I don’t see what she did that was wrong. She did the research, Coke fucked her over and fired her. She took her shit and left to go start he own thing. Now Coke is using its army of lawyers and PR team to turn her into a spy.
posted by interogative mood at 4:36 AM on September 26, 2023 [2 favorites]

Yes, it's an article very much written from the perspective of the boot that demands to be licked while it's stomping on your neck.
posted by rikschell at 4:47 AM on September 26, 2023 [18 favorites]

[heart hands] for the post title.
posted by Gelatin at 4:57 AM on September 26, 2023 [17 favorites]

boot that demands to be licked while it's stomping on your neck.

Yes, we can see that it's a Bloomberg article.
posted by SaltySalticid at 5:06 AM on September 26, 2023 [41 favorites]

Well, at Eastman she flung a report into a coworkers face, was described as "belittling" and "very aggressive and combative" and was removed by security after rushing to the other end of the building to burst in on a meeting to try and complain directly to the CTO. Then, over in China they did a rug pull on the government investment program.

That sounds like an Ask A Manager column, and if it's accurate, I surely wouldn't want to work with her.
posted by other barry at 5:12 AM on September 26, 2023 [4 favorites]

I personally found this a very interesting read, coming into it with no understanding of corporate espionage. Thanks for posting.
posted by eirias at 5:39 AM on September 26, 2023 [2 favorites]

I don’t see what she did that was wrong. She did the research, Coke fucked her over and fired her. She took her shit and left to go start he own thing.

What? She didn't do any research—she was in charge of evaluating the products of potential suppliers—and she took their proprietary formulas.
posted by BlueDuke at 5:49 AM on September 26, 2023 [31 favorites]

I don’t see what she did that was wrong. She did the research, Coke fucked her over and fired her. She took her shit and left to go start he own thing.

No. She didn't take her own research, she took other people's research. She might have been the one who compiled it in one place, but it sounds like the vast majority of information she stole wasn't even work she'd been involved with. It was trade secrets from other companies.
posted by RonButNotStupid at 5:49 AM on September 26, 2023 [9 favorites]

This reminds me of the DuPont spy case from around ten years ago; notable because the department of justice caught the spy and prosecuted successfully. Here is some coverage, Reuters, 99 percent invisible, Bloomberg long read (are Bloomberg the guys for industrial espionage stories?)
posted by The River Ivel at 5:52 AM on September 26, 2023 [3 favorites]

Who else remembers *that* issue of Jon Sable, Freelance?
posted by kimota at 6:21 AM on September 26, 2023 [1 favorite]

Huh. She walked away from Coke with that much data?

How much data is being more skillfully stolen?? I mean, it's an article not the complete picture, but it didn't sound like she was being particularly sneaky
posted by Baethan at 6:54 AM on September 26, 2023 [3 favorites]

The article suggests two things:

a) Coca Cola wasn't entirely aware of how much IP she was asking demanding their vendors provide.
b) the vendors didn't realize/comprehend* Coca Cola wasn't aware that she was asking for so much IP.

It's also briefly mentioned that this was against the disruptive backdrop of getting BPA out of the cans with the implication that she might not have been able to get away with it under normal circumstances, but that may also be a bit of face-saving on the part of Bloomberg.

* The point at which she provided that one-way NDA and said it would be better if Coca Cola wasn't involved should have been a huuuuuuge red flag that something was up.
posted by RonButNotStupid at 7:11 AM on September 26, 2023 [4 favorites]

It's sort of hilarious to me that Coke's internal systems blocked her moving files to a USB stick, and copying and resaving info to other excel or word documents, and moving files to an external hard drive... but just let her upload to a personal Drive account.
posted by entropone at 7:15 AM on September 26, 2023 [12 favorites]

but just let her upload to a personal Drive account.

"Just" is carrying a lot of undeserved weight here. She took pictures of her corporate screen with a phone (that IT probably didn't know about), then encrypted the photos, and then sent the photos to a personal Drive account.

