Slashdot Mirror
Perl's Chip Salzenberg Sued, Home Raided
Chip continues: "The key evidence in the search warrant was so ridiculous as to be surreal: CVS logs indicating that I downloaded more than I uploaded, and that I sometimes accessed the company network from home. Apparently, for company management, the police, and a judge, working at home through a gateway the company set up for that very purpose, and refraining from editing every source file for every code change, is a sign of nefarious behavior.
My behavior in accessing the company network was entirely within my job description and in no way involved misappropriation of anything. For the more than two years that I worked at HMS, I used ssh and CVS to access company files with my laptop both from work and home, with management knowledge and approval.
What would lead management to such a sudden action? Days beforehand, I had made an internal report of unethical and apparently illegal behavior by the company: Use of open proxies for web harvesting to avoid blockage by web site operators. HMS apparently decided that working with me to address their use of open proxies was not an option.
Health Market Science is a large corporation with, compared to me, effectively infinite resources. My legal bills have topped $40K already over just two months. If HMS succeeds in tarring me with their false accusations, what's to stop your employer or client from doing the same to you, should your relationship sour?
Friends have set up GeeksUnite.net, an informational web site and Legal Defense Fund. The site includes the search warrant, my letter about open proxy abuse, and court documents.
Please contribute to my Defense Fund to fight this attack on the normal and legal work practices of millions of tech workers. Every little bit counts! If every person who visits the site contributes only ten dollars, that will make a huge difference. Only through community effort can we protect ourselves."
WTF is a pumpking?
You accuse the company, in writing, of illegal and immoral acts, yet you don't resign? What did you think they were going to do, make you an SVP?
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Doesn't he have any whistle-blower rights?
While this is sound advice, it doesn't necessarily follow from this story.
He said he made an internal report of unethical and possibly illegal behaviour. It doesn't say he took this up with police at all. It sounds more like he was trying to warn them that they were doing something they shouldn't be so they could stop before they got caught.
And just in general about this story: *sigh*
If anyone else was as confused as me about the intro, there's a town called "King of Prussia" in Pennsylvania. Go figure.
What if I do the same thing, and I do get different results?
because all I know about the case is what I read on slashdot and a site set up by this guys friends. I have no idea what is going on and I don't have time to fly to Kind of Prussia (wtf?) and look into it. Even if I did, I don't think the suits at his former employer are going to take the time to go through interviews with me so I can decide whether or not I should contribute to his legal fund.
Sucks for him if he didn't do anything wrong. If so I hope it works out. If it goes to court and he is found innocent-- then giving to the fund would be a lot easier.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Every company I have ever worked for has violated all sorts of labor laws. Start giving them a pile of minor regulatory headaches.
Then make sure you have a good shark for a lawyer. Make sure he has a technologically savy partner or associate that can understand the CVS and gateway issues.
Then countersue. They may have infinite resources compared to you, but they also have much deeper pockets to go after. If they are vunerable on this point, your lawers will be more than happy to go after that big paycheck.
If all you do is try and defend yourself, then they will steamroll all over you.
Yeah, convicted of a felony (!) for what should've been at worst, considered a disciplary matter between him and his employer.
Just because it CAN be done, doesn't mean it should!
How do you know it's false? Wait till you get all the sides of the story and not just he 'victim'
Your hair look like poop, Bob! - Wanker.
I see they're trying to hire a software engineer and a QA person with perl/linux/unix skills. I'm sure destroying Chip's life will help them with their recruiting efforts, now and in the future.
It looks to me like Health Market Science shares a Copyright with Chip on some of his Perl work.
What did Health Market Science think they were getting for their funding dollars?
AUTHOR
Chip Salzenberg,
ACKNOWLEDGEMENTS
Thanks to Heath Market Science for funding creation of this module. Thanks also to Larry, Damian, Allison, et al for Perl 6 subroutine syntax, and to Damian for Filter::Simple and Parse::RecDescent.
COPYRIGHT & LICENSE
Copyright 2005 Chip Salzenberg and Health Market Science.
Maybe because he already went to them and they feel he may be guilty. Just a thought.
