So the logic is that even though they may get their required work done, the risk that they may one day flee to North Korea and cause you to violate sanctions requires that you have to constantly bring in all of your employees to a central location and soft surveil them to mitigate this?

Why not just require a single background check or interview them on-site?

I was responding to someone that says they only care that they deliver. And that was the statement I took issue with, there are numerous factors that employer should care about beyond performance. As another example, the liability raised from creating a toxic workplace. I said nothing about bringing people in. You raise two things that would be good controls for identity fraud.

Don’t worry. Most people here that “run their own business” are in VC-funded startup la la land anyway. It says very very very little about knowing how to actually productively steer a group of people.

Why do we do this all the time? Somebody makes a slightly hyperbolic statement, and everybody replies to them with the most outlandish and extreme examples of things that would be problems if they literally meant the exact thing they said.

"People can wear anything they want out in public, I don't care"

"Yeah, well if they wore a suit made of plutonium, or one covered with guns that fired randomly in every direction, I bet you'd care then".

I'm going to give the guy the benefit of the doubt and assume that he probably does the due diligence to verify that his employees are legally able to work wherever the company is, and aren't using company resources to launch cyberattacks on the NSA, aren't international terrorists trying to destroy the moon, etc, etc.

The Internet, where the comment section contains a bunch of people cosplaying as compilers that somehow manage to be more pedantic than the Rust borrow checker.

You could have them turn up to an office for a few days when they start work if you wanted

They’re literally doing the work. They’re not accused of placing backdoors, they’re not accused of anything aside from the US government running an antiquated sanctions regime, and just doing the work. The US government isnt charging companies with OFAC violations, so there is no reason to care. North Koreans learned how to be a fake Staff Software Engineer and do non-fake things for real RSUs.

Companies shouldnt burden the rest of their employees for social verification, for something that isnt a problem for the company.

That sounds akin to saying a security breach doesn't matter until there are consequences. Not many companies would be comfortable being in the position that they have not verified the identities of employees who have access to payment processing data.

They did verify the identity to the standard required. The employee lied.

Although analogies compare dissimilar things with a common attribute, your analogy relies on saying all employees are security breaches. These are employees competent to work in medium sized all the way to big tech companies as software engineers.

Every company with sensitive data need to consider insider threat risk. Many compliance standards require background checks specifically because employees can lie. My point is simple, it's not as simple as "employee complete tasks? Y/N" but that every employee is a potential liability that businesses need to do risk management according to their role. Remote work makes that more complicated, and requires different controls.