The article doesn't really explain well how this is spying.
So companies A & B (A=TSMC, B=Tokyo Electron) are in a customer-supplier relationship. Employee B1 of B asks Employees A1 & A2 of A ask for information about how B's technology is working in practice at A, which involves revealing information about A's processes. A1 & A2 supply the information, and B2 at B uses it to improve how B does things, so they can help A more and increase their business with A. There is no allegation that the information supplied to B by A employees left B, or was used for anything except to help with the collaboration between B & A. And as far as the article mentions, no evidence A1 or A2 received a bribe or anything like that.
And yet manager A3 at A finds out about this supply and freaks out because they didn't want A1 & A2 sharing that much information with the supplier. So they make a complaint - and A1, A2, B1, B2 and B as a company all face significant penalties.
This seems unjust given A1, A2, B1 & B2 were all just trying to collaborate in the best interests of their companies, and B employees only used things freely and non-corruptly given to them by A employees; no information was leaked outside of the collaborating companies. A1 & A2 might have broken their company policies, but this probably should have ended at them being educated on the company policies and being asked not to do it again when managing future supplier relationships.
The way you spelled that out, is a specific story that almost all clearance holders in all countries are taught specifically means corruption.
Its not unjust - its exactly what you are taught not to do, with government contracts! Its not just breaking company policy, its illegal in most countries.
> This seems unjust given A1, A2, B1 & B2 were all just trying to collaborate in the best interests of their companies
Not really. This is the norms for industrial espionage, especially as Tokyo Electron is also working on the Rapidus 2nm fab project in Japan.
Furthermore, for these kinds of relationships there tend to be significant internal firewalls which were clearly overriden within TSMC.
And speaking from personal experience back in my individual contributor days in the security space, this attack path was a fairly common one for data and IP exfiltration.
> There is no allegation that the information supplied to B by A employees left B, or was used for anything except to help with the collaboration between B & A
From TFA - "The information, including trade secrets related to etching equipment used in 2-nanometer production, was photographed and reproduced to allow Tokyo Electron to evaluate and improve its equipment performance".
This was done without permission and done so by a vendor actively working on building a direct competitor to TSMC.
Interesting. It makes sense that Taiwan treats semiconductors as a national security issue. After all that's what the Silicon Shield theory is. But I was curious about what happens in other jurisdictions.
It turns out that you can steal from European companies with impunity because European governments really don't pursue this that much. An ex-ASML engineer (in San Jose) set up two companies XTAL in the US and Dongfang Jingyuan Electron in China and then hired people from his team on ASML, one of whom brought all the source code for one component control with him. XTAL lost the case and shut down, but this chap just went to China and ran Dongfang Jingyuan. Living large. The guy who took ASML secrets to Huawei also got away with it. In both cases, European governments haven't really pursued jail time. The US, of course, got involved and has an arrest warrant for the Dongfang Jingyuan guy that we're never going to collect on. "Uncle Sam has made his decision; now let him enforce it" so to speak.
His mistake was taking it to an actually sanctioned country, though. That seems to be prosecutable.
In the US, of course, you will go to jail for it. Besides the national security thing, even Anthony Levandowski was sentenced to 18 months of prison (pardoned by Donald Trump, though), and that was AV tech, not like missiles or anything.
So it seems, based on my Google-level knowledge that:
US: Lots of protected tech, and you'll go to jail.
Taiwan: Semiconductor tech is treated like we do nuclear tech, so you'll go to jail.
Most European jurisdictions: You'll have to pay fines. If you stole to a sanctioned country, straight to prison!
It’s so absurd. As an European, I can’t really understand why our policymakers are so blind to this, companies don’t have the tools to defend themselves from state sponsored attacks, their countries should do whatever they can to protect them if they represent a national interest.
Because from personal experience they don't care. The best of the best policy wise immigrate to the US to take a think tank position in NYC, DC, or Boston earning 3-5x what they could in Europe, and the rest become lobbyists in Bruxelles. After making their nut, they then return to politics with a funding pipeline because campaigns are expensive (even in Europe).
