7 comments

  • hamiltont 75 days ago

    A better title would mention this is an Ex-Tesla worker currently being sued by Tesla...

    I'm not saying there is no story to be read, in fact I plan to look in depth a bit later, but the current title is somewhat misleading

    • laveur 75 days ago

      More importantly it should mention that he was caught red handed stealing company secrets and sending them to others. This one is a bit better coverage of it: https://arstechnica.com/tech-policy/2018/07/tesla-whistleblo...

      • jonknee 75 days ago

        > More importantly it should mention that he was caught red handed stealing company secrets and sending them to others

        That is a roundabout way of describing a whistleblower. He didn't give information to competitors, he gave it to journalists and the SEC.

      • danso 75 days ago

        IIRC, Tesla's civil complaint accuses Tripp of writing "hacking software" but doesn't mention any other effects of the software besides exfiltration of data to unspecified third parties:

        https://arstechnica.com/tech-policy/2018/06/tesla-sues-emplo...

        > Beyond the misconduct to which Tripp admitted, he also wrote computer code to periodically export Tesla’s data off its network and into the hands of third parties. His hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties.

        • sjwright 75 days ago

          From the perspective of a technologist it's clumsy and imprecise language, but it's not wrong.

          He wrote code that was explicitly designed to bypass the company's security and treacherously act in a way that caused damage to the company's interests, then he inserted it using other people's security credentials. The only elements missing between what he did and what a "real" hacker might have done is breach a technical security barrier rather than be a trusted employee.

          • danso 75 days ago

            I don't begrudge Tesla for portraying facts as damning as possible to the opposing party -- that's what any litigant would do (and should do, I would think, although IANAL), as long as no deliberately false statements are made. So "technically true" is fine by me. But since their investigation is still ongoing, and they haven't felt the need to divulge more specific and damning assertions, then it's fair to consider what's currently left open to interpretation.

            "Wrote code" could include a wget cron job. "Bypass company's security" includes literally any activity done without company approval or authorization, including printing out files and putting them in his briefcase and walking out the building without announcing the fact.

            No one is really disputing that his alleged acts were "treacherous" to the company, or that they "caused damage to the company's interests" -- that would cover every conceivable form of whistleblowing.

            At this point, I don't see what it matters whether it was a "real" hack or not (though it's ironic you mention social engineering, since for too long that has been ignored as a real attack vector). He took info and disclosed it without company approval, now it's up to the courts to decide if that was legitimate and protected whistleblowing.

            • sjwright 75 days ago

              No disagreement here.

              As to your last sentence, I think it would be difficult to argue that automated and ongoing bulk data exports could ever fit with any definition of whistle-blowing. If he had legitimate concerns, and evidence of those concerns existed in electronic form, he could have simply walked the specific evidence out of the building on a thumb drive.

              That being said, we don't know exactly what data was exported, so any speculation (including my own) is rather pointless...

            • threeseed 75 days ago

              If you are a whistleblower then by definition you need to bypass the company's security and cause damage to the company's interest.

              The real issue is whether he is a legitimate whistleblower not the acts that he did in order to provide the data to journalists.

            • manicdee 75 days ago

              What do you want the software to do other than exfiltrate data in order to count as “hacking software”?

            • stephengillie 75 days ago

              > This one is a bit better coverage of it

              This article omits the crowdfunded defense and all quotes from the defendant, Martin Tripp. It also glosses over the purported issues:

              > Tripp told the SEC that Tesla had installed batteries with holes punctured in them, placed battery cells too close to one another and didn’t properly affix them. ... Tripp also alleged that the company systematically reused parts that had been deemed scrap or waste in vehicles.

              Is Tesla running an undercover salvage operation, