> Around 2009 or 2010, the company decided to try to pull a fast one on some of us. They said that our original NDA somehow hadn't gotten signed (what?), and that we needed to re-sign it...Sure enough, they delivered, and sent me the original NDA. Note: they didn't send me AN original NDA they were using circa 2006 when I started. They sent me THE original NDA, complete with my signature from the day I started! Yes!
> So then I started reading along, doing my best to do a 'diff' in wetware, and found that they had actually added some clauses. One of them amounted to 'taint' for your personal devices. Basically, if you signed in to your corp gmail from a device, they claimed the right to audit it at any point in the future.
This kind of psychotic behavior is one reason I'll never work at a megacorp. I'm sure some smaller companies do it too, but it seems less common, and they won't have as many lawyers on retainer just waiting for the chance to justify their salary by pursuing it.
And if I ever did find myself at a company that tried to pull something like this, I'd probably quit on the spot. I won't work in an environment where I'm having to constantly watch my back.
What I don’t understand about this is they were most likely an at-will employee. So the company could have just said “new policy, sign it”.
I had an employer do this - I was working there a few years, owner came in and said “we’re doing background checks, fill this out and sign it”. I asked what happened if something came back on it, and he said that I’d be fired.
Google employees are sort of known for being willing to make stands on moral and ethical convictions. As well as advertising itself as a company that welcomes that type of person, paying as much over the local median as they do likely means many employees can afford to lose their job and have at least a few months worth of living expenses saved up. Combined, these mean Google employees are probably very likely to make a stink about something if you trigger those traits, IMO.
Sometimes, how you say it is as or more important than what you say. Giving benign plausible explanations for red flag behavior is expected from big corporations. This isn't their first rodeo, or at least not for the people they've staffed that deal with this.
I can confirm based on my experience that smaller companies do it this too. They may not have many lawyers on retainer but being small, they can (threaten to) walk you out immediately with no consequences, cut-and-paste irrelevant passages from other companies in the new NDA, and other assorted unnecessary nonsense.
A couple of days ago I was talking with my wife about events in Afghanistan, and saying how life is going to get a lot worse for women and girls under the Taliban.
She replied, "yes, but everyone has their oppressors"*, to which I quipped, "yes, ours is HR".
----
* Some context here. My wife is Māori. For North Americans, think "First Nations". Oppressors? We got 'em. Most of us are them.
This has always been required for the mega-contracts I've had to sign, which have sometimes spanned hundreds of pages. Not only initial each page, but to have the pages cascaded so there's initials running over the margin of consecutive pages - this was required.
I had a job where I lived on planes and in airports (this was just before smartphones existed). The first day on the job, I logged in to the corporate network. It told me bluntly `This is the BigCorp network; there is no right to privacy'. The entire time I was there, I travelled with two laptops.
I don't blame BigCorp for their policies; their equipment, their rules. But I strongly recommend separating the use of business and personal devices.
And, no, if an employer demanded I install an app on my personal phone, I'd refuse.
>if an employer demanded I install an app on my personal phone, I'd refuse.
I did that once. In very polite terms I told them that I like to keep personal and work activity separate as much as possible for personal and work security reasons and that if they issued me a phone with an app I'd be happy to carry it.
I got a very positive response. Ultimately they didn't think it was worth issuing me a phone and everyone went on happily.
Do you really consider your payslips as work stuff? From a legal point of view it seems unlikely that they could claimed your device was used for work if it was used to transmit payslips. To me this doesn't seem comparable to having Slack/Email on your personal phone which means that some corporate possibly classified info made it to your device.
> which needs to be installed on a personal phone of course
I personally have never had a request for a company-provided work phone/tablet denied, if they required me to do anything on my personal phone that was critical for work.
If they ask why, I tell them I have a BlackBerry :) never been a problem
The day I needed to install anything on my phone for my mega-corp employer I went out and bought the cheapest Android phone I could find.
What was an interesting discovery was that PingID doesn't require a cellular data connection to work, so I was able to use the phone unregistered (so no network charge) and permanently in flight mode (to preserve the battery).
Even now after leaving that company I still haven't registered the phone or taken it off flight - I just connect to a personal wi-fi as necessary.