The ones who feel deeply about the cause don't know how to execute but only pontificate (dealt with plenty of EU AI policymakers with European AI founders).
Heck, even consulate employees who are part of the trade promotion teams for most EU states try to network their way out of the role into VC jobs in NYC and SF.
You are generalizing too much. Europe is full of different electoral systems, and each system has its own dynamics that favor different kinds of people.
Take Finland, for example, with open list proportional elections. The primary competitors of every candidate are other candidates from the same party and district. In order to win, you have to develop and maintain your own niche. Many politicians leave to become lobbyists or consultants or join a think tank, but it's almost always a one-way street. It's difficult to return to politics after an extended absence, because someone else has already taken your niche (if it's still viable), and money and experience rarely help win it back.
As for the actual question, many European countries seem to consider trade secrets primarily a contractual matter. Revealing private secrets is not a crime, while abusing your position or breaking into a system without proper authorization can be. Prosecutors generally cannot invoke national security without a clear legal basis. Which probably can't be found in matters that are more about Western competitiveness in general than about the security and interests of a specific country.
Not to be that guy, but there's a significant difference between Finland versus Netherlands, Germany, and even Ireland in importance within the EU and European institutions from a power politics perspective, as well as the type of political culture.
Pre-1995 EU member states tend to have stronger control within EU institutions, and are the states that actually matter along with a couple later EU member states that have openly threatened or actively reversed into illiberal democracies that tried to stymie EU institutions and/or created their own groups to pressure the EU such as the Visegrad Group.
From a US perspective, as long as Russia threatens Finland, Finland has no choice to look to the US, especially if green men suddenly appear on Etelakari, Kilpisaari, or some other rocky island in the Gulf of Finland, especially now that pro-Putin Rumen Radev has won a majority in Bulgaria, Babis and his coalition have returned to power in Czechia, and Fico in Slovakia remains in (tenuous) power.
I'm not sure how the "importance" of various countries is related to the discussion. Or what Russia or the US does.
My point was that there are different perspectives on national security. If everything ASML (or another similar company) knows became public knowledge, it would be bad for its business. It might also be inconvenient to some foreign interests. But would it be an actual national security issue to the host country?
If some forms of corporate espionage are not considered serious crimes, there are other reasons beyond the "best of the best" (whatever that means) migrating to another country. It might be that the people do not consider it a serious crime. And if you are in a country with limited ambitions to influence the rest of the world, that might matter more than the interests of faraway superpowers.
> My point was that there are different perspectives on national security. If everything ASML (or another similar company) knows became public knowledge, it would be bad for its business. It might also be inconvenient to some foreign interests. But would it be an actual national security issue to the host country
Yes for the Netherlands as well as other countries. Netherlands, the US, and Taiwan (because ASML's core IP is dependent on US DoE's Cymer and Taiwan's HMI) are treat the technology used for semiconductor fabrication as dual use export controlled technology critical for national security.
> It might be that the people do not consider it a serious crime
In Taiwan (and especially at TSMC) everyone is taught that the technology surrounding sub-7nm fabrication is export controlled and national security adjacent.
> I'm not sure how the "importance" of various countries is related to the discussion. Or what Russia or the US does
To show that your experience with Finland frankly doesn't matter in the discussion. When someone mentions Bruxelles or the EU, we don't mean Finland or Slovenia or Luxembourg.
Though I would be curious if your defense would be accepted by the Finnish government if you attempted something similar at Patria Oyj.
You highly underestimate the severity with which data and IP exfiltration for dual use technologies is prosecuted and treated in all countries. And if deep down you think that is wrong, if you were an employee of mine I would make you were fired and blackballed.
Yes for this kind of white collar crime. They are now unhirable as they have been found to be convicted for leaking IP, and this comes up in every background check.
I would say that private prisons in the US (or elsewhere) are incentivized to reduce human rights over time (by expanding prison stays). This can be anything from subverting early release/parole or expediting additional charges/convictions, such as being involved in a fight inside prison.