I worked for a company out of Reno, NV (yeh, a hotpot of corrupt companies, I know) and when I found out they were trying to bilk millionaires out of VC capital, I just turned in my laptop and said that was my final day.
The company refused to pay me for my last two weeks of service or any vacation time I had built up.
When I attempted to get the money from them, they produced a list of dates I was not in the office (exceeding my vacation pay plus 10 days for the last two weeks of service). These were days I worked from home (and I actually WORKed from home).
I tried to appeal to the legal system, but got a big runaround. This same company sued other ex-employees for frivolous things, and the courts took this company (that had a history of this sort of thing) quite seriously for years.
The courts have it in their best interest to make sure lawsuits keep happening and go on for extended periods of time. It's job security for them, and they just don't care that it's a drain on the rest of society.
fifth sigma, inc.
Didn't Randal L. Schwartz also get into trouble with a past employer?
Yeah, Intel. He was convicted of three felonies. He was running a password cracking program on their servers. He had cracked computers not only on Intel's machines, but on the machines of some of their partners, as well. He'd also installed some backdoor programs on several machines at Intel. It was really stupid of him to do all of this.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
I have a feeling that this will be unpopular with many /. readers, but what about the perspective of the company? Were/are they really acting unreasonably?
Here's an employee who's signed an agreement not to disclose trade secrets, and he's threatened to disclose the source code. He has CVS access, and it looks like he's downloaded a lot of the source code to his personal computer. If the company is in the right and it's not "hijacking" open proxies, what's it supposed to do? Let this guy go and let him smear the company's name and product? Or worse, let him post the company's source code publicly? Salzenberg cites the Pennsylvania statutes on "unlawful use of computer" in his letter, but the misappropriation of trade secrets is also a statutory violation...
If everything Salzenberg says is true, then he's truly gotten a bum deal. But I'm sure his superiors at the company have a different story, and who knows what that might be. Unfortunately, it looks like this will result in some pretty ugly litigation before it gets resolved.
You will want to check your local law, but MOST states permit a concealed recording device on a person when there is no "perceived expectation" of privacy (don't record anything in the bathroom) or when more than 2 people are party to the conversation.
I've only had to resort to this tactic once, but it saved my job and cost the Veep his....
was it worth the $20????
d*mn straight it was.....
The Judge didn't even READ Salzenberg's opposition?
That's Judicial misconduct, big time. File a complaint with the federal courts.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
My name is Douglas Muth, and I live not too far from King of Prussia, PA.
Back in 2001, I was laid off from my previous job and looking for work. I interviewed with Health Market Sciences sometime around that July for a Software Engineer position, and it was an interesting experience. I met some of the people from that company and was finally interviewed by one of the Vice Presidents, a guy by the name of Rich Ferris. Rich seemed pretty impressed with my resume and said something to the effect of "we'll get you an offer by the end of the day".
So, I went home and gave Rich a call at the end of the day. But suddenly his story changed, and it was, "I had problems getting the offer through HR (or somesuch), I'll have one for you on Wednesday".
Wednesday came, and I was told, by Rich, to call back again on Friday. Friday came, and they were having money issues and would get back to me on Wednesday. Finally, next Wednesday rolls around and I'm suddenly told, "Well, we really want to hire you, but we don't have the money right now, so we cannot make you an offer".
So what it boiled down to is that I was led on by that company for over a week with the promise of employment, only to have it yanked out from me because they didn't have their stuff together. It was a total waste of my time, and the time of the job recruiter I was working with. If they didn't have the money, they shouldn't have been hiring in the first place. The whole experience left me rather bitter.
I hope Chip sues that company into oblivian.
Having just read the letter, I can only conclude that HMS was right in seeking legal defence against Salzenberg immediately to protect themselves. Perhaps he should have sought legal advice immediately instead of [i]threatening the company he works for with legal action[/i]. He made some hefty allegations in that letter, and also disclosed that he had been snooping around software that he wasn't involved with but had "the right to access" as a Senior Programmer. IANAL and I obviously haven't read Salzenberg's contract with HMS, but I would imagine that if he's not working on the code and browsing other people's projects from home in the interests of taking legal action, this gives HMS grounds to file a suit against him or at least gives them an incentive to shoot first.
