There’s no doubt that American universities and research facilities benefit from the experience and knowledge of foreign national workers. When institutions have all their ducks in a row in terms of deemed export compliance (performing restricted/denied party screening on applicants, completing the required export and deemed export licensing paperwork, etc.) international collaboration is typically a positive experience. Unfortunately for one U.S. university we heard about recently, hiring a foreign national student did not go exactly as planned, and a few very consequential holes were discovered in their deemed export compliance plan.
Few people had access to the cancer compound drug product being developed at the Midwestern facility, but a student hire from China (let’s call him Student X) was in the inner circle. His American colleagues were pleased with his contributions to the project but would later describe him as “arrogant.” The young man wasted no time applying for a Green Card. Shortly after acquiring it, he told his team his mother had passed away and he’d have to return home for two weeks. He left the country, and was not heard from again for a puzzling two and a half months.
During Student X’s absence, the doctor in charge of the project noticed something alarming: a chemical had been added to the cancer drug compound, significantly altering it. All signs pointed to Student X, who upon his return to work provided no explanation for (a) why he’d disappeared from the university for two and a half months, or (b) why he had tampered with the team’s research. Not surprisingly, he was immediately put on leave without pay. He was stripped of his ID and entry pass and escorted from the building, but unbeknownst to university staff, he later returned and was admitted back into the facility by an employee who recognized him (and had no idea that he’d been fired). That mistake would cost the university four precious vials of the cancer compound plus hard copies of the research, all surreptitiously stolen by their former ingénue. Data stored on the team’s computers had also been tampered with. As it turned out, because he was let go at the end of the workday – after IT personnel had gone home – his log-in passwords were not disabled, giving him easy access to the information.
The subsequent FBI investigation found that in the several weeks Student X was MIA from the U.S., he was gainfully employed at a university in China. This revelation was not uncovered by any sophisticated secret agent means, but simply by looking at the young man’s LinkedIn profile, which nobody had thought to do previously. Ultimately Student X had tons of stolen information to share with his Chinese colleagues – all of it stored on a tiny thumb drive, the likes of which even the FBI had never seen before. While not proven, the FBI surmised that Student X’s wife (who had visited shortly before his mother’s purported demise) had smuggled some of the cancer compound back to China, hidden in cans of baby formula.
Student X received just six months’ prison time for his antics. But six years of research was sabotaged, and sadly we will never know how much we actually lost in terms of advances in cancer treatment.Small lapses in diligence proved costly for the university. Had they done a Google search or checked LinkedIn during Student X’s prolonged absence, they’d have discovered he was working at the research institution in China. Had a solid plan for employee termination been in place, his log-in credentials would have been immediately dismantled. Additionally, other employees would have been alerted to the situation and advised not to grant the man access to the facility. Sometimes it’s the small things that are the most easily overlooked, but are actually vitally important to an airtight deemed export compliance plan.