IIRC, Tesla's civil complaint accuses Tripp of writing "hacking software" but doesn't mention any other effects of the software besides exfiltration of data to unspecified third parties:
> Beyond the misconduct to which Tripp admitted, he also wrote computer code to periodically export Tesla’s data off its network and into the hands of third parties. His hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties.
From the perspective of a technologist it's clumsy and imprecise language, but it's not wrong.
He wrote code that was explicitly designed to bypass the company's security and treacherously act in a way that caused damage to the company's interests, then he inserted it using other people's security credentials. The only elements missing between what he did and what a "real" hacker might have done is breach a technical security barrier rather than be a trusted employee.
I don't begrudge Tesla for portraying facts as damning as possible to the opposing party -- that's what any litigant would do (and should do, I would think, although IANAL), as long as no deliberately false statements are made. So "technically true" is fine by me. But since their investigation is still ongoing, and they haven't felt the need to divulge more specific and damning assertions, then it's fair to consider what's currently left open to interpretation.
"Wrote code" could include a wget cron job. "Bypass company's security" includes literally any activity done without company approval or authorization, including printing out files and putting them in his briefcase and walking out the building without announcing the fact.
No one is really disputing that his alleged acts were "treacherous" to the company, or that they "caused damage to the company's interests" -- that would cover every conceivable form of whistleblowing.
At this point, I don't see what it matters whether it was a "real" hack or not (though it's ironic you mention social engineering, since for too long that has been ignored as a real attack vector). He took info and disclosed it without company approval, now it's up to the courts to decide if that was legitimate and protected whistleblowing.
As to your last sentence, I think it would be difficult to argue that automated and ongoing bulk data exports could ever fit with any definition of whistle-blowing. If he had legitimate concerns, and evidence of those concerns existed in electronic form, he could have simply walked the specific evidence out of the building on a thumb drive.
That being said, we don't know exactly what data was exported, so any speculation (including my own) is rather pointless...
This article omits the crowdfunded defense and all quotes from the defendant, Martin Tripp. It also glosses over the purported issues:
> Tripp told the SEC that Tesla had installed batteries with holes punctured in them, placed battery cells too close to one another and didn’t properly affix them. ... Tripp also alleged that the company systematically reused parts that had been deemed scrap or waste in vehicles.
Is Tesla running an undercover salvage operation, to identify reusable components and reduce waste from their "totaled" cars?
Suing him after firing him was probably an immature overreaction on Tesla's part. It forced the former employee into a more-aggressive posture. Better strategy would have been (a) suing competitors he gave information to (if any) and (b) nudging a local DA to press criminal charges.
Immature overreaction? He alledgedly stole company secrets and gave them to others in a way that framed other employees at the company, and would continue to run after he left.
Assuming those charges are true, why would it be an overreaction to sue the person who did it!? That to me is the only valid reaction. This person is accused of knowingly purposefully trying to harm Tesla and help competition.
The only way this would be an overreaction is if Tesla really is guilty of doing illegal things. And in that case going to a DA would be the worst idea.
> why would it be an overreaction to sue the person who did it!? That to me is the only valid reaction
There are three reasons to sue: (1) as a deterrent, (2) to get an injunction and/or (3) to recover financial damages.
The former employee appears broke, so (3) goes out of the window. (2) is a possibility, but mitigated given he already shared the data. As for (1), unemployment + threatened criminal charges would do as much work.
Now let's look at the downsides. Tesla has Streisand effected this former employee's claims. The lawsuit will bankrupt the former employee if he can't show whistleblower status. That incentivises him to double down. At the same time, the public attention incentivises the SEC to look closer. Even without any wrongdoing, that attention is time consuming and costly.
If all this employee did was share with journalists and the SEC, the lawsuit could become a PR problem. Even if Tesla prevails, it will have dragged itself into an expensive distraction.
(a) assumes that competitors took the information knowing that it came from Tesla. And civil lawsuits can be done whether or not charges are being pressed. A lawsuit is not immature at all. He damaged the company.