This all looks to me like an ill considered vigilante mission gone horribly wrong. It's like shouting "hay guys, you're all crooked bastards and you should be in jail. I'm thinking about taking you fuckers to court! Can I keep my job though? Don't sue me!" What he should have done was file for legal action immediately, and/or resign from the company on legal/moral grounds. Resignation would have looked a lot better, would have relieved him of some of the moral issues, and would not look like he was about to try and sue the company for a ton of money.
I agree with his stance and his moral position, but this was a perfectly stupid and arrogant way to handle the situation. As a Perl hacker I wish Salzenberg the best, but I can't agree with the way he's fought this battle so far.
Chip threatened his own employers with legal action. What do you expect them to do?
The EFF is a lobying organization. They don't want to get involved in anything that may paint them in a bad light to legislators (who receive large contributions from companies like HMS).
They're notorious for dropping people like hot potatoes if they think there is a chance that it will negatively impact their political lobying.
Everything I need to know I learned by killing smart people and eating their brains.
Basically these trade secret laws let big guys with resources or connection punish small guys (us) without any legal process. We're out tens of thousands of dollars just from the moment the process begins, without a court or a judge even having seen the issue.
There's also the emotional factor. It's terrifying. If I got a criminal trade secret conviction, I would never be able to work in the programming field again. What else could I do? My life would be ruined even if I got probation only. The fear is incapacitating. It's like someone telling you "you have cancer." Even if the cancer is treatable, it is terrifying.
Anyone in the programming field needs to be aware of these risks. You don't think about it because a) these things usually do not result in convictions (in TFA's case, if his telling is accurate, there is no evidence of any wrong-doing) and b) when they go away without a conviction, we're all scared to talk about them (like I am posting as AC right now). But even if the case goes nowhere, running into a $40k legal bill is disastrous. That's a downpayment on a house. That's 100% of your after-tax income for more than a year (probably). That's your new-car and vacation fund for several years. That could cause so much financial stress as to lead to divorce, family estrangement, etc. That's "liquidate all of your assets right now and borrow from all of your relatives" disastrous. That's a penalty this guy is suffering without any trial or judicial overview. That's (possibly) without even having a grand-jury rubber-stamp the police side of the story.
I'm afraid to even post this lest it have some bearing on my situation, but I'm posting because I want all of us Slashdot crowd to be aware of it.
I don't really have a solution, but one thing that seems to help is to put up a very aggressive and determined defense from the very beginning. Let everyone involved know, "there will be no plea bargain. There will be a vigorous defense. Trying to bring a civil matter into the criminal system will not work and I'm not going to beg for mercy. If it gets to a trial, we're fighting all the way and there will be an acquital."
This guy is brave to even be talking about this publicly. I'm sure his lawyer advised him not to (mine did). Most of us who are victims of this are silent victims like me.
What is web harvesting, what is an open proxy, and how does an open proxy relate to web harvesting? Noobs want to know.
Hah! First job I worked after college we had 3 developers sharing a Polyforth development system running multiuser in 12K of RAM with no memory protection. When you dropped out of the editor to test something you yelled "save your buffers"... because Polyforth didn't even use stack sentinels so just about any syntax error meant the system crashed and had to be rebooted.
While I certainly can relate to Mr. Salzenberg's predicament, and I applaud him for taking a strong stand against unsavory business practices, I have been unable to substantiate some of the legal claims that he makes in his letter. For instance, he writes that "Federal courts have held that web spiders must obey the established ROBOTS.TXT mechanism by which web site owners limit automated access..." As a developer who has been asked to write harvesting applications, I was very concerned when I read this sentence, so I decided to do a little research. After several hours of research I have been unable to uncover anything that would support this claim. I did, however, manage to find a document published by Berkley that states exactly the opposite: "Website operators who do not wish to avail themselves of the publicity that spiders provide may invoke the Robot Exclusion technical standard, which, like most of the standards on which the Internet is based, is open and voluntary [emphasis mine]". While I agree that harnessing legions of zombie machines is wrong in every sense of the work, let's be careful before we get too carried away - there's a big difference between unsavory and illegal.
