Former Apple Employee Responds to Lawsuit Accusing Him of Leaking Trade Secrets to Media

[schlitzz]

"Lancaster ultimately denied many of Apple's allegations "on the ground that he lacks sufficient knowledge or information to admit or deny them and/or on the ground that they state legal conclusions to which no response is required."

Get the Orange Jumpsuit ready. Time for an order of "Lancaster on Toast."

It's a civil action, not criminal. It'll get interesting when it comes to his relationship with a reporter. Was it transactional for sex? If it was, did the employer of the reporter know of it? Who's the reporter?

 

[btrach144]

Sounds like they did some digital forensics after he left.

So then he was an potentially an idiot for using a company device for potentially sharing secrets?

I remember when a Microsoft employee leaked information about windows 7 I believe. He used a hotmail account to leak the info. Microsoft searched or something within hotmail database and narrowed it down to the employee.

that of course caused blow back that a company would sift through probably multiple customers data, just to locate a bad actor.

after that, Microsoft took a stand to never do that again unless they had a court order to do so.

Idk, if you’re going to share secrets, do it on your own devices that are not using technology (hardware or software) that your employer developed is my point.

 

[za9ra22]

People dramatically overestimate Apple's security capabilities...

I seriously doubt this. Really seriously doubt it.

Aside from anything else, no competent organization makes public the security practices and procedures it uses, so it isn't as if one would expect to find details in the public domain anyway.

And their secrecy as a corporate entity is legendary. A reputation that solid is not possible to fabricate.

 

[tubedogg]

I think it's quite likely that Apple is bluffing and has no good evidence.

People dramatically overestimate Apple's security capabilities, despite evidence that shows Apple is actually quite poor at this. The only product from Apple that wasn't leaked in the past 30 years was the original iPhone. The only reason Apple managed to keep it wrapped was because they opted to reveal it publicly 6 months before it was released, IE, before more than ~10 people had seen a fully assembled prototype.

Then there's the fact that Apple appears to have virtually no quality control with the software they release. Note the constant flow of bug fixes, despite months of public beta testing. Note that regressions seem to be a common occurrence in Apple's software.

Apple doesn't have automated testing and they don't do security scans. They don't have a company culture that supports such precautions. That expands out to this case - I don't think they have any good evidence. I think Apple wants to scare their employees into compliance by making a big deal about this guy. It's all theater and they'll settle quietly to avoid stories about how it turned out that Apple was actually full of crap here.

Depends on how you define leaked, but people knew an iPod phone was coming. And I would dispute the hell out of the idea that six months prior to launch, there were just "fully assembled prototypes" that only some miniscule fraction of both the executive team and the people working on it had seen.

Yes, their software quality sucks lately. What exactly does that have to do with whether this guy leaked confidential information?

I can't imagine living in your world where simple file access logs don't exist. They filed a lawsuit predicated largely on him accessing information he shouldn't have or in a way that makes him look pretty damn guilty. At some point they have to produce that evidence, or their case goes away. And if the case goes away, what message does that send to future potential leakers?

No, you have no idea what you're talking about.

 

[tubedogg]

Meanwhile I cannot believe that an actual lawyer is facilitating this whacko claiming that he "lacks sufficient information or knowledge" to admit or deny "whether Apple 'guards closely' information concerning unreleased hardware products, unannounced feature changes to existing hardware products, or future product announcements."

This guy wasn't a janitor who only comes in on weekends to sweep the front lobby. He was an "Advanced Materials Lead and Product Design Architect" with 40 patents under his belt. I get not admitting you stole information, but you're supposed to believe a guy who worked at Apple for over 10 years and did all those things he brags about in the second paragraph of his response had no idea that Apple has a corporate posture of keeping upcoming projects secret? Like, what the actual ****.

 

[Dancin-Ted-Danson]

I seriously doubt this. Really seriously doubt it.

Aside from anything else, no competent organization makes public the security practices and procedures it uses, so it isn't as if one would expect to find details in the public domain anyway.

And their secrecy as a corporate entity is legendary. A reputation that solid is not possible to fabricate.

