Killing is not illegal (for self defense, or to save an innocent life). Neither is revolting against an oppressive government in the US, as per the constitution.
To be fair the legal use of lethal force involves an intent to stop the perpetrator, not to kill him. You can very much get yourself convicted of murder in what would otherwise be a self defense case if a jury is convinced you were looking to kill someone intentionally. That’s why among other reasons you should call for an ambulance immediately and politely keep your mouth shut until you speak with your lawyer.
Murder doesn't require a gun, murder isn't a universally essential act, and guns don't have to shoot. Knife crime murder is epidemic in some countries. Guns can also be decorations, used for sport of marksmanship, or insurance policies against home invasion; they are inanimate objects without intent of their own. Killing is occasionally essential when all other means of self-defense have been thoroughly exhausted and someone else is intent on great bodily harm or murder that cannot otherwise be prevented with lesser available force or evasion.
I would have imagine most major ceos are on constant litigation hold considering the sheer volume of lawsuits.
If I am reading that correctly, the ceo got a litigation hold from internal legal nine months after the original issuance to Amazon ? That is also strange.
Good, this is why E2EE and user-controlled communications need protected at all costs. Citizens need to defend the right to communicate privately and ephemerally from government snoops. Because if they can force (or try to) Amazon to fork over comms records, they can do the same to me or to you.
Destruction of evidence is one thing, let them get nailed for that. But they weren't afraid to communicate privately and neither should we.
And we can't let the government hold these antitrust suits up as an example of "this is why we need to break encryption, so we can protect consumers from the big bad monopolies" either. I bet that'll be the narrative at some point.
This is not two citizens having a private conversation. These are actions and conversations taken on behalf of a corporation. Corporations are given tons of privileges, but in exchange they have additional responsibilities that individuals do not have. If employees cause the company to violate those responsibilities the employees are generally not held directly responsible (unless they were directly violating a law). It’s the company itself who is held liable for the actions of its employees in this case.
Yes but companies are not expected to record all audio conversations going on in their offices, or to put recorders on their employees.
In the era of remote work it's common to have ephemeral conversations through text, which are no different from employees chatting at the watercooler. Employees and execs should be free to have those conversations through ephemeral apps. There is no obligation on any company to deliberately create paper trails of everyday conversations b/w employees.
The employees are probably very naive about the laws. The company needs their legal team to clearly explain the laws and recommend sufficient compliance actions to be taken by the employees.
It seems like we'd be better off eliminating some of those privileges and otherwise generally constraining the overall behavior of corporations, rather than scrutinizing the individuals comprising the corporations while otherwise assuming the emergent results are otherwise desirable by construction.
You're providing a distinction without a difference. You'd have to know what the conversation is about in order to know if it's about company business. Which you don't if individuals have private communications, so you'd still have to prohibit "two citizens having a private conversation" in order to enforce your rule.
I also question your premise, which a lot of people state without evidence:
> Corporations are given tons of privileges
Name something relevant the law allows a corporation to do but not an individual.
There are some licenses that can only be held by corporations and not individuals (look at the state regulated insurance licenses for specific examples). But I agree that for the most part corporations and individuals have similar rights.
It's also unclear why that would be a relevant example. The case is not rooted in Amazon operating an insurance business or violating insurance regulations, is it?
That article doesn't contradict that. Signal's new feature is to store users' address book on their servers. That's not great in the case of an SGX break, but that's not the same thing as Signal mitm-ing messages.
we know nothing about signal infra or why the server code is closed. for all i know mox have the root password on a post it and it's MitM from day one. also they boast about things being easy to verify on client but the default client doesn't and they are very against custom clients... which is very schizophrenic
The client code is available though, and that's what's needed to verify that it's not MitM'd. If there's something you'd like to make me and others aware of, I'm all ears. Otherwise you're just casting baseless aspersions.
This is funny because a thread over there is gonna be (the same?) people arguing "its the company computer they can spy on you all day you have no rights".
Maybe there is a middle ground to be found in the insanity but it's definitely not "privacy rights for limited liability legal constructs".
Some people are single-person corporations. Or they run corporations where every significant act by others is directly approved by them. Or they lead corporations which act according to their every whim, stated desire, implied wish, or anticipated future demand.
Are they literally corporations? No, but the line is hard to draw.
EDIT: or maybe I don’t listen to enough Depeche Mode?
>Because if they can force (or try to) Amazon to fork over comms records, they can do the same to me or to you.
You are not a corporation. Your existence isn't entirely enabled by an implicit grant of existence that essentially requires you to comply with all relevant regulations in exchange for legal concessions and protections.
Now...
What you should be worried about is Third Party Doctrine, a legal paradigm by which any communication over a network infrastructure you yourself did not build is suddenly considered non-private. Also CALEA.
I've never been a big fan of mandatory message retention. To me, it just seems like punishment for the literate. You don't make people under litigation holds carry around a voice recorder all day, so you're giving people an out; if they are a more talkative person than a writing person. Since writing is harder than talking, this has always felt awfully unfair.
