496 comments

[ 3.8 ms ] story [ 394 ms ] thread
[flagged]
Serious question: Can we presume he knew he was doing something wrong?
Of course he did. How could he not know taken documents and giving to a competing company wasn’t a violation?

Need more locks on this kind of stuff.

Should all uploads and content transmissions out of network require an approval by default?

Difficult to say it but it needs to be considered

> Should all uploads and content transmissions be locked for employees with foreign ties to an adversarial country?

Profiling works. Profiling is abhorrent to most people in 1st world countries, but it works exceedingly well.

If the hire is from an adversarial country, they should not only be locked but on a watch list. Our 3 letter organizations should be proactive toward information security. We're in the Information Age now. It's time our society treated that information like the gold it is.

[flagged]
> Like the Muslim-ban?

No, like the way it wouldn’t be possible for an American national—whether of Chinese descent or not—to get a job at a Chinese missile research laboratory.

"Muslim-ban" is not accurate because it did not ban on the basis of being Muslim or not. It was a ban on travel to the US for 90 days from Iran, Iraq, Libya, Somalia, Sudan, Syria, and Yemen. There are many predominately Muslim countries it didn't include and it was specifically about travel from those countries.
"Muslim ban" is what the person who initiated it called it, not a description of the actual effects.
Right - he repeatedly said he wanted a total and complete shutdown of Muslims entering the country and then directed his legal staff to find a legal way to do so… pointing at the hamfisted EO that attempted to toe the line of the clearly unconstitutional order to excuse it is pretty obviously bad faith.
(comment deleted)
It's a lot more nuanced than that. Racial profiling only works if it's impossible for an adversary to recruit a member who doesn't match the profile.

$ says that won't happen.

Information security meanwhile, doesn't need profiling because it applies to everyone.

Nonsense. It works if it's more difficult for the adversary to recruit a member who doesn't match the profile. It doesn't need to be "impossible".

Of course it doesn't work perfectly, but no security is ever perfect.

After exfiltrating the data, he was offered a job in Chinese AI startup. Whether or not a real startup, or just s Communist party / military company is an interesting question.
Eventually tech leaders will stop hiring Chinese nationals. This keeps happening again and again.
They should already be at that point. I’m surprised it isn’t a violation of sanctions or something to have them working on cutting edge tech.
No they won’t, they’ll get hit with the dreaded “racist hiring practices” accusations. China knows this, and they exploit it. If tomorrow Google announced a ban on hiring any Russian nationals the HN comments and the media would by and large applaud such a move, by contrast.
All Chinese startups are Communist Party companies, success dictates just *how* tied-in they are.
exactly, this guy understands how business in China works.
How do you imagine this works, western government can’t manage potholes but CCP beurocrats can manage AI, Car production and solar panel production and beat our companies? Are they superhuman?
(comment deleted)
actually got some government shill who can't even spell to respond. touch a nerve?
Bureaucrats in different countries operate at very different levels of efficiency. e.g. Germany vs Italy
I've worked for a Chinese company and with Chinese company partners, but I am not Chinese, so my understanding is probably very, very incomplete. The way it seems to work is that the "influence" from the CCP scales with the size/success of the company. Every business in China operates at the very least with consent of the government. As they get more and more successful, they gain a little more influence/encouragement/cooperation with government. By the time they are giant, successful companies, they're all but an appendage of the government. Hard to explain as an American because we don't have similar "quasi-government" institutions like this. I guess it would be a little like the Federal Reserve--it's technically not the government, but works hand-in-hand with the government.
Civil - Military fusion.

Aka COTS, InQtel, CRS.

Check who's in charge of starshield.

He was supposedly moonlighting as well.
Do you mean morally or legally? It's hard to imagine a Google engineer not knowing that sharing trade secrets is something their employer would seriously frown upon, no?
Is your allegiance to your employer above your allegiance to your country?
I'm not sure why you're asking me that. I made it clear from my comment that there's a distinction between legal and moral "wrong," and I described the unlikelihood that he didn't know it was the former. That's all.
What's legal is not constant in space and time. I bet the only thing he thought he didn't do right is not get out of the US in time. Then it would have been both legal and moral for him.
If he felt that he had to "get out in time," then he knew he did something "wrong" in the sense that my parent is (presumably) asking about. That's the only question I'm answering. You seem intent on drawing me into a debate about subtleties of moral and legal ethics, but I'm sorry to say I'm not interested right now.
And yet you're the one who brought it up
GP asked a clarifying question. You're desire to read into the question and make assumptions about what you think must have been their intent, rather than just taking the question at face value does not mean GP is "the one who brought it up."
I've not read into anything. Someone brings up a subject, someone else expands on it, then the person who brought it up to begin with starts complaining about what they got. It's stupid, waste of text.

Don't reply to me btw. I didn't bring this up for you to speak about it.

What I'm inferring from this truly bizarre thread is that some people assume that clarifying questions are always fronts for hidden motivations (such as springing "gotchas" or getting into debates). It might be worthwhile to consider that not all people operate that way.
No and I also don’t think American companies should be employing citizens of foreign adversaries. That this is controversial shows just how naive the average American is and how unsustainable we are as a civilization these days.
> That this is controversial shows just how naive the average American is and how unsustainable we are as a civilization these days.

IMHO, dismissing any potential opposition as "naive" before you've even heard it, is about as naive as it gets. It also overshadows what otherwise might have been an interesting discussion point by declaring your unwillingness to actually discuss the point.

No it is naive to favor employing citizens of a foreign adversary. There is no argument for this that isn’t based on emotions and “not being mean”
The statement is not about allegiance, it is about knowledge of breaking company policy and conducting corporate espionage.

The question is, just to clear: "Regardless of whether it is right or wrong according to his personal morality, do we honestly believe that he didn't know it was going to anger his employer and likely violate his employment agreement to the extent that he'd face civil or legal penalties?"

There's a name for it, it's called Shadow IT. It's the most common and often non-malicious kind of data leak. The only reason we care about it here, is because he's Chinese, and because he allegedly did meaningful things at Google.

I went to Kubecon in Shanghai last year, and they should have probably just called it LLMcon, since that seems to be 90% of what big tech in China is focused on right now. Not saying that there probably wasn't some interesting stuff in the data he took, but I think people here massively underestimate the talent and investment in China in this domain. Nvidia literally just identified Huawei as their top competitor[1].

I've never had an imposter syndrome as big as the one I had there (and in Taiwan, but more on the hardware side of things) anywhere in the valley.

[1] https://timesofindia.indiatimes.com/gadgets-news/nvidia-list...

that's irrelevant- Snowden thought what he was doing was right
I've had an intern uploading code to his G Drive and after talking to him I concluded he was not malicious, just dumb.

That said you can't claim innocence for not knowing some law, plus any half serious company makes you sign cyber security / IP stuff during the hiring process (ofc one is entitled to sign contracts without reading them).

Many crimes require malicious intent, that exactly how most executives never spend time in jail - it’s hard to prove that Boeing executives where hiding the plane’s defects on purpose.
A Chinese national helping his country not fall behind in what's perceived as an existential race? Wrong?
A Chinese national is trying to make big bucks with stealing technology maybe...
The Motherland rewards it's loyal servants, what of it?
It is capitalism actually. There are a lot money is looking for opportunities, and the hype generated from the US has a ripple effect on the global market. China has a big venture capital market, and domestic money is looking for these opportunities and quick bucks (maybe quick RMB). Started from social media, then e-commerce, a few years ago autonomous driving and now AI. There will be people taking risks with so much money on the table.
Yes, from his perspective it's likely morally right, but he was very likely aware it is illegal in the US. This nicely highlights a difficulty with globalism.
Failing to vet foreign employees working on highly sensitive projects predates globalism by a long shot. Even Manhattan Project got penetrated.
Hope they get the same treatment has those that penetrated Manhattan Project, the Rosenberg treatment.
No from his standpoint it’s good and I’d probably do the same. It’s Google who is wrong for having this person working for them and having such access.
Yes? And also it doesn't matter? Ignorance of the law doesn't mean you get a free pass. And by day 1 at any company you've already had to sign stuff saying you won't steal trade secrets (in addition to loads of other things).
It did go unnoticed though, for years. According to the indictment nobody detected this until the employee moved sensitive data out of Google and into a personal account while in the PRC. Even then they did not really figure it out until the person resigned.
It's kind of brilliant. He was probably confident that Google Cloud's security was good and wouldn't let employees access private data. And, it's a domain / network traffic that wouldn't be flagged.
(comment deleted)
[flagged]
Pretty sure that guy's Japanese.
There are thousands of Tech Lead employees.
[flagged]
> Hiring a Chinese national and giving them access to trade secrets

To be fair, this would have been prohibited if we subjected AI to ITAR restrictions. That said, do we know Ding was a Chinese national?

If he's not a Chinese national, that makes the discussion much more likely to get me censured when I suggest the obvious corrective remediation.
If US prevented Chinese people for working on US AI, US would be in a far worse position in AI. Half of AI contributors in US are Chinese.
Why do they bother spying on us if they’re so far ahead then?
Because the other half of contributors aren't Chinese?
But what value are they providing to the Chinese? The original assertion was that American AI is only where it is because of the contributions of Chinese nationals. I.e. they’re leading the way. Why even contribute to our efforts and potentially improve our standing?
"Leading the way" doesn't mean that other contributors have no value whatsoever.

Leaders can still learn from new/other perspectives, and non-leaders can still have good ideas.

It is obviously valuable to have quick/inside access to new and promising perspectives. And sometimes those ideas are going to come from the other 50% of contributors.

