In 2010 WellPoint was found to be automatically targeting insurance policies of women with breast cancer for cancellation, using any pretext. Angela Braly was the CEO at the time, now at ExxonMobile. WellPoint was the second largest health insurer in the US at the time.
This required a lot of business analysis and software development - and people had to realize what this code was doing. I’m guessing bonuses were paid on the back of the “savings” this generated.
At the very least, these folks need to have their names permanently attached to this atrocity. These weren’t decisions made by “a corporation” - these people sat across a meeting room table and actually concluded that targeting breast cancer patients was an acceptable means to an end.
Lori A. Beer was the CIO at the time. Now at JP Morgan.
For good reason, modern law systems rarely issue punishments that last a lifetime. People can and do change, and something stupid (and illegal) you did 30 years ago shouldn't be held over your head today. These are rare cases for the absolutely worst crimes. For anything else, you receive a punishment, be it money or months/years in jail, and after that, you deserve a chance to live a life without ongoing punishment. Beyond knowing what you did, and remembering the punishment, which for most people is already a burden heavy enough.
I wouldn't ban them from management, just garnish their wages so they can only earn minimum wage (or minimum living wage). Also, no property ownership beyond a single home.
Depends where you are, I guess. In a prison-first rehabilitation-last country like USA, yes. In EU, many countries will close your criminal record after some years (7 in Estonia) at which point nobody other than law enforcement itself can see that you have a record. Not to mention that even if the crime you did was fairly recent, no company has the ability to check your background without your permission, and even then it is not something that is being done in the vast majority of places.
In other words, once you've carried out your sentence, in 99% of the cases it's done and behind you, and you can go on living a normal life without anyone else needing to know.
But if you're restarting your life after serving a sentence, if you're poor it will be very hard. If you have wealth you probably can easily put your crime behind you.
This is what people always say, but it sure seems like that guy was able to get a job as School Superintendent in Iowa. His past didn't get in the way of actually getting the job. It was only when ICE showed up that people noticed.
What horrible crime did that guy commit "firearm charge" you mean being told to put a hunting gun in the car then instantly ticketed for "improper storage" by a racist ranger? The horror.... So glad we got that one /s
Being struck off by professional organisations is a thing, though.
On the one hand I don't want the bar to this discipline raised. On the other hand, I don't want people like us (metaphorically) building bridges that tip every two hundredth car into the river.
Personal accountability with consequences that make fraud unpalatable means setting a high bar on white collar crime.
If you are saying that twentysomething founders should not be held accountable for the mistakes of their "youth," then you might be inclined hold the investors personally accountable for funding them--similar to parents being liable for their teenagers' driving mishaps.
I am disinclined to believe that Javice and his ilk are very much corrected by the Department of Corrections or later life experiences.
Sorry, but in this case I think 'lifetime' is very much appropriate. It's not like they're being sent to the electric chair. They were systematically ripping people off on what matters most to a person: their health. There is a good chance people died as a result of this. And since hardly any of these crooks ever goes to jail (but instead they get to do it again somewhere else) having their name out in the open for ever is very much appropriate.
I think this have to ve public Information, giving the right to decide to the next employer. You may employ them, other people may not. I would at least ask some questions.
An 18 year old (HS senior) and a 15 year old (HS sophomore) can have sex together and thats a statutory rape charge that will follow you the rest of your life.
And say its 2 17 year olds, and you take nude pictures to send to your partner. Now, having sex is legal here, but a picture? Thats possessing 'child sexual assault imagery'. Nobody would think 17 year olds are 'children'. Even the law routinely charges them as adults.
And getting a felony at all follows you around, unless you can pay the danegeld to have it removed. Of course, staying clean isn't sufficient. Paying $10k or more is.
Being forced to change the profession is not the same as being in jail forever or being unable employable forever.
> Beyond knowing what you did, and remembering the punishment, which for most people is already a burden heavy enough.
Like, seriously? These people do not feel bad, there is no heavy burden. They are proud of how they earned money, feel like any prosecution is grave injustice and would do it again.
Widely immoral people, whether in politics or business, dont feel sorry for who they are. They made those decisions because there was no moral dilema for them.
They are proud that they earned money, the how (positive or negative) is completely immaterial.
Others who want to earn money and are likewise ambivalent about the means will see a felony conviction for causing grievous public harm in the pursuit of giant piles of money as an endorsement and hire the "reformed" exec at the first opportunity.
It's a bit disingenuous to argue "they shouldn't get life without the possibility of parole" when in fact most of this economic white-collar crime goes completely unpunished, or at best gets a fine targeted at the company and never at the individual people who committed the crimes.
What is disingenuous is claiming that putting a crazy punishment on the paper will change anything when absolutely nobody gets caught.
If you tear apart whatever guarantees human rights exist on your places just so your can impose unreasonable punishment to nobody, then don't act surprised when somebody else uses it against real people you sympathize with. (And yeah, if you are from the US or some other place where lifelong punishment is common, you should be fighting to fix this, not to add support to it.)
On the other hand, you could be pushing for those people being punished at all, by reasonable crimes that your law probably already recognizes or that could be added without rotting your society. But yeah, maybe that's too much.
To the contrary. I do find it a disingenuous argument to say "most of this kind of crime goes unpunished, so the cases we do punish, we have to punish for life".
The solution is not harder punishments for those that are punished, but punishing more of them.
Isn't that exactly how the criminal justice system works? Because you know you're not going to catch all the criminals you want the punishment to serve as a deterrent?
Punishing more of them is easily said, when the crime is much harder to prove than shoplifting for example. And I'm skipping the fact that the shoplifter will be represented by an overworked public defender while the exec has a team of lawyers lined up that probably are payed by the company that got richer off illegal behavior
That's true. We judge people to be guilty and then they get a punishment. But after the punishment they have payed back their guilt and are now not guilty anymore, that's kind of the deal.
> These are rare cases for the absolutely worst crimes.
If "targeting insurance policies of women with breast cancer for cancellation, using any pretext" is accurate - I'm curious how that compares to the absolutely worst crimes to you.
Na, just ban all of them and all their families from ever having health insurance again so they can suffer the same fate they doomed others too intentionally . Make an example and all that.
It's counter-productive to punish someone for something out of their control. One should not be punished for his parents', siblings' or childs' actions.
We already have long-established legal precedent for dealing with such issues and much more. It can actually get quite complicated - which is why we defer to the experts and move slowly on such subjects.
It really seems like it's only complicated because there are an awful lot of people who want to do as evil things as possible and not go to prison for it
Loopholes and lawfare are the tools of the corrupt
You'd think so, but no. Most of the complications come from handling edge cases where the innocent would get swept up, while avoiding exploitability. Making laws that actually do what we want is HARD.
Laws are like code: It only seems perfect until it meets the real world. And the complications only seem frivolous until it's your ass on the line.
A few million dollars would probably cover months in the ICU, so not exactly common. A few tens of thousands would be a more plausible ambulance ride to ER followed by emergency surgery and a few days in the hospital, which still isn’t very common. Carrying a pregnancy to term and delivery can be similarly expensive though.
Are you implying random programmers, administrators, and managers at insurance companies have generational wealth? Then why are they spending their time doing those jobs?
Ah, but the family of the canceled policyholders should suffer for losing their mother/sister/daughters?
Make decisions to harm others, don't be surprised if it blows back in kind. Golden Rule is there for a reason. Treat others as you would have them do unto you.
Those families are/were more than happy with the standard of life being raked in by their breadwinner's willingness to make the unilateral decision to indulge in institionally driven statistical murder. So yeah, as one who walked away from Omelas in that sense, I think I'm pretty qualified to say yes on this front. After a certain point, a wife or husband not asking "so what is it you do exactly?", does rather reflect poorly on them.
Remember, every person working for an insurer has unparalleled access to data on what the effects of their decision is going to be. You can't claim ignorance once you've seen the glorified spreadsheets that run these companies.
If you benefit from receiving stolen property, does the law force you to return it? One way of interpreting your scare quotes is that the executives turned a health insurer into a law violating company.
Obviously there are burdens of proof and this is most likely not possible to prosecute (it sounds like the health insurer has already shrunk and based on the date of the anecdote above, I’m guessing the relevant statutes of limitations have expired.
> If you benefit from receiving stolen property, does the law force you to return it?
The general answer to that is: it depends on a lot of factors, but sometimes yes and sometimes no. The specific answer varies between jurisdictions, I think even between different US states and certainly between countries. It's often relevant whether you knew or should reasonably have known at the time of purchase that the property was stolen.
well it depends, if you buy a car stolen from me, then i should get the car back, no matter what. if you didn't know that it was stolen, you have a claim against the person who sold you the car, but not me. but if that person can't return the money, then you are out of luck, just as when you are falling for a scam. not your fault, but your damage nontheless.
>It's counter-productive to punish someone for something out of their control.
For people in specific classes that benefit from networks and status: it is not.
It should be default. If you abuse your power and position, it should have cascading effects not just for you but people that benefited from it.
This idea that only one person at fault when there are 10's of people that hide behind the crime is just non-sense and has done immeasurable damage to society.
And I stress again: it should be income bracket/class based. The higher you are, the harder the fall.
Collective punishment also has done immeasurable damage to society and I'm glad that most reasonable systems of law do not consider it legal.
Go after the guilty party and revert whatever benefits they got. If money went to dependents, that money is to be seized. But those who received the money are not at fault per se. Unless they helped in the crime, then they are obviously guilty too, but not of receiving fund but for helping committing a crime.
Same thing happened to patients with AIDS, in the 1990s. It was disgusting. May still be going on.
People don't really care about drug addicts and gay folks, though (there's a fairly significant number of folks that think they "deserve" it), so it didn't get as much attention.
In the 2010s, we had a similar situation but it wasn’t illegal.
I used to work for a large drug distributor both pre and during the opioid epidemic.
At the time (pre-SUPPORT Act), distributors weren’t required to notify the DEA about anomalous ordering so we didn’t provide data to law enforcement unless they sent a subpoena.
To increase profits, we identified our best customers of opioids and updated our inventory tracking system to send rebates and early warning notifications to providers so they’d buy more earlier.
Each provider has a sales rep (territory) mapped so we could figure out bonuses easily.
We the software engineering team were paid well for it, but not as much as the sales reps who got a percentage of the buy.
Judging actions taken at the time with the benefit of what we know now, is not a fair way to assess.
Sure we could say it was obvious they were pushing lots of pills. But this was a legal product.
Someone working for an NFL team trying to sell tickets , or for Starbucks trying to promote frappucinos, … these actions seem fine. We know the risks, but we acknowledge and move on.
But if it turns out that new data, 3 years from now, shows some huge uptick in head injuries among college players. Or high school. And we can attribute this to the influence of pro leagues, well…. The actions of the people participating in the enterprise now get considered in a different light.
Or if we gain new (as if we need it) data on the impact of sugar and caffeine on young people, then people who work for Starbucks or McDonald’s or basically any prepared food business, … we will judge them differently ?
People who decided to put lead additives in motor fuel had no idea that they would be causing brain disorders , generations down the road.
What do we do then? Refuse to take any action for fear of some possible future negative impact ?
It’s not appropriate to judge this way. We learn as we go, and we can say “if we knew then, what we know now…” but it’s not clear in the moment. A difficult line to draw.
I was hoping to get some insight/context into how they actually feel about it, rather than guessing. You can certainly come to peace with a past decision, change your opinion later etc etc.
I think it's still controversial whether manufacturers of substances are morally culpable for the result of people wrongly using them. And while you could hold the marketing or executive team accountable for trying to get people addicted to heroin, I'm not sure the same applies to programmers of an inventory tracking system?
Controversial in general, maybe. In the case of opioids and the pharm industry, absolutely not. It's been well documented at this point that pharm companies were well aware of the abuse, and not only did nothing to stop it, but went out of their way to encourage it because sales were going through the roof.
In the case of Purdue and oxycontin, the culpability has in fact been established in court as well.
As for the coders, I find it hard to believe that they were so ignorant, naïve, or unintelligent that they had absolutely no idea what was going on. I just don't buy it.
Regardless whether the rest of society finds the programmers responsible, the integrity of that society depends upon programmers in such situations holding themselves accountable. Apparatchik or moral agent? That choice remains ours.
I worked at a health care tech company in Silicon Valley that actively defrauded medicare. When the medicare inspectors came the owner's daughters had a bunch of their friends from college (who didn't work there) sit at computers and pretend to be working, then they told the inspectors all these random people were registered nurses and full-time employees who were helping patients (and thus being billed for). It was a total sham.
I reported it and quit but they managed to stay in business and keep getting government contracts.
It's so funny af that when people from the hood are doing it they get locked up or worse, and when business people do it they might as well be the president.
I guess there are some differences though. When a new pusher shows up in your territory you sue him, not going for a drive by.
If you think about it enough, most industries are doing terrible things. Work for an auto company? Thanks for the CO2 emissions accelerating climate change. Work for a consumer manufacturer? Thanks for the plastic waste choking oceans and landfills. Defense contractors? Thanks for enabling wars and killing innocents. Banks? Thanks for enslaving folks to debt and perpetuating economic inequality. Tech giants? Thanks for surveilling billions and eroding privacy on a massive scale. Social media platforms? Thanks for amplifying misinformation and fueling mental health crises. Fast fashion? Thanks for exploiting sweatshop labor and polluting waterways with toxic dyes. Pharma companies? Thanks for price-gouging drugs and prioritizing profits over access. Oil and gas? Thanks for fracking communities into environmental ruin and lobbying against renewables.
Almost everyone is contributing to terrible activities. Just different degrees of bad.
What is your point, besides potentially making yourself feel better about your industry? Those "different degrees" are what it's all about. They're the whole point.
Yes, voluntarily working in an industry where that "degree" is undeniably magnitudes higher than average just for personal gain, does make you quite the awful human. And "helping maximize the number of pills pushed to confirmed opioid addicts" is indeed a large number of standard deviations of "terrible" removed from the work the average person does.
Yup, working on recommender sysrems at places like Meta is
also quite high up there. Luckily the number of people who do this kind of work is minuscule when taken as part of the global population. Even more luckily, thousands of people on HN alone will forego such jobs even if it means earning less. I've done so myself.
The question was how GP felt about their particular unethical act, and it's consequences which likely includes multiple deaths. Since you are not GP, it seems unlikely that you can answer this question.
I fail to see the relevance of bringing up a different, and also unethical example, but I'll answer anyway. If GP said that they used to spend their time optimising software to be as addictive as possible in order to drive people into gambling addiction, destroying their lives and taking all their money while doing it, I would ask the same question.
It's a very smooth gradient from optimizing a sales funnel to writing gambling software. I don't know where the line is, but in both cases you're exploiting human psychology to make more money.
And its also why some of the anarchist folks I hang out with say there's no ethical consumption under capitalism. And definitely in areas, they're completely correct.
It is not much different. I would not worked for gambling company either. In fact, gambling companies have to pay more (and do, there are open positions) because their pool of potential employees is smaller.
The exact same question can be asked to developers who help target gamblers with attempts to push them deeper into addiction.
It's probably slightly worse because opioids actually kill people whereas gambling just financially ruins them (which can lead to suicide, but still I know which I would pick).
But it's only a slight difference. I don't think people who work at predatory apps/gambling systems should be able to sleep at night either. Not all gambling though; I don't have any objection to occasional sports betting for example.
But if you work for one of those pay-to-win apps and find some customers are spending thousands of dollars on it (whales), you know you're being immoral.
How is it different from smuggling fentanyl or taking hostages for ransom?
There will always be someone willing to do the work if the pay is good enough.
The former almost certainly causes much less societal damage than working for a pharma company that strives to get the whole population addicted to opioids, due to the scale constraints that come with running an underground business vs. an "above board" one.
Why do you think that gambling companies pay above the industry average for the required skillset?
Because luckily there are many other people with me who won't work for them, so they have a smaller pool of candidates and need to pay more.
Whistleblower protections need to be steel-solid. Then maybe just 1 person with a spine might be enough to get the story to the press and/or prosecutors.
> This required a lot of business analysis and software development - and people had to realize what this code was doing
Too many people are trained to not rock the boat and not ask questions. I'm always "that guy" in pretty much every meeting I'm in. Some people like me, but many don't. It's tough. On the occasions that all my questions are already answered or I have nothing more to say it's obvious how relieved people are. It would be so easy to just be a yes man and please people all the time, but I just can't. It's easy to see how selecting for people who aren't like me would lead to an organisation that is essentially psychopathic.
I was working with someone on a large government project. At the beginning I told him that we cannot pad our hours at the end of the year to run the contract out and then make up for it with extra hours in the next year like we do with business clients because it is illegal and further because it's a $1M+ contract could lead to prison.
Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao. I compromised by quitting and reporting it to the liaison on the project (a professor). It was very stressful because if I hadn't reported it he could say that I reported those hours, not him, and I could have ended up in prison.
You had record of your correspondance with the lawyer. All you had to do was report it to the liaison and keep punching the clock. Unless you were getting paid more because of the overages the enforcers dgaf about you.
>> Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao.
> All you had to do was report it to the liaison and keep punching the clock. Unless you were getting paid more because of the overages the enforcers dgaf about you.
That is not how fraudulent billing in a federal contract ends.
The DOJ prosecutors hammer the person documented as having submitted fraudulent billing and then go after everyone else involved. There is an outside chance in this case the innocent person originally identified does not get indicted and/or convicted of defrauding the government. But there is no doubt this process will cost the innocent person many thousands of dollars in legal fees just to stay out of prison.
The advice of "report it to the GAO" and then GTFO[0] is the way to go.
EDIT:
If a person continues to "keep punching the clock" knowing someone else is actively defrauding the government by "going into our billing software and adding hours to me", there is a nontrivial risk of being charged for conspiracy to defraud the US[1].
This is the attitude that lands otherwise-normal-seeming people in jail. They dgaf about you until they do. Maybe the prosecutor needs an easy win. Maybe they have a wealthy patron you offended. You don't know. And casual cheating becomes criminal very quickly.
Charlie Javice, to get back to the core subject, seemed to genuinely think she was on the right side of the line. All she was doing was faking some numbers for investors, right? Nine times out of ten, investors have already bet on the company and want to see it do well, and even if they catch a founder fibbing are likely to see more value in suffering along with it than in blowing it up.
Except in this case the investor was JP Morgan, not an incubator, and they had the prosecutor in the rolodex.
Startup culture, our culture right here, absolutely encourages cheating. And it doesn't give you a clean instruction manual to figure out how to stay out of jail, because there isn't one. The point above, while technically about government contracting, is absolutely of a piece with the same dysfunction. I think a lot of people in our world need to spend a little more time in introspection.
> I think a lot of people in our world need to spend a little more time in introspection.
Sadly, I suspect most or all of the investor class of people "in our world" have done this introspection. They've checked with their peers and lawyers, and decided it's a perfectly acceptable risk to have the founders and staff of a company they're already invested in do illegal things and potentially end up in jail, if it makes the odds of that company being a 100x exit - so long as the investors and their staff are all insulated from the illegal behavior and jail time risks.
> They've checked with their peers and lawyers, and decided it's a perfectly acceptable risk to have the founders and staff of a company they're already invested in do illegal things and potentially end up in jail ...
No legitimate business person I have ever met holds this position, if for no other reason than criminal acts pierce the corporate veil[0].
> ... so long as the investors and their staff are all insulated from the illegal behavior and jail time risks.
> > ... so long as the investors and their staff are all insulated from the illegal behavior and jail time risks.
> There is no such thing.
Sure there is. You can never request an illegal act, never commit an illegal act, but create a culture where others become incentivized to do illegal acts. This can be done in sufficiently subtle ways that it's impossible to prove it was intentional.
> No legitimate business person I have ever met holds this position
Well, sure, that's true. But only because that's a no-true-scotsman fallacy in incubation. All these perps are "legitimate business people" until they aren't. And they cross that rubicon, almost to a person, still believing that they're legitimate business people and that this is all a clever hack.
It looks obvious only in hindsight when you're looking at the indictment.
What gets them in trouble is the clever hacking, not a fundamental moral flaw. Or conversely, we need to start treating clevery hackery with a lot more suspicion. It's fine to "cheat cleverly" in software design. Outside that world it's got some pretty ugly externalities.
> What gets them in trouble is the clever hacking, not a fundamental moral flaw.
I think you've got that backwards. Crims gonna crim. A clever hacker will evaluate ALL the risks, whereas a moral flaw blinds people to risks. Doesn't mean somebody can't have both attributes.
I quite literally stole an education, and there's a college transcript to prove it. I was a clever hacker, and I worked hard; I was aided and abetted by the college administration, inducted into the Masters candidate ghetto as an honorary member. When they made it a felony I quit that path, and following Hunter S. Thompson's advice [0] I went into business so that I could continue learning "on the job". (Nowadays they call it "OPT". Served today with a very thin glaze of sarcasm.)
