Geer Comments On Firing From @Stake

dwbryson writes "Last week Dan Geer, co-author of the CCIA Microsoft security report, was fired from @stake for expressing 'values and opinions [of the report] not in line with @stake's views.' Now Geer has been talking to eWeek and comments on his dismissal."

Re:Help! Help! I'm being repressed!

That's the whole point. That's what the more moderate, levelheaded members of the OSS and GNU communities have been saying for a while now.

World Domination(TM) was fun while it lasted, but nowadays Linux shouldn't want to dominate the world. Rather, I think Linux should seek to find a place for itself wherever it makes sense to have Linux.

The server room, the cellphone, the desktop, the laptop, the Space Shuttle, the human body....... that's the part where Linux needs to show whether or not it belongs there.

If it can, I think that barring any craziness from the lawyers and politicans, we could see Win32 and Linux equally sharing the world of computing.

(OT: I hate it when I forget my password.... TheOneKEA)

Re:free speech has a cost

[EinarH]

This is not as much about free speech as it is about the relationship between employers and employed scientists as consultants.

We will probably see more cases as this as a higher percentage of scientists are funded directly (in companies) or indirectly (sponsored uni/gov-programs) by businesses.
As if anyone did not know about it; sustained publishing of controversial research funded by corporations is almost impossible.

Re:free speech has a cost

Thank you for bringing some constitutional reality back to the discussion. While I welcome our gestapo republican overlords as much as the next, that stuff just clouds the matter at hand.

OTOH, he might have grounds for wrongful termination. So the company might not be well within their rights to fire him. Had he been warned previously? Apparently not. But I admit I am bordering on speculation here. Can someone post a link to his employment contract? =)

Re:free speech has a cost

[Short+Circuit]

If you read the article, Geer points out that he was normally paid for taking the lead at that company.

Re:Help! Help! I'm being repressed!

[rknop]

What kind of wooly crap is this? I mean, if I criticise my biggest customer, or my company's profit base, I think I can expect my manager to have 'words' with me at least. This is just another MS-is-bad-and-I-don't-care-if-that's-true-or-not story.

If you claim to be security consultants who know security, rather than PR consultants who use words like "security" to help advertising, then you do very poorly for yourself by so obviously and publicaly squelching any appearance of having said something potentially negative about the security of one of your largest customers.

The point is that Microsoft's huge power in the industry appears to be making it impossible for real security firms to exist. As such, we should all be leary of any such's claims, and wonder if in fact they are really PR firms who use words like "security".

-Rob

You go, Greer

[drpickett]

He called it perfectly

His job is to spot the trends coming in the future - And his employer gags him for doing his job - I stand by my remarks in the previous thread on this topic - @Stake will have a very hard time attracting a decent replacement candidate, and their research will now always be suspect...

...at least for the two weeks that it takes modern society to forget that it ever happened

Re:free speech has a cost

[jeffasselin]

In fact, it was the employer excercising their rights to fire an employee for making statements they didn't like, and it affirms, rather than denies the Bill of Rights.

But should corporations have constitutional rights? Like individuals?

Considering that the avowed objective of any corporation is to make money, and no other purpose, they are by definition non-ethical. The individuals that comprise them may well be ethical, but the resulting "virtual entity" isn't. A human being has a conscience, may care about the consequences of his actions; moral, ethical, religious, or justicial. A corporation has no conscience, no morals, and should not be considered equal or superior to a human being, and be given equal rights.

Define Irony:

[iainl]

Man gets fired for making 'false' claims that a company exploits its monopoly of the market, because his bosses dare not offend that company. Hmm.

What happened l0pht?

[navyrain]

@stake used to be "l0pht heavy industries", a nifty little group of hackers toying around. (www.l0pht.com) Now they're all business. Lame. "What happened l0pht? You used to be cool."

Live and Learn

[spacerog]

Whether Microsoft had a hand in his demise "will be forever impossible to ascertain," Geer said. "One might say communication wasn't necessary. There's a school of thought that says that a phone call wasn't needed. The more powerful you are, the less likely you are to have to pick up the phone. At most, you could call it plausible deniability."

I am surprised that Dan has decided to publicly say anything. This would seem to indicate his relutcance to pursue the matter in court. Or maybe he just hasn't spoken to a lawyer yet. Or is this opening slavo?

Before the obvious referances are made let me just say (again) that what @stake has become is in no way related to what L0pht was. I think there is only one of us left (Weld), everyone else has seen the writing on the wall and moved on. I just hope Dan is able to put this behind him soon and move on as well.

- SR
spacerog AT spacerogue DOT net

Take the money, accept the rules

[heironymouscoward]

It's a basic rule of employment, accept the money, play by the rules.

If one of my employees did or said something that was obviously against the interests of my business, I would reprimand and possibly fire him. If they discussed this in public, I would blacklist him as a "big mouth".

What Greer says is something I also believe, but unfortunately being right does not pay the bills. He has probably made himself unemployable by any conventional organisation, and will have to find a way to leverage his notoriety into another kind of power: lobbyist, perhaps.

Re:Take the money, accept the rules

[Ear+Phantom]

It's a basic rule of employment, accept the money, play by the rules.

Maybe for you. Actually, I am quite nauseated by the sheer number of people who think this way and accept (and by omission, condone) the unethical behavior of their employers. What's interesting is that these are frequently the same people who frequently complain that corporations are "evil."

While I acknowledge that I've made my share of mistakes in previous jobs, my individuality and sense of free will (hallucinatory or otherwise) have enabled me to make conscious decisions about my choice of employer. For me, ethics has been a very important part of those decisions.

