(EDIT: The now-deleted Tweet said “I have been terminated from Zoom for refusing to remove the following tweets. Anyone have recommendations for wrongful termination lawyers based in California?” His Twitter feed still has the leaked materials and Tweets critical of Okta)
So he’s posting leaked, private materials that he doesn’t have rights to, and the materials are from a Zoom partner company that provides a critical integration for the company’s operations?
Obviously he’s going to get fired if he refuses to remove the Tweets. I’m surprised they even offered to let him stay if he removed them. You can’t have an employee actively leaking private materials from one of your key partner companies with which you’ve undoubtedly engaged in a lot of contracts.
This isn’t really a wrongful termination case. If you want to be a Twitter leaker of private company materials on sensitive topics, you can’t also expect to work for companies adjacent to those leaked materials.
I agree, Zoom seemed willing to work with the ex-employee.
Unfortunately people often overlook that they are an ambassador for the company they work for. Their employer will usually not tolerate aggravating a (potential) revenue-generating relationship with a third party by any employee.
I believe Zoom did the right thing here, but I’m curious what CA law says.
These weren’t pictures of him wearing a racy outfit on a vacation.
He works in the tech industry, and he posted leaked documents from a tech company. His employer can pretty sanely draw the parallel and say “we don’t want to employ someone who is OK with broadcasting leaked documents from companies like ours”. Even in countries with different levels of worker protections, that’s a pretty clear cause for termination.
Your work contract explicitly says "you can't disclose confidential data that's not related to your employment"? Fairly sure mine only talks about data related to my employment (i.e. company data, customer data, ... - anything I got access to through work).
So if some outsider leaked a confidential document from your employer and you posted it on Twitter you'd be fine because "it's not related to your work"?
I am pretty sure you are mistaken here; there is no law that protects him in this case. The whistleblower protection act only protects federal workers. Other than that California is an at-will state and leaking private information is not a protected class
> You can't fire someone just because they posted pictures online only because you don't like them, where I live.
I think you may be confusing authorities here? You can't be prosecuted for merely disseminating trade secrets. It's not illegal.
But your employer can fire you for it. They can fire you for almost any reason they want (exceptions, e.g. for reasons of ethnicity or some other protected class, tend to be spelled out explicitly in legislation). Freedom of association goes both ways. Zoom is under no obligation to continue to pay someone that is hurting the company.
So your country doesn't have NDAs with corporations? Good luck attracting companies there. Also this isn't really against the law, it's against an agreement with his company where he signed up for things like being fired or potentially even sued. It's not like anyone is going to toss him in jail.
I suspect the firing would happen either way, but the difference would be in how the company handled it. Delete the tweets and the person gets a severance, maybe a "layoff" instead of firing with cause, and no pushback on unemployment claims. Don't delete it, fired with cause, no severance, no unemployment, potential criminal charges.
> None of the data I shared is from my organization and it was obtained entirely independently. I did not break any NDA or contract. I would never violate the trust of the organization I work for.
It doesn't have to be obtained from your organization if it is an embarrassment to the company or its partners. It would be like an NSA Employee tweeting about Snowden.
Doesn’t matter that it was obtained “independently”.
Doesn’t matter that he didn’t sign an NDA with Okta. Zoom certainly had agreements with Okta that prohibit employees from either company from sharing private information publicly like this. To remain compliant, they can’t continue to employ someone who is publicly violating that (with his handle emblazoned all over the documents, no less)
You can’t expect to work for a company while publicly leaking materials from one of their partners, regardless of how you acquired it.
> the materials are from a Zoom partner company that provides a critical integration for the company’s operations?
> Zoom certainly had agreements with Okta that prohibit employees...
Partner? Can you say more about this? How do you know Zoom and Okta are partners?
That's a moot point. When in a non-disclosure agreement with a company, the binding part is that one will not divulge information about the company or potential partners. If one doesn't know if the company is a partner or not, they still can't divulge the information. If you've ever worked for one of these on-demand consulting firms, they go over this in detail. Basically, if a company tells me something on the call, and that includes information about another company, I can't tell a third party about it, nor can I mention it to the other company.
It is very likely Zoom and Okta are partners. Companies are constantly "partnering" with each other and all that means is there likely some agreement somewhere between them to not divulge information.
