> If you take one lesson from this, it’s that you can always say no.
I fully understand why this is true, but it seems to ignore any retaliative measures that the management could take against the person who says no.
With the benefit of hindsight, any such retaliation would be weaker than ending up in an orange suit. But the person has to find the guts to say "no" without that hindsight.
The threat of retaliation - in the form of being fired, harassed or moved to a dead end position - is very scary to a younger engineer. But from a rational point of view it's not very strong (HOWEVER many managers or CEOs are far from rational.)
- Firing someone has large costs to the employer. You have the job because you are needed. Same for side-lining someone or not promoting them.
- Firing someone removes the final incentives against that person reporting the deed to the govt. It pushes that person toward reporting instead of softer "negotiated" steps such as continuing to argue for legal alternatives or discussing it with an intermediate rather than outright reporting. And many corporate legal or accounting people are amazing at finding alternative ways to achieve the same result in a not-illegal manner.
- A lawyer can help you much more once there is retaliation. The company might end up fighting both the fraud reporting AND the retaliation.
Just firing someone is not a great "solution" for the company.
Letting you believe that they will ... that's very powerful.
(and probably all this is caveat: in countries where retaliation is illegal enough and commonly taken to court or settled. which is not worldwide.)
> But the person has to find the guts to say "no" without that hindsight.
Not that I would recommend a night's stay at a local lockup (2/5 stars, the beds are awful, the toilet facilities are worse, and the roommates leave much to be desired), but doing so certainly puts things in perspective going forward.
Software developers should sign a code of ethics, like other professions do and then cite it when asked to do unscrupulous things. This would work for activities that aren't illegal but still unethical, like defaulting user privacy choices to open/public. Citing professional organizations like ACM or IEEE would deter retaliation.
No. I oppose any formal requirement to practice software development. And this isn't because I disagree about the requirement to be ethical, but because it would draw a moat of "professionalisation" around software development, excluding new entrants. It's a fashionable trend across many disciplines: it starts innocuously with informal groups and seminars. Then someone starts one or more professional bodies which devise some sort of qualification. Then they start charging a yearly or triennial renewal fee for that qualification. Then they try to make it impossible to get work without their qualification. The profession comes under the thumb of people who spend their time getting on to the committees which control these professional bodies.
That can be reasonable for something like medicine or structural engineering. But is it appropriate for a developer cranking out Javascript or Excel macros? This is pulling up the drawbridge behind you, excluding anyone who comes to the profession through informal means - and in my generation, that meant almost everyone. It also means that you will need to determine how much of your time you dedicate to politics.
I was working with someone on a large government project. At the beginning I told him that we cannot pad our hours at the end of the year to run the contract out and then make up for it with extra hours in the next year like we do with business clients because it is illegal and further because it's a $1M+ contract could lead to prison.
Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao. I compromised by quitting and reporting it to the liaison on the project (a professor). It was very stressful because if I hadn't reported it he could say that I reported those hours, not him, and I could have ended up in prison.
I have promised to resign (and fully would have) when asked to implement something that would put customer security and privacy at risk, when such concerns were in their infancy; more than half a lifetime ago but in the dot com era when I had actual value. Our client, a very large organisation, became aware I had an ethical concern my own bosses didn’t share, listened to me and changed their policies to eliminate my concern.
People who work in the Valley for fifty, a hundred times more than the poorest in their own country often do not seem to feel the same way anymore.
This is not a question of abstract ethics, but a question of simple professional integrity. If the thing is bad and risks harms, you don’t do it.
It’s part of why I work for myself now; it’s not difficult to spot people who do not have a strong sense of ethics and simply not work for them. I work in a couple of fields where there are many non-ethical players, and can do so with a clear conscience.
Another recent classic case of this is the revelations that Uber were targeting law enforcement based on user behaviour, and refusing to offer them rides in areas where they were breaking regulations. I mentioned this at some point last year, and someone replied saying that they'd enthusiastically volunteer to take part in that project (assuming no personal risk). People's ethics are not always what you'd expect (or hope).
I used to work for Uber, but not on this feature or anything related.