Users complain about locked-down corporate phones, and about policies that don't allow personal devices to be on a corporate campus... so unstated exceptions like this exist ("Don't put your personal device on the corporate network, and we'll pretend that you don't have it with you at the office. The rules of your NDA still apply and you are not allowed to use that device on-campus except in an emergency.") . The phone in question was probably not corporate-managed, and even if it was, there rarely is appetite for IT to disable cameras and ban devices with personal cameras. The first time some C-level employee is unable to take a picture of her kids because she grabbed the corporate iphone instead of her own identical one, all security policies like this go out the window.

This is not a story of a researcher who took her own research with her (which in her line of work is a problem also, but we still don't regulate peoples brains). She took pictures of other people's work that is valuable because it is secret, went to some trouble to exfiltrate them, and the problem here is a lax IT policy?

This is why we can't let you have nice things at work. This is also why most corporate layoffs involve shutting off your access at the same moment that you learn you're about to be unemployed. Both of those things are shitty practices for workers, but this is a crystal-clear example of why it works that way.
posted by toxic at 8:17 AM on September 26, 2023 [13 favorites]

This is also why most corporate layoffs involve shutting off your access at the same moment that you learn you're about to be unemployed.

That was the weirdest part of the exercise, to my reading. Letting people bump around your internal network for weeks, already knowing their end date? Madness.
posted by mhoye at 8:21 AM on September 26, 2023 [3 favorites]

Who else remembers *that* issue of Jon Sable, Freelance?

I'm probably one of the few people who remembers Jon Sable at all--Mike Grell is probably way better known for his work on Warlord and Green Arrow--and I have no idea what you're referring to.
posted by Halloween Jack at 8:22 AM on September 26, 2023 [3 favorites]

One time I was layed off, I worked for more than a month to finish off my project and make it tidy.

Of course this was at a less sociopathic employment environment than what seems typical in corporate America.
posted by NotAYakk at 8:27 AM on September 26, 2023 [3 favorites]

It had an intelligence-bureau-style classification scheme, like other corporations that deal in proprietary information,

Coke is large enough to have to comply with Sarbanes-Oxley, which requires a data retention policies., and people have jobs who spend all day making sure these data retention policies are followed.

Also, until about 2005 or so, the corporation I work for used to have a no camera phones policy, but the iphone destroyed that.
posted by The_Vegetables at 8:32 AM on September 26, 2023 [3 favorites]

Toxic, I don't disagree with much of your comment, but it seems pretty clear that the photos were one attempt at exfiltration, and the uploading of encrypted files from her workstation to GDrive was a separate act. ("On Aug. 25, You used her phone to take a series of photos of her work computer monitor [...] And around that time she learned, probably from colleagues, of another simple workaround.[...] On Aug. 29, she uploaded several encrypted files from her computer to a personal Google Drive account.")
posted by Turd Ferguson at 8:33 AM on September 26, 2023 [7 favorites]

Who else remembers *that* issue of Jon Sable, Freelance?

I'm probably one of the few people who remembers Jon Sable at all--Mike Grell is probably way better known for his work on Warlord and Green Arrow--and I have no idea what you're referring to.

I am the other person on Metafilter who remembers Jon Sable, and I also have no idea what you're referring to.
posted by Naberius at 8:38 AM on September 26, 2023 [1 favorite]

wait wait wait I am also a person on MetaFilter who remembers Jon Sable, Freelance (I have the whole first run in an attic somewhere) and I don't know either what you are referring to!

(But I was planning on looking at the comics later to see if I could figure it out)
posted by chavenet at 9:37 AM on September 26, 2023 [1 favorite]

This is not a story of a researcher who took her own research with her (which in her line of work is a problem also, but we still don't regulate peoples brains). She took pictures of other people's work that is valuable because it is secret, went to some trouble to exfiltrate them, and the problem here is a lax IT policy?

I don't disagree with that and I don't think that The Problem Here is a "lax IT policy."

I said I think it's hilarious that there's a big gaping hole in their fairly aggressive IT policy.

Like, it reminds me of the scene in Idiocracy where the character says, "Oh, I'm in the wrong line, I'm supposed to be getting out of jail."
posted by entropone at 9:41 AM on September 26, 2023 [2 favorites]

Yes, it's an article very much written from the perspective of the boot that demands to be licked while it's stomping on your neck.

