Comment by genocidicbunny
7 days ago
> I think it’s just very, very easy to create a system of people collectively doing evil things where no one person carries the burden of evil individually enough to really feel sick enough with what they’re contributing to.
Which is why I don't think punishing just the company itself is enough. The engineers, designers, PM's that implemented this should also receive punishment, sufficient enough to make anyone thinking of participating in the implementation of such systems has reason enough to feel sick, if only for their own skin. Make it clear that participating in such things carries the risk of losing your career, a lot of money, and potentially even your freedom.
I'd argue that the person running the company in this case is responsible.
Now they may argue that they didn't know - but you can frame the law such that's it's their duty to know and ensure this sort of stuff doesn't happen.
cf Sarbanes-Oxley
LLC - Limited liability company
GmbH - Society with limited liability (german, translated)
This liability shield is by design.
Limited liability doesn't mean no liability. It means that you don't personally pay for damages due to mistakes not that you get to wantonly do crime without personal consequences.
The ceo (Geschäftsführer) is liable when they when they intentionally break the law so the limited liability is not applicable then.
And yet, we still have the ability to pierce the liability veil. Heck, it's even in the name, "limited liability". Not "no liability".
Definitely a good way to drive talent overseas. Get the low level people to assume all of the risk with none of the upsides; ask recent grades and junior people to do E2E ethical analysis on every project in addition to their 60 hour/week job, give the truly evil people convenient, lower-level scapegoats.
Completely agree.
My feeling is that corporate officers should bear the burden that the corporation as a person currently bears. I can only imagine how much better things would be in past experiences if the C-levels felt a personal need to actually know how the sausage is being made.
I can't fully agree because the way I see it, that is in a way scapegoating the company executives. Are they responsible? Probably, yes, they set the direction of the company and give the orders at the highest level. But we the engineers and designers are the ones actually implementing what is probably a fairly nebulous order at the highest levels into something concrete. They deign that there should be evil created, but we're the ones who are actually making it happen.
Some of the responsibility lies with us, and we need to not pretend that's not the case.
14 replies →
You don't need to invest significant time to realize that working around privacy restrictions is wrong and you shouldn't do it.
Have you worked in software? This is a complex, multi-application system with IPC. Most of the people implementing it probably had no idea what the partner applications were, let alone the business intent.
Nobody sits down with a mid-level developer and says “we need your native app to receive webrtc connections that will be used to send app-layer telemetry that circumvents privacy protections”. The requirement is just to receive events and log them. And odds are there were all sorts of harmless events as well.
At the level where people had a holistic view of the system and intent, sure, throw them in jail. I’d guess that’s about 1% of the people who designed, implemented, tested, documented this code.