Private prisons, civil asset forfeiture and property taxes are probably the three most common things the govt does that I disagree with outright on moral grounds.
I guess Taiwanese lawmakers deemed this law necessary for national security purposes, but this would not fly elsewhere. We already have something to protect trade secrets: it’s called a patent. If you don’t patent it, and a competitor lures an employee with enough knowledge, everything is fair game, as it should be. Aka if you like it you should put a patent on it.
(a) Whoever, with intent to convert a trade secret [...]
(1) steals [...];
(2) copies [...];
(3) receives [...];
(4) attempts to commit any offense described in paragraphs (1) through (3); or
(5) conspires [...] to commit any offense described in paragraphs (1) through (3), [...]
shall, except as provided in subsection (b), be fined [...] or imprisoned [...].
(b) Any organization that commits any offense described in subsection (a) shall be fined [...].
So if you're an organization, you can be fined, but if you're not, you could be fined or imprisoned. Is my understanding correct that if an organization commits any offense described in paragraphs (1) through (3), it will ONLY be fined and the individuals that actually did this won't face imprisonment? Or will the organization be fined AND some individuals from that organization also be fined or imprisoned?
To word it another way - I am John. I steal a secret on my own and could be imprisoned. But if I first incorporate into Evil corp and then steal the secret, Evil corp will be fined and I won't be imprisoned.
The article doesn't really explain well how this is spying.
So companies A & B (A=TSMC, B=Tokyo Electron) are in a customer-supplier relationship. Employee B1 of B asks Employees A1 & A2 of A ask for information about how B's technology is working in practice at A, which involves revealing information about A's processes. A1 & A2 supply the information, and B2 at B uses it to improve how B does things, so they can help A more and increase their business with A. There is no allegation that the information supplied to B by A employees left B, or was used for anything except to help with the collaboration between B & A. And as far as the article mentions, no evidence A1 or A2 received a bribe or anything like that.
And yet manager A3 at A finds out about this supply and freaks out because they didn't want A1 & A2 sharing that much information with the supplier. So they make a complaint - and A1, A2, B1, B2 and B as a company all face significant penalties.
This seems unjust given A1, A2, B1 & B2 were all just trying to collaborate in the best interests of their companies, and B employees only used things freely and non-corruptly given to them by A employees; no information was leaked outside of the collaborating companies. A1 & A2 might have broken their company policies, but this probably should have ended at them being educated on the company policies and being asked not to do it again when managing future supplier relationships.
The way you spelled that out, is a specific story that almost all clearance holders in all countries are taught specifically means corruption.
Its not unjust - its exactly what you are taught not to do, with government contracts! Its not just breaking company policy, its illegal in most countries.
> This seems unjust given A1, A2, B1 & B2 were all just trying to collaborate in the best interests of their companies
Not really. This is the norms for industrial espionage, especially as Tokyo Electron is also working on the Rapidus 2nm fab project in Japan.
Furthermore, for these kinds of relationships there tend to be significant internal firewalls which were clearly overriden within TSMC.
And speaking from personal experience back in my individual contributor days in the security space, this attack path was a fairly common one for data and IP exfiltration.
> There is no allegation that the information supplied to B by A employees left B, or was used for anything except to help with the collaboration between B & A
From TFA - "The information, including trade secrets related to etching equipment used in 2-nanometer production, was photographed and reproduced to allow Tokyo Electron to evaluate and improve its equipment performance".
This was done without permission and done so by a vendor actively working on building a direct competitor to TSMC.
Interesting. It makes sense that Taiwan treats semiconductors as a national security issue. After all that's what the Silicon Shield theory is. But I was curious about what happens in other jurisdictions.
