[arminiusreturns]

I agree. Let me tell you about what just happened to me. After a very public burnout and spiral, a friend rescued me and I took a part time gig helping a credit card processing company. About 2 months ago, the owner needed something done while I was out, and got their uber driver to send an email. They emailed the entire customer database, including bank accounts, socials, names, addresses, finance data, to a single customer. When I found out, (was kept hidden from me for 11 days) I said "This is a big deal, here are all the remediations and besides PCI we have 45 days by law to notify affected customers." The owner said "we aren't going to do that", and thus I had to turn in my resignation and am now unemployed again.

So me trying to do the right thing, am now scrambling for work, while the offender pretends nothing happened while potentially violating the entire customer base, and will likely suffer no penalty unless I report it to PCI, which I would get no reward for.

Why is it everywhere I go management is always doing shady stuff. I just want to do linuxy/datacentery things for someone who's honest... /cry

My mega side project isn't close enough to do a premature launch yet. Despite my entire plan being to forgo VC/investors, I'm now considering compromising.

[aftbit]

>Why is it everywhere I go management is always doing shady stuff.

Well here's a cynical take on this - management is playing the business game at a higher level than you. "Shady stuff" is the natural outcome of profit motivation. Our society is fundamentally corrupt. It is designed to use the power of coercive force to protect the rights and possessions of the rich against the threat of violence by the poor. The only way to engage with it AND keep your hands clean is to be in a position that lets you blind yourself to the problem. At the end of the day, we are all still complicit in enabling slave labor and are beneficiaries of policies that harm the poor and our environment in order to enrich our lives.

>unless I report it to PCI, which I would get no reward for.

You may be looking at that backwards. Unless you report it to PCI, you are still complicit in the mishandling of the breach, even though you resigned. You might have been better off reporting it over the owner's objections, then claiming whistleblower protections if they tried to terminate you.

This is not legal advice, I am not a lawyer, I am not your lawyer, etc.

[arminiusreturns]

I did verify with an attorney that since I wasn't involved and made sure the owner knew what was what, that I had no legal obligations to disclose.

[HansardExpert]

What about your moral obligation?

[arminiusreturns]

People are so quick to judge without knowing the details, the situation is more complex than I'm willing to go into here, and I'm comfortable with my decision.

[aftbit]

That's totally fair. After all, laws are about what people will force you to do using (the threat of) violence, while ethics and morals are about how you personally navigate the world, and a bit about how people will try to shame or socially compel you. If you are comfortable with your decision, that's all that really matters at the end of the day.

[positus]

The problem isn't society or profit motivation. It's people. Humanity itself is corrupt. There aren't "good people" and "bad people". There's only "bad people." We're all bad people, just some of us are more comfortable with our corruption being visible to others to a higher degree.

[ragnese]

> We're all bad people, just some of us are more comfortable with our corruption being visible to others to a higher degree.

If the GP's story is true (and I have no reason to suspect otherwise), then there are clearly differences in the degree of "badness" between people. GP chose to resign from his job, while his manager chose to be negligent and dishonest.

So, even if we're all bad people, there are less bad and more bad people, so we might as well call the less bad end of the spectrum "good". Thus, there are good and bad people.

[positus]

I understand your perspective, but I maintain that "good" (morally pure) isn't a category any of us belong to. We're all lying, hateful people to one extent or another, and lying hateful people aren't "good", even if we haven't lied or hated as much as other lying, hateful people. "Less evil" isn't synonymous with "good".

The argument that profit motivation is the origin of shady business practices ignores the existence of those businesses which pursue profit in an ethical manner. The company I work for, for instance, is highly motivated to produce a profit, but the way we go about obtaining that profit is by providing our customers with products that have real value, at fair (and competitive) prices, and by providing consistently excellent customer support. Our customers are *very* satisfied with our products and services, and they show their satisfaction with extreme brand loyalty. The profit we make year over year allows us to increase the quality of life for our employees, and keeps our employees highly motivated towards serving our customers. We pursue the good of our customers alongside our own, and we avoid shady business practices like the plague.

[Ajedi32]

  as it is written:

    None is righteous, no, not one;
      no one understands;
      no one seeks for God.
 
    All have turned aside; together they have become worthless;
      no one does good,
      not even one.