During that tenure I met people who wrote theses for a living, who appreciated my industriousness and offered to admit me to their fold. I drank with foreigners ("muslims") who wanted information I might have or be able to obtain; I suggested that they get their home countries to forge documents and and then get admitted as students.
I've quit jobs after an appropriate "honeymoon period" when I still hadn't been furnished documentation demonstrating that we had customers' permission to be doing what we were doing. I've quit jobs when government compliance was considered a game rather than a minimum standard of performance. [1]
I pass government background checks just fine; no reason I shouldn't. I get the "dgaf" attitude, but I strongly suggest getting it in writing. Doing things off the books is a cancer; and it's contagious, like that 10,000 year old dog cancer which now moves from host to host.
[0] "When the going gets weird, the weird turn pro."
[1] If you need somebody who takes risk assessment seriously, we should talk.
Once more, this is a no-true-scotsman argument hanging on your added adjective "clever". All the frausters and criminals in the linked articles were "clever hackers" until they weren't. You probably are too.
Introspection and humility are among the hardest skills for hackers to develop (probably harder for us than for the general population, honestly, as our cheating gets rewarded!), and they're exactly what are being demanded here to keep us out of jail. And I'm pointing out the fallacies inherent in all the "it would never happen to me" argumentation.
I'm not sure it's even at that level of rationality. People just don't think bad things will happen to them, either through naivety or a mistaken belief that they're so superior they'll never be caught. Jail is something that happens to other people, stupid people, not to me.
I think people are either too worried about things like this or not worried enough - no middle. For every time I've heard of rich people thinking they can get away with ridiculous scandals I've also heard someone being discouraged from legitimate economic activity because what if some really unlikely thing happens and lands them in jail for dumb reasons.
The latter type of people don't become businessmen, of course, so the selection bias is for the businessmen to all be from the unworried people.
I wish I could tell a story. Alas, I can't. It turns out that large corporations are excellent at hiding evidence of wrongdoing, and will do everything to cover the backside of high-level execs, because stock price matters. When it's bad, the exec leaves for a "better opportunity", and none will be wiser. The stress of the honest, serious engineer(s) remain, and the exec gets a free ride to their next big beautiful step up the ladder. In retrospect, don't follow internal reporting guidelines, and don't talk to internal lawyers. They either are incompetent or competent, but paid to swipe stuff under the rug -- you'll never find out either way. Instead, go to the relevant regulatory agency, write a detailed report to them, and let it play out.
It depends on the country. It’s not possible to operate large companies in Hungary without paying to the prime minister’s family. When I lived there, I signed a paper at a large multinational company as a simple developer. The paper’s only purpose was to channel EU funds to the family. I was naive, and I thought that it’s a real project, with real work. It wasn’t. Later I realised why some of my coworkers were against it, but I didn’t believe that that company would go down on that route. I was really naive.
It's extremely fucked up that the EU has this kind of kleptocratic autocracy in its midst not only stealing billions but actively sabotaging its operations, when people have been warning about Hungary for 15 years (the Tavares report is from 2010 I believe).
It's funny seeing America, and making the same mistakes. We're humans after all.
The transition in Hungary was really seamless. Step-by-step. The Tavares report was still mainly about possibilities. The laws and the new constitution were already there to use them, but they still didn't use their full force. They could pretend that it's a democracy. They still pretend it, and most Hungarians still believe it, even when the government rules by decree for over a decade now, with elections with not equal playing field at all (opposition needs to win over 10% to be 50-50 with the ruling party).
And they're on the next phase. There is a new opposition leader, and it's way more difficult to pretend democracy now. The most interesting is Orban's used to be supporters. They switched like nothing. One day, an opposition adjacent podcaster was satan itself, the next day, "she's all right after all". One of my friend and his siblings argued against Orban with their parents for more than a decade, then the switch was instant. The parents will still choose badly next time, for the bad reasons, and they will allow to happen this again. When MAGA collapses, you can expect the same thing. There won't be any self reflection.
I was asked to sign off on an R&D tax claim for my team's work. I reviewed it and said no. Was then sent to a meeting with the accountants who explained the claim was based on what the CEO had told them. We went through the details and the agreed with me on most things. I also discovered that we were entitled to claim for things I wouldn't have known about and the CEO discovered that just because the credits were for R&D the legal definition didn't allow for normal development work.
In this instance nothing intentionally illegal was being attempted. However, had the original claim been made it could have been considered fraud. In these sorts of situations I always ensure that the company put me in contact with the professionals that can indemnify both the company and me from any wrong doing. Provided we tell the truth.
This happened to me too, the claim was outsourced to a contractor who had never interacted with myself or anyone on my team - the only devs in the company - resulting in a purely fictitious depiction of what we did.
> If you take one lesson from this, it’s that you can always say no.
I fully understand why this is true, but it seems to ignore any retaliative measures that the management could take against the person who says no.
With the benefit of hindsight, any such retaliation would be weaker than ending up in an orange suit. But the person has to find the guts to say "no" without that hindsight.
I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job. The law is the law, and there is no excuse for breaking it. Your manager is certainly culpable, but if you act against the law, you are culpable as well.
The exception is if you fear literal physical violence against you or others, or are being blackmailed or something, then of course you are being coerced and have no choice. But "losing your job" does not rise to that kind of coercion, in my opinion.
Not saying it's easy, it's a horrible situation to be put in and I have huge amounts of sympathy for a person who has to experience this. No one is perfect and act with faultless ethics at all times. But hard or not, it is your duty as a citizen not to violate the law.
I think, for most people, getting the shit beaten out of them is a preferable outcome to losing their job.
For most people, their job is the only thing standing between them and being homeless, losing their car, losing their kids, their partner, etc.
This is why having a culture that treats firing people as no big deal leads to wack ass incentives. You can make people do almost anything if you threaten their job enough.
It does in some places. Firstly banks will usually let you pause or significantly reduce mortgage payments while unemployed. You then make up for it with increased payments (for a period of time) when you regain employment. There is also government help in the form of a loan to pay the interest on your mortgage while unemployed if you've been unemployed for a certain period of time (longer than the bank grace period).
Countrapoint is that these dilemas are NOT dilemas of poor people struggling to feed their kids.They are dilemmas of well doing middle class who in fact, can find another job.
Seriously, we hear the "but the job, but the potential pay raise" exactly as often in a good economy from people having large salaries.
They have choice. They are choosing the fraud over ... still high salary but just not that high.
One can only conclude that the VW engineers were uniquely immoral, since they have a safety net and nonetheless committed massive scale fraud. At least in America it's coercion. In Europe, it's willful evil.
The cases in the article were software engineers in the US, and at FTX. Two were engineering directors and the third was a senior engineer. If any of them didn't have plenty of emergency funds set aside, they should have seriously rethought their spending.
I know plenty of people who saved for years to get a downpayment for a house and then used all of that for just that. After that, it will take a while to replenish their emergency fund with very little margin of error. A job loss would be devastating.
My claim is that that's a bad decision, for exactly that reason. Job loss can happen for any number of reasons, often without warning. Getting a mortgage without any cushion for job loss is a huge risk.
Note also that I'm talking about highly-paid software engineers, not about people in general. Lots of people in the US make way less money than senior software engineers, and they manage to get by. Live at that level and secure your emergency funds first, and you'll be a lot more comfortable dealing with any ethical quandaries at work.
No, you’re claiming they have a spending issue, with the typical judgemental holier-than-thou undertone. My example is not that.
And I’m talking about my SWE neighbors in SV who have a desire to buy their own house just like almost everybody else. It’s just wrong to claim they have a spending issue.
They may be highly paid, but the house prices are commensurately higher too.
It is nearly impossible in the US in general to buy a house without taking on some amount of financial risk. It has nothing to do with being wasteful with money.
I mean, it's been the standard personal finance advice for decades. Step one is to set aside six months of emergency expenses. If you have an above-average income, you're capable of doing that. It's not "judgmental" to point out that this is indeed an intelligent strategy, just as advisors have been suggesting for years and years.
You yourself said that for the people you know who bought a house without that, "a job loss would be devastating." So you seem to agree with me and the personal finance advisors.
I did not say they had "a spending issue" or that they were "wasteful with money." Those were your terms just now. I simply said they should have rethought. You're turning that into some moral judgement, when all I'm saying is that it's bad strategy.
> Lots of people in the US make way less money than senior software engineers, and they manage to get by.
No, I'm pretty sure this is getting less and less true actually. Credit card debt is at an all time high. Homelessness is rising. Medical debt is crushing.
Indeed, any sufficiently wise man would prefer to place himself in a position of precariousness so that all his acts of crime can be attributed to the man who employs him. Only the financially careful face dilemmas. The spendthrift fears no judgment from society having forced his choice function into an identity of his employer's.
"losing your job", for a lot of people, is extremely effective coercion.
We are not talking about luxury here. A lot of people depend on their salary to pay rent and put food on the table. This is even more pressing if you have a family that depends on you, if you are in need of healthcare, etc.
What your post fails to recognize is that in the current system, labor is already a form of coercion. You need to work because the option is homelessness and starvation.
If you can avoid those even when unemployed, you are extremely privileged.
380k homeless in UK. 262k in Germany. 122k Australia. 650k in USA. The per capita math is left for the reader but I don't believe there is much distinction here .
You're right, the numbers are very close to recent official figures. I looked them up to calculate the per capita rates. So USA is actually better than other countries? Kind of defeats these arguments here - interesting. (By the way I’m not from us)
Based on the latest available data (mostly 2023) and current population estimates:
* *UK:* ~56.0 per 10,000 people (1 in 178)
* *Australia:* ~45.4 per 10,000 people (1 in 220) [using 2021 census data]
* *Germany:* ~31.0 per 10,000 people (1 in 323)
* *USA:* ~19.4 per 10,000 people (1 in 515)
The per capita distinction is more significant than the raw numbers suggest.
(Note: Methodologies for counting vary by country, which can affect direct comparisons.)
Your last paragraph is doing a LOT of heavy lifting. TLDR: the US figures should be WAY higher if you expand the definition of homelessness like those other countries do.
More research shows the U.S. rate looks lower largely because it uses a narrow, one-night "Point In Time" measure that excludes many precarious living situations other countries intentionally count. If you harmonise definitions, the U.S. does not outperform high-safety-net countries; on unsheltered homelessness in particular, it fares worse.
In UK official usage, being legally homeless often includes people the state is actively accommodating; it is not limited to street homelessness like the US PIT figure. In Australia, their figures include couch surfing (staying temporarily with other households and those in “severely crowded” dwellings). In Germany, apart from again having a more expansive definition of homelessness, their figures also include ~130k Ukrainian refugees.
Just one example: the US figures should at least include >1.2 million students experiencing homelessness.
also, despite being homeless people in germany can get financial support and healthcare, which was the original point about the fear of losing your job. and losing your job in germany does not make you homeless. you'd have to get evicted from your home (but not for failing to pay rent, as you would cover that with the financial support) so the group that is being talked about in the original paragraph that fears losing their job, and the group that is homeless in germany have nothing to do with each other, because the first group does not exist. most of tho homeless in germany never had a job to begin with.
I think the risk is somewhat higher than just losing your job - you are potentially burning your whole referral network in the process (especially if you end up with your name in the press during any resulting prosecution).
For a junior engineer it may not be that hard to fly under the radar, but senior/staff level folks tend to be well known by the execs. And execs talk, they call their friends to vet future hires... burn your execs, and maybe you don't work in that town again
> I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job.
When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions. Most parents will risk whatever legal ramifications to care for their kids and that's inherent moral and ethical, even if the downstream outcome is not. That is because it is the socioeconomic system rather than the individual who is acting immorally.
> The law is the law, and there is no excuse for breaking it.
This is an infantile view. The law is a framework and there are lots of circumstances where breaking it is not only excusable, it's the only moral action.
> When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions
This is the time when your ethics are tested. Anyone can do the right thing when they're getting paid for it.
Nah. I’ve been in the exact situation you describe and it’s pretty obvious tbh. Loss of a job is a temporary setback. Being locked up in a jail is a permanent one.
> There was a lesson to learn from the holocaust. We're always reminded that: "Never forget, we've learned our lesson." "What was the lesson?" That's the question. The lesson is, "You're the Nazi". No-one wants to learn that; If you were there, that would have been you. You might think "Well, I'd be Oskar Schindler and I'd be rescuing the Jews." It's like, no, afraid not. You'd at least not be saying anything. And you might also be actively participating. You might also enjoy it.
Hindsight theoretical morality is very different from experience on the ground, where peer pressure, stress, uncertainty, exploding situations and fog of war come into the mix.
Seems like a better lesson would be "don't be the Nazi."
It's not like it's impossible. The Nazis arrested 800,000 Germans for active resistance activities, and several hundred thousand Germans deserted the military, many of those defecting to the Allies.
It wasn't a huge percentage, but we don't know how many actively resisted without getting caught, or resisted in more passive ways. And that was resistance against the Nazis, who had no qualms about killing resistors. Risking or quitting your job to not only do what's right, but avoid getting in trouble with your government, isn't in the same ballpark.
I thought the lesson was to not base your morality and what you are willing to do on the laws, because they can change at a whim. And for the democratic politicians, don't play with fire and take problems seriously.
You might want to think about why Petersen wants you to think you’re the Nazi. What change is he trying to effect in our culture, and how does that belief support his desire? Rhetoric always aims to effect some change in the attitude of the listener, and never without some benefit of the speaker.
Not that person but the my take on their take is that Peterson is greasing you up to accept more authoritarian control since he puts you in the in-group of the oppressors to ease the societal drift.
I don't necessarily agree. I think he is pointing out that people morally grandstand and the majority will not act out how they say they would.
> You might want to think about why Petersen wants you to think you’re the Nazi. What change is he trying to effect in our culture, and how does that belief support his desire? Rhetoric always aims to effect some change in the attitude of the listener, and never without some benefit of the speaker.
What benefit do you think he's trying to get from it? I'm honestly trying to figure out the nefarious angle and coming up blank.
It seems to me like a very similar sentiment to that great "are we the baddies?" sketch from Mitchell and Webb. [1] I see both as an exercise in moral humility.
See the Milgram experiment, or the Asch experiment. Most people do cave to pressure from authorities and the group. Everybody believes they're they exception. Statistically, most of them are wrong.
We're not talking about living in a totalitarian state and breaking the law by aiding the resistance here. The cases in the article is like committing financial fraud or faking customer data. And then, yeah, I do think there is no excuse for going along with it, you have a duty as a member of society not to do such things, even if it costs your your job. It's not easy, and as I said I have enormous sympathy for a person in this position, but there is a clear right thing to do, and you have an obligation to act accordingly.
At least in the case of engineers, we're talking about highly compensated people. You should have a solid emergency fund put together within a few months of starting your career. From there, it's on you to not put yourself into an economically precarious position. People who are making multiples of the median household don't have food/shelter as an excuse.
Not that it's much of an excuse for everyone else either, but with people in the professional-managerial class it's absurd.
Globally, most software developers are not highly paid and certainly not enough to be above financial pressure.
Becoming a whistleblower or refusing unethical demands can also lead to being blacklisted, as in most industries, loyalty is valued more highly than ethics.
If you want to fight corruption and unethical behaviour, start with a just society that doesn't tie a person's value and well-being directly to their income. Otherwise you're fighting incentives and will never win.
You don’t get to a just society by not fighting corruption. Ask yourself not what “engineers globally” can do, but what you can do. Historically, pressure from the educated middle class has made huge impacts on culture and society.
To get rich at your software startup is not one of the situations where you have a moral obligation to break the law. None of these people were stealing bread from the rich to feed their children.
Right, saying outright that Thoreau was wrong and also that pretty much every famous person who took him to heart was wrong too is a rather strong position to take and likely very, very hard to defend.
Or, for a more obscure example, that Antigone should just have said 'yes daddy' and left it at that with the play ending somewhere in the initial conversation with Ismene.
> But "losing your job" does not rise to that kind of coercion, in my opinion.
it depends how many friends and family you have in the area that can host your whole family that is now homeless. it depends how much disruption you are willing to inflict on your kids definitely right now as opposed to maybe in the future.
The threat of retaliation - in the form of being fired, harassed or moved to a dead end position - is very scary to a younger engineer. But from a rational point of view it's not very strong (HOWEVER many managers or CEOs are far from rational.)
- Firing someone has large costs to the employer. You have the job because you are needed. Same for side-lining someone or not promoting them.
- Firing someone removes the final incentives against that person reporting the deed to the govt. It pushes that person toward reporting instead of softer "negotiated" steps such as continuing to argue for legal alternatives or discussing it with an intermediate rather than outright reporting. And many corporate legal or accounting people are amazing at finding alternative ways to achieve the same result in a not-illegal manner.
- A lawyer can help you much more once there is retaliation. The company might end up fighting both the fraud reporting AND the retaliation.
Just firing someone is not a great "solution" for the company.
Letting you believe that they will ... that's very powerful.
(and probably all this is caveat: in countries where retaliation is illegal enough and commonly taken to court or settled. which is not worldwide.)
This is why whistleblower laws need to be stronger (e.g. retaliation means automatic jailtime even if the whistle was wrongly blown) and rewards need to be larger.
Software developers should sign a code of ethics, like other professions do and then cite it when asked to do unscrupulous things. This would work for activities that aren't illegal but still unethical, like defaulting user privacy choices to open/public. Citing professional organizations like ACM or IEEE would deter retaliation.
No. I oppose any formal requirement to practice software development. And this isn't because I disagree about the requirement to be ethical, but because it would draw a moat of "professionalisation" around software development, excluding new entrants. It's a fashionable trend across many disciplines: it starts innocuously with informal groups and seminars. Then someone starts one or more professional bodies which devise some sort of qualification. Then they start charging a yearly or triennial renewal fee for that qualification. Then they try to make it impossible to get work without their qualification. The profession comes under the thumb of people who spend their time getting on to the committees which control these professional bodies.
That can be reasonable for something like medicine or structural engineering. But is it appropriate for a developer cranking out Javascript or Excel macros? This is pulling up the drawbridge behind you, excluding anyone who comes to the profession through informal means - and in my generation, that meant almost everyone. It also means that you will need to determine how much of your time you dedicate to politics.
No, it's just a bunch of counter-intuitive rules that if followed make life better for both the developers and their customers/bosses. (On most circumstances, not all.)
If the customers/bosses do not even allow those to be followed, what chance do you think some pro-social rules with actual costs have?
We are using the term 'software engineer' in two different ways:
1. The way most people here on HN, and most people in the US, understand it.
2. The way the laws in most of Canada (but not Alberta) define the term.
AIUI someone can design and develop software for pay in Canada without declaring themselves to be a 'software engineer' and without signing a code of ethics.
It's unclear and barely enforced in Canada. Ontario has a two-step test for defining "software engineering":
* The development of the software required the application of engineering principles (ie. "a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software")
* The software concerns the public interest (ie. there is a reasonable expectation that failure or inappropriate functioning of the system would result in harm to life, health, property, economic interests, the public welfare or the environment).
In practice, LinkedIn is full of "software engineers" and anyone with a P. Eng uses it as a suffix.
Yes, the Hippocratic Oath works quite well even if it has no legal underpinnings, so why not use the same idea for developers? Indeed ACM and IEEE could draft one.
It only works because doctors have a self-governing body of other doctors as an oversight, usually called a chamber, board, Kammer, etc. This chamber is responsible for licensing doctors to perform medicine and has the power to withdraw that license upon violations of the Hippocratic Oath, other ethical violations and other professional misconduct or malpractice.
Unless you want this kind of arrangement for developers, the oath isn't any good.
Also, the Hippocratic Oath has tons of variants, nobody uses the original one anymore because there are things in there that went out of fashion over the last 2000 years. E.g. operating on people suffering from kidney stones used to be prohibited: "I will not use the knife, not even, verily, on sufferers from stone[...]" (https://en.wikipedia.org/wiki/Hippocratic_Oath ). Similar prohibitions exist nowadays for abortions or euthanasia, but only in some places. In others, doctors are free to or even required to perform those. In software development, I would imagine even more variety in the allowed/prohibited-list.
Our board would be packed with Scrum lords smacking down on missing field entries in Jira tickets.
I would like more 'philosophy' in CS education. Just that people are aware of the methods used against them helps alot. It is hard and takes time to discover stuff on your own. It took me like 5-10 years of working before I realized how the sausage is made.
not only, in most countries operating as a physician requires a license to operate. It can be revoked if the professional violates the terms of the license.
If software had such a thing, it would be possible to achieve something similar. It is not the oath per se that keeps doctors on the righteous path, it is just as much the treath of not loosing your job - but having your professional status revoked (i.e. permamently loosing the ability to work).
On the other hand, reviewing code every now and then, it would be good if you could revoke programming privileges for ever for certain individuals.
I absolutely want this arrangement for developers. We need to grow up as a profession, and take responsibility for the consequences of our actions.
This isn't the 90s anymore. Today there's practically nothing you can do in the modern world without interacting with software. Buying food, going to the hospital, travelling, communicating, voting, going to school, using anything electrical, anywhere. Our society is completely dependent on software at this point. The fact that there's no professional ethics code with the appropriate oversight for the development and maintenance of software is utterly insane.