Apropos to the article, as a programmer for this feature, what you are actually asked to do is write a greybanning engine. It can take various features (geofence, denylist of phone numbers/emails/device identifiers/payment, etc.) and use it to calculate a score that applies a greybanning policy. The policy may be that the cars in the app are now fake, the ride will never come, your CC is "denied", etc.
Nothing illegal or unethical about this feature, as written, but it is a "dual-use" technology.
The feature has been used to literally save lives. There were taxi-affiliated people in South America that would call an Uber and then, at best, trash the car and beat the driver. At worst, they'd kill the driver. Those people need to be greybanned, along with scammers, criminals, and abusive people of all sorts.
The local market administrators, however, definitely might ban users that the know to be police ticketing the drivers, might ban any account signup from the police station, might ban city credit cards, etc.
You, as the programmer on this feature, can't defend against that unethical use of it.
If you work at the insurance company and get asked to write a rules engine but not the rules, this same thing applies to you.
I was asked to sign off on an R&D tax claim for my team's work. I reviewed it and said no. Was then sent to a meeting with the accountants who explained the claim was based on what the CEO had told them. We went through the details and the agreed with me on most things. I also discovered that we were entitled to claim for things I wouldn't have known about and the CEO discovered that just because the credits were for R&D the legal definition didn't allow for normal development work.
In this instance nothing intentionally illegal was being attempted. However, had the original claim been made it could have been considered fraud. In these sorts of situations I always ensure that the company put me in contact with the professionals that can indemnify both the company and me from any wrong doing. Provided we tell the truth.
This happened to me too, the claim was outsourced to a contractor who had never interacted with myself or anyone on my team - the only devs in the company - resulting in a purely fictitious depiction of what we did.
It's easy to armchair quarterback these things, and in retrospect, the actions that innocent people should take are probably obvious. At the time I don't think it would be so easy.
There is lots of pressure not to take action, because of the feeling you're overreacting, because you've had things explained to you in a way that minimizes or removes the criminality, and because your job is at stake.
And crucially there is never some black and white issue. If your employer told you to murder someone, it would be easy to say no and know you did the right thing. If they tell you to incrementally go along with some grey area thing you're not sure the legal status of, it's way harder to know what to do.
People still have to be accountable for their actions of course, ignorance is no excuse. But we all should hope we're never in such a situation to begin with rather than thinking we'll know how and when to act.
If you're serious about anything, you do more than hope. You do diligence on your prospective employer before going to work for them. You think through a litany of contingencies and prepare a plan of action for each. Jobs in this industry are uniquely amenable to this by virtue of their relatively higher compensation and the autonomy often afforded to employees. If you spend an hour every day on HN, you can spend an hour meditating upon your conscience.
Predicting one's response to stressful and unexpected circumstances is hard. So try to anticipate circumstances and cultivate relevant virtues in advance.
I wish I could tell a story. Alas, I can't. It turns out that large corporations are excellent at hiding evidence of wrongdoing, and will do everything to cover the backside of high-level execs, because stock price matters. When it's bad, the exec leaves for a "better opportunity", and none will be wiser. The stress of the honest, serious engineer(s) remain, and the exec gets a free ride to their next big beautiful step up the ladder. In retrospect, don't follow internal reporting guidelines, and don't talk to internal lawyers. They either are incompetent or competent, but paid to swipe stuff under the rug -- you'll never find out either way. Instead, go to the relevant regulatory agency, write a detailed report to them, and let it play out.
It depends on the country. It’s not possible to operate large companies in Hungary without paying to the prime minister’s family. When I lived there, I signed a paper at a large multinational company as a simple developer. The paper’s only purpose was to channel EU funds to the family. I was naive, and I thought that it’s a real project, with real work. It wasn’t. Later I realised why some of my coworkers were against it, but I didn’t believe that that company would go down on that route. I was really naive.
> Frank was a student loan startup founded by Charlie Javice in 2016. In 2019, Javice was featured on the Forbes “30 under 30”
There was a joke going around Twitter about "30 under 30 doing 30 to life", because the startups involved were getting more and more outlandish to the extent that bystanders suspected that fraud was going on. Became a Guardian article: https://www.theguardian.com/business/2023/apr/06/forbes-30-u...