Probably because most of China's top talent leaves.
> Chinese people

If you mean people of Chinese national origin, yes. If you mean Chinese nationals, I’m unconvinced.

Yah, so there is a problem here in that many of these "homeland nationalistic" folks who send stuff back to "their governments" are in many instances, citizens of the country they are betraying.

Since these two[1][2] incidents, I wondered deeply for a while, what is going to happen here as it seems the CCP is getting more and more brazen. I don't believe it would be legal for "enhanced background checks" on someone in the hiring process because they are Chinese American, and it opens an awful door regardless. I don't really know the solution, but I've thought a lot about the problem. (And yes, of course there is that 5 eyes/other "Western" powers are almost certainly doing similar stuff)

[1] https://japantoday.com/category/world/2-us-navy-sailors-arre...

[2] https://www.justice.gov/opa/pr/harvard-university-professor-...

At the end of the day, do we care about Google trade secrets or US national security?
>I don't believe it would be legal for "enhanced background checks" on someone in the hiring process because they are Chinese American,

It absolutely would be legal if AI was recategorized as ITAR. In 2022, dual citizenship was cracked down on in ITAR regulations and dual(or more) citizen individuals must now be deeply vetted for contact with ITAR Section 126.1 countries which include China.

I am by no means an expert at all, however my very basic understanding is that ITAR is primarily concerned with important/export controls? Even if AI was added but the specific staffing was to a project was totally unrelated to something that would be imported or exported (this guy was an infra guy it looks like?), would that apply?
I'm no expert either, but from living through the painful days of ITAR and encryption, it only matters that some technology/information can be used for military purpose for it to be restricted. For years we couldn't distribute the code for AES above 128 due to ITAR, even though it was widely and easily available all over the internet.
If you'd care to opine, would you then there agree with delfinom that ITAR in AI could be a solution to this? From what you just described, it made me wonder if it would impose undo burden on, and so hamper, the emergence of the next generation of NN/ML tools ("AI").
There's considerable nuance involved in the question, which I haven't done due diligence on, but with that as a disclaimer...

Thinking out loud, it does seem like it could help, although it does place a significant (at times) burden on people affected, and in the case that I worked with it made no practical difference whatsoever at preventing the use of the technology by US adversaries. So yes I think it might could help, but my inclination is away from it as I think it would ultimately be ineffective yet quite burdensome on US companies. Possibly to the point of backfiring, leading to a country like China that is (so far at least) much more "open" in regards to AI/ML.

Do you have any thoughts?

I have such limited knowledge of this stuff it's all just gut, but I'd be aligned with you when pushed to comment. The best solution is probably no solution, it's going to happen and that's that.
(comment deleted)
Thoughts on subjecting Jewish-Americans to this?

We've lost reems of technology to I*aeli espionage.

(comment deleted)
(comment deleted)
Google has a fair bit of experience with employees stealing trade secrets: https://en.wikipedia.org/wiki/Anthony_Levandowski#Criminal_c...
It's doubly awkward that this guy apparently doesn't know or underestimate Google's determination to trace employee' access.
That determination got stronger after this incident.
Incredible that he got pardoned.
it's because he could afford it
Assuming you’re talking about money, how does one pay for a pardon?
He didn’t pay. But Peter Thiel and Palmer Luckey (two big Republican donors) recommended him to the Trump team for a pardon, and Trump obliged.
Ok, however, I still don't see "it's because he could afford it".
(comment deleted)
If you can't afford it, you're not hanging out with the likes of Thiel or Lucky. Just having money grants you access to certain circles even if you're not having to spend the money for that access, or it allows you to buy tickets to events with those people.
(comment deleted)
[flagged]
> the CPP also benefit indirectly because it will make Chinese immigration harder in the US

They also benefit directly as they’re stealing the information.

> The US vastly benefit from Chinese immigration and most Chinese aren’t spies. However, it’s interesting to notice the damage one person can have, arming our most potent adversary with advanced technology.

How would you quantify all this? I mean I think we're all on the same page about not wanting to reduce people to their race. That's a good sentiment. But do you have data on any of these claims? When you observe that Chinese nationals are uniquely positioned to arm "our most potent adversary with advanced technology", I dont think you can just handwave such damages away.

> I mean I think we're all on the same page about not wanting to reduce people to their race.

No we aren't. China, at any rate, isn't squeamish about using nationality and race of a person as one of the inputs into profiling them.

Until China is onboard with prohibiting race profiling, everyone else who doesn't do the same is at a distinct disadvantage.

> No we aren't. China, at any rate, isn't squeamish about using nationality and race of a person as one of the inputs into profiling them.

This is a fair point, but misses my point. I meant the vast majority of people on this board aren't just racists who dislike certain races. So we don't have to divert all conversation to trying to prove it.

I don't understand your point here, are you arguing that you want USA to mirror China as a society and government? You do know that living in China isn't great?
> are you arguing that you want USA to mirror China as a society and government?

It's truly confusing to me that you go to that conclusion out of what I wrote.

I was simply pointing out that, no, we are not all on the same page, and those not on our page are simply going to be better at preventing industrial espionage.

How exactly do we “vastly” benefit from Chinese migration and how can we weigh that benefit against the cost of espionage?
Good time to post this article again: https://www.lesswrong.com/posts/z4MDDwwnWKnv2ZzdK/the-agi-ra...

China understands there is a real risk of the US gaining an absolute advantage in A[G]I development. It shouldn't surprise anyone that they will use all kinds of 'greyzone methods' to bridge this gap.

This article should decouple 1) capacity to develop AGI versus 2) desire.
Skimming through it I was confused.

- No homegrown semiconductor industry: isn’t the recent hand-wringing over the new Huawei chips proof of the opposite?

- No interest in training LLMs? Is that true? I thought Baidu was already on it?

In fact at every major AI conferences, Chinese R&D groups like Baidu and Ant group are major participants (and sponsors). I am talking about conferences like NeurIPS and AAAI, which both happened in the past few months.

EDIT: the comments of that article are also confused by that article, lol. Is there a joke that is going over our collective heads?

They're major participants and sponsors because they're definitely behind, and they're trying to rectify that.
There's also a lot of research papers in AI coming out of Chinese universities.
Also I have seen some papers on Arxiv from FAANG companies that have a half-dozen or more co-authors, and almost all of those authors have Chinese names.
(comment deleted)
So he was already CEO/CTO of 2 China companies while still working in google. And these information are publicly available right after he registering them. Seems a management disaster of google.
Not agreeing or disagreeing, but what’s the remedy? To regularly scour sources for information on tens of thousands of employees and parse actionable meaning from the data?

Maybe someone can make a horrible start-up that does this as a service.

making vast amounts of scraped data accessible, almost like search.

you’re right, the big names probably can’t handle that on their own.

> Not agreeing or disagreeing, but what’s the remedy? To regularly scour sources for information on tens of thousands of employees and parse actionable meaning from the data? Maybe someone can make a horrible start-up that does this as a service.

If a colleague new about it and reported it then that should lead to action 100% of the time. The question is if that happened or not.

You expect Google to scan the database of companies in every country continuously to see if employees are executives of them? How would this handle different people who have the same name?

Disclosure: I work at Google.

Presumably for such a high profile position a simple um, Google of the person, checking LinkedIn, or a standard background check would reveal this.
> Within weeks of the theft starting, prosecutors say, Ding was offered the position of chief technology officer at an early-stage technology company in China that touted its use of AI technology and that offered him a monthly salary of about $14,800, plus an annual bonus and company stock. The indictment says Ding traveled to China and participated in investor meetings at the company and sought to raise capital for it.

> He also separately founded and served as chief executive of a China-based startup company that aspired to train “large AI models powered by supercomputing chips,” the indictment said.

These events happened after the person was hired.

This would suggest performing background checks with some frequency - presumably at least once a month - in order to catch the events promptly.

> Prosecutors say Ding did not disclose either affiliation to Google, which described him Wednesday as a junior employee.

... and not just of high profile or senior developers, but all of the junior developers too.

> You expect Google to scan the database of companies in every country continuously to see if employees are executives of them?

Um, yes? That’s among the least invasive and cheapest due diligence they could do.

Perhaps just perhaps the task is a bit harder than what you make it sound like

Instances of people sharing the same name are far more common in china than elsewhere. For example there are more than 30 thousand people called "Wang Wei".

The fact is complicated by the fact that the writing systems are different and transliteration errors are commonplace.

How many people named Wang Wei in any given year become the officers of companies?

Google could even automate this with an email, opting into which would be a requirement for any senior employee handling the kind of information the US government cares about.

"A person sharing your name has registered a company in China, as of 2024-03-07. To affirm that you are not related to this person, please click this link. If you were this person, please reply to this email for next steps."

Edit: obviously, criminals don't mark the "yes I'm a criminal box" on forms. That's not the purpose it's there to serve.

If you are guilty of a much more serious crime, saying you're not related to this person or ignoring the email won't add much to your guilt.
I think it is quite difficult to find out the officers of Chinese companies. There was the big wall street stock scandal a few years ago with respect to Chinese listings on US exchanges.
>opting into which would be a requirement for any senior employee

According to the article, he was a junior employee.

>Edit: obviously, criminals don't mark the "yes I'm a criminal box" on forms. That's not the purpose it's there to serve.

What purpose would it serve? Would it have prevented this case?

