A Chinese national was sentenced to prison for five years on Friday for stealing computer code from his former employer, IBM.
Xu Jiaqiang had pleaded guilty to economic espionage and theft of a trade secret for copying IBM’s source code for its clustered file system technology.
Xu stole “extraordinarily valuable proprietary computer source code that had taken millions of dollars and literally decades of work to perfect,” the government said in a sentencing memorandum.
Federal prosecutors asked U.S. District Judge Kenneth M. Karas to impose a prison sentence for up to 11 years and four months.
Xu’s attorneys, Daniel F. Diffley and Leanne Marek of Atlanta, asked for just over two years, for the time he served in jail following his arrest in December 2015 at a White Plains hotel.
This could be the only prosecution under the Economic Espionage Act, the attorneys said in their sentencing memorandum, that involves both a foreign national and a crime that took place exclusively in a foreign country.
Xu, 32, had lived in China for all but three years, when he studied computer science at the University of Delaware and George Washington University.
He worked in International Business Machines’ Beijing office from 2010 to 2014, debugging the source code.
The technology is designed for complex systems that run on multiple servers. It is typically used by scientists, governments and corporations where users across wide networks need to quickly update or access files at the same time.
When he resigned from IBM, he took copies of the source code.
“Mr. Xu did not think that this was unlawful in China,” his attorneys said. “He had seen others take source code and other documents when they left IBM and knew individuals who had done so from other companies in China.”
Xu left IBM to work for Kingsoft Cloud, a startup company, but did not use the code there, his attorneys said. About a year later, he joined, or according to the government, “formed,” Zettakit.
There he used the source code to create his own version of the software, removing IBM’s logo, the government said, and naming his version “Polaris.”
Zettakit sold Polaris to China’s National Health and Family Planning Commission, the government said.
Xu’s attorneys said the company merely gave away the software on a trial basis, with a “kill feature” to disable it after several months, so that it could say on its website that its product was being used.
In 2014, the FBI received a report that someone in China claimed to have access to IBM’s source code. The government set up a sting operation, with an agent posing as an investor starting a large-data storage company and another posing as a project manager.
After a year of exchanging messages and computer files, the FBI persuaded Xu to travel to the United States. Xu thought he was meeting for a job interview.
Undercover FBI agents repeatedly tried to convince Xu to sell them the source code, the defense attorneys said. “He told them that they could simply buy a license from IBM.”
When presented with the opportunity to live in the United States and to name his own price, they claimed, he declined.
They said Xu takes full responsibility for his actions but he pleaded guilty only for his conduct in China.
The government cited statements Xu made at the White Plains hotel. He said he had used the source code to make software for customers. He knew that the code was the product of two decades of research and development by IBM. He acknowledged that software he had sent the agents was based on the code. He said he could write scripts that would conceal the origin on the code.
“The defendant stood to make a fortune as a result of his theft,” the government’s sentencing memo states, “and was well on his way to doing so when law enforcement agents intervened.”