E-mail notification (her resignation): https://i.imgur.com/AE8UtvD.png
First time it was edited: https://i.imgur.com/7N7mTC2.png
Current version: https://i.imgur.com/YjWmpGk.png
We will not tolerate Very Serious Charge X. This post did not do X, but other people did and this post says something critical of us so we removed it.
construct is quite something.
Company makes anti-consumer move.
Consumers react with backlash, including some that go off the rails.
Company issues statement: "Our staff have received harassment over this issue. We condemn harassment in any form. We will no longer discuss this issue"
Bonus points if the visible staff members among the incident are of a minority, then they get to paint all their critics as racist/sexist/whatever, rather than consumers unhappy with being nickle and dimed/recieving a product different than promised/etc
Censoring a respectful employee resignation, regardless of whatever "spin" you try to justify it with, is not a good look for your company.
You're guideline here is basically it makes gitlab look bad and you want to hide it to avoid further negative feedback. The thread is already locked so no further trolling can be posted in that thread.
> I don’t understand. This should not be an opt in or an opt out. [Telemetry] is a condition of using our product. There is an acceptance of terms and the use of this data should be included in that.
It all depends on how many GitLab employees believe strongly enough in these values, and how many are willing to take some risks and defend the company and its values.
Life as an employee shouldn't be like that. I think GitLab is in a unique situation since a lot of y'all are remote and there aren't a lot of comparable positions available.
We need more remote working opportunities, because when there are just a few, the companies that allow it are able to string along their employees.
Like a union? That could enforce a contract against management and protect its workers with a grievance process? And allow workers to strike against management practices without retaliatory fear?
Note that your employer can't terminate you for attempting to unionize in the US. I could understand those with equity being fearful of championing this (and possibly losing their lottery ticket), but if you have no equity, you have nothing to lose.
This is the first time I'm hearing this, and the people I work with certainly don't feel like htis. I suggest not saying things like "we all", when that clearly is not true.
But then they'll have to deal with the whinging of Hackernews about needlessly bringing politics into work.
glad we are in the IT business, where finding another job is pretty easy. this does probably not apply to other sectors.
That's what I'm wondering: what you call a toxic environment seems rather common in my experience. The execs make the decisions, and the developers are lucky if they even get to know what was decided. So while they can certainly look, I find it weird to be confident that they will actually find somewhere better. Gitlab just seems to be reverting to the average.
I also expect them to close up their internal discussions soon.
As for making this public we are public by default. But we are learning that anything involving countries needs to be communicated with a lot of context. Countries are a core part of people their identity.
In the future any decision involving countries will still be public but the discussion will not be.
The two are so correlated that they might as well be the same, and it strikes me as dishonest to make the distinction.
It's like saying "we don't hire people in Alabama" and "we don't hire black people".
Are those two statements equivalent?
There very well may be real reasons not to hire people in Alabama, (I'm making these up).. Onerous regulations, taxes too high, etc. Not hiring a class of people because of what they are is very different.
The whole problem at Gitlab is that nobody could articulate a concrete reason to ban people who live in Russia whereas in China they wouldn't hire them because of the Great Firewall and the block of google whose services were important to job functions.
Meanwhile more half baked features like "Auto Devops" and "Cycle Analytics" are piled on. The docker/runner based CI is barely functional and any serious project runs up against the limitations of it (and the abysmal syntax of .gitlab-ci.yml) regularly.
That isn't entirely true anymore since there is a strong fear of retaliation, so many have chosen to stay quiet.
-- Sir Arnold, Yes, Minister
Would I want an unwavering commitment to do everything in the open from my employer?
Clearly people who joined GitLab knew that was the deal and, while I see the point you're making, VC-funded code hosting (plus extras) isn't in the same league as the government.
reality is that we have public discussions about issues that cause a lot of damage to those actually involved.
public discourse prevents people from fixing mistakes and clearing up misunderstandings. once a statement is public, it is effectively no longer possible to apologize for it because there will always be some people who reject the apology and discredit it, when they even have no involvement in the actual issue.
this is the problem we have with mass media that doesn't do much solve problems but has a strong influence in driving the negotiating parties apart.
there are issues that need to be discussed on a global level, but most of what we are actually discussing does not need to be public.