I did this at my current employer (NZ govt uses shitty third party services which really want to invade your privacy). Basically, nope, I'm not installing this closed source third party app (whose only job is to issue MFA tokens for access to the intranet) onto my personal phone. If you want me to install it, give me a separate phone. After a lot of finagling I finally learned this was just TOTP, and there was a way to get my TOTP seed so I could use any old TOTP client. No indication of this while talking to support or looking at the registration website, of course.
Just today (possibly related) someone else tweeted:
Sooo, #Apple has pics of my boobs. During a discovery thing 3yr ago, legal forced me to hand-over all my texts. They refused to let me delete anything, even "fully personal," even when I said "by fully personal I mean nudes." They said they're in their "permanent evidence locker"
I questioned this aggressively. Apple R&D pressures us to have one iPhone for work & personal (so we can "live on" / dogfood). I said, if there's texts that aren't with employees and have nothing to do with work, I should be able to delete them or at least attachments. "Nope."
Apple already had her (and everyone else who iMessages) nudes: iCloud Backup is not e2e and is on by default and escrows either the iMessage plaintext or the iMessage sync keys to Apple, encrypted with Apple keys.
Apple can read all of the stuff you text or iMessage if you (and all the people you text with) haven't disabled iCloud Backup.
This goes for every iOS device in the world, not just Apple corporate ones.
They even have my nudes (despite my not using iMessage, SMS, or iCloud) because I send them sometimes on Signal to people who save them in their iOS camera roll and have iCloud still enabled by default. (iCloud Photos, like iCloud Backup, is also not e2e.)
(If your employer is pressuring you to do something you are not legally required to do and don't want to, it should immediately sound alarm bells and harder personal boundary defense.)
> If your employer is pressuring you to do something you are not legally required to do and don't want to
One should always put a price on actions your employer wants you to do, so that there's an economic back pressure. For example, if an employer forces you to use work phone as a personal phone for dogfooding purposes, you must extract a price out of your employer for giving up this privacy. Or quit, if the price the employer is too high for an employer to pay.
> I realize that many people do not have the option to just go and drop a couple hundred bucks on an additional phone and then add another $100/mo to their budget for the service.
I'd never pay a monthly fee for a work-only device. If they give me a work-only device, it should come with a data plan. If they don't give me a work-only device but want me to sign over access to my personal device, then I'll use an old device and just use wifi. No way I'm paying a separate monthly fee because my employer puts me between a rock and a hard place.
I took that to mean, not everyone who is provided a corporate device can afford a separate personal device and plan. I've never heard of a corporate device coming without a plan paid by corporate.
Agree that corporate devices typically come with data plans. I took the $100 bit as a reference to the Lyft situation, where she was required to load a bunch of apps onto a mobile phone, but wasn't given a work device. So she bought a dedicated device with a one-time cost and apparently paid an ongoing monthly fee as well.
Can you be more specific? I pay over here €10/month (phone not included) for unlimited calls and text in all EU and many other places abroad plus 100GB (I have an old plan, now it's 120GB for the same price) locally with decent coverage, and consider myself lucky. Actually there are cheaper options, although those companies have been a lot less user friendly. With this one (iliad.it) at least I can use a prepaid card to avoid unpleasant surprises and cancel anytime in a click.
This seems quaint to me. The real reason to not use a personal device for work is discovery. As soon as you do work someone can trace back to that device, there’s the potential for someone to seek a warrant for that device. Even if it’s some chucklehead you don’t even know within the corporation who’s being investigated, all you had to do was send an email to someone they sent an email to. And now the courts can demand your stuff. Let’s assume everything everyone does is perfectly legal, it’s still a massive inconvenience tax, and that alone is a good reason to not do it. I carry two phones and two machines (Corp laptop, personal iPad). They want me, they can give me the machines to contact me.
> If you're like the younger version of me and can't afford to pick up another phone just to keep your work and personal lives separate, you may have to make some compromises in the name of not rocking the boat with your employer. If this happens, don't feel too bad about it. Every day, people have to suck it up and deal with relatively sketchy treatment from their employers, and can't speak up without fear of reprisal.
Or, you know, we could also get the most egregious behavior banned.
Once again these are technical solutions chasing a regulatory problem. Does it work? Sure, if you have the time, the money, the sophistication, and do everything perfectly in advance of an unlikely event.
If you want to help most people, update the rules.
Unions aren't a technical solution. They are the natural opposing force. The state and corporations are nearly one, they cooperate, sometimes at the expense of individual companies to maintain labor peace.