I think it's pretty clear the poster figured out they were in legal jeopardy, or were worried about it, given the content is now gone.
> When in a non-disclosure agreement with a company, the binding part is that one will not divulge information about the company or potential partners.
Not that I disagree with your overall point, but how does that work for mega-huge companies? Microsoft/Visa/Google/etc likely have deals with everyone. If you work for a large company, you could essentially never disclose anything, regardless of the source.
Here's a rule of thumb that will work for you, no matter how large a company you work for or how you got the material or what agreements they have in place: if it's not explicitly public material you should not disclose it.
That means if something is published in the NYT but the company didn't explicitly ask NYT to publish it, you have to treat it as private. This makes zero sense. And I want to see somebody try to win a legal case based on the theory that something published in NYT is not "public" because they didn't "choose" to make it public.
That's wrong. The crucial part is that it should apply to any random person, not just you. E.g. if it's published in a newspaper, or broadcast on a news channel, which anybody could watch, then it's public. If somebody told you, and only you, it's not public, because any random person couldn't get the same information.
The general policy at such companies is "don't disclose anything except what's on the website or in press releases without going through official channels"
If you're gonna post that sort of stuff you're going to have to do it anonymously. There are all kinds of NDA stuff about 3rd parties, customers, partner companies in every NDA I've ever seen. That's just life and a lot of the time life does not care about your morals or beliefs or opinions.
I have had many names over the years... I tend to shred them every 2 years or so, this one has lasted longer than normal, and I am close to shredding it just lazy..
I dont think I will ever change that, and keep a fake name very long, and I can never envision going full real names.
> I’m surprised they even offered to let him stay if he removed them
Isn’t it just like with the police, they can legally lie in this context? “If you turn yourself in we’ll go east on you”. They can just turn around and fire him anyway because it is an at will work state
The leak is already widely available publicly. It's OSINT now, public domain. Pretending like it doesn't exist is going to do customers a lot more harm than good, so doing your part to make sure that people know that these materials are public is 100% in the interest of the public, and Zoom's customers.
> The leak is already widely available publicly. It's OSINT now, public domain. Pretending like it doesn't exist is going to do customers a lot more harm than good, so doing your part to make sure that people know that these materials are public is 100% in the interest of the public, and Zoom's customers.
Yeah, but what an employee thinks is good for the customer is irrelevant. What the company thinks is good for the customer is the relevant question.
If the employee thinks that republishing publicly available leaks is good for the customer, they should get permission from the company before publishing it.
It's not the employee's call, even if it is in the customer's interest.
Whistle-blowing is a totally different thing; this wasn't that.
Tweeting with your real name is a tiny bit mad when it is anything remotely sensitive. Leave it to journalists, they're used to the flak and protected.
I've talked to a surprising number of people who honestly believe that any private documents shared in any context constitute (legally and morally protected) whistleblowing as long as they're embarrassing to a major organization.
The last thing you want from when a future employer tries to google your name is to have this come up. There are only a handful of people I'd put my neck-on-the-line to bring into my company after something like this.
I definitely believe in second chances and fortunately Bill deleted this tweet. If you're a hiring manager, how much of a risk would you take? How much better would he need to be than the average candidate?
Let’s see you do it, he’s available and actively looking [1]. And make sure you let the rest of the company and your prospective clients know you’re hiring this guy specifically for his track record of leaking privileged information.
Leaking information that “needs to be public” is one thing. Doing it under your own name is sheer stupidity and reflects the worst possible judgment.
Should I disclose everyone I hire to the rest of the company and prospective clients? Maybe hire a PI to make sure everyone I hire is of a good character for my prospective clients?
I don’t want to develop that kind of culture in the place I work
Don’t be a scummy business and you have nothing to worry about. Plus he didn’t break the NDA as he found the docs outside the relationship- so all good.
I don't like to drag personal information in, but along this tangent it's critically important to note that he is still in college. There's every reason to believe that he made an honest mistake, and will hopefully be more responsible in the future now that he understands why "I've obtained a snippet from the internal investigation report" is so much more problematic than "I've obtained screenshots from LAPSUS".