(comment deleted)
To add to that, I don't think Google (or any American company) would ask for foreign ID numbers. Your SSN can be used for a background check in the USA, but not in China.
Every problem is easy and cheap until you think about how to do it.
Not for nothing but plenty of other companies do pretty much just this, for example in defense. Surely Google of all companies should be able to do a simple search like that on a regular basis.
In highly regulated national security impacting industries like defense, that makes sense. Google has not developed that rigor yet, although it's becoming obvious that their business has high national security implications now.
I don't think Google has ever had rigor, in anything except possible things which directly affect uptime. It seems to be a systematic problem - look at their history with chat apps for example. Great for hackers - both ones working for Google and ones working for other governments, apparently.
Not sure why this was downvoted but there is a lot of evidence to support this statement, despite the way Google is perceived
> You expect Google to scan the database of companies in every country continuously to see if employees are executives of them? How would this handle different people who have the same name?

> Disclosure: I work at Google.

It's Google. Not a mom and pop shop, not a startup, not even a large bank. It's a massive conglomerate who's entire business model revolves around data.

So yes. And same-name conflicts can be handled case by case.

>And same-name conflicts can be handled case by case.

How? Several times I've had to contact someone within Google whose name I know, but when I go to look up the person's email, there are multiple employees with that name. This is just within Google. Think of within an entire country.

I'm not aware of any corp doing this and why should they? There are as many valid reasons registering a company without affecting your employment.
Big 4 do this routinely to check for conflict of interest as a result of audit regs.
When you apply to Google, they ask what other employment you have, IP you own, etc. Many companies do some variation of this, but I believe Google is one of the most restrictive on its employees.
Sure, if it's an employment that's standard procedure in every company i ever applied to ask/rule out if you would be employed by another company after start date. I was rather operating under the assumption when you're not employed / the owner but the ex-googler seems to have been an employee in a rivaling business in both cases which would have clearly violated his contract with google.
But this person would just lie and say no. The application isn't a lie detector.
And how are they going to access Chinese databases that they are not allowed to access? It's Google, not the CIA. I wouldn't be surprised if all of that information was covered under China's broad state secrets law.
(comment deleted)
> And same-name conflicts can be handled case by case.

...unless they're Chinese.

So I've worked at a few places, none nearly as fancy as Google. Not a single one would have had files being uploaded to personal cloud storage from a work device go unnoticed. That was the red flag, at that point they should've been monitoring actively.
“showing that another employee had scanned Ding’s access badge at the Google building in the U.S. where he worked to make it look like Ding was there during times when he was actually in China”

Google can’t secure itself. That’s been true for years. It’s an enterprise held together by monopoly power, lobbying and low interest rates.

The Google hiring process can take months. They have time to haze people with Leetcode but no time to do a good vet of a person who may be a high risk security threat.
How would Google have detected this before hiring him? It doesn't sound like he started working at the other companies until after he started at Google.
(comment deleted)
Google already apparently logs every network packet on the internal network (including DPI), so I imagine scanning corporate registrations can't be that much worse.
(comment deleted)
> What is Article 7 of the Chinese Intelligence law?

> Article seven says in part that “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.

And that's just a nice wording to make it official, russians don't have anything similar yet they keep bribing small and big people all around the world to often perform literal treason of their home country, and quite a few do so for petty sums. Your Chinese relatives can also be just sentenced ie for made up drug trafficking to execution and subsequent organ harvest if say sending them to 're-education' camp won't convince you.

Anybody having Chinese citizenship and any position of power or access to secret stuff should be treated as potential threat and evaluated continuously. Or just not hired. If they are actually serious about such a work they should give up their nationality, if they can't then they are risky. Its a serious stuff by no means, but this is how China plays so literally everybody around the globe has to adjust or suffer subsequent consequences.

They can't "give up their nationality". Chinese government's position is that once Chinese always Chinese, and emmigrating doesn't affect that. They will still come after your family on mainland. Or use their "local police" forces stationed in most western countries to harass you in your new location.
“ use their "local police" forces stationed in most western countries to harass”

Totally under appreciated point. It’s not “over there” anymore, the CCP have a strong and growing presence in the Bay Area now. Penetration into the FBI will take longer than google or local law enforcement but it is inevitable.

> They can't "give up their nationality"

You can, but it's a fucking pain in the ass, and when Zero COVID kicked in, the Chinese Embassies and Consulates stopped processing anything.

Its a formality they can ignore though. At least they have recent precedence with that Swedish bookseller who was abducted in Thailand a decade or so back.
I mean, you historically could ignore it, but it's changed since the anti-corruption purge began in 2016.

Imo there's no reason to poke that bear anymore - a lot of bad practices that were common 10 years ago are not tolerated anymore (though sadly, a lot of good practices have also started getting cracked down, like domestic criticism)

Edit: you're talking about Gui Minhai. Ok yea that's fair.

I would place money on China in 2024 being worse at rule of law, not better, than in 2016. They granted defacto citizenship to that snowboarder, for example, even though there is no way she qualified under the text of its own law (China doesn't allow for dual citizenship...unless convenient). That was 2022.

It has been downhill since Xi took charge, but yet, he was able to use accusations of corruption to purge his competition. The things that have improved are mostly public order (like prostitution being much less visible than it was).

I agree with ya!

A lot of the crackdown was performative, but silver lining is that at least some bastards got punished as they deserve (albeit by equally reprehensible bastards).

Sort of a broken clock is right twice kinda situation.

Do you not know any first generation Chinese Americans to say such inaccurate statements? This is incredibly inaccurate, naturalized citizens are treated as foreigners by the PRC.
Giving up citizenship doesn't solve the problem of retaliation against family
(comment deleted)
I used to work at a Chinese tech company. I hear that it's pretty common to use aliases, instead of your real name, due to anti-compete clauses when you switch between companies. Even if a company had the ability to do background checks, like you mentioned, it'd be pretty hard to automate if the practice is commonplace.
Are you prohibited from owning a company or acting as the CEO of a company while employed by Google?
You're supposed to declare anything that's a potential conflict of interest, and Google is large enough to have a lot of interests. So if you're moonlighting as an Uber driver, Google's probably cool with it (at least if Waymo is not in your hood); if you're moonlighting trying to build the next Uber for X, Google probably would not be.
[flagged]
It's cut and dried industrial espionage. Yes, we do it too, but this guy was caught red handed.
Why, then, have a DOJ spokesman do a press conference in the middle of an ABA function?
Because politics. Doesn't change the simple facts of this case.
[flagged]
[flagged]
[flagged]
[flagged]
You somehow missed all the jobs and communities destroyed in your analysis.
I don’t disagree, but I think the thought was they would/should transition up the ladder, and that American labor was too expensive to be globally competitive. The later point may just be too true to go back in time. The world evolves; you can’t stay static in time.
[flagged]
Commenters are saying this is parody. I can’t tell.

In another comment she says something like “I’d be doing this work even at half the salary”, which also sounds like parody.

(comment deleted)
This is a parody account
(comment deleted)
This is a parody account. That’s a joke. The next Tweet in the timeline is a joke that the person hasn’t been at standup for a couple days and she doesn’t know why.

I’m amazed that this obvious satire is the top voted comment for so long.

It's currently a 11 minute old comment, for what it's worth. HN doesn't have the traffic of something like Reddit, it takes a bit longer to change. But I'm not sure the account is a parody - it's certainly very trolly, but it does seem to be this person's real account based on LinkedIn, her Instagram, her website www.anamostarac.com, and others. Seems like a real person and their real account but according to other information not a Google employee.

Oh and of course she's got a blue check which is a 100% guarantee that it's not an impersonator. /s

> But I'm not sure the account is a parody

The content is very clearly parody. Not only this Tweet, but other Tweets. It doesn’t matter if it’s a real person or not, the content is obviously parody.

It’s alarming that such obvious satire/parody is not only going undetected, but that people are continuing to debate it after it has been pointed out to be obvious parody content.

Does not bode well for the future of online information wars when something this simple is generating so much debate. The comment doesn’t even offer an excuse, it’s a joke about circulating private company content with government officials of another country. Even if you take it to be true, it’s not even an alternate explanation! I’m perplexed that this is causing so much confusion among this comment section.

To me, a parody account would have to be a different person than claimed, which I think is incorrect. Satire, yes for sure. I am not arguing that this account is serious in any way.

As far as detecting it, well American politicans at this point are a caricature of themselves and have made it much more difficult. I don't like it either.

You already concluded the person does not work for Google.

The account claims to be a person working for Google and speaking as a Google VP.

Therefore, it’s a parody account. The fact that a person by that real name exists does not change that fact.

Sounds like that VP is suspect as well. And from a national security perspective not just corporate.
I think this may be satire, though hard to tell these days.
L5 engineer is not a "colleague" of a VP at Google and also not making $900K TC* :)

* Everything is possible with equity appreciation but very unlikely.

(comment deleted)
Yeah, certainly a parody. C’mon (L5 900k TC)? It doesn’t even pass the initial smell test.
Obvious satire; and not particularly good or funny satire either. It tries too hard to be offensive and transgressive without really pulling it off. Like a parody of Google / Silicon Valley corporate speak written by someone who is not fluent?
I'm pretty sure thats fake.
Certainly it's a parody. VPs won't go tweeting about compensation of the individuals.
The opsec of the people who eventually get indicted is always terrible. If you wanted to exfiltrate source code or docs, why the heck would you use the victim's own cloud storage product? You would just point a camera at your display and scroll through the desired materials, or use HDMI capture, or something along those lines.
(comment deleted)
Survivorship bias in action? The only ones we hear about are the ones who are sloppy enough to get caught. The people who know how to not get caught, doesn't get caught so we never hear about them.
Definitely. We’re certainly not living in a world where we catch more of these people than we don’t.
Exactly. We only know about the terrible ones.
It also reminds me of stories I have read of drug mules that it makes no sense how they think they wouldn't be caught using the methods they were using.

