
Yes, in fact. Part of my job too. We have servers accessed through Tor as a rudimentary DoS protection.
Or just from home on your own computer, instead of your company laptop.
(comment deleted)
Could also just use DuckDuckGo! its my normal search engine so nothing out of the ordinary to be using it.
(comment deleted)
I personally think that true OPSEC is impossible in the long-term, simply because it's too easy to slip up or look suspicious from having good OPSEC. I've met a few people that had pretty good OPSEC (to the point where I believe they had fake passports, fake backstories and so on). But they all cracked eventually, in one way or another. However, adequate OPSEC is quite doable (but still hard).

As with all security, threat models are key. Is your threat model a state actor trying to reveal something about you? Is it a prosecutor or investigator that is particularly vicious? Is it someone you're in a personal relationship with? Is it an unknown adversary with unknown capabilities? And how long do you need to have your strong OPSEC? And so on. With the right threat model and timeline laid out, having strong OPSEC is not impossible. But it's still quite hard.

All of that being said, I would not classify any aspect of Levandowski's behaviour as being passable as OPSEC.

>>If I were planning something shady there's probably a lot of stupid questions I'd need to Google for, but I'd at least do it on public library wifi and download a Tor browser or something..

Google will never find out what you do on your home PC, especially using TOR /some other engine (Google displays the captcha often on TOR). Even if they did, it would be illegal and /or super secret and they'd never reveal it in court. Now, if shady means that NSA is after you, not so sure.

However, if you want to steal from Google and use their computer to search their search engine from their office...I guess you deserve to get caught. Let's not forget that Google has a right to safeguard their trade secrets and when you accept the job, you agree to their terms.

>do it on public library wifi

yes, one of many ways to get 'anonymous' internet, another is cash buying old cable modem, even unprovisioned they still log into cmts and give you dns access(hint hint)

>and download a Tor browser

no, you go swap meet/yard sale/goodwill/craigslist(using library computer) and cash buy old used($100) working laptop with preinstalled windows

Can someone explain this to me - It seems Uber met most of them while they were working with Google. Why did Levandowski form a company? Why couldn't Uber simply hire them off Google?
Presumably to make it less obvious that they were trying to poach a bunch of people (and possibly tech) from Google.
Buy a team for $680M? You serious? :)

From my understanding they bought a functioning truck prototype, corresponding IP's AND the team.

The document shows in great detail that Kalanick and Levandowski were already working together closely before work on the truck even began.

2016-01-26 - Levandowski's last day at Google

2016-02-22 - iMessage chatter directly between Levandowski and Kalanick about poaching more Google employees

That certainly paints the "acquisition" of Ottomotto in August 2016 in a different light, no? It's also shown in the document that Levandowski was meeting with Kalanick and other Uber execs as early as June 2015, though it's harder to divine what was happening at that time.

In other news, deleting iMessage chats is completely useless?
Seriously. wut the fuq?????? I'm so curious how they recovered them.
> While employed at Google, Levandowski had a number of one-on-one meetings and four group meetings with several Google/Chauffeur employees about joining his start-up company.

sounds like various code of conduct, policies, etc. is for small, rank-and-file, guys only :)

A thing I hadn't really thought of was that perhaps the main goal from Uber wasn't to explicitly gain access to Waymo secrets (as in documents etc) but simply how to recruit the whole self-driving cars team from Waymo. Uber trying to one-by-one recruit them from Waymo would probably have been much more difficult compared with what happened - Levandowski creating a start-up, whose whole aim was to get acquired by Uber.

> At one point, Levandowski said that he asked Brian McClendon, who left Google to join Uber, how much Uber would be willing to pay for the Chauffeur team, claiming he wanted to have a market value for the team

Ie it's more "I'll make it so you can buy the Chaffeur team" rather than "I'll let you buy these design docs that are Waymo confidential".

For a genius, Levandowski "did not recall" a lot of important details :)
And that's genius. No one really knows if you really recall it or not, but they know whether it happened or not, based on other people's testimony. "I do not recall" is brilliant.
That is, until you do not recall something which you later rely on in court.
It's not genius. It's the standard instruction from a lawyer defending such a person.
Haha, I appreciate the earnest response to my silly joke.
Kind of impressive how much historical record they were able to glean from all those devices! Amazing how much digital residue was left behind, even persisting against pointed efforts to destroy them -- bits lingered.

But also, yikes! My next phone will have 256GB of storage, how much stuff is going to accumulate in there, and really we have to hand this over for inspection by the company? I think the one part about the drives filled with porn they didn't want to inspect, by then it was really creepy.

The fact this document is in the public record. Just wow.

Maybe im being naive but if you had an inkling something like this was going to happen, and given the 'worth' of the guys in questions.. would you not just burn all the personal devices you had when you left? it seems amazingly careless with little thought beyond 'oh sh*t maybe i just trash some of these, that'll sort it'
Most people aren't really all that devious and evil. In order to do shady stuff, most of us have to first convince ourselves that we're not really doing anything wrong, or that the legal fine print will give us a way out if it ever comes down to a fight.

If Lewandowski had an inkling of the trouble he was getting himself into, he would have done a lot of things differently. But he didn't. He was going to go start something awesome, damn the lawyers, full speed ahead. Many of the greatest founders in the Valley got their start by either backstabbing or frontrunning their employers. If you're hoping to follow in their footsteps, it's easy for survivorship bias to take hold.

Tangential, but looks like this report was prepared using forensics software from Relativity [0]. It looks like an interesting product in a growing market segment. Seems like there are some startup opportunities in forensics/eDiscovery, might be worth exploring if you're into this sort of thing.

[0] https://www.relativity.com/

interesting read. One thing I'm surprised about is that they didn't assess the Slack chat that's mentioned throughout the document, to assess what information might have been uploaded/shared there.

From what I've seen of slack it retains a lot of history (even if you're on the free plan where you can only see a limited amount, the archives are still there), so you'd think would be an interesting source of data for this kind of investigation.

There's little doubt that Levandowski and Lior Ron are in deep shit if this goes to criminal court, but I'm still waiting for Waymo's slam dunk against Uber. If they have one, it hasn't been presented yet.