Of course, a fraud can stay afloat for a lot longer than you expect. The really tricky case is when you're ordered to do something illegal or unethical for which there is substantial political cover. An executive order, for example. You cannot rely on anyone to back you up simply because of the letter of the law.
Also:
> The reality was that this was a very deliberate double charge. I could not share this fact at the time – as the company threatened me with libel after I informed them of this detail
UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
I'm quite firmly on the side of "don't do bad stuff", even way before crossing the line to wondering how you'd look in the proverbial orange jumpsuit. But two things about this are often under-discussed IMO.
Firstly, personal costs can be high even before full-blown whistleblowing, the struggles of which are well reported. The best case is usually that you're looking for a new job. It is clear to me that that's better than committing a crime or gravely unethical action, but not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
This also goes for mental costs: I have previously come close to burnout spending months trying to rectify a clearly very bad and doomed situation. The only reward at the other end was the bitter vindication of seeing a project I deeply cared about crash and burn from afar after cutting my losses. And I personally know people who suffered far greater damage and took longer to recover from it, even in cases where they merely uncovered some big skeleton in the closet that was not even the fault of anyone currently in charge or clearly malicious. In many cases, management will be somewhere between actively complicit and themselves stuck in a bad situation with barely enough (perceived) agency to fix things the right way, which doesn't help.
Secondly, short of "going to war" and dedicating your entire life to changing something, saving yourself is usually the best you can hope for. That's obviously better than being complicit and possibly liable. I also like being able to sleep at night knowing I have principles. But if you have the righteousness to refuse to become complicit, it's quite frustrating to come to terms with the fact that you mostly won't be able to set things straight properly unless you are in a very influential position. I know that's often not really my responsibility if I'm not higher up, but it still doesn't sit right with me that I can't do more.
Many years ago, I was working for a consulting firm doing work for a, erhm, "large insurance provider headquartered in Illinois". I was building a tool their insurance adjusters could use to use GPS devices to check how far houses were from the coast line and deny flood coverage to anyone within a certain boundary. Note that this was during the time of Selective Availability, so GPS devices were only good to 100m precision.
The client saw my first version where I marked an "indeterminate" buffer zone to account for the precision problem. They complained it was "confusing" and insisted I use the raw value without any buffer. Oh, and also, round the numbers in such a way to put all indeterminate points inside the denial zone. This would effectively add hundreds of square miles to the denial zone. A denial zone set by law, i.e. this was the some the government was allowing the insurance company to blanket deny flood coverage.
Giving them the benefit of doubt, I explained that the proposed changes didn't make mathematical sense and would over count people near the edge of the denial zone. I had access to some market data at the time and was able to estimate it would be a few thousand extra homes. They did the standard "avoid acknowledging the issue" whenever someone is trying to pressure you into doing something unethical it illegal.
I told my boss at the consulting company. He started putting the screws on me. Told me we needed to do this. Told me my job was on the line. Intimated it would be hard to find a new job considering the client was the largest employer in the area. Told me he could get anyone to do it.
I had two weeks of PTO planned, during which I was supposed to come back to Pennsylvania and move my stuff out to Illinois. After my PTO, I was supposed to show back up in Illinois. Instead, I went to our HQ in PA (much to the surprise of everyone, "what are you doing here"), told the CEO what happened, and when he doubled down on doing the wrong thing, I quit on the spot, no notice period.
I learned later they did not "get anyone to do it". My actions put the contract in a lurch, the client dropped my former employer, and cancelled the project.
I feel pretty good about that one.
There have been other issues since then, but I've noticed a pattern. They always happen at places I had to talk myself into joining. There were red flags and I rationalized them away, "well, I'm just over reacting. I don't have any evidence anything is wrong here. It's just the way people talk that's bothering me. And I really need this job." Since I've gotten more stable and better about not taking jobs that show red flags, somehow the ethical issues seem to have magically gone away.