So you read the article about this woman who clashed with her colleagues, committed all kinds of fraud, and tried to bully suppliers into giving her their confidential technical information, so she could get money from the Chinese government and illegally resell it... and you think which boot is stomping on whose neck, exactly?
posted by Artifice_Eternity at 11:26 AM on September 26, 2023 [9 favorites]

I’m not sure we have enough facts here to know how if she took her own research or the research of others. The indictment and the claims by Coke’s PR/HR are allegations at this point. I’m not willing to take the accusations of a company like Coke at face value. I want to see more reporting and more evidence first.
posted by interogative mood at 11:56 AM on September 26, 2023 [2 favorites]

Speaking for myself, I just don't give a shit about the sanctity of the secret coating recipes.

You know that line about how when the elephants go to war, it's the grass that suffers?

This feels like the opposite, and I can't really find any sympathy for any of the players. Let them beat each other to a pulp, what's it to me? After all, these are the same warm fuzzy avuncular conglomerates that cheerfully fed us endocrine disrupters for years.
posted by SaltySalticid at 11:58 AM on September 26, 2023 [3 favorites]

These aren't "allegations". She's about to be sent to Federal prison for 14 years because she was convicted of committing the acts described here.

https://www.justice.gov/usao-edtn/pr/phd-chemist-sentenced-168-months-conspiracy-steal-traded-secrets-economic-espionage
posted by toxic at 11:58 AM on September 26, 2023 [7 favorites]

No crime but property crime.
posted by slogger at 12:18 PM on September 26, 2023 [5 favorites]

I’m not sure we have enough facts here to know how if she took her own research or the research of others.

a) Unless she also worked at a bunch of other companies that supplied Coca Cola while she was also working for Coca Cola, it definitely wasn't her own research.

b) Even if it was her own research, she still did it while working for Coca Cola, so there's no way it was ever hers to take. And if you honestly believe otherwise there's a bathroom full of classified documents in West Palm Beach for you to take home with you.
posted by RonButNotStupid at 12:25 PM on September 26, 2023 [9 favorites]

In my casual reading, sounds like stealing to me, but I'm a Pepsi guy, so maybe I'd let her slide.

I was amazed to find out there's a plastic liner inside each can.
—that sugary, acidic brew would, without a liner, devour the metal of its can.

So there's plastic even if you buy aluminum cans? That's depressing-er.

My dentist talked about how Coke dissolves iron nails, so think what it's doing to your teeth!
So I set up a crude experiment on my workbench. I suspended a random variety of nails in six pint jars full of: Coke, Diet Coke, Mountain Dew, Sprite, and [something else?], weighing each nail before the start. After a week I checked and, the nails weighed the same. So next week, and the week after that, and so on- I never found a nail that lost any weight.
All the liquids turned the same ugly brown/black color, though, so something was happening.
posted by MtDewd at 2:18 PM on September 26, 2023 [2 favorites]

After a week I checked and, the nails weighed the same. So next week, and the week after that, and so on- I never found a nail that lost any weight.

Given the usual effect of colas on me, I'm surprised those nails didn't gain weight!
posted by chavenet at 2:21 PM on September 26, 2023 [7 favorites]

Yeah, you have to wonder what these coatings are actually doing if Coke keeps them so secret, but presumably Pepsi is using something functionally identical. I'm no fan of Chinese manufacturing, but I don't see this as protecting anyone's interests besides big evil companies, and I'll always root for the evil little guy over the evil conglomerate.
posted by rikschell at 2:34 PM on September 26, 2023 [3 favorites]

There aren't any heroes in this story.

Some of the characterization done by Bloomberg seemed over the top with a xenophobic flavor to it. From reading the two articles, it's likely this woman had great aspirations without the ability to execute. She did very little to cover her tracks or to protect her communications. My first thought when it came to the manufacturing partner was that she was being scammed, but she put way more on the line than simply losing money through her aspirations/greed.

I've worked in manufacturing and in tech. Taking files with you is a big no-no, even if you created them. Considering how much I hate the patents system, just keeping them secret is the best way to protect IP.
posted by just.good.enough at 3:57 PM on September 26, 2023 [3 favorites]

My dentist talked about how Coke dissolves iron nails, so think what it's doing to your teeth!
So I set up a crude experiment on my workbench. I suspended a random variety of nails in six pint jars full of...