You're right about his age. That is very important, I'm wondering if the HN can be locked or not visible so it won't show up in future searches. I'm grateful that the internet and smart phones weren't as prevalent when I was making my youthful mistakes.
Well, the tweet linked literally says "Anyone have recommendations for wrongful termination lawyers based in California?", so I don't think he has a lawyer. He also seems to be 20 years old.
Hum, reading that material, and seeing it also discussed on the HN frontpage, seemt to imply there was a an interest. From the public. Like, a public interest.
People seem awfully quick to say "zoom did the right thing here" or "what did you expect?" But these timelines look like people kept it quite for long enough that "oh they'll get around to disclosing it in due time" doesn't cut it. So yeah, "zoom was in their right to fire someone for raising legitimate concerns, bEcAuSe Of ThEiR BoToMlInE" is a stance you can take. But it also means putting corporate interest over public interest once more. Great...
Edit: don't get me wrong I'm not surprised companies would react like that. But "what did you expect" implies that the person would better not have done that, or doesn't have the moral high ground here when they say that the termination, lawful or not, was a dick move.
Why would a company allow a person that they no longer trust access to their resources? Zoom offered a compromise to accommodate his "moral high ground" but he dug in. Now we are supposed to be outraged on his behalf. Nah, play stupid games, win stupid prizes.
Public interest doesn’t automatically protect the release of private materials, nor does it obligate Zoom to continue employing someone who is actively working against their key business partners.
This isn’t really a whistleblower case either. The person didn’t take materials to authorities to notify them of a coverup. They watermarked their Twitter handle on them and put them on Twitter for personal gain and fame.
I’m not sure what you’re trying to imply regarding the firing, but this seems like a very clear cut case of Zoom being in the right and the employee getting fired for clear reasons.
So you know the contract he has signed in order to claim there is no wrongful termination? Or maybe CA employment law? Maybe he went to Zoom and told them about this and they said -it’s okay to post it.
Given that I, like most others, don’t know it either - there could be grounds. It’s very shortsighted to dismiss someone based on your priors and bias.
You can make up as many what-if scenarios as you wish, at the end of the day someone asked for legal advice in a (now deleted) Tweet about not complying with his company's request while working in an at-will state.
I think he, unfortunately, had to learn the hard way that distributing illegal documents on a Twitter account with a bio that associates your employer isn't going to go over well.
It seems pretty clear to me that this was nothing but a move to either get free representation or to generate outrage among his technical peers. Maybe a tweet "in the moment" because he just feels entitled, like Zoom owes him something. The Tweet has been deleted, if he really felt justified or in need of a lawyer, it'd still be up.
Update: Some of my assumptions here are wrong. As a commenter noted, Okta had posted a PR-response about the breach a few days before the tweets. The termination was specifically about posting confidential documents which detail the hack, not exposing the breach generally. I'll leave the original post in tact for posterity:
Exactly this. I see multiple [moral] failings here and none are from the author.
Okta, a security company, was breached. Rather than getting ahead of it, admitting their failures and committing to be better, they are actively trying to cover it up.
Zoom, a company with a reputation for misrepresenting their own security, has gotten into bed with Okta. Apparently their values align so that’s making more sense now.
One of zoom’s employees tweeted about some documents which he found in the wild. Zoom decided the best next move was to be an active participant in Okta’s cover up.
Rather than support their employee, they fired him. And now, as anyone could predict, we’re seeing the Streisand effect in action.
A martyr is someone who is killed because of their beliefs - it is the ultimate sacrifice.
I don't know the author but I'm going to guess he's not a martyr. He will get another job by the end of the week if he wants and I'm sure he knew that going in. The cost of getting fired was probably very low.
He was presented with an ultimatum: hold your high ground or keep your job.
It's precisely because of the low cost of losing his job that he was able to hold the high ground. It won't be the same for everyone. For every person who can afford to stand their ground, there's someone else who can't - someone else who has to sacrifice their own values to keep their medical benefits. And that's why we celebrate and hold up the people who can hold their ground - because they represent everyone who can't.
This isn't a pity party for the author. He never asked for pity. I read his post as surprise at how low Zoom would go.
Many journalists, particularly tech journalists are compromised and not really journalists but more mouthpieces / advertisers.
