Congratulations on taking a step in the right direction, even if it is a very small step. Nobody else seems to take the threat seriously, somewhat excepting defense contractors of course.
I can understand being reluctant to deal with the full extent of the problem. Somebody from China, with a family in China and subject to Chinese law, does not cease to be a security threat by moving to the USA and getting a green card. This gets awkward.
It really is no surprise that valuable secrets of all types (private key, customer data, trade secret, insider info for trading, etc.) end up in other countries.
I on the other hand think that splitting countries into allies and enemies is stupid. China is a huge country, and excluding a billion people from your company just because their government does questionable things sounds like a pretty bad idea.
If you are really concerned about the confidentiality of your data, don't store it unencrypted in some SaaS where every customer service rep has full access to all your data. At that point you're already so vulnerable that exluding potenential employees from a whole country is just pointless security theater that some suit with an MBA thought up to justify his position.
> China is a huge country, and excluding a billion people from your company just because their government does questionable things sounds like a pretty bad idea.
People have to do what the state they live in and belong to orders them to do. That's part of the point of having a state. So if you can't trust a state you can't trust its people either.
> you are really concerned about the confidentiality of your data, don't store it unencrypted in some SaaS
I don't think dissolving the company is on the table.
> People have to do what the state they live in and belong to orders them to do. That's part of the point of having a state. So if you can't trust a state you can't trust its people either.
So, I could say that American is sucks if I think Trump is sucks?
That is ridiculous. The first is that 'state is unauthentic' is a subjective speculation. And the most funny is that the conclusion 'people is unauthentic' is came from your first thought.
I can not say American is terrorist if Hillary wanna burn other country. Am I right?
If your world view is based on separating entities into good and bad, nuanced statements will appear ridiculous.
> I don't think dissolving the company is on the table.
Zing! Solid line but it misses the point. As with any other data, you can encrypt source code. It's perfectly easy to envision a setup where Gitlab employees in country X can only see plaintext Gitlab data they could already see over the public internet.
In china, not from China. The former is easy to justify, and would affect even Americans of non Chinese descent. The latter would be incredibly difficult to justify, and could easily be seen as unwarranted discrimination.
Well, technically it is discrimination, but not racism. I.e. you can still hire a Japanese developer, and with a Chinese regime change you might be able to hire Chinese developers. However, federal law prohibits discrimination based on national origin. This is a touchy subject, but maybe this no longer makes sense? As burfrog pointed out, a Chinese employee living in America isn't free from Chinese control; the gov't will do bad things to his family if he gets a request for, say, information or access and doesn't comply. I'm hesitant to endorse allowing discrimination by national origin, but on the other hand, it doesn't make sense to allow the Chinese access to any kind of important data.
It doesn’t matter. As long as a security clearance isn’t required, discriminating based on notational origin is a big no no from an ethical perspective, even if it was legal.
I hope we learned our lesson during WW2.
> discriminating based on notational origin is a big no no from an ethical perspective
However, discriminating based on exposure to coercive pressure from aggressive and hostile foreign powers is probably OK, even if such exposure is heavily correlated with national origin. The key is that the discrimination must be based on an individual analysis of the applicant and his/her life circumstances.
It's not OK to blanket deny any person of Chinese ancestry.
Denying such a person access to sensitive data or positions might be OK, however, if that person is exposed to coercive threats by, e.g. having family located in a jurisdiction known to use its power over expatriates' families as leverage to recruit sources and agents.
So long as the intent is genuinely to serve a compelling interest in protecting against security threats and the vetting policy is as narrowly tailored as possible to minimizing insider risk from applicants with vulnerability to certain threat actors, I think such a policy could pass ethical and (IANAL) maybe legal muster.
> So long as the intent is genuinely to serve a compelling interest
"Your honor, of course my intent was genuine ..."
Therein lies the rub ;)
I disagree completely. By that reasoning, a presidential candidate of Chinese descent who was a natural born American citizen but had relatives back in china would be disqualified, and that is nowhere justified by the constitution. A private company likewise shouldn’t be able to discriminate on speculative threats alone. What if they had a relative in prison, a hostile coercive environment by any measure?
I accept that I do not qualify for a high security clearance because I’m married to a Chinese national. I don’t think that should have any bearing on any other jobs that don’t require such clearances (nor my wife nor my son should be subject to such restrictions).
