Best quote: "People working for Didi apply for intern jobs at Uber China and then exfiltrate our data. We can’t let them see the formulas or they’ll just copy what we do!”
This is so true. People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis. I was responding to an unrelated breach at an unnamed tech company back in mid-2000s time frame and had a side bar conversation that went like the following:
Them: "Yeah, we just opened a tech center in Xinjiang and ... wow, we've had quite the rash of lost ID badges there recently"
Me: "Have you considered that they're not 'lost', but rather 'sold' for profit?"
... silence ...
I don't know if executives are aware but just don't care, or if they're simply incompetent, but China has productized industrial espionage on a massive scale. GE Aviation was a victim more recently: https://www.cincinnati.com/story/news/2022/11/16/accused-chi...
I've watched key, core engineers and technical leaders work for US and European companies, develop their next generation products, then turn around and design and develop essentially the exact same thing for the Chinese market. They then build a company, in China, that makes essentially the same product, but for the Chinese Market, and with Chinese investors, etc.
Examples:
Thoratec/Abbot Heartmate III & CH Biomedical
Auris/Verb/J&J Robotic & Digital Solutions & Renovo Surgical
The ironic thing, is that some of these companies after success in China are working to sell and be competitive in the US and Europe.
It's not even secret or under the table anymore, it's overt and largely accepted as the way it is in our industry. A brave new world.
The other factor, is that it is very very difficult for a foreign company to do business and protect their assets in China, so often the wise companies don't even try. They often just license their stuff for the Chinese market to a Chinese company. That way they at least have a chance of not having it all just stolen.
This feels like the debate between tax evasion and tax avoidance. What the engineer did here going to an IP lawless place is more like tax avoidance. It has a bad smell but he legally exploited a loophole in the international IP system if I understood correctly. Sort of migrating to a tax haven to avoid taxes.
Unless there is something explicitly stated in your contract banning you from taking the "know-how" in your brains and use it elsewhere (so long as you don't breach any patent) then it sounds there is nothing technically wrong.
Which is why there are export bans on plenty of things to China, the US Gov (I'm not American) rightfully understands what's going on under the table and the easiest way to curb theft of high technology is an outright ban (Nvidia products, etc).
I think it's a cultural thing as well, some sort of hustle culture, as the Chinese citizens that moved to NZ when I grew up loved to flout rules & laws around things like the property markets etc - one big problem was Chinese nationals buying up as much NZ baby formula & milk poweder as they could get, hiking the price & selling/sending it to China, so much that NZ experienced shortages for Kiwi mothers trying to feed their babies, so much so that supermarkets had to instate a X per person policy. When I worked in one during 1st year uni I would get literally screamed at in Mandarin by angry and aggressive Chinese nationals with trolleys full of baby formula.
And keep in mind that all of that started only because of the big scare where Chinese baby formula was found to have melamine in it (https://en.wikipedia.org/wiki/2008_Chinese_milk_scandal) killing 6 babies, affecting hundreds of thousands. All because Sanlu's execs wanted more $$$ so they cut their product.
Am not a lawyer or even a tax expert, just was noting that for non-experts in these domains this scenario look similar (China is doing to IP what tax havens did for taxes).
> It's that I'm saying they design a very specific thing, a very specific way, for hire, then go make that exact specific thing, that same specific way.
I really doubt this unless all the inputs are commoditised. Industrial espionage usually fails because if you don’t have the know how to make the tools that make the tools it’s difficult to impossible to literally copy it. Not saying what you’re saying doesn’t happen, it does, all the time. But usually the engineering is substantially different if only because different things are cheap or expensive, or just unavailable.
> If it were in any other country but China, it wouldn't be allowed to happen.
Historically, the US, Japan, Korea, Taiwan all did it. No doubt Vietnam does it now too. Not like they have an excellent civil legal system. Joys of working in developing countries.
> if you don’t have the know how to make the tools that make the tools it’s difficult to impossible to literally copy it.
Smart and knowledgable people in a certain field, but who are slightly stuck, can be helped by a few tiny details. If someone can provide a specific manual or piece of documentation, or just a photo copy or image of some key detail then those smart and knowledgable people can pass the hurdle and continue.
Exactly, and now days you can buy most tools you would need on ebay. Need a huge cnc milling machine? Ebay, Need an injection molding machine? Packaging equipment, whatever. Even medical equipment
Even inside itself: filmmakers went to remote Los Angeles in the early 1900s because Thomas Edison, in NJ, held most of the patents on motion picture cameras and out west they were much more difficult to enforce.
What, should we let each country "have their turn" at morals, ethics and ideas from a hundred years ago or more?
I mean if that's the case the so be it, but they should expect protectionism in response - US already bans export of certain technologies to China, if we embrace the differences in views on IP theft, how are Western countries meant to protect the IP they invested money in nowadays?
Or do we just give it away for free? Who pays to develop this free IP then?
But was it state sponsored? My understanding is that it was mostly robber barrons doing their thing, which isn't really "The US", its more "People in the US".
I'll admit the failures of the US government just much as anyone, am and will always be a tough critic..
But let's not forget the greater context here.
We are talking about a communist country with very top down, state architected enterprises and actions with the USA, which is certainly not those things.
The US isn't perfect, by any means, I'm not trying to say that. Context, that's what I'm trying to have us remember here.
How is that context supposed to be relevant to the point? That China is doing a poorer job by trying to direct the process centrally rather than something more nimble?
I'm not trying to say anything in particular other than drawing conclusions by making comparisons the US from 100-200 years ago to China today isn't very relevant and therefore is not very useful.
My original comment that started this whole thread is similar. I'm not trying to communicate any kind of opinion on it. It's just an observation of things I've personally seen happen in the world. Others are putting their own opinions on if it's right or wrong. I'm not trying to say any of that, just share my honest observations on the world.
If you learn how to build a castel with a very specific era look and feel as an architect, would you not then be likely hired to build a similar castel elsewhere?