It turns out that you can steal from European companies with impunity because European governments really don't pursue this that much. An ex-ASML engineer (in San Jose) set up two companies XTAL in the US and Dongfang Jingyuan Electron in China and then hired people from his team on ASML, one of whom brought all the source code for one component control with him. XTAL lost the case and shut down, but this chap just went to China and ran Dongfang Jingyuan. Living large. The guy who took ASML secrets to Huawei also got away with it. In both cases, European governments haven't really pursued jail time. The US, of course, got involved and has an arrest warrant for the Dongfang Jingyuan guy that we're never going to collect on. "Uncle Sam has made his decision; now let him enforce it" so to speak.
But since writing this comment, I've now found that they got a Russian engineer for taking some ASML stuff https://www.reuters.com/technology/ex-asml-nxp-employee-sent...
His mistake was taking it to an actually sanctioned country, though. That seems to be prosecutable.
In the US, of course, you will go to jail for it. Besides the national security thing, even Anthony Levandowski was sentenced to 18 months of prison (pardoned by Donald Trump, though), and that was AV tech, not like missiles or anything.
So it seems, based on my Google-level knowledge that:
US: Lots of protected tech, and you'll go to jail.
Taiwan: Semiconductor tech is treated like we do nuclear tech, so you'll go to jail.
Most European jurisdictions: You'll have to pay fines. If you stole to a sanctioned country, straight to prison!
It’s so absurd. As an European, I can’t really understand why our policymakers are so blind to this, companies don’t have the tools to defend themselves from state sponsored attacks, their countries should do whatever they can to protect them if they represent a national interest.
Because from personal experience they don't care. The best of the best policy wise immigrate to the US to take a think tank position in NYC, DC, or Boston earning 3-5x what they could in Europe, and the rest become lobbyists in Bruxelles. After making their nut, they then return to politics with a funding pipeline because campaigns are expensive (even in Europe).
The ones who feel deeply about the cause don't know how to execute but only pontificate (dealt with plenty of EU AI policymakers with European AI founders).
Heck, even consulate employees who are part of the trade promotion teams for most EU states try to network their way out of the role into VC jobs in NYC and SF.
You are generalizing too much. Europe is full of different electoral systems, and each system has its own dynamics that favor different kinds of people.
Take Finland, for example, with open list proportional elections. The primary competitors of every candidate are other candidates from the same party and district. In order to win, you have to develop and maintain your own niche. Many politicians leave to become lobbyists or consultants or join a think tank, but it's almost always a one-way street. It's difficult to return to politics after an extended absence, because someone else has already taken your niche (if it's still viable), and money and experience rarely help win it back.
As for the actual question, many European countries seem to consider trade secrets primarily a contractual matter. Revealing private secrets is not a crime, while abusing your position or breaking into a system without proper authorization can be. Prosecutors generally cannot invoke national security without a clear legal basis. Which probably can't be found in matters that are more about Western competitiveness in general than about the security and interests of a specific country.
Not to be that guy, but there's a significant difference between Finland versus Netherlands, Germany, and even Ireland in importance within the EU and European institutions from a power politics perspective, as well as the type of political culture.
Pre-1995 EU member states tend to have stronger control within EU institutions, and are the states that actually matter along with a couple later EU member states that have openly threatened or actively reversed into illiberal democracies that tried to stymie EU institutions and/or created their own groups to pressure the EU such as the Visegrad Group.
From a US perspective, as long as Russia threatens Finland, Finland has no choice to look to the US, especially if green men suddenly appear on Etelakari, Kilpisaari, or some other rocky island in the Gulf of Finland, especially now that pro-Putin Rumen Radev has won a majority in Bulgaria, Babis and his coalition have returned to power in Czechia, and Fico in Slovakia remains in (tenuous) power.
I'm not sure how the "importance" of various countries is related to the discussion. Or what Russia or the US does.
My point was that there are different perspectives on national security. If everything ASML (or another similar company) knows became public knowledge, it would be bad for its business. It might also be inconvenient to some foreign interests. But would it be an actual national security issue to the host country?