The Title of Nobility / Emoluments Clause [1] and the natural born (and age) qualifier are fairly specific as to what the framers thought were overly corrupting influences for the office of president.
They notably did not include "or family".
The expectation presumably being that foreign powers were clearly enough signalled to tread carefully with regards to exerting pressure on government officials.
At high levels, that seems reasonable. At lower levels, where there's less scrutiny and less opportunity for diplomatic redress? "Reasonable" measures seem murkier.
[1] https://www.law.cornell.edu/constitution-conan/article-1/sec...
> By that reasoning, a presidential candidate of Chinese descent who was a natural born American citizen but had relatives back in china would be disqualified
Not so. The Constitution is very clear on eligibility requirements for the President. A natural born American citizen of Chinese descent who otherwise satisfies the requirements in Article II, Section 1, Clause 5 is perfectly eligible to run for the office. If there is concern about potential leverage foreign states have over that candidate--as there rightly would be if our natural born American had close family in PRC--voters might vote for someone else. My position is that such a motivation on the part of the voters is ethical.
> I accept that I do not qualify for a high security clearance because I’m married to a Chinese national. I don’t think that should have any bearing on any other jobs that don’t require such clearances (nor my wife nor my son should be subject to such restrictions).
First, I agree that your or your son's relationship to a Chinese national should not be sufficient grounds to deny you or your son any given job. My position is that a narrowly tailored policy to reject candidates with high risk of coercion from sensitive positions, or to limit such employees' access to sensitive data, is probably OK. Having close family residing in PRC unfortunately does raise the risk of coercive pressure being applied. If your wife has no surviving close relatives in PRC and she never goes to visit, you and your son should be assessed to have no greater vulnerability to coercion than any other citizen with otherwise similar circumstances (debts, addictions, etc.).
Second, I am curious why you disagree completely, yet accept that your relationship with your wife may disqualify you from holding a government security clearance. That means you accept that the government has an interest in protecting classified information from foreign powers, and that your relationship raises your risk profile. Do you not accept that private companies have an interest in protecting their IP and customer data from theft or sabotage? Or do you not accept that your relationship also raises your risk profile for these positions? Just because a position may not require a clearance does not mean that position is not highly sensitive to a potential insider threat. And unfortunately the PLA's targets are not restricted to intelligence agencies; they target virtually every sector of our economy.
> Second, I am curious why you disagree completely, yet accept that your relationship with your wife may disqualify you from holding a government security clearance.
This has to do with companies making their own rules about what is right or wrong without any checks, balances, or voter feedback. Security clearances are actually defined by law, I’m against corporations becoming their own extra judicial entities.
> This has to do with companies making their own rules about what is right or wrong without any checks, balances, or voter feedback.
As far as I understand, companies are generally free to make their own hiring decisions, so long as they do not amount to discrimination against a protected class. That limitation, by the way, stems from federal legislation--so companies are very much not extra-legal entities operating without any judicial accountability. If a state or federal Congress decide to further regulate companies' hiring decisions, they are free to do so.
I don't understand what exactly you would like companies to do: Simply ignore potential security risks? Do you have a specific process you advocate should be used to evaluate risks? What different kind of restrictions on companies' personnel decisions would you like to see? Do you just have a problem with a focus on risk from family members in PRC as opposed to a broader vetting process where that is only one risk factor?
> Security clearances are actually defined by law
I am not sure that an exact formula for grant/deny decisions exists in statute. These decisions strike me as inherently subjective, although certain facts are obviously pertinent to the decision. I would be very interested to read the relevant laws and regulations, though, if you'd be so kind as to point me to them.
As long as companies are operating faithfully within the law, they’re free to do that. And you’re free to criticize it and boycott it.
Companies like Apple and others should be allowed to be concerned about theft of sensitive data just as much as the government. Just because it’s not a matter of national security doesn’t mean it’s okay.
Nobody here is trying to discriminate against a race. The problem is having ties to relatives living under a government that is known for making people disappear. The same would apply for a white person with many relatives there, etc.
Your argument of companies not being allowed to take cautionary steps against a foreign government doesn’t hold water.
> I’m against corporations becoming their own extra judicial entities.