As for the lack of messages in this case, they always say the coverup is worse than the crime, but if you don't know what the crime is, how can you be so sure?
One difference is that writing and digital communication more broadly is a far more efficient communication mechanism than in person voice communications.
> of using the ephemeral messaging app for months after the feds notified Amazon of the antitrust investigation
I think switching to ephemeral messaging apps specifically in response to antitrust investigation is evidence of mens rea that you’re in an illicit conspiracy. As for the crime:
> The FTC accused Amazon of creating a secret “Project Nessie” pricing algorithm that may have generated more than $1 billion in extra profits.)
You can distrust the government or not believe their argument, but our criminal justice system does depend on the government being able to perform an investigation.
Government officials are also known to be using non-governmental channels for official business, in violation of regulation, and avoiding accountability and transparency. It seems to me that whats’s sauce for the goose is sauce for the gander.
Unfortunately, that just leaves you in a low-trust dysfunctional society. The correct response is to make sure that all parties are behaving above board. Engaging in whataboutism just degrades society and honestly I thought most people learned to mature outside of this childish way of thinking after puberty.
I think we’re already in a low-trust state of affairs, at least with respect to the relationships between individuals and goverments. If the government trusts you so much, then why do they compel yourself to verify your identity to them so often? Why do they constantly threaten you with punishments?
I don’t disagree that we’re now in a low trust environment but you don’t get to a higher trust environment through further erosion of that trust.
I’m not really sure what you’re talking about in terms of verifying your identity, but verification is 100% part of the “trust but verify” philosophy. You should be able to trust your government while simultaneously being able to verify they’re behaving above board. Also you have to be very careful to distinguish government vs individual, government vs small business, and government vs massive multinational. This is the last bucket and concerns in the former don’t really apply to this last bucket.
None of this of course is relevant here - the government is saying that after they begin legal proceedings with Amazon, when Amazon would be under explicit orders to preserve documents and evidence, Amazon spoiled evidence. That’s a very serious accusation and lawyers don’t typically make such claims if they’re baseless because judges typically frown on claims that turn out to be baseless. If the government wins this argument in court, my understanding is that then there’s a presumption that all the documents were negative in Amazon’s favor.
> I think switching to ephemeral messaging apps specifically in response to antitrust investigation is evidence of mens rea that you’re in an illicit conspiracy.
This theory assumes that the company believes the justice system is infallible.
Suppose you're engaged in an illicit conspiracy and you find out there is an investigation. You'd want to stop writing things down that could prove your crimes, because you're guilty.
Suppose you're not engaged in an illicit conspiracy and you find out there is an investigation. You'd want to stop writing things down that could be taken out of context in a malicious prosecution, because you're being investigated even though you're innocent, perhaps because of lobbying by your competitors who have it in for you, maybe because the prosecutor wants to run for office, but certainly for no good reason and therefore evidently for a bad reason.
Since the expected behavior is the same in both cases, it provides no evidence of which case it is.
That’s not how the legal system works though. Once a legal proceeding begins, there’s typically an order from a judge to preserve evidence. Failure to do so can have serious consequences.
That’s not how it works if you’ve been under these kinds of legal proceedings. You have an order to retain all documents and communications regardless of what you think is relevant. So switching to an ephemeral messaging app would 100% be considered you not obeying the court order. Even in person meetings that aren’t documented as they normally would, could be construed as evidence of a conspiracy to destroy evidence.
These kinds of rules are inane and self-defeating. Now instead of switching after the case begins, large corporations will switch ahead of time, as they do with email retention policies etc. Then not only do you not have the emails from after the case begins, you don't have the ones from more than 30 days before either.
Which has a negative impact on not just the case but the economy in general, because some of the information would have been useful to the company's business, but the managers will do what their lawyers tell them to do in order to not get prosecuted.
> I've never been a big fan of mandatory message retention
It's the price of being publicly traded, which is born out of our lessons learned from the Enron scandal, and gave us incredibly simple SOX regulations, and decades of strange antipathy towards them.
> it just seems like punishment for the literate.
Are you suggesting that companies are eschewing written communication for verbal communication as a means of bypassing this legislation? And that it's unfair you have no similar bypass? That's a pretty morally relative take.
> but if you don't know what the crime is, how can you be so sure?
You've precisely described _why_ the coverup is seen as worse than the crime.
OP is specifically comparing voice to text. So it has absolutely nothing to do with being publicly traded. In fact the FTC can investigate fully private companies too.
Publicly traded or not, companies aren't expected to record all voice conversations done by their employees and retain those recordings for future court cases.
That's the double-standard that OP is pointing out. There seems to be an expectation that text chat should be recorded and persisted and audio not.
This is a vestige of an old era when text was for more "formal" or serious conversation and chat for informal.
Today with IM-ing and remote work text can be as ephemeral as voice.