The twist of the story though is they were duped themselves. They were setup to get caught as a decoy while the real crime took place.

Possibly they thought it would appear as their business-as-usual Google related traffic flows.

Rather than say, some tor IP address which would stick out.

Pen and paper can work too.
> The opsec of the people who eventually get indicted is always terrible

By definition....

Yes

[flagged]
It’s not a secret. It’s called the “Thousand Talents recruitment plan”
Thousand Talents is different.

That was specifically about enticing expat Chinese talent to return to China.

The overreaction to the Thousand Talents program had a significant negative impact within a number of STEM subfields here in the US

China has industrial espionage programs, but Thousand Talents wasn't one of them

Most F50 companies will not hire those without citizenship and will be reluctant to hire talent born in China to protect trade secrets. The number of Chinese students at the local BIG!) university by me is a fraction of what it was in 2019. Companies are well aware of the risks now.
Maybe you should look at some compsci papers coming out of US universities, and tell us what percentage of those are authored by Indian and Chinese students.
> authored by Indian and Chinese students

There's no reason for xenophobia.

Plenty of ethnic Chinese and Indian people become or aim to become US citizens, and contribute.

30-40 years ago it was Russians, Israelis, and Japanese who were the stereotypical foreigner in graduate STEM programs.

You'll also notice a direct correlation between Chinese visa backlogs and the rising return of Chinese expats to China in the 2000s.

A similar thing happened to Israelis and Koreans in the 1990s and is starting to happen with Indians now in the 2020s.

We don’t have a single domestic TA in the department I’m matriculated in
Not surprising.

The economics of doing graduate school as an American just don't make sense (outside of those closely affiliated with DoE labs).

For a foreigner (Indian, Pakistani, Chinese, Iranian) the incentive of getting a path to naturalization along with degree normalization is enough incentive (as you yourself probably know).

No American employer is going to hire a LUMS or UET graduate directly, and if you don't want to work in the Gulf or in Pakistan, your only option is graduate school, especially because there aren't as many MNCs to sponsor an L1/2

Top tier foreign talent gets brought directly via L1/2 programs (like my parents a couple decades ago) as MNCs will transfer the cream of the crop to HQ.

In cases like Pakistan and increasingly China, where MNCs don't have full ownership or are non-existent, the only path is graduate school.

Same thing used to happen to Israelis and Indians in the 1980s.

I’m domestic (my mother was born in Pak), I did a stint as an instructor so I don’t TA anymore. But even when I did they could be counted on the fingers of one hand.
(comment deleted)
Japan did the same thing before and after the world wars. This is not really that new or strange. India has been doing the same thing. Russia as well.

it's standard practice to send people to more advanced countries to train and then have them come back and start companies based on what they have learned. this is why Patents only really work in local regions or within a Nation.

the biggest difference is that China has been so much more blatant and in your face with it, especially in the military technology sectors.

Now the biggest issue is to get those that train to come back. A lot of Russians chose not to, same with Indians, and Japanese. China has an extensive espionage network focused on keeping track of exchange students and make sure that they fall in line. Much more so than any other nation.

have a friend from Malaysia and they had this smart idea that if you study abroad and get a PhD or Masters (as I understood it) your entire student loan would be forgiven. Again people didn't move back, so the last I hear was that they tried to make it contingent on moving back to Malaysia. My info is abitout of date since it was a pre pandemic conversation I had with him.

> chose not to, same with Indians

Not anymore. It's because of visa and naturalization backlogs.

When I was a kid growing up in the 90s and 2000s, it was common for Chinese nationals to naturalize and become citizens.

When the Chinese backlog reached a decade long 10-20 years ago, a lot of top tier Chinese talent decided to return to China because employment visa hell sucks and the Chinese private sector formalized and grew.

The same thing has started to happen with Indians as well (and happened to Koreans and Taiwanese in the 80s)

A Tsinghua or Jiaotong grad might have an incentive to do graduate school in the US or work here a couple years, but there's no point spending 5-7 years to naturalize when you can return to China and get funded or get tenure.

A similar thing has started happening in India as well at tier 1 IITs and then like.

Note that Chinese emigration rate increased again due to COVID, and more Chinese are staying since then. It will be interesting to see if that sticks or not.

A lot of Chinese just hedge their bets with lives and investments in both countries (including anchor babies).

> A lot of Chinese just hedge their bets with lives and investments in both countries

Yep. Ik. I lived in Richmond for a bit back in the day when it transitioned from HKers to Mainlanders.

> Chinese emigration rate increased again due to COVID, and more Chinese are staying since then. It will be interesting to see if that sticks or not.

Yep. I personally think it's a fumble on our (America's) part.

A lot of top tier Chinese talent will gladly want to become American citizens or naturalize, but a bunch of populist anti-China measures have prevented Chinese STEM talent from naturalizing, so we aren't getting the cream of the crop anymore

> but a bunch of populist anti-China measures have prevented Chinese STEM talent from naturalizing, so we aren't getting the cream of the crop anymore

I thought it was just the green card quotas, since once you get a GC naturalizing only takes a few years. The quotas are dumb, but are not specifically anti-china.

Not GC quotas - the backlog is 2 years now for Chinese nationals

It's EO 10043 [0] that's the blocker.

If you are a Chinese national who is in some way affiliated with tbe Chinese Civil-Military fusion, you cannot get a visa to the US.

This EO is horribly written, as it essentially treats all Chinese universities or programs that get some kind of military funding (even a relatively minor grant) as part of the Civil-Military Fusion, as just about every Chinese STEM program is connected with a State Key Laboratory or the CAS.

It's a Trump era EO that's still enforced.

[0] - https://www.federalregister.gov/documents/2020/06/04/2020-12...

I think that only affects Technology institutes that are run by the PLA? Like Beijing Institute of Technology or Harbin institute of technology, but they do not seem to be enforcing it for PKU, Shanghai Jiaotong, or Tsinghua.

The crazy thing is that these are generally lower tier universities in China. What a strange law. I can imagine this making those universities much less popular in future admittances.

> PKU, Shanghai Jiaotong, or Tsinghua.

They have State Key Laboratories as affiliated with them as well

> only affects Technology institutes that are run by the PLA

Nope. Any kind of tangentially military funded research (aka almost all of STEM) because of how vague "Civil-Military Fusion" is defined (or not defined in this case)

> What a strange law

Executive Order, not a Law.

> making those universities much less popular in future admittances

Maybe, maybe not. There isn't as much of a pull factor anymore especially after the DoJ's Thousand Talents prosecution shitshow.

Trump really fucked up the China-to-US talent pipeline which was a net benefit for us.

> they do not seem to be enforcing it for PKU, Shanghai Jiaotong, or Tsinghua

F-1 and J1/2 applications have fallen dramatically since this EO was passed (though zero COVID and the shutting down of American consulates during that affected this as well)

Sorry, I was going by the forbes article:

https://www.forbes.com/sites/stuartanderson/2023/04/11/chine...

They are pretty arbitrary about it, I wouldn't be surprised if they were explicitly excluding tier 1s. Visas are back up:

https://www.voanews.com/a/chinese-still-largest-group-of-for...

But we are still down from peak:

> The 2022-2023 school year, with 289,526 Chinese students, is the lowest number since the 2013-2014 academic year when 274,439 Chinese students attended U.S. colleges and universities. The highest enrollment number for Chinese students was 372,532 in 2019-2020.

All good!

> Visas are back up

Yep!

Now that the US is processing Chinese visa applications again (and Zero Covid ended) people are applying again, but ime most Chinese nationals I've seen or interviewed at American programs tend to be those who are Chinese nationals but studied abroad (eg. In the UK or Canada).

I don't really see Tier 1 Chinese STEM graduates at lower tier American programs anymore compared to say 5-10 years ago.

If there was some dataset to parse, I'd love to test my hypothesis that most Chinese F-1 applications are now for Chinese who aren't graduates from Chinese STEM programs.

The tier 1 graduates don't need to go to lower tier American programs anymore. They've already leveled up beyond that. They are going to tier 1 programs abroad, or just going to work at a FAANG or a Chinese-equivalent (when I worked for Microsoft Research in Beijing, we lost a lot of tier 1 undergraduate new graduates to Google in California, and that was 10 years ago)
Fair point!

I guess my question is whether statistically speaking a MS Research Beijing caliber researcher in 2024 (or 2019) would prefer to work abroad in Bellevue or prefer to stay in China.

This is an open question and I'm not sure we'd have the granular level of data needed to test either hypothesis for at least a decade.

All I can use is anecdotal information, but that of course has biases.

2019 they preferred to stay in China. 2024, I think the pendulum swung back again given COVID zero's fall out, but who knows how long that lasts.
I was not aware of that, thanks for sharing! It does explain why I have seen more indian recruitment in EU from India and China since our backlog or naturalization process is only 5 years of living in the country and then 1-3 years for the bureaucracy to manage the application.
Most Tier 1/2 Indian and Chinese candidates prefer to remain in India+China instead of emigrating to the EU

Top tier employers in both countries can pay Warsaw or Prague level salaries (eg. An IIT Kanpur class of 2024 undergraduate's average starting base salary is US$30,000 in India alone [0]), and you aren't going to be a de facto indentured servant

Generally, Indian+Chinese talent that emigrates to the EU tend to be those whose career growth is limited due to attending non-target schools or lower tier companies.

This excludes graduate students at top tier European institutions (eg. TU Munich, EPFL, etc) who are there explicitly for research, but end up returning to their home countries due to competitive tenure or funding offers.

20 years ago, a Chinese or Indian national attending TU Munich for a PhD would probably stay in Europe, but nowadays they get competitive tenure track offers at IITs or Double First Class Universities.