In fact, I was asked during an interview with a manager what was important to me in choosing a job: I told the interviewer flat-out that the most important thing was ethics. Well, when I had a follow-up with my recruiter, it turns out that the interviewer had been flabbergasted by that response. Nobody had ever given him such an answer before. And, as it turns out, not only did it make an impression, it also landed me the job.

Being ethical first does pay, contrary to the popular belief that money and ethics are mutually exclusive. Ask yourself this: would you be willing to accept a 5% pay cut if you knew that you could trust your employer? Hell, Microsoft, Enron, the Bush Administration, or the RIAA could offer me a job tomorrow promising to double my salary, and I would turn it down flat.

But then again, maybe most people are just too complacent to think a bit outside the box and realize that more conscionable options actually do exist.

Interesting Note

[4of12]

As an example of the kind of behind-the-scenes influence that large vendors have, Geer cited his efforts to find an academic security expert or two to sign on to the paper on software diversity. After contacting nine people and striking out each time, he gave up.

"All of them said it was too hot for their position," Geer said. "They enjoy the free speech benefits of tenure but not necessarily those of funding."

His experience is interesting; it shows just how there are limits, even in academia, to how far people are willing to go in their pursuit of the truth.

Microsoft might not have an irresponsible security record due to business practices, but the hypothesis put forward by Geer and the others should be examined carefully and openly both for where it might errors, and where their hypothesis fits the facts. That's the way all scientific progress is made.

And he's right, too, about a phone call not being necessary. Conditioning, and seeing what happens to people that take a stand in opposition to some powerful force, is enough to convince most people that self-censorship, if not the better part of valor, is certainly the better expedient for maintaining your comfort.

Re:I'm not surprised

[sammy+baby]

For god's sake, I did Venn diagrams in junior high, and I wasn't a math geek. And he's not a "spokesperson" he is, or rather was, the Chief Technical Officer for @Stake.

Firing your CTO for using an eighth-grade math term is like firing your doctor because he insists on using technical words like "prescription" and "stethoscope."

Re:free speech has a cost

[henrygb]

Clearly the contract will be key to whether this is wrongful dismissal. My guess that it has something saying that deliberately acting in a way which significantly damages the the interests of the company is grounds for immediate dismissal.

But the timing is odd. Geer worked his last day on Tuesday, according to @stake. He co-published his paper on Wednesday. His dismissal was announced on Thursday. Unless @stake is saying that he dismissed himself by publishing, or that they had told him on Tuesday not to publish the paper if he wanted to stay with the company, then I think they may have problems with
(a) natural justice so he can defend himself; or
(b) the human perception that times flows forwards, not backwards or round in circles.

Did he own the rights to his papers?

[PepperedApple]

Here's an idea that I don't think has been explored much... maybe the big problem was that he said the opinions were his own and not @stake's.

If I worked for Adobe, and then decided to release a photoshop clone in my spare time, and claimed that it was my own program, not Adobe's, I think that there would be some problems.

In his job as a security expert, I'm sure that he used @stake's resources and expertise in coming up with the paper. So technically he might not have the right to say that the paper is his own and has no affiliation with the company.

Perhaps if he had brought the paper to his employers and gotten their approval, they could have released it as part of a security report and sold it. Basically he took something that he made for his company and gave it away.

Re:free speech has a cost

[cbiltcliffe]

Evolution is a scientifically proven fact.

Anyone who says evolution is a scientifically proven fact doesn't know anything about science.
In order for anything to be accepted by the scientific community as even a strong theory, it needs to have documented experiments showing very strong evidence, and a completely solid, reproducible experimental design.
This reproducibility is where evolution falls flat on it's face. Evolution is also the only field where this procedure is conveniently not required by the scientific community.

Since the theory of evolution states that everything evolved by pure chance without any intelligent design, the mere fact that a scientist designed the experiment to try to prove evolution denies the experiment the ability to prove the theory.
Then there's the fact that an experiment would have to be able to span billions of years, and be under constant observation for that length of time, to be able to prove, scientifically, that evolution is a fact.

Then I could go into the statistical likelihood of various proteins coming together by chance to form even the simplest form of what could be considered 'life', and the resulting calculation shows that it would take 1*10^139,000 years for it to happen. 1 with 139,000 zeroes is a pretty huge number, and that's just for the first blob of organic goo...not even a single cell.

I will no longer trust @Stake...

[JRHelgeson]

Symantec now owns the Bugtraq list. Therefore the list is now moderated, Symantec will delay any posting information that they deem profitable. This has made the information on the Bugtraq list questionable. It is no longer an unbiased source for information security.

With the termination of Geer, @Stake has shouted from the rooftops that they are NOT an unbiased source for information security.

When I write a security paper, I write it from the perspective of an independant auditor, which I am. Someone from the outside looking in. I don't CARE what someones intention was when they created an insecure system. If I found it to be insecure, I let them have it.

I just lambasted a luddite CEO of a major corporation for not making information security HIS #1 priority. I told him that the insecurity of his network was his problem, a management problem, not an IT problem. I railed on him for two hours in a meeting last monday... and he appreciated it. Was my report one-sided? Your damn right! I don't care what his intentions/perceptions are or were. What I told him was the pure, unadulterated and unvarnished truth. As painful as it was - it was true.

He's a good CEO and changes are being made. Now, if this same info were coming from an @Stake consultant: The information would now be suspect as being slanted in M$ favor, because 'they help pay our paychecks' and we can't speak out too strongly against them. @Stake now takes the side of Microsoft.

Was there any lies in what Geer wrote? No... Was it the painful truth, backed up by facts? Yes... Did the truth hurt? You bet. And it needed to be said.

I think that the political ramifications taken out on Geer has just signed the death warrant for @Stake.