If you asked to do something fishy then document it and consult a lawyer. Don't do anything that is above the bare minimum required to cover your ass. You get nothing for doing the "right thing" and are likely to be penalized for it - word will get around and future employers have no interest in figuring out if you were right nor will they care, you will have proven to be disloyal or worse an idealist.
'You can always say no...' That is like something from a bad movie about spouse abuse. 'Just leave' plays well on TV but the reality is often that a job is someone's life. Just saying no and leaving will have real, and likely massive, harm to the person. Where do they go? What do they do? Do they actually have 6 months of savings to look for a new position and explain why they left their last one? How about the money to spend on hiring lawyers to help them? We need functioning protections for whistleblowers that are well advertised, well funded, -not- subject to the whims of whoever is in office and that actually allow people to 'just say no' and not have their lives shattered.
In 2010 WellPoint was found to be automatically targeting insurance policies of women with breast cancer for cancellation, using any pretext. Angela Braly was the CEO at the time, now at ExxonMobile. WellPoint was the second largest health insurer in the US at the time.
This required a lot of business analysis and software development - and people had to realize what this code was doing. I’m guessing bonuses were paid on the back of the “savings” this generated.
> This required a lot of business analysis and software development - and people had to realize what this code was doing
Too many people are trained to not rock the boat and not ask questions. I'm always "that guy" in pretty much every meeting I'm in. Some people like me, but many don't. It's tough. On the occasions that all my questions are already answered or I have nothing more to say it's obvious how relieved people are. It would be so easy to just be a yes man and please people all the time, but I just can't. It's easy to see how selecting for people who aren't like me would lead to an organisation that is essentially psychopathic.
Whistleblower protections need to be steel-solid. Then maybe just 1 person with a spine might be enough to get the story to the press and/or prosecutors.
Seems like a trend because you happen to focus on the gender being “interesting” - in reality we’ve always had fraud in tech and men have certainly led a ton of it.
I guess my point is: why is gender at all relevant here?
Having worked as a programmer for twenty years, most of that as a contractor (hence a different employer about once a year), I have never been asked to do anything illegal. This isn't said to mean no one is, but rather that, if you are asked to do something illegal, it is weird. It isn't the normal, messed up capitalist system, it isn't typical bureaucratic nonsense, it isn't the imperfect state of the world we live in. Most companies don't ask their programmers to do something illegal.
Therefore, if you are, you should leave that company, pronto. They're weird and probably desperate, and it is likely to get even worse. It's not normal. Get out, quickly.
I worked at NS8 in 2020 for just four months before it collapsed and the CEO was arrested for defrauding investors of $123,000,000. Just a few months ago, I got a modest payout due to a lawsuit over NS8 laying off almost everyone with just three days notice. It was very stressful to be without a job in the middle of Covid!
> The smart thing would have been to do #1. [Talk to a lawyer on how to avoid assisting a crime] [...] Here's what Singh did instead: he asked for a personal meeting with Bankman-Fried and confronted him about the missing funds.
If you're not sure something illegal is happening, you could do both. The lawyer might tell you what questions to get answered, to inform what you do next.
(But don't do talk to anyone at the company if you think there is any risk that they will try to neutralize you as a weak link. "The coverup is worse than the crime" happens in organizations with shitty people, and you might have just discovered an especially shitty person.)
As an engineer, I once told a company that it was about to accidentally do something that I suspected was seriously illegal. They were able to prevent it from happening, in time. Problem solved, no wrongdoing occurred, and no one had to quit, nor go to federal prison.
Longer ago, I once told an organization about some bad things, using the appropriate internal channels. And then I had to keep going up the chain of command, when each level would suppress it, and sometimes even retaliate. Which was a rare opportunity to realize that an organization had infected its org chart with a high degree of shittiness. I'm now a big fan of people consulting a lawyer.