If you have or know anyone with young children, the tooth fairy could have transformed this into the most fun (and creepy) version of the experiment.
posted by nobody at 4:59 PM on September 26, 2023 [1 favorite]

the corporation I work for used to have a no camera phones policy, but the iphone destroyed that.

Anecdotally I had a friend in Singapore who worked in the public sector in some boring administration department, nothing you would think is top secret, but they apparently took the no cameras policy Very Seriously (as you do in Singapore) and she said that they actually had some kind of acid (?) that they could use to chemically etch the camera glass turning it opaque and thus allowing them to bring their iPhones to work.

Anecdotally also, I knew someone who was apparently just smart enough to be dangerous but not smart enough to keep themselves out out trouble. She received prototype data from a vendor in PDF format, and instead of asking the vendor for the data in Excel format so she could do her calculations, she tried to convert it from PDF to Excel by uploading it online to some ChatGPT-like AI website because she had heard about how good this AI thing was and how it could improve efficiency at work.

IT somehow detected it and immediately shut down her access and she had to explain to the director about why she was uploading secret information to a third party on the internet...

(the data itself was mostly innocuous stuff as she didn't have access to anything particularly damaging and I'm pretty sure it was just done out of total ignorance rather than there being a secret plot to exfiltrate information from the organization)
posted by xdvesper at 7:01 PM on September 26, 2023 [2 favorites]

Re: Google Drive, in some lines of work, when the sanctioned cooperation tools inevitably fail to work correctly, dozens of scientists and engineers end up using services like Google Drive just to be able to say they got some work done that day.

Some people would look at this and say that the IT policies are not strict enough.
posted by tigrrrlily at 7:09 PM on September 26, 2023 [3 favorites]

One time I was layed off, I worked for more than a month to finish off my project and make it tidy.

Of course this was at a less sociopathic employment environment than what seems typical in corporate America.

The first time I was laid off, I was told about it in person, and informed that my access to my computer was being shut off before I would return to my seat. I would have supervision as I cleaned out my desk, and the case of Snapple in our other building that was mine? I couldn't go and pick it up even with supervision; they'd have to have it delivered to me at a later date. One guy down the hall from me had quit in a fit of pique weeks before and attempted to fry his hard drive on the way out, so I chalked at least some of it up to that.

The second time, I was mercifully given a day to collect personal files off of my hard drive. Permission was denied to actually use anything I had worked on there to build any kind of portfolio, and I was told not to tell anyone on my team that I had been let go (they would be informed in a separate meeting of the layoffs), and my network access was shut off. But after sixteen years there, at least this time I got my mp3s back.

The third time, it was via a Teams call. My boss was quite apologetic; it was completely not his idea. But my laptop was remotely shut off and encryption enforced on it about ten seconds after the end of our phone call, so short of taking a hammer to it there was nothing I could have done if I had felt vindictive.

In all three cases, I had broken no rules, possessed no trade secrets or highly confidential materials, and had performed my duties well; "it was strictly an economic decision," all three bosses stressed. But I was treated as a potential time bomb nonetheless. Now, if I'd had access to secrets as precious and guarded as these? I might still be walking funny.

At office #2, a contract gig with a prominent bank, I was told that if I inserted a personal flash drive into my computer's USB port I would be fired on the spot even though those ports were fully disabled. I am trying to imagine the response if I had been detected multiple times in an evening trying to finesse confidential files into the outside world. I can say for damn sure that I wouldn't have still been badging out three weeks later like You.
posted by delfin at 7:57 PM on September 26, 2023 [4 favorites]

late to the party, but this has been part of $job since before DLP was a thing. I cannot begin to explain how ridiculously hard it is to detect malign intent within records of otherwise authorized system interactions and within the plausible scope of someone's responsibilities.

CMU SEI has an entire clinic on developing effective insider threat programs. They (and CISA) will tell you that exiting employees, planned or unplanned, will take concrete actions to cash out usually within 30 days of an exit. Even when you have warning signals, exit-focused analytics, and complete visibility of what's happening inside every process on an in-scope endpoint, there's always some widget that has a little extra slack, or a workaround that escapes observation.

