Perl's Chip Salzenberg Sued, Home Raided 698
Chip continues: "The key evidence in the search warrant was so ridiculous as to be surreal: CVS logs indicating that I downloaded more than I uploaded, and that I sometimes accessed the company network from home. Apparently, for company management, the police, and a judge, working at home through a gateway the company set up for that very purpose, and refraining from editing every source file for every code change, is a sign of nefarious behavior.
My behavior in accessing the company network was entirely within my job description and in no way involved misappropriation of anything. For the more than two years that I worked at HMS, I used ssh and CVS to access company files with my laptop both from work and home, with management knowledge and approval.
What would lead management to such a sudden action? Days beforehand, I had made an internal report of unethical and apparently illegal behavior by the company: Use of open proxies for web harvesting to avoid blockage by web site operators. HMS apparently decided that working with me to address their use of open proxies was not an option.
Health Market Science is a large corporation with, compared to me, effectively infinite resources. My legal bills have topped $40K already over just two months. If HMS succeeds in tarring me with their false accusations, what's to stop your employer or client from doing the same to you, should your relationship sour?
Friends have set up GeeksUnite.net, an informational web site and Legal Defense Fund. The site includes the search warrant, my letter about open proxy abuse, and court documents.
Please contribute to my Defense Fund to fight this attack on the normal and legal work practices of millions of tech workers. Every little bit counts! If every person who visits the site contributes only ten dollars, that will make a huge difference. Only through community effort can we protect ourselves."
I'm the pimpking for our product! (Score:2, Interesting)
Am I missing something? (Score:2, Interesting)
Any lega rights? (Score:2, Interesting)
Re:The moral of this story (Score:5, Interesting)
He said he made an internal report of unethical and possibly illegal behaviour. It doesn't say he took this up with police at all. It sounds more like he was trying to warn them that they were doing something they shouldn't be so they could stop before they got caught.
And just in general about this story: *sigh*
In April of this year, huh? (Score:5, Interesting)
I can't send money (Score:4, Interesting)
Sucks for him if he didn't do anything wrong. If so I hope it works out. If it goes to court and he is found innocent-- then giving to the fund would be a lot easier.
Start reporting them (Score:5, Interesting)
Then make sure you have a good shark for a lawyer. Make sure he has a technologically savy partner or associate that can understand the CVS and gateway issues.
Then countersue. They may have infinite resources compared to you, but they also have much deeper pockets to go after. If they are vunerable on this point, your lawers will be more than happy to go after that big paycheck.
If all you do is try and defend yourself, then they will steamroll all over you.
Re:Perl a high-risk legal environment? (Score:3, Interesting)
Re:false police report (Score:3, Interesting)
Re:The company's website and contact info (Score:1, Interesting)
Health Market Science has Copyright on a perl mod (Score:3, Interesting)
What did Health Market Science think they were getting for their funding dollars?
AUTHOR
Chip Salzenberg,
ACKNOWLEDGEMENTS
Thanks to Heath Market Science for funding creation of this module. Thanks also to Larry, Damian, Allison, et al for Perl 6 subroutine syntax, and to Damian for Filter::Simple and Parse::RecDescent.
COPYRIGHT & LICENSE
Copyright 2005 Chip Salzenberg and Health Market Science.
Re:EFF? (Score:1, Interesting)
Courts do nothing to stop unethical co. behaviour (Score:4, Interesting)
The company refused to pay me for my last two weeks of service or any vacation time I had built up.
When I attempted to get the money from them, they produced a list of dates I was not in the office (exceeding my vacation pay plus 10 days for the last two weeks of service). These were days I worked from home (and I actually WORKed from home).
I tried to appeal to the legal system, but got a big runaround. This same company sued other ex-employees for frivolous things, and the courts took this company (that had a history of this sort of thing) quite seriously for years.
The courts have it in their best interest to make sure lawsuits keep happening and go on for extended periods of time. It's job security for them, and they just don't care that it's a drain on the rest of society.