[0] - https://m.economictimes.com/jobs/fresher/iit-kanpur-class-of...

Blatant is another way of saying successful. Not many countries have system in place to incentivize reverse brain drain, and even in PRC that was hard fought. It's difficult to compete with US tech wages propped up by cheap money. Big reason why PRC can get talent to come back, and with IP is because they pay accordingly and, most importantly, have system in place where that knowledge can be exploited. Another big reason is, and let's be real, East Asians have bamboo ceiling (relative to whites, south asians) in western tech/science. At some point, for some Chinese in western tech, a comfortable salary isn't enough when PRC offers appropriate senority/status and opportunity to build/lead and can compensate/execute accordingly. People aren't happy with good 6 figure salary when they think they deserve 7-8 figure.

People here forget PRC "seaturtles" going back to grow domestic PRC industries is as much a PRC enticement success as US/western retainment failure.

> Not many countries have system in place to incentivize reverse brain drain

Most regional powers do.

The Chinese program is based on Japan's METI, Taiwan's MEA, and Israel's MoE.

These 3 countries devised the primary reverse brain drain programs that countries like China, South Korea, Turkey, India, etc began emulating in the 2000s-2010s.

I suppose more accurate to characterize not all are successful as preventing/reversing brain drain to maintain/grow competitiveness.

PRC emulating 2000s challenges JP/TW recognized is expected. Difference is in execution/available playbook, PRC has growing R&D budget and commercial opportunties to brain drain from likes of JP/TW now, and that's mostly side effect of scale and PRC dumping resources into relevant sectors to compete for top talent. Not as much as US, but enough to entice. It's also failure of others to retain, JP is starting to terminate 10 year academic positions from 2010s designed for job security and they're not being recycled into JP corporate, so they leave for greener pastures abroad, including to PRC. TW... just has tertiary over capacity and not enough domestic opportunities, they also go abroad also including to PRC. SKR... annecdotally it seems like many stay abroad because there's not much opportunities other than being chaebol wage slave. VS last few years, more and more PRC talent/students abroad either see writing on the wall for their future prospects in west due to geopolitics but also know there's _real_ money to be made in PRC strategic sectors. 1000 talent / China Initative crackdown may have accelerated process but it's also increasingly obvious there's a lot of money and prestige to be had, and I think latter undervalued for those who feel stuck due to corporate/geopolitical bamboo ceiling.

TBH PRC also has tertiary overproduction but there isn't capacity to meaningfully brain drain amount of talent PRC is producing abroad. And it looks like some don't even want PRC talent to risk that due to muh IP. Simulatenously, PRC has enough resources/opportunities at top to reverse brain drain some of the few (relative to population) high end talent that went abroad. 0.01% of PRC are overseas, vs 1% of JP vs 3% of TW & SKR. I think that's a a large power strategy, and specifically a large population power strategy, make so much talent that there's always ample talent, and invest more in absolute terms to retain and even drain from others who can't afford to. Regional powers don't get this playbook.

Last years report on brain drain from top 10/100/1000 indian institutions was staggering, but IMO they'll have the same advantages as PRC once domestic opportunities pickup. Israel's pretty successful for various reasons. Turkey I'm not too familiar with other than they're defense industry is growing.

> so they leave for greener pastures abroad

Alternatively, SK and Japanese companies have succeeded in expanding foreign R&D capacity significantly (starting with China in the early 2000s) and there isn't as much a need to remain within JP+SK anymore.

For example, SK and JP expat talent is fairly common in VN, TH, and IN now where they are managing local divisions in those countries.

This largely connects with both Japan and SK's "Flying Geese Paradigm" (雁行形態論) to use Japanese and Korean R&D capacity to build newer markets abroad, and cultivate a secondary tier of R&D capacity.

This was a major reason why Japanese manufacturers heavily invested in electronics R&D in Thailand, Malaysia, China (before 2013), and India along with SK's similar attempts in Vietnam and China (before 2017).

Most of these Koreans and Japanese abroad continue to work for Korean and Japanese companies or (if in the US) on funded scholarships or research from both governments.

> Last years report on brain drain from top 10/100/1000 indian institutions was staggering

Which report?

The only Indian institutions that matter are Institues of National Importance (INI), and very few graduates (usually around 1-5%) from those programs go abroad excluding for graduate study, based on placement statistics since 2017.

During the 2011-17 period there was a structural slowdown in the Indian economy due to an infra lending crisis which was resolved by Raghuram Rajan, Arvind Subramanian, and Krishnamurthy Subramanian's reforms [0]

IME, after the Indian economy stabilized by 2018, most Indians abroad tend to be from non-target institutions, or those who's careers hit a rut as they were unable to be placed at a tier 1 employer (usually a company or government agency that can pay a $10-15k a year starting salary).

> Regional powers don't get this playbook.

Agree to disagree.

The primary difference between China and other countries is that China wouldn't allow significant ownership in R&D FDI within China, thus creating a de facto firewall between domestic talent and R&D capacity abroad.

Most Japanese and Korean companies already tired from that policy and began decoupling in the 2010s, and China was never as closely integrated into the American innovation system as Israel and India (thus leading to the development of local R&D champions).

This is NOT to say China is inferior, but this is to say that there is a level of protectionism in Chinese R&D capacity that isn't as common in other countries (even Russia pre-2022), and increasingly incentivizes Chinese R&D to remain relatively insular.

Most other countries don't have the need to develop hyper-insular R&D capacities as international cooperation remains fairly high.

[0] - https://www.economist.com/finance-and-economics/2023/05/11/i...

The US government keeps track of countries with material industrial espionage programs like this in America. It isn’t just China on that list, some western allies do the same thing albeit rarely if ever on the same scale as China is currently.

It isn’t a secret. Most people are just oblivious to the scope and nature of the threat.

[flagged]
> > The case against Ding, 38, was announced at an American Bar Association conference in San Francisco by Attorney General Merrick Garland,

Yeah, this seems very suspicious.

Justice dept and FBI love any chance for photo ops and press releases patting themselves on the back. I'm not sure there's too much ace detective work to be proud of here - seems Google heard he'd presented as a CEO of a Chinese firm days after he quit, and must have given the FBI a call.

It makes a good story, but the current crop of LLM-based AI's don't seem to require much more than a bit of prior job experience to build. The most successful recentish AI/LLM startups such as Anthropic, Mistral and Reka.ai all have ex. Google, OpenAI and Meta employees as founders, and that prior experience appears plently enough to hit the ground running.

(comment deleted)
This doesn't surprise me. I knew someone that intentionally graduated with a specific major, so they could get a job in that industry and send trade secrets/IP back to China. The purpose was to create a competing company.

It didn't work out for them that well. They couldn't last more than 6 months at any one company and I think eventually gave up and went back home.

Did that person just go around disclosing their plan?
I think if someone actually had government handlers asking them to do this, most of those people wouldn't blab about it to their school chums. But there's a subset of people with grandiose delusions / general behavior problems who feel a compulsion to tell everyone about their grand plans/machinations to become rich and powerful.
> someone actually had government handlers

It most likely wasn't a Handler/MSS type espionage.

It was most likely trying to grab IP to found a domestic competitor, and raise a Seed round from local government accelerators like those Beijing and Hangzhou have.

I think you are underestimating how tough it would be to be playing James Bond and not tell anyone.

You wouldn't have to be a delusional braggart to want to tell a friend this. Most spies are not going to be as much of a compartmentalized lunatic like Robert Hanssen or someone at that level.

Having seen something like this happen once, what probably happened was the person OP is referring to was trying to get IP in order to start their own private sector startup, and probably get some seed funding from a regional government (eg. Beijing and Hangzhou did this in the 2000s to jumpstart their tech industry)

It's similar to the Israeli program in the 90s (who's name I'm blanking out on EDIT: Yozma I before it was privatized) because just like China in the 2000s-early 2010s, there wasn't a notable private sector VC industry yet.

> It's similar to the Israeli program in the 90s (who's name I'm blanking out on EDIT: Yozma) because just like China in the 2000s-early 2010s, there wasn't a notable private sector VC industry yet.

Quite an allegation... any reference to them sponsoring/encouraging stealing IP or am I misreading and you simply meant it's a government sponsored startup accelerator program?

It's not really that damaging.

Israel never recognized American software or pharmaceutical patents, and most countries do some form of Industrial Espionage (France is fairly notable in the space as well [4]).

The wildest cases tended to be back in the 1990s, when Israel was trying to build a domestic armament industry, notably by stealing American IP and selling it to the Chinese [0][1][2][3] (most modern Chinese weapons systems today are based on that IP transfer in the 1990s).

This largely ended by the mid-late 2000s when the Israeli tech industry was much more established, and Ehud Barak (edit: Olmert - mixed up his surname and the Barak middle scandal) getting arrested on corruption charges, heralding the end of Israel's Wild West days in the tech industry.

Also, Tiannammen Era sanctions from the 1990s forced Israel defense companies to pivot to India, which doesn't allow vendors to sell SKUs to India which Pakistan and China have access to, and would leverage French and Israeli SKUs based on American designs.

I highly recommend reading this GAO report from the 90s [3]

[0] - https://www.jstor.org/stable/2538128

[1] - https://www.nytimes.com/1993/10/12/world/israel-selling-chin...

[2] - https://www.jstor.org/stable/1149008

[3] - https://www.gao.gov/assets/t-osi-92-6.pdf

[4] - https://www.politico.com/story/2014/05/france-intellectual-p...

Did you mean Ehud Olmert? I don’t believe Ehud Barak was ever arrested.