Usually, nothing escapes the feds once they catch scent of a case they can charge and convict. They (usually) don't charge what they can't win, and when it comes to industrial espionage, they charge aggressively. None of this is directly related to 61398, but that obviously created a cottage industry of sorts to which people regularly go for access to, uh, nontraditional capital markets and growth opportunities. The feds remember this well.
posted by rye bread at 8:45 PM on September 26, 2023 [1 favorite]

Coke and other acidic substances will react with the red rust on iron / steel to form a black iron oxide.
posted by interogative mood at 8:56 PM on September 26, 2023 [1 favorite]

IT somehow detected it and immediately shut down her access and she had to explain to the director about why she was uploading secret information to a third party on the internet...

Anything you upload to AI over the internet becomes public information - it's far worse than having a speakerphone conversation about secret stuff on a busy train.
posted by The_Vegetables at 7:25 AM on September 27, 2023 [4 favorites]

The Vegetables, that's straight-up nonsense as stated.
posted by sagc at 7:35 AM on September 27, 2023 [2 favorites]

The Vegetables, that's straight-up nonsense as stated..

It's used to train the AI model - you don't control it's distribution, it's accuracy, it's sharing anymore. It's not nonsense, unless you are quibbling about 'public'. And if you are quibbling about that, then well various US and international privacy laws disagree with you.
posted by The_Vegetables at 12:19 PM on September 27, 2023 [2 favorites]

I'll just mention, that a while ago I went to the trial of a guy who got together with a couple of his idiot friends and literally hunted down, shot, and killed a random person with a shotgun.

They set up, shot, and missed the first time. So they repositioned and took better aim the second time, when they succeeded in shooting and killing him.

His prison sentence was roughly half of what this woman received.
posted by flug at 4:46 PM on September 27, 2023 [2 favorites]

Not a fan of any information being proprietary or really, secret in the overwhelming majority of cases. I definitely love when Chinese companies ignore copyright and patent law to make stuff, fuck copyright and patent law to hell and back. Wish she'd gotten away with it. Stealing from Coke is morally good.
posted by GoblinHoney at 8:06 PM on September 27, 2023 [1 favorite]

Fun fact about my government-provided, secure computer: I can't do anything with my mail or network drives unless I'm on the federal VPN. All unrecognized external devices are blocked, including storage and cameras. Certain types of information are detected and auto-blocked if being sent via email (unless encrypted, then they're just flagged). And when on VPN or Fed network, all of the usual file sharing sites and services are blocked.

BUT. If you have non-IT provided hardware, that's the same model as the approved stuff? You can plug it in and it works, including external storage. One could turn in the Fed-provided secure USB and still have your own personally-purchased model that works. And if you disconnect from the VPN? Suddenly all those file sharing sites are not blocked, as you aren't behind the firewall any more.

Security is hard, and SO MUCH of it depends on the employees intentionally trying to follow the rules. One could easily do a lot of damage if they wished.

xdvesper: "She received prototype data from a vendor in PDF format, and instead of asking the vendor for the data in Excel format so she could do her calculations, she tried to convert it from PDF to Excel by uploading it online to some ChatGPT-like AI website"

Just in case you didn't know - Acrobat Pro can take a PDF and export it as a spreadsheet. (I just spent the last 2 weeks turning PDFs back into spreadsheets for an HR issue, because the reports I needed to review are always provided by security as PDFs. Turns out when you need to look through 2 years of reports, filtering in a spreadsheet is MUCH easier than manually searching the PDFs. Of course, it isn't perfect and it takes ages to individually convert then hand-clean-up each spreadsheet.)

Not that I endorse espionage, just for those of you in need, I would encourage better and smarter use of tools than a rando AI-powered website.
posted by caution live frogs at 8:43 AM on September 28, 2023 [2 favorites]

His prison sentence was roughly half of what this woman received.

I have to say, 7 years for premeditated murder is more a damning criticism of that legal system than it is of this case.
posted by tavella at 11:21 AM on September 28, 2023 [6 favorites]