Lawsuit accuses Nvidia of stealing trade secrets — perpetrator busted with a screenshot of stolen code

News
By
published

Rival car tech company Valeo is the plaintiff.

Nvidia logo
(Image credit: Shutterstock)

Automotive tech company Valeo Schalter und Sensoren is suing Nvidia for stealing trade secrets (via SiliconValley.com). Nvidia hired former Valeo employee Mohammad Moniruzzaman in 2021, and before leaving Valeo, he copied large numbers of files, including source code for an AI-assisted parking application and other confidential documents. The alleged perpetrator accidentally showed the stolen files during a video chat, which others promptly documented with screenshots. Now that the employee has been criminally convicted, Valeo is after Nvidia.

The theft was discovered when Moniruzzaman was on a collaborative conference call with Nvidia and Valeo employees. While on the call, Moniruzzaman gave a presentation and shared his screen so participants could follow along. After the presentation was done, he didn't stop sharing his screen, which was likely unintentional. Upon minimizing the presentation window, he mistakenly revealed a window that contained the source code to Valeo's software and the phrase "ValeoDocs."

When his former coworkers saw the source code, they immediately recognized it and screenshotted it as evidence. Valeo then investigated Moniruzzaman's actions before he left the company and discovered that he had copied the source code and other files. In 2022, Germany began a criminal investigation of Moniruzzaman, ending in his conviction in September.

While you may not have heard of Valeo, it's actually a 100-year-old company based in Paris, and it's been in the high-tech automotive business for a couple of decades. Valeo and Nvidia were contracted by an unnamed car manufacturer to develop parking-assistance software.

In its lawsuit, Valeo describes itself as an established company in the automotive industry while Nvidia is merely "a recent entrant to the automotive industry" with a "total lack of experience" in making parking-assistance technology. What Valeo implies is pretty clear: Nvidia is a newcomer to the car industry, so how is it able to make such cutting-edge software?

Valeo argues that now-convicted Moniruzzaman shared the company's trade secrets with Nvidia. These secrets include source code, spreadsheets, and other documents critical to understanding Valeo's parking assistance tech. 

Nvidia hasn't commented on the lawsuit, but its lawyers sent a letter to Valeo in 2022 explaining that the company had no idea Moniruzzaman had stolen anything confidential until he was already under investigation. The letter also stated that Nvidia "has no interest in Valeo's code" and that it has "cooperated fully."

It wouldn't be the first time Nvidia has been sued for illegally using intellectual property. Nvidia was sued in 2019 for infringing on Xerpi Corp's semiconductor patents. However, the court case is still ongoing, so Nvidia isn't a repeat offender, at least not yet.

Matthew Connatser
Matthew Connatser

Matthew Connatser is a freelancing writer for Tom's Hardware US. He writes articles about CPUs, GPUs, SSDs, and computers in general.

See more GPUs News
18 Comments Comment from the forums
  • thisisaname
    I assume Nvidia is no longer working with Valeo?

    Also from https://www.mercurynews.com/2023/11/17/caught-by-screen-sharing-lawsuit-claims-santa-clara-chip-titan-nvidia-stole-rivals-secrets/they are a German based company?
    Reply
  • bit_user
    Shouldda named the folder "work stuff". Nobody ever thinks to look there!
    🤣
    ...as an aside, I've noticed more than one of my co-workers have a folder, where they collect all of the projects they're working on, and have named it "work". I'm thinking... "this is your work computer, so what else have you got on here?" In reality, it's probably just an unimaginative name. I use "prj" as the root directory of my project-specific files.
    Reply
  • vanadiel007
    Pretty sure Valeo Schalter und Sensoren is German based due to the words Schalter und Sensoren being German words for switches and sensors.
    They are part of the Valeo group, based in Paris.
    Reply
  • Evildead_666
    bit_user said:
    Shouldda named the folder "work stuff". Nobody ever thinks to look there!
    🤣
    ...as an aside, I've noticed more than one of my co-workers have a folder, where they collect all of the projects they're working on, and have named it "work". I'm thinking... "this is your work computer, so what else have you got on here?" In reality, it's probably just an unimaginative name. I use "prj" as the root directory of my project-specific files.
    I've mentioned i work in tech support.