They already are, with most disputes being settled with Binding Arbitration rather than via the court systems.
Others have already pointed out though, that a company needs to act in its own interests and one of the things it would certainly find interesting is whether an individual is capable of being coerced into sabotaging/sharing corporate trade secrets.
Constitutionally speaking, the President does not require a security clearance; the President ex officio has unlimited access to classified information. If there are concerns the President may be vulnerable to foreign influence, the constitutional processes to address those concerns are election and impeachment not security clearances.
Is it a constitutional principle that no secrets may be kept from the President? Or is it just that the “security clearance” system is currently based on executive orders that the President issues, rather than Congress exercising its power to “make Rules for the Government and Regulation of the land and naval forces"?
According to the Congressional Research Service, "By virtue of his constitutional role as commander-and-in-chief and head of the executive branch, the President has access to all national intelligence collected, analyzed and produced by the Intelligence Community"
Source: https://web.archive.org/web/20110113190609/http://feinstein....
I think if Congress tried to pass a law limiting the President's access to classified information, the Supreme Court would likely find it to be unconstitutional.
True. Trump wouldn’t have qualified for high security access anyways just given his public relationship history, not even considering what an FBI clearances check would dig up.
> By that reasoning, a presidential candidate of Chinese descent who was a natural born American citizen but had relatives back in china would be disqualified
If large numbers of voters felt that, then they would never get elected.
> nowhere justified by the constitution
The voters are entitled to vote however they like; that's implied by the constitution.
> I accept that I do not qualify for a high security clearance because I’m married to a Chinese national
Then you essentially agree with me.
> I don’t think that should have any bearing on any other jobs that don’t require such clearances
I agree. The question is, which jobs should require such clearances?
Here's a very clear restriction you're faced with: You could never become a Chinese citizen. Why must be pretend that it's ok for this to be entirely one-sided? We should give what we get, imo.
The situation with presidential qualifications is one-of-a-kind special. Hiring at tech companies isn't spelled out in the constitution.
Constitutional requirements can also be changed, and it is long past time that we do so. The country has been around for 2.5 centuries, and now has hundreds of millions of people. We wouldn't suffer a shortage of presidential candidates if we required that all 4 grandparents (determined all possible ways) and all descendants and spouses have been born in the USA, along with all living ancestors and descendants of all of those. The job is simply too important to allow otherwise. (this would disqualify the most recent two, along with failed candidates like Romney and Cruz)
For tech companies we shouldn't be quite so extreme, but it also isn't good to ignore the problems.
You can't assume what ethical choices a person will make, before they make them. A Chinese citizen in that situation might find a way to get their family out of China, or otherwise find a way to avoid the issue, or just flat out refuse. You can't just take it for granted that you can't trust someone without much more specific evidence. That's a very greasy slippery slope towards justifying highly constructed justifications for discrimination.
Lessons are getting unlearned by concerning enterprise customers.
Yes, this is old school racism wrapped in company policy. Bigoted leadership in this country gives this kind of activity permission.
The wiser among us know historically garbage thinking when we see it.
China seems to have noticed how accusations of racism, xenophobia and "white supremacy" are a very effective button to push to try and get western countries to act against their own interests.
The thing is, coming from a country that is practicing cultural genocide against various ethnic groups, we can probably take those accusations and survive.
If a security clearance requirement suddenly makes it allowable it argues that it maybe isn't unethical, unless the argument is implicitly that it is ok to ask for unethical things when involving a security clearance?
> I hope we learned our lesson during WW2.
You can rest assured that we did not, I have zero doubt that if there ever was another war at that scale we'd have internment camps for nationals of the enemy before the end of that war.
> discriminating based on notational origin is a big no no from an ethical perspective
Yes it is. You know what's also a big no-no from an ethical perspective? Letting China win so they turn the world into a global dictatorship with concentration camps, organ harvesting and ubiquitous surveillance.
Sometimes you have to do a bad thing to prevent a worse thing.
Have you ever been to China? Such discrimination happens left, right and center. If you’re of an “acceptable” origin and have the right skin color, you might be ok...
I lived and worked in China for almost 10 years. I get that the foreigner glass ceiling is much lower there than here, and things like naked officials are actively discriminated against in government. That has nothing to do with the USA, however.