On another occasion, not necessarily "illegal" was averted, but at least "big liability" was. I had reverse-engineered a customer's security-related protocol, for an integration, and found a grave vulnerability. (Critical info that must be inside the cryptographic signature envelope, was outside of it, meaning that an attacker could replay a captured message later, with changed data.) To interoperate with the customer's system, I'd need to implement the security thing in an unambiguously wrong and insecure way. So I told the appropriate person on my end, and thankfully they handled it well, and figured out how to break the news to the customer.
That time, to be sure the appropriate person understood the severity, I mentioned that, in a different engineering field (including one in the application domain), I would "lose my license or go to jail" for implementing that.
Occasionally, I briefly muse that our field could use the obligations and authority of Professional Engineers. But moments later, I realize that our field went too long without that, and I can't imagine that being implemented with integrity at this point.
Could help for some cases, but at least two of the three examples in the article were engineering directors, who are generally excluded from unionization rights in the US at least. (Other countries vary in how low-level line managers are treated by their employment laws, but the closer a manager gets to the senior executive ranks, the less those employment laws allow them to do anything akin to unionizing.)
When ordered to do something that is clearly an illegal action, you can just say no. However, in most situations your actions won't be directly illegal, but aid someone else to illegal actions.
Simply, deny to carry out the work UNLESS you are directly and clearly instructed to by EMAIL. Oh, and be sure to make this request by email as well, as a record. So send an email saying "hey i was told to do that and i am concerned about the legality, please give me clear instructions over email"
>To be fair, Singh didn’t seen totally clueless, and it seems he decided to profit on the developments. Days after he found about this fraud, he took a $3.7M loan from FTX (!!) to buy a house
53 comments
[ 0.27 ms ] story [ 71.2 ms ] threadI fully understand why this is true, but it seems to ignore any retaliative measures that the management could take against the person who says no.
With the benefit of hindsight, any such retaliation would be weaker than ending up in an orange suit. But the person has to find the guts to say "no" without that hindsight.
- Firing someone has large costs to the employer. You have the job because you are needed. Same for side-lining someone or not promoting them.
- Firing someone removes the final incentives against that person reporting the deed to the govt. It pushes that person toward reporting instead of softer "negotiated" steps such as continuing to argue for legal alternatives or discussing it with an intermediate rather than outright reporting. And many corporate legal or accounting people are amazing at finding alternative ways to achieve the same result in a not-illegal manner.
- A lawyer can help you much more once there is retaliation. The company might end up fighting both the fraud reporting AND the retaliation.
Just firing someone is not a great "solution" for the company.
Letting you believe that they will ... that's very powerful.
(and probably all this is caveat: in countries where retaliation is illegal enough and commonly taken to court or settled. which is not worldwide.)
Not that I would recommend a night's stay at a local lockup (2/5 stars, the beds are awful, the toilet facilities are worse, and the roommates leave much to be desired), but doing so certainly puts things in perspective going forward.
A) Software developers should be free to sign a code of ethics, or
B) Software developers should be compelled to sign a code of ethics, and be prevented from working if they refuse to sign, or
C) Something else.
https://www.acm.org/code-of-ethics
That can be reasonable for something like medicine or structural engineering. But is it appropriate for a developer cranking out Javascript or Excel macros? This is pulling up the drawbridge behind you, excluding anyone who comes to the profession through informal means - and in my generation, that meant almost everyone. It also means that you will need to determine how much of your time you dedicate to politics.
Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao. I compromised by quitting and reporting it to the liaison on the project (a professor). It was very stressful because if I hadn't reported it he could say that I reported those hours, not him, and I could have ended up in prison.
I think the liaison just buried it in the end.
People who work in the Valley for fifty, a hundred times more than the poorest in their own country often do not seem to feel the same way anymore.
This is not a question of abstract ethics, but a question of simple professional integrity. If the thing is bad and risks harms, you don’t do it.
It’s part of why I work for myself now; it’s not difficult to spot people who do not have a strong sense of ethics and simply not work for them. I work in a couple of fields where there are many non-ethical players, and can do so with a clear conscience.
Apropos to the article, as a programmer for this feature, what you are actually asked to do is write a greybanning engine. It can take various features (geofence, denylist of phone numbers/emails/device identifiers/payment, etc.) and use it to calculate a score that applies a greybanning policy. The policy may be that the cars in the app are now fake, the ride will never come, your CC is "denied", etc.