Russia and China engage in state sponsored industrial espionage, hacking and sometimes destructive measures frequently. Of course others have as well, but not nearly to anything resembling the same level and scale.
It got so bad at work, we had to block the entire country subnets at our routers. I would also think that most corporations would probably not allow for this. While the recent South Park episodes show a lot of humor, they don't even scratch the surface of how bad things are and how much internal influence and coercion those countries have on their residents.
Some of the best programmers I've worked with in my career are expats from China and Russia, including running a dev team out of China a while back, but I absolutely would not want to do significant (software/development/it) infrastructure business with residents of those countries in practice. It's unfortunate in the software development space in particular.
Limiting access by regional location is something all countries and companies do, especially for sensitive data with complex security policies.
If GitLab's actions really were as you describe, they'd be in real trouble.
In a traditional organization, none of your employees will reside in country X unless you actively open an office in that country. The organization may choose to develop satisfactory IT controls and administration tools before doing so, or simply not do so at all.
For a distributed organization like Gitlab, there is a presumption that employees live where they want unless told otherwise. Hence, the pains that Gitlab is going through now.
This whole debacle is Gitlab choosing to add China and Russia to their list of exceptions.
For physical offices, it's a whitelist: if we didn't decide your country gets an office, too bad
From that point of view Gitlab’s diacussion on hiring or not employees from specific countries seems a bit old (except if it’s for paperwork reasons)
This not only changes the degree to which the foreign country can influence them, but it changes the degree to which other countries can retaliate if they act as spies.
For a recent example, see the twitter employees who were spying for Saudi Arabia.
Here it's about China and Russia. But the next day it could be government pressure on hiring bans in Pakistan or Indonesia or South Africa or Peru based on whatever countries are in a spat at the moment.
What happens to the current employees then? "Sorry, you're fired"?
I had 12+ employees there and they asked me to write down the names of 3. Those 3 would be the ones we would try to extricate from a country descending into war should that happen. Them, their wives, and their children.
How the fuck do you make that decision?
In December 2018, news broke that Charlotta Turner, Professor in Analytical Chemistry at Lund University in Sweden, arranged for mercenaries to rescue a doctoral student and his family from the Islamic State.
Organisations do this. Resources are limited.
Companies forcing employees to relocate isn't exactly new...
I don't care what your company does or what industry you are in, pretty much any decision you make is going to piss somebody off -- "you can't please all the people all the time" and all that.
This is made worse by today's highly divisive political climate. We've seen it recently where a company does something, gets attacked for it, changes their mind, then gets attacked for that.
It's bad enough for "non-transparent" companies but it's even worse for a company like GitLab -- when everyone in the world can (and will!) "attack you" for any decision you make.
GitLab's transparency will come to an end. That's bad because there are others who are sitting back, waiting to see how this "transparency experiment" turns out -- and they'll decide that operating their company in the same manner is NOT the way they should go.
I miss the days when we could agree to disagree on things and not get so damn "offended" at all the time.
Her decision to leave is obviously a personal one. Bailing over one disagreement seems a bit unsustainable from a career standpoint, but there could be a track record or she could feel exposed by the public nature of the conversation.
If you express strenuous disagreement and are in an officer role, when your "advice" is only treated as advice to follow or ignore, you have to take a stand if you believe in yourself. Because it's your head that's going to roll when this chicken comes home to roost. Better to go out with honor and preserve your integrity, in some cases.
Well, it's either that or she completely misjudged the position offered her. Seems gitlab didn't want an officer in this position but rather just a VP with an officer title.
An American living in China or Russia would be subject to the same policy of not being hired. A Chinese or Russian person living in Europe would still be eligible for employment.
Radical transparency works for small startups with heavy us-against-them cultures, a mutual agreement on who the enemy is, but when it starts facing tough challenges from the inside is when that starts to disappear.