As a former employee, I can confirm this. There is a lot of flexibility given to your use of technology and equipment at certain levels... but you have to be crazy to think that everything accessed server side isn't logged/monitored. There is a reason you need to connect via AppleConnect to access anything server side.

A guy I met during NEO was part of IS&T. A couple years after NEO we met up for lunch and we got on this topic corp security after I made a comment of how much freedom we have to install stuff on our machines. Pretty much got a sly look and a comment of "it's all monitored on the other side". So I 100% would put money on them having this case already locked up.

(side note, got to witness the corp security team confiscate some laptops due to a lawsuit. They came met the people at the door and secured everything that was local (not server side) to hand over to legal. Wild morning)

 

[SuperCachetes]

One mans data theft is another mans whistleblower. Hard to feel sympathetic for either party here.

I agree with the your second statement - but only because I predict justice will be served. And if this is one man's "whistleblowing" that man would be incorrect. We're not talking Julian Assange here. This guy stole company IP and tried to benefit from it.

I think it's quite likely that Apple is bluffing and has no good evidence.

People dramatically overestimate Apple's security capabilities, despite evidence that shows Apple is actually quite poor at this. The only product from Apple that wasn't leaked in the past 30 years was the original iPhone. The only reason Apple managed to keep it wrapped was because they opted to reveal it publicly 6 months before it was released, IE, before more than ~10 people had seen a fully assembled prototype.

I would counter with the fact that Apple products are some of the most sought-after and highly anticipated in the consumer tech space. The demand for leaks, scoops, predictions, and such are extremely high, making scoops potentially profitable (and/or fame-building) beyond those of many other manufacturers. If your secrets are getting attacked from all sides, eventually someone will cave or slip up. That doesn't indicate "poor" security any more than imperfect software indicates "poor" quality control.

 

[Glideslope]

It's a civil action, not criminal. It'll get interesting when it comes to his relationship with a reporter. Was it transactional for sex? If it was, did the employer of the reporter know of it? Who's the reporter?

Thanks for the correction.

 

[gene731]

This is like that time I was demoted from fryer at Lord of the Fries in Poughkeepsie. Same sh*t. Ultimately left. Kept the apron.

How did you ever survive that demotion? That had to be a let down and a half, ?

 

[BGPL]

One company I would not cross in terms of intellectual property and product secrecy is Apple. I doubt what he was being paid as a media source was even close to being worth it. If it was in fact tradecraft on the reporter's part to exchange "companionship" for secrets, well that's just sad.

 

[ArtOfWarfare]

That doesn't indicate "poor" security any more than imperfect software indicates "poor" quality control.

The new WebKit vulnerability is an integer overflow. How is that not caught at any point in the quality control process?

WebKit is actually open source and you can build it yourself. It does have a set of unit tests, though I find it interesting that in the documentation it mentions that not all existing tests pass on the trunk. Meaning they know bugs exist and they don't even bother fixing them. I thought to investigate whether they have perfect coverage or mutation testing or anything, but screw all that - they can't even bother to actually make builds of their software that pass all their own tests they've already written.

Also an interesting note - they mention that the JavaScript engine tests are all written by Mozilla. Just reinforcing what I've found as a web developer over the past few years - Mozilla is the organization responsible for the web working. Without Mozilla, there's nobody documenting how browsers are supposed to work (including Safari. It's been my experience that Mozilla generally documents how Safari works better than Apple does, even though Mozilla's main focus is on documenting their own browser, Firefox.)

 

[Botts85]

"Lancaster ultimately denied many of Apple's allegations "on the ground that he lacks sufficient knowledge or information to admit or deny them and/or on the ground that they state legal conclusions to which no response is required."

Get the Orange Jumpsuit ready. Time for an order of "Lancaster on Toast."

Correct me if I'm wrong, but isn't this a purely civil suit?

 

[Unregistered 4U]

Idk, if you’re going to share secrets, do it on your own devices that are not using technology (hardware or software) that your employer developed is my point.