Nothing illegal or unethical about this feature, as written, but it is a "dual-use" technology.
The feature has been used to literally save lives. There were taxi-affiliated people in South America that would call an Uber and then, at best, trash the car and beat the driver. At worst, they'd kill the driver. Those people need to be greybanned, along with scammers, criminals, and abusive people of all sorts.
The local market administrators, however, definitely might ban users that the know to be police ticketing the drivers, might ban any account signup from the police station, might ban city credit cards, etc.
You, as the programmer on this feature, can't defend against that unethical use of it.
If you work at the insurance company and get asked to write a rules engine but not the rules, this same thing applies to you.
In this instance nothing intentionally illegal was being attempted. However, had the original claim been made it could have been considered fraud. In these sorts of situations I always ensure that the company put me in contact with the professionals that can indemnify both the company and me from any wrong doing. Provided we tell the truth.
There is lots of pressure not to take action, because of the feeling you're overreacting, because you've had things explained to you in a way that minimizes or removes the criminality, and because your job is at stake.
And crucially there is never some black and white issue. If your employer told you to murder someone, it would be easy to say no and know you did the right thing. If they tell you to incrementally go along with some grey area thing you're not sure the legal status of, it's way harder to know what to do.
People still have to be accountable for their actions of course, ignorance is no excuse. But we all should hope we're never in such a situation to begin with rather than thinking we'll know how and when to act.
If you're serious about anything, you do more than hope. You do diligence on your prospective employer before going to work for them. You think through a litany of contingencies and prepare a plan of action for each. Jobs in this industry are uniquely amenable to this by virtue of their relatively higher compensation and the autonomy often afforded to employees. If you spend an hour every day on HN, you can spend an hour meditating upon your conscience.
Predicting one's response to stressful and unexpected circumstances is hard. So try to anticipate circumstances and cultivate relevant virtues in advance.
There was a joke going around Twitter about "30 under 30 doing 30 to life", because the startups involved were getting more and more outlandish to the extent that bystanders suspected that fraud was going on. Became a Guardian article: https://www.theguardian.com/business/2023/apr/06/forbes-30-u...
Of course, a fraud can stay afloat for a lot longer than you expect. The really tricky case is when you're ordered to do something illegal or unethical for which there is substantial political cover. An executive order, for example. You cannot rely on anyone to back you up simply because of the letter of the law.
Also:
> The reality was that this was a very deliberate double charge. I could not share this fact at the time – as the company threatened me with libel after I informed them of this detail
UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
Firstly, personal costs can be high even before full-blown whistleblowing, the struggles of which are well reported. The best case is usually that you're looking for a new job. It is clear to me that that's better than committing a crime or gravely unethical action, but not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
This also goes for mental costs: I have previously come close to burnout spending months trying to rectify a clearly very bad and doomed situation. The only reward at the other end was the bitter vindication of seeing a project I deeply cared about crash and burn from afar after cutting my losses. And I personally know people who suffered far greater damage and took longer to recover from it, even in cases where they merely uncovered some big skeleton in the closet that was not even the fault of anyone currently in charge or clearly malicious. In many cases, management will be somewhere between actively complicit and themselves stuck in a bad situation with barely enough (perceived) agency to fix things the right way, which doesn't help.
Secondly, short of "going to war" and dedicating your entire life to changing something, saving yourself is usually the best you can hope for. That's obviously better than being complicit and possibly liable. I also like being able to sleep at night knowing I have principles. But if you have the righteousness to refuse to become complicit, it's quite frustrating to come to terms with the fact that you mostly won't be able to set things straight properly unless you are in a very influential position. I know that's often not really my responsibility if I'm not higher up, but it still doesn't sit right with me that I can't do more.
The client saw my first version where I marked an "indeterminate" buffer zone to account for the precision problem. They complained it was "confusing" and insisted I use the raw value without any buffer. Oh, and also, round the numbers in such a way to put all indeterminate points inside the denial zone. This would effectively add hundreds of square miles to the denial zone. A denial zone set by law, i.e. this was the some the government was allowing the insurance company to blanket deny flood coverage.