I Do this for a living, ave for 20 years. I've designed many "castles" with similar looks and feels, similar materials, they work similarly.
But I've never built the exact same castle, with the exact same Floorplan, with the exact same plans. That's what I'm highlighting that I've seen several times.
A cool aside, I love this song by Watsky called "cardboard castles". Having done this for 20 years (build "cardboard castles") I identify with it.
The espionage really is next level in China. It’s not just reconstructing software (that’s part of it) but stealing binaries (and source where they can) for everything along the way.
I worked at a large tech co with an assembly line in China and experienced this first hand. A routine scan of one of our calibration machines turned up a Trojan with a copy of all calibration software squirreled away. Fortunately nothing is network connected there, but it was obvious someone was planning to come back for it. The stash had our calibration software and the factory’s proprietary control software on it. Both companies sent security to watch the machine for 48 hours straight until a hard drive shredder could be procured to mutually assure each party no software would leak. It was nuts, but apparently common.
Just Google "Chinese protectionist" and then any industry. The Chinese government has been actively targeting everything from CNC machine tools to medical devices and semiconductors for decades. Some industries with more success than others. Anything they import, especially industrial equipment like textile looms, cnc machines, semiconductor equipment, etc. There are big, long term, well funded pushes to manufacture indigenous versions of just about everything. Airplanes, jet engines, computer chips, industrial equipment, on and on
Mainand Chinese culture owes itself more to Stalin than to Confucius. If you lived in USSR stories like this have certain warmth of deep cultural connect.
That's not "the deal". It's illegal. No one on either side agreed to do this and had that been part of the negotiation, the offended party would have walked away or else agreed to a higher sale price in exchange for technology transfer.
According to who? Sovereign states have their own laws, that's what makes them sovereign.
You claim that companies wouldn't have done business in China (in the times before our current Second Cold War) had they known about the lack of IP law enforcement there. I think companies who outsourced to China knew very well what was going on, and calculated that they'd still come out ahead.
I agree with this. The executives that made the decision to outsource and offshore understood that near term gains would come with long term consequences, they always do. Those executives did very well by those short term gains.
According to international trade law and China itself. [1] People are making absolutely wild, misinformed claims that don't belong here. Claiming executives knew what they were getting into is pure conjecture.
> Sovereign states have their own laws, that's what makes them sovereign.
You're making a grossly misinformed claim here. Sovereign countries also participate outside their borders and are subject to the international agreements they participate in.
> Claiming executives knew what they were getting into is pure conjecture.
Schrodinger's executive - when things go well, it's because they meticulously planned every detail. When things go wrong, suddenly they know less about their business than my grandma does.
What is the cause of this habit of making up excuses for people that get massive compensation but never take any responsibility?
Do you understand that the side of this argument you're representing is making excuses for internationally illegal theft as, "well they sure had it coming?"
The side you are representing was trusted with safekeeping this information. They purposefully placed it into the jurisdiction where it is frequently, systematically stolen. They clearly did this to save a few bucks. Quite reasonably, some people are asking, why do they face no accountability for this decision.
You are coming up with excuses like "well they couldn't possibly be aware of information that was widely avaliable in mass media since 2010 at least.
Would you accept this sort of excuse if someone was in charge of safekeeping your child and they took your kid for a walk through an area known for violence and murder?
I can no longer follow your argument, sorry. This is blatantly moving goalposts to excuse theft and defend what exactly? Are you suggesting industrial theft at a mass scale is excusable because they knew the risks? That is the definition of victim-blaming.
Shareholders are victims, executives are their agents that acted against shareholder’s long term interests.
Here is a better example; you trust the bank with your money, bank gets robbed. The criminals are gonna be criminals. But why is the bank vault made of cardboard, and why is the password ‘1234’? Imagine the same bank keeps getting robbed for 10 years, and they make no attempt to fix things.
Should the management still get their bonus? Should they be help to account? At some point you have to start asking if the bank management is in on the crime.
This is so obnoxiously wrong. You could add qualifications to your statement to be less wrong but your statement as is is stupid. When I'm banging my wife is it my duty to start banging on the walls and bellow at my sleeping kids to let them know what I'm up to?
It "feels OK", stripped of context, but nevertheless results in your industries slowly withering and getting taken over by their new Chinese competitors in what used to be their home market.
If you remove uniforms from a soccer match, you can celebrate each individual player's goal. But the team that forgets they are (or should be) playing a team game will be obliterated.
Everyone should've seen what happened to Cisco and thought better, but short sighted execs focused only on next quarter gladly opened the gates and accepted the horse.
Everyone did see it coming. Interviews of experts on TV, talked about at the coffee table at every industry in the west. But since the stockmarket demands constant growth we have to move production to china. And when the move is done, the CEO has a nice rep-sheet showing how much profits went up while he was working at the company and gets hired by the next one.
How is that related? Are you actually saying that the US was being unfair to Germany by stepping on their IP? Of all the criticisms of that program I’ve never heard “but won’t somebody think of the Germans” lol.
Also, two wrongs don’t make a right, and 1945 was 2-3 scientific revolutions ago
I mean its still pretty hypocritical - the US is happy to take in literal Nazi war criminals to stay as a super power, yet they start clutching pearls if a developing country tries and poach some talent with IP knowledge.
Not to say I subscribe to the notion of intellectual property, but I would expect military secrets to be treated differently than trade secrets for purposes of IP.
Perhaps that is an American cultural tradition that China is unlikely to respect.
>it's overt and largely accepted as the way it is in our industry. A brave new world.
What alternative is there? The only protection there ever was for taking business secrets was patent enforcement, civil lawsuits or prison. If a foreign government won't cooperate on any of those things, what can you do?
The only answer humanity has ever come up with is something like a government intelligence agency, where everything is obfuscated by clearance levels and need to know compartmentalization, and any violations are handled criminally, with armies of full time counter espionage people. That just wouldn't work in the corporate world.
