June 2, 2017

Levandowski gets fired

David Pogemiller

Note: this post was originally published on the RedOwl. com Blog

Even our best laid plans sometimes go awry. Just a short while ago, we decided to focus on the Uber/Waymo conflict as a prism through which to understand the nature of insider threats and insider screening. Our expectation was that the litigation would be a long-running saga that would offer ample opportunity to explore some of the technology, policy, and law issues arising from compliance and control obligations.

It seems now that the saga may be racing to a quicker conclusion than we might have anticipated. Just the other day, Uber fired Anthony Levandowski, the star engineer that it lured away from Waymo with the offer of more than $250 million in Uber stock. Levandowski’s fall from grace is a cautionary story for Uber, and also for him personally.

How did he reach the nadir from such heights?  His fall began with his departure from Waymo and his alleged theft of intellectual property relating to the development of driverless car technology. The evidence of that theft was sufficiently strong (including some of the insider threat logging and control indicators) that the Federal judge hearing the Waymo v. Uber case made a separate referral of possible criminal charges to the United States Attorney’s office for San Francisco. He suggested that Levandowski might be guilty of the theft of trade secrets.

From there the ball began rolling downhill. In the civil suit between Waymo and Uber, Waymo demanded the production of evidence and documents from Uber. Uber was obliged to comply (indeed, it wanted to do so) but some of those documents were not directly in their possession – rather they were under Levandowski’s custody and control.

And that is where the plot, as they say, thickened. Faced with a possible criminal investigation, Levandowski refused to turn over the documents in his control. He asserted a Fifth Amendment privilege against self-incrimination, arguing that the documents might be used to convict him of trade secret theft. Levandowski, of course, has an absolute right to make such a claim.

But that claim put Uber in a very bad box. They needed to cooperate with the court, lest it draw an inference that it was hiding damaging information. But they couldn’t force Levandowski to produce the papers he was holding.

And so, they took the only course available to them – they fired Levandowski. Doing so protected them against the wrath of the judge. But now they may face the wrath of Levandowski. Freed from his contractual obligations and burdens of loyalty to Uber, it is possible that he may choose to cooperate with either the Federal government or with Waymo – and that might mean testifying to Uber’s complicity in his scheme.

How could it have come to this for Uber? More to the point, what could they have done to prevent it from happening? And how can they protect their reputation now that it has?

On the front end, every company should review their hiring practices and make sure that every potential employee understands that there is no room for impropriety. This is as much about the culture of the firm as it is about technical checks — an enterprise needs to make it clear that they will not tolerate the use of intellectual property that is improperly brought into the firm. A hiring enterprise like Uber should also take steps to use background checks and continuous monitoring of public records for signs of potential “tempted-ness” of a new employee – for if Levandowski was an insider threat to Waymo, he is far more likely an insider threat to Uber as well.

Once the problem has manifested itself, an enterprise’s main priority should be protecting its reputation. Uber has been hard hit lately and the Levandowski hiring just adds unfortunate fuel to the fire. An important first would be to make a quick and firm decision on the employee’s ongoing employment (kudos to Uber for doing so). The next step would be to review the employee’s hiring — who did it, what review was conducted, and are there interesting things to learn from the retrospective use of insider threat/control tools to review, for example, communications with the employee. And, finally, Uber should also use its internal controls to make absolutely sure that there are no Waymo materials whatsoever within the enterprise. That won’t solve the problem, but it will mitigate the damage.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.