The points you bring up about the Hippocratic Oath are important problems to solve, rather than reasons not to try.
Not taking away from your point, but just a PSA: For some reason "First, do no harm" is synonymous with "Hippocratic Oath" in pop-culture. Just a reminder that this is apocryphal: https://en.wikipedia.org/wiki/Hippocratic_Oath
Surgeons, in fact, often begin with harm. To replace a hip joint, they necessarily must begin by causing great trauma to the body by cutting it open and removing bone.
That's far too literal an interpretation of harm. The point isn't to never do any kind of "physical harm". It's about doing the least amount of harm possible/necessary in any situation, where doing nothing can also be seen as causing harm.
I had a burst appendix as a teenager, leading to peritonitis. To treat this, surgeons were going to operate laparoscopically to remove the appendix and fix remove any contamination in the peritoneum. Obviously this required damaging my skin, removing an organ etc. which in the strictest sense is harm. But doing nothing at all would obviously lead to sepsis and death, so this was still the least harmful intervention. During the surgery, it turned out that the laparoscopic method was hard to carry out due to obesity and other factors. The attending made the decision to convert to a laporotomy, doing even more harm to my skin and leaving me with a 30 cm scar on my stomach. But it was the right call because it maximised the chances of accomplishing the goal of the procedure(preventing imminent death), minimising the risk of serious complications.
And here I am almost 20 years later. I have a scar, I have some adhesions that occasionally cause moderate abdominal pain if I don't eat enough fibre, and perhaps my lymphatic system and gut flora are very minorly compromised in some nebulous way due to the lack of an appendix. On the other hand, I'm alive. So yes, they "did harm", but they also minimised harm. And they didn't do any unnecessary harm, to the best of their ability. And that's the point of the ethical principle.
Casual of research shows that the ACM's Code of Ethics can be traced back to its Guidelines for Professional Conduct in Information Processing dating back to 1966 (https://www.acm.org/code-of-ethics/1966-acm-code) and the IEEE's Code of Ethics can be traced back to a precursor organization's Code of Professional Conduct dating to 1912.
I remember reading that no med schools in the U.S. use the actual Hippocratic Oath anymore, although it seens that most schools have sone form of oath.
Why do you believe it works? I don't particularly get the sense it has any effect whatsoever, particularly in cases where doctors are pressured to do harm. (There's also a lot of ambiguity left in what constitutes "harm")
Yeah some people choose to wear rosy glasses when it comes to the medical profession. They can see corruption around them but they can't imagine it exists in every walks of life. Kind of gell-man amnesia.
The code of ethics would need to be absolute, enforceable, unambiguous (without lawyers to interpret), and universal to really eliminate these activities.
Software engineering could become a real profession with licensing like mechanical, electrical, chemical, civil, and other engineering professions. If you do something unethical, you could be sued for malpractice and lose your license to practice.
The code of ethics for Professional Engineers works even though it isn’t any of the things you say are necessary.
Licensed professions only serve to increase the scarcity of licensed professionals, drive up the price and thereby form an economic cartel. Neither does it prevent any of the aforementioned disasters, nor are the responsible professionals held liable.
"Licensed professionals" is one of those myths in software engineering cycles that won't die. A license won't make anyone competent. It will, however, provide them with an excuse to charge more, do less and ascribe any fuckups to "must be something else wrong, I did everything to board standards"...
That's a weird set of anecdotes you've chosen. The first half of those incidents are in fact the opposite of what you seem to be complaining about: finding the Professional Engineers that signed off on the mistakes in the project is hard to do because they happened in countries that failed to regulate Professional Engineering licenses.
The Chernobyl disaster is an operation mistake, which a Professional Engineer may have signed the process for operation, but an operational failure to follow process is not the Professional Engineer's fault. Sure, a professional will try to narrow processes to be as fool-proof as possible, but you can't entirely blame a professional that the planet is capable of generating far more fools than you can plan for.
The Fukushima disaster actually shows Professional Engineering consequences with multiple engineering groups doing analysis and investigations of what went wrong and whether or not to indict Professional Engineers involved in the construction. None of those moved to such indictments, but it was investigated at length. Three of the executives of the company were indicted as a part of those investigations (and then were judged "not guilty" in a Japanese court of law).
"Licensed professionals" is not a myth. A license isn't about making anyone competent, it is about applying consequence when they aren't. It's also about having your back when you are worried about possible consequences. "I can't do that because I would lose my license" is a threat companies have to take seriously. If your company wants to force you to pursue it anyway, you can take the issue to the Ethics Committee at your licensing board/professional organization and they can help you examine the legal, ethical, and moral implications in a way that could result in consequences to your company. If all of that is documented and the company still does it anyway it is easier to get legal consequences applied to company executives, such as real, deserved jail time.
In the Brumadinho case, five engineers were arrested and charged and jailed. They are out of jail and a criminal case is ongoing.
In the Bhopal disaster, seven engineers and executives were convicted of causing death by negligence and give the maximum penalty (which was pretty weak).
The Chernobyl incident led to Anatoly Dyatlov to be jailed and getting a 10-year sentence.
For Fukushima, some people were charged with professional negligence causing death but they beat the charges in court.
Licensing will not make anybody competent. But it can help keep incompetent people out of our field. When Engineers screw up, their malpractice insurance may get too expensive for them to continue to work in the field. When management asks for something unethical, it gives a pretty good reason for pushing back.
Which is why I think the ACM's code of ethics is good for someone looking to be introspective about right and wrong but would be terrible as the basis for a legal code of ethics.
The scope would necessarily be narrower and "permit" more unethical behavior but for violations to be enforced by peers it has to survive the eventual "oh you're making a big fuss over nothing, you won't lose your license" problem.
You can never make these kinds of things unambiguous. People are really creative about inventing interpretations to make things ambiguous in their favor, and rule systems are really complex.
More to the point is trying to be an ethical island in an unethical society, You'd have to deal with constant attacks from the "anti-woke" crowd.
If you are to be found in violation by DAO jury vote, you will be blocked from all private torrent trackers and usenet groups (we just have to make sure all of them mods are onboard mkay), with threat of ban for repeat offenders.
You may also find your support tickets everywhere languishing and x months of CAPTCHA-hell on every website.
I wonder how would that work when you are working for companies like Lockheed Martin, knowing your code will be used in weapon that may kill innocent people.
Presumably similar to how it works for the professional Mechanical Engineers and Electrical Engineers they already employ. Ethics are subjective and nuanced. Ethics are also different from morals. Some people can live with the moral quandary that their work may do harm to innocent people and still have the ethical belief that they are doing the right thing generally and that their work does more good than harm. (I'm not one of those people myself with regards to the military-industrial complex, but I respect my friends that are have sat with their morals and weighed them into the ethical frameworks of how they do their jobs and what they feel about doing their jobs ethically.)
It's easy, you just tell yourself that all of them are the enemy. As long as you outsource your morality and thinking to the Department of State, you can sleep easy.
For a little bit I worried about that, wondered whether I would be morally comfortable working on that technology. Then Russia invaded Ukraine and I snapped back to reality. The consequences of even vaguely good actors not having missiles are worse than the consequences of those actors having missiles. Because you better believe Putin and his ilk are going to have them.
I have promised to resign (and fully would have) when asked to implement something that would put customer security and privacy at risk, when such concerns were in their infancy; more than half a lifetime ago but in the dot com era when I had actual value. Our client, a very large organisation, became aware I had an ethical concern my own bosses didn’t share, listened to me and changed their policies to eliminate my concern.
People who work in the Valley for fifty, a hundred times more than the poorest in their own country often do not seem to feel the same way anymore.
This is not a question of abstract ethics, but a question of simple professional integrity. If the thing is bad and risks harms, you don’t do it.
It’s part of why I work for myself now; it’s not difficult to spot people who do not have a strong sense of ethics and simply not work for them. I work in a couple of fields where there are many non-ethical players, and can do so with a clear conscience.
While not explicitly illegal, I was building out part of a product for an international company with a massive userbase (hundreds of millions) and discovered a slight issue: their api required no authentication, had no rate limiting, and an easily discoverable request format. Anyone could make a simple request with a handful of digits and get a complete history of that product, revealing very intimate details about the users in every aspect of their lives.
I don't get nervous easily but it made my stomach turn, my palms started sweating. I told my boss, we told our boss, who went and pulled the CEO out of a meeting. I was given signed documentation on company letterhead that stated I raised the issue and also detailed how our company had informed the customer, along with a modest cash bonus and they bought me most of the furniture in my house (no taxes!)
The company came back to us and said "we know, we built it like that on purpose". Incredulous but reassured that both myself and my employer were not facing any liability, I finished the product and it shipped. Predictably this was exploited within a few years and made national news when it was used against prominent political figures.
There are still no legal mechanisms in place to enforce any kind of security for this class of product.
It's easy to armchair quarterback these things, and in retrospect, the actions that innocent people should take are probably obvious. At the time I don't think it would be so easy.
There is lots of pressure not to take action, because of the feeling you're overreacting, because you've had things explained to you in a way that minimizes or removes the criminality, and because your job is at stake.
And crucially there is never some black and white issue. If your employer told you to murder someone, it would be easy to say no and know you did the right thing. If they tell you to incrementally go along with some grey area thing you're not sure the legal status of, it's way harder to know what to do.
People still have to be accountable for their actions of course, ignorance is no excuse. But we all should hope we're never in such a situation to begin with rather than thinking we'll know how and when to act.
The article makes it sound clear sure. But then the article has been edited.
I would not have been surprised if the 5 million user thing was couched as some sort of "we need to generate some realistic test data to load test our systems <WINK WINK> - please create 5 million accounts very similar to these paying ones, remember this is testing so they need to be as realistic and believable as possible <WINK WINK>".
If I got that request (perhaps without the winking!) come down the line through the usual channels I'd probably have gone along with it without realising it was for anything nefarious. ...but then would that be a viable defense?!
I think this skips over an important fact from the article - the head of growth + CEO were in the room making this request, then the eng director raised concerns, then they assuaged his concerns by saying it's ok for 'investor purposes'.
I can see the situation you're describing, sorta. Though if it was me and someone asked me to generate a list of 5 million real-ish user accounts in a report, I'd immediately ask why. If it's to commit fraud or lie to investors, I would be like hell no! If we're doing load testing or something legit, for sure. But I feel like benign use-cases of generating 5 million accounts would not include the "make it look real" aspect.
I also don't think the Reddit comparison makes sense, since Reddit didn't seek to sell the company at the time based on the # of users. Growth hacking is one thing, lying to investors about users is another. Because this data point was a key decision factor for a financial transaction, this fake information/lie becomes fraud.
Even if somebody gave no pretext, I don't think that, in and of itself, is illegal. Though it could be used for illegal things. For instance early on Reddit actively created fake accounts, fake votes, fake comments, and all other sorts of stuff in the process of trying to reach critical mass. I really doubt that was illegal.
OTOH if somebody sent a message saying, 'Hey we need to increase our apparent paying users in order to defraud some potential investors.' then obviously you've become part of a criminal conspiracy, but I think nobody would ever* overtly say that.
I think there is a big difference between faking 10k users and then going to investors at 1m users years later (it's a morally dubious kickstart) or in this case for the sake of the sale/investment going to 1400%.
If you're serious about anything, you do more than hope. You do diligence on your prospective employer before going to work for them. You think through a litany of contingencies and prepare a plan of action for each. Jobs in this industry are uniquely amenable to this by virtue of their relatively higher compensation and the autonomy often afforded to employees. If you spend an hour every day on HN, you can spend an hour meditating upon your conscience.
Predicting one's response to stressful and unexpected circumstances is hard. So try to anticipate circumstances and cultivate relevant virtues in advance.
I can only imagine someone with a family to feed who is tied to corporate health insurance, or an H1 visa, being coerced into some gray activities being unwilling to lose their job to remain ethical or legal.
One of many reasons employers have a quiverful of ways to exploit and control workers.
I worked at NS8 in 2020 for just four months before it collapsed and the CEO was arrested for defrauding investors of $123,000,000. Just a few months ago, I got a modest payout due to a lawsuit over NS8 laying off almost everyone with just three days notice. It was very stressful to be without a job in the middle of Covid!
>To be fair, Singh didn’t seen totally clueless, and it seems he decided to profit on the developments. Days after he found about this fraud, he took a $3.7M loan from FTX (!!) to buy a house
The sub-linked legal document about Frank’s synthetic data generation was quite interesting, specifically how much difficulty their hired consultant (a Data Science Professor) had in creating it.
It can indeed be a tricky problem to do in a manner that’s both fast and accurate, but it’s absolutely possible once you have the right datasets, which aren’t even that large. U.S. ZIP codes, telephone area codes (with enough out-of-place ones to mimic people who’ve moved and kept their cell phone number), common names, and a word list will get you rows that look plausible. Matching street addresses requires a much larger dataset, but again, it’s not impossible.
It's funny how people's mindset shifts when they work for a company versus independent contracting, but this is another case (like salary negotiation) where it should be the same. If your client asked you to do something illegal you'd be thinking about liability and drop the client. If your employer does, you should realize not only do they not have to protect you, it's probably in their interest to turn around and blame it all on you!
Having worked as a programmer for twenty years, most of that as a contractor (hence a different employer about once a year), I have never been asked to do anything illegal. This isn't said to mean no one is, but rather that, if you are asked to do something illegal, it is weird. It isn't the normal, messed up capitalist system, it isn't typical bureaucratic nonsense, it isn't the imperfect state of the world we live in. Most companies don't ask their programmers to do something illegal.
Therefore, if you are, you should leave that company, pronto. They're weird and probably desperate, and it is likely to get even worse. It's not normal. Get out, quickly.
Unethical, morally questionable, in poor taste, impolite, unprofessional, or underhanded is pretty normal and you can find it in every job in every industry and you might not even realize without the benefit of hindsight that what you did was any of those things. But illegal feels different when it happens, even if you don't know exactly the law something will be off. You'll be apprehensive in a way you weren't before, people around you will act different, this little pit of anxiety will form in your stomach even if you haven't done it yet.
I'm quite firmly on the side of "don't do bad stuff", even way before crossing the line to wondering how you'd look in the proverbial orange jumpsuit. But two things about this are often under-discussed IMO.
Firstly, personal costs can be high even before full-blown whistleblowing, the struggles of which are well reported. The best case is usually that you're looking for a new job. It is clear to me that that's better than committing a crime or gravely unethical action, but not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
This also goes for mental costs: I have previously come close to burnout spending months trying to rectify a clearly very bad and doomed situation. The only reward at the other end was the bitter vindication of seeing a project I deeply cared about crash and burn from afar after cutting my losses. And I personally know people who suffered far greater damage and took longer to recover from it, even in cases where they merely uncovered some big skeleton in the closet that was not even the fault of anyone currently in charge or clearly malicious. In many cases, management will be somewhere between actively complicit and themselves stuck in a bad situation with barely enough (perceived) agency to fix things the right way, which doesn't help.
Secondly, short of "going to war" and dedicating your entire life to changing something, saving yourself is usually the best you can hope for. That's obviously better than being complicit and possibly liable. I also like being able to sleep at night knowing I have principles. But if you have the righteousness to refuse to become complicit, it's quite frustrating to come to terms with the fact that you mostly won't be able to set things straight properly unless you are in a very influential position. I know that's often not really my responsibility if I'm not higher up, but it still doesn't sit right with me that I can't do more.
> not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
I recommend planning for this (if you can). Set money aside sufficient to cover your costs until you can get another job so that you can quit at any time. Negotiate your deals so that you don't end up with substantial golden handcuffs (i.e. cash > equity, especially with long vesting periods).
This helps a lot with maintaining an ethical position, but is also helpful for other negotiations. Effectively you are maintaining a good BATNA[1].
whole-heartedly seconded, it helps with anything from "they want me to do something really bad" all the way to "I'm really not feeling it anymore here"
Another recent classic case of this is the revelations that Uber were targeting law enforcement based on user behaviour, and refusing to offer them rides in areas where they were breaking regulations. I mentioned this at some point last year, and someone replied saying that they'd enthusiastically volunteer to take part in that project (assuming no personal risk). People's ethics are not always what you'd expect (or hope).
I used to work for Uber, but not on this feature or anything related.
Apropos to the article, as a programmer for this feature, what you are actually asked to do is write a greybanning engine. It can take various features (geofence, denylist of phone numbers/emails/device identifiers/payment, etc.) and use it to calculate a score that applies a greybanning policy. The policy may be that the cars in the app are now fake, the ride will never come, your CC is "denied", etc.
Nothing illegal or unethical about this feature, as written, but it is a "dual-use" technology.
The feature has been used to literally save lives. There were taxi-affiliated people in South America that would call an Uber and then, at best, trash the car and beat the driver. At worst, they'd kill the driver. Those people need to be greybanned, along with scammers, criminals, and abusive people of all sorts.
The local market administrators, however, definitely might ban users that the know to be police ticketing the drivers, might ban any account signup from the police station, might ban city credit cards, etc.
You, as the programmer on this feature, can't defend against that unethical use of it.
If you work at the insurance company and get asked to write a rules engine but not the rules, this same thing applies to you.
'You can always say no...' That is like something from a bad movie about spouse abuse. 'Just leave' plays well on TV but the reality is often that a job is someone's life. Just saying no and leaving will have real, and likely massive, harm to the person. Where do they go? What do they do? Do they actually have 6 months of savings to look for a new position and explain why they left their last one? How about the money to spend on hiring lawyers to help them? We need functioning protections for whistleblowers that are well advertised, well funded, -not- subject to the whims of whoever is in office and that actually allow people to 'just say no' and not have their lives shattered.
> The smart thing would have been to do #1. [Talk to a lawyer on how to avoid assisting a crime] [...] Here's what Singh did instead: he asked for a personal meeting with Bankman-Fried and confronted him about the missing funds.
If you're not sure something illegal is happening, you could do both. The lawyer might tell you what questions to get answered, to inform what you do next.
(But don't do talk to anyone at the company if you think there is any risk that they will try to neutralize you as a weak link. "The coverup is worse than the crime" happens in organizations with shitty people, and you might have just discovered an especially shitty person.)
As an engineer, I once told a company that it was about to accidentally do something that I suspected was seriously illegal. They were able to prevent it from happening, in time. Problem solved, no wrongdoing occurred, and no one had to quit, nor go to federal prison.
Longer ago, I once told an organization about some bad things, using the appropriate internal channels. And then I had to keep going up the chain of command, when each level would suppress it, and sometimes even retaliate. Which was a rare opportunity to realize that an organization had infected its org chart with a high degree of shittiness. I'm now a big fan of people consulting a lawyer.
On another occasion, not necessarily "illegal" was averted, but at least "big liability" was. I had reverse-engineered a customer's security-related protocol, for an integration, and found a grave vulnerability. (Critical info that must be inside the cryptographic signature envelope, was outside of it, meaning that an attacker could replay a captured message later, with changed data.) To interoperate with the customer's system, I'd need to implement the security thing in an unambiguously wrong and insecure way. So I told the appropriate person on my end, and thankfully they handled it well, and figured out how to break the news to the customer.
That time, to be sure the appropriate person understood the severity, I mentioned that, in a different engineering field (including one in the application domain), I would "lose my license or go to jail" for implementing that.
Occasionally, I briefly muse that our field could use the obligations and authority of Professional Engineers. But moments later, I realize that our field went too long without that, and I can't imagine that being implemented with integrity at this point.
I honestly can't tell if the pragmatic engineer is a well regarded site or they are just very good at promotion on LinkedIn and hacker news. I suspect the latter but I'm getting more curious
Many years ago, I was working for a consulting firm doing work for a, erhm, "large insurance provider headquartered in Illinois". I was building a tool their insurance adjusters could use to use GPS devices to check how far houses were from the coast line and deny flood coverage to anyone within a certain boundary. Note that this was during the time of Selective Availability, so GPS devices were only good to 100m precision.
The client saw my first version where I marked an "indeterminate" buffer zone to account for the precision problem. They complained it was "confusing" and insisted I use the raw value without any buffer. Oh, and also, round the numbers in such a way to put all indeterminate points inside the denial zone. This would effectively add hundreds of square miles to the denial zone. A denial zone set by law, i.e. this was the some the government was allowing the insurance company to blanket deny flood coverage.
Giving them the benefit of doubt, I explained that the proposed changes didn't make mathematical sense and would over count people near the edge of the denial zone. I had access to some market data at the time and was able to estimate it would be a few thousand extra homes. They did the standard "avoid acknowledging the issue" whenever someone is trying to pressure you into doing something unethical it illegal.
I told my boss at the consulting company. He started putting the screws on me. Told me we needed to do this. Told me my job was on the line. Intimated it would be hard to find a new job considering the client was the largest employer in the area. Told me he could get anyone to do it.