> some of these companies after success in China are working to sell and be competitive in the US and Europe.
Just out of curiosity: can't these companies be sued by the IP holding company when they try to sell outside of China, and be forbidden to sell their products in US and Europe?
Yes, but by the time all that happens the patent protection is likely to have run out.
Basically what I've seen is new tech is designed and released here, owns the market for 10 or so years, by then one of these companies in question has started to get momentum I the Chinese market, then 15 or so years after they start to think about coming back to this market, and by then the IP protection has run out.
I got into this with another set of engineers on Reddit where I discovered there’s a subculture of engineers who don’t believe you can’t actually own code and apparently take a copy of their employers source code repository everytime they switch jobs.
Edit:
Updated “can actually own code” to “can’t actually own code”
FYI the edit might have made it more confusing, since there's a double negative now. "don't believe you can't actually own code" reads as "believe you can actually own code", which I'm not sure is what you were going for.
One thing I regret is not taking a copy of the code I wrote for another company, so many handy little utility functions I made that I then had to recreate. The transaction costs for b2b are far too high for any reasonable sale, so exfiltration is the utilitarian choice.
That’s still just theft if you’re not a contractor? Full time software employees are doing work for hire. There’s plenty of moral and ideological arguments about theft being morally acceptable in this situation but I was more marveling at the people who thought that taking source code from their company was legally not theft
There are situations where developers emailed/cloud uploaded/took hard drive of code they had been working on when he left the organization and were looking at prison sentences for theft...not copyright infringement. They didn't even give it to someone or reuse it somewhere. Just the fact of trying to keep it when they left as illegal.
All that to say that in some circumstances taking source code is considered theft.
in my country, copying source code is definitely theft and is contractually enforced. but reproducing similar concepts/architectures from memory happens often
Your jurisdiction may have a law called "IP theft" or it may not, either way the moral category of "theft" does nor apply.
(Also, if it was theft this particular example would be theft in the same way that taking a book from someone's recycling bin would be theft: no one is worse off)
1. Suppose the OP did not take the source code files, but memorized the source code and later recalled it from memory. Would that be theft?
2. Suppose the OP neither took the file nor memorized the code, but had photographic memory and replayed the exact visual scenes during their creation of the utility functions and copied down the code from what they saw in their mind's eye. Would that be theft?
3. Suppose the OP was solving a seemingly novel problem and suddenly remembered how they solved the exact same problem when they were employed by company X. Are they obligated to banish this solution from their mind?
For the other examples, it depends but I'm pretty sure a copyright infringement case for either of them wouldn't be immediately thrown out. IANAL but I do know that law is quite fuzzy.
It’s alarming because, in my experience, anything you write for an employer is intellectual property of the company. Unless he wrote that Box demo all on his own time and his own equipment completely outside of work, or Box has some abnormal contract with their employees, he can’t just slap an MIT license onto it and call it open source.
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.
Worse than that, many companies have clauses that indicate that any software you write (regardless of whether for the company or not), belongs to them. I don’t know if this would hold up in court, but it’s there in the contract.
It’s pretty hard not to overlap with big tech companies. Everything has been touched internally.
My understanding is the same though. Unfortunately whether a clause is legal or not may matter little - you’ll run out of cash for legal bills before they do. The best defense is probably just that most companies don’t care about your side projects.
Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.
Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.
If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.
It's easiest and sanest to assume that people are not lying.
> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Yep, that's the reasonable default position.
If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.
The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.
That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)
"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.
You can assume whatever you want but the cops may not be very impressed.
There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.
If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.
I'm not talking about this code in particular - I am talking about all code presumably written by individuals and posted on GitHub with a LICENSE file saying it's free software.
It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
This case is no different.
Nothing in the author's linked story suggests this code is not MIT licensed as the repo claims. It is unreasonable to assume that the license file in the repo is false; nothing available to us supports this assumption.
I think it's reasonable to assume that it belongs wholy to Uber and that he was acting illegally to publish it on github. He even showed us the sofa in the Uber office where he wrote it. He told us his manager asked him to write the code and seemingly had no idea that he'd written a database engine. He told us that they were paranoid of industrial espionage at the time. There seems to be zero reason to suspect that Uber carved out a specific exception to the usual employment contract enabling him to work on and release this code as FOSS while at the company.
Yeah, you want to get rid of uncertainty, but it's here to stay. The whole legal system is not brought to its knees over the fact that no code on GitHub (gasp) is automatically guaranteed to be safe against copyright infringement.
> It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
Yes, absolutely: presumption, not certainty. (Nitpicking the phrasing: presumption that the copyright is not a lie, the issue does not even venture into licensing.)
You seem to be using an absence of evidence as evidence of absence.
There's nothing to explicitly suggest that either is the rightsholder; that is another assumption, which is directly counter to the fact that the person who wrote the code posted it alongside an MIT license.
Not when he wrote it for and showed it to box. Doesn’t matter how he “licensed” it. They would have had good legal standing to come after him. I can’t believe he wrote that on his blog. He should honestly take it down.
> I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.
You can be 99.999% sure unless the engineer went through a long painstaking process to get Box or Uber to open-source and then re-license the code to MIT, it was fully owned under traditional copyright by Box when it was originally authored.
Actually, it gets fairly complicated, because he created a derivate work at Uber with with what is likely Box's IP.
Sorta. He has a license (MIT), but no copyright statement. The license is an agreement between the copyright holder and the user. Normally he would have gotten the sign-off from his employer to release this, and this thing would be Copyright: Box, License: MIT. But there's no explicit copyright holder stated, which makes me think that he just uploaded and "licensed" code that he doesn't own.
The code is MIT licensed if and only if the copyright holder - not the author of the story but respectively Box or Uber - explicitly made it MIT licensed. Without a legally binding commitment from these companies, a "license.txt" at the repository can't make it MIT licensed, all it means that the author is lying about its license. He doesn't own the code (despite writing it) so his "permission" is worse than worthless (by being dangerously misleading) without an explicit blessing by the company - even an implicit "we probably don't care" doesn't cut it.