If only you could see what I've seen with your eyes
I moved out West in 1997 to work for a company (heading up a software division for Windows) that a friend had bought into. Long story short, he and I found massive corruption (embezzlement) within weeks. He brought it up at a board meeting, and the next day was kicked out of the building, voted off the board (illegally it turns out) and his stuff left on the curb. I quit the same day.
At 7 AM the next morning, the sheriff was at my door with their lawyers in tow. Fortunately for me, they screwed up the warrant and were unable to seize my hardware, but they took a very detailed inventory of everything. Even more fortunately, my friend HAD consulted a lawyer before confronting the board and he (the lawyer) had the whole thing search/seizure suspended. The courts finally found the company's motions meritless (and fined them!!) They ended up with a huge lawsuit against them from several board members once the whole picture came to light, the BSA came down on them like the wrath of God (thanks to a cover your ass maneuver by the CIO) and the whole thing went into the crapper within 8 months.
ALWAYS consult a lawyer when doing any sort of confrontation with your employer. You need something to back you up. If they are doing something scummy, there is NOTHING that will stop them from doing something scummy to you in return. I should have done so before the board meeting, even though I wasn't directly involved. But my friend saved my ass. He lives 2000 miles away now, but I still send him thank you notes.
Anyone who has knowledge of a Federal Felony is REQUIRED by law to report that information to federal law enforcement.. Failure to do so makes the person having the knowledge an indictable co-conspirator.
I found out about this several years ago when the company I was working for attempted to get me to file a fraudulent patent application.
Never complain to a company CEO about something like this; they will simply fire you. Always go directly to the Feds. If you do so you are protected by the Federal Whistle blower statutes. Company CEO's involved in illegal activities start gasping for air when they find out the Feds are involved.
Excuse me, but aren't you an accomplance if you are a party to a criminal act? It can even be after the original crime, if you knowingly provide ongoing support to the criminal act, explicitly work to cover it up (e.g., by destroying logs), etc.
Then there's conspiracy.... You can be convicted of conspiracy if you knowingly commit just one express act in furtherance of a crime. Even if it's otherwise legal. E.g., it's legal for you to buy a lighter. It's legal for you to give it to another person. It's not legal for you to do this if you know that person plans to use it to commit arson. His prior code would have been safe (since he had no reason to believe it would be used to commit a crime), but ongoing software development when he believed it would be used for criminal acts....
Anyway, to my non-lawyer mind it's easy to see the letter as an attempt to protect himself from a shitload of legal trouble if/when the company's bad acts came to light, not to threaten them unless they coughed up something in exchange.
BTW, by the same analysis they may have just bought themselves a world of pain. An aggressive DA might make a case for witness intimidation, something that might stick even if they're cleared of any other illegal activity.
(P.S., I wouldn't have called the activity "illegal" in the letter. You can raise concerns without making judgments.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Uhm... What kind of mumbo jumbo is that? Of course they don't have the right to seize your stuff just because they want their property back! It is, after all, a personal laptop... On the other hand, Chip doesn't have a right to keep the source - however, if there is a difference of opinion in that matter; that's for civil courts; not some sort of surreal grab what you can with police support action. This judge is apparantly not very well informed when it comes to technical issues.
It's really dubious that they're even allowed to fire him on such short notice; so this action definitely stinky... it's as if they're taking whatever actions they can to legally fire him on the spot and sink his ship as soon as possible.
That's unethical. It's also pretty unethical to not talk with him first. That's just pretty human-to-human standard, to first talk about any differences you may have.
It's possible they're intentionally keeping the legal situation as complex as possible to prevent him from having a chance. If they're really worried about the claimed source code leak, that makes no sense. Whatever the case; that too is fairly unethical.
So pretty much whatever the background is of their allegations - it's obvious they couldn't have any real evidence (a hypothetical source code leak which they're not sure exists is certainly not traceable to a particular user as all users get the same CVS code), and it's obvious they're generally being assholes just to make it hard for him to win the case - instead of focussing on their business; which they should be.