That’s because there is a double standard when it comes to speaking vs writing things down. When a boss tells you to do something dubious within an organization is completely different than when they write that same thing down in a traceable manner. If it’s not in writing everything devolves into your-word-vs-mine, and the top chain of command quickly washes its hands from any blame.
Yes, but technology lets us have ephemeral conversations, which are meant to replicate the temporariness of verbal conversations. That's what the "disappearing" messages of Signal are. And that's what the FTC claim is about.
It's okay for text intended to be permanent to be held to the standard of permanent text.
But creating an expectation that text that is fundamentally intended to be ephemeral should be treated as permanent text does not sound reasonable.
The problem is that the ephemeralitt of a chat between two peers requires physical colocation. The regulations on message retention kicked in when we started leveraging networks to increase the distance across which these messages could propagate.
The "crime" is not the chatting. It's using the wires to do it. The danger is the utilization of network infrastructure to facilitate criminal activity.
But it also doesn't apply to voice calls or even multi-party meetings held over something like Teams despite the ability to record or even auto transcribe them.
I bet that it does apply to transcripts of meetings. This means, of course, that people with hearing or memory problems will be locked out of leadership because the company can't take the risk that accessibility tooling increases their exposure to discovery. Which is what makes me angriest about this double standard - text is a critical accessibility feature for many people.
I mean that you're not required to archive a transcript of every meeting if you weren't already planning on creating the transcript in the first place. Once it's created, agreed, I would expect it to become a business record akin to meeting minutes of board meetings.
>This means, of course, that people with hearing or memory problems will be locked out of leadership
Americans with Disabilities Act says "Hi". Lock someone out of a position solely on the basis of avoiding a reasonable accommodation for the sake of avoiding creation of a business record to do skulduggerous things, and you've just handed someone a sizable cause of action against you.
Seriously, just stop trying to do illegal shit and get away with it and accept that sometimes the way through actually includes changing the rules first, or that any business model that requires you to do something illegal that can only be mitigate by getting away with it long enough to create an issue after scaling should probably be DOA for a reason you haven't bothered to read up on yet.
I know... I know... Read the room. Totally not HN's bag. Get a load of this square, so on, and so forth. I've done my stint in startups. I've seen the harms they can cause. I've been on the receiving end of the industry's lack of care long enough to realize that these regulations exist for a reason. Part of it is to create generous hooks whereby the legal system can actually introspect what you're up to while you're enjoying the benefits of government granted legal fictions.
Calls for finance jobs are routinely recorded as official business. You may not be recording multi-party meetings, but those are more a case of being a young technology than anything else.
But chat isn’t that kind of writing so the theory goes.
Let’s consider another hypothetical: if a deaf employee uses teletext to communicate, are they held to a different standard legally than a non-deaf employee? Or do you mean they should learn sign language to enjoy full privacy rights that everyone else has?
Historically, my pain with SOX has primarily been related to:
1. Poorly written control procedures that hamstring process but nobody wants to fix them, since typically the biggest point is your process is reasonable, documented, and followed... changing it can be fine.
2. Having to fill out time sheets for my work and having to use a flowchart to know what to put in the Capex/Opex column for my time on a given task, so accounting can follow reporting practices.
Litigation holds apply to everyone, it is not just publicly-traded firms that get in trouble if they destroy evidence related to current or reasonably expected litigation (including, but not limited to, an enforcement agency investigation in which they have been notified to retain information for that purpose.)
Dodd-Frank in the US appears to require all financial institutions to record all conversations related to particular activities, despite the lack of an active lawsuit.
It's very difficult to search for definite information about this, but the requirements may have the effect of forcing the recording of every conversation just in case it happens to touch on trading activities or another recording-required topic.
It's a different agency, but Matt Levine has written a fair amount on the SEC making a killing by fining banks when their employees use SMS or WhatsApp. It's a similar story where conversations that might have been held at the water cooler, lunch, after-work beers or the golf course are now often done through text which according to SEC means different regulation applies.
> From the perspective of the banks, I have argued, this is a novel expansion of the SEC’s authority. When the SEC created its rules on recordkeeping, it required banks to retain copies of their “inter-office memoranda,” but it was 1948 and those memoranda were produced with carbon paper; they were formal business records memorializing serious policies. In the 2020s, WhatsApp chats are, in large part, substitutes not for formal memoranda but for talking to someone in person. When I was a banker, I have written, “There were some mornings when I sent more than 100 inter-office memoranda, though like 20 of them would be ‘lol’ or ‘fml.’” In 1948, the SEC would not have dreamed of demanding a searchable archive of all of the informal chats held at a brokerage: That was not technologically feasible, and also did not seem to be the point of its rules. In 2022, it was feasible, and the SEC did demand it, and when the brokers were missing some chats they paid a billion dollars in fines.
Martin Lomasney lived from 1859-1933, so I suppose it was around the time (1876) that Alexander Graham Bell invented the telephone, but he certainly predates email!