Im talking about environments where you cant express your free opinion or have to apply to rules because of "politics".
back in the days we were just working. we cared about technology. those in control cared for money. which was absolutely fine.
today, you have to fit in some weird rules and companies play governments. if you talk negative (by eg expressing your free will) you get redacted.
thus has nothing to do with transparency btw. the transparency of gitlab can be good or can be bad. but that is another topic I guess.
in the end you will find yourself in a situation where you will realize that what you thought was your own opinion was much more a copy of what others said and what you've been told. you will give up because it isnt worth the time and you will go back to your own roots and yourself with the words: "well. guess Ive wasted a year or two."
time is the most precious thing you have in this life.
>The law provides official sanction for the intelligence services to do things long observed in their activities: coopting officials in other government agencies; compelling cooperation from PRC citizens;
I as an Australian don't appear to be facing the gulag if Scomo calls me up and asks me what the Balinese are up to (I'm in Bali) and I tell him to shove it.
Isn't censoring one of their employee to not enflame the situation would be what China/Russia would do with their citizen for the same reason? kind of an ironic situation.
Note: I have no love for the sort of thing Gitlab is doing here. It's petty.
This is a bit of a short-sighted argument, because in our times, pretty much everyone lives beyond their means, from paycheque to paycheque; if you're a tech worker in SF, you're probably not an exception to this rule, either. So, if you suddenly find yourself out of a job, and potentially unhireable due to your unwillingness to compromise on issues such as these, then how's that much different from being locked up, exiled or disappeared? And you have to remember, Epstein didn't kill himself, either.
One of these entities is a sovereign government and the other is a for profit company. I'm not sure I understand where the irony lies.
People who strongly disagree with rf/china government CAN not normally live in that countries
So normal Russian/Chinese do not have rf/china citizenship
And what does citizenship has to do with "living"?
It was never about nationality.
My speculation is there's pressure for the C suite to push this Russia and China hiring ban for some reason. Looks like the board is telling the CEO this has to happen or they're in negotiation talks to be acquired by a big company like Google who wants this to happen now and the backlash to have passed by the time it's announced. So this will happen whether it's illegal or not (and it looks like it will and is illegal) but the risk will cost less than the reward.
If they go to court they spend at most a few mil fighting it over the course of a few years and the executives walk away super rich anyway. If they don't go to court they walk away even more rich. But if they don't do it they might rely on an IPO that's looking shaky because of this bad decision making for the past 2 months. So even if it's illegal, it still makes sense to do this. It looks like an exit strategy because they will never be personally liable.
She probably sees this and knows everything going on behind the scenes, but she won't walk away super rich from this but could lose her law license by engaging in discrimination.
"The countries selected were not chosen because of legal requirements, they were not chosen based on risk, they were not chosen based on political climate (as other countries are facing heightened sanctions from the US). I do hope they were not selected because a customer asked for it - or that could violate anti-boycott laws. In fact, having no objective basis for the restrictions is not conservative - it is careless. (Please let me know immediately if a customer has requested that we not do business with any particular country as that may be a reportable event.) I recommend against proceeding until you have developed a sound basis - that gets applied equally - for any exclusion of any country."
To which VP of Engineering Eric Johnson replied:
"I appreciate your position. Please be aware there is an active, time-sensitive contract negotiation linked to this matter. And you need to advocate to the DRI that the company walk away from that contract in order to enact your proposal."
See also her further comments in .
Could this public backlash sink that deal?
Looks like there's a lot more happening privately that we don't know about and is probably why she decided to resign.
Because they're remote they can't just not open an office there so they have to restrict hiring to keep Chinese and Russians living in China and Russia out. Normally what would happen is you'd hire them but then not give them access to prod data (usually by saying it requires some background check or clearance you know they can't get) or when it's illegal not to give access, just lock the data down. The alternative is probably illegal, but it's the only one that GitLab has.