Snowden tried to give the big papers his story but none but the Guardian would actually print it first. The big papers had to follow suit once it was out though, or it would be obvious they were compromised on this particular issue.
He even watermarked the documents with his Twitter handle, he can't stand the idea of someone seeing the information without knowing it came through him.
You broke the first rule of twitter, never post anything on your public twitter other than banal corporate hype and safe, non controversial topics you've already seen other worker-drones post. Or, just be uncontroversial enough in your personal life that everything you'd post anyway would never possibly offend the hierarchs now or at any time in the future, like 10+ years down the road.
For most of us, it's just not worth it. The only thing I post on my identity-linked twitter is stuff I'm told to post by my employer. It's just not worth taking this sorts of risks in this environment.
For the latter two not everybody, but many - especially the ones doing consulting - will have a very visible public face and status. Which is not a b ad thing per se, but you should always read any claim/suggestion with a grain of salt, as there might be some conflict of interest behind them.
"I have been terminated from Zoom for refusing to remove the following tweets. Anyone have recommendations for wrongful termination lawyers based in California?"
(Editorializing: The poster seems to be a 20-year-old college student. The linked tweet may have been deleted because the replies pointed out California is at-will and no lawyer would be able to help.)
There we go, thanks. The most useful comment buried at the bottom.
I'm not in disagreement of the ethical issues pointed out by the top 20 top comments here. But I think it demonstrates how many people here are from the ivory tower of IT rather than the gutter like the rest of us enlisted IT folk. If industry could be trusted to self-regulate I'd be all uppity about supporting them, but they can't and I'm not.
This is the kind of stuff that any IT professional even tangentially interested in computer security could have twitted.
People are too eager to have opinions based on a single headline and on their pre-conceived notions, instead of going there and looking at the tweets.
There's definitely public interest on this posting, it is not something that could cause irreparable damage to okta beyond their own stupid reaction to their own errors.
He was not posting internal confidential financial documents or lists of credentials.
Yes, Zoom is on their LEGAL rights to terminate the employee, but this is a stupid decision that shows that company is run by stupid obtuse lawyers and MBAs and doesn't give a damn about the technical side of things and the professional ethics of engineers. Definitely not the place a security professional would like to work at, and because of that, not the place I would like to trust for my business.
When you see IT professionals make other tweets like this, the pictures they're tweeting are always, always from publicly available data dumps. Making a new disclosure is very different, even if the tweets look the same.
145 comments
[ 3.2 ms ] story [ 212 ms ] threadSo he’s posting leaked, private materials that he doesn’t have rights to, and the materials are from a Zoom partner company that provides a critical integration for the company’s operations?
Obviously he’s going to get fired if he refuses to remove the Tweets. I’m surprised they even offered to let him stay if he removed them. You can’t have an employee actively leaking private materials from one of your key partner companies with which you’ve undoubtedly engaged in a lot of contracts.
This isn’t really a wrongful termination case. If you want to be a Twitter leaker of private company materials on sensitive topics, you can’t also expect to work for companies adjacent to those leaked materials.
Unfortunately people often overlook that they are an ambassador for the company they work for. Their employer will usually not tolerate aggravating a (potential) revenue-generating relationship with a third party by any employee.
I believe Zoom did the right thing here, but I’m curious what CA law says.
You can't fire someone just because they posted pictures online only because you don't like them, where I live.
Because your employer have no saying in what you do in your private life.
The most probable outcome if the picture were removed was being fired from Zoom after removing the pictures.
At least now we know about them.
He works in the tech industry, and he posted leaked documents from a tech company. His employer can pretty sanely draw the parallel and say “we don’t want to employ someone who is OK with broadcasting leaked documents from companies like ours”. Even in countries with different levels of worker protections, that’s a pretty clear cause for termination.
You can't be fired for that.
It's against the law.
The leaker is responsible, not the employer posting them.
As it should be in a decent country with decent laws in the west.
We don't live in Vladimir Putin's Russia, do we?
> Even in countries with different levels of worker protections, that’s a pretty clear cause for termination.
actually, it is not.
And if you really wanna try that, you can't do it without a judge saying you could do it.
And if the employer is right, you have to give them the job back and pay all the legal fees.
> You can't be fired for that.
> It's against the law.
Citation needed. In most US states you can be fired for no reason at all.