Re:Perl = Legal Trouble?? (Score:3, Interesting)
Yeah, Intel. He was convicted of three felonies [lightlink.com]. He was running a password cracking program on their servers. He had cracked computers not only on Intel's machines, but on the machines of some of their partners, as well. He'd also installed some backdoor programs on several machines at Intel. It was really stupid of him to do all of this.
Sympathy for the devil / company (Score:2, Interesting)
Here's an employee who's signed an agreement not to disclose trade secrets, and he's threatened to disclose the source code. He has CVS access, and it looks like he's downloaded a lot of the source code to his personal computer. If the company is in the right and it's not "hijacking" open proxies, what's it supposed to do? Let this guy go and let him smear the company's name and product? Or worse, let him post the company's source code publicly? Salzenberg cites the Pennsylvania statutes on "unlawful use of computer" in his letter, but the misappropriation of trade secrets is also a statutory violation...
If everything Salzenberg says is true, then he's truly gotten a bum deal. But I'm sure his superiors at the company have a different story, and who knows what that might be. Unfortunately, it looks like this will result in some pretty ugly litigation before it gets resolved.
Re:Am I missing something? (Score:4, Interesting)
Actually, what's wrong with our judicial system today is that not enough people take interest in it. How many people take the time to do the research on judges before going to vote? Since most judicial races are non-partisan, it can be difficult to tell if a judge shares your political leanings. So people vote for judges (and legislators for that matter) because they recognize the name from a sign that they saw on the way to the polls.
If you don't like the system then work to change it. Find tech-friendly judges and then run around town putting up their signs on election day.
One small recommendation to other readers.... (Score:5, Interesting)
You will want to check your local law, but MOST states permit a concealed recording device on a person when there is no "perceived expectation" of privacy (don't record anything in the bathroom) or when more than 2 people are party to the conversation.
I've only had to resort to this tactic once, but it saved my job and cost the Veep his....
was it worth the $20????
d*mn straight it was.....
Re:Any lega rights? (Score:3, Interesting)
This guys mistake was having faith in humanity that his company had any intention of being honest. If I was this fellow, I would find a tech savy lawyer and take all their money.
Comment removed (Score:4, Interesting)
How Health Market Sciences screwed with me (Score:5, Interesting)
Back in 2001, I was laid off from my previous job and looking for work. I interviewed with Health Market Sciences sometime around that July for a Software Engineer position, and it was an interesting experience. I met some of the people from that company and was finally interviewed by one of the Vice Presidents, a guy by the name of Rich Ferris. Rich seemed pretty impressed with my resume and said something to the effect of "we'll get you an offer by the end of the day".
So, I went home and gave Rich a call at the end of the day. But suddenly his story changed, and it was, "I had problems getting the offer through HR (or somesuch), I'll have one for you on Wednesday".
Wednesday came, and I was told, by Rich, to call back again on Friday. Friday came, and they were having money issues and would get back to me on Wednesday. Finally, next Wednesday rolls around and I'm suddenly told, "Well, we really want to hire you, but we don't have the money right now, so we cannot make you an offer".
So what it boiled down to is that I was led on by that company for over a week with the promise of employment, only to have it yanked out from me because they didn't have their stuff together. It was a total waste of my time, and the time of the job recruiter I was working with. If they didn't have the money, they shouldn't have been hiring in the first place. The whole experience left me rather bitter.
I hope Chip sues that company into oblivian.
Re:Am I missing something? (Score:5, Interesting)
Well, aside from the wrongfull lawsuit, if he had resigned under threat he could have applied for unemployment benifits and get his employer embroiled in arbiration (a free and apparently abritrary by some standards method of dispute resolution.) Not only would that help tie up the company and give backing to his (potential) counter-suit, but he might make some money to help with the bills.
<PARANOIA>
Finally, if I were a high-profile FOSS developer, I'd invest in a wireless adapter and a decent SOHO SAN box. Put that baby inside a wall with a UPS. It's impressive what you can do with a drywall knife, some 12 gauge homegrade wire, and a decent amount of drywall patch. Let them raid all his stuff, his data would have had remained 'safe' and all his HD's clean (save any cache/tmp/~ files.) Hell, get paranoid and setup the SAN to re-encrypt the drives and shut off if certain files aren't touched every X minutes.