The most interesting thing about this is the linked article about the employer that tried a bit of sharp practice to insert additional clauses into the NDA: https://rachelbythebay.com/w/2011/11/09/signs/
There's definitely a few morals to this story (but note: not legal advice! I am not a lawyer!):
1. You should keep your own copy of anything you sign as part of your employment contract.
2. You should maybe keep a record of when you handed that to your employer ("I did in fact sign a copy of the NDA when I began my employment, and handed it to [person] on [date]. I hope this helps you to locate it.")
3. If the NDAs are so long that it would be impractical to visually diff them, you can just ask the company: "Can you please ask [name of company lawyer] to send me an email confirming that this is the same NDA that I signed at the beginning of my employment on [date]?" If they do, and then later rely on a clause that has been inserted, I suspect they would have a hard time convincing a court to enforce that clause.
4. In the author's situation, they sound like they were over a bit of a barrel economically and it's hard to push back in that situation. If you are willing to push back, remember that your employer is asking for something from you, i.e. a change to your contract. And if that change is that they can audit your personal devices, that is not a small concession! "This NDA does differ substantially from the one I originally signed, and would represent a significant change in the conditions of my employment. I understand if the company has new security concerns, and I am willing to work constructively to find an acceptable solution. For instance, if you are uncomfortable with me being able to access work e-mail on my personal device, you can issue me with a separate device over which you would have auditing rights."
I once had a company ask everyone to sign updated employment contracts that changed the vacation policy to "unlimited PTO".
So I opened up my original contract and compared them... and wouldn't you believe it? There were other changes in the contract: they'd added non-compete and non-solicit clauses, and tweaked the IP language to make it broader.
I talked to the company lawyer to ask for an explanation, and they became very embarrassed and they walked back all those changes, claiming that they'd used a new law firm and this happened because that firm had used their "standard boilerplate". They sent everyone a new copy with just the PTO change.
Of course, then I refused to sign the updated one, because I'm a jerk who thinks "unlimited PTO" is a scam. :)
> Of course, then I refused to sign the updated one, because I'm a jerk who thinks "unlimited PTO" is a scam.
Unlimited PTO is only a scam if you are a) bad at taking care of yourself, and b) have a shitty manager.
I've been taking every other Friday off since last summer, and in addition to that take 4-5 weeks off during the year (a week or two at a time). Hasn't been a problem because I get my work done, and I have a manager who understands we all need downtime to be healthy (and productive).
In my experience, most of the people who end up taking less time off when their company switches unlimited PTO are just bad at taking care of themselves, and (incorrectly) believe they'll be penalized for taking time off.
I'd add to also keep a copy of any substantial agreement/clarification alongside the proper legal paperwork. The PTO wording was a bit confusing, you ask for clarification and they tell you it's 21 work days and not 3 natural weeks? Keep a copy of those email/slack/etc., preferably one from HR and one from your manager where they both agree. Just push them in the same binder, they are probably not so many situations to make this bothersome but it can be helpful.
Luckily I've never needed it in any kind of legal situation, but a couple of times they saved me of a "he said she said" kinda conversation.
Actually maybe I should also add: keep not just the text of those e-mails, but also the from, to, date fields etc. If you ever get into a I-said / they-said about this, your employer might claim that your e-mails are a fabrication. If you get as far as a discovery process, and the company has to turn over e-mail records, that's going to make it much easier to locate the e-mail in question.
"I did in fact sign a copy of the NDA when I began my employment, and handed it to [person] on [date]. I hope this helps you to locate it."
I'm not sure how important this is. Of course they still have the old NDA, and in any perjury situation they would readily admit that. Managers and (especially) HR people regularly "fib" (synonym of "lie") in hopes of distracting attention from the monstrous demands of capital. If an employee made a big stink, that employee would be reminded that employment is at-will and thus contingent on signing whatever is required at any time. The worst NDA amendments could possibly be contested in court, if one wants to spend five figures on attorneys. Probably a better way to avoid surprise "renegotiations" is to unionize...
A union is definitely the gold-standard defense against nonsense like this. But a lot of places have significantly higher employment protections that the US.
Remember, it's not always you that has to go to court to fight an NDA clause though. If you've resigned, and the company is insisting that it can search your devices because the NDA says so, the company is the one that needs to convince a judge to grant a court order allowing it to do so. (Again: not legal advice! But my understanding is that's how most contract rights need to be enforced.)