Here's the quote you're looking for
> that's the difference between countries where workers are protected and where they are not.
> You can't fire someone just because they posted pictures online only because you don't like them, *where I live.*
https://news.ycombinator.com/item?id=30843101
USA is specifically *not* one of those countries.
I somehow doubt it.
I am pretty sure you are mistaken here; there is no law that protects him in this case. The whistleblower protection act only protects federal workers. Other than that California is an at-will state and leaking private information is not a protected class
Not talking about the US here, but, as I've said "countries where workers are protected by the law"
I think you may be confusing authorities here? You can't be prosecuted for merely disseminating trade secrets. It's not illegal.
But your employer can fire you for it. They can fire you for almost any reason they want (exceptions, e.g. for reasons of ethnicity or some other protected class, tend to be spelled out explicitly in legislation). Freedom of association goes both ways. Zoom is under no obligation to continue to pay someone that is hurting the company.
(which I am guessing is Europe and probably Spain, though as the username reads "People from Ibiza" it could be a German or a Brit ;-)
Italy.
Same goes in France, Spain, Germany, Portugal etc etc
It looks like the tweets are gone now anyway.
> None of the data I shared is from my organization and it was obtained entirely independently. I did not break any NDA or contract. I would never violate the trust of the organization I work for.
https://twitter.com/BillDemirkapi/status/1508614036719648771
Doesn’t matter that he didn’t sign an NDA with Okta. Zoom certainly had agreements with Okta that prohibit employees from either company from sharing private information publicly like this. To remain compliant, they can’t continue to employ someone who is publicly violating that (with his handle emblazoned all over the documents, no less)
You can’t expect to work for a company while publicly leaking materials from one of their partners, regardless of how you acquired it.
Partner? Can you say more about this? How do you know Zoom and Okta are partners?
It is very likely Zoom and Okta are partners. Companies are constantly "partnering" with each other and all that means is there likely some agreement somewhere between them to not divulge information.
I think it's pretty clear the poster figured out they were in legal jeopardy, or were worried about it, given the content is now gone.
I don't think that's true for all NDAs.
So if Okta partners with 90% of tech companies, then no one can research what they do and talk about it?
And more generally who isn't a "potential partner"? Can we say anything about any company at all?
Do you know this because you're a lawyer?
By definition anything you can get to independently is public material, as you are the public.
Many legal terms are different from their definition in OED.
If NYT published info, and that's how you became aware of it, yes, it's Public.
But that was not the context I was replying to. My reply is in the context an individual employee making private information public.
A journalist informing GenPop of data is very different than an employee leaking.
Talk to your contracts or securities council for the details - scope and context are important.
- you can get to it as the public
- the owner of the information considers it to be public (this is the “explicitly” part)
I dont think I will ever change that, and keep a fake name very long, and I can never envision going full real names.
Isn’t it just like with the police, they can legally lie in this context? “If you turn yourself in we’ll go east on you”. They can just turn around and fire him anyway because it is an at will work state
There wouldn't be much point in them lying like that. He can also just turn around and repost the tweets after all.
Yeah, but what an employee thinks is good for the customer is irrelevant. What the company thinks is good for the customer is the relevant question.
If the employee thinks that republishing publicly available leaks is good for the customer, they should get permission from the company before publishing it.
It's not the employee's call, even if it is in the customer's interest.
Whistle-blowing is a totally different thing; this wasn't that.
But surely he could have seen this coming when he posted it on his own Twitter…?
Leaking information that “needs to be public” is one thing. Doing it under your own name is sheer stupidity and reflects the worst possible judgment.
[1] https://twitter.com/BillDemirkapi/status/1508820739968880640
I don’t want to develop that kind of culture in the place I work
How do you expect your business partners (companies that you have NDAs with) to react to your hiring of him?
This doesn't feel wise to double-down on without first checking with a lawyer the following:
1. What are his employment rights
2. What is the legal standing of his previous tweets
People seem awfully quick to say "zoom did the right thing here" or "what did you expect?" But these timelines look like people kept it quite for long enough that "oh they'll get around to disclosing it in due time" doesn't cut it. So yeah, "zoom was in their right to fire someone for raising legitimate concerns, bEcAuSe Of ThEiR BoToMlInE" is a stance you can take. But it also means putting corporate interest over public interest once more. Great...