He could be authorised to open source the company code he wrote. Though, I wouldn’t bet it’s the case there. But Uber has a lot of Open-source projects so they are perhaps allowing engineers to decide themselves.
You can't just re-license intellectual property that someone owns the rights to. EVEN if you authored originally. It's likely Box and Uber own rights to different parts of the IP, under both employment law, and his employment contract.
If we're being generous, the author may have had permission to do so. It's not inconceivable; the code was abandoned. If one of my reports had asked, I would have approved.
I think you might be surprised how easy this process is at some big tech companies. For me the bigger hurdle is getting past a privacy review, not the issue of the license.
What big tech company makes it easy for you to take code written and deployed there while you were employed, and just open-source it?
I know there are big tech firms that own everything you do outside of work, but have a fairly easy process to allow you to release that as open-source.
But this is different, this is about code written for and deployed by the company itself, that isn't part of any corporate open-source strategy.
“Corporate open source strategy” where I work is just having a form that engineers can fill out to request to open source things, and a committee on the other end of the form to sign off. It’s similar to the process for speaking at a conference or publishing on the company blog. Management sometimes steers in the direction of more or less public content, but specific releases are always individual initiative by engineers who want to develop their project in the open. Tech brand wants our name associated with high quality work.
I've only managed small businesses not large ones, but personally I'd be fine 9 times out of 10 with a developer who asked to open source a project they had built an mvp/poc of, but that never got approved to be used at all.
I could even imagine approving of a policy for the open sourcing / licensing of code, where any code that's used or previously used by the company in any way needs to go through an approvals process if anyone wants to open source it, while anything created but never used has a much simpler barrier such as manager agreeing in writing that it's unneeded code and therefore eligible for instant open sourcing under a specific license and specific terms of release.
> "But this is different, this is about code written for and deployed by the company itself"
Written for, yes, but seemingly never deployed (except to the extent that it could be demo'd and rejected). From the article:
> [After looking at a product owned by an unrelated team in the company, he single-handedly decided to make what he thought would be a good add-on or sibling to it] "I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day."
It's not impossible "nothing came of it" is a shortened version of "they said it seemed like an awesome tool but too far from the original scope to want to take on and commit to maintaining, and as they said there was no chance that decision would change my manager agreed to sign off on my releasing it under MIT license as is allowed for un-used code."
Story time. In a past life, I tried to open source code I wrote at work. My manager greenlit it, but obviously that wasn't enough. Next thing I know, I'm in a room with a lawyer trying to write a patent. In the end, no patent was filed, and the code was never open sourced. What a waste. Arguably, that was 15+ years ago, it would probably go down differently now...
I do academic research and write a ton of code to support this. In grad school (many years ago) at a Midwestern state school, I try to release some code under GPL and get blocked by the school's tech transfer department. It's a program that was designed to support the lab research we were doing (LIMS, ordering, etc). It wasn't much, but it very much made our lab run better. In the end, they licensed it out to a start up that flamed out. The entire process was messy, but all I really wanted was to release it with a GPL license and get on with my work. That office made my life quite difficult through grad school.
Fast forward a few years and I'm now at Stanford and then later UCSF. I email the tech transfer office about some code I'm planning on publishing, expecting a similar back and forth. It took all of two minutes to get back an email:
Are you planning on making money with this code? If so, let us know. If not, any open source license is fine with us.
It was a quite refreshing change to deal with institutions that knew what they were doing w.r.t. IP.
You might or might not; it's not like Google polls the shareholders to decide what source license to use for each project. Authority gets delegated and every company is different.
Actually that was the first thing I looked for in the comments, even before finishing the article and seeing he even published the finished code on his own repo (and not box or uber one), under his only name.
Indeed. Having warned against "If you treat the code like a pet for sentimental reasons, you’re working in direct opposition to the interests of the business." He does exactly that.
Who cares about copyright "ownership"? It's a means to an end, more innovation.
When it can't possible serve that end (again, selling a set of utility methods that would take a dev a few hours to make from spec is impossible) people should discard it.
i understand ownership, but software and code are so easy to copy, transfer and modify that it would be stupid not to do it. it's not like stealing a car. arrr
in other words: ownership of immaterial goods is mostly a scam
Would the world definitely be a worse place if the laws were amended to say "any software developer owns equal IP rights to the code they create as part of their jobs along with the company, so either party can do anything they want with it"?
I'm not sure it would - although it disadvantages the companies compared to the current situation, it's not like they would choose to stop hiring devs to work for them - and that's just a legalisation of the currently unethical behaviour that you think is definitely a worse situation to have?
It massively disadvantages the company. Why pay for software to be built that can just be taken by your software engineers, who form a new company and run a competing product?
Well if that were the situation for all companies, the answer to why pay is the same as it is now - even if it doesn't provide so much of a moat, they have a business need for certain code so they pay in order to have and run that code.
(I'm not sure if it would be better or worse myself, I suspect it might not make much of a difference when everything balances out.)
Why not? Why as a developer wouldn't I go to a VC and say "I have the source and rights to this premade product - fancy giving me some cash to take my team and run it?"
Yup, the Chinese government doesn't really care about infringement unless the IP is Chinese itself and being infringed upon by non-Chinese companies.
I still remember the agency I worked for getting in an industrial designer to create some beautiful cases for some iBeacon hardware we were building. They looked great.
We organise a Chinese company to do the injection moulding and are sent samples that look pretty good, so we decide to use them. Few weeks later we see OUR cases on Alibaba/Aliexpress.
The West/other countries aren't perfect either, but that's not what we're talking about here. _Everyone_ I know who has worked with Chinese manufacturing/businesses has a "they ripped us off" "they sold our hard work to someone else" "they provided lower grade x than was agreed".
And the counterarguments always come down to: "yeah but the West does X" or "you're just being racist".
