[jonstewart]

I do computer forensics and have been involved with many IP theft cases. I do know what I'm talking about. "Never walk away from a former employer with code on your computer" is indeed a categorical imperative to live by.

- Never walk away from a former employer with code on your computer. - Never walk away with an employer's property. - Never walk away with a functioning email account. - Never walk away with documents. - Never walk away with paper. - Never walk away with anything. - Just walk away.

[hga]

Never walk away with a functioning email account.

That's not up to the employee, though, but the company's IT. More like - Ask them to shut down your email account, tell them you'll stop using it, and never use it again?

Ditto for VPN and any other access to their resources aside from strictly limited access of their public facing web site.

[tomasien]

Exactly. I feel like it's not worth arguing with someone taking this dogmatic approach, but a company that really wants to be in litigation with you will do what it can to convince lawyers and judges (who don't really know how the details of technology work) that you still had access to things and could steal or change them.

A great example is not removing you from cloud services - this makes them look bad but also makes you look capable of theft. It's more important that it remain possible you committed theft than not. Another is if you used a personal computer for work, as most people I know in startups do these days. If they won't supervise a deletion of the code off your computer YOU CAN NOT DELETE IT! If you are sued, you've now deleted things - what if you turn out to be the only person who had it? That's the real theft, and this has come up in real life cases I've seen - it became critical that the code WASN'T deleted.

The statement to never leave with code, email accounts, etc. is just not practical. It requires cooperation from your employer that will not exist in a situation where they're planning to try to bury you in litigation. It's a fools errand to try to pretend like there are reasonable steps the defendants should have taken - they took many reasonable steps and the plaintiffs can always find more that should have been taken.

[hga]

Agreed, although I wonder how many companies like that will also want you to still have a lot of power to hurt them; in this case, I gather the original continued access was in good faith, but that changed to bad faith as soon as the old boss saw the pitch deck. In the long run of a court case it might be useful to show they were trying to entrap you by keeping the accounts open but removing access to various things or rights, but you've already lost big if you get there.

One more trick you can do, although I doubt it will help much in such a bad faith situation---but maybe do it with your lawyer for documentation---is to change your passwords to randomly generated ones that you don't retain. E.g. run pwgen and cut and paste the password into the change and confirmation fields. If with a lawyer or notary, put them in front of the screen at the right point and have them generate the new password and enter it in, and document that you didn't and couldn't see it.

And that will remove all temptation to touch the forbidden fruit. I've done that with a few forums where I really didn't want to continue joining in the ... discussions.