There’s a lot of folks, even here on this forum, that consider using company equipment for personal use is AOK. When that’s the starting attitude, he likely considered it perfectly normal to use his company equipment for his personal shenanigans. He likely even had the thought (that I’ve heard repeated) “I don’t want to carry two laptops anywhere, so I’ll just use the work one.”

 

[Glideslope]

Correct me if I'm wrong, but isn't this a purely civil suit?

I was incorrect. It is a Civil Suit.

 

[brewcitywi]

I get that Apple is a huge company, and can steamroll over people. However, if he is snarky enough to start having meetings with reporters, and allegedly leaking sensitive information about Apple, I don't have sympathy for him. I think this holds true for companies big and small.

Apple hired you--hopefully they are paying you fairly. You're probably receiving a small host of benefits, both financial and non-financial. During that time, you are leaking stuff? Where does this "entitlement" come from? Who made you the judge, presiding over workplace conditions? Are you an official union representative? If there are workplace or supply chain issues, don't you have a manager or a communication chain who would hear your concerns? So, the conditions are so grave, that you were forced to reach out to outside sources to get corporate justice? Give me a break.

Plus, anyone who logs in (after resigning or termination), in order to send "farewell e-mails to his colleagues" must think fairly high of themselves. Here is my opinion: 1. No one cares that you're leaving. 2. No one cares where you're going, or where your life and career will take you. If they did, you wouldn't need a cookie-cut mass e-mail to inform them. 3. Are you subliminally signaling your underground "brigade" of fellow Apple employees to march out the door with you? No one is budging. 4. Your farewell e-mail suddenly shows how much you "care" about your Apple colleagues? Do they know that you've spent your time selling them up the river?

"Allegedly," I know.

 

[f0cus01]

I think it's quite likely that Apple is bluffing and has no good evidence.

People dramatically overestimate Apple's security capabilities, despite evidence that shows Apple is actually quite poor at this. The only product from Apple that wasn't leaked in the past 30 years was the original iPhone. The only reason Apple managed to keep it wrapped was because they opted to reveal it publicly 6 months before it was released, IE, before more than ~10 people had seen a fully assembled prototype.

Then there's the fact that Apple appears to have virtually no quality control with the software they release. Note the constant flow of bug fixes, despite months of public beta testing. Note that regressions seem to be a common occurrence in Apple's software.

Apple doesn't have automated testing and they don't do security scans. They don't have a company culture that supports such precautions. That expands out to this case - I don't think they have any good evidence. I think Apple wants to scare their employees into compliance by making a big deal about this guy. It's all theater and they'll settle quietly to avoid stories about how it turned out that Apple was actually full of crap here.

Ex-apple employee. 100% agree with this.

 

[Merlins Ghost]

It could very well end up a criminal in a separate trial. The computer fraud and abuse act allows the gov't to go after people for accessing computer systems that they do not have permission to access or information on computer systems they don't have permission to access. Proprietary information is the usual, but other things as well. If he accessed files after quitting the company that he was not supposed to access then he would most likely run afoul of this law. Signing an NDA is a dangerous thing to do but many of us have to do it, it basically means anything you have access to from the company including overhearing conversations is considered protected information if you don't have explicit permission to divulge it.

Shame on apple for not terminating his access after quitting. Computer security 101, when an employee with more than basic access quits or is terminated you immediately remove access to the computer systems or at the least downgrade access, only give them access to email or supervised access to turn over what they are working on to other individuals. The right thing to to is pay them their final two weeks pay and bar them from entering the company anymore. Then run some basic forensics to see if they did anything in the last couple weeks before quitting. It seems a very cold thing to do, but it really is the best thing to do for the company.

In Apples case like many in the tech industry, keeping secrets is part of their business model. You don't want another company to parallel you in development as it affects your ability to make a return on your investment. Also since companies develop products in parallel you don't want it divulged that in 3 or 1.5 years you have a super product that is going to blow out of the water the product you are releasing in a few weeks. You don't want knowledge of future products to cut into the sales of your new product.

 

[Merlins Ghost]

It makes sense to publicly deny allegations especially if you don't know what all of the evidence is that they have against you. You can't be tried for lying to the public or else most if not all of the politicians would be going to trial for lying to the public.