> Anticorruption laws prohibit agreements (oral or in writing) that discriminate based on various factors including nationality. The Export Administration Regulations (EAR) requires U.S. persons to "report quarterly requests they have received to take certain actions to comply with, further, or support an unsanctioned foreign boycott." So a customer simply asking to exclude a country that is not prohibited by law could potentially run afoul of the regulations (there are various caveats here but, regardless, we should not sell out diversity, inclusion and compliance for sake of profit). I should also note that under the 1976 Tax Reform Act (TRA), the behavior isn't prohibited but could result in a loss of tax benefits.
Requiring that people living in countries with no effective legal structuring in place preventing government coercion of residents not have access to data seems reasonable in certain contexts. Certainly more so for countries that are also adversarial.
I'd be surprised to find out there were real legal obstacles to this. On the surface it looks like somebody trying to build a case for their personal stance on the situation. Is she their legal council? Was this run by legal council? "Legal has concerns" would have been a power play and I don't see that..
I don't pretend to know whether restricting country of residence counts as discriminating on any of race, national origin, or nationality... but at least at first glance it seems very plausible.
Edit: And according to her linkedin she is a lawyer licensed to practice in (at least) Minnesota, i.e. she is (was) part of "legal".
So if GitLab employs Russian nationals (living outside of Russia) but bans employees of any nationality living in Russia, I'm not sure this is discrimination based on national origin.
The guesses made by HNers in this thread about what's illegal must be way off.
As you probably know, Gitlab is 100% remote employees. Surely, if I had a remote development position posted I would be under no obligation to consider a candidate in China who sent me their resume (that intends to work from China).
But Google does have offices in China now. In both Beijing and Shanghai.
#1: She shouldn't be speculating about legal liability in a non-privileged medium. Even if she's correct, the risk is too high that her statements will later be quoted out of context. Keep it in a privileged medium, ideally an in-person meeting or phone call. This is absolutely basic stuff, and I'm sure it's taught even at Mitchell Hamline.
#2: Even if you disagree with a decision, don't leave a written record that you believe your company is legally in the wrong. There are exceptions (you believe you'd be personally liable, and you want the paper trail to make it clear you didn't make the decision), but there is absolutely no reason to make that record public.
#3 (Related) Don't burn bridges on your way out the door. This isn't specific to law - it's just good professional practice. The world is smaller than you think, and you're poisoning your professional network. Doing it publicly is even worse. Why would you be willing to hire someone who has demonstrated that they will publicly torch your company if you make a significant decision they disagree with.
"In e-group on Monday October 15, 2019 we took the decision to enable a "job family country-of-residence block" for team members who have access to customer data. This is at the expressed concern of several enterprise customers, and also what is becoming a common practice in our industry in the current geopolitical climate."
It could be that better legal scrutiny during contract negotiation might have prevented this becoming an engineering, hiring and compliance concern.
Generally you don't read advice that says 'I believe doing X is illegal' because it doesn't get to that point.
I can't help but think there are other, quieter, lawyers involved.
Do you believe her actions are inconsistent with those values - or are you saying as the values are problematic, she should not have upheld them?
Her actions appear to be inconsistent with being a good lawyer.
Part (most?) of being a good lawyer is knowing when to shut up and when to tell your client to shut up.
In addition, there is some level of attorney/client privilege to consider. Quite often, two companies will have 4 sets of lawyers in the room for particularly sensitive things. Counsel for the companies and then counsel for the counsel. This ensures that what is discussed stays under attorney/client privilege.
Apparently, Gitlab operate very openly about even that kind of sensitive matter. In that situation, the whole openness would make absolutely no sense if you can't disagree in the tracking system actually used to communicate. In the context of all the details already published by all parties because of the company policy, the resignation sentence is completely benign.
Yeah, this is the only thing that makes sense to me. I'm assuming somehow she thought she was about to be on the hook for something and is ejecting with public notice to avoid the fallout.
However, I'm also more than a little concerned about her legal judgement. I really can't see how blocking employees in certain countries is illegal--especially for China and Russia. Country of residence is not a protected class, but China and Russia, specifically, have sanctions of various levels applied against them.
Gitlab on the other hand seems to be easily swayed by large contracts and willing to compromise their “remote first” values for money.