Yes, at work you should have nothing to hide, specially if you're an employee cos the employer will surely let the bus drive over you and then drive in reverse just to be sure there's no risk of you being alive.
And that's fine, not a chance I'd ever commit a crime for ANY employer. I've had to ask managers to sign off on shit I knew was unlawful before and I'd do it again in the blink of an eye.
No salary is worth the risk of going to jail. It's just another job.
> I've had to ask managers to sign off on shit I knew was unlawful before and I'd do it again in the blink of an eye.
> No salary is worth the risk of going to jail. It's just another job.
If you aren't willing to go to jail for your job, you probably should not be willing to commit crimes just because you have a manager dumb enough to provide documentation implicating both of you in the crime.
Most Fortune 500 companies have (I am extrapolating wildly here since I haven't worked at all of them) email retention policies that specify that emails will not be kept past a certain time after reception. So when an opposing lawyer requires the emails that were sent a year ago ... well, those were deleted as per policy. It's weird that if the companies had a policy to immediately delete them it would be "bad" but if they delete them after 30 days due to "storage" reasons and a clear, global, openly stated policy, it's OK. It doesn't stop someone from stuffing old emails in a folder.
In my experience, the email retention policy is guided by whatever regulations with which the company has to comply. I’ve worked at places with insanely long retention policies because of that.
We sell VoIP B2B and our retention time is measured in multiples of years. Businesses like to sue each other and proof of phone calls or work on their phone lines can be subpoenaed.
Wow. The companies I've worked at only kept old emails if there was a litigation hold. Otherwise, the email retention policy was enforced. It seems to me a double edged sword that slightly favors the deleter.
I think that you will find that your industry is an outlier.
> Most Fortune 500 companies have (I am extrapolating wildly here since I haven’t worked at all of them) email retention policies that specify that emails will not be kept past a certain time after reception.
Those policies are suspended for materials subject to a litigation hold, whether triggered by actual or reasonably foreseen litigation or an active investigation for which they have been notified to preserve evidence (which is mostly a formalized case of reasonably foreseen litigation) and if they aren’t, the company can be sanctioned for destroying evidence (and adverse inferences can be drawn from the destruction of evidence in the litigation, separate from the penalties for destroying evidence.)
> It’s weird that if the companies had a policy to immediately delete them it would be “bad” but if they delete them after 30 days due to “storage” reasons and a clear, global, openly stated policy, it’s OK.
Actually, deleting either way would be sanctionable where a retention requirement of the type at issue applies.
For exactly the same reasons, Amazon limits message retentions on it's internal Slack platform and aggressively enforces mailbox quotas in it's internal email system.
Up to some shady shenanigans, and don't have to hand it over as part of discovery if they don't got the record in the first place. Exactly the same way criminal gangs operate!
The sudden disappearance of Slack channels is definitely a thing, along with giant sets of trouble tickets. Don't forget the disappearing wikis... Can't have documentation.
It's definitely given me the opinion that the only reliable docs are what's in git.
Links to stories are useless
Links to tickets are better
Links to wikis are awful
Comments are misleading
Code review links are ok, but mostly link to unreliable sources, and older code review links are gone.
Commit history also goes missing, so don't bother leaving too much info in the commit text
Current code is mostly reliable, but might need extra knowledge to actually reason about.
It's crazy how much useful info get deleted or not migrated or gets moved in a way where you'd never find it again, or the search tools stop indexing it
Somewhat ironic for government officials to say that private organizations are destroying evidence by using these apps. I heard an interview with Janet Napoletano (when she was secretary of homeland security) saying she avoided corresponding over e-mail or instant message to avoid leaving a ‘paper trail’.
we should have privacy for individuals / citizens and no privacy for those with power, whether they’re a government official or company.
it’s wild to me how quickly this is flipping on its heads, we’re now entering a space where citizens get less and less privacy while billionaires, corps, and governments are getting more.
it’s becoming a genuine two tier system, those who get ultimate privacy and those who get none.
I could be wrong, but my assumption is that tech companies with a lot of talent develop their own messaging apps for the execs and friends. Why would they risk using a popular platform? The data could be sent via whatever medium, doesn't need to be ethernet. I also assume this is how most illegal collusion is done as well, unless someone wants to give me other data points.
> I could be wrong, but my assumption is that tech companies with a lot of talent develop their own messaging apps for the execs and friends.
This is an incorrect assumption. E-mail and even SMS text messaging are heavily relied upon.
This very story shows that Amazon execs were using Signal, not some custom application.
If a company was found to have developed a custom in-house app that was exclusively used by executives and their friends, it would immediately become the central target of their investigation.
> Why would they risk using a popular platform?
I think the part you've missed is that if someone is discussing something sensitive or illegal, they avoid writing it down in any medium at all. They won't develop an in-house app for messaging because they're not going to be messaging these things if it can be avoided. Instead, they send a meeting invite and then discuss it in an ephemeral medium like voice or in person.