Well, it does. Because they will use your ethical values against you to slowly boil you like a frog in a pot 'til you find yourself in a concentration camp having your organs harvested. Sometimes bad things have to happen to prevent worse things.
Verwoed
and where it's different? look at distribution of people of color among boards of directors, senate etc.
Because there are less people of ethnic minorities than in the majority demographic. That’s why they’re called minorities. The key point is that they have a chance.
Depends "national security" is much more than defence industries back when I worked BT the team leaders on some projects where getting positively vetted for SC clearance - That's top secret in US terms.
Arguably now the FANGS are now CNI - which is going to suck if your on a H1B or Green Card.
Are we seriously going 9066 here?
Better place them all into internment camps. Just in case.
Discriminating someone because of their Chinese ethnicity would be hard to justify but what about Chinese citizenship (especially if it's the only one) or ties to China like family living there? Those would make someone vulnerable to pressure by the Chinese government.
No. As long as someone has a green card or citizenship, who cares where their family lives? The only exception would be for national security clearances, and those affect Americans as well.
The argument made in the thread is that someone could be pressured by the foreign government into leaking sensitive information.
Where an employee's family lives seems like the single most important point to consider...
Is it legal for a private US company to apply (some of) the same tests used to determine national security clearances in its hiring decisions? Or is the government the only entity allowed to make decisions that way? I'm genuinely asking, I haven't thought about this conflict before.
I never thought I'd see this level of xenophobia becoming widely acceptable in the United States. For everything educated Americans loathe about Trump, the one thing they've taken on board from him is fear of the Yellow Peril - which is probably the most dangerous aspect of his Presidency.
It’s not xenopohobia, it’s a hard problem. China actively exploits American tolerance for their own gain, and we have no good way to stem corporate espionage other than a blanket ban.
Even then, good old corruption of non-Chinese is still possible.
I'm sorry, targeting Chinese people on Green Cards is xenophobia. I'm not interested in whatever rationalizations are given for this sort of discriminatory behavior. The US is sadly headed down a path towards socially acceptable racial discrimination, justified by the new bogeyman - China.
The same argument would apply if the person was white and had many relatives in China. Or real estate, or other leverage that can be used against them.
You can’t ignore the fact that the PRC uses those things as leverage against people abroad in order to get information. Until that stops, what are companies and governments supposed to do? Roll over and allow espionage because we’re so tolerant?
I could use the exact same argument to propose banning Americans from GitLab. I'd also have much better empirical grounds for doing so, given how much is known about the extent of US espionage.
There's a growing hysteria in the US about China, which is leading to increasing signs of discrimination and harassment of Chinese people in the US. This sort of demonization of an entire country and the politics behind it (preservation of the US as the world's dominant power by containing China) are very dangerous. The thing that makes it most disturbing is the way people across the political spectrum have bought into the idea of the Yellow Peril, and are now okay with discriminatory policies, the trade war, and challenging Chinese territorial sovereignty.
I don't buy it. Yes there's a growing hysteria of China, but that's due to their government. It's not against the people in general. (Yes, yes, there's always an example of someone being racist/xenophobic. My response is there are always idiots who are racist/xenophobic. Citing them as an example of the populace at large is just lazy.)
People don't care about people from the ROC, aka Taiwan, aka China*. If people in our extremely polarized political environment are uniting on this, it's because it's a Serious Issue that needs to be addressed.
The ban applies to people living in China or Russia, not on chinese or russians.
Any american or european living in either country would similarly be affected by the ban. Untwist your knickers please.
It very quickly escalates to discrimination against Chinese people in the US, as evidenced by the highly upvoted comment I originally responded to. I'm sorry if I get my knickers twisted about people proposing an entire race of people pose a national security threat, but this sort of xenophobia has rarely gone well in history.
Chinese and Russians living outside of China and Russia will not be affected by the ban.
You keep calling it xenophobia even after you've been proven wrong when you claimed this is targetted at green-card holders. You are absolutely disengenuous and have no intention at good-faith discussion.
Read the GP comment, which says this is a good first step and then muses about expanding the ban to Green Card holders: https://news.ycombinator.com/item?id=21438366
I then suggest you edit out your erroneous personal attacks.