Romans 3:10-12

[BlueTemplar]

Your attempt of making the situation seem to be asymmetric by arbitrarily defining "good" as absolute good, while "evil" as everything else - is unconvincing. (Why not the opposite - which would also be ridiculous ?)

[positus]

It's like a glass of pure water. If there is anything else in the glass, it can no longer be called a glass of pure water. Likewise, the presence of evil of any quantity or quality in a person disqualifies them from being good. Apple trees do not yield blueberries, and good men do not do evil things. So if we discern in our thoughts, words, and actions the presence of evil, we can know with absolute certainty that we, too, are evil.

Or is it supposed that hating each other, lying to one another, stealing from one another, murdering one another, failing to fulfill contract, covenant, and commitment to one another are things that should be considered good?

[aftbit]

See also "The Good Place" which is an absolute sleeper of a TV show.

[throwaway92024]

No. There are no good or bad people. But people do good or bad things, all the time.

[BehindBlueEyes]

This. Also, the world isn't black and white. Good and Evil are overly simplistic categories that aren't constructive. Just because one person does something wrong, it doesn't have to define them or negate the good they do in other areas.

[idle_zealot]

What is this even supposed to mean? Profit motivation is a concept invented by humans for humans to apply. If it leads to unexpected or undesirable outcomes then it's a bad idea. A system that requires all participants be paragons of some definition of virtue to produce good results is fundamentally unsuited for human beings.

[ValentinA23]

The DOJ has just launched a corporate whistleblower program, you should look into it maybe it covers your case:

https://www.justice.gov/criminal/criminal-division-corporate...

>As described in more detail in the program guidance, the information must relate to one of the following areas: (1) certain crimes involving financial institutions, from traditional banks to cryptocurrency businesses; (2) foreign corruption involving misconduct by companies; (3) domestic corruption involving misconduct by companies; or (4) health care fraud schemes involving private insurance plans.

>If the information a whistleblower submits results in a successful prosecution that includes criminal or civil forfeiture, the whistleblower may be eligible to receive an award of a percentage of the forfeited assets, depending on considerations set out in the program guidance. If you have information to report, please fill out the intake form below and submit your information via CorporateWhistleblower@usdoj.gov. Submissions are confidential to the fullest extent of the law.

[TinyRick]

Why would you resign? You could have reported it yourself and then you would have whistleblower protections - if the company retaliated against you (e.g. fired you), you then would have had a strong lawsuit.

[arminiusreturns]

Because I don't want to be associated with companies that break the law and violate regulations knowingly. I've long had a reputation of integrity, and it's one of the few things I have left having almost nothing else.

[TinyRick]

So you would rather be known as someone who had an opportunity to report a violation, and chose not to? From my perspective it seem like you decided against acting with integrity in this situation - the moral thing would have been to report the violation, but you chose to look the other way and resign.

[1659447091]

> it seem like you decided against acting with integrity in this situation ... you chose to look the other way and resign.

I agree with this statement.

This isn't a judgement, we all have to make choices; the "right" choice (the one that aligns with integrity) is usually the one that will be the least self-serving and even temporarily harmful. They did what was right for them, that's okay, but it was not the choice of integrity.

[Dylan16807]

How is quitting right for them? They chose a path that's bad for the users and bad for them.

[1659447091]

Because that is the choice they made for themselves.

How it plays out after is another matter entirely. But the choice was what they seemed to think was right, for them, at the time. Thus it was the right choice for them. It doesn't mean it was the right choice in terms of integrity, or the right choice for me, or you or anyone whose data got caught up in it. Nor was it right choice in receiving a paycheck the next week.

But the way it was explained, it doesn't seem like they went out of their way to pick a "wrong" choice, specifically. They picked what they felt was the right one, for them, at that time. There were less ethical options to choose as well, and those were not picked either.

[qup]

I wonder if I was part of the database that got emailed.

[arminiusreturns]

Very unlikely, this is a very small operation with a tiny customer base.

[mikeodds]

As in.. his actual Uber driver? He just handed his laptop over?

[arminiusreturns]

Yes. The owner is old, and going blind, but refuses to sell or hand over day to day ops to someone else, and thus must ask for help on almost everything. I even pulled on my network to find a big processor with a good reputation to buy the company, but after constant delays and excuses for not engaging with them, I realized to the owner the business is both their "baby" and their social life, neither of which they want to lose.