Lawsuit accuses Nvidia of stealing trade secrets — perpetrator busted with a screenshot of stolen code
Rival car tech company Valeo is the plaintiff.
Automotive tech company Valeo Schalter und Sensoren is suing Nvidia for stealing trade secrets (via SiliconValley.com). Nvidia hired former Valeo employee Mohammad Moniruzzaman in 2021, and before leaving Valeo, he copied large numbers of files, including source code for an AI-assisted parking application and other confidential documents. The alleged perpetrator accidentally showed the stolen files during a video chat, which others promptly documented with screenshots. Now that the employee has been criminally convicted, Valeo is after Nvidia.
The theft was discovered when Moniruzzaman was on a collaborative conference call with Nvidia and Valeo employees. While on the call, Moniruzzaman gave a presentation and shared his screen so participants could follow along. After the presentation was done, he didn't stop sharing his screen, which was likely unintentional. Upon minimizing the presentation window, he mistakenly revealed a window that contained the source code to Valeo's software and the phrase "ValeoDocs."
When his former coworkers saw the source code, they immediately recognized it and screenshotted it as evidence. Valeo then investigated Moniruzzaman's actions before he left the company and discovered that he had copied the source code and other files. In 2022, Germany began a criminal investigation of Moniruzzaman, ending in his conviction in September.
While you may not have heard of Valeo, it's actually a 100-year-old company based in Paris, and it's been in the high-tech automotive business for a couple of decades. Valeo and Nvidia were contracted by an unnamed car manufacturer to develop parking-assistance software.
In its lawsuit, Valeo describes itself as an established company in the automotive industry while Nvidia is merely "a recent entrant to the automotive industry" with a "total lack of experience" in making parking-assistance technology. What Valeo implies is pretty clear: Nvidia is a newcomer to the car industry, so how is it able to make such cutting-edge software?
Valeo argues that now-convicted Moniruzzaman shared the company's trade secrets with Nvidia. These secrets include source code, spreadsheets, and other documents critical to understanding Valeo's parking assistance tech.
Nvidia hasn't commented on the lawsuit, but its lawyers sent a letter to Valeo in 2022 explaining that the company had no idea Moniruzzaman had stolen anything confidential until he was already under investigation. The letter also stated that Nvidia "has no interest in Valeo's code" and that it has "cooperated fully."
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
It wouldn't be the first time Nvidia has been sued for illegally using intellectual property. Nvidia was sued in 2019 for infringing on Xerpi Corp's semiconductor patents. However, the court case is still ongoing, so Nvidia isn't a repeat offender, at least not yet.
Matthew Connatser is a freelancing writer for Tom's Hardware US. He writes articles about CPUs, GPUs, SSDs, and computers in general.
-
thisisaname I assume Nvidia is no longer working with Valeo?Reply
Also from https://www.mercurynews.com/2023/11/17/caught-by-screen-sharing-lawsuit-claims-santa-clara-chip-titan-nvidia-stole-rivals-secrets/they are a German based company? -
bit_user Shouldda named the folder "work stuff". Nobody ever thinks to look there!Reply
🤣
...as an aside, I've noticed more than one of my co-workers have a folder, where they collect all of the projects they're working on, and have named it "work". I'm thinking... "this is your work computer, so what else have you got on here?" In reality, it's probably just an unimaginative name. I use "prj" as the root directory of my project-specific files. -
vanadiel007 Pretty sure Valeo Schalter und Sensoren is German based due to the words Schalter und Sensoren being German words for switches and sensors.Reply
They are part of the Valeo group, based in Paris. -
Evildead_666
I've mentioned i work in tech support.bit_user said:Shouldda named the folder "work stuff". Nobody ever thinks to look there!
🤣
...as an aside, I've noticed more than one of my co-workers have a folder, where they collect all of the projects they're working on, and have named it "work". I'm thinking... "this is your work computer, so what else have you got on here?" In reality, it's probably just an unimaginative name. I use "prj" as the root directory of my project-specific files.