Chip's problem now is that 100% of his admissable evidence is in the hands of a known immoral and hostile agent. There is no practical way to back up his claims without more money. Any 'evidence' he gets back from those machines may be unreliably tampered after the police's uber-windows nerd gets done trashing his probablly non-windows boxen.
</PARANOIA>
Save Chip, Sink Heath('s legal team) [geeksunite.net]
The letter that started it all (Score:3, Interesting)
This all looks to me like an ill considered vigilante mission gone horribly wrong. It's like shouting "hay guys, you're all crooked bastards and you should be in jail. I'm thinking about taking you fuckers to court! Can I keep my job though? Don't sue me!" What he should have done was file for legal action immediately, and/or resign from the company on legal/moral grounds. Resignation would have looked a lot better, would have relieved him of some of the moral issues, and would not look like he was about to try and sue the company for a ton of money.
I agree with his stance and his moral position, but this was a perfectly stupid and arrogant way to handle the situation. As a Perl hacker I wish Salzenberg the best, but I can't agree with the way he's fought this battle so far.
Re:Missing Something! (Score:2, Interesting)
Re:Am I missing something? (Score:5, Interesting)
(This is based entirely on conjecture. None of us really know what went down for sure.)
Re:EFF? (Score:4, Interesting)
They're notorious for dropping people like hot potatoes if they think there is a chance that it will negatively impact their political lobying.
Re:Sympathy for the devil / company (Score:3, Interesting)
They obviously see nothing wrong with the abuse of power, so I suspect that every accusation made against them is correct. (Suspicion isn't proof...but I don't have anything better to judge them on.)
They obviously didn't care how injurious to him their requests were, or perhaps, if one is cynical, they were intentionally being malicious. No proof, fip a coin. In either case I wouldn't want to be associated with them.
It does sound as if they are intentionally committing multiple misdeameanors for money. And they have organized to do so. That's a felony. (If they don't get prosecuted criminally, I'm going to be more cynical than I currently am...although I'm already predicting that management won't be prosecuted, or that they'll get off with a very light wrist slap. Felonies don't seem to get prosecuted if you have a bit of money and power.)
Posting anonymously here because I've lived it (Score:5, Interesting)
Basically these trade secret laws let big guys with resources or connection punish small guys (us) without any legal process. We're out tens of thousands of dollars just from the moment the process begins, without a court or a judge even having seen the issue.
There's also the emotional factor. It's terrifying. If I got a criminal trade secret conviction, I would never be able to work in the programming field again. What else could I do? My life would be ruined even if I got probation only. The fear is incapacitating. It's like someone telling you "you have cancer." Even if the cancer is treatable, it is terrifying.
Anyone in the programming field needs to be aware of these risks. You don't think about it because a) these things usually do not result in convictions (in TFA's case, if his telling is accurate, there is no evidence of any wrong-doing) and b) when they go away without a conviction, we're all scared to talk about them (like I am posting as AC right now). But even if the case goes nowhere, running into a $40k legal bill is disastrous. That's a downpayment on a house. That's 100% of your after-tax income for more than a year (probably). That's your new-car and vacation fund for several years. That could cause so much financial stress as to lead to divorce, family estrangement, etc. That's "liquidate all of your assets right now and borrow from all of your relatives" disastrous. That's a penalty this guy is suffering without any trial or judicial overview. That's (possibly) without even having a grand-jury rubber-stamp the police side of the story.
I'm afraid to even post this lest it have some bearing on my situation, but I'm posting because I want all of us Slashdot crowd to be aware of it.
I don't really have a solution, but one thing that seems to help is to put up a very aggressive and determined defense from the very beginning. Let everyone involved know, "there will be no plea bargain. There will be a vigorous defense. Trying to bring a civil matter into the criminal system will not work and I'm not going to beg for mercy. If it gets to a trial, we're fighting all the way and there will be an acquital."
