“There must be 50 ways to leave your lover."
— Paul Simon
It was February 2017 when Waymo, Google’s self-driving car unit, sued Uber in what would become the biggest trade secret case of the century. Waymo alleged that its former manager, Anthony Levandowski, had organized a competing company while still at Waymo, and before leaving had downloaded 14,000 confidential documents. As it turned out, Uber had known about this when it agreed to pay $680 million for Levandowski’s brand new startup; and we’ve already looked at how the hubris of that hasty transaction provides lessons for hiring in new markets driven by emerging technology.
But what about Waymo, the left-behind company? Is there anything to be learned from how it handled the matter? To be sure, it scored points for putting on a convincing case in court. After just a few days of trial, to the disappointment of hundreds of journalists, the dispute was settled, with Uber paying $245 million in stock. Levandowski was forced into bankruptcy and found criminally liable, saved from a jail term only by President Trump’s pardon. It certainly seemed as though Waymo had “won.” But would it have been even more successful if it had avoided the dispute entirely?
Waymo’s complaint, which you can find here, implies that it was in the dark about what Levandowski was up to when he left, despite the fact that while still employed he had downloaded all those documents describing its proprietary sensor technology. Over a month later (in late January 2016), after having established his deal with Uber, Levandowski resigned. In May, his new company, Otto Trucking, emerged from “stealth mode” and by August had been acquired by Uber. In the meantime, several other Waymo employees had left to join him, and on their way out of Waymo had also downloaded a few proprietary documents.
It wasn’t until December, almost a year after Levandowski’s massive collection, that Waymo claimed to have evidence that Otto/Uber was using its secret technology. This came in the form of an email from an Otto vendor attaching a circuit diagram, sent by mistake to Waymo instead of Otto. This drawing, according to the complaint, bore a “striking resemblance” to Waymo’s proprietary technology. It was the “smoking gun” that Waymo was waiting for to file the case.
But let’s pause for a moment and consider that if Waymo had known more of the facts at an earlier time, it might have been able to intervene to prevent Uber’s acquisition of Otto, or at least to limit the damage from whatever information Levandowski may have passed on to the Uber design team. What if, at the time he resigned his position, Waymo knew that he had taken the 14,000 files and was planning to start a self-driving truck company? It doesn’t take much imagination to conclude that the whole unfortunate drama could have been prevented.
Why didn’t Waymo realize that its trade secrets had been compromised immediately after the download? At the very least, considering Levandowski’s extensive access and knowledge, you would have expected the company to insist on questioning him before he left. That process, which is widespread among companies of all types and sizes, is referred to as an “exit interview,” and as we will see it can be a critical step for any business that is losing high-level talent.
But here’s the problem. Exit interviews traditionally are designed and executed by the Human Resources function. And HR professionals see them in a very limited way. Just take a look at any of the literature and you will see that the purpose of the exit process is to find out what made the employee decide to leave. Even if they are being let go, feedback from the interview might improve the company’s people management through insights from those who, because they are on their way out, will be brutally honest about perceived problems.
According to an article in the Harvard Business Review, the objectives of an exit interview are directed inward at the company being left, for example “gaining insight into managers’ leadership styles” and “soliciting ideas for improving the organization.” A leading HR association promotes exit interviews as “giving the company a unique perspective on its performance and employee satisfaction.” And there’s even a Wikipedia article on the subject, suggesting that they can be helpful to “reduce turnover . . . and increase productivity and engagement.” No one ever talks about the interview as a tool to reduce loss and maintain control over information assets.
In reality, the exit interview process forms a vital part of any trade secret management program. It represents the company’s last clear chance to both assess the risk represented by the employee’s leaving and to clarify expectations about how they should behave to protect the sensitive information they’ve been exposed to. Indeed, it is only by directly confronting the departing employee about their plans that the company can reach any useful conclusion about the risks and make informed decisions about reducing them. So don’t limit it to ticking off some boxes on a form, but insist on a thorough discussion. There’s a reason it’s called an “interview.”
Collecting relevant information doesn’t necessarily depend on getting straight, fulsome responses. Sometimes body language speaks loudly, and a direct “I don’t have to tell you that” can lead to an elevated concern and trigger a more intensive inquiry. If a high-level engineering manager claims that he’s leaving to start an ice cream shop with his cousin, you may be excused for thinking that something is not quite right and digging deeper. One way to do that is a forensic examination of the employee’s computer and recent history of system usage, including – ahem – unusual or excessive downloading of files.
A security-focused exit interview will certainly inquire about the sources of any discontent, but not merely to gather suggestions for improving the workplace. Instead, reasons for leaving can provide clues about what the employee intends to do. For example, if they were disappointed that the company didn’t immediately embrace their idea for a new product or process, they may think that they are free to use it themselves. That kind of misperception needs to be corrected, and this may be your final opportunity to do it.
Indeed, another critical part of the process is confirming and reinforcing the employee’s obligations to return all company devices and information. Usually, this discussion revolves around some sort of written termination statement by the employee acknowledging those obligations and confirming that all security policies have been complied with. They should specifically assure that they do not possess any company information, including in personal email accounts or in private cloud storage platforms like Dropbox. Any refusal to sign such a document should lead to escalation to relevant managers.
Having received both verbal and written assurances that the employee will leave behind all company devices and data, the interviewer should explore the risk represented by what the employee will be carrying in their head when they leave. That assessment requires a robust discussion of the new employment and how doing that job might pose a threat of even inadvertent disclosure or misuse of secret information. Frequently, this kind of concern can be addressed with the direct question: “Please help me understand how you will be able to do what you’ve described at the new job while respecting the confidentiality of the information you’ve been exposed to in this one.”
A final area of emphasis is not about gathering information but instead delivering a message about the integrity of your property. As we’ve already noted, this is the last practical chance to put a point on the employee’s continuing obligations after departure. If the company has provided a robust training program that emphasizes the role of the workforce in protecting trade secrets, this will be a straightforward reminder. Conversely, if the company has not invested in regular communication around these issues, then you will have to step up the intensity of messaging at the time of departure, perhaps extending to formal letters to the employee and their new employer.
The best time to deal with risks is before they have matured into reality. It’s not very efficient to discover and mitigate a harmful misappropriation later, when it could have been prevented at the outset.