Giving them the benefit of doubt, I explained that the proposed changes didn't make mathematical sense and would over count people near the edge of the denial zone. I had access to some market data at the time and was able to estimate it would be a few thousand extra homes. They did the standard "avoid acknowledging the issue" whenever someone is trying to pressure you into doing something unethical it illegal.
I told my boss at the consulting company. He started putting the screws on me. Told me we needed to do this. Told me my job was on the line. Intimated it would be hard to find a new job considering the client was the largest employer in the area. Told me he could get anyone to do it.
I had two weeks of PTO planned, during which I was supposed to come back to Pennsylvania and move my stuff out to Illinois. After my PTO, I was supposed to show back up in Illinois. Instead, I went to our HQ in PA (much to the surprise of everyone, "what are you doing here"), told the CEO what happened, and when he doubled down on doing the wrong thing, I quit on the spot, no notice period.
I learned later they did not "get anyone to do it". My actions put the contract in a lurch, the client dropped my former employer, and cancelled the project.
I feel pretty good about that one.
There have been other issues since then, but I've noticed a pattern. They always happen at places I had to talk myself into joining. There were red flags and I rationalized them away, "well, I'm just over reacting. I don't have any evidence anything is wrong here. It's just the way people talk that's bothering me. And I really need this job." Since I've gotten more stable and better about not taking jobs that show red flags, somehow the ethical issues seem to have magically gone away.
Too many people are trained to not rock the boat and not ask questions. I'm always "that guy" in pretty much every meeting I'm in. Some people like me, but many don't. It's tough. On the occasions that all my questions are already answered or I have nothing more to say it's obvious how relieved people are. It would be so easy to just be a yes man and please people all the time, but I just can't. It's easy to see how selecting for people who aren't like me would lead to an organisation that is essentially psychopathic.
I guess my point is: why is gender at all relevant here?
Therefore, if you are, you should leave that company, pronto. They're weird and probably desperate, and it is likely to get even worse. It's not normal. Get out, quickly.
If you're not sure something illegal is happening, you could do both. The lawyer might tell you what questions to get answered, to inform what you do next.
(But don't do talk to anyone at the company if you think there is any risk that they will try to neutralize you as a weak link. "The coverup is worse than the crime" happens in organizations with shitty people, and you might have just discovered an especially shitty person.)
As an engineer, I once told a company that it was about to accidentally do something that I suspected was seriously illegal. They were able to prevent it from happening, in time. Problem solved, no wrongdoing occurred, and no one had to quit, nor go to federal prison.
Longer ago, I once told an organization about some bad things, using the appropriate internal channels. And then I had to keep going up the chain of command, when each level would suppress it, and sometimes even retaliate. Which was a rare opportunity to realize that an organization had infected its org chart with a high degree of shittiness. I'm now a big fan of people consulting a lawyer.
On another occasion, not necessarily "illegal" was averted, but at least "big liability" was. I had reverse-engineered a customer's security-related protocol, for an integration, and found a grave vulnerability. (Critical info that must be inside the cryptographic signature envelope, was outside of it, meaning that an attacker could replay a captured message later, with changed data.) To interoperate with the customer's system, I'd need to implement the security thing in an unambiguously wrong and insecure way. So I told the appropriate person on my end, and thankfully they handled it well, and figured out how to break the news to the customer.
That time, to be sure the appropriate person understood the severity, I mentioned that, in a different engineering field (including one in the application domain), I would "lose my license or go to jail" for implementing that.
Occasionally, I briefly muse that our field could use the obligations and authority of Professional Engineers. But moments later, I realize that our field went too long without that, and I can't imagine that being implemented with integrity at this point.
Simply, deny to carry out the work UNLESS you are directly and clearly instructed to by EMAIL. Oh, and be sure to make this request by email as well, as a record. So send an email saying "hey i was told to do that and i am concerned about the legality, please give me clear instructions over email"
This will calm them down.
huh...