> I think it’s just very, very easy to create a system of people collectively doing evil things where no one person carries the burden of evil individually enough to really feel sick enough with what they’re contributing to.
Which is why I don't think punishing just the company itself is enough. The engineers, designers, PM's that implemented this should also receive punishment, sufficient enough to make anyone thinking of participating in the implementation of such systems has reason enough to feel sick, if only for their own skin. Make it clear that participating in such things carries the risk of losing your career, a lot of money, and potentially even your freedom.
Limited liability doesn't mean no liability. It means that you don't personally pay for damages due to mistakes not that you get to wantonly do crime without personal consequences.
Definitely a good way to drive talent overseas. Get the low level people to assume all of the risk with none of the upsides; ask recent grades and junior people to do E2E ethical analysis on every project in addition to their 60 hour/week job, give the truly evil people convenient, lower-level scapegoats.
My feeling is that corporate officers should bear the burden that the corporation as a person currently bears. I can only imagine how much better things would be in past experiences if the C-levels felt a personal need to actually know how the sausage is being made.
I can't fully agree because the way I see it, that is in a way scapegoating the company executives. Are they responsible? Probably, yes, they set the direction of the company and give the orders at the highest level. But we the engineers and designers are the ones actually implementing what is probably a fairly nebulous order at the highest levels into something concrete. They deign that there should be evil created, but we're the ones who are actually making it happen.
Some of the responsibility lies with us, and we need to not pretend that's not the case.
Do you also take personal responsibility for your company’s hiring practices, investment strategy, and marketing content? None of that would exist without you.
I think anyone would agree that there’s a level of flagrantly where individuals should feel culpability and make the right choices (“write software to prescribe poison to groups we don’t like”).
But something like this? Two apps establishing a comms channel? How many millions of times does this get done per year with no ill intent or effect? Is every engineer supposed to demand to know l of the use cases, and cross reference to other projects they’re not working on?
At some point it’s only fair to say that individuals should exercise their conscience when they have enough information, but it is not incumbent on every engineer to demand justification for every project. That’s where the decision makers who do have the time, resources, and chatter to know better should be taking at least legal responsibility.
As a software developer no I don't feel responsible for those things, because I don't have any involvement with them as part of my job. But the people who work in HR, finance, and marketing are responsible for those things.
I agree that the junior engineer implementing a localhost listener on Android might not understand what it is going to be used for and might not even think to ask. But somewhere, a senior engineer or PM or manager knows, and yes as you say that's the point where responsibility can be assigned, and increasingly up the line from there.
When I was involved in the hiring pipeline, I absolutely felt a level of personal responsibility since I was directly contributing to the decision to hire or not hire an applicant. That's not to say I was willing to shoulder the entirety of the responsibility, but knowing that my decision would affect not only the applicant, but their potential future coworkers too, I did feel responsible for making sure I had as much information as I could get and that I was making the best decisions I could.
I'd agree at a personal/moral level there is equal responsibility. However that doesn't recognise both the power and risk/reward imbalance here.
If you, as an employee did this - maybe you'd add a few dollars to your stock options over time. If your Zuck - that's potentially billions.
And in terms of downside - if you are Zuck and stop it in the company - there is no comeback - if you are an engineer blowing the whistle - you may find it hard to work in the industry ever again - and only one of those two actually needs to work.
Sounds like a typical blurring of responsibility through bureaucracy. "If Zak is a billionaire, then he is responsible, but since he essentially did nothing wrong, then no one will be held accountable." Total nonsense.
There are specific crimes, and there are specific people who planned this crimes, specific peoples who ordered them to be carried out, and who carried them out. And these people should be held accountable for these crimes. Even if they work 60 hours a week for minimum wage and would have been fired if they hadn't committed them. They should have quit in such cases, not committed crimes.
And on the other hand, if your employees, without your knowledge, somehow decided that the only way they could reach their targets was to commit a crime, why should you be held responsible for that? Even if you have 20 megayachts and your employees work 60 hours a week for minimum wage.
> if your employees, without your knowledge, somehow decided that the only way they could reach their targets was to commit a crime, why should you be held responsible for that?
Thats where "known or should have known" becomes relevant. It's your company, it's your responsiblity to know what they are doing.
No, what you are suggesting is a typical strategy of avoiding punishment and creating an opportunity to break the law. A very common strategy, used everywhere, especially in dictatorial and socialist regimes.
There is a substitution of one real crime, committed by real people, for a crime "they didn’t know, but should have" against other people, for which there is no real responsibility, while the real criminals are declared to be simply "cogs" in the system.
As a result, no one is held accountable for a crime for which dozens of people who directly committed it could go to prison for many years, because the person held responsible is a high-ranking manager who "should have known, but did not know," who himself issues "a severe reprimand" or assigns a tiny fine for it.
Thus, the entire system is drowning in crimes, the commission of crimes becomes a REQUIREMENT of the system and the commission of crimes becomes a guarantee of the loyalty to the system.
So your argument is that because the ring leaders, and the people who benefit the most from the crimes, almost always get off - we should forget about them and just penalize the people who have to do what they are told because they need to feed their families?
That would seem to be a recipe for more crime, not less.
Note i don't think anyone is saying those directly involved should get off scot-free, just that those really responsible shouldn't.