Chinese companies, especially the ones that do business on Ali-X _LOVE_ this as they can get the IP and use it for $0 and then undercut the original producer of the equipment. Plenty of makers find that their designs on Tindie etc are ripped off and appear on Ali, too.
Well, not just corporate espionage, right? State espionage is going to be at every large US company too. To speak to the article, I can only imagine how excited an agency would be to get real-time updates on the Uber movements of a target.
International relations are based on reciprocity. I sincerely think that if the US didn't think that industrial espionage would be a legitimate activity of intelligence agencies, they wouldn't practice it themselves.
A crucial difference is the US spying is for state use, whereas in China the state is deeply intermixed with industry. State industrial espionage is used for commercial competitive advantage. This is a huge structural and cultural difference.
For instance it’s hard to believe China bootstrapped BYD and GWM among others from green fields. They’ve been exfiltrating and transferring automotive technology for decades. Their products are often near duplicates of other brands - such as the fiat case:
These aren’t cheap knock offs, they have a relatively high quality and with stolen R&D it’s easy to produce at a low cost - the cost can’t be explained by labor alone, as automakers outside China have access to similarly low cost labor.
Note, I don’t think China is incapable of making their own R&D at the same quality as anywhere else; they can. But they don’t when they don’t have to.
The next few decades will see a huge realignment as the decades of theft and forced transfer will begin to seriously pay off.
It's not just China. For example, there's been several accusations of the French state assisting in industrial espionage against the US, and France has acknowledged some of these cases as true
“When governments permit counterfeiting or copying of American products, it is stealing our future, and it is no longer free trade.” - US President Donald Trump, commenting on China.
Actually, the above quote is not Trump and not on China. It's Ronald Raegan on Japan in 1985.
When a new economic threat rises, the US will use the same playbook- demonizing in media, accusations, turn the public against said country, ban products, increase tariffs from said country, turn to allies, etc.
Except China has required technology transfer and has been actively committing state sponsored industrial espionage for decades. Surely this isn’t news?
I’m down with China as a competitor, but we have a strong division between state and industry and China does not. I don’t think a unipolar world is a good idea, and I’m glad for a resurgent China. But it’s absurd to put on blinders and believe forced technology transfer and industrial espionage isn’t a cornerstone of their success.
At several megacorps seeking access to Chinese markets we were forced to transfer crucial trade secrets in exchange for access. We did our best to render it as useless as possible, but it was still very key stuff. Over two decades the Chinese government erected barrier after barrier even after complying to the point that the market access failed and competitors based on our technology dominated the domestic Chinese economy.
I see your parallel comments where you vigorously decry these statements as some sort of nationalism and anti Chinese sentiment. This isn’t that - this is simple historical fact, and I have had first hand experience with it and know the game being played from personal experience. I assumed this was all common knowledge given how much press it’s gotten over the last twenty years, which makes me wonder why you’re grinding this contrarian axe so hard?
Edit: I would note that this is fundamentally different from counterfeiting. This is capturing R&D directly at the top end of technology and processes through extortion and outright theft. I don’t actually blame China or Chinese people, it’s just a cultural difference in what’s acceptable and a belief that the state and industry are separate, which China doesn’t agree with. But the lesson to be learned is China doesn’t play by our rules, and we need to adapt to the situation better.
> actively committing state sponsored industrial espionage for decades
I'm sure you are right but I feel this is actually beneficial.
The interests that have captured China are likely different from the ones in the US, and much different from the inferior oligarchs that have captured my home country (Canada). I see their national interests having an unintended consequence; the creation of markets of scale for products that are not politically viable here.
We all know the stories of oil companies buying the rights to battery technologies and sitting on them. There is even a Wikipedia article about it [1] that I'll link to below. China is never going to have enough oil to export, and as such, Oil will always be a cost center for them.
Copyright maximalism and intellectual "property" is strangling all of us, and I don't want it to put us in an early grave as a race. I'm grateful that China is "stealing" this "property" and turning it into batteries, solar panels and other products that I can buy, and that it iterates on them rapidly - rather than being put in a box.
I don't get it. Literally everyone is doing this concept. Everbody is snatching every last drop of data that isn't nailed down. Nobody asks for permission.
ChatGPT is the most recent example.
"Study hard and keep the rewards" is basically a dead concept.
The separation between state and corporation is a red herring. It's trivially easy for Bill Gates to reveal secrets to Bill Clinton behind closed doors.
Corporations are absolutely abmysal at keeping secrets. They are open-by-default and cannot legally stay in business with the level of security required to keep knowledge from leaking.
That is sort of the definition of the informal red herring fallacy whataboutism. It doesn’t mean the US hasn’t. It means it’s not related to China being wrong to use military power to bully countries. An awful lot of folks here agree it’s wrong for anyone to bully anyone in any context, especially nations bullying the people of another country. We are all, after all, people. But people citing a fallacy when a fallacy is used is fully appropriate, even if you really wish it wasn’t a fallacy.
I don't have a problem with the US bullying others. My problem is that people here on HN and in the west in general, demonizing China for doing the exact same thing when the US has done worse. They think it's ok to boycott Chinese products, but they won't boycott product from their own country. They will say that the Chinese government is evil, but is completely ok with the government of their own. They will say China has no right to bully Vietnam, but they will vote in politicians who advocate for war with just about anyone.
It's hypocritical. Don't demonize China unless you're willing to demonize yourself.
Hell, don't demonize China unless you read their point of view too. I'm sure you're only getting one POV.
> My problem is that people here on HN and in the west in general, demonizing China for doing the exact same thing when the US has done worse
Er, no. Far more ink is spilled on the US being bad, or Western countries in general being bad, by people in the West. What you're saying is not true for HN, nor for the West in general.
Because China's government is the CCP, which is the sole political party of China, which is headed by a dictator, whose endgame is to ultimately have all power concentrated into his hands, forever.