--Eamon
I gotta say that I am more likely to report my employer to the BSA on the way out the door, than I am to the proper authorities. I have been on the right and wrong side of the law and it's hard to be believed when you are already labeled "criminal" before the trial starts.
Ummm, Jon, aren't you supposed to be dead...? - Otter(3800)
Part of the problem is that with electronic data, specifically data that might be unique, is that there is a genuine risk that if you let a malicious person know you are going to try to take that unique information, that they might destroy it. It doesn't take much effort convince a judge to give someone a warrant if they lead him to belive that the victim has the only copy of precious data and is ready to erase it at a moment's notice. They'll paint it like a hostage situation, and judge/law will react accordingly - with a great deal of very sudden force, in an attempt to throw the victim off balance while they rescue the data, "just in case".
In some respects this method makes sense. Until you remember that it's wrong to infringe on the rights of one to protect the rights of another. Usually, if the ONLY way to guarantee the rights of one person is to infringe on the rights of another, they usually permit it, which is completely retarded.
I think the courts/police do it out of sense of duty... if they're presented with a scenario where they can either do nothing and risk one person being injured, or take action to protect that person and in doing so, injure another, they seem to prefer taking action. I think it's a matter of them simply wanting to take some action, trying to protect something, irrespectful of who gets trampled in the process.
I work for the Department of Redundancy Department.
A typo indeed.
But most large companies are not run by obvious scumbags because they would be destroyed by the scumbags running the company into the ground. Adelphia is an example of what happens eventually.
Unfortunately that is not true. Large companies, especially the so-called "multinationals" enjoy immense support from politicians and national governments. Partly because politicians of all stripe are corrupt, but mostly because politicians fear large scale job losses and thus engage in various forms of corporate welfare, handing out tax breaks, government-guaranteed loans or outright grants and in many cases alter national laws to suit the mega-corporations. Add to this the fact that crookery can go on for a very long time undetected, masked by phony, on-paper "profits", masquerading as "growth" due to never ending cycle of "buy now, pay later" acquisitions of other companies and in some cases the crooks actually manage to make money for the corporation, if they corrupt the local government sufficiently and are allowed to establish an effective monopoly. Only in the most obvious and extremely unsustainable cases do the businesses actually implode. One has to have to literally levitate the whole company on thin air and have debt to income ratio of hundreds to one before something gives. That is why it took super-human efforts to make Enron fail and that is why the airlines (who lose money continuously, since anyone can remember) are still in operation. Running a business into the ground is only an option for a small operation where there is no way to hide the crookery or obtain government bailouts for any length of time. Note also even the very collapse of a behemoth like Enron managed to generate money for the crooks in form of, literally, hundreds of millions of dollars in "legal and consulting fees". Try that with your mom-and-pop shop.
I do agree that small businesses are not exempt from connivery, but my logic is simply this: if business size is kept in check, so is its power and the impact of individual businesses going rogue or simply failing. An IBM can in one fell swoop throw 16000 families into the gutter without even blinking in order to make a few more bucks for the managment, a 50 employee firm can at most harm 50.
But even deeper then that, there is simply a realization that large corporations are corrupting capitalism by reducing its potency to benefit society as a whole. A cornerstone of the system, the very mechanism by which the "invisible hand" is supposed to do its work is competition. If a company size increases and the number of viable companies in a particular field decreases, this in turn reduces competition and leads to oligopoly or outright monopoly situations, effectively destroying any benefits of the system to consumers, not to mention all the disastrously negative political side-effects. This process is in fact the most serious weakness of capitalism as it appears that the system is incapable of self-correcting this situation, contrary to its tenets.
Simply look around and see how many of the everyday products you use are manufactured by companies which have at most one or two viable competitors: Coke/Pepsi; Intel/AMD; Nvidia/ATI; Boeing/Airbus; etc. There are at most a dozen of car manufactuers whose vehicles you will see (many more brands but they all belong to few parent companies). There are just as few oil companies. The list goes on and on.