I had two weeks of PTO planned, during which I was supposed to come back to Pennsylvania and move my stuff out to Illinois. After my PTO, I was supposed to show back up in Illinois. Instead, I went to our HQ in PA (much to the surprise of everyone, "what are you doing here"), told the CEO what happened, and when he doubled down on doing the wrong thing, I quit on the spot, no notice period.
I learned later they did not "get anyone to do it". My actions put the contract in a lurch, the client dropped my former employer, and cancelled the project.
I feel pretty good about that one.
There have been other issues since then, but I've noticed a pattern. They always happen at places I had to talk myself into joining. There were red flags and I rationalized them away, "well, I'm just over reacting. I don't have any evidence anything is wrong here. It's just the way people talk that's bothering me. And I really need this job." Since I've gotten more stable and better about not taking jobs that show red flags, somehow the ethical issues seem to have magically gone away.
I don't know. This was 25 years ago and I was pretty young at the time. Clients being clients, they probably didn't know, either. Consulting being consulting, probably nobody would have sprung for it (the maps if they needed licensing, or even just the development to use them) if anyone did know.
The media is terrible about reporting on "maximum sentences". The federal sentencing guidelines are super complicated and lazy journalists usually just add all the maximum numbers up and write these egregious numbers. In reality, a lot of the charges are deduplicated, can be served concurrently, or are automatically attenuated by factors like being a 1st time offender.
When ordered to do something that is clearly an illegal action, you can just say no. However, in most situations your actions won't be directly illegal, but aid someone else to illegal actions.
Simply, deny to carry out the work UNLESS you are directly and clearly instructed to by EMAIL. Oh, and be sure to make this request by email as well, as a record. So send an email saying "hey i was told to do that and i am concerned about the legality, please give me clear instructions over email"
Here's another thing to think about: if you are in IT ops, you might have access to private data that could be requested, without proper judicial review, by a three letter agency. When you receive a National Security Letter with a gag rule attached, how will you react? What action can you take that is both legal and also ethical?
Because it is not just bosses that might try to pressure you into taking unethical actions, it is also the state itself.
For my part, I have a plan, and I've told my boss enough to trust him to read between the lines and revoke my access to make it impossible for me to turn over customer data without a warrant.
The problem with a NSL is that the gag rule is pretty watertight. For example, "oops, I accidentally wrote my password on a bathroom wall" is gonna land you in a world of hurt.
You need to find a way to bring some of your other rights into balance (and conflict with) those of the state, to bring professionals who have a duty to protect your confidence to your defense.
The power of the state is asymmetric warfare against an individual, which is what they count on. You need leverage from other competing lawful protections working on your side.
We have pretty much identical laws here (where here is UK) - you can be forced to backdoor things, you can't tell the customer and you can't tell anyone else in the company (not sure if you are allowed to tell your manager).
There was a whole thing about it a while ago, gov said "we are listening to your feedback" and then did it anyway.
Of course our system is actually worse in some ways - forgotten a password, they don't believe you (parks and rec style) "Believe it or not, straight to jail" (iirc it's a max of two years).
Could help for some cases, but at least two of the three examples in the article were engineering directors, who are generally excluded from unionization rights in the US at least. (Other countries vary in how low-level line managers are treated by their employment laws, but the closer a manager gets to the senior executive ranks, the less those employment laws allow them to do anything akin to unionizing.)
> Frank was a student loan startup founded by Charlie Javice in 2016. In 2019, Javice was featured on the Forbes “30 under 30”
There was a joke going around Twitter about "30 under 30 doing 30 to life", because the startups involved were getting more and more outlandish to the extent that bystanders suspected that fraud was going on. Became a Guardian article: https://www.theguardian.com/business/2023/apr/06/forbes-30-u...
Of course, a fraud can stay afloat for a lot longer than you expect. The really tricky case is when you're ordered to do something illegal or unethical for which there is substantial political cover. An executive order, for example. You cannot rely on anyone to back you up simply because of the letter of the law.
Also:
> The reality was that this was a very deliberate double charge. I could not share this fact at the time – as the company threatened me with libel after I informed them of this detail
UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
But the worst horror stories date from before it was last reformed, in 2013, I think, and I feel the need to patriotically point out that Australian libel law is even worse!
Do any other countries have an equivalent to the UK's "super injunction"? This is where a court order says you're not allowed to talk about the court order itself nevermind the topic covered by the order.
I remember a lot of fuss being made about these but, as time goes on, I'm very sceptical they can work. Looking at the Afghan data leak reported earlier this year: courts can make it practically difficult for most of the organisation to even know they're subject to court orders!
The person updating the website asks "have we received a court order?" and the person under injunction must answer "not me." The website author isn't lying, but the website contains incorrect information (as the result of a legally-enforced lie).
You could ask your lawyer but, once again, they'd also answer "no we haven't" because answering anything else is contempt of court at best.
I'd think the CEO would know, would they not? And the CEO could tell the person updating the website: "Let's go ahead and remove the canary, we don't need it anymore." --> "OMG, did we get secretly subpoena'd?" ---> "No, not yet, but I just don't want to run the warrant canary anymore."
The only way the CEO finds out is if they're made privy to the injunction, at which point they become subject to it. Even an oblique hint could be a breach of the injunction.
Be honest: do you think a judge is stupid enough to believe you had the injunction explained to you by your legal counsel then, in a totally unrelated incident, thought "oh, I don't think we need the warrant canary any more."
I imagine so. Bear in mind that the concept isn't particularly a bad idea, however they are very easy to abuse and the laws need to restrict them to where they're strictly necessary (and force the court to prove they're still needed).
The Afghan data leak scandal is a great example of where it made sense to use a super-injunction at first but also where its application continued long past when it should have done for (frankly) political reasons. Lewis Goodall's reporting on this is pretty excellent and fairly balanced, in my opinion.
I've been doing this tech nonsense at moderately high levels for over 45 years now, and over the years I've had business dealings with members of these "30 under 30" lists, and every single fucking time it's a conman, a grifter. I don't even bother with heavily marketed individuals nor their flagships anymore. They are nonsense.
It reminds me of one of two people (at the same time and place in my life) I was introduced to because they shared national origin (i.e. nationality at birth, or parents nationality) with me.
One later got into the Sunday Times rich list (the under 40 section, IIRC) during the dot com bubble, by the simple expedient of lying. He claimed to be working on encryption software that was hugely valuable and said it was valued in billions. He actually owned a smallish local computer shop. He later fled the country claiming MI5 were persecuting him for developing such good encryption software.
TO be fair, he seems to have fooled financial institutions too. He bought a Ferarri (presumably on credit) and Amex gave him a black card (which he tastefully put a picture of on the company website). It did not take a lot to see through the fraud, the actual business was decribed on the website.
The other person I got introduced to around the same time for the same reason turned out to be a member of a terrorist organisation. Not banned here at the time, but still not someone I particularly wanted to meet.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
No. The deference people have to the law as some sort of all knowing all powerful magic spell that can be cast to force silence at any time is to blame. Libel is publishing something you know to be untrue. The truth cannot be libel.
If you want to speak the truth, if you want to act in service of the greater good, you must take the risk that you will attract attention from people who do not want you to speak the truth. And those people may use whatever power they have to suppress you, whether that's judicial or extrajudicial. That's not caused by any specific legal system, it's how people behave.
Investigative journalism is uneconomic the world over. The U.K. has some of the best investigative journalism in the world. The U.K. legal system is far from perfect, but it is wrong to say that in this case, the U.K.'s libel laws (for all their flaws) kept this information secret.
The irony is that the greatest suppressor of the truth is comments like yours which scare people into silence about the truth.
> The costs in this case were significant, with Vardy being ordered to pay a substantial proportion of Rooney’s legal fees. Initially, the court ordered Vardy to pay £1.5 million in costs, earlier this month, it was revealed that Vardy had been ordered to pay an additional £100,000, bringing the total to £1.6 million.
> In August, after a six week trial, the High Court upheld the Guardian’s defences of truth and public interest speech.
> The trial judge, Steyn J, has now ordered Mr Clarke to pay £3m on account within 28 days, in respect of a likely eventual costs liability of over £6m.
Those are cases where the defence won. But in those cases, (a) they have to front the legal fees themselves for a period of several years during the action and (b) there is a real risk that the person who filed the libel action may not be able to pay it.
It very risky for an individual to defend a libel action, so almost everyone folds instantly on receiving a letter, or settles.
> Lots of people are celebrating but I’m not. It's a sad, lonely sort of anticlimax. It’s really crap and I feel really bad it’s all ended up like this. I thought she'd just say sorry
Wow.
> In May 2018, Hopkins won an IPSO case against the Daily Mirror for claiming that she had been detained in South Africa in February 2018 for taking ketamine. The Mirror updated the headline to say that she had been detained for spreading racial hatred, and included a correction in the article.
You are (wilfully?) misrepresenting these cases. The defence in each of these cases chose to employ very expensive legal teams, the cost in these cases is a reflection of choices made by the defendant, not the cost of defending against a claim of libel. As an individual defendant in a libel case, there would be no obligation to incur such costs.
Noel Clarke's legal team were working on a no-win no-fee basis (before they saw the writing on the wall and dropped him as a client, leading him to represent himself). The Guardian had no obligation to spend over £6 million on their defence, it was a choice they made. Indeed, one could argue that The Guardian chose to spend so much to send a message to those that consider baseless libel legal action in future, that The Guardian is willing to spend any amount of money to defend itself.
If you are an individual who posts the truth online, and you are sued for libel, you can spend very little on mounting a defence (you may even choose to represent yourself for free). Whether the litigant spends thousands, millions or billions on their action against you is immaterial as it is their cost, not yours.
As for Jack Monroe vs. Hopkins, Jack Monroe is a fraud. Justice did not prevail, although Hopkins losing her house was a nice treat.
Yes, I once made a bug report based to a client's supplier (overly permissive API endpoint was leading user data) and became the subject of the a spurious defamation letter. It was obviously unwinnable on the supplier's part, never went past solicitor's letters, and still cost high four figures to defend.
Nothing like some of the real horror stories, but still a significant chilling effect.
You do not need to "defend" against a "spurious defamation letter". The (very profitable) business of sending legal letters is based on the misunderstanding of the law that is perpetuated online. Legal letters are to law firms what bandwidth is to cloud hosting providers: free money.
In the UK, under the UK Civil Procedure Rules, you are expected to engage in the Pre-Action Protocol and provide a substantive response within 14 days, and failure to do so can effect you credibility and standing in court. So you do not have to respond, but not doing so risks sanction from the court for non-engagement.
A response to a "spurious defamation letter" does not cost "high four figures". Substantive does not refer to the cost of the response. Substantive means that it addresses the substance of the complaint.
The "high four figures" you spent for a lawyer to respond (I disagree with the word "defend") to a legal threat was unnecessary. You paid a bunch of money for some low-paid legal assistants to fill out a template, and then a high-paid solicitor to sign off on it.
As an individual, you can respond substantively to a legal threat for free. And even if you choose not to respond, courts are not punitive, the standard that courts hold individuals to are different to the standards they hold law firms to. A court will not rule in a claimant's favour in a libel case because an individual didn't follow procedure correctly.
If you, as an individual, make a truthful statement about A Big Corporation and A Big Corporation spends £100,000 on a team of lawyers to write an angry letter to you demanding you retract, a simple single-sentence self-composed response of "The statement is true, I will not retract." is substantive.
Despite what catastrophisers like yourself (catastrophisers who are encouraged by participants in the legal system who profit from this misapprehension) might suggest, civil courts are interested in adjudicating fairness, not trapping individuals in an endless legal quagmire.
Can you share examples of individuals who have been sanctioned by the U.K. courts for anything that comes close to not engaging in the Pre-Action Protocol?
No, the Pre-Action Protocol is quite a bit more in depth than that and required a significant response including document review and research.
"The statement is true, I will not retract" is not substantive and is effectively calling the bluff. If they take it beyond a letter, those costs will balloon further.
The "Defendant’s Response to Letter of Claim" section is very clear that it is actually that simple. The burden is almost entirely on the claimant, the defendant has very little to do. Can you provide any evidence that any individual has ever been sanctioned by a U.K. court for either not filing a response, or not filing a substantive response?
You are saying that "costs will balloon further" but you haven't yet established there are any costs. How can costs that do not exist balloon? Any individual could satisfy the "Pre-action Protocol for Media and Communications Claims" with ease, no expense necessary.
The point I am making in this thread is that there are no mandatory costs, that receiving an angry letter from the lawyers of a deep-pocketed litigant is financially inconsequential. The choice to hire legal representation and pay them "high four figures" to write a response is a choice. Hiring legal representation for court is a choice, too.
The courts are very kind to people who choose to represent themselves, especially when the litigants are obviously abusing the system to try and silence individuals. The point you're making seems to be that you must spend money to defend against spurious defamation claims so I have asked you to provide any evidence of a case where an individual is accused of libel and has suffered because they chose not to spend money.
I am not trolling. I disagree with the suggestion that the U.K. libel laws create an environment where people are scared to speak truth because there is a real threat of an expensive lawsuit. My position is that the fear people have of expensive lawsuits comes from other people fear mongering, in comments like yours, either based on a misunderstanding of a case they've seen publicised or because of information they've been given by legal professionals in a different context.
Okay, so you are trolling or you are at peak levels at HN arrogance.
No, the chilling effect of UK defamation laws is not an artefact of scaremongering. No, you have not discovered the secret truth hidden by the legal profession. Yes, defamation cases are a real threat and expensive to defend as the burden of proof lies on the defendant, not the allegedly defamed.
Very easy to pop shit when you aren't risking your life and your family's future to protect the honor of JP Morgan. If everything goes perfectly, you've just lost your job and can't get hired because people don't want to hire a snitch; and if everything goes badly, it could go really badly. You might end up killed in a botched robbery, or thinking suicide will be the only way to save your family.
I'm pretty sure the truth wasn't even a defense in UK libel law before 2013. It was entirely about whether you had the intent to harm someone. If you want to disrupt a thief's business, that's intent to harm someone, as a lot of people who wrote about quack doctors found out.
'In June 2025, IBM was named by a UN expert report as one of several companies "central to Israel's surveillance apparatus and the ongoing Gaza destruction."'
If you asked to do something fishy then document it and consult a lawyer. Don't do anything that is above the bare minimum required to cover your ass. You get nothing for doing the "right thing" and are likely to be penalized for it - word will get around and future employers have no interest in figuring out if you were right nor will they care, you will have proven to be disloyal or worse an idealist.
In 2010 WellPoint was found to be automatically targeting insurance policies of women with breast cancer for cancellation, using any pretext. Angela Braly was the CEO at the time, now at ExxonMobile. WellPoint was the second largest health insurer in the US at the time. This required a lot of business analysis and software development - and people had to realize what this code was doing. I’m guessing bonuses were paid on the back of the “savings” this generated.
At the very least, these folks need to have their names permanently attached to this atrocity. These weren’t decisions made by “a corporation” - these people sat across a meeting room table and actually concluded that targeting breast cancer patients was an acceptable means to an end.
Lori A. Beer was the CIO at the time. Now at JP Morgan.
"permanently"
"ever again"
For good reason, modern law systems rarely issue punishments that last a lifetime. People can and do change, and something stupid (and illegal) you did 30 years ago shouldn't be held over your head today. These are rare cases for the absolutely worst crimes. For anything else, you receive a punishment, be it money or months/years in jail, and after that, you deserve a chance to live a life without ongoing punishment. Beyond knowing what you did, and remembering the punishment, which for most people is already a burden heavy enough.
Punishment should match the crime, to both rehabilitate and be preventative.
White collar crime gets basically no punishment, and looking at career of those people they usually end up falling upwards.
For such cases banning them from being in a management position for X years would be a nice discouragement.
I wouldn't ban them from management, just garnish their wages so they can only earn minimum wage (or minimum living wage). Also, no property ownership beyond a single home.
Without punishment, there’s not much incentive for rehabilitation. Why stop/change/repent instead of just continuing?
That's just false though. For poor people, if you have a conviction, it follows you forever and impacts your life negatively in a multitude of ways.
Depends where you are, I guess. In a prison-first rehabilitation-last country like USA, yes. In EU, many countries will close your criminal record after some years (7 in Estonia) at which point nobody other than law enforcement itself can see that you have a record. Not to mention that even if the crime you did was fairly recent, no company has the ability to check your background without your permission, and even then it is not something that is being done in the vast majority of places.
In other words, once you've carried out your sentence, in 99% of the cases it's done and behind you, and you can go on living a normal life without anyone else needing to know.
But if you're restarting your life after serving a sentence, if you're poor it will be very hard. If you have wealth you probably can easily put your crime behind you.
This is what people always say, but it sure seems like that guy was able to get a job as School Superintendent in Iowa. His past didn't get in the way of actually getting the job. It was only when ICE showed up that people noticed.
Yes if you lie about your past, you can do those things. Correct.
Not sure how that's relevant.
What horrible crime did that guy commit "firearm charge" you mean being told to put a hunting gun in the car then instantly ticketed for "improper storage" by a racist ranger? The horror.... So glad we got that one /s
If you commit any number of stupid or criminal acts, you are legally blacklisted from the financial industry for life.
Should be unable to be a politician, or take part in the political process beyond voting (eg party donations), too.
Being struck off by professional organisations is a thing, though.
On the one hand I don't want the bar to this discipline raised. On the other hand, I don't want people like us (metaphorically) building bridges that tip every two hundredth car into the river.
Of course not. But 10 years later, rehabilitation could be in the cards?
Depends on what you did. In this case: no way. You can fuck right off and you should never be in charge of a company again.
Personal accountability with consequences that make fraud unpalatable means setting a high bar on white collar crime.
If you are saying that twentysomething founders should not be held accountable for the mistakes of their "youth," then you might be inclined hold the investors personally accountable for funding them--similar to parents being liable for their teenagers' driving mishaps.
I am disinclined to believe that Javice and his ilk are very much corrected by the Department of Corrections or later life experiences.
Well, that's nice that you feel that way. But, you don't get to decide what people "deserve" or what "should" happen.
I happen to disagree. I think these crimes (and many others) should follow you more or less permanently.
My opinions on what "should" be the case have just as much validity as yours.
Please be self aware when you are making baseless moral claims.
I don't think I wrote anything about the validity of other opinions. I have mine, you have yours, that's fine.
A bit of self-awareness would suit yourself well. I didn't make any moral clas, baseless or not.
Sorry, but in this case I think 'lifetime' is very much appropriate. It's not like they're being sent to the electric chair. They were systematically ripping people off on what matters most to a person: their health. There is a good chance people died as a result of this. And since hardly any of these crooks ever goes to jail (but instead they get to do it again somewhere else) having their name out in the open for ever is very much appropriate.
You can't count the years you evaded law enforcement as time served during the sentencing process.
I think this have to ve public Information, giving the right to decide to the next employer. You may employ them, other people may not. I would at least ask some questions.
An 18 year old (HS senior) and a 15 year old (HS sophomore) can have sex together and thats a statutory rape charge that will follow you the rest of your life.
And say its 2 17 year olds, and you take nude pictures to send to your partner. Now, having sex is legal here, but a picture? Thats possessing 'child sexual assault imagery'. Nobody would think 17 year olds are 'children'. Even the law routinely charges them as adults.
And getting a felony at all follows you around, unless you can pay the danegeld to have it removed. Of course, staying clean isn't sufficient. Paying $10k or more is.
Being forced to change the profession is not the same as being in jail forever or being unable employable forever.
> Beyond knowing what you did, and remembering the punishment, which for most people is already a burden heavy enough.
Like, seriously? These people do not feel bad, there is no heavy burden. They are proud of how they earned money, feel like any prosecution is grave injustice and would do it again.
Widely immoral people, whether in politics or business, dont feel sorry for who they are. They made those decisions because there was no moral dilema for them.
They are proud that they earned money, the how (positive or negative) is completely immaterial.
Others who want to earn money and are likewise ambivalent about the means will see a felony conviction for causing grievous public harm in the pursuit of giant piles of money as an endorsement and hire the "reformed" exec at the first opportunity.
It's a bit disingenuous to argue "they shouldn't get life without the possibility of parole" when in fact most of this economic white-collar crime goes completely unpunished, or at best gets a fine targeted at the company and never at the individual people who committed the crimes.
Most of these C-suite executives have more than enough money to retire comfortably.
This is more justification for banning people who got rich by doing illegal things from holding positions of power ever.
Not to punish per se, but to prevent them from doing more harm to the public.
Yep! So they need to go to jail, or the "punishment" is moot.
Obviously fining you 5$ for stealing 100 is not gonna work.
What is disingenuous is claiming that putting a crazy punishment on the paper will change anything when absolutely nobody gets caught.
If you tear apart whatever guarantees human rights exist on your places just so your can impose unreasonable punishment to nobody, then don't act surprised when somebody else uses it against real people you sympathize with. (And yeah, if you are from the US or some other place where lifelong punishment is common, you should be fighting to fix this, not to add support to it.)
On the other hand, you could be pushing for those people being punished at all, by reasonable crimes that your law probably already recognizes or that could be added without rotting your society. But yeah, maybe that's too much.