It’s also disappointing they don’t have a technical solution to this.
I suppose everyone expected the CFO to drop, instead.
I feel really bad for their employees. If I could help, I would, but Sourcehut isn't big enough to provide another employment option for them. To any GitLab employees who know something I can do to help, or just want to talk, I can lend a sympathetic and private ear at firstname.lastname@example.org.
There's many stories of companies only letting people use burner laptops if they go to China and Russia so it's not a very far fetched contract requirement.
Issues were mainly related to IP and data sovereignty.
I'm honestly not seeing what the problem is with this policy. Gitlab's reaction to the outrage has been incredibly poor, but the policy itself seems sane based on IP laws and data protection laws in certain countries.
>could violate anti-boycott laws
Does anyone know specifically which laws she's referring to? Many companies have requirements on data not being accessed by individuals outside of certain countries or being sent outside of certain countries. Others have restrictions on not bringing company property into certain countries.
* Tax Reform Act: This seems to only penalize supporting an existing boycott by another country of a third country . As there is no government boycott of Russia and China (at least not in countries these clients are from I'm guessing) this shouldn't apply.
* Export Administration Act: This also specifically says it related to boycotts conducted by a country against another country the US is friendly with .
I'm open to someone pointing out my misreading of these laws but it seems that they only apply to government mandated boycotts. So, to me, clients are free to require restrictions if there are no government boycotts in place.
Later in the comments she mentioned that the contract in question was screened and found to not actually be considered a relevant event for anti-boycotting laws. So whatever her initial concerns were, they were allayed by an actual review of the relevant request.
Reading through the conversation as a whole, it appears that the customer/contract in question didn't explicitly request Gitlab to take the course of action they decided on. Gitlab proactively decided that the action just happened to be a crude but effective way to comply in a timely fashion with the data restrictions the customer wanted, since their infrastructure itself currently doesn't have granular enough security controls around data access to comply with what the customer request was.
the attack on an area which until now couldnt care less about politics. now in the context of "free speech" we try to brake the last knowm union out there in the world. developers, who only let code speak so far.
Do not conflate ignorance with impact.
"Once ze rockets are up, who cares where they come down? That's not my department, says Wernher von Braun" https://youtu.be/QEJ9HrZq7Ro?t=16
(1) Gitlab decided they won't hire people living in certain countries
(2) This appears to be motivated by the politics of business
(3) An exec who spoke up against it tendered her resignation out of principle
(4) They're trying to suppress conversation about that
Please don't try to abstract "this is all the fault of those SJWs pushing political correctness" from this story.
I appreciate from your comments that you think it'd be just great if we could keep politics out of business and lament that the Great Culture War has come for coding, and I get it. The Great Culture War has come for everything, though. Science fiction. Movies. Video games. Furries and Bronies.
Here's the thing: this isn't the fault of a small number of loud people making things political that weren't before. All these things were always political -- we just weren't having our noses rubbed in it until relatively recently. Making your lead video game character a woman, or black, is a capital-S Statement because making them a white male is also a capital-S Statement. Trying to increase the number of women in STEM through affirmative action policies of one kind or another is obviously a capital-S Statement, but saying "hey, the fact that there are no women in science is itself proof that women just don't science well" is also a capital-S Statement. When your e-sports champion makes a capital-S Statement about Hong Kong protestors and you suspend him, suspend his camera man, and go into a massive PR defense about how gosh darn non-political you are, you are absolutely making a capital-S Statement.
As I observed before, the old Rush lyric about "when you choose not to decide, you still have made a choice" holds true whether we want it to or not. You can passionately argue that politics shouldn't affect software companies and coding jobs, but they do. "You shouldn't try to affect your employer's business practices, you should just leave if you disagree with them" may not be intended to be political, but it will have political effects just as much as the reverse will: either the employer changes business practices to be more in line with what the employees are comfortable with, or the employer ends up with employees who are comfortable with their business practices.
I don't think anyone talking about being "nonpolitical" would disagree that both of those are political acts.
Would you argue that someone who has not made a statement or evinced an opinion in either direction is still engaging in a political act?
