Comment by arminiusreturns

Comment by arminiusreturns 10 months ago

34 replies

View on Hacker News

I agree. Let me tell you about what just happened to me. After a very public burnout and spiral, a friend rescued me and I took a part time gig helping a credit card processing company. About 2 months ago, the owner needed something done while I was out, and got their uber driver to send an email. They emailed the entire customer database, including bank accounts, socials, names, addresses, finance data, to a single customer. When I found out, (was kept hidden from me for 11 days) I said "This is a big deal, here are all the remediations and besides PCI we have 45 days by law to notify affected customers." The owner said "we aren't going to do that", and thus I had to turn in my resignation and am now unemployed again.

So me trying to do the right thing, am now scrambling for work, while the offender pretends nothing happened while potentially violating the entire customer base, and will likely suffer no penalty unless I report it to PCI, which I would get no reward for.

Why is it everywhere I go management is always doing shady stuff. I just want to do linuxy/datacentery things for someone who's honest... /cry

My mega side project isn't close enough to do a premature launch yet. Despite my entire plan being to forgo VC/investors, I'm now considering compromising.

aftbit 10 months ago

>Why is it everywhere I go management is always doing shady stuff.

Well here's a cynical take on this - management is playing the business game at a higher level than you. "Shady stuff" is the natural outcome of profit motivation. Our society is fundamentally corrupt. It is designed to use the power of coercive force to protect the rights and possessions of the rich against the threat of violence by the poor. The only way to engage with it AND keep your hands clean is to be in a position that lets you blind yourself to the problem. At the end of the day, we are all still complicit in enabling slave labor and are beneficiaries of policies that harm the poor and our environment in order to enrich our lives.

>unless I report it to PCI, which I would get no reward for.

You may be looking at that backwards. Unless you report it to PCI, you are still complicit in the mishandling of the breach, even though you resigned. You might have been better off reporting it over the owner's objections, then claiming whistleblower protections if they tried to terminate you.

This is not legal advice, I am not a lawyer, I am not your lawyer, etc.

Reply View 14 replies
  • arminiusreturns 10 months ago

    I did verify with an attorney that since I wasn't involved and made sure the owner knew what was what, that I had no legal obligations to disclose.

    Reply View 3 replies
    • HansardExpert 10 months ago

      What about your moral obligation?

      Reply View 2 replies
      • arminiusreturns 10 months ago

        People are so quick to judge without knowing the details, the situation is more complex than I'm willing to go into here, and I'm comfortable with my decision.

        Reply View 1 reply
        • aftbit 10 months ago

          That's totally fair. After all, laws are about what people will force you to do using (the threat of) violence, while ethics and morals are about how you personally navigate the world, and a bit about how people will try to shame or socially compel you. If you are comfortable with your decision, that's all that really matters at the end of the day.

          Reply View 0 replies
  • positus 10 months ago

    The problem isn't society or profit motivation. It's people. Humanity itself is corrupt. There aren't "good people" and "bad people". There's only "bad people." We're all bad people, just some of us are more comfortable with our corruption being visible to others to a higher degree.

    Reply View 9 replies
    • ragnese 10 months ago

      > We're all bad people, just some of us are more comfortable with our corruption being visible to others to a higher degree.

      If the GP's story is true (and I have no reason to suspect otherwise), then there are clearly differences in the degree of "badness" between people. GP chose to resign from his job, while his manager chose to be negligent and dishonest.

      So, even if we're all bad people, there are less bad and more bad people, so we might as well call the less bad end of the spectrum "good". Thus, there are good and bad people.

      Reply View 5 replies
      • positus 10 months ago

        I understand your perspective, but I maintain that "good" (morally pure) isn't a category any of us belong to. We're all lying, hateful people to one extent or another, and lying hateful people aren't "good", even if we haven't lied or hated as much as other lying, hateful people. "Less evil" isn't synonymous with "good".