> I also assume this is how most illegal collusion is done as well,
Smart people colluding for illegal activities aren't going to take notes or leave anything in writing. It's done in person or in voice, not via e-mail or in-house apps.
Nothing to do with that. They were under investigation and they could be destroying evidence.
"Companies and individuals have a legal responsibility to preserve documents when involved in government investigations or litigation in order to promote efficient and effective enforcement that protects the American public."
But there is no responsibility to create new potentially incriminating evidence against themselves. Just because you are under investigation does not mean all your communication henceforth needs to be recorded.
It does, however, mean that your new documents related to the litigation must be preserved. Just because a machine destroys it for you as a service doesn't mean you don't have a duty to preserve. They control the disappearing time.
Looking at FRCP rule 37, it uses language like "reasonable steps to preserve" electronic information, and "intent to deprive another party of the information’s use". I'm no expert, but it does sound like this might imply an obligation to change retention settings, switch to another chat app, or figure out some other way to preserve relevant information (if litigation is anticipated).
Jeff Bezos, when not operating in a business capacity, can do whatever. The federal government told Google, Amazon, Meta, Microsoft, and others, they had to retain communication streams for a certain amount of time.
And then Amazon (and Google) instructed employees to delete lots of communications, and to communicate outside normal channels, e.g., via Signal.
Proving it seems exceedingly difficult unless a party to the convo testifies it was done to evade potential discovery. Any record suggesting use of Signal for work purposes could be bad for their side.
One prime directive of megacorp comms, don't write down anything that could be used as evidence. If possible, have an unscheduled chat in person.
I'm curious how using Signal in this way is any different from talking in person. Nobody considers a private conversation during a walk in the park to be destroying evidence just because it wasn't recorded.
Signal can leave metadata (phone numbers) behind whereas talking in person doesn't usually unless some comms were used to suggest it, security footage, or cell phone pings were to allude it. I'm wondering if evidence of a conversation occurring can be used in a legal context as circumstantial evidence or to suggest suspicion or intrigue.
I feel like I'm ok with Amazon execs needing to not auto-delete their messages when the FTC is doing discovery about anti-competitive practices ... but how far down does that go?
- can a smaller or privately held company being sued be obligated to keep all their communications in a form which can be subpoenaed?
- is a family business being sued under the same obligation? What if execs in that family business have both personal and business conversations?
- is an individual being sued under the same obligation?
- if I want access to someone's personal messages, can I contrive a reason to sue them, and create such an obligation to deliver personal correspondence to my counsel?
- if Senator McCarthy thinks you're maybe a communist, can he publish your name as part of a list of suspicious persons and provide legal funds for to any wannabe vigilante who can contrive a suit against you?
At some point, I think we as a society need to agree on what rights to privacy exist, how solid they are, which rights are enjoyed by individuals and which rights if any also apply to corporations.
> for months after the feds notified Amazon of the antitrust investigation.
That’s the problem. Had they always used signal—-even if they had started the day before the notice of investigation was sent—-it’s a non-issue. They did it in response to a notice. That’s shady shit.
I mean if the feds can't win on the Amazon Business Services Agreement being written by Amazon Legal and stipulates most favored nation status when it comes to pricing, what the fuck are they actually doing? Who cares what messages exist? The crime is in writing in a forced click-wrap agreement ticked by every Amazon Seller.
> If the judge finds that Amazon was negligent in failing to preserve data tied to the case
I think there's several big obstacles the prosecution would have to overcome in order for that to happen.
For one, someone would have to violate their own Fifth Amendment right and admit that they used Signal intentionally to hide things relevant to the investigation.
Also, how is "disappearing messages" any different from a private IRL conversation? Nobody is calling a casual chat in the park "destruction of evidence".
It's interesting how in some cases, text communication isn't allowed to be recognized as official communication in the eyes of the law.
I am referencing communicating with a landlord about a fault in the building. I have gotten screwed in the past because I didn't put the information sent to a landlord in a email.
Goodbye security deposit. I guess you can crush a stone, mix with water, and turn the dust into a blood slurry after all.
If only the city held these deposits and the landlord would have to prove in court that they deserve it.
You're assuming that they would burn such a high profile backdoor over a low profile case like this. If Signal is ever breached, or has some sort of a backdoor, they'll likely only use it against the likes of Snowden, for "national security" reasons.
Why? It's just another perspective?
It's not Signal's or encryptions fault (although many politicians will frame it like that), but it's JBs and employees fault to use it, and to set it up to remove messages in a given timeframe. Which, in this case, is probably "destroying evidence in a given timeframe".
149 comments
[ 3.3 ms ] story [ 238 ms ] thread> You can't use apps for what they're designed for!
my sides, in orbit
Killing is not illegal (for self defense, or to save an innocent life). Neither is revolting against an oppressive government in the US, as per the constitution.
