Ask HN: Is it legal for an employer to post as you on Slack?
1: I was unceremoniously let go today. 2: I posted a farewell in Slack, and my coworkers replied sympathetically. 3: My laptop was remotely logged out. I also use slack from my phone, and 4: saw that someone posted as me saying "Thanks", a ghost post. Using my phone I 5: commented on the ghost post. Then 6: a few minutes later my slack login was invalidated. My question is: is it legal for someone to post on Slack as me?
Note: I'm in the US, working as a contractor (W-2 to the contractor, who I assume has something like a 1099 with the primary employer). The employer is in Madison, Wisconsin. I am in Florida. As for the contract, I think it's safe to assume it says "We can do anything we want, and you can do nothing."
Note: hire me. javajosh at the gmail.
63 comments
[ 0.19 ms ] story [ 50.4 ms ] threadThey can likely do whatever they want with the account of course.
Posting from your account accidentally would likely be fine, legally. I don't have any idea about the law if it was intentional, though.
For example, if the departing employee later interacts with former coworkers in a social context (employer totally out of the picture), someone could falsely get the impression that somebody replied to a personal message, when they actually did not read it.. That could theoretically have social consequences that are none of the employer's business. Maybe that coworker the IT guy replied "thanks" to was actually stalking them. Maybe there was some kind of affair? Those are probably atypical, but my point is you don't know what weird consequence even a small "thanks" could have. That is why, IMO, the most ethical thing an employer can do here is to not even look at the messages, let alone reply.
In many cases, whether there is a lawsuit worth pursuing depends on both (1) whether a wrong was committed, and (2) whether there are any damages worth recovering based on the wrong.
In some cases all you need is (1), for example if there are statutorily-specified damages. But in most cases, the recoverable damages will depend on how much you were actually injured/prejudiced by the wrong committed.
What is software here? It is a person doing drugery! We are only 2nd order drudgery doers. But we know a secret: drugery is fascinating, complex, demanding and best of all, objective. Either your work works or it doesn't. Nature is the final arbiter. The satisfaction inherent in mastering Nature is sublime. Our profession, software programmers, architects, etc, are a subset of that, since the limit of our work is to control a large array of bits, and control their behavior over time. We segment these bits into interpreter, bytecode, source code, or in some other way, but it is all the same. And we programmers are constantly in battle over the coupling between text (which is actually "composed keyboard motions") and its "destination" - which is of type string, too. Something even more general than a url. If a url is http://javajosh.com then a "destination" would be something like 'me/mylaptop/linux/firefox/http://javajosh.com'. That's a string "javajosh.com" that went into a particular browser, on a particular machine, with fingers attached to a human, me. In this way we could characterize a human as a monotonic list of "destination" strings.
Anyway, what I'm really trying to say is that we're in danger, we programmers. It's not enough to go through a bootcamp and get hired to make progress on a specific project. Software ate the world, now the world is software. But software doesn't stop eating the world. The next go around is going to be dominated by AI. Your typical "Java Enterprise programmer" is probably going to be a software agent. I believe that the "human winners" will be those who either a) take advantage of AI programmers or b) maintain the best software engineering discipline to make better programs. It's not going to be long before you can feed a program a sequence of images describing the application you want, and they'll make it for you. It may even be a bog standard webapp that a human can understand and debug.
Humans can fight back by minimizing your runtime image. Fewer LOC, fewer deps. Humans are on a more even footing with AI when you minimize complexity. This, in turn, means understand your platform. And this differs for everyone. For a java programmer that means dwelling in the java community. But it's more than one community - in fact it's a list, a chain of them, in a loose hierarchy of "framework", "library", and so on.
Note that to dwell in a community means to consume a life. It means to actively and meaningfully participate, read posts, respond, and be aware of who's who and how things get done. It takes time. It's bad if this is just something you're paid to do. And, IMHO, this is the appropriate "zone of professional specialization". My ideal enterprise would have N employees where each employee was a central figure in each of our dependencies. That way, if push comes to shove we can soft-blackmail them into a (one-time) supply-chain poisoning attack virtually impossible to defend against! I kid - I just want to support open source!
Anyway, something like this is what I had in mind instead of "Thanks." Except I was going to write about microservices and kubernetes!
It'd be in extremely poor taste to post or email as the person but I don't think there's a legal issue per se. It is the companies infrastructure so your work accounts aren't really yours.
It's a solid reminder though never to use your work machine for personal use and never to use your personal accounts for work use.
It should be. Times have changed, and now it is possible to impersonate someone "perfectly". This has a negative impact on both the one being impersonated and the people that are being lied to. It is a form of fraud. The requirement to connect this to actual damages is an exercise. An exercise lawyers have convinced a population of scared, ignorant people, demands $300/hr to complete. Let me put it simply: you cannot speak as me, and if you do, you're wrong and should be punished.
Now, maybe it's not the law, but it damn well should be. It seems common sense to me. If you cannot imagine the consequences of allowing an employer to impersonate you (especially in the age of AI), then I will say you lack imagination.
The job is over, with very little to be gained dwelling on trivialities.
Try to assume the best in people and their actions and your life will likely be better for it.
That said, the company owns that Slack instance. They can do whatever they want with it.
Now, it might be unethical for someone else to post as another person, but I'm pretty sure it wouldn't be illegal.
Slack does make it difficult for anyone to remove a post made by someone else. That is intentional. But if you can log into their account as them, then I guess they can do whatever they want as the person in question.
Disclaimers: IANAL, YMMV, etc....
People have to remember, these are business accounts, not personal accounts and all their content belong to the business --which is why one should avoid using business accounts of any type for personal use.
This is solid advice. After 20 years of (trying to) implementing it, it's made for much better professional and personal relationships.
I'd encourage you to delete this, since it contains an alias you apparently also use as your email and can therefore be easily linked to you. You don't want this to be something prospective future employers see.
Therefore, I just want two things:
Also, see my "primary response" : https://news.ycombinator.com/item?id=34362583Best of luck, both in finding a new job and maintaining connections/friendships from this job! I have seen you on HN a lot and am surprised to see you let go. Chalk that up to the halo effect and years of corporate culture programming me to think that productive people are seldom let go.
This is not important now, it won't be important in a week, and you won't remember this in a year.
Look forward.
Perhaps an unpopular leading question/answer, but who owns that particular Slack account?
If the company owns <ex-employee>@<company.com>’s as the login, they own it and it’s not really “you”/“yours” ~
As for the legal part, I'm not a lawyer but I'm fairly confident in saying that you don't have a case for anything. They haven't caused you any real harm. Just forget about it and move on with your life.
I think you’re upset and this is where you’re directing your anger. It’s weird, but not a big deal imo. Maybe sleep on it first.