        The argument that profit motivation is the origin of shady business practices ignores the existence of those businesses which pursue profit in an ethical manner. The company I work for, for instance, is highly motivated to produce a profit, but the way we go about obtaining that profit is by providing our customers with products that have real value, at fair (and competitive) prices, and by providing consistently excellent customer support. Our customers are *very* satisfied with our products and services, and they show their satisfaction with extreme brand loyalty. The profit we make year over year allows us to increase the quality of life for our employees, and keeps our employees highly motivated towards serving our customers. We pursue the good of our customers alongside our own, and we avoid shady business practices like the plague.

        Reply View 4 replies
    • throwaway92024 10 months ago

      No. There are no good or bad people. But people do good or bad things, all the time.

      Reply View 1 reply
      • BehindBlueEyes 10 months ago

        This. Also, the world isn't black and white. Good and Evil are overly simplistic categories that aren't constructive. Just because one person does something wrong, it doesn't have to define them or negate the good they do in other areas.

        Reply View 0 replies
    • idle_zealot 10 months ago

      What is this even supposed to mean? Profit motivation is a concept invented by humans for humans to apply. If it leads to unexpected or undesirable outcomes then it's a bad idea. A system that requires all participants be paragons of some definition of virtue to produce good results is fundamentally unsuited for human beings.

      Reply View 0 replies
ValentinA23 10 months ago

The DOJ has just launched a corporate whistleblower program, you should look into it maybe it covers your case:

https://www.justice.gov/criminal/criminal-division-corporate...

>As described in more detail in the program guidance, the information must relate to one of the following areas: (1) certain crimes involving financial institutions, from traditional banks to cryptocurrency businesses; (2) foreign corruption involving misconduct by companies; (3) domestic corruption involving misconduct by companies; or (4) health care fraud schemes involving private insurance plans.

>If the information a whistleblower submits results in a successful prosecution that includes criminal or civil forfeiture, the whistleblower may be eligible to receive an award of a percentage of the forfeited assets, depending on considerations set out in the program guidance. If you have information to report, please fill out the intake form below and submit your information via CorporateWhistleblower@usdoj.gov. Submissions are confidential to the fullest extent of the law.

Reply View 0 replies
TinyRick 10 months ago

Why would you resign? You could have reported it yourself and then you would have whistleblower protections - if the company retaliated against you (e.g. fired you), you then would have had a strong lawsuit.

Reply View 15 replies
  • arminiusreturns 10 months ago

    Because I don't want to be associated with companies that break the law and violate regulations knowingly. I've long had a reputation of integrity, and it's one of the few things I have left having almost nothing else.

    Reply View 14 replies
    • TinyRick 10 months ago

      So you would rather be known as someone who had an opportunity to report a violation, and chose not to? From my perspective it seem like you decided against acting with integrity in this situation - the moral thing would have been to report the violation, but you chose to look the other way and resign.

      Reply View 13 replies
      • 1659447091 10 months ago

        > it seem like you decided against acting with integrity in this situation ... you chose to look the other way and resign.

        I agree with this statement.

        This isn't a judgement, we all have to make choices; the "right" choice (the one that aligns with integrity) is usually the one that will be the least self-serving and even temporarily harmful. They did what was right for them, that's okay, but it was not the choice of integrity.

        Reply View 10 replies
      • qup 10 months ago

        I wonder if I was part of the database that got emailed.

        Reply View 1 reply
        • arminiusreturns 10 months ago

          Very unlikely, this is a very small operation with a tiny customer base.

          Reply View 0 replies
mikeodds 10 months ago

As in.. his actual Uber driver? He just handed his laptop over?

Reply View 1 reply
  • arminiusreturns 10 months ago

    Yes. The owner is old, and going blind, but refuses to sell or hand over day to day ops to someone else, and thus must ask for help on almost everything. I even pulled on my network to find a big processor with a good reputation to buy the company, but after constant delays and excuses for not engaging with them, I realized to the owner the business is both their "baby" and their social life, neither of which they want to lose.

    Reply View 0 replies