>If an employee made a big stink, that employee would be reminded that employment is at-will
This applies to the US only. I wonder if American employees understand that their employers exist/operate in the EU too and the employees there are treated very differently vis a vis employment rights.
New contract changes are unenforceable without compensation in most cases. If you're getting a new NDA or somesuch rolled out it's why it usually comes with "Free 10$ starbucks gift cards for everyone surprise!" but a lot of the time any contract you sign that does nothing to benefit you is illegal - you can also refuse to sign new contracts and, depending on the company, they might just shrug and carry on with the old contract.
Readit News
> So then I started reading along, doing my best to do a 'diff' in wetware, and found that they had actually added some clauses. One of them amounted to 'taint' for your personal devices. Basically, if you signed in to your corp gmail from a device, they claimed the right to audit it at any point in the future.
This kind of psychotic behavior is one reason I'll never work at a megacorp. I'm sure some smaller companies do it too, but it seems less common, and they won't have as many lawyers on retainer just waiting for the chance to justify their salary by pursuing it.
And if I ever did find myself at a company that tried to pull something like this, I'd probably quit on the spot. I won't work in an environment where I'm having to constantly watch my back.
I had an employer do this - I was working there a few years, owner came in and said “we’re doing background checks, fill this out and sign it”. I asked what happened if something came back on it, and he said that I’d be fired.
Sometimes, how you say it is as or more important than what you say. Giving benign plausible explanations for red flag behavior is expected from big corporations. This isn't their first rodeo, or at least not for the people they've staffed that deal with this.
Deleted Comment
She replied, "yes, but everyone has their oppressors"*, to which I quipped, "yes, ours is HR".
----
* Some context here. My wife is Māori. For North Americans, think "First Nations". Oppressors? We got 'em. Most of us are them.
Nope, at best you are the partial descendents of an oppressor. As of course, are almost every Maori.
Guilt is not inherited. Stop loathing yourself.
Ooops I dropped it.
I don't blame BigCorp for their policies; their equipment, their rules. But I strongly recommend separating the use of business and personal devices.
And, no, if an employer demanded I install an app on my personal phone, I'd refuse.
I did that once. In very polite terms I told them that I like to keep personal and work activity separate as much as possible for personal and work security reasons and that if they issued me a phone with an app I'd be happy to carry it.
I got a very positive response. Ultimately they didn't think it was worth issuing me a phone and everyone went on happily.
It’s increasingly common for employers to give payslips via a smartphone app; which needs to be installed on a personal phone of course.
I’m one of the very few people to make a stink about it. But they’ve accommodated me after a lot of back and forth.
I personally have never had a request for a company-provided work phone/tablet denied, if they required me to do anything on my personal phone that was critical for work.
If they ask why, I tell them I have a BlackBerry :) never been a problem
What was an interesting discovery was that PingID doesn't require a cellular data connection to work, so I was able to use the phone unregistered (so no network charge) and permanently in flight mode (to preserve the battery).
Even now after leaving that company I still haven't registered the phone or taken it off flight - I just connect to a personal wi-fi as necessary.
Sooo, #Apple has pics of my boobs. During a discovery thing 3yr ago, legal forced me to hand-over all my texts. They refused to let me delete anything, even "fully personal," even when I said "by fully personal I mean nudes." They said they're in their "permanent evidence locker"
I questioned this aggressively. Apple R&D pressures us to have one iPhone for work & personal (so we can "live on" / dogfood). I said, if there's texts that aren't with employees and have nothing to do with work, I should be able to delete them or at least attachments. "Nope."
https://twitter.com/ashleygjovik/status/1428495420917837826
Apple can read all of the stuff you text or iMessage if you (and all the people you text with) haven't disabled iCloud Backup.
This goes for every iOS device in the world, not just Apple corporate ones.
They even have my nudes (despite my not using iMessage, SMS, or iCloud) because I send them sometimes on Signal to people who save them in their iOS camera roll and have iCloud still enabled by default. (iCloud Photos, like iCloud Backup, is also not e2e.)
(If your employer is pressuring you to do something you are not legally required to do and don't want to, it should immediately sound alarm bells and harder personal boundary defense.)
One should always put a price on actions your employer wants you to do, so that there's an economic back pressure. For example, if an employer forces you to use work phone as a personal phone for dogfooding purposes, you must extract a price out of your employer for giving up this privacy. Or quit, if the price the employer is too high for an employer to pay.