This guy is brave to even be talking about this publicly. I'm sure his lawyer advised him not to (mine did). Most of us who are victims of this are silent victims like me.
Re:One small recommendation to other readers.... (Score:3, Interesting)
When I complained, he would say "I never said that."
I got a reputation for being difficult to work with, backstabbing, rude... All I ever asked for was a different boss. I only asked because he was rude to me. Not just rude, his conduct was apalling and shocking.
I eventually quit. I'm in a much better position now, so it worked out for the best.
Re:Am I missing something? (Score:3, Interesting)
if I were a high-profile FOSS developer, I'd invest in a wireless adapter and a decent SOHO SAN box. Put that baby inside a wall with a UPS.
Because that wouldn't look suspicious at all if they ever found it. Also, you'd be doing drywall and paint work every time the stupid thing ate a disk.
Chip's problem now is that 100% of his admissable evidence is in the hands of a known immoral and hostile agent. There is no practical way to back up his claims without more money. Any 'evidence' he gets back from those machines may be unreliably tampered after the police's uber-windows nerd gets done trashing his probablly non-windows boxen.
Which may not be an actual problem. Given the company's apparent bad faith, it could be argued that all evidence is tainted as a result of the state's mishandling of it, therefore it could be assumed that there was exculpatory evidence, even if it is no longer present.
Question: what are open proxies and web harvesting (Score:1, Interesting)
You think THAT's bad... (Score:5, Interesting)
Be Careful, The Ice is Thin (Score:2, Interesting)
Had a similar situation (Score:5, Interesting)
At 7 AM the next morning, the sheriff was at my door with their lawyers in tow. Fortunately for me, they screwed up the warrant and were unable to seize my hardware, but they took a very detailed inventory of everything. Even more fortunately, my friend HAD consulted a lawyer before confronting the board and he (the lawyer) had the whole thing search/seizure suspended. The courts finally found the company's motions meritless (and fined them!!) They ended up with a huge lawsuit against them from several board members once the whole picture came to light, the BSA came down on them like the wrath of God (thanks to a cover your ass maneuver by the CIO) and the whole thing went into the crapper within 8 months.
ALWAYS consult a lawyer when doing any sort of confrontation with your employer. You need something to back you up. If they are doing something scummy, there is NOTHING that will stop them from doing something scummy to you in return. I should have done so before the board meeting, even though I wasn't directly involved. But my friend saved my ass. He lives 2000 miles away now, but I still send him thank you notes.
Federal Law (Score:3, Interesting)
I found out about this several years ago when the company I was working for attempted to get me to file a fraudulent patent application.
Never complain to a company CEO about something like this; they will simply fire you. Always go directly to the Feds. If you do so you are protected by the Federal Whistle blower statutes. Company CEO's involved in illegal activities start gasping for air when they find out the Feds are involved.
Accomplance after the fact? (Score:3, Interesting)
Then there's conspiracy.... You can be convicted of conspiracy if you knowingly commit just one express act in furtherance of a crime. Even if it's otherwise legal. E.g., it's legal for you to buy a lighter. It's legal for you to give it to another person. It's not legal for you to do this if you know that person plans to use it to commit arson. His prior code would have been safe (since he had no reason to believe it would be used to commit a crime), but ongoing software development when he believed it would be used for criminal acts....
Anyway, to my non-lawyer mind it's easy to see the letter as an attempt to protect himself from a shitload of legal trouble if/when the company's bad acts came to light, not to threaten them unless they coughed up something in exchange.
BTW, by the same analysis they may have just bought themselves a world of pain. An aggressive DA might make a case for witness intimidation, something that might stick even if they're cleared of any other illegal activity.
(P.S., I wouldn't have called the activity "illegal" in the letter. You can raise concerns without making judgments.)
Re:Uh... (Score:3, Interesting)
It's really dubious that they're even allowed to fire him on such short notice; so this action definitely stinky... it's as if they're taking whatever actions they can to legally fire him on the spot and sink his ship as soon as possible.