We're not demonizing Chinese people, Chinese culture, Chinese land or Chinese industry, but the forceful alignment of those things to serve a single entity over any other concern.
The West, no matter how bad it can be, doesn't have _that_ problem. Elites come and go, grassroots revolutions have happened and will keep happening without major bloodshed.
> through incentives and pressure on consortium members.
No doubt this would be "bribes and threats" if it were done by a geopolitical opponent.
Second, posts critical of the US tend to get many less votes or flagged quickly, with people calling it whataboutism in posts about China or Russia. That leaves no space to properly discuss those things.
Finally, it’s good to have things in a realist context. It’s idealist thinking if we get upset when a geopolitical enemy does something which is commonplace in out own country and that if allies.
And you use the “whataboutism” as your main argument for whenever someone isn’t anti-china. The world runs on reciprocity. Whataboutism is built into assumptions. It’s called fairness and it’s an intrinsic human trait.
Fallacious thinking is in fact an intrinsic human trait, but to equate fallacious thinking with fairness is a little creepy.
I’d also note while we are on the topic of anti-China, and you’ve lobbed anti Chinese out there - I’ll wager almost (almost!) everyone here, myself especially, isn’t anti anything about China or Chinese people. But that doesn’t mean we are pro the communist party’s policies - and frankly so are very few Chinese. The fact that forced tech transfer and industrial espionage is embarrassing to the Chinese government and sullies all success is no one’s fault but the Chinese governments, and that’s where it begins and ends.
I’m no defender of the US government either, but that’s not even the topic here. I’ll be happy to engage on that topic in the relevant threads. That’s, after all, fair.
What you’re doing is completely denouncing BYD’s accomplishments by saying they must have stolen the technology to get to where they are today.
That’s the exact argument you will use to convince yourself of any of China’s successes stories. They can’t possibly innovate because they’re Chinese and not western. Therefore, they must have stolen the tech. This is how Raegan convinced the public in 1980s.
China has enormous success stories that don’t depend on pilfering or extorting, and a rich history for thousands of years. In fact I think the Chinese governments behavior in this respect is below the divinity of Chinese people and Chinese culture. This plays out in the recent domestic behavior of the Chinese government towards its own people. I even said I welcome a multipolar world with a resurgent china.
But if you think forced technology transfer and industrial espionage by the Chinese state to benefit the Chinese states industrial interests - which have become pervasive in China under Xi with most major Chinese ventures being forced to take state funding and control - you are deluded, or are trying to delude. I say this with all the force of someone who has experienced the fact of what’s happening directly - you can throw racism or nationalism around all you want, but there’s a cold reality that exists independent of such concepts and I - and many others in technology - have experienced it first hand. It’s calculating, cold, and very much real - and race and nationalism have very little to do with it. It’s political and it’s absolutely real.
Btw, you can’t sit in a BYD and not see the technology transfers and the espionage spoils. China could be successful on its own merit, but not with the Chinese communist party controlling industry and civil society. I just hope some day Chinese people will be free to be that competitor on equal footing with the world. What happens in China today is a disgrace to Chinese everywhere, who are some of the most brilliant and hard working people out there. Until that day I welcome them to work with me here, and we can make great things together.
The way I see it, this problem will solve itself. People do not enjoy having to copy others. Historically, countries have done it to get to a comfortable state, then it stops once they're comfortable. The biggest example being Japan.
You cannot watch older Japanese animations and not see the heavy inspiration from Disney, but the style used in their shows today is far evolved. You equally cannot sit in a Toyota and not see the western influence. Travelling to America was literally part of their game plan to improve their own technology though at first it was for investigating automatic looms [1]. I would be surprised if Toyota did not reverse engineer a western vehicle. Today however, I imagine you need no convincing that Toyota is simply the superior product compared to its western counterparts and can stand on its own two feet.
Your counter argument might be that it's different with China because the government is assisting in this. To that, I would point out the Meiji Restoration in Japan. Similarly, their government encouraged young scholars to learn abroad in order to pull Japan forwards technologically. Not only that, the government hired foreigners known as "O-yatoi Gaikokujin" and " the main goal in hiring the O-yatois was to obtain transfers of technology and advice on systems and cultural ways." [2].
That last one sounds a lot like a government-funded technology transfer to me. It's definitely not happening today in Japan, but at one point the government deemed it necessary.
I agree on the point about BYD. We would definitely see the result of a technology transfer in a BYD car. But how much of that can just be attributed to hiring talent from foreign companies? There are articles about Japanese engineers being headhunted by Chinese automakers [3]. This is common in developing countries. A lot of top positions/ executives are senior engineers coming in from abroad getting a significant title bump and pay increase (the pay increase is even greater if you consider the cost of living in the host country).
If you consider headhunting talent to not be competing on equal footing with the world, then that's a completely separate discussion. But I wish to provide more peace of mind for you that this problem is indeed transitory. To do that, I will direct your attention towards the rhetoric used against minorities.
People say that minorities are criminals, but we know that's not true. It's poor people who are desperate enough to perform those acts who will turn to crime. Minorities get over-represented due to society being biased against them causing them to be in more dire financial situations. Nobody takes pride in being a criminal. The moment they are financially stable, they stop - 2nd generation immigrants have extremely low rates of criminal activity.
Similarly, China is still a poor country. We might not think of it because we think of Shanghai and Shenzhen, but their GPD per capita is lower than Russia's, and their HDI is lower than Ukraine's. As China develops, they will find more effective ways to compete that don't tarnish their image, just like other countries have done on their path of development.
My goal is not to debunk you. There are definitely some instances of shady IP dealings in China, but there are some instances that are clean as you have also pointed out. What I do want to get across though is that these are the growing pains of a developing country that successful countries also went through in the past.
People probably had this conversation about Japan when Japan was developing. They do not have them today. So too will we no longer have these conversations about China in the future.
Huawei is a giant. In phones they had bigger marketshare than Apple. Their chips are nearly on par with Qualcomm. It is naive to believe they are banned for security concerns.