Also, not to nitpick, but would appreciate publicly accessible articles… from the abstracts I can only assume these are summaries made in the 90s of pre-90s shenanigans

EDIT: saw now the edits with 3-4, will look at when I have time (thanks!)

> Ehud Olmert

Yep. Brainfarted and merged Olmert and the Barak missles corruption case

> summaries made in the 90s of pre-90s shenanigans

Hence why I wrote "the Israeli program in the 90s".

It's significantly less egregious nowadays (imo de facto non-existent due to how integrated the Israeli innovation system is with the American system now and how simplified FDI is in Israel compared to the 80s-90s)

> appreciate publicly accessible articles

Internet based news wasn't really a thing until the post-Netscape era.

All you're stuck with are archives of print news or government articles, especially because this kind of behavior largely ended by the 2000s.

> EDIT: saw now the edits with 3-4, will look at when I have time (thanks!)

No problem! And like I mentioned before, most countries do this in some form to help domestic champions (eg. India and Pharma IP, France and Defense IP, socialist era Israel and Defense IP, 1970s-80s Japan and electronics IP, China and Defense+Software IP).

If a country allows almost 100% FDI, there's no reason for industrial espionage in that specific sector because foreign champions become integrated with domestic ones. Hence why Israeli and Indian companies don't steal hardware designs anymore because most Americans companies have design centers there that are closely integrated with domestic champions.

Funny that you mention France when the USA is #1 in the world for corporate spying. Having been involved in western Europe for deal where US competitor were given "advantage", USA spying was always number one concern over all other countries (and this is how counter spying agencies brief companies) as it had more direct economic damage and is more difficult to identify than Chinese spying.

Few examples just for Airbus every few years you get report of US spying: * https://www.dw.com/en/airbus-fires-16-over-suspected-german-... * https://edition.cnn.com/video/news/2015/05/01/airbus-spying....

The American government will spy, but will not explicitly spy to provide IP directly to a private company like Boeing or Lockheed, as this enters felony level corruption territory due to the Procurement Integrity Act, Federal Acquisition Streamlining Act, and the Federal Acquisition Regulation.

The main difference is DGSE would explicitly attempt to steal American IP and then provide it to Thales or Dassault.

They may not provide direct R&D details but they will provide direct information about offers price, negotiation status etc. This is part of the Snowden leaks that people seems to have completely forgotten.

https://wikileaks.org/nsa-france/spyorder/#spyorder2

IANAL but Competitive Intel around pricing and SKUs isn't IP except in certain cases.

If they were, just about every single private sector company globally would be guilty of IP infringement, let alone Public-Private Partnerships like the ones I mentioned.

Intelligence agencies often have their own interpretation of the law, which coincidentally allows them to do what they want.

And if you don't like that, you can sue them in the special intelligence court where the evidence cannot be revealed, the proceedings are secret, and the judges are very unbiased.

Hmmm that seems like a clear cut case to report to the FBI. Yeah, assuming that they were walking around telling people about it.
The FBI gets more credible reports than it has the labor to investigate. Not to mention in this example no crime even yet occurred.
> in this example no crime even yet occurred

Interviewing for a job with the prior stated intent of pilfering their IP is fraudulent.

Let the employer file civil case then.
> Let the employer file civil case then

The IP theft is a private concern. The national security implications are public. What OP describes seems worth criminal investigation.

Is it?

I mean obviously if the said person did pilfer, or attempted to pilfer, it would be illegal.

But is there any law against interviewing for a job, while having a prior statement of intending to pilfer? Or in a more general sense, interviewing for a position while previously saying that they intend to breach the contract?

I'd imagine that there could only be ground for a lawsuit if 1) a contract has been signed, and 2) the stated activity has at least been attempted.

I agree with the spirit of your statement that no crime has occurred. But this isn't a case where someone just expressed a vague interest in a related topic of national security, but their specific intent to steal secrets and give them to an adversary. And then go ahead and interview at certain companies with that intent.

This would be like someone specifically (not vaguely) stating their intent to commit a violent crime and then spend months preparing for it. Yeah, law enforcement, please definitely follow up on that one.

Trade secrets aren’t national security.
They definitely can be. In the US there are many different ways in which they can overlap as a matter of law. There are myriad frameworks similar to ITAR that place a national security interest on trade secrets or block public disclosure e.g. patents (which effectively turns them into trade secrets).

Your average web dev probably isn’t familiar but navigating this is a routine consideration in deep tech.

Real, and quasi-real national security projects require more stringent background checks than the ones unnecessarily used in most "average web dev" [sic] recruitment processes, and some come with citizenship requirements. I know, because that's one of the reasons I don't work on such projects.

ofc, like in any security-related field, many are LARPing instead of practicing, and that's a different issue.

It is more nuanced than this. A startup is virtually never a "national security project" even if they end up involved in an actual national security project. The kinds of background checks startups do are the same as any other company in any industry. It has nothing to do with national security. There are many things that can factor into a citizenship constraint depending on the type of business.

A "real" national security background check requires support and sponsorship from a national government, and governments don't provide that casually to anyone that asks. If a startup finds themselves with national security customers, there is no requirement for the startup to go full-on Secret Squirrel but governments will calibrate their trust in the startup by how seriously the startup takes security and how diligent they are when vetting employees. It does not involve everyone getting a security clearance, which would not be possible anyway if the startup works with multiple national governments.

I find the opposite situation is more common in practice: startups that find themselves in the national security space are often naive about what constitutes a baseline level of security, vetting their employees, and the pervasiveness and character of espionage programs.

It is important to recognize that national security considerations are starting to affect startups that never go anywhere near national security customers due to escalating concerns and increased rigor around software supply chains. You may not have an interest in national security but national security may take an interest in you. This has ramifications for many software business models.

They are indeed separate concepts but they may be both true. ASML can be a good example
Not to mention in this example no crime even yet occurred.

OP...you should definitely report this to the FBI.

If you try to hire a hitman, the FBI will definitely investigate even though no crime has been committed.

> get a job in that industry and send trade secrets

so, is there a clear line between: steal trade secret, and applied learned experience in new company the way everyone does?

If they are intentionally finding information that is outside the scope of their own role and then exporting the information itself as opposed to actually learning it then that would be clearly stealing trade secrets. Of course there are some lesser actions that would be in a gray area.
> intentionally finding information that is outside the scope of their own role

some call that a positive initiative. cross training between departments or some such corp speak is used so people can "fill in" or just have a better understanding of the other departments so you can possibly work better with each other or come up with novel solutions for someone else.

companies that silo everyone off and prevent open discussion between groups are horrible places to work. ask Oppenheimer.

> intentionally finding information that is outside the scope of their own role AND THEN exporting the information itself
No. Ultimately courts have to make judgements.
> so, is there a clear line between: steal trade secret, and applied learned experience in new company the way everyone does?

There may be some grey, but copying information in writing is pretty clearly over the line.

> It didn't work out for them that well. They couldn't last more than 6 months at any one company

I don’t understand what you are saying here. How many months does one need to stay to hover up the trade secrets / IP? In software engineering you get access to the repos on day one, but even in other industries I guess what you don’t have access to after 6 months you won’t have access to realistically ever.

> eventually gave up and went back home

But according to what you said that was their plan all along. So in what sense did it not “work out for them”?

> In software engineering you get access to the repos on day one

Some repositories needed to do your work, sure. Not necessarily all, and the more interesting work may not be available to just anyone who joins.

If it's a company like Google, you may not even end up at the group you interviewed for.

I would be very careful doing that at Google. Even if just about anything is accessible, I imagine most access is logged. If you are downloading everything not related to your job it could raise some alarms!
Didn't stop Anthony Levandowski
Presidential pardon is the one weird trick that employers hate, when you steal IP and get caught
Yeah, yeah. I’m not saying it is easy business. What I am saying is that “bouncing around many companies in a quick succession and then leaving for their home country” is exactly the pattern one would exhibit with that plan. If one would want to show that their plan didn’t work out then one would be talking about other things. For example that they only got junior jobs with no access to the code/secrets, or that they were only hired in fields outside of their interest, etc etc.
I think the subtext here is that the “spy” in question was not the sharpest tool in the shed.

You need some level of intelligence and knowledge to know what is worth stealing and what to do with it.

Getting a major with the sole purpose of industrial espionage and then telling people about it indicates a lot about the person in question.

Short of downloading literally everything and sending it back to a team, it's possible he didn't know enough after 6 months (while also trying to maintain his actual job) to get anything of value.

I've been at my company for almost 20 years. I have a lot of access, but if I was told, "go find some trade secrets." LOL, not a chance. The haystack is far too big and I don't even know what I'm looking for. Someone who has been at the company 6 months barely knows where the bathrooms are.

My prior employer was really worried about source code leaks.

I was more like, giving the direct competitor the code would more be like industrial sabotage for their sake. What could they possibly do with it. They would waste fte years dechiffering it instead of doing something useful.

But nah, rather keep your own engineers in the dark about secret plans and road maps.

I worked out quite well though, since the engineers did their thing withoit knowing what the higher ups wanted.

> I've been at my company for almost 20 years. I have a lot of access, but if I was told, "go find some trade secrets." LOL, not a chance.

Because it is not your intention to do so. Think about how one can live a whole life locking and unlocking locks without ever accidentally lock-picking one. Yet they can be picked, and often quite easily if that is your goal.

If you are serious about it you don’t just bumble around randomly until a trade secret hits you on the head. You can ask yourself: what can that company do nobody else can? You can even ask this question before joining a company and thus selecting the right target and the right position to get access to it.