If some forms of corporate espionage are not considered serious crimes, there are other reasons beyond the "best of the best" (whatever that means) migrating to another country. It might be that the people do not consider it a serious crime. And if you are in a country with limited ambitions to influence the rest of the world, that might matter more than the interests of faraway superpowers.
> My point was that there are different perspectives on national security. If everything ASML (or another similar company) knows became public knowledge, it would be bad for its business. It might also be inconvenient to some foreign interests. But would it be an actual national security issue to the host country
Yes for the Netherlands as well as other countries. Netherlands, the US, and Taiwan (because ASML's core IP is dependent on US DoE's Cymer and Taiwan's HMI) are treat the technology used for semiconductor fabrication as dual use export controlled technology critical for national security.
> It might be that the people do not consider it a serious crime
In Taiwan (and especially at TSMC) everyone is taught that the technology surrounding sub-7nm fabrication is export controlled and national security adjacent.
> I'm not sure how the "importance" of various countries is related to the discussion. Or what Russia or the US does
To show that your experience with Finland frankly doesn't matter in the discussion. When someone mentions Bruxelles or the EU, we don't mean Finland or Slovenia or Luxembourg.
Though I would be curious if your defense would be accepted by the Finnish government if you attempted something similar at Patria Oyj.
You highly underestimate the severity with which data and IP exfiltration for dual use technologies is prosecuted and treated in all countries. And if deep down you think that is wrong, if you were an employee of mine I would make you were fired and blackballed.
Looking at ASML jobs, half of them are in Shenzhen. The game has been played and lost a long time ago.
Those ASML jobs are not related to bleeding edge EUV work. ASML is not a single product company, and has technicians dedicated to whole SKUs.
Anyone know what happened to Dr. Kim?
Just a thought: is 1 year of life in prison enough to deter most folks from messing with the law again in the future?
In the US at least, even if you don't find prison that bad, the charge itself can ruin your life. Having a felony extremely limits your prospects.
Yes for this kind of white collar crime. They are now unhirable as they have been found to be convicted for leaking IP, and this comes up in every background check.
Depends on the prison. US prisons have the goal to get you back into prison after release.
I would say that private prisons in the US (or elsewhere) are incentivized to reduce human rights over time (by expanding prison stays). This can be anything from subverting early release/parole or expediting additional charges/convictions, such as being involved in a fight inside prison.
Private prisons, civil asset forfeiture and property taxes are probably the three most common things the govt does that I disagree with outright on moral grounds.
I guess Taiwanese lawmakers deemed this law necessary for national security purposes, but this would not fly elsewhere. We already have something to protect trade secrets: it’s called a patent. If you don’t patent it, and a competitor lures an employee with enough knowledge, everything is fair game, as it should be. Aka if you like it you should put a patent on it.
Edit: why would you downvote this? Jeez…
These laws exist in every advanced economy.
https://www.law.cornell.edu/uscode/text/18/1832
So basically we have:
(a) Whoever, with intent to convert a trade secret [...]
(1) steals [...];
(2) copies [...];
(3) receives [...];
(4) attempts to commit any offense described in paragraphs (1) through (3); or
(5) conspires [...] to commit any offense described in paragraphs (1) through (3), [...]
shall, except as provided in subsection (b), be fined [...] or imprisoned [...].
(b) Any organization that commits any offense described in subsection (a) shall be fined [...].
So if you're an organization, you can be fined, but if you're not, you could be fined or imprisoned. Is my understanding correct that if an organization commits any offense described in paragraphs (1) through (3), it will ONLY be fined and the individuals that actually did this won't face imprisonment? Or will the organization be fined AND some individuals from that organization also be fined or imprisoned?
To word it another way - I am John. I steal a secret on my own and could be imprisoned. But if I first incorporate into Evil corp and then steal the secret, Evil corp will be fined and I won't be imprisoned.
IANAL, of course.
We have trade secret laws, national security laws as well as patent laws, at least in the US, as do many/most countries.
IMO, the US govt doesn't prosecute violators, especially in terms of foreign spy programs against domestic companies nearly enough.
It's a complete fabrication.