Who knew.
I'd never pay a monthly fee for a work-only device. If they give me a work-only device, it should come with a data plan. If they don't give me a work-only device but want me to sign over access to my personal device, then I'll use an old device and just use wifi. No way I'm paying a separate monthly fee because my employer puts me between a rock and a hard place.
Also, MVNOs are $20/mo, not $100.
Deleted Comment
Deleted Comment
The companies that do not do that are exposing themselves to unnecessary legal risk in the future.
https://twitter.com/ashleygjovik/status/1428495420917837826?...
It's a damn shame, and a good reason to never, ever mix work and personal devices.
Great reason to join a union.
Once again these are technical solutions chasing a regulatory problem. Does it work? Sure, if you have the time, the money, the sophistication, and do everything perfectly in advance of an unlikely event.
If you want to help most people, update the rules.
There's definitely a few morals to this story (but note: not legal advice! I am not a lawyer!):
1. You should keep your own copy of anything you sign as part of your employment contract.
2. You should maybe keep a record of when you handed that to your employer ("I did in fact sign a copy of the NDA when I began my employment, and handed it to [person] on [date]. I hope this helps you to locate it.")
3. If the NDAs are so long that it would be impractical to visually diff them, you can just ask the company: "Can you please ask [name of company lawyer] to send me an email confirming that this is the same NDA that I signed at the beginning of my employment on [date]?" If they do, and then later rely on a clause that has been inserted, I suspect they would have a hard time convincing a court to enforce that clause.
4. In the author's situation, they sound like they were over a bit of a barrel economically and it's hard to push back in that situation. If you are willing to push back, remember that your employer is asking for something from you, i.e. a change to your contract. And if that change is that they can audit your personal devices, that is not a small concession! "This NDA does differ substantially from the one I originally signed, and would represent a significant change in the conditions of my employment. I understand if the company has new security concerns, and I am willing to work constructively to find an acceptable solution. For instance, if you are uncomfortable with me being able to access work e-mail on my personal device, you can issue me with a separate device over which you would have auditing rights."
So I opened up my original contract and compared them... and wouldn't you believe it? There were other changes in the contract: they'd added non-compete and non-solicit clauses, and tweaked the IP language to make it broader.
I talked to the company lawyer to ask for an explanation, and they became very embarrassed and they walked back all those changes, claiming that they'd used a new law firm and this happened because that firm had used their "standard boilerplate". They sent everyone a new copy with just the PTO change.
Of course, then I refused to sign the updated one, because I'm a jerk who thinks "unlimited PTO" is a scam. :)
Unlimited PTO is only a scam if you are a) bad at taking care of yourself, and b) have a shitty manager.
I've been taking every other Friday off since last summer, and in addition to that take 4-5 weeks off during the year (a week or two at a time). Hasn't been a problem because I get my work done, and I have a manager who understands we all need downtime to be healthy (and productive).
In my experience, most of the people who end up taking less time off when their company switches unlimited PTO are just bad at taking care of themselves, and (incorrectly) believe they'll be penalized for taking time off.
Luckily I've never needed it in any kind of legal situation, but a couple of times they saved me of a "he said she said" kinda conversation.
Actually maybe I should also add: keep not just the text of those e-mails, but also the from, to, date fields etc. If you ever get into a I-said / they-said about this, your employer might claim that your e-mails are a fabrication. If you get as far as a discovery process, and the company has to turn over e-mail records, that's going to make it much easier to locate the e-mail in question.
I'm not sure how important this is. Of course they still have the old NDA, and in any perjury situation they would readily admit that. Managers and (especially) HR people regularly "fib" (synonym of "lie") in hopes of distracting attention from the monstrous demands of capital. If an employee made a big stink, that employee would be reminded that employment is at-will and thus contingent on signing whatever is required at any time. The worst NDA amendments could possibly be contested in court, if one wants to spend five figures on attorneys. Probably a better way to avoid surprise "renegotiations" is to unionize...
Remember, it's not always you that has to go to court to fight an NDA clause though. If you've resigned, and the company is insisting that it can search your devices because the NDA says so, the company is the one that needs to convince a judge to grant a court order allowing it to do so. (Again: not legal advice! But my understanding is that's how most contract rights need to be enforced.)
This applies to the US only. I wonder if American employees understand that their employers exist/operate in the EU too and the employees there are treated very differently vis a vis employment rights.