If you are an agent of a rival company or govt there may alreay be a "best practices" rulebook for stealing IP, a set of established procedures.
I have a strong distrust for authority, but even I would report espionage and IP theft of this sort. Downloading a movie doesn't bother me. Running a site for others to download movies doesn't bother me. But being a snake to go defraud a company to steal the hard work of others so your own illicit company can turn a profit off said labor by others irks me. Do your own R&D.

Did you ever consider doing raising a red flag? If so, why did or didn't you?

If anything is going to unite two groups of people who are “naturally” on opposite sides of a political spectrum, it’s going to be stopping treasonous activities.

I airquote naturally because it’s obvious that foreign interference is at play, based on the laissez-faire attitude towards this sort of thing by some groups.

Correct. The left and the right may be at loggerheads about the best way to manage america.

Yet, the vast majority of both camps still think of themselves as american. Neither group will take kindly for others to present themselves as american, to then proceed steal from other americans for the benefit of non-americans.

We are all part of the same macro-tribe after all.

Leftism is about both heirarchies and specifically capitalism and colonialism exploiting people and workers.

The capitalists running the companies are the common enemy. Nationalism is a tool, not something to be into once the nation is strong. Sad that people still care about being patriots or whatever when the companies are only paying you a wage while they make profit and keep all control of all the work and means of production.

> Running a site for others to download movies doesn't bother me.

> being a snake to go defraud a company to steal the hard work of others so your own illicit company can turn a profit off said labor by others irks me.

I'm sorry, I really don't understand this. What part of the second statement doesn't apply to the first?

If you're going to steal secrets, do it slowly, don't pull a Levandowski and copy everything in a noticable way so that security gets alerted, at which point it may take you forever to exfiltrate data.
> I don’t understand what you are saying here. How many months does one need to stay to hover up the trade secrets / IP?

Presumably the more valuable the IP, the harder it is to access.

Repositories are rarely worth much.

Sure, some algorithms there might save you some time, but its often the design and the data where the money lies (what this guy focused on).

Clone google's repo and you'll likely struggle forever to get anything of substance running on a rando vm/docker/etc. not to mention about spinning the entire stack with interconnected services, certificates, shitty code, and layers upon layers of hacking that can only be resolved by relying on the tribal knowledge on whomever built the darn thing.

Compared to that - detailed design docs, a team of motivated Chinese dudes/ettes with some monetary support from the local party, and you can have a close-enough copy running natively on the Alibaba cloud in a few months.

There's probably some deep science AI-type stuff.

Or maybe useful for security exploits.

Source code repo is like a very extremely detailed doc. You might not be able to actually easily run it due to all of the dependencies etc, but with couple of weeks of reading, you should be able to tease back out the high level design.
I've done enough code archaeology to say that looking at the code to understand the design is a good way to understand that the two halves of the bridge didn't mate up, but there was a deadline, so...

The design from a design doc can be replicated at almost any company. The actual code is specific to the company and their exact stack.

The company's business position is similarly hard to duplicate. You can understand a company's current capital, customers and money flows. Your new company has to either outcompete for those same flows or create or capture alternative flows, and do this with different capital. Having, say, the entire source code for FedEx doesn't make it easy to launch a competitor. It's practically irrelevant compared to the network of capital investments, corporate goodwill and contracts, etc.

A copy of Google3 would take an outsider eons to replicate Borg for any of it to run on.
Did they tell you that, did you hear it second hand, or figure it out yourself?
Slightly different: I worked with a guy who took a job at a finance firm I worked to understand trading. His stated goal? Arabic states and individuals have stupid amounts of money he can play with. That is, he wanted parlay learning and connections to start his own firm.
The title is “ Ex-Google engineer charged with stealing AI trade secrets while working with Chinese companies”
(comment deleted)
(comment deleted)
[flagged]
just wondering, what makes you feel safe if trade secrets are stolen by countries like Saudi Arabia and Israel?
I find it funny how Google is presenting this. These statements don't really mesh well.

> “We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda said in a statement.

> Ding [..] began uploading hundreds of files into a personal Google Cloud account two years ago.

> He resigned from Google last Dec. 26. Three days later, Google officials learned that he had presented as CEO of one of the Chinese companies at an investor conference in Beijing.

> We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets

This is just something companies have to say to keep their certifications / audits valid and not get sued by shareholders. In the end any system is leakable if workers really want to.

It's also to be defensible in court. If an opposing party can make the valid argument that "They leave the doors wide open and scatter IP willy-nilly, why wouldn't the IP get leaked?" it makes it harder to argue "Person X stole information when it was obvious that there was an expectation of secrecy"
(comment deleted)
[flagged]
That is a satirical twitter account.
And a damn fine one at that.
(comment deleted)
I'm pretty sure this is a shitposter account
(comment deleted)
This is a satire account, if the recent tweets and inclusion of TC didn't tip it already.
(comment deleted)
If any of you get this far down, one thing that caught my eye is that Google said they had analyzed this guy’s network traffic after locking his laptop, confirming various things. If you work at a large company like Google, every packet on their employee access network is recorded and indexed for forensic purposes.

This is not something Google would talk about publicly, but it’s standard practice in any company that is a serious target for sophisticated cyberespionage to spend a great deal on specialized equipment that can log all network traffic at scale.

It's SOP in all companies, not just those facing sophisticated threat actors - there's a reason EDRs like Crowdstrike and SentinelOne are massive players now.
I've never been exposed to that side of things but always wondered do certain levels datamine this information? For example, do they get reports on user activity during the day... A pareto of employee activity perhaps by userid? I mean, why wouldn't they?
why would they? if we're talking about sophisticated espionage, that's more of a job for infosec. if we're talking about AFK time, being secretive defeats the purpose.
I’ve done this sort of work and my anecdotal experience was it is mostly used to flag blacklisted activities from occurring on the computer spanning things like porn and gambling sites to administrative privileges, but also to modify what level of access these computers had for interacting with different infrastructure between silos.

You could use the data to identify activity levels or behavior patterns of the people using the device but it would cost a ton more money and a larger team to do that plus the other responsibilities we had simultaneously.

My experience is also not with employee owned devices so in my mind there’s nothing wrong with doing it’s agreed to and is imperative to their function as an employees especially with HIPPA concerned.

I think there was some BYOD stuff that was starting at one point and we had to run an emulator on their personal devices so the programs we run to collect logs were sandboxed from their regular phones.

Essentially you hook up all your log sources to a User and Entity Behaviour Analytics (UEBA) platform, it comes up with a model of "normal" behaviour, and flags users for investigation when they start acting outside of those norms (or things you want to explicitly flag on).

No data egress for 6 months, then 20GBs of outbound traffic? Someone's getting notified to take a look and see what that was and where you sent it. You only authenticate against one host on the network, and suddenly you're hitting thousands of hosts? Someone's getting notified to investigate, &c.

As someone who has worked at companies, it sure as fuck is not. Unless you are a very valuable company or you make money with data/software, ain't nobody got time for that.
Yeah, install EDR for satisfaction and forget.
It absolutely has to be more nuanced than "there's exabytes of pcaps somewhere" because cloning repositories, pushing branches, backups, these things would basically end up being nasty amplification attacks against the ability to store this data. And block dedupe can work for some storage loads, but it's not solving this problem, especially when that git clone came over ssh or https.

Data from employee devices all being captured and stored? That seems plausible. All data on the corporate network? Less so to my naive mind. I'd love to hear exactly how that works and what kind of retention exists for it.

What seems far more likely is that there's a rules engine that can see all the traffic and makes a decision about if it trips an event to be logged or looks strange enough to be captured (along with some amount of surrounding context, if possible).

Yeah you plug holes so you don't have to audit everything. Disable USB ports, alert on large file transfers, audit file access and device logins, no access to local network shares off-site, etc. That's probably good enough for 99% of the world.

Capturing all network traffic is absurd and I doubt that's even a thing. You'd need a department the size of the existing company to be able to manage and do anything meaningful with it. Maybe if you had a super secure jump box you could consider monitoring all the traffic on that, but there are much much easier ways to audit behavior than network traffic. Monitor the devices instead.

This is standard practice in all big companies. Everything is tracked and recorded. If you want to say something to a colleague that you don’t want management to know - use your personal phone and talk at a coffee shop or bar in person.
It's indeed safe to assume everything is tracked and recorded and can be found if they bother to look for it, but a random line manager is not going to have access to any of it.
Asking for a friend :) On VPN at home, using my work laptop, I happen to browse some non-decent content, more than once, maybe routinely. Is that all tracked or do VPNs have routing to use VPN only for company network, and leave NSFW be handled by my ISP? Or even if is going via ISP and not company network, are the companies usually able to track what all sites I visit

Not a Google employee BTW, but work for a company that I am reasonably sure does monitor their network.

Depends on the VPN config if it's everything, or just company resources. Split tunnelling seems uncommon from my experience with corp VPNs...

But if you're on work equipment, they likely have corp spyware looking at all your browsing even if you're not on vpn. Shop for fans or whatever you need to do on personal equipment.

Is he on the corporate network on his work vpn? If so, this is recorded. You have to go via corporate proxies and use corporate dns. That’s easily trackable.

If he’s installed something like mullvad on his work laptop and he’s able to tunnel out from the corporate network, he’s probably safe from the content but has broken policy on unauthorized software, the intent of which can be malicious.

They won’t care in general. But if they want to get rid of him they’ll have the info ready.

Why don’t they steal these documents by taking a photo using a camera? I feel like a genius be the first one thought of this.
[flagged]
The entire history of man counters this. So while you might be advocating for some Star Trek world peace fantasy, historical and present realities differ. And that reality is what leadership and everyday people live in. A zero sum game.
I think you're getting at a basic fallacy. This is not a zero sum game. This is a positive sum game.