Two things. First, this isn't the same thing; you're talking about embedding a resource in a company to read out real time telemetry from internal systems (information with a short shelf life), not stealing industrial trade secrets (information with a very long shelf life). Second, I can assure you that, even with our imperfect systems, there is actually a set of checks and balances in place to prevent rampant (note I said rampant) abuse of this kind.
Yes, agencies would be very excited for this sort of capability. Do they get it as a matter of course that easily? No. There are layers of accountability, legal authorities, and (warranted) push back from commercial entities.
The last bit strikes me as dubious, considering the Snowden revelations.
Yeah, sure, I'd guess that what China does is at least an order of magnitude worse, and sure, because they're less democratic, but also because they are much often behind - and let's not kid ourselves, in the situations the US feels it's behind, it's also using the widespread backdoors they have access to (Crypto AG, Cisco routers, Juniper Networks, Windows, Intel&Ryzen CPUs...)
Given Uber's efforts on Greyballing, booking fake Lyft rides, hiring Anthony Levandowski etc etc ... it's very on-brand for them to (1) fall into an espionage war with Didi (wonder where all their Vertica data came from?) and (2) have an engineer write about using code he lifted from a prior gig and then also self-published.
Its not only that, but when they can't beat them...they make them join: startups with valuable market intelligence get bought all the time by Chinese companies.
See for example the case of DEAR systems, which is a cloud-based WMS that is particularly useful for intelligence as to how much (US) importers are paying for worldwide goods, and what is the cost of shipping from A to B.
It was bought by a chinese company not long ago. That's 1 example.
They don't understand it, because what you're quoting as a behavior is pretty standard anywhere in the world. That's why companies protect their secrets from low rank employees.
Except if you're arguing that western companies are bound by stronger ethics, in which case I'd like to see some evidence.
I wouldn't say people in the west are "better people in their hearts" but they absolutely follow more strict norms regarding honesty and theft. This is one of the main reasons why companies pay a premium for workers in the west when they could hire from other places.
One example: accounting scandals in the US are rare. I don't think anyone trusts accounting figures for public companies from India or china.
> in which case I'd like to see some evidence.
The alternative to trust is enforcement. The evidence you are looking for is the prevalence of the latter principle in systems that deal with things of value.
>One example: accounting scandals in the US are rare. I don't think anyone trusts accounting figures for public companies from India or china.
I work in accounting. You’re right, I trust the US more than India or China, but you’d be surprised at the liberties US companies make and how many individuals from India are auditing their work. Auditors (excluding partners and some senior managers) are just not equipped to deal with the technical accounting concepts and to challenge management. Remember, the company employs the auditors. You certainly don’t want to ruin a $1MM contract for your firm but pressing too hard.
> You certainly don’t want to ruin a $1MM contract for your firm but pressing too hard.
Only in the west would you get any push back at all. The auditor would feel some duty to bring up an issue even if it reflected poorly on the company and even their own managers.
I agree they likely wouldn't push an issue beyond its welcome, but this particular value is unheard of in many parts of the world.
> This is one of the main reasons why companies pay a premium for workers in the west when they could hire from other places.
By this token "other places" companies would also want to pay a premium to hire US workers outside of sheer competency. Yet we're not seeing Samsung massively moving institutional operations to US centers for instance.
> accounting scandals
Whait, what ? You're telling me that while the crypto bubble is bursting and they're going to prison for egregious fraud ?
Also, scandals being few in number would probably be a sign of overcorruption and systematic rot or the controlling structure. I'm not sure that's what we want.
> Yet we're not seeing Samsung massively moving institutional operations to US centers for instance.
Culture matters a lot. Korea is a high context society, and relationship building is extremely important. Its very difficult to migrate functions to other locations when the way to get things done is through building trust and relationships over long periods of time. That said, Samsung does have significant offices all over the world.
Counterpoint: scihub, libgen links are routinely shared on HN as a matter of course (likewise in academia). I've seen HN threads in which people unapologetically reminisce about torrenting movies/music.
Perhaps your will object: "But the publishers/Disney/etc are evil, greedy entities and I don't owe them anything." But I'm sure anyone who's stolen corporate secret elsewhere can come up with a similar justification in their head! After all, that may well be why they left the company in the first place.
If a low ranking employee in Cincinnati divulged corporate trade secrets, they'd be tried and convicted. If a low ranking employee in Shanghai did the same, what can the US company do? Not much. So it's a low risk activity, that is also actively encouraged and in many cases financed by the Chinese government. This is in no way intended to be disparaging of folks who are of Chinese descent, but rather a reflection of the reality of contemporary Chinese government politics and policies.
Would you get tried in the US for interning at a company and then go to a competitor with all your inside knowledge ? [edit: barring a paid non compete agreement]
Then a step further from that, sure there are laws to prevent you from wholesale lifting corporate data and bringing them out as you leave, but as many laws it will be extremely difficult to detect and prove that happened in many low profile cases. That's why instead of just relying on the law you'll lock usb ports monitor network activity and get laptops returned when someone leaves.
It's kinda like preventing shop lifting, you know it will happen at some scale.
> US company / Chinese gov
How much leverage do you thing a Chinese company has to if a three letter US agency spies on them and pass the info to US companies ? And would you argue that scenario wouldn't happen if a specific Chinese company had a decisive advantage that could severly hurt US interests ?
For the level of copying being discussed, the scenario to compare to is when Google waymo sued Uber for copying files for hundreds of millions of dollars. They were caught copying source files & design docs.
Both for software products and manufacturing products, that's what is going on: exact copies of source code, assembly line configs, etc. Many folks write off selling to China for reasons like this. Initially that means underserving one big market for self-defense. Where it gets next-level painful and crazy is when cloners then take their derived works back to the international market to compete directly with the inventors. By then it has been tweaked, but the core is still the clone.