There are many such -- by now proven to the point of the absurd -- errors in the Adam Smith's plan which require alterations and overrides to save the whole process from reverting to an essentially feudal/mercantile scenario. Unfortunately it would seem that people either refuse to see the obvious or are more then happy to play along in hopes of securing for themselves a place in the ranks of the new "nobility".
"negative video" seems to propose two unusal theories:
1. HTTP is legally enforceable, but robots.txt is merely a gentleman's agreement. That seems a hard distinction to draw: both are just conventions adopted for interoperability. Both are widely implemented and respected within the industry it is also very common for them to be violated. HTTP has the imprimatur of W3, but not as far as I know of an international treaty organization like (iirc) ITU or ISO.
I'm not aware of any legislation anywhere that says merely violating HTTP would be a crime, although there are laws against unauthorized radio broadcasts or telephone signals.
2. "Whatever is not technically prevented is by definition permitted." If this were really the case, there would be no crime of trespass, since the owner should have made the trespass impossible. Indeed if that were adopted it would overturn the whole concept of property law.
A more useful argument, which was tried in some of the EBay cases, is that a property which is generally available to the public cannot exclude a particular client. The law is not yet clear here, and it's not clear what would be reasonable. Small-print agreements to access a public web site seem dodgy, but excluding a particular client seems fairly clear.
In any case, it sounds like HMS were infringing the copyrights of the sites they scraped, and that probably is cut-and-dried.
Regarding robots.txt, read the excerpt I posted. The spec itself says it is optional and unenforced. The difference between the two seems clear.
The courts accept common conventions. If a building has a sign that says "Joe's Burgers" and an unlocked door, it is not trespass to walk inside and ask to buy a cup of coffee; they can toss you out, but not shoot you in the head. Conversely, if the social convention is that there are no obligations, just an opportunity for generosity, as with the robots standard, then a court cannot legislate generosity from the bench. In retail sales, putting price tags on articles in public is an "offer to treat", an offer to negotiate. A potential customer can pick the merchandise up and examine it, and it is not valdalism, trespass, or theft. My position is that serving HTTP on its well-known port is also an offer to treat using GET requests.This is followed by negotiation using the limited access that has been granted. In a store, the buyer fondles and inspects the item and carries it to the seller. In HTTP, the client sends a request.
If the negotation is unsuccessful, rejection is given. In a store, the seller says "No way, $5 is already too cheap! Put it back on the shelf!" With HTTP, the server says "409, cough up a credit card number!"
If negotiation succeeds, the transaction executes. In a store, the person walks away with their new purchase. With HTTP, the server swallows the CC# and transmits the requested data.
Likewise, loitering is analogous to a denial of service attack. Everything has exact parallels with existing jurisprudence. The protocol designers did this on purpose, because they wanted it to be useful for people.
I think it can be clear. The problem is that too many complaintants don't really know what the hell they're complaining about, and being able to explain something clearly is a rare skill. That combination leaves judges floundering in a sea of ignorance. I inferred that they were gathering lists of people/companies/court results/etc. I think the main problem is that the state agencies were publishing valuable information but not bothering to cover the cost of access, and intimidating people who ran up their bills. To analogize, "Mr. Smith, you've been monopolizing the public records room for two days. Time to go." That's a valid strategy, if inefficient and a bit unjust. But that doesn't make Mr. Smith a criminal if he hires a string of college students to do his research, each of which gets the heave-ho after a couple of days.Just a little bit of back story that any of you still following this thread may find interesting. Chip referred his "friend" Lisa to HMS for an open position about a year ago. Only after she was hired did he reveal to the company that they were living together. That's her in the picture on his web site, and her kids (not his). After a few months, she was fired for incompetence. As a favor to Chip, the official explanation was that her position had been eliminated. So Chip already had an axe to grind with HMS over that situation. As time went on, it became increasingly clear to Chip that his role at HMS was being marginalized because all new development was being done in Java, with Perl and Chip relegated to maintenance of existing apps. Chip knew about the web harvesting going on at HMS for many years before his letter. Funny how a person's morals can change so conveniently. Chip is bascially a nice, (book) smart guy. But he lacks a lot of common sense and has a real hard time interacting with most people and the real world, which has led him into this sad, desperate situation.