You expect Google to scan the database of companies in every country continuously to see if employees are executives of them? How would this handle different people who have the same name?
So I've worked at a few places, none nearly as fancy as Google. Not a single one would have had files being uploaded to personal cloud storage from a work device go unnoticed. That was the red flag, at that point they should've been monitoring actively.
Not for nothing but plenty of other companies do pretty much just this, for example in defense. Surely Google of all companies should be able to do a simple search like that on a regular basis.
In highly regulated national security impacting industries like defense, that makes sense. Google has not developed that rigor yet, although it's becoming obvious that their business has high national security implications now.
I don't think Google has ever had rigor, in anything except possible things which directly affect uptime. It seems to be a systematic problem - look at their history with chat apps for example. Great for hackers - both ones working for Google and ones working for other governments, apparently.
The Google hiring process can take months. They have time to haze people with Leetcode but no time to do a good vet of a person who may be a high risk security threat.
How would Google have detected this before hiring him? It doesn't sound like he started working at the other companies until after he started at Google.
> You expect Google to scan the database of companies in every country continuously to see if employees are executives of them? How would this handle different people who have the same name?
> Disclosure: I work at Google.
It's Google. Not a mom and pop shop, not a startup, not even a large bank. It's a massive conglomerate who's entire business model revolves around data.
So yes. And same-name conflicts can be handled case by case.
>And same-name conflicts can be handled case by case.
How? Several times I've had to contact someone within Google whose name I know, but when I go to look up the person's email, there are multiple employees with that name. This is just within Google. Think of within an entire country.
And how are they going to access Chinese databases that they are not allowed to access? It's Google, not the CIA. I wouldn't be surprised if all of that information was covered under China's broad state secrets law.
When you apply to Google, they ask what other employment you have, IP you own, etc. Many companies do some variation of this, but I believe Google is one of the most restrictive on its employees.
Sure, if it's an employment that's standard procedure in every company i ever applied to ask/rule out if you would be employed by another company after start date. I was rather operating under the assumption when you're not employed / the owner but the ex-googler seems to have been an employee in a rivaling business in both cases which would have clearly violated his contract with google.
Google already apparently logs every network packet on the internal network (including DPI), so I imagine scanning corporate registrations can't be that much worse.
Perhaps just perhaps the task is a bit harder than what you make it sound like
Instances of people sharing the same name are far more common in china than elsewhere. For example there are more than 30 thousand people called "Wang Wei".
The fact is complicated by the fact that the writing systems are different and transliteration errors are commonplace.
To add to that, I don't think Google (or any American company) would ask for foreign ID numbers. Your SSN can be used for a background check in the USA, but not in China.
How many people named Wang Wei in any given year become the officers of companies?
Google could even automate this with an email, opting into which would be a requirement for any senior employee handling the kind of information the US government cares about.
"A person sharing your name has registered a company in China, as of 2024-03-07. To affirm that you are not related to this person, please click this link. If you were this person, please reply to this email for next steps."
Edit: obviously, criminals don't mark the "yes I'm a criminal box" on forms. That's not the purpose it's there to serve.
I think it is quite difficult to find out the officers of Chinese companies. There was the big wall street stock scandal a few years ago with respect to Chinese listings on US exchanges.
> Within weeks of the theft starting, prosecutors say, Ding was offered the position of chief technology officer at an early-stage technology company in China that touted its use of AI technology and that offered him a monthly salary of about $14,800, plus an annual bonus and company stock. The indictment says Ding traveled to China and participated in investor meetings at the company and sought to raise capital for it.
> He also separately founded and served as chief executive of a China-based startup company that aspired to train “large AI models powered by supercomputing chips,” the indictment said.
These events happened after the person was hired.
This would suggest performing background checks with some frequency - presumably at least once a month - in order to catch the events promptly.
“showing that another employee had scanned Ding’s access badge at the Google building in the U.S. where he worked to make it look like Ding was there during times when he was actually in China”
Google can’t secure itself. That’s been true for years. It’s an enterprise held together by monopoly power, lobbying and low interest rates.
Disclosure: I work at Google.