And I was called a racist 25 years ago when I said, “like, our engineering school is, like, crawling with Chinese nationals.” We said like a lot on the 90s.
We're headed for a very protectionist and isolated world because some players couldn't play nice. To me, the only thing holding the floodgates in the west back is the media which is very "rainbows and butterflies" about everything.
As soon as they start playing along and seeing this stuff in an alarmist way, they'll turn the narrative and report on it constantly.
That’s because you were being a racist. Most people reserve the word “crawling” for insects and other small pests. Only racists apply it to an entire set of people.
Is it the phrasing you think is racist? I don't think pointing out the fact that the student body of a given school is, for example, 20% Chinese, is racist. It's merely a statement of fact.
What is with the constant need to deploy logical fallacies? Here, you’re deploying false equivalence - what some person said as a first-person out loud based on unknown evidence that compared people to animals of some sort that walk on all fours is completely different than a Wikipedia article that contains sourced objective comparative data and shares it in third-person. And why are these two things different?
Context.
Nothing exists without context, and analysis of a thing or an action or a situation without considering context is pointless and, frankly, bad analysis. In fact, it’s bad science. Understanding, recognizing, accounting for, and sometimes mitigating context is crucial to being an engineer, a software developer, a rocket scientist, et al.
So honestly, I don’t particularly care if it’s racist or not (it is, but not because P necessarily hates Chinese people, but because it reinforces ideas and beliefs that contribute to the systemic oppression of Chinese people in the US), I just think your argument is so flimsy a stiff breeze would tear it apart.
My constant need to deploy logical fallacies? Have you confused me with someone else? I've never talked with you before. And the sanctimonious bit about "bad science" and doing better doesn't make your post any more convincing. It comes across as virtue signaling and its pretty obnoxious.
Similar reports were widespread 20+ years ago, when I worked in aerospace. Bad faith partnerships, industrial espionage, and companies barred from competing after all useful information was extracted. It has gone on for decades and nobody will do anything about it. Executives and shareholders get dollar signs in their eyes over the thought of tapping into the Chinese market, and let themselves get burned over and over again.
Since I also wear a security hat, when doing code reviews, architecture and devops stuff, it is surprising how much stuff regular developers never think about in regards to security.
I didn’t say china can’t innovate… I said that the Chinese government actively encourages and finances at a large scale industrial and economic espionage activity.
It is not "same old rhetoric" if it is in fact true. There are many publicly known examples of Chinese Espionage, including fake "police" departments in SF coercing nationals and naturalized citizens alike to commit espionage.
You don't have to take our word - you have the internet at your disposal and can locate this information freely. You are simply choosing not to.
Wait what? So you think industrial espionage is to be accepted?
> the problem is the sheer amount of one sided propaganda that you and everyone here is receiving.
I mean, you're literally doing whatabboutism with this exact line
Look I get countries looking out for their own interests and fuck the facists the US has supported but that doesn't mean I'm just willing to bend over and let governments or companies steal my company's secrets because "everyone is doing it"
Further, to be real, with the current and historical governments for each nation, I'd still rather trust the US government having the tech advantage over the Chinese one. That is abso-fuxking-lutely not an endorsement of the US government nor their actions, but, I mean the US definitely walk the walk on liberal values out of the two
If you believe the US has done what China is currently doing, then I have a bridge to sell you...
There's no point in furthering this discussion if you are unwilling or incapable of acknowledging basic, publicly accessible facts about China's espionage campaign and worse. Hint, it's not simple industrial espionage...
Whataboutism is not going to make anyone side with your position while China grows increasingly belligerent towards it's neighbors and hostile towards European and North American nations.
You don’t have to be a Trump supporter. Both liberal and conservative media have been 100% anti-China since Trump came into power. Both sides use anti-China rhetorics to generate views and votes.
The consequences trickle down to the opinions and views of the average HN poster.
> People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis.
Back in my day this was called "competition" and worked for the consumer, not against them. I find the espionage factor to be theatrical hogwash trotted out by the corporate types. We americans love competition, right? Stfu and compete.
You're missing a huge part of this: The "competition" you think you're referring to had, you know, actual rules. Sending people to get jobs at a rival, and steal all of their internal documents and trade secrets, is illegal in most countries.
Perhaps we should reframe how intellectual property works to make secrecy no longer desirable and allow industries that rely on "trade secrets" to realign naturally.
Perhaps (well.. almost certainly) that would disincentivize any of the companies in these industry from innovating at all (if you can’t gain any edge by additional investment since anything you do will be stolen you might as well start stealing if that cheaper).
This would also especially favor large mega corporations as long as they are efficient enough (due to obvious reasons).
Most substantial technological innovation is either funded by government grants or is publicly funded in some other way in the first place. It's a myth that IP laws protect innovation, they protect profits of corporations that add very little to the process on their own.
well, the us only pretends to like free market politics. in reality rich dickwads like regulation just fine, namely in the form of protecting the value of their property.
What it would do is punish companies that do real R&D, and reward companies that have no actual talent in that area. So ultimately the field would stagnate because no one would invest in R&D.
It is legal. The us has no power over china's ip. the closest you're going to get to illegal is "violates a trade agreement", and what's the us gonna do, invade china? the cope levels here are extreme.
I'm a bit confused what that would look like. Sending Americans to China to steal their secrets wouldn't work because the Chinese wouldn't hire them for exactly this reason.
This is so true. People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis. I was responding to an unrelated breach at an unnamed tech company back in mid-2000s time frame and had a side bar conversation that went like the following:
Them: "Yeah, we just opened a tech center in Xinjiang and ... wow, we've had quite the rash of lost ID badges there recently"
Me: "Have you considered that they're not 'lost', but rather 'sold' for profit?"
... silence ...
I don't know if executives are aware but just don't care, or if they're simply incompetent, but China has productized industrial espionage on a massive scale. GE Aviation was a victim more recently: https://www.cincinnati.com/story/news/2022/11/16/accused-chi...