To the contrary. I do find it a disingenuous argument to say "most of this kind of crime goes unpunished, so the cases we do punish, we have to punish for life".
The solution is not harder punishments for those that are punished, but punishing more of them.
Isn't that exactly how the criminal justice system works? Because you know you're not going to catch all the criminals you want the punishment to serve as a deterrent?
Punishing more of them is easily said, when the crime is much harder to prove than shoplifting for example. And I'm skipping the fact that the shoplifter will be represented by an overworked public defender while the exec has a team of lawyers lined up that probably are payed by the company that got richer off illegal behavior
> Isn't that exactly how the criminal justice system works?
No, it's not. We don't catch everybody guilty of petty theft, but those we do catch still don't end up in prison for life.
There was a time when we chopped their right hand off, but I'm glad those days are behind us.
(Reading many of the reactions here though, we are just a thin layer of judges away from mob rule.)
You're protesting a lot here.
I do hate economic criminals just as much as everybody else. But I also value honest arguments. The kind of thing this reply of yours didn't provide.
Yeah no, sociopathy isn’t something that ever goes away after someone becomes her age.
It's not? Are you a neuroscientist and/or have evidence for that claim? Then we can talk, I'm interested.
Or do you just claim this because that's your gut feeling?
History is the best teacher
[dead]
That's true. We judge people to be guilty and then they get a punishment. But after the punishment they have payed back their guilt and are now not guilty anymore, that's kind of the deal.
[dead]
> These are rare cases for the absolutely worst crimes.
If "targeting insurance policies of women with breast cancer for cancellation, using any pretext" is accurate - I'm curious how that compares to the absolutely worst crimes to you.
Na, just ban all of them and all their families from ever having health insurance again so they can suffer the same fate they doomed others too intentionally . Make an example and all that.
It's counter-productive to punish someone for something out of their control. One should not be punished for his parents', siblings' or childs' actions.
Yep. We have laws against that sort of thing precisely because it's such a common human reaction to an injustice.
You can even see the evidence in many of the sister comments here.
https://en.wikipedia.org/wiki/Collective_punishment
Of course, but having their families profit from the money earnt via these evil actions doesn't seem fair either.
We already have long-established legal precedent for dealing with such issues and much more. It can actually get quite complicated - which is why we defer to the experts and move slowly on such subjects.
>We already have long-established legal precedent for dealing with such issues and much more.
We really don't in reality. The manner in which even the existing laws are enforced leaves a lot to be desired.
It really seems like it's only complicated because there are an awful lot of people who want to do as evil things as possible and not go to prison for it
Loopholes and lawfare are the tools of the corrupt
You'd think so, but no. Most of the complications come from handling edge cases where the innocent would get swept up, while avoiding exploitability. Making laws that actually do what we want is HARD.
Laws are like code: It only seems perfect until it meets the real world. And the complications only seem frivolous until it's your ass on the line.
It’s not even a punishment anyway, they can easily afford to pay for their care out of pocket.
It is my understanding that in the US many common health issues can cost you millions of dollars.
A few million dollars would probably cover months in the ICU, so not exactly common. A few tens of thousands would be a more plausible ambulance ride to ER followed by emergency surgery and a few days in the hospital, which still isn’t very common. Carrying a pregnancy to term and delivery can be similarly expensive though.
My twins spent a month in the ICU but my insurance covered it.
Are you implying random programmers, administrators, and managers at insurance companies have generational wealth? Then why are they spending their time doing those jobs?
In the US it's unconstitutional for the government to do that, it's what the ban of laws of attainder is partially about.
> it's what the ban of laws of attainder is partially about.
Not really; attainder occurs when you're convicted by a legislator as opposed to a judge.
Is it really counter-productive, though?
Propensity to do harm through crime, violence, etc. is largely a genetic attribute.
Take a violent drug lord for example. Do you really want a woman capable of loving him allowed to continue on as if nothing happened?
[dead]
Ah, but the family of the canceled policyholders should suffer for losing their mother/sister/daughters?
Make decisions to harm others, don't be surprised if it blows back in kind. Golden Rule is there for a reason. Treat others as you would have them do unto you.
Have the families of those "insurers" made a decision to harm others?
Those families are/were more than happy with the standard of life being raked in by their breadwinner's willingness to make the unilateral decision to indulge in institionally driven statistical murder. So yeah, as one who walked away from Omelas in that sense, I think I'm pretty qualified to say yes on this front. After a certain point, a wife or husband not asking "so what is it you do exactly?", does rather reflect poorly on them.
Remember, every person working for an insurer has unparalleled access to data on what the effects of their decision is going to be. You can't claim ignorance once you've seen the glorified spreadsheets that run these companies.
A different lens to view this:
If you benefit from receiving stolen property, does the law force you to return it? One way of interpreting your scare quotes is that the executives turned a health insurer into a law violating company.
Obviously there are burdens of proof and this is most likely not possible to prosecute (it sounds like the health insurer has already shrunk and based on the date of the anecdote above, I’m guessing the relevant statutes of limitations have expired.
> If you benefit from receiving stolen property, does the law force you to return it?
The general answer to that is: it depends on a lot of factors, but sometimes yes and sometimes no. The specific answer varies between jurisdictions, I think even between different US states and certainly between countries. It's often relevant whether you knew or should reasonably have known at the time of purchase that the property was stolen.
well it depends, if you buy a car stolen from me, then i should get the car back, no matter what. if you didn't know that it was stolen, you have a claim against the person who sold you the car, but not me. but if that person can't return the money, then you are out of luck, just as when you are falling for a scam. not your fault, but your damage nontheless.
>It's counter-productive to punish someone for something out of their control.
For people in specific classes that benefit from networks and status: it is not.
It should be default. If you abuse your power and position, it should have cascading effects not just for you but people that benefited from it.
This idea that only one person at fault when there are 10's of people that hide behind the crime is just non-sense and has done immeasurable damage to society.
And I stress again: it should be income bracket/class based. The higher you are, the harder the fall.
Collective punishment also has done immeasurable damage to society and I'm glad that most reasonable systems of law do not consider it legal.
Go after the guilty party and revert whatever benefits they got. If money went to dependents, that money is to be seized. But those who received the money are not at fault per se. Unless they helped in the crime, then they are obviously guilty too, but not of receiving fund but for helping committing a crime.
CIOs simply manage the IT budget and technology to be used. They don't necessarily have to be present for company policy planning.
Same thing happened to patients with AIDS, in the 1990s. It was disgusting. May still be going on.
People don't really care about drug addicts and gay folks, though (there's a fairly significant number of folks that think they "deserve" it), so it didn't get as much attention.
In the 2010s, we had a similar situation but it wasn’t illegal.
I used to work for a large drug distributor both pre and during the opioid epidemic.
At the time (pre-SUPPORT Act), distributors weren’t required to notify the DEA about anomalous ordering so we didn’t provide data to law enforcement unless they sent a subpoena.
To increase profits, we identified our best customers of opioids and updated our inventory tracking system to send rebates and early warning notifications to providers so they’d buy more earlier.
Each provider has a sales rep (territory) mapped so we could figure out bonuses easily.
We the software engineering team were paid well for it, but not as much as the sales reps who got a percentage of the buy.
It really seems like you have effectively caused the deaths of many people through your actions. Does that have a lingering impact on you?
Judging actions taken at the time with the benefit of what we know now, is not a fair way to assess.
Sure we could say it was obvious they were pushing lots of pills. But this was a legal product.
Someone working for an NFL team trying to sell tickets , or for Starbucks trying to promote frappucinos, … these actions seem fine. We know the risks, but we acknowledge and move on.
But if it turns out that new data, 3 years from now, shows some huge uptick in head injuries among college players. Or high school. And we can attribute this to the influence of pro leagues, well…. The actions of the people participating in the enterprise now get considered in a different light.
Or if we gain new (as if we need it) data on the impact of sugar and caffeine on young people, then people who work for Starbucks or McDonald’s or basically any prepared food business, … we will judge them differently ?
People who decided to put lead additives in motor fuel had no idea that they would be causing brain disorders , generations down the road.
What do we do then? Refuse to take any action for fear of some possible future negative impact ?
It’s not appropriate to judge this way. We learn as we go, and we can say “if we knew then, what we know now…” but it’s not clear in the moment. A difficult line to draw.
Considering he just admitted it on public forum, Ima guess no.
I was hoping to get some insight/context into how they actually feel about it, rather than guessing. You can certainly come to peace with a past decision, change your opinion later etc etc.
I think it's still controversial whether manufacturers of substances are morally culpable for the result of people wrongly using them. And while you could hold the marketing or executive team accountable for trying to get people addicted to heroin, I'm not sure the same applies to programmers of an inventory tracking system?
Controversial in general, maybe. In the case of opioids and the pharm industry, absolutely not. It's been well documented at this point that pharm companies were well aware of the abuse, and not only did nothing to stop it, but went out of their way to encourage it because sales were going through the roof.
In the case of Purdue and oxycontin, the culpability has in fact been established in court as well.
As for the coders, I find it hard to believe that they were so ignorant, naïve, or unintelligent that they had absolutely no idea what was going on. I just don't buy it.
Regardless whether the rest of society finds the programmers responsible, the integrity of that society depends upon programmers in such situations holding themselves accountable. Apparatchik or moral agent? That choice remains ours.
"We the software engineering team were paid well for it"
I worked at a health care tech company in Silicon Valley that actively defrauded medicare. When the medicare inspectors came the owner's daughters had a bunch of their friends from college (who didn't work there) sit at computers and pretend to be working, then they told the inspectors all these random people were registered nurses and full-time employees who were helping patients (and thus being billed for). It was a total sham.
I reported it and quit but they managed to stay in business and keep getting government contracts.
One of the disgruntled doctors from that company made a whole website about some of their fraud: https://hiller.whitecollarcrooks.com/
They also bragged to us about how one of their daughters was dating a Glassdoor exec and had him take down all their bad reviews.
It's so funny af that when people from the hood are doing it they get locked up or worse, and when business people do it they might as well be the president.
I guess there are some differences though. When a new pusher shows up in your territory you sue him, not going for a drive by.
How do you live with yourself?
If you think about it enough, most industries are doing terrible things. Work for an auto company? Thanks for the CO2 emissions accelerating climate change. Work for a consumer manufacturer? Thanks for the plastic waste choking oceans and landfills. Defense contractors? Thanks for enabling wars and killing innocents. Banks? Thanks for enslaving folks to debt and perpetuating economic inequality. Tech giants? Thanks for surveilling billions and eroding privacy on a massive scale. Social media platforms? Thanks for amplifying misinformation and fueling mental health crises. Fast fashion? Thanks for exploiting sweatshop labor and polluting waterways with toxic dyes. Pharma companies? Thanks for price-gouging drugs and prioritizing profits over access. Oil and gas? Thanks for fracking communities into environmental ruin and lobbying against renewables.
Almost everyone is contributing to terrible activities. Just different degrees of bad.
What is your point, besides potentially making yourself feel better about your industry? Those "different degrees" are what it's all about. They're the whole point.
Yes, voluntarily working in an industry where that "degree" is undeniably magnitudes higher than average just for personal gain, does make you quite the awful human. And "helping maximize the number of pills pushed to confirmed opioid addicts" is indeed a large number of standard deviations of "terrible" removed from the work the average person does.
Yup, working on recommender sysrems at places like Meta is also quite high up there. Luckily the number of people who do this kind of work is minuscule when taken as part of the global population. Even more luckily, thousands of people on HN alone will forego such jobs even if it means earning less. I've done so myself.
How is it any different from working at a gambling company writing addictive software?
There will always be someone willing to do the work if the pay is good enough.
The question was how GP felt about their particular unethical act, and it's consequences which likely includes multiple deaths. Since you are not GP, it seems unlikely that you can answer this question.
I fail to see the relevance of bringing up a different, and also unethical example, but I'll answer anyway. If GP said that they used to spend their time optimising software to be as addictive as possible in order to drive people into gambling addiction, destroying their lives and taking all their money while doing it, I would ask the same question.
It's a very smooth gradient from optimizing a sales funnel to writing gambling software. I don't know where the line is, but in both cases you're exploiting human psychology to make more money.
Absolutely is.
And its also why some of the anarchist folks I hang out with say there's no ethical consumption under capitalism. And definitely in areas, they're completely correct.
It is not much different. I would not worked for gambling company either. In fact, gambling companies have to pay more (and do, there are open positions) because their pool of potential employees is smaller.
The exact same question can be asked to developers who help target gamblers with attempts to push them deeper into addiction.
It's probably slightly worse because opioids actually kill people whereas gambling just financially ruins them (which can lead to suicide, but still I know which I would pick).
But it's only a slight difference. I don't think people who work at predatory apps/gambling systems should be able to sleep at night either. Not all gambling though; I don't have any objection to occasional sports betting for example.
But if you work for one of those pay-to-win apps and find some customers are spending thousands of dollars on it (whales), you know you're being immoral.
How is it different from smuggling fentanyl or taking hostages for ransom?
There will always be someone willing to do the work if the pay is good enough.
The former almost certainly causes much less societal damage than working for a pharma company that strives to get the whole population addicted to opioids, due to the scale constraints that come with running an underground business vs. an "above board" one.
Why do you think that gambling companies pay above the industry average for the required skillset?
Because luckily there are many other people with me who won't work for them, so they have a smaller pool of candidates and need to pay more.
I guess in the same way as people working for MS, Google, FB, Palantir and other genocide enjoyers.
Whistleblower protections need to be steel-solid. Then maybe just 1 person with a spine might be enough to get the story to the press and/or prosecutors.
> This required a lot of business analysis and software development - and people had to realize what this code was doing
Too many people are trained to not rock the boat and not ask questions. I'm always "that guy" in pretty much every meeting I'm in. Some people like me, but many don't. It's tough. On the occasions that all my questions are already answered or I have nothing more to say it's obvious how relieved people are. It would be so easy to just be a yes man and please people all the time, but I just can't. It's easy to see how selecting for people who aren't like me would lead to an organisation that is essentially psychopathic.
Seems to be a trend of Women (especially the 30 under 30) in tech being especially fraudy.
I was working with someone on a large government project. At the beginning I told him that we cannot pad our hours at the end of the year to run the contract out and then make up for it with extra hours in the next year like we do with business clients because it is illegal and further because it's a $1M+ contract could lead to prison.
Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao. I compromised by quitting and reporting it to the liaison on the project (a professor). It was very stressful because if I hadn't reported it he could say that I reported those hours, not him, and I could have ended up in prison.
I think the liaison just buried it in the end.
You had record of your correspondance with the lawyer. All you had to do was report it to the liaison and keep punching the clock. Unless you were getting paid more because of the overages the enforcers dgaf about you.
There were other issues... this was the final straw.
>> Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao.
> All you had to do was report it to the liaison and keep punching the clock. Unless you were getting paid more because of the overages the enforcers dgaf about you.
That is not how fraudulent billing in a federal contract ends.
The DOJ prosecutors hammer the person documented as having submitted fraudulent billing and then go after everyone else involved. There is an outside chance in this case the innocent person originally identified does not get indicted and/or convicted of defrauding the government. But there is no doubt this process will cost the innocent person many thousands of dollars in legal fees just to stay out of prison.
The advice of "report it to the GAO" and then GTFO[0] is the way to go.
EDIT:
If a person continues to "keep punching the clock" knowing someone else is actively defrauding the government by "going into our billing software and adding hours to me", there is a nontrivial risk of being charged for conspiracy to defraud the US[1].
0 - https://www.dictionary.com/e/acronyms/gtfo/
1 - https://www.justice.gov/archives/jm/criminal-resource-manual...
> the enforcers dgaf about you.
This is the attitude that lands otherwise-normal-seeming people in jail. They dgaf about you until they do. Maybe the prosecutor needs an easy win. Maybe they have a wealthy patron you offended. You don't know. And casual cheating becomes criminal very quickly.
Charlie Javice, to get back to the core subject, seemed to genuinely think she was on the right side of the line. All she was doing was faking some numbers for investors, right? Nine times out of ten, investors have already bet on the company and want to see it do well, and even if they catch a founder fibbing are likely to see more value in suffering along with it than in blowing it up.
Except in this case the investor was JP Morgan, not an incubator, and they had the prosecutor in the rolodex.
Startup culture, our culture right here, absolutely encourages cheating. And it doesn't give you a clean instruction manual to figure out how to stay out of jail, because there isn't one. The point above, while technically about government contracting, is absolutely of a piece with the same dysfunction. I think a lot of people in our world need to spend a little more time in introspection.
> I think a lot of people in our world need to spend a little more time in introspection.
Sadly, I suspect most or all of the investor class of people "in our world" have done this introspection. They've checked with their peers and lawyers, and decided it's a perfectly acceptable risk to have the founders and staff of a company they're already invested in do illegal things and potentially end up in jail, if it makes the odds of that company being a 100x exit - so long as the investors and their staff are all insulated from the illegal behavior and jail time risks.
> They've checked with their peers and lawyers, and decided it's a perfectly acceptable risk to have the founders and staff of a company they're already invested in do illegal things and potentially end up in jail ...
No legitimate business person I have ever met holds this position, if for no other reason than criminal acts pierce the corporate veil[0].
> ... so long as the investors and their staff are all insulated from the illegal behavior and jail time risks.
There is no such thing.
0 - https://corpgov.law.harvard.edu/2014/03/27/the-three-justifi...
> > ... so long as the investors and their staff are all insulated from the illegal behavior and jail time risks.
> There is no such thing.
Sure there is. You can never request an illegal act, never commit an illegal act, but create a culture where others become incentivized to do illegal acts. This can be done in sufficiently subtle ways that it's impossible to prove it was intentional.
"Will no one rid me of this turbulent priest"
"Will no one rid me of this turbulent priest"
That is not subtle enough(anymore), if you want to disguise ordering murder.
> No legitimate business person I have ever met holds this position
Well, sure, that's true. But only because that's a no-true-scotsman fallacy in incubation. All these perps are "legitimate business people" until they aren't. And they cross that rubicon, almost to a person, still believing that they're legitimate business people and that this is all a clever hack.
It looks obvious only in hindsight when you're looking at the indictment.
What gets them in trouble is the clever hacking, not a fundamental moral flaw. Or conversely, we need to start treating clevery hackery with a lot more suspicion. It's fine to "cheat cleverly" in software design. Outside that world it's got some pretty ugly externalities.
> What gets them in trouble is the clever hacking, not a fundamental moral flaw.
I think you've got that backwards. Crims gonna crim. A clever hacker will evaluate ALL the risks, whereas a moral flaw blinds people to risks. Doesn't mean somebody can't have both attributes.
I quite literally stole an education, and there's a college transcript to prove it. I was a clever hacker, and I worked hard; I was aided and abetted by the college administration, inducted into the Masters candidate ghetto as an honorary member. When they made it a felony I quit that path, and following Hunter S. Thompson's advice [0] I went into business so that I could continue learning "on the job". (Nowadays they call it "OPT". Served today with a very thin glaze of sarcasm.)
During that tenure I met people who wrote theses for a living, who appreciated my industriousness and offered to admit me to their fold. I drank with foreigners ("muslims") who wanted information I might have or be able to obtain; I suggested that they get their home countries to forge documents and and then get admitted as students.
I've quit jobs after an appropriate "honeymoon period" when I still hadn't been furnished documentation demonstrating that we had customers' permission to be doing what we were doing. I've quit jobs when government compliance was considered a game rather than a minimum standard of performance. [1]
I pass government background checks just fine; no reason I shouldn't. I get the "dgaf" attitude, but I strongly suggest getting it in writing. Doing things off the books is a cancer; and it's contagious, like that 10,000 year old dog cancer which now moves from host to host.
[0] "When the going gets weird, the weird turn pro."
[1] If you need somebody who takes risk assessment seriously, we should talk.
> A clever hacker will evaluate ALL the risks
Once more, this is a no-true-scotsman argument hanging on your added adjective "clever". All the frausters and criminals in the linked articles were "clever hackers" until they weren't. You probably are too.
Introspection and humility are among the hardest skills for hackers to develop (probably harder for us than for the general population, honestly, as our cheating gets rewarded!), and they're exactly what are being demanded here to keep us out of jail. And I'm pointing out the fallacies inherent in all the "it would never happen to me" argumentation.
[flagged]
> if it makes the odds of that company being a 100x exit
Post that gain and you will have a 100x flood of civil lawsuits to deal with. You may escape jail but I doubt you escape with the gains.
So much
Part of the value that VCs are supposed to provide society is being more skeptical than this.
I'm not sure it's even at that level of rationality. People just don't think bad things will happen to them, either through naivety or a mistaken belief that they're so superior they'll never be caught. Jail is something that happens to other people, stupid people, not to me.
I think people are either too worried about things like this or not worried enough - no middle. For every time I've heard of rich people thinking they can get away with ridiculous scandals I've also heard someone being discouraged from legitimate economic activity because what if some really unlikely thing happens and lands them in jail for dumb reasons.