Murder doesn't require a gun, murder isn't a universally essential act, and guns don't have to shoot. Knife crime murder is epidemic in some countries. Guns can also be decorations, used for sport of marksmanship, or insurance policies against home invasion; they are inanimate objects without intent of their own. Killing is occasionally essential when all other means of self-defense have been thoroughly exhausted and someone else is intent on great bodily harm or murder that cannot otherwise be prevented with lesser available force or evasion.
If I am reading that correctly, the ceo got a litigation hold from internal legal nine months after the original issuance to Amazon ? That is also strange.
Destruction of evidence is one thing, let them get nailed for that. But they weren't afraid to communicate privately and neither should we.
And we can't let the government hold these antitrust suits up as an example of "this is why we need to break encryption, so we can protect consumers from the big bad monopolies" either. I bet that'll be the narrative at some point.
In the era of remote work it's common to have ephemeral conversations through text, which are no different from employees chatting at the watercooler. Employees and execs should be free to have those conversations through ephemeral apps. There is no obligation on any company to deliberately create paper trails of everyday conversations b/w employees.
You know, those everyday conversations around the water-cooler about how we're going to respond to a DOJ anti-trust lawsuit...
I also question your premise, which a lot of people state without evidence:
> Corporations are given tons of privileges
Name something relevant the law allows a corporation to do but not an individual.
still a million times better than most alternatives. maybe matrix today can compete. but that's it.
https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...
the pin/number-as-id is just the cherry on top.
we know nothing about signal infra or why the server code is closed. for all i know mox have the root password on a post it and it's MitM from day one. also they boast about things being easy to verify on client but the default client doesn't and they are very against custom clients... which is very schizophrenic
Maybe there is a middle ground to be found in the insanity but it's definitely not "privacy rights for limited liability legal constructs".
History has shown time and time again why powerful entities need transparency and accountability.
Some people are single-person corporations. Or they run corporations where every significant act by others is directly approved by them. Or they lead corporations which act according to their every whim, stated desire, implied wish, or anticipated future demand.
Are they literally corporations? No, but the line is hard to draw.
EDIT: or maybe I don’t listen to enough Depeche Mode?
Corporations are people, my friend - Mitt Romney.
You are not a corporation. Your existence isn't entirely enabled by an implicit grant of existence that essentially requires you to comply with all relevant regulations in exchange for legal concessions and protections.
Now...
What you should be worried about is Third Party Doctrine, a legal paradigm by which any communication over a network infrastructure you yourself did not build is suddenly considered non-private. Also CALEA.
Since when am I a trillion dollar company?
You're even less able to defend yourself.
As for the lack of messages in this case, they always say the coverup is worse than the crime, but if you don't know what the crime is, how can you be so sure?
> of using the ephemeral messaging app for months after the feds notified Amazon of the antitrust investigation
I think switching to ephemeral messaging apps specifically in response to antitrust investigation is evidence of mens rea that you’re in an illicit conspiracy. As for the crime:
> The FTC accused Amazon of creating a secret “Project Nessie” pricing algorithm that may have generated more than $1 billion in extra profits.)
You can distrust the government or not believe their argument, but our criminal justice system does depend on the government being able to perform an investigation.
I’m not really sure what you’re talking about in terms of verifying your identity, but verification is 100% part of the “trust but verify” philosophy. You should be able to trust your government while simultaneously being able to verify they’re behaving above board. Also you have to be very careful to distinguish government vs individual, government vs small business, and government vs massive multinational. This is the last bucket and concerns in the former don’t really apply to this last bucket.
None of this of course is relevant here - the government is saying that after they begin legal proceedings with Amazon, when Amazon would be under explicit orders to preserve documents and evidence, Amazon spoiled evidence. That’s a very serious accusation and lawyers don’t typically make such claims if they’re baseless because judges typically frown on claims that turn out to be baseless. If the government wins this argument in court, my understanding is that then there’s a presumption that all the documents were negative in Amazon’s favor.
This theory assumes that the company believes the justice system is infallible.
Suppose you're engaged in an illicit conspiracy and you find out there is an investigation. You'd want to stop writing things down that could prove your crimes, because you're guilty.
Suppose you're not engaged in an illicit conspiracy and you find out there is an investigation. You'd want to stop writing things down that could be taken out of context in a malicious prosecution, because you're being investigated even though you're innocent, perhaps because of lobbying by your competitors who have it in for you, maybe because the prosecutor wants to run for office, but certainly for no good reason and therefore evidently for a bad reason.
Since the expected behavior is the same in both cases, it provides no evidence of which case it is.
Which has a negative impact on not just the case but the economy in general, because some of the information would have been useful to the company's business, but the managers will do what their lawyers tell them to do in order to not get prosecuted.
It's the price of being publicly traded, which is born out of our lessons learned from the Enron scandal, and gave us incredibly simple SOX regulations, and decades of strange antipathy towards them.
> it just seems like punishment for the literate.
Are you suggesting that companies are eschewing written communication for verbal communication as a means of bypassing this legislation? And that it's unfair you have no similar bypass? That's a pretty morally relative take.