That's unethical. It's also pretty unethical to not talk with him first. That's just pretty human-to-human standard, to first talk about any differences you may have.
It's possible they're intentionally keeping the legal situation as complex as possible to prevent him from having a chance. If they're really worried about the claimed source code leak, that makes no sense. Whatever the case; that too is fairly unethical.
So pretty much whatever the background is of their allegations - it's obvious they couldn't have any real evidence (a hypothetical source code leak which they're not sure exists is certainly not traceable to a particular user as all users get the same CVS code), and it's obvious they're generally being assholes just to make it hard for him to win the case - instead of focussing on their business; which they should be.
--Eamon
Re:The moral of this story (Score:3, Interesting)
Re:No probable cause... (Score:3, Interesting)
In some respects this method makes sense. Until you remember that it's wrong to infringe on the rights of one to protect the rights of another. Usually, if the ONLY way to guarantee the rights of one person is to infringe on the rights of another, they usually permit it, which is completely retarded.
I think the courts/police do it out of sense of duty... if they're presented with a scenario where they can either do nothing and risk one person being injured, or take action to protect that person and in doing so, injure another, they seem to prefer taking action. I think it's a matter of them simply wanting to take some action, trying to protect something, irrespectful of who gets trampled in the process.
Re:Why spelling matters (Score:4, Interesting)
A typo indeed.
But most large companies are not run by obvious scumbags because they would be destroyed by the scumbags running the company into the ground. Adelphia is an example of what happens eventually.
Unfortunately that is not true. Large companies, especially the so-called "multinationals" enjoy immense support from politicians and national governments. Partly because politicians of all stripe are corrupt, but mostly because politicians fear large scale job losses and thus engage in various forms of corporate welfare, handing out tax breaks, government-guaranteed loans or outright grants and in many cases alter national laws to suit the mega-corporations. Add to this the fact that crookery can go on for a very long time undetected, masked by phony, on-paper "profits", masquerading as "growth" due to never ending cycle of "buy now, pay later" acquisitions of other companies and in some cases the crooks actually manage to make money for the corporation, if they corrupt the local government sufficiently and are allowed to establish an effective monopoly. Only in the most obvious and extremely unsustainable cases do the businesses actually implode. One has to have to literally levitate the whole company on thin air and have debt to income ratio of hundreds to one before something gives. That is why it took super-human efforts to make Enron fail and that is why the airlines (who lose money continuously, since anyone can remember) are still in operation. Running a business into the ground is only an option for a small operation where there is no way to hide the crookery or obtain government bailouts for any length of time. Note also even the very collapse of a behemoth like Enron managed to generate money for the crooks in form of, literally, hundreds of millions of dollars in "legal and consulting fees". Try that with your mom-and-pop shop.
I do agree that small businesses are not exempt from connivery, but my logic is simply this: if business size is kept in check, so is its power and the impact of individual businesses going rogue or simply failing. An IBM can in one fell swoop throw 16000 families into the gutter without even blinking in order to make a few more bucks for the managment, a 50 employee firm can at most harm 50.
But even deeper then that, there is simply a realization that large corporations are corrupting capitalism by reducing its potency to benefit society as a whole. A cornerstone of the system, the very mechanism by which the "invisible hand" is supposed to do its work is competition. If a company size increases and the number of viable companies in a particular field decreases, this in turn reduces competition and leads to oligopoly or outright monopoly situations, effectively destroying any benefits of the system to consumers, not to mention all the disastrously negative political side-effects. This process is in fact the most serious weakness of capitalism as it appears that the system is incapable of self-correcting this situation, contrary to its tenets.
Simply look around and see how many of the everyday products you use are manufactured by companies which have at most one or two viable competitors: Coke/Pepsi; Intel/AMD; Nvidia/ATI; Boeing/Airbus; etc. There are at most a dozen of car manufactuers whose vehicles you will see (many more brands but they all belong to few parent companies). There are just as few oil companies. The list goes on and on.