The latter type of people don't become businessmen, of course, so the selection bias is for the businessmen to all be from the unworried people.
They do care - they care because they have an inflated impression of their own importance and you seem guilty, so you must be.
I wish I could tell a story. Alas, I can't. It turns out that large corporations are excellent at hiding evidence of wrongdoing, and will do everything to cover the backside of high-level execs, because stock price matters. When it's bad, the exec leaves for a "better opportunity", and none will be wiser. The stress of the honest, serious engineer(s) remain, and the exec gets a free ride to their next big beautiful step up the ladder. In retrospect, don't follow internal reporting guidelines, and don't talk to internal lawyers. They either are incompetent or competent, but paid to swipe stuff under the rug -- you'll never find out either way. Instead, go to the relevant regulatory agency, write a detailed report to them, and let it play out.
It depends on the country. It’s not possible to operate large companies in Hungary without paying to the prime minister’s family. When I lived there, I signed a paper at a large multinational company as a simple developer. The paper’s only purpose was to channel EU funds to the family. I was naive, and I thought that it’s a real project, with real work. It wasn’t. Later I realised why some of my coworkers were against it, but I didn’t believe that that company would go down on that route. I was really naive.
Looks like Trump has taken a leaf out of Orban's notebook. What a depressing situation to be in.
That 100k/month for Hunter Biden from a Ukrainian energy company was totally legit though.
It's not even the same ballpark.
Just ... wow
It's extremely fucked up that the EU has this kind of kleptocratic autocracy in its midst not only stealing billions but actively sabotaging its operations, when people have been warning about Hungary for 15 years (the Tavares report is from 2010 I believe).
It's funny seeing America, and making the same mistakes. We're humans after all.
The transition in Hungary was really seamless. Step-by-step. The Tavares report was still mainly about possibilities. The laws and the new constitution were already there to use them, but they still didn't use their full force. They could pretend that it's a democracy. They still pretend it, and most Hungarians still believe it, even when the government rules by decree for over a decade now, with elections with not equal playing field at all (opposition needs to win over 10% to be 50-50 with the ruling party).
And they're on the next phase. There is a new opposition leader, and it's way more difficult to pretend democracy now. The most interesting is Orban's used to be supporters. They switched like nothing. One day, an opposition adjacent podcaster was satan itself, the next day, "she's all right after all". One of my friend and his siblings argued against Orban with their parents for more than a decade, then the switch was instant. The parents will still choose badly next time, for the bad reasons, and they will allow to happen this again. When MAGA collapses, you can expect the same thing. There won't be any self reflection.
I was asked to sign off on an R&D tax claim for my team's work. I reviewed it and said no. Was then sent to a meeting with the accountants who explained the claim was based on what the CEO had told them. We went through the details and the agreed with me on most things. I also discovered that we were entitled to claim for things I wouldn't have known about and the CEO discovered that just because the credits were for R&D the legal definition didn't allow for normal development work.
In this instance nothing intentionally illegal was being attempted. However, had the original claim been made it could have been considered fraud. In these sorts of situations I always ensure that the company put me in contact with the professionals that can indemnify both the company and me from any wrong doing. Provided we tell the truth.
This happened to me too, the claim was outsourced to a contractor who had never interacted with myself or anyone on my team - the only devs in the company - resulting in a purely fictitious depiction of what we did.
> If you take one lesson from this, it’s that you can always say no.
I fully understand why this is true, but it seems to ignore any retaliative measures that the management could take against the person who says no.
With the benefit of hindsight, any such retaliation would be weaker than ending up in an orange suit. But the person has to find the guts to say "no" without that hindsight.
I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job. The law is the law, and there is no excuse for breaking it. Your manager is certainly culpable, but if you act against the law, you are culpable as well.
The exception is if you fear literal physical violence against you or others, or are being blackmailed or something, then of course you are being coerced and have no choice. But "losing your job" does not rise to that kind of coercion, in my opinion.
Not saying it's easy, it's a horrible situation to be put in and I have huge amounts of sympathy for a person who has to experience this. No one is perfect and act with faultless ethics at all times. But hard or not, it is your duty as a citizen not to violate the law.
I think, for most people, getting the shit beaten out of them is a preferable outcome to losing their job.
For most people, their job is the only thing standing between them and being homeless, losing their car, losing their kids, their partner, etc.
This is why having a culture that treats firing people as no big deal leads to wack ass incentives. You can make people do almost anything if you threaten their job enough.
That may be true in the US, but very far from reality in countries that have universal healthcare and a strong social safety net.
That safety net does not extend to paying the interest on your house loan.
When unemployment benefits are a large percentage of your salary and last a year plus it does
It does in some places. Firstly banks will usually let you pause or significantly reduce mortgage payments while unemployed. You then make up for it with increased payments (for a period of time) when you regain employment. There is also government help in the form of a loan to pay the interest on your mortgage while unemployed if you've been unemployed for a certain period of time (longer than the bank grace period).
Countrapoint is that these dilemas are NOT dilemas of poor people struggling to feed their kids.They are dilemmas of well doing middle class who in fact, can find another job.
Seriously, we hear the "but the job, but the potential pay raise" exactly as often in a good economy from people having large salaries.
They have choice. They are choosing the fraud over ... still high salary but just not that high.
One can only conclude that the VW engineers were uniquely immoral, since they have a safety net and nonetheless committed massive scale fraud. At least in America it's coercion. In Europe, it's willful evil.
I don't think that applies to the mid to high level software engineers here
We’re not all from the US.
The cases in the article were software engineers in the US, and at FTX. Two were engineering directors and the third was a senior engineer. If any of them didn't have plenty of emergency funds set aside, they should have seriously rethought their spending.
I know plenty of people who saved for years to get a downpayment for a house and then used all of that for just that. After that, it will take a while to replenish their emergency fund with very little margin of error. A job loss would be devastating.
My claim is that that's a bad decision, for exactly that reason. Job loss can happen for any number of reasons, often without warning. Getting a mortgage without any cushion for job loss is a huge risk.
Note also that I'm talking about highly-paid software engineers, not about people in general. Lots of people in the US make way less money than senior software engineers, and they manage to get by. Live at that level and secure your emergency funds first, and you'll be a lot more comfortable dealing with any ethical quandaries at work.
No, you’re claiming they have a spending issue, with the typical judgemental holier-than-thou undertone. My example is not that.
And I’m talking about my SWE neighbors in SV who have a desire to buy their own house just like almost everybody else. It’s just wrong to claim they have a spending issue.
They may be highly paid, but the house prices are commensurately higher too.
It is nearly impossible in the US in general to buy a house without taking on some amount of financial risk. It has nothing to do with being wasteful with money.
I mean, it's been the standard personal finance advice for decades. Step one is to set aside six months of emergency expenses. If you have an above-average income, you're capable of doing that. It's not "judgmental" to point out that this is indeed an intelligent strategy, just as advisors have been suggesting for years and years.
You yourself said that for the people you know who bought a house without that, "a job loss would be devastating." So you seem to agree with me and the personal finance advisors.
I did not say they had "a spending issue" or that they were "wasteful with money." Those were your terms just now. I simply said they should have rethought. You're turning that into some moral judgement, when all I'm saying is that it's bad strategy.
If you make say $400k a year and you buy a $2.5M house, at some level you do have a spending issue.
> Lots of people in the US make way less money than senior software engineers, and they manage to get by.
No, I'm pretty sure this is getting less and less true actually. Credit card debt is at an all time high. Homelessness is rising. Medical debt is crushing.
Indeed, any sufficiently wise man would prefer to place himself in a position of precariousness so that all his acts of crime can be attributed to the man who employs him. Only the financially careful face dilemmas. The spendthrift fears no judgment from society having forced his choice function into an identity of his employer's.
"losing your job", for a lot of people, is extremely effective coercion.
We are not talking about luxury here. A lot of people depend on their salary to pay rent and put food on the table. This is even more pressing if you have a family that depends on you, if you are in need of healthcare, etc.
What your post fails to recognize is that in the current system, labor is already a form of coercion. You need to work because the option is homelessness and starvation.
If you can avoid those even when unemployed, you are extremely privileged.
If you can avoid those even when unemployed
that would be all developed countries except the united states
380k homeless in UK. 262k in Germany. 122k Australia. 650k in USA. The per capita math is left for the reader but I don't believe there is much distinction here .
You're right, the numbers are very close to recent official figures. I looked them up to calculate the per capita rates. So USA is actually better than other countries? Kind of defeats these arguments here - interesting. (By the way I’m not from us)
Based on the latest available data (mostly 2023) and current population estimates:
* *UK:* ~56.0 per 10,000 people (1 in 178) * *Australia:* ~45.4 per 10,000 people (1 in 220) [using 2021 census data] * *Germany:* ~31.0 per 10,000 people (1 in 323) * *USA:* ~19.4 per 10,000 people (1 in 515)
The per capita distinction is more significant than the raw numbers suggest.
(Note: Methodologies for counting vary by country, which can affect direct comparisons.)
Your last paragraph is doing a LOT of heavy lifting. TLDR: the US figures should be WAY higher if you expand the definition of homelessness like those other countries do.
More research shows the U.S. rate looks lower largely because it uses a narrow, one-night "Point In Time" measure that excludes many precarious living situations other countries intentionally count. If you harmonise definitions, the U.S. does not outperform high-safety-net countries; on unsheltered homelessness in particular, it fares worse.
In UK official usage, being legally homeless often includes people the state is actively accommodating; it is not limited to street homelessness like the US PIT figure. In Australia, their figures include couch surfing (staying temporarily with other households and those in “severely crowded” dwellings). In Germany, apart from again having a more expansive definition of homelessness, their figures also include ~130k Ukrainian refugees.
Just one example: the US figures should at least include >1.2 million students experiencing homelessness.
also, despite being homeless people in germany can get financial support and healthcare, which was the original point about the fear of losing your job. and losing your job in germany does not make you homeless. you'd have to get evicted from your home (but not for failing to pay rent, as you would cover that with the financial support) so the group that is being talked about in the original paragraph that fears losing their job, and the group that is homeless in germany have nothing to do with each other, because the first group does not exist. most of tho homeless in germany never had a job to begin with.
So yes, the extremely privileged
privileged? sure, but extremely?
nowadays even in china everyone gets healthcare, working or not, so we are talking about almost a quarter of the worlds population.
I think the risk is somewhat higher than just losing your job - you are potentially burning your whole referral network in the process (especially if you end up with your name in the press during any resulting prosecution).
For a junior engineer it may not be that hard to fly under the radar, but senior/staff level folks tend to be well known by the execs. And execs talk, they call their friends to vet future hires... burn your execs, and maybe you don't work in that town again
Probably for the best...
Like, anyone who would work with some of my previous employers, are places I wouldn't want to work anyway. It's a big wide world out there.
> I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job.
When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions. Most parents will risk whatever legal ramifications to care for their kids and that's inherent moral and ethical, even if the downstream outcome is not. That is because it is the socioeconomic system rather than the individual who is acting immorally.
> The law is the law, and there is no excuse for breaking it.
This is an infantile view. The law is a framework and there are lots of circumstances where breaking it is not only excusable, it's the only moral action.
> When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions
This is the time when your ethics are tested. Anyone can do the right thing when they're getting paid for it.
Nah. I’ve been in the exact situation you describe and it’s pretty obvious tbh. Loss of a job is a temporary setback. Being locked up in a jail is a permanent one.
There's a nice Jordan Peterson quote:
> There was a lesson to learn from the holocaust. We're always reminded that: "Never forget, we've learned our lesson." "What was the lesson?" That's the question. The lesson is, "You're the Nazi". No-one wants to learn that; If you were there, that would have been you. You might think "Well, I'd be Oskar Schindler and I'd be rescuing the Jews." It's like, no, afraid not. You'd at least not be saying anything. And you might also be actively participating. You might also enjoy it.
Hindsight theoretical morality is very different from experience on the ground, where peer pressure, stress, uncertainty, exploding situations and fog of war come into the mix.
Seems like a better lesson would be "don't be the Nazi."
It's not like it's impossible. The Nazis arrested 800,000 Germans for active resistance activities, and several hundred thousand Germans deserted the military, many of those defecting to the Allies.
https://en.wikipedia.org/wiki/German_resistance_to_Nazism
It wasn't a huge percentage, but we don't know how many actively resisted without getting caught, or resisted in more passive ways. And that was resistance against the Nazis, who had no qualms about killing resistors. Risking or quitting your job to not only do what's right, but avoid getting in trouble with your government, isn't in the same ballpark.
The figure of German soldiers deaths has an estimation of 50% suicides.
I thought the lesson was to not base your morality and what you are willing to do on the laws, because they can change at a whim. And for the democratic politicians, don't play with fire and take problems seriously.
[flagged]
You might want to think about why Petersen wants you to think you’re the Nazi. What change is he trying to effect in our culture, and how does that belief support his desire? Rhetoric always aims to effect some change in the attitude of the listener, and never without some benefit of the speaker.
> You might want to think about why Petersen wants you to think ...
What's your take on that?
Not that person but the my take on their take is that Peterson is greasing you up to accept more authoritarian control since he puts you in the in-group of the oppressors to ease the societal drift.
I don't necessarily agree. I think he is pointing out that people morally grandstand and the majority will not act out how they say they would.
Note that in the quote, he is, himself, moral grandstanding.
> You might want to think about why Petersen wants you to think you’re the Nazi. What change is he trying to effect in our culture, and how does that belief support his desire? Rhetoric always aims to effect some change in the attitude of the listener, and never without some benefit of the speaker.
What benefit do you think he's trying to get from it? I'm honestly trying to figure out the nefarious angle and coming up blank.
It seems to me like a very similar sentiment to that great "are we the baddies?" sketch from Mitchell and Webb. [1] I see both as an exercise in moral humility.
See the Milgram experiment, or the Asch experiment. Most people do cave to pressure from authorities and the group. Everybody believes they're they exception. Statistically, most of them are wrong.
[1] https://www.youtube.com/watch?v=ToKcmnrE5oY
[flagged]
[flagged]
We're not talking about living in a totalitarian state and breaking the law by aiding the resistance here. The cases in the article is like committing financial fraud or faking customer data. And then, yeah, I do think there is no excuse for going along with it, you have a duty as a member of society not to do such things, even if it costs your your job. It's not easy, and as I said I have enormous sympathy for a person in this position, but there is a clear right thing to do, and you have an obligation to act accordingly.
At least in the case of engineers, we're talking about highly compensated people. You should have a solid emergency fund put together within a few months of starting your career. From there, it's on you to not put yourself into an economically precarious position. People who are making multiples of the median household don't have food/shelter as an excuse.
Not that it's much of an excuse for everyone else either, but with people in the professional-managerial class it's absurd.
Globally, most software developers are not highly paid and certainly not enough to be above financial pressure.
Becoming a whistleblower or refusing unethical demands can also lead to being blacklisted, as in most industries, loyalty is valued more highly than ethics.
And the more people that buy into that, the worse it gets. That’s why this has to be fought tooth and nail from day one.
If you want to fight corruption and unethical behaviour, start with a just society that doesn't tie a person's value and well-being directly to their income. Otherwise you're fighting incentives and will never win.
You don’t get to a just society by not fighting corruption. Ask yourself not what “engineers globally” can do, but what you can do. Historically, pressure from the educated middle class has made huge impacts on culture and society.
[delayed]
Yeah, but you have to factor in the probability of the orange jumpsuit.
You're not going to be of much use to your family in jail.
It's still a difficult decision, but it's not just your job vs your morality. It's your job vs morality+potential jail.
We dish out criminal sentences precisely in order to affect the equation like this, because we know people don't always act on morality alone.
To get rich at your software startup is not one of the situations where you have a moral obligation to break the law. None of these people were stealing bread from the rich to feed their children.
As a parent, I would risk destitution over going to prison every single time. I don’t even have to think about it.
Right, saying outright that Thoreau was wrong and also that pretty much every famous person who took him to heart was wrong too is a rather strong position to take and likely very, very hard to defend.
Or, for a more obscure example, that Antigone should just have said 'yes daddy' and left it at that with the play ending somewhere in the initial conversation with Ismene.
It is not moral to break the law in the furtherance of fraud. That’s the point.
But if the fraud secures the livelyhood of $bignum children and they would starve without their parents committing that fraud?
I think my son would rather have me in his life than have me in jail.
[dead]
> But "losing your job" does not rise to that kind of coercion, in my opinion.
it depends how many friends and family you have in the area that can host your whole family that is now homeless. it depends how much disruption you are willing to inflict on your kids definitely right now as opposed to maybe in the future.
The threat of retaliation - in the form of being fired, harassed or moved to a dead end position - is very scary to a younger engineer. But from a rational point of view it's not very strong (HOWEVER many managers or CEOs are far from rational.)
- Firing someone has large costs to the employer. You have the job because you are needed. Same for side-lining someone or not promoting them.
- Firing someone removes the final incentives against that person reporting the deed to the govt. It pushes that person toward reporting instead of softer "negotiated" steps such as continuing to argue for legal alternatives or discussing it with an intermediate rather than outright reporting. And many corporate legal or accounting people are amazing at finding alternative ways to achieve the same result in a not-illegal manner.
- A lawyer can help you much more once there is retaliation. The company might end up fighting both the fraud reporting AND the retaliation.
Just firing someone is not a great "solution" for the company.
Letting you believe that they will ... that's very powerful.
(and probably all this is caveat: in countries where retaliation is illegal enough and commonly taken to court or settled. which is not worldwide.)
This is why whistleblower laws need to be stronger (e.g. retaliation means automatic jailtime even if the whistle was wrongly blown) and rewards need to be larger.
You can absolutely, most definitely always say "no". Their carrot (money) comes and goes, and their stick (also money) is not enough to be concerning.
That retaliation is in and of itself a new illegal act.
Software developers should sign a code of ethics, like other professions do and then cite it when asked to do unscrupulous things. This would work for activities that aren't illegal but still unethical, like defaulting user privacy choices to open/public. Citing professional organizations like ACM or IEEE would deter retaliation.
No. I oppose any formal requirement to practice software development. And this isn't because I disagree about the requirement to be ethical, but because it would draw a moat of "professionalisation" around software development, excluding new entrants. It's a fashionable trend across many disciplines: it starts innocuously with informal groups and seminars. Then someone starts one or more professional bodies which devise some sort of qualification. Then they start charging a yearly or triennial renewal fee for that qualification. Then they try to make it impossible to get work without their qualification. The profession comes under the thumb of people who spend their time getting on to the committees which control these professional bodies.
That can be reasonable for something like medicine or structural engineering. But is it appropriate for a developer cranking out Javascript or Excel macros? This is pulling up the drawbridge behind you, excluding anyone who comes to the profession through informal means - and in my generation, that meant almost everyone. It also means that you will need to determine how much of your time you dedicate to politics.
We have plenty of difficulty just following the Agile Manifesto.
The agile manifesto is far from a set of ethics that if you disagree with you can’t help but sound like the bad guy.
For example, try disagreeing with the statement “SWEs should take reasonable effort to protect user data”
No, it's just a bunch of counter-intuitive rules that if followed make life better for both the developers and their customers/bosses. (On most circumstances, not all.)
If the customers/bosses do not even allow those to be followed, what chance do you think some pro-social rules with actual costs have?
That's article 32 of the GDPR. It also includes protection from social engineering.
In all honesty, I haven't checked if it's true, but you can use AI to find a foreign law that fits and cite it word for word.
AI can, and will, hallucinate legal cases and laws to make you happy. This happened pretty quickly after ChatGPT was introduced into the world: https://apnews.com/article/artificial-intelligence-chatgpt-f...
Of course it can. But it's more precise than Google and it's easy to fact check.
https://gdpr-info.eu/art-32-gdpr/
Once you link the actual law, it becomes more of a checklist and less of a principle though.
Do you mean:
A) Software developers should be free to sign a code of ethics, or
B) Software developers should be compelled to sign a code of ethics, and be prevented from working if they refuse to sign, or
C) Something else.
In Canada, (B) is how it works for engineers, including software engineers.
We are using the term 'software engineer' in two different ways:
1. The way most people here on HN, and most people in the US, understand it.
2. The way the laws in most of Canada (but not Alberta) define the term.
AIUI someone can design and develop software for pay in Canada without declaring themselves to be a 'software engineer' and without signing a code of ethics.
Is that correct?
It's unclear and barely enforced in Canada. Ontario has a two-step test for defining "software engineering":
* The development of the software required the application of engineering principles (ie. "a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software")
* The software concerns the public interest (ie. there is a reasonable expectation that failure or inappropriate functioning of the system would result in harm to life, health, property, economic interests, the public welfare or the environment).
In practice, LinkedIn is full of "software engineers" and anyone with a P. Eng uses it as a suffix.
Most software engineers in Canada don't call themselves 'Engineers' and don't have any ethics codes they need to follow.
The calling of the engineer is not required but you are bound to ethical guidelines as a PEO.