> but if you don't know what the crime is, how can you be so sure?
You've precisely described _why_ the coverup is seen as worse than the crime.
Publicly traded or not, companies aren't expected to record all voice conversations done by their employees and retain those recordings for future court cases.
That's the double-standard that OP is pointing out. There seems to be an expectation that text chat should be recorded and persisted and audio not.
This is a vestige of an old era when text was for more "formal" or serious conversation and chat for informal.
Today with IM-ing and remote work text can be as ephemeral as voice.
As the saying goes: “Get it in writing”
It's okay for text intended to be permanent to be held to the standard of permanent text.
But creating an expectation that text that is fundamentally intended to be ephemeral should be treated as permanent text does not sound reasonable.
The "crime" is not the chatting. It's using the wires to do it. The danger is the utilization of network infrastructure to facilitate criminal activity.
Or at least that seems to be my view of things.
Americans with Disabilities Act says "Hi". Lock someone out of a position solely on the basis of avoiding a reasonable accommodation for the sake of avoiding creation of a business record to do skulduggerous things, and you've just handed someone a sizable cause of action against you.
Seriously, just stop trying to do illegal shit and get away with it and accept that sometimes the way through actually includes changing the rules first, or that any business model that requires you to do something illegal that can only be mitigate by getting away with it long enough to create an issue after scaling should probably be DOA for a reason you haven't bothered to read up on yet.
I know... I know... Read the room. Totally not HN's bag. Get a load of this square, so on, and so forth. I've done my stint in startups. I've seen the harms they can cause. I've been on the receiving end of the industry's lack of care long enough to realize that these regulations exist for a reason. Part of it is to create generous hooks whereby the legal system can actually introspect what you're up to while you're enjoying the benefits of government granted legal fictions.
A good enterprise doesn't need crime. Simple as.
Let’s consider another hypothetical: if a deaf employee uses teletext to communicate, are they held to a different standard legally than a non-deaf employee? Or do you mean they should learn sign language to enjoy full privacy rights that everyone else has?
Essentially removing the question of whether someone should have considered something as potential evidence before destroying it.
_Not creating more incriminatory evidence_ is not illegal.
Creating unnecessary and incriminating records comes down to your own incompetence.
Historically, my pain with SOX has primarily been related to:
1. Poorly written control procedures that hamstring process but nobody wants to fix them, since typically the biggest point is your process is reasonable, documented, and followed... changing it can be fine.
2. Having to fill out time sheets for my work and having to use a flowchart to know what to put in the Capex/Opex column for my time on a given task, so accounting can follow reporting practices.
No, its not.
Litigation holds apply to everyone, it is not just publicly-traded firms that get in trouble if they destroy evidence related to current or reasonably expected litigation (including, but not limited to, an enforcement agency investigation in which they have been notified to retain information for that purpose.)
It's very difficult to search for definite information about this, but the requirements may have the effect of forcing the recording of every conversation just in case it happens to touch on trading activities or another recording-required topic.
If they have a strong aversion to putting it down in writing, then that's a red flag you shouldn't do it.
> From the perspective of the banks, I have argued, this is a novel expansion of the SEC’s authority. When the SEC created its rules on recordkeeping, it required banks to retain copies of their “inter-office memoranda,” but it was 1948 and those memoranda were produced with carbon paper; they were formal business records memorializing serious policies. In the 2020s, WhatsApp chats are, in large part, substitutes not for formal memoranda but for talking to someone in person. When I was a banker, I have written, “There were some mornings when I sent more than 100 inter-office memoranda, though like 20 of them would be ‘lol’ or ‘fml.’” In 1948, the SEC would not have dreamed of demanding a searchable archive of all of the informal chats held at a brokerage: That was not technologically feasible, and also did not seem to be the point of its rules. In 2022, it was feasible, and the SEC did demand it, and when the brokers were missing some chats they paid a billion dollars in fines.
Not sure of the origin, possibly Martin Lomasney.
https://en.wikipedia.org/wiki/Martin_Lomasney
https://thewestendmuseum.org/news/the-life-legend-and-lesson...
You could see it in a different way, such as being a requirement that only catches the dumbest of criminals, repeatedly.
Being sued does not imply wrong doing.
No salary is worth the risk of going to jail. It's just another job.
> No salary is worth the risk of going to jail. It's just another job.
If you aren't willing to go to jail for your job, you probably should not be willing to commit crimes just because you have a manager dumb enough to provide documentation implicating both of you in the crime.
I think all corporate communications should be preserved indefinitely.
Deletion or using apps like signal to avoid retention should be used against the corporation in court.
I think that you will find that your industry is an outlier.
Those policies are suspended for materials subject to a litigation hold, whether triggered by actual or reasonably foreseen litigation or an active investigation for which they have been notified to preserve evidence (which is mostly a formalized case of reasonably foreseen litigation) and if they aren’t, the company can be sanctioned for destroying evidence (and adverse inferences can be drawn from the destruction of evidence in the litigation, separate from the penalties for destroying evidence.)