Edit: don't get me wrong I'm not surprised companies would react like that. But "what did you expect" implies that the person would better not have done that, or doesn't have the moral high ground here when they say that the termination, lawful or not, was a dick move.
This isn’t really a whistleblower case either. The person didn’t take materials to authorities to notify them of a coverup. They watermarked their Twitter handle on them and put them on Twitter for personal gain and fame.
I’m not sure what you’re trying to imply regarding the firing, but this seems like a very clear cut case of Zoom being in the right and the employee getting fired for clear reasons.
Did this fired guy release private materials, or dig through already-published materials for something relevant to his interests to highlight?
Most of these reactions are to the 2nd half of the tweet, not to the leaked document. I think you are missing this key aspect.
"Anyone have recommendations for wrongful termination lawyers based in California?"
I wouldn't recommend anyone to him because there's no wrongful termination here. It's not being on moral high ground to point this out.
Given that I, like most others, don’t know it either - there could be grounds. It’s very shortsighted to dismiss someone based on your priors and bias.
I think he, unfortunately, had to learn the hard way that distributing illegal documents on a Twitter account with a bio that associates your employer isn't going to go over well.
What's wrong with pointing someone to a professional consultation in this scenario?
Exactly this. I see multiple [moral] failings here and none are from the author.
Okta, a security company, was breached. Rather than getting ahead of it, admitting their failures and committing to be better, they are actively trying to cover it up.
Zoom, a company with a reputation for misrepresenting their own security, has gotten into bed with Okta. Apparently their values align so that’s making more sense now.
One of zoom’s employees tweeted about some documents which he found in the wild. Zoom decided the best next move was to be an active participant in Okta’s cover up.
Rather than support their employee, they fired him. And now, as anyone could predict, we’re seeing the Streisand effect in action.
Just because it's not a "[moral] failing", doesn't mean it's smart to be a martyr.
I don't know the author but I'm going to guess he's not a martyr. He will get another job by the end of the week if he wants and I'm sure he knew that going in. The cost of getting fired was probably very low.
He was presented with an ultimatum: hold your high ground or keep your job.
It's precisely because of the low cost of losing his job that he was able to hold the high ground. It won't be the same for everyone. For every person who can afford to stand their ground, there's someone else who can't - someone else who has to sacrifice their own values to keep their medical benefits. And that's why we celebrate and hold up the people who can hold their ground - because they represent everyone who can't.
This isn't a pity party for the author. He never asked for pity. I read his post as surprise at how low Zoom would go.
Snowden tried to give the big papers his story but none but the Guardian would actually print it first. The big papers had to follow suit once it was out though, or it would be obvious they were compromised on this particular issue.
"everybody can leak whatever they want"?
"everybody can leak whatever they want, but we leave it to the court of public opinion to decide the leaker should be punished or not"?
He even watermarked the documents with his Twitter handle, he can't stand the idea of someone seeing the information without knowing it came through him.
For most of us, it's just not worth it. The only thing I post on my identity-linked twitter is stuff I'm told to post by my employer. It's just not worth taking this sorts of risks in this environment.
If you're already trading on your real name in order to eat, then you have to continue down that road.
Cult of personality has taken over more than just entertainment, but Academia , Research, and now it seems InfoSec
That is not a good thing
The other two I will full-on agree with.
Sounds like a great way to ensure future employability though.
Anyone have a screenshot or archive?
"I have been terminated from Zoom for refusing to remove the following tweets. Anyone have recommendations for wrongful termination lawyers based in California?"
And it links to this: https://twitter.com/BillDemirkapi/status/1508527487655067660
(Editorializing: The poster seems to be a 20-year-old college student. The linked tweet may have been deleted because the replies pointed out California is at-will and no lawyer would be able to help.)
I'm not in disagreement of the ethical issues pointed out by the top 20 top comments here. But I think it demonstrates how many people here are from the ivory tower of IT rather than the gutter like the rest of us enlisted IT folk. If industry could be trusted to self-regulate I'd be all uppity about supporting them, but they can't and I'm not.
That escalated quickly.
His actions are for the publics favor and interest - considering how much Okta lied about all of this.