Yes, the Hippocratic Oath works quite well even if it has no legal underpinnings, so why not use the same idea for developers? Indeed ACM and IEEE could draft one.
It only works because doctors have a self-governing body of other doctors as an oversight, usually called a chamber, board, Kammer, etc. This chamber is responsible for licensing doctors to perform medicine and has the power to withdraw that license upon violations of the Hippocratic Oath, other ethical violations and other professional misconduct or malpractice.
Unless you want this kind of arrangement for developers, the oath isn't any good.
Also, the Hippocratic Oath has tons of variants, nobody uses the original one anymore because there are things in there that went out of fashion over the last 2000 years. E.g. operating on people suffering from kidney stones used to be prohibited: "I will not use the knife, not even, verily, on sufferers from stone[...]" (https://en.wikipedia.org/wiki/Hippocratic_Oath ). Similar prohibitions exist nowadays for abortions or euthanasia, but only in some places. In others, doctors are free to or even required to perform those. In software development, I would imagine even more variety in the allowed/prohibited-list.
Our board would be packed with Scrum lords smacking down on missing field entries in Jira tickets.
I would like more 'philosophy' in CS education. Just that people are aware of the methods used against them helps alot. It is hard and takes time to discover stuff on your own. It took me like 5-10 years of working before I realized how the sausage is made.
not only, in most countries operating as a physician requires a license to operate. It can be revoked if the professional violates the terms of the license.
If software had such a thing, it would be possible to achieve something similar. It is not the oath per se that keeps doctors on the righteous path, it is just as much the treath of not loosing your job - but having your professional status revoked (i.e. permamently loosing the ability to work).
On the other hand, reviewing code every now and then, it would be good if you could revoke programming privileges for ever for certain individuals.
There is a ridiculously huge body of law covering medical practice. The AMA is just window dressing over an industry trade group.
At the end of the day you confront a jury and not a board of similarly positioned individuals.
I absolutely want this arrangement for developers. We need to grow up as a profession, and take responsibility for the consequences of our actions.
This isn't the 90s anymore. Today there's practically nothing you can do in the modern world without interacting with software. Buying food, going to the hospital, travelling, communicating, voting, going to school, using anything electrical, anywhere. Our society is completely dependent on software at this point. The fact that there's no professional ethics code with the appropriate oversight for the development and maintenance of software is utterly insane.
The points you bring up about the Hippocratic Oath are important problems to solve, rather than reasons not to try.
The ACM has long had a code of ethics.
https://www.acm.org/code-of-ethics
Not taking away from your point, but just a PSA: For some reason "First, do no harm" is synonymous with "Hippocratic Oath" in pop-culture. Just a reminder that this is apocryphal: https://en.wikipedia.org/wiki/Hippocratic_Oath
Surgeons, in fact, often begin with harm. To replace a hip joint, they necessarily must begin by causing great trauma to the body by cutting it open and removing bone.
That's far too literal an interpretation of harm. The point isn't to never do any kind of "physical harm". It's about doing the least amount of harm possible/necessary in any situation, where doing nothing can also be seen as causing harm.
I had a burst appendix as a teenager, leading to peritonitis. To treat this, surgeons were going to operate laparoscopically to remove the appendix and fix remove any contamination in the peritoneum. Obviously this required damaging my skin, removing an organ etc. which in the strictest sense is harm. But doing nothing at all would obviously lead to sepsis and death, so this was still the least harmful intervention. During the surgery, it turned out that the laparoscopic method was hard to carry out due to obesity and other factors. The attending made the decision to convert to a laporotomy, doing even more harm to my skin and leaving me with a 30 cm scar on my stomach. But it was the right call because it maximised the chances of accomplishing the goal of the procedure(preventing imminent death), minimising the risk of serious complications.
And here I am almost 20 years later. I have a scar, I have some adhesions that occasionally cause moderate abdominal pain if I don't eat enough fibre, and perhaps my lymphatic system and gut flora are very minorly compromised in some nebulous way due to the lack of an appendix. On the other hand, I'm alive. So yes, they "did harm", but they also minimised harm. And they didn't do any unnecessary harm, to the best of their ability. And that's the point of the ethical principle.
Casual of research shows that the ACM's Code of Ethics can be traced back to its Guidelines for Professional Conduct in Information Processing dating back to 1966 (https://www.acm.org/code-of-ethics/1966-acm-code) and the IEEE's Code of Ethics can be traced back to a precursor organization's Code of Professional Conduct dating to 1912.
I remember reading that no med schools in the U.S. use the actual Hippocratic Oath anymore, although it seens that most schools have sone form of oath.
Why do you believe it works? I don't particularly get the sense it has any effect whatsoever, particularly in cases where doctors are pressured to do harm. (There's also a lot of ambiguity left in what constitutes "harm")
Are you kidding?
Misconduct among doctors is rampant, special highlight on dentists:
https://archive.ph/70Zk5
Yeah some people choose to wear rosy glasses when it comes to the medical profession. They can see corruption around them but they can't imagine it exists in every walks of life. Kind of gell-man amnesia.
> the Hippocratic Oath works quite well
This reads like a bad joke. Ever heard of the opoid crisis?
The code of ethics would need to be absolute, enforceable, unambiguous (without lawyers to interpret), and universal to really eliminate these activities.
Software engineering could become a real profession with licensing like mechanical, electrical, chemical, civil, and other engineering professions. If you do something unethical, you could be sued for malpractice and lose your license to practice.
The code of ethics for Professional Engineers works even though it isn’t any of the things you say are necessary.
Professional Engineers signed off on on broken dams (https://en.wikipedia.org/wiki/Brumadinho_dam_disaster ), leaking chemical plants (https://en.wikipedia.org/wiki/Bhopal_disaster ), exploding reactors and how (not) to operate them (https://en.wikipedia.org/wiki/Chernobyl_disaster ) and "high enough" sea walls (https://en.wikipedia.org/wiki/Fukushima_nuclear_accident ). There are a ton more examples. All highly unethical, most of the responsible engineers got away scot-free.
Licensed professions only serve to increase the scarcity of licensed professionals, drive up the price and thereby form an economic cartel. Neither does it prevent any of the aforementioned disasters, nor are the responsible professionals held liable.
"Licensed professionals" is one of those myths in software engineering cycles that won't die. A license won't make anyone competent. It will, however, provide them with an excuse to charge more, do less and ascribe any fuckups to "must be something else wrong, I did everything to board standards"...
That's a weird set of anecdotes you've chosen. The first half of those incidents are in fact the opposite of what you seem to be complaining about: finding the Professional Engineers that signed off on the mistakes in the project is hard to do because they happened in countries that failed to regulate Professional Engineering licenses.
The Chernobyl disaster is an operation mistake, which a Professional Engineer may have signed the process for operation, but an operational failure to follow process is not the Professional Engineer's fault. Sure, a professional will try to narrow processes to be as fool-proof as possible, but you can't entirely blame a professional that the planet is capable of generating far more fools than you can plan for.
The Fukushima disaster actually shows Professional Engineering consequences with multiple engineering groups doing analysis and investigations of what went wrong and whether or not to indict Professional Engineers involved in the construction. None of those moved to such indictments, but it was investigated at length. Three of the executives of the company were indicted as a part of those investigations (and then were judged "not guilty" in a Japanese court of law).
"Licensed professionals" is not a myth. A license isn't about making anyone competent, it is about applying consequence when they aren't. It's also about having your back when you are worried about possible consequences. "I can't do that because I would lose my license" is a threat companies have to take seriously. If your company wants to force you to pursue it anyway, you can take the issue to the Ethics Committee at your licensing board/professional organization and they can help you examine the legal, ethical, and moral implications in a way that could result in consequences to your company. If all of that is documented and the company still does it anyway it is easier to get legal consequences applied to company executives, such as real, deserved jail time.
In the Brumadinho case, five engineers were arrested and charged and jailed. They are out of jail and a criminal case is ongoing.
In the Bhopal disaster, seven engineers and executives were convicted of causing death by negligence and give the maximum penalty (which was pretty weak).
The Chernobyl incident led to Anatoly Dyatlov to be jailed and getting a 10-year sentence.
For Fukushima, some people were charged with professional negligence causing death but they beat the charges in court.
Licensing will not make anybody competent. But it can help keep incompetent people out of our field. When Engineers screw up, their malpractice insurance may get too expensive for them to continue to work in the field. When management asks for something unethical, it gives a pretty good reason for pushing back.
I don't think it needs to be (it isn't for anything else), and I also don't think it needs to eliminate all activies (it doesn't for anything else).
But right now we have nothing. Surely, something is better than nothing. We can't have nothing and already be out of ideas.
Which is why I think the ACM's code of ethics is good for someone looking to be introspective about right and wrong but would be terrible as the basis for a legal code of ethics.
The scope would necessarily be narrower and "permit" more unethical behavior but for violations to be enforced by peers it has to survive the eventual "oh you're making a big fuss over nothing, you won't lose your license" problem.
You can never make these kinds of things unambiguous. People are really creative about inventing interpretations to make things ambiguous in their favor, and rule systems are really complex.
More to the point is trying to be an ethical island in an unethical society, You'd have to deal with constant attacks from the "anti-woke" crowd.
If you are to be found in violation by DAO jury vote, you will be blocked from all private torrent trackers and usenet groups (we just have to make sure all of them mods are onboard mkay), with threat of ban for repeat offenders.
You may also find your support tickets everywhere languishing and x months of CAPTCHA-hell on every website.
ACM has a code of ethics. However, it does not seem to be enforced against many companies that routinely violate it.
https://www.acm.org/code-of-ethics
The author talks alot about this is this book: https://www.ruinedby.design/
I wonder how would that work when you are working for companies like Lockheed Martin, knowing your code will be used in weapon that may kill innocent people.
Presumably similar to how it works for the professional Mechanical Engineers and Electrical Engineers they already employ. Ethics are subjective and nuanced. Ethics are also different from morals. Some people can live with the moral quandary that their work may do harm to innocent people and still have the ethical belief that they are doing the right thing generally and that their work does more good than harm. (I'm not one of those people myself with regards to the military-industrial complex, but I respect my friends that are have sat with their morals and weighed them into the ethical frameworks of how they do their jobs and what they feel about doing their jobs ethically.)
It's easy, you just tell yourself that all of them are the enemy. As long as you outsource your morality and thinking to the Department of State, you can sleep easy.
For a little bit I worried about that, wondered whether I would be morally comfortable working on that technology. Then Russia invaded Ukraine and I snapped back to reality. The consequences of even vaguely good actors not having missiles are worse than the consequences of those actors having missiles. Because you better believe Putin and his ilk are going to have them.
It's not enough. It needs enforcement and whistleblower protection.
I have promised to resign (and fully would have) when asked to implement something that would put customer security and privacy at risk, when such concerns were in their infancy; more than half a lifetime ago but in the dot com era when I had actual value. Our client, a very large organisation, became aware I had an ethical concern my own bosses didn’t share, listened to me and changed their policies to eliminate my concern.
People who work in the Valley for fifty, a hundred times more than the poorest in their own country often do not seem to feel the same way anymore.
This is not a question of abstract ethics, but a question of simple professional integrity. If the thing is bad and risks harms, you don’t do it.
It’s part of why I work for myself now; it’s not difficult to spot people who do not have a strong sense of ethics and simply not work for them. I work in a couple of fields where there are many non-ethical players, and can do so with a clear conscience.
While not explicitly illegal, I was building out part of a product for an international company with a massive userbase (hundreds of millions) and discovered a slight issue: their api required no authentication, had no rate limiting, and an easily discoverable request format. Anyone could make a simple request with a handful of digits and get a complete history of that product, revealing very intimate details about the users in every aspect of their lives.
I don't get nervous easily but it made my stomach turn, my palms started sweating. I told my boss, we told our boss, who went and pulled the CEO out of a meeting. I was given signed documentation on company letterhead that stated I raised the issue and also detailed how our company had informed the customer, along with a modest cash bonus and they bought me most of the furniture in my house (no taxes!)
The company came back to us and said "we know, we built it like that on purpose". Incredulous but reassured that both myself and my employer were not facing any liability, I finished the product and it shipped. Predictably this was exploited within a few years and made national news when it was used against prominent political figures.
There are still no legal mechanisms in place to enforce any kind of security for this class of product.
Sounds like from a legal perspective, everyone covered their bases.
I take it you are an Oak man, then ? [Harvey Keitel voice]
It's easy to armchair quarterback these things, and in retrospect, the actions that innocent people should take are probably obvious. At the time I don't think it would be so easy.
There is lots of pressure not to take action, because of the feeling you're overreacting, because you've had things explained to you in a way that minimizes or removes the criminality, and because your job is at stake.
And crucially there is never some black and white issue. If your employer told you to murder someone, it would be easy to say no and know you did the right thing. If they tell you to incrementally go along with some grey area thing you're not sure the legal status of, it's way harder to know what to do.
People still have to be accountable for their actions of course, ignorance is no excuse. But we all should hope we're never in such a situation to begin with rather than thinking we'll know how and when to act.
> And crucially there is never some black and white issue.
The three example given are quite black and white ...
The article makes it sound clear sure. But then the article has been edited.
I would not have been surprised if the 5 million user thing was couched as some sort of "we need to generate some realistic test data to load test our systems <WINK WINK> - please create 5 million accounts very similar to these paying ones, remember this is testing so they need to be as realistic and believable as possible <WINK WINK>".
If I got that request (perhaps without the winking!) come down the line through the usual channels I'd probably have gone along with it without realising it was for anything nefarious. ...but then would that be a viable defense?!
Context is everything.
I think this skips over an important fact from the article - the head of growth + CEO were in the room making this request, then the eng director raised concerns, then they assuaged his concerns by saying it's ok for 'investor purposes'.
I can see the situation you're describing, sorta. Though if it was me and someone asked me to generate a list of 5 million real-ish user accounts in a report, I'd immediately ask why. If it's to commit fraud or lie to investors, I would be like hell no! If we're doing load testing or something legit, for sure. But I feel like benign use-cases of generating 5 million accounts would not include the "make it look real" aspect.
I also don't think the Reddit comparison makes sense, since Reddit didn't seek to sell the company at the time based on the # of users. Growth hacking is one thing, lying to investors about users is another. Because this data point was a key decision factor for a financial transaction, this fake information/lie becomes fraud.
Even if somebody gave no pretext, I don't think that, in and of itself, is illegal. Though it could be used for illegal things. For instance early on Reddit actively created fake accounts, fake votes, fake comments, and all other sorts of stuff in the process of trying to reach critical mass. I really doubt that was illegal.
OTOH if somebody sent a message saying, 'Hey we need to increase our apparent paying users in order to defraud some potential investors.' then obviously you've become part of a criminal conspiracy, but I think nobody would ever* overtly say that.
I think there is a big difference between faking 10k users and then going to investors at 1m users years later (it's a morally dubious kickstart) or in this case for the sake of the sale/investment going to 1400%.
I was just double billed by the third-party that Enterprise Rentals uses to handle tolls. Fraud? Incompetence? Is there a difference?
Here are a few more examples:
https://leanpub.com/unethical-software-engineering/
You should probably disclose this is your own book you're advertising.
AGGRESSIVE ADVERTISER
> we all should hope
If you're serious about anything, you do more than hope. You do diligence on your prospective employer before going to work for them. You think through a litany of contingencies and prepare a plan of action for each. Jobs in this industry are uniquely amenable to this by virtue of their relatively higher compensation and the autonomy often afforded to employees. If you spend an hour every day on HN, you can spend an hour meditating upon your conscience.
Predicting one's response to stressful and unexpected circumstances is hard. So try to anticipate circumstances and cultivate relevant virtues in advance.
I can only imagine someone with a family to feed who is tied to corporate health insurance, or an H1 visa, being coerced into some gray activities being unwilling to lose their job to remain ethical or legal.
One of many reasons employers have a quiverful of ways to exploit and control workers.
And why some people have a problem working with H1 coworkers at all. Its a separate class of workers, same as offshore, its somehow hostile.
Thousands of engineers aid companies in user surveillance and tracking every day. Cyberstalking at scale.
I worked at NS8 in 2020 for just four months before it collapsed and the CEO was arrested for defrauding investors of $123,000,000. Just a few months ago, I got a modest payout due to a lawsuit over NS8 laying off almost everyone with just three days notice. It was very stressful to be without a job in the middle of Covid!
>To be fair, Singh didn’t seen totally clueless, and it seems he decided to profit on the developments. Days after he found about this fraud, he took a $3.7M loan from FTX (!!) to buy a house
huh...
The sub-linked legal document about Frank’s synthetic data generation was quite interesting, specifically how much difficulty their hired consultant (a Data Science Professor) had in creating it.
It can indeed be a tricky problem to do in a manner that’s both fast and accurate, but it’s absolutely possible once you have the right datasets, which aren’t even that large. U.S. ZIP codes, telephone area codes (with enough out-of-place ones to mimic people who’ve moved and kept their cell phone number), common names, and a word list will get you rows that look plausible. Matching street addresses requires a much larger dataset, but again, it’s not impossible.
It's funny how people's mindset shifts when they work for a company versus independent contracting, but this is another case (like salary negotiation) where it should be the same. If your client asked you to do something illegal you'd be thinking about liability and drop the client. If your employer does, you should realize not only do they not have to protect you, it's probably in their interest to turn around and blame it all on you!
Having worked as a programmer for twenty years, most of that as a contractor (hence a different employer about once a year), I have never been asked to do anything illegal. This isn't said to mean no one is, but rather that, if you are asked to do something illegal, it is weird. It isn't the normal, messed up capitalist system, it isn't typical bureaucratic nonsense, it isn't the imperfect state of the world we live in. Most companies don't ask their programmers to do something illegal.
Therefore, if you are, you should leave that company, pronto. They're weird and probably desperate, and it is likely to get even worse. It's not normal. Get out, quickly.
Companies usually do not ask but powerful charismatic individuals close to the top do.
Unethical, morally questionable, in poor taste, impolite, unprofessional, or underhanded is pretty normal and you can find it in every job in every industry and you might not even realize without the benefit of hindsight that what you did was any of those things. But illegal feels different when it happens, even if you don't know exactly the law something will be off. You'll be apprehensive in a way you weren't before, people around you will act different, this little pit of anxiety will form in your stomach even if you haven't done it yet.
I'm quite firmly on the side of "don't do bad stuff", even way before crossing the line to wondering how you'd look in the proverbial orange jumpsuit. But two things about this are often under-discussed IMO.
Firstly, personal costs can be high even before full-blown whistleblowing, the struggles of which are well reported. The best case is usually that you're looking for a new job. It is clear to me that that's better than committing a crime or gravely unethical action, but not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
This also goes for mental costs: I have previously come close to burnout spending months trying to rectify a clearly very bad and doomed situation. The only reward at the other end was the bitter vindication of seeing a project I deeply cared about crash and burn from afar after cutting my losses. And I personally know people who suffered far greater damage and took longer to recover from it, even in cases where they merely uncovered some big skeleton in the closet that was not even the fault of anyone currently in charge or clearly malicious. In many cases, management will be somewhere between actively complicit and themselves stuck in a bad situation with barely enough (perceived) agency to fix things the right way, which doesn't help.
Secondly, short of "going to war" and dedicating your entire life to changing something, saving yourself is usually the best you can hope for. That's obviously better than being complicit and possibly liable. I also like being able to sleep at night knowing I have principles. But if you have the righteousness to refuse to become complicit, it's quite frustrating to come to terms with the fact that you mostly won't be able to set things straight properly unless you are in a very influential position. I know that's often not really my responsibility if I'm not higher up, but it still doesn't sit right with me that I can't do more.
> not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
I recommend planning for this (if you can). Set money aside sufficient to cover your costs until you can get another job so that you can quit at any time. Negotiate your deals so that you don't end up with substantial golden handcuffs (i.e. cash > equity, especially with long vesting periods).
This helps a lot with maintaining an ethical position, but is also helpful for other negotiations. Effectively you are maintaining a good BATNA[1].
[1]: https://corporatefinanceinstitute.com/resources/valuation/wh...
whole-heartedly seconded, it helps with anything from "they want me to do something really bad" all the way to "I'm really not feeling it anymore here"
Another recent classic case of this is the revelations that Uber were targeting law enforcement based on user behaviour, and refusing to offer them rides in areas where they were breaking regulations. I mentioned this at some point last year, and someone replied saying that they'd enthusiastically volunteer to take part in that project (assuming no personal risk). People's ethics are not always what you'd expect (or hope).
I used to work for Uber, but not on this feature or anything related.
Apropos to the article, as a programmer for this feature, what you are actually asked to do is write a greybanning engine. It can take various features (geofence, denylist of phone numbers/emails/device identifiers/payment, etc.) and use it to calculate a score that applies a greybanning policy. The policy may be that the cars in the app are now fake, the ride will never come, your CC is "denied", etc.
Nothing illegal or unethical about this feature, as written, but it is a "dual-use" technology.