We've found gigabytes of porn, games, emule, limewire, and of course, loads of videos and music "clearly" downloaded illegally.
If you have a folder labelled "personal" we are not allowed to look in it.
If its 50GB or 100GB, we might inquire to the user to keep their personal files elsewhere, preferably on a personal USB stick, which we have no right whatsoever to look into.
(Getting anything off the company machine to a usb stick is not easy, requires permissions, and explicitly precludes personal data that shouldn't be on the machine in the first place).
If you get fired, that personal folder, and anything else on the company's hardware, stays, until the company says it can be wiped or deleted.
We have a write protect USB policy by default, but you can read from usb ok.
Put anything like films/music etc, on a USB stick, and you're fine. Don't put it on work machines.
The worst is OneDrive or Box drive.
Things are NEVER deleted from those, even if you ask for it to be deleted.
It just never is.
Thats why we tell people all the time to never put personal stuff on the company cloud drives.
someone who was leaving the company, had gigabytes of personal photos on there, and was dismayed when told that the company would have to go through all of them, to see what she was allowed to keep, and make sure there was no company data being copied .
If your company doesn't allow USB keys, just use your mobile phone for everything personal, and don't copy anything onto the company machines.
Keep personal and professional life separate, even with the company phone ;) -
bit_user
My company has a policy that prevents normal USB sticks from working. I think there's some kind of encrypted USB stick you can use, but they might still have policies limiting where/when/how those can be used.Evildead_666 said:Put anything like films/music etc, on a USB stick, and you're fine. Don't put it on work machines.
According to what they've said, the recycle bin does get emptied after a while. I'm sure there's also a time limit on how long backup are retained, but at least some backups are probably kept for years.Evildead_666 said:The worst is OneDrive or Box drive.
Things are NEVER deleted from those, even if you ask for it to be deleted.
It just never is. -
Evildead_666
multiple recycle bins for Onedrive.bit_user said:My company has a policy that prevents normal USB sticks from working. I think there's some kind of encrypted USB stick you can use, but they might still have policies limiting where/when/how those can be used.
According to what they've said, the recycle bin does get emptied after a while. I'm sure there's also a time limit on how long backup are retained, but at least some backups are probably kept for years.
Just in case you accidentally delete something.
But you can even get data that has been deleted from that extra recycle bin, and even months later.
Just in case you didn't mean to delete it, or something.
I think its 6 months, but just best to say never.
This was before GDPR, so it might legally be better now. -
tracker1 It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.Reply
As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods. I usually get permission to put such things on GitHub as open source or submit upstream.
I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.
Given the conviction,. I'm guessing he may have taken and passed on more than they should have. But given how litigious some organizations can get it's hard to know overhear. Especially since the law is an especially gray. -
Order 66
I'm not really sure either, on the surface it seems really bad, but that depends on how much he took.tracker1 said:It's really hard to say where things lay in this. A single screen of source code is not even a fraction of any given program or library.
As to copying the source, IMO kind of depends on how close it was to quitting, and even then. Many devs will keep inconsequential libraries or methods. I usually get permission to put such things on GitHub as open source or submit upstream.
I'll also tend to send myself contact emails for my coworkers to stay in touch or connect on LinkedIn.
Given the conviction,. I'm guessing he may have taken and passed on more than they should have. But given how litigious some organizations can get it's hard to know overhear. Especially since the law is an especially gray. -
HaninTH Evildead_666 said:Keep personal and professional life separate, even with the company phone ;)
Maybe I'm just spoiled, as I can turn in any direction and have a PC/laptop in front of me, but I really do not understand the mentality some people have of using their work provided equipment for anything other than work.
I go out of my way to segregate the things I do with computers and have equipment dedicated for task/purpose. *shrugs* -
stonecarver
Well said. :popcorn:HaninTH said:I go out of my way to segregate the things I do with computers and have equipment dedicated for task/purpose. *shrugs*