No, my argument is that the system you propose results in ring leaders escaping responsibility and people having to commit crimes in order to feed their families. Look at any socialist country, almost any dictatorship, or the work of any bureaucratic organizations related to the committing crimes.
The obligation to commit crimes in such systems arises precisely from the ability of the ring leader to take responsibility from the criminal onto himself to a significantly lesser extent, citing the fact that he did not commit the crime, but simply did not take something into account or did not know something.
> Note i don't think anyone is saying those directly involved should get off scot-free
But this is exactly what the existence of such a system leads to: the directly involved criminals escape responsibility, or their punishment is significantly reduced because most of the responsibility falls on the system and no one in particular bears full responsibility.
And if the performer bears full responsibility, there will be much fewer crimes, because in this case the performer will already know that he will bear full responsibility, that other employees, fearing full responsibility, will not cover for him, that his boss, who puts him in conditions requiring the commission of a crime, will not be able to relieve him of this responsibility by spreading it on himself or shifting it upwards with blurring. In such a system, the main beneficiary will no longer be able to demand that workers commit crimes - because no one wants to risk to become the scapegoat with no additional profits.
> ... citing the fact that he did not commit the crime, but simply did not take something into account or did not know something.
Read Sarbanes Oxley.
You can frame the law anyway you want. Not knowing can be framed as criminal irresponsibility. Also look at health and safety regulation - negligence is not a defense.
And if you think rank and file getting punished with bosses getting away scot free will lead to less unbearable pressure to commit crimes - then I have a bridge to sell you.
It's complex - that's why you have judges and juries - to make judgements.
I'm saying leaders bear more responsibility than foot soldiers - I'm not saying foot soldiers don't also have a responsibility - but 'I didn't physically do it' isn't a defence for those that gave the orders/ created a culture where it happened.
Sure, Zuck might not really known and that is a mitigation. But I think the interesting question here is what does everybody ( in the commpany ) think would have happened if he did find out? Would it have been a 'well done, that's clever/cool nod and a wink', or would they expected to have lost their jobs?
It's easy to frame laws to make it the leaders responsibility - it's their job to know - their job to act if they find out - their job to put systems and procedures in place to ensure illegal activity isn't happening on their watch.
And back to the billionaires/foot soldiers thing. Motive also matters - if people did it because of fear of losing their jobs that's a mitigating factor - if people materially benefited to the tune of millions - that's another factor. If you steal - the punishment scales with the value of the theft - same principal - if you want the law to be a deterrent then the punishment has to fit the crime. A fine of 1 million isn't going to stop Zuck doing it again is it?
That's part of the crime. Of course, the one who gave the order must bear responsibility. It's just that if the subordinate also bears full responsibility, there is a high probability that there will be no order to commit a crime, because everyone will expect that there will be no criminal ready to commit the crime.
>what does everybody ( in the commpany ) think would have happened if he did find out?
Why is this important? A crime has been committed. The people who committed it must be held accountable. The lack of responsibility of the direct criminals allows for the existence of a system where the commission of crimes is not punished, employees cover up each other's crimes, and those who refuse to commit them are fired. Not the other way around.
>It's easy to frame laws to make it the leaders responsibility
Where are the examples?
>it's their job to know
Yes, and this is exactly the substitution that occurs: instead of responsibility for a real crime, there is responsibility for a poorly performed job. A great system for a leader to use to get his subordinates to commit crimes for his own benefit.
>if people did it because of fear of losing their jobs
Then they should bear more serious responsibility than those who committed the same crime for personal profit.
Because this is already organized crime, more dangerous for society and more protected from law enforcement agencies. Therefore, the direct perpetrator of the crime, the one who gave the order to commit the crime and those who tried to cover up the criminals - should be considered an organized criminal group, with all the consequences.
And Zuc, if he did not order the crimes to be committed - it would be great for him to get a brand new mega-yacht. So that the next time he starts winking strangely or giving out KPIs that are easiest to achieve by committing crimes - people would think with their own heads, and not start engaging in organized criminal activities.
Because leadership is important and is why things like this keep happening in companies like Meta and are not a regular occurrence in companies say like Apple ( despite the laws for the rank and file being the same.... )
> Where are the examples?
Health and safety legislation. Sarbanes Oxley ( after Eron and the bosses getting off ).
I don't understand why you are so keen to give Meta leadership a free pass.
Have you worked in software? This is a complex, multi-application system with IPC. Most of the people implementing it probably had no idea what the partner applications were, let alone the business intent.
Nobody sits down with a mid-level developer and says “we need your native app to receive webrtc connections that will be used to send app-layer telemetry that circumvents privacy protections”. The requirement is just to receive events and log them. And odds are there were all sorts of harmless events as well.
At the level where people had a holistic view of the system and intent, sure, throw them in jail. I’d guess that’s about 1% of the people who designed, implemented, tested, documented this code.
Which is why I don't think punishing just the company itself is enough. The engineers, designers, PM's that implemented this should also receive punishment, sufficient enough to make anyone thinking of participating in the implementation of such systems has reason enough to feel sick, if only for their own skin. Make it clear that participating in such things carries the risk of losing your career, a lot of money, and potentially even your freedom.