The feature has been used to literally save lives. There were taxi-affiliated people in South America that would call an Uber and then, at best, trash the car and beat the driver. At worst, they'd kill the driver. Those people need to be greybanned, along with scammers, criminals, and abusive people of all sorts.
The local market administrators, however, definitely might ban users that the know to be police ticketing the drivers, might ban any account signup from the police station, might ban city credit cards, etc.
You, as the programmer on this feature, can't defend against that unethical use of it.
If you work at the insurance company and get asked to write a rules engine but not the rules, this same thing applies to you.
Thanks for the info! I've always wondered about the inside dev perspective on it.
'You can always say no...' That is like something from a bad movie about spouse abuse. 'Just leave' plays well on TV but the reality is often that a job is someone's life. Just saying no and leaving will have real, and likely massive, harm to the person. Where do they go? What do they do? Do they actually have 6 months of savings to look for a new position and explain why they left their last one? How about the money to spend on hiring lawyers to help them? We need functioning protections for whistleblowers that are well advertised, well funded, -not- subject to the whims of whoever is in office and that actually allow people to 'just say no' and not have their lives shattered.
> The smart thing would have been to do #1. [Talk to a lawyer on how to avoid assisting a crime] [...] Here's what Singh did instead: he asked for a personal meeting with Bankman-Fried and confronted him about the missing funds.
If you're not sure something illegal is happening, you could do both. The lawyer might tell you what questions to get answered, to inform what you do next.
(But don't do talk to anyone at the company if you think there is any risk that they will try to neutralize you as a weak link. "The coverup is worse than the crime" happens in organizations with shitty people, and you might have just discovered an especially shitty person.)
As an engineer, I once told a company that it was about to accidentally do something that I suspected was seriously illegal. They were able to prevent it from happening, in time. Problem solved, no wrongdoing occurred, and no one had to quit, nor go to federal prison.
Longer ago, I once told an organization about some bad things, using the appropriate internal channels. And then I had to keep going up the chain of command, when each level would suppress it, and sometimes even retaliate. Which was a rare opportunity to realize that an organization had infected its org chart with a high degree of shittiness. I'm now a big fan of people consulting a lawyer.
On another occasion, not necessarily "illegal" was averted, but at least "big liability" was. I had reverse-engineered a customer's security-related protocol, for an integration, and found a grave vulnerability. (Critical info that must be inside the cryptographic signature envelope, was outside of it, meaning that an attacker could replay a captured message later, with changed data.) To interoperate with the customer's system, I'd need to implement the security thing in an unambiguously wrong and insecure way. So I told the appropriate person on my end, and thankfully they handled it well, and figured out how to break the news to the customer.
That time, to be sure the appropriate person understood the severity, I mentioned that, in a different engineering field (including one in the application domain), I would "lose my license or go to jail" for implementing that.
Occasionally, I briefly muse that our field could use the obligations and authority of Professional Engineers. But moments later, I realize that our field went too long without that, and I can't imagine that being implemented with integrity at this point.
Quitting is usually a good first response.
I honestly can't tell if the pragmatic engineer is a well regarded site or they are just very good at promotion on LinkedIn and hacker news. I suspect the latter but I'm getting more curious
Many years ago, I was working for a consulting firm doing work for a, erhm, "large insurance provider headquartered in Illinois". I was building a tool their insurance adjusters could use to use GPS devices to check how far houses were from the coast line and deny flood coverage to anyone within a certain boundary. Note that this was during the time of Selective Availability, so GPS devices were only good to 100m precision.
The client saw my first version where I marked an "indeterminate" buffer zone to account for the precision problem. They complained it was "confusing" and insisted I use the raw value without any buffer. Oh, and also, round the numbers in such a way to put all indeterminate points inside the denial zone. This would effectively add hundreds of square miles to the denial zone. A denial zone set by law, i.e. this was the some the government was allowing the insurance company to blanket deny flood coverage.
Giving them the benefit of doubt, I explained that the proposed changes didn't make mathematical sense and would over count people near the edge of the denial zone. I had access to some market data at the time and was able to estimate it would be a few thousand extra homes. They did the standard "avoid acknowledging the issue" whenever someone is trying to pressure you into doing something unethical it illegal.
I told my boss at the consulting company. He started putting the screws on me. Told me we needed to do this. Told me my job was on the line. Intimated it would be hard to find a new job considering the client was the largest employer in the area. Told me he could get anyone to do it.
I had two weeks of PTO planned, during which I was supposed to come back to Pennsylvania and move my stuff out to Illinois. After my PTO, I was supposed to show back up in Illinois. Instead, I went to our HQ in PA (much to the surprise of everyone, "what are you doing here"), told the CEO what happened, and when he doubled down on doing the wrong thing, I quit on the spot, no notice period.
I learned later they did not "get anyone to do it". My actions put the contract in a lurch, the client dropped my former employer, and cancelled the project.
I feel pretty good about that one.
There have been other issues since then, but I've noticed a pattern. They always happen at places I had to talk myself into joining. There were red flags and I rationalized them away, "well, I'm just over reacting. I don't have any evidence anything is wrong here. It's just the way people talk that's bothering me. And I really need this job." Since I've gotten more stable and better about not taking jobs that show red flags, somehow the ethical issues seem to have magically gone away.
Does this pre-date flood zone maps or something? That's a way better indicator of risk than miles from the coast.
I don't know. This was 25 years ago and I was pretty young at the time. Clients being clients, they probably didn't know, either. Consulting being consulting, probably nobody would have sprung for it (the maps if they needed licensing, or even just the development to use them) if anyone did know.
FEMA provides them for free, but 25 years ago there may have been a great cost to using them in printed form.
I really do not know what to think of someone facing up to 75 years in prison getting 3 years of probation.
The media is terrible about reporting on "maximum sentences". The federal sentencing guidelines are super complicated and lazy journalists usually just add all the maximum numbers up and write these egregious numbers. In reality, a lot of the charges are deduplicated, can be served concurrently, or are automatically attenuated by factors like being a 1st time offender.
I believe it's mostly because of cooperating with the prosecution of the ringleader.
When ordered to do something that is clearly an illegal action, you can just say no. However, in most situations your actions won't be directly illegal, but aid someone else to illegal actions.
Simply, deny to carry out the work UNLESS you are directly and clearly instructed to by EMAIL. Oh, and be sure to make this request by email as well, as a record. So send an email saying "hey i was told to do that and i am concerned about the legality, please give me clear instructions over email"
This will calm them down.
Here's another thing to think about: if you are in IT ops, you might have access to private data that could be requested, without proper judicial review, by a three letter agency. When you receive a National Security Letter with a gag rule attached, how will you react? What action can you take that is both legal and also ethical?
Because it is not just bosses that might try to pressure you into taking unethical actions, it is also the state itself.
For my part, I have a plan, and I've told my boss enough to trust him to read between the lines and revoke my access to make it impossible for me to turn over customer data without a warrant.
Warrant Canary-like system?
Like "I hate the color purple, so if you ever see me in a purple baseball cap..." or something similar?
The problem with a NSL is that the gag rule is pretty watertight. For example, "oops, I accidentally wrote my password on a bathroom wall" is gonna land you in a world of hurt.
You need to find a way to bring some of your other rights into balance (and conflict with) those of the state, to bring professionals who have a duty to protect your confidence to your defense.
The power of the state is asymmetric warfare against an individual, which is what they count on. You need leverage from other competing lawful protections working on your side.
We have pretty much identical laws here (where here is UK) - you can be forced to backdoor things, you can't tell the customer and you can't tell anyone else in the company (not sure if you are allowed to tell your manager).
There was a whole thing about it a while ago, gov said "we are listening to your feedback" and then did it anyway.
Of course our system is actually worse in some ways - forgotten a password, they don't believe you (parks and rec style) "Believe it or not, straight to jail" (iirc it's a max of two years).
You use parallel construction of course, that's how the state itself does it after all.
Unionize?
Could help for some cases, but at least two of the three examples in the article were engineering directors, who are generally excluded from unionization rights in the US at least. (Other countries vary in how low-level line managers are treated by their employment laws, but the closer a manager gets to the senior executive ranks, the less those employment laws allow them to do anything akin to unionizing.)
> Frank was a student loan startup founded by Charlie Javice in 2016. In 2019, Javice was featured on the Forbes “30 under 30”
There was a joke going around Twitter about "30 under 30 doing 30 to life", because the startups involved were getting more and more outlandish to the extent that bystanders suspected that fraud was going on. Became a Guardian article: https://www.theguardian.com/business/2023/apr/06/forbes-30-u...
Of course, a fraud can stay afloat for a lot longer than you expect. The really tricky case is when you're ordered to do something illegal or unethical for which there is substantial political cover. An executive order, for example. You cannot rely on anyone to back you up simply because of the letter of the law.
Also:
> The reality was that this was a very deliberate double charge. I could not share this fact at the time – as the company threatened me with libel after I informed them of this detail
UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
But the worst horror stories date from before it was last reformed, in 2013, I think, and I feel the need to patriotically point out that Australian libel law is even worse!
Another country having worse legislation doesn't really impact on how bad ours is though.
Bad is bad.
Do any other countries have an equivalent to the UK's "super injunction"? This is where a court order says you're not allowed to talk about the court order itself nevermind the topic covered by the order.
https://en.wikipedia.org/wiki/Warrant_canary
That's probably a good starting point for a dive into that question.
I remember a lot of fuss being made about these but, as time goes on, I'm very sceptical they can work. Looking at the Afghan data leak reported earlier this year: courts can make it practically difficult for most of the organisation to even know they're subject to court orders!
The person updating the website asks "have we received a court order?" and the person under injunction must answer "not me." The website author isn't lying, but the website contains incorrect information (as the result of a legally-enforced lie).
You could ask your lawyer but, once again, they'd also answer "no we haven't" because answering anything else is contempt of court at best.
I'd think the CEO would know, would they not? And the CEO could tell the person updating the website: "Let's go ahead and remove the canary, we don't need it anymore." --> "OMG, did we get secretly subpoena'd?" ---> "No, not yet, but I just don't want to run the warrant canary anymore."
The only way the CEO finds out is if they're made privy to the injunction, at which point they become subject to it. Even an oblique hint could be a breach of the injunction.
Be honest: do you think a judge is stupid enough to believe you had the injunction explained to you by your legal counsel then, in a totally unrelated incident, thought "oh, I don't think we need the warrant canary any more."
That's a key component of some specific forms of US warrants.
I imagine so. Bear in mind that the concept isn't particularly a bad idea, however they are very easy to abuse and the laws need to restrict them to where they're strictly necessary (and force the court to prove they're still needed).
The Afghan data leak scandal is a great example of where it made sense to use a super-injunction at first but also where its application continued long past when it should have done for (frankly) political reasons. Lewis Goodall's reporting on this is pretty excellent and fairly balanced, in my opinion.
I've been doing this tech nonsense at moderately high levels for over 45 years now, and over the years I've had business dealings with members of these "30 under 30" lists, and every single fucking time it's a conman, a grifter. I don't even bother with heavily marketed individuals nor their flagships anymore. They are nonsense.
It reminds me of one of two people (at the same time and place in my life) I was introduced to because they shared national origin (i.e. nationality at birth, or parents nationality) with me.
One later got into the Sunday Times rich list (the under 40 section, IIRC) during the dot com bubble, by the simple expedient of lying. He claimed to be working on encryption software that was hugely valuable and said it was valued in billions. He actually owned a smallish local computer shop. He later fled the country claiming MI5 were persecuting him for developing such good encryption software.
TO be fair, he seems to have fooled financial institutions too. He bought a Ferarri (presumably on credit) and Amex gave him a black card (which he tastefully put a picture of on the company website). It did not take a lot to see through the fraud, the actual business was decribed on the website.
The other person I got introduced to around the same time for the same reason turned out to be a member of a terrorist organisation. Not banned here at the time, but still not someone I particularly wanted to meet.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
No. The deference people have to the law as some sort of all knowing all powerful magic spell that can be cast to force silence at any time is to blame. Libel is publishing something you know to be untrue. The truth cannot be libel.
If you want to speak the truth, if you want to act in service of the greater good, you must take the risk that you will attract attention from people who do not want you to speak the truth. And those people may use whatever power they have to suppress you, whether that's judicial or extrajudicial. That's not caused by any specific legal system, it's how people behave.
Investigative journalism is uneconomic the world over. The U.K. has some of the best investigative journalism in the world. The U.K. legal system is far from perfect, but it is wrong to say that in this case, the U.K.'s libel laws (for all their flaws) kept this information secret.
The irony is that the greatest suppressor of the truth is comments like yours which scare people into silence about the truth.
https://www.msrs.co.uk/the-libel-labyrinth-navigating-the-tw...
> The costs in this case were significant, with Vardy being ordered to pay a substantial proportion of Rooney’s legal fees. Initially, the court ordered Vardy to pay £1.5 million in costs, earlier this month, it was revealed that Vardy had been ordered to pay an additional £100,000, bringing the total to £1.6 million.
https://www.matrixlaw.co.uk/news/noel-clarke-ordered-to-pay-...
> In August, after a six week trial, the High Court upheld the Guardian’s defences of truth and public interest speech.
> The trial judge, Steyn J, has now ordered Mr Clarke to pay £3m on account within 28 days, in respect of a likely eventual costs liability of over £6m.
Those are cases where the defence won. But in those cases, (a) they have to front the legal fees themselves for a period of several years during the action and (b) there is a real risk that the person who filed the libel action may not be able to pay it.
It very risky for an individual to defend a libel action, so almost everyone folds instantly on receiving a letter, or settles.
An exception: https://en.wikipedia.org/wiki/Monroe_v_Hopkins - peak Twitter, sadly. Fortunately in this case justice prevailed and Katie Hopkins lost her house and life savings.
> Lots of people are celebrating but I’m not. It's a sad, lonely sort of anticlimax. It’s really crap and I feel really bad it’s all ended up like this. I thought she'd just say sorry
Wow.
> In May 2018, Hopkins won an IPSO case against the Daily Mirror for claiming that she had been detained in South Africa in February 2018 for taking ketamine. The Mirror updated the headline to say that she had been detained for spreading racial hatred, and included a correction in the article.
Pick your battles, eh
You are (wilfully?) misrepresenting these cases. The defence in each of these cases chose to employ very expensive legal teams, the cost in these cases is a reflection of choices made by the defendant, not the cost of defending against a claim of libel. As an individual defendant in a libel case, there would be no obligation to incur such costs.
Noel Clarke's legal team were working on a no-win no-fee basis (before they saw the writing on the wall and dropped him as a client, leading him to represent himself). The Guardian had no obligation to spend over £6 million on their defence, it was a choice they made. Indeed, one could argue that The Guardian chose to spend so much to send a message to those that consider baseless libel legal action in future, that The Guardian is willing to spend any amount of money to defend itself.
If you are an individual who posts the truth online, and you are sued for libel, you can spend very little on mounting a defence (you may even choose to represent yourself for free). Whether the litigant spends thousands, millions or billions on their action against you is immaterial as it is their cost, not yours.
As for Jack Monroe vs. Hopkins, Jack Monroe is a fraud. Justice did not prevail, although Hopkins losing her house was a nice treat.
Yes, I once made a bug report based to a client's supplier (overly permissive API endpoint was leading user data) and became the subject of the a spurious defamation letter. It was obviously unwinnable on the supplier's part, never went past solicitor's letters, and still cost high four figures to defend.
Nothing like some of the real horror stories, but still a significant chilling effect.
> ...and still cost high four figures to defend
You do not need to "defend" against a "spurious defamation letter". The (very profitable) business of sending legal letters is based on the misunderstanding of the law that is perpetuated online. Legal letters are to law firms what bandwidth is to cloud hosting providers: free money.
In the UK, under the UK Civil Procedure Rules, you are expected to engage in the Pre-Action Protocol and provide a substantive response within 14 days, and failure to do so can effect you credibility and standing in court. So you do not have to respond, but not doing so risks sanction from the court for non-engagement.
You're proving my point. You are catastrophising.
A response to a "spurious defamation letter" does not cost "high four figures". Substantive does not refer to the cost of the response. Substantive means that it addresses the substance of the complaint.
The "high four figures" you spent for a lawyer to respond (I disagree with the word "defend") to a legal threat was unnecessary. You paid a bunch of money for some low-paid legal assistants to fill out a template, and then a high-paid solicitor to sign off on it.
As an individual, you can respond substantively to a legal threat for free. And even if you choose not to respond, courts are not punitive, the standard that courts hold individuals to are different to the standards they hold law firms to. A court will not rule in a claimant's favour in a libel case because an individual didn't follow procedure correctly.
If you, as an individual, make a truthful statement about A Big Corporation and A Big Corporation spends £100,000 on a team of lawyers to write an angry letter to you demanding you retract, a simple single-sentence self-composed response of "The statement is true, I will not retract." is substantive.
Despite what catastrophisers like yourself (catastrophisers who are encouraged by participants in the legal system who profit from this misapprehension) might suggest, civil courts are interested in adjudicating fairness, not trapping individuals in an endless legal quagmire.
Can you share examples of individuals who have been sanctioned by the U.K. courts for anything that comes close to not engaging in the Pre-Action Protocol?
No, the Pre-Action Protocol is quite a bit more in depth than that and required a significant response including document review and research.
"The statement is true, I will not retract" is not substantive and is effectively calling the bluff. If they take it beyond a letter, those costs will balloon further.
https://www.justice.gov.uk/courts/procedure-rules/civil/prot...
The "Defendant’s Response to Letter of Claim" section is very clear that it is actually that simple. The burden is almost entirely on the claimant, the defendant has very little to do. Can you provide any evidence that any individual has ever been sanctioned by a U.K. court for either not filing a response, or not filing a substantive response?
You are saying that "costs will balloon further" but you haven't yet established there are any costs. How can costs that do not exist balloon? Any individual could satisfy the "Pre-action Protocol for Media and Communications Claims" with ease, no expense necessary.
Costs upon commencement of litigation. Are you being purposely obtuse or trolling?
The point I am making in this thread is that there are no mandatory costs, that receiving an angry letter from the lawyers of a deep-pocketed litigant is financially inconsequential. The choice to hire legal representation and pay them "high four figures" to write a response is a choice. Hiring legal representation for court is a choice, too.
The courts are very kind to people who choose to represent themselves, especially when the litigants are obviously abusing the system to try and silence individuals. The point you're making seems to be that you must spend money to defend against spurious defamation claims so I have asked you to provide any evidence of a case where an individual is accused of libel and has suffered because they chose not to spend money.
I am not trolling. I disagree with the suggestion that the U.K. libel laws create an environment where people are scared to speak truth because there is a real threat of an expensive lawsuit. My position is that the fear people have of expensive lawsuits comes from other people fear mongering, in comments like yours, either based on a misunderstanding of a case they've seen publicised or because of information they've been given by legal professionals in a different context.
Okay, so you are trolling or you are at peak levels at HN arrogance.
No, the chilling effect of UK defamation laws is not an artefact of scaremongering. No, you have not discovered the secret truth hidden by the legal profession. Yes, defamation cases are a real threat and expensive to defend as the burden of proof lies on the defendant, not the allegedly defamed.
Bandwidth isn't free to a cloud hosting provider in any real sense of the word. It's not priced in relation to cost, but it definitely does cost
Very easy to pop shit when you aren't risking your life and your family's future to protect the honor of JP Morgan. If everything goes perfectly, you've just lost your job and can't get hired because people don't want to hire a snitch; and if everything goes badly, it could go really badly. You might end up killed in a botched robbery, or thinking suicide will be the only way to save your family.
I'm pretty sure the truth wasn't even a defense in UK libel law before 2013. It was entirely about whether you had the intent to harm someone. If you want to disrupt a thief's business, that's intent to harm someone, as a lot of people who wrote about quack doctors found out.
Then go publish an article about how much time the Prince of Wales spends with women that aren’t his wife
Sure, send me the evidence and I’ll publish it.
The irony is that libel doesn't just suppress individuals, but corporations that might be bankrupted by libel suits, such as reporting agencies.
Nice ideals. I mean that. But pure altruism at great cost is a lot harder than you imagine.
Slow news day? Did this really need a second chance pullback to the front page?
wow, this was weird
This is good advice not only for people who encounter fraud, but also those whose employers are profiting from war crimes and the like.
So Google, Amazon, Oracle, Microsoft etc.
Kids these days always forget about IBM.
https://en.wikipedia.org/wiki/IBM_and_World_War_II
https://en.wikipedia.org/wiki/IBM_and_the_Holocaust
They're still at it:
'In June 2025, IBM was named by a UN expert report as one of several companies "central to Israel's surveillance apparatus and the ongoing Gaza destruction."'
https://en.wikipedia.org/wiki/List_of_companies_involved_in_...
If you asked to do something fishy then document it and consult a lawyer. Don't do anything that is above the bare minimum required to cover your ass. You get nothing for doing the "right thing" and are likely to be penalized for it - word will get around and future employers have no interest in figuring out if you were right nor will they care, you will have proven to be disloyal or worse an idealist.