There are many such -- by now proven to the point of the absurd -- errors in the Adam Smith's plan which require alterations and overrides to save the whole process from reverting to an essentially feudal/mercantile scenario. Unfortunately it would seem that people either refuse to see the obvious or are more then happy to play along in hopes of securing for themselves a place in the ranks of the new "nobility".
Re:What an idiot (Score:3, Interesting)
1. HTTP is legally enforceable, but robots.txt is merely a gentleman's agreement. That seems a hard distinction to draw: both are just conventions adopted for interoperability. Both are widely implemented and respected within the industry it is also very common for them to be violated. HTTP has the imprimatur of W3, but not as far as I know of an international treaty organization like (iirc) ITU or ISO.
I'm not aware of any legislation anywhere that says merely violating HTTP would be a crime, although there are laws against unauthorized radio broadcasts or telephone signals.
2. "Whatever is not technically prevented is by definition permitted." If this were really the case, there would be no crime of trespass, since the owner should have made the trespass impossible. Indeed if that were adopted it would overturn the whole concept of property law.
A more useful argument, which was tried in some of the EBay cases, is that a property which is generally available to the public cannot exclude a particular client. The law is not yet clear here, and it's not clear what would be reasonable. Small-print agreements to access a public web site seem dodgy, but excluding a particular client seems fairly clear.
In any case, it sounds like HMS were infringing the copyrights of the sites they scraped, and that probably is cut-and-dried.
Re:Am I missing something? (Score:3, Interesting)
It's HIS stuff. HIS box. HIS wall. Having computers in the wall is not illegal (not sure, it may be against the building code in some areas, but it'd be a stretch)
What's to be suspicious of? I've considered putting one or two of my main (home-based) systems in an obscure cabinet (that looks like an Air Conditioner) in the cellar instead of out in public view, just to deter theft.
Also, you'd be doing drywall and paint work every time the stupid thing ate a disk.
That'd blow. I'd suggest the obscure cabinet in the cellar, first.
Re:What an idiot (Score:3, Interesting)
Regarding robots.txt, read the excerpt I posted. The spec itself says it is optional and unenforced. The difference between the two seems clear.
The courts accept common conventions. If a building has a sign that says "Joe's Burgers" and an unlocked door, it is not trespass to walk inside and ask to buy a cup of coffee; they can toss you out, but not shoot you in the head. Conversely, if the social convention is that there are no obligations, just an opportunity for generosity, as with the robots standard, then a court cannot legislate generosity from the bench. In retail sales, putting price tags on articles in public is an "offer to treat", an offer to negotiate. A potential customer can pick the merchandise up and examine it, and it is not valdalism, trespass, or theft. My position is that serving HTTP on its well-known port is also an offer to treat using GET requests.This is followed by negotiation using the limited access that has been granted. In a store, the buyer fondles and inspects the item and carries it to the seller. In HTTP, the client sends a request.
If the negotation is unsuccessful, rejection is given. In a store, the seller says "No way, $5 is already too cheap! Put it back on the shelf!" With HTTP, the server says "409, cough up a credit card number!"
If negotiation succeeds, the transaction executes. In a store, the person walks away with their new purchase. With HTTP, the server swallows the CC# and transmits the requested data.
Likewise, loitering is analogous to a denial of service attack. Everything has exact parallels with existing jurisprudence. The protocol designers did this on purpose, because they wanted it to be useful for people.
I think it can be clear. The problem is that too many complaintants don't really know what the hell they're complaining about, and being able to explain something clearly is a rare skill. That combination leaves judges floundering in a sea of ignorance. I inferred that they were gathering lists of people/companies/court results/etc. I think the main problem is that the state agencies were publishing valuable information but not bothering to cover the cost of access, and intimidating people who ran up their bills. To analogize, "Mr. Smith, you've been monopolizing the public records room for two days. Time to go." That's a valid strategy, if inefficient and a bit unjust. But that doesn't make Mr. Smith a criminal if he hires a string of college students to do his research, each of which gets the heave-ho after a couple of days.A little back story (Score:1, Interesting)