    We've found gigabytes of porn, games, emule, limewire, and of course, loads of videos and music "clearly" downloaded illegally.
    If you have a folder labelled "personal" we are not allowed to look in it.
    If its 50GB or 100GB, we might inquire to the user to keep their personal files elsewhere, preferably on a personal USB stick, which we have no right whatsoever to look into.
    (Getting anything off the company machine to a usb stick is not easy, requires permissions, and explicitly precludes personal data that shouldn't be on the machine in the first place).
    If you get fired, that personal folder, and anything else on the company's hardware, stays, until the company says it can be wiped or deleted.

    We have a write protect USB policy by default, but you can read from usb ok.

    Put anything like films/music etc, on a USB stick, and you're fine. Don't put it on work machines.

    The worst is OneDrive or Box drive.
    Things are NEVER deleted from those, even if you ask for it to be deleted.
    It just never is.
    Thats why we tell people all the time to never put personal stuff on the company cloud drives.
    someone who was leaving the company, had gigabytes of personal photos on there, and was dismayed when told that the company would have to go through all of them, to see what she was allowed to keep, and make sure there was no company data being copied .

    If your company doesn't allow USB keys, just use your mobile phone for everything personal, and don't copy anything onto the company machines.

    Keep personal and professional life separate, even with the company phone ;)
    Reply
  • bit_user
    Evildead_666 said:
    Put anything like films/music etc, on a USB stick, and you're fine. Don't put it on work machines.
    My company has a policy that prevents normal USB sticks from working. I think there's some kind of encrypted USB stick you can use, but they might still have policies limiting where/when/how those can be used.

    Evildead_666 said:
    The worst is OneDrive or Box drive.
    Things are NEVER deleted from those, even if you ask for it to be deleted.
    It just never is.
    According to what they've said, the recycle bin does get emptied after a while. I'm sure there's also a time limit on how long backup are retained, but at least some backups are probably kept for years.
    Reply
  • Evildead_666
    bit_user said:
    My company has a policy that prevents normal USB sticks from working. I think there's some kind of encrypted USB stick you can use, but they might still have policies limiting where/when/how those can be used.


    According to what they've said, the recycle bin does get emptied after a while. I'm sure there's also a time limit on how long backup are retained, but at least some backups are probably kept for years.
    multiple recycle bins for Onedrive.
    Just in case you accidentally delete something.
    But you can even get data that has been deleted from that extra recycle bin, and even months later.
    Just in case you didn't mean to delete it, or something.
    I think its 6 months, but just best to say never.

    This was before GDPR, so it might legally be better now.
    Reply
  • tracker1
    It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.

    As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods. I usually get permission to put such things on GitHub as open source or submit upstream.

    I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.

    Given the conviction,. I'm guessing he may have taken and passed on more than they should have. But given how litigious some organizations can get it's hard to know overhear. Especially since the law is an especially gray.
    Reply
  • Order 66
    tracker1 said:
    It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.

    As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods. I usually get permission to put such things on GitHub as open source or submit upstream.

    I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.

    Given the conviction,. I'm guessing he may have taken and passed on more than they should have. But given how litigious some organizations can get it's hard to know overhear. Especially since the law is an especially gray.
    I'm not really sure either, on the surface it seems really bad, but that depends on how much he took.
    Reply
  • HaninTH
    Evildead_666 said:
    Keep personal and professional life separate, even with the company phone ;)

    Maybe I'm just spoiled, as I can turn in any direction and have a PC/laptop in front of me, but I really do not understand the mentality some people have of using their work provided equipment for anything other than work.

    I go out of my way to segregate the things I do with computers and have equipment dedicated for task/purpose. *shrugs*
    Reply
  • stonecarver
    HaninTH said:
    I go out of my way to segregate the things I do with computers and have equipment dedicated for task/purpose. *shrugs*
    Well said. :popcorn:
    Reply