[simondedalus]

there's also of course the possibility that uber violated the CFAA if someone exfiltrated data from waymo, though the distinctions re: access without autorization and access that exceeds authorization are quite nuanced.

if "uber-spy" had authorized access to many secrets, intended all along to steal it and bring it to uber, dumped a ton of data, then left and carried out their plans to give the data to uber, case law says "uber-spy" didn't violate any clauses of the CFAA, whether they signed an NDA or not ("contract based restrictions" are rarely if ever considered unauthorized access per the CFAA). however, there are many gotchas that can hook that data into access in excess of authorization (exfiltrating it on company property, even printed pages for example).

once you have a nexus to get a CFAA violation in, you can start bringing in intent and monetary gain and such and potentially even get into easy to prove strict liability offenses.

given the description of their anonymous server, secret phone team, there's a pretty good chance that stuff alone will open them up to CFAA based prosecution, which could go very badly. who knows though.

if you're interested in this sort of stuff, which may be tangential to uber/waymo (i'm not sure / don't care) , orin kerr is the person to read.