It does not surprise me one bit that where there was smoke, there's fire and a bunch of questionable behavior is going on behind the scenes.
As an employer in a capitalistic society, you do not pay people based on value provided. You pay based on a reverse dutch auction method. This ensures you are getting an employee at the lowest possible cost, which is your financial duty. Anything more is excess expense. This is why unions are so important: to band labor together such that there is no opportunity for a prisoner's dilemma situation, where things become a race to the bottom.
It is the employer's duty to wring as much value out of an employee as possible, not to pay them for that value. Paying by value provided would introduce so much inequality it'd be awful.
So anyway, paying market rate (or the identical fraction under/over everywhere) at any location is just like having an office in every city where you don't have a WFH policy at all and employees are competing against other local employees. So gitlab employees that have self-selected to live and work in the same location, wherever it may be, are bidding themselves against other employers in that location. gitlab gets the edge over local employers who presumably would require the employee to show up at the office, for those people that don't want to go in the office at all, for whatever reason. And therefore it's justified that gitlab pays less than market because they are only selecting for those employees that value the WFH as opposed to just "work close to home". And this justification is proven because they are actually able to employ people at "less than market".
The lack of nuance in her public communication is quite strange for a lawyer. 'Retaliatory behavior' -- against whom are they retaliating and for what? A serious allegation. And other strange and strongly worded warnings of illegality, but which have no basis in law that I can see. So, bluster? Trying to win an argument?
I can't help but think that remote work is not for everybody, and especially not for lawyers.
The CFO replied it was part of a possible contract.
I'm interested in what her next job will be, as hopefully another company will value her knowledge and integrity.
2. Company raises a ton of money
4. Company appears "divorced or original morals"
There are, and always will be exceptions depending on the particular people involved, but generally if you as a company want to preserve your moral ground, do not take external funding.
And before that some anti-Microsoft people were mad in general that MS bought GitHub.
Ciresi: The countries selected were not chosen because of legal requirements, they were not chosen based on risk, they were not chosen based on political climate (as other countries are facing heightened sanctions from the US). I do hope they were not selected because a customer asked for it - or that could violate anti-boycott laws. In fact, having no objective basis for the restrictions is not conservative - it is careless. (Please let me know immediately if a customer has requested that we not do business with any particular country as that may be a reportable event.) I recommend against proceeding until you have developed a sound basis - that gets applied equally - for any exclusion of any country.
Johnson: I appreciate your position. Please be aware there is an active, time-sensitive contract negotiation linked to this matter. And you need to advocate to the DRI that the company walk away from that contract in order to enact your proposal."
I think Ciresi has been 2/2 in the recent GitLab scandals (she was also against the telemetry issue). The most obvious version of the story is now Ciresi has "gotten in the way" of sales twice now and is being retaliated upon. I'll admit, its rare to see a company flush its morals down the toilet while chasing revenue.
- GitLab announced that they were going to start including third party telemetry. This predictably annoyed developers. They made it substantially worse by originally announcing that it would be included in self-hosted enterprise versions as well (a really big no-no from many companies perspective), and by tone deaf comments from the CFO that made it clear they were going to violate the GDPR.
- GitLab started talking about not allowing people working in support rolls to live in China, Russia, and Ukraine because of security concerns brought up by a customer. No one ever really came up with a good justification for why Ukraine was on the list, so it was removed (but you will still see references to it in some of the earlier discussions). Someone noticed the discussion and posted it here (and elsewhere). Communication around what they're actually planning on doing has been pretty poor, likely partially as a result of this being noticed on their public-yet-internal issue tracker instead of being released via clearly written messages. Some people have legal concerns about it (see: anti boycott laws), some have ethical issues, others think it sounds fine. Meanwhile the issue on gitlab itself has been subjected to intense astroturfing by largely new accounts which caused it to be locked. The new development today is that the director of compliance has resigned since they are of the opinion that what they are planning to do is illegal.
Personally I think they're still pretty well regarded, but these two events in such close proximity have definitely given them a bloody nose.