The worlds population has been steadily growing for the past 10,000 years. The quality of life has mostly increased. We're figuring out more efficient ways to extract energy from the resources around us, including the sun.

We don't live in a post-scarcity world but we also don't live in a zero-sum world either.

> I think you're getting at a basic fallacy. This is not a zero sum game. This is a positive sum game.

You don't get to sweep many zero-aspects of life that are zero-sum, by calling it a fallacy, under the rug.

Many scenarios in life are game-theoretical with tradeoffs, where deviation from the greater sum results in higher rewards for individual actors. Until you solve it, you don't get to say "ItS noT ZeRo Sum!!11"

> You don't get to sweep many zero-aspects of life that are zero-sum, by calling it a fallacy, under the rug.

Declaring life as a zero-sum game doesn't make it so.

I didn't just declare life as a positive sum game, I gave some basic counter examples to your claim that life is a zero sum game.

> Many scenarios in life are game-theoretical with tradeoffs, where deviation from the greater sum results in higher rewards for individual actors ...

This is a separate phenomena. It sounds like you're alluding to the Prisoner's Dilemma problem [0]. Notably, many formulations of the Prisoner's Dilemma problem are not zero-sum [1].

I never said game theoretic ideas don't apply nor did I claim that individual rewards could inhibit global reward, I specifically addressed your claim about it being zero sum.

[0] https://en.wikipedia.org/wiki/Prisoner%27s_dilemma

[1] http://pespmc1.vub.ac.be/PRISDIL.html

An example or two would really help your case here. Right now your comment just comes across as “I’m rubber and you’re glue”.
Nota zero sum game, but about history I agree with you man but we can do better.
> We should be figuring out how to create a global, collective, human advantage for everyone and the planet

We haven’t solved the problem of governance. The End of History seemed close in the 1990s. But we’re back to being torn between the efficiency (and short-term stability) of authoritarian models against the flexibility (and long-term stability) of democratic ones. Until we find the model that just works, this competition is probably the best interim solution.

You need a model that is not financed through extortion. By granting a small part of the population rights and duties that would be criminal for anyone else to perform (do you even have a right to extort, kidnap, and murder?), you are playing people against each other and perpetuating a struggle for control of the government to act on their behalf, at the expense of everyone else.

governance ≠ government

As long as extortion is involved, the various organs have no incentive to improve, and further more succumb to mission creep (1) to justify and expand their budget, necessitating further extortion.

1. https://www.merriam-webster.com/dictionary/mission%20creep

> granting a small part of the population rights and duties that would be criminal for anyone else to perform

No, I don’t want anyone to have nuclear codes. And yes, I want someone to ensure randos aren’t building nukes.

> governance ≠ government

Sure, but to the degree we’ve made progress on the problem of governance, it’s been in proving the necessity of government. Anarchist collectives far well until someone comes to take their stuff; this is basically the warlord era of any civilisation.

To be fair, the current scope of government for most of the world is far beyond mutual defense at this point. Governments of the 19th and 20th Century also provided defense, and did so with a much smaller portion of GDP.

I think there's a pretty strong argument that global military is close to a zero-sum game, but I agree that this doesn't mean there is a obvious alternative.

Last, I think it's pretty indisputable that there's been significant scope creep given that western government taxation & spending are now pushing 50% of GDP. If you look at the US, the federal government was 2% of GDP in 1920, and closer to 25% today. This is despite 10x in inflation adjusted GDP per capita. This means that more realistically, government is consuming/directing 100x more productive capacity per person.

Authoritarian models are not efficient in anyway, they can project the image of being efficient but that does not mean they are. They are worse in every way apart from complete disorder and chaos.
Corporations are, in most cases, much more authoritarian than democratic. With a few exceptions, workers don't get a vote in the running of a corporation. To the extent that they do, it's usually in the form of unions or the very rare category of worker cooperatives.

Even for countries, they absolutely can be efficient, it's just the efficiency is directed at stuff The Leader wants rather than stuff The People want.

The authoritarianism of corporations cannot be compared that of a state, workers might not get a vote but they are free to leave a corporation in a free society, and corporations do not have the power to arrest people (I'm aware of exceptions). They're also subject to much higher selective pressure than states which helps keep them in check.

I was talking about overall and general efficiency, authoritarian states are less economically, militarily and scientifically efficient than their freer counterparts. They may be effective at pursuing specific policy goals, and there are authoritarian states that have sufficient mass that they can achieve a lot in any given field, but they are usually more effective at giving the appearance of effectiveness that they are than actually achieving anything. Either way, effectiveness is not efficiency.

Any real governing model cannot afford to be entirely authoritarian or entirely libertarian. It seems it has to have a mix of qualities.

How can you enforce legislation without authority? But also, how can you foster innovation without liberty?

Well, the question of the specific make up of an entire governing model, complex as that would be, is an important question. I don’t think it’s the question that’s key here.

What I was referring to was we need a world that is without borders and doesn’t incentivize existential competition between different groups.

We’re smart enough to figure out how to all get along if we can just be better, than the way we’re made. Compulsive, animal natures.

I agree with you. The problem of governance is tricky. And it seems there’s not enough innovation, and the incentives that would support innovation don’t exist insufficient quantity.

And that’s why I think we should give ourselves trickier governing challenges, such as figuring out how to create this world without borders. You’re not always air quotes ready before you take the leap, whatever it is.

One of the reasons I appreciated academics in my youth was because of how international they were and their bias towards disseminating knowledge globally.

I think the modern day equivalent is libre/free/open source. I encourage everyone to support libre/free/open source software, hardware and data.

I agree we should spread knowledge and source code, but I don’t think open source always works. The reason seems to be because when you create an open system with no restrictions beyond an honor system, people and organizations take advantage of it.

You need force, I just don’t think you need borders anymore.

I agree that FOSS isn't always the right tool but for maybe different reasons. In my opinion, FOSS works best when there's a slow moving target that allows for small, incremental additions to make it better. This is why FOSS and games tend to not be a good fit and what FOSS and server side infrastructure is a good fit.

Also, in terms of "force", many FOSS licenses have reciprocity or even viral terms associated with them. Violations of that agreement can have legal consequences for organizations.

True, but effective enforcement could be expensive. See that recent French case. 14 years to victory!

I like your point about FOSS tho. I'll think about that. My current idea is that FOSS is good for utilities, or things you can plug in, but for full blown applications like my BrowserBox^0 is, or Andris Rienmann's EmailEngine^1, it's not so great.

Tho, 'slow moving target' seems a good heuristic worth considering. Thank you! :)

0: https://github.com/BrowserBox/BrowserBox

1: https://emailengine.app/

It’s all fun and games being that collective until you realise the other side hate you because you’re different from them. You’ve given away everything and they now dominate you. Cute ideas but game theory still holds. Why does every tree in the forest waste its energy and time competing to grow tall rather than just immediately spreading seed? Game theory.
“People are no better than this, so we better math the shit outta it.” That’s exactly what a Chinese technocrat would say. But we can be bigger than game theory. We’re not chess pieces we’ve got choices.

It seems like hating the other side is the problem. But what if it’s not? What if it’s closer to what you say in that this is driven by some underlying genetics, and the hate appears later as a conscious rationalization of instinct?

I still believe we can be bigger than our biology and collectively we should. In some sense in part, the history of civilization is a kind of conquest of our culture over our biology.

Little aside, as there’s nowhere else to put it: when I originally made that comment, it wasn’t flagged and I didn’t have the flagged joke at the top of the comment.

But I immediately thought “this is going to get flagged,” so I put that little joke there and then sure enough it did get flagged sometime later.

What I wonder is: would it have still got flagged, without that little joke about it being flagged at the top?

I guess we’ll never know! at least in this version of the universe. Might have to hop over to another version in order to see the alternative. Hahaha! :)

[flagged]
So... Indentured slavery?
No, the choice to learn in American institutions, make tons of American money, and live the American dream. None of those things should benefit a country that we are in direct competition with.

Slavery is wrong, becoming an international student to get a world-class education and work in the center of the tech industry is not. Comparing them is very silly.

This dystopian vision would require lighting the Fourth Amendment on fire and lead to widespread human rights violations of innocent people. Is corporate espionage a problem? Of course it is. Is it worth abandoning the principles of a free society for? Absolutely not.
Citizens should always be incredibly insulated from any sort of government interference, I agree. The Constitution should be ratified so any time it mentions “people” or “persons” it instead says “citizens”. We need a separate document that applies to non-citizens.
Sounds a bit like ancient Athens. (That's not a complement.)
If you can't beat them, join them, I guess. CCP has been saying for 70 years that a free society cannot compete with a totalitarian society. US can either agree or disagree. What we cannot honestly do is claim to disagree but agree via our actions.
Not down voting but... Slow clap.
What exactly sterling secrets looks like? Suppose I work on a video streaming service. Spent 8 years. Now I know in and out of it. The ffmpeg the queues the buckets the meta data and what not.

Someone hires me. I build a steaming service. But this time I'm much more polished and faster.

Is this stealing too?

There is not exact definition. Real world is messy.
Definitely downloading and uploading company documents to people outside the company counts as stealing...
As a sibling comment mentions, it depends.

If you want to learn more, there is a thing called clean-room development which is a process used to reduce the legal risk of copyright and intellectual property violations.

(comment deleted)
No, that would be your government or employer preventing you from using your specialized skills to earn a living. In theory, a competitor can hire you for your skills - but your new employer will make it clear they are "only hiring you for your skills, not your proprietary knowledge". I've see that clause even as a junior employee.