> It’s weird that if the companies had a policy to immediately delete them it would be “bad” but if they delete them after 30 days due to “storage” reasons and a clear, global, openly stated policy, it’s OK.
Actually, deleting either way would be sanctionable where a retention requirement of the type at issue applies.
Links to stories are useless
Links to tickets are better
Links to wikis are awful
Comments are misleading
Code review links are ok, but mostly link to unreliable sources, and older code review links are gone.
Commit history also goes missing, so don't bother leaving too much info in the commit text
Current code is mostly reliable, but might need extra knowledge to actually reason about.
It's crazy how much useful info get deleted or not migrated or gets moved in a way where you'd never find it again, or the search tools stop indexing it
I know the annoying slack retention policy but I had never heard of tickets, issues, or wikis or even git commits being auto deleted.
When I was there I could go back a decade and open up old tickets or wikis.
Has things changed so much in less than two years?
Washington Post article referenced:
Federal regulators accuse Amazon executives of deleting messages
https://news.ycombinator.com/item?id=40182270
we should have privacy for individuals / citizens and no privacy for those with power, whether they’re a government official or company.
it’s wild to me how quickly this is flipping on its heads, we’re now entering a space where citizens get less and less privacy while billionaires, corps, and governments are getting more.
it’s becoming a genuine two tier system, those who get ultimate privacy and those who get none.
err- i dont mean to be rude but, what gave you that assumption?
Meta has Workplace, for example.
This is an incorrect assumption. E-mail and even SMS text messaging are heavily relied upon.
This very story shows that Amazon execs were using Signal, not some custom application.
If a company was found to have developed a custom in-house app that was exclusively used by executives and their friends, it would immediately become the central target of their investigation.
> Why would they risk using a popular platform?
I think the part you've missed is that if someone is discussing something sensitive or illegal, they avoid writing it down in any medium at all. They won't develop an in-house app for messaging because they're not going to be messaging these things if it can be avoided. Instead, they send a meeting invite and then discuss it in an ephemeral medium like voice or in person.
> I also assume this is how most illegal collusion is done as well,
Smart people colluding for illegal activities aren't going to take notes or leave anything in writing. It's done in person or in voice, not via e-mail or in-house apps.
"Companies and individuals have a legal responsibility to preserve documents when involved in government investigations or litigation in order to promote efficient and effective enforcement that protects the American public."
But there is no responsibility to create new potentially incriminating evidence against themselves. Just because you are under investigation does not mean all your communication henceforth needs to be recorded.
And then Amazon (and Google) instructed employees to delete lots of communications, and to communicate outside normal channels, e.g., via Signal.
Similar to Elon musk, anything he might do or say could be very consequential to businesses he's related to
One prime directive of megacorp comms, don't write down anything that could be used as evidence. If possible, have an unscheduled chat in person.
I'm curious how using Signal in this way is any different from talking in person. Nobody considers a private conversation during a walk in the park to be destroying evidence just because it wasn't recorded.
Yes. What's the difference, functionally? Ignore the time limitation, what is the command being given, in the end?
- can a smaller or privately held company being sued be obligated to keep all their communications in a form which can be subpoenaed?
- is a family business being sued under the same obligation? What if execs in that family business have both personal and business conversations?
- is an individual being sued under the same obligation?
- if I want access to someone's personal messages, can I contrive a reason to sue them, and create such an obligation to deliver personal correspondence to my counsel?
- if Senator McCarthy thinks you're maybe a communist, can he publish your name as part of a list of suspicious persons and provide legal funds for to any wannabe vigilante who can contrive a suit against you?
At some point, I think we as a society need to agree on what rights to privacy exist, how solid they are, which rights are enjoyed by individuals and which rights if any also apply to corporations.
But I think you are just overall missing the entire point: these people were notified that they are recordkeepers.
That’s the problem. Had they always used signal—-even if they had started the day before the notice of investigation was sent—-it’s a non-issue. They did it in response to a notice. That’s shady shit.
I don’t imagine judges like businesses being cute with evidentiary rules, and even less so when they continually refuse to address the issue.
I think there's several big obstacles the prosecution would have to overcome in order for that to happen.
For one, someone would have to violate their own Fifth Amendment right and admit that they used Signal intentionally to hide things relevant to the investigation.
Also, how is "disappearing messages" any different from a private IRL conversation? Nobody is calling a casual chat in the park "destruction of evidence".
I am referencing communicating with a landlord about a fault in the building. I have gotten screwed in the past because I didn't put the information sent to a landlord in a email.
Goodbye security deposit. I guess you can crush a stone, mix with water, and turn the dust into a blood slurry after all.
If only the city held these deposits and the landlord would have to prove in court that they deserve it.
I know other apps can do it but other apps aren't being tested publicly in a high profile case like this.
The FTC should have some other way to collect evidence. Like getting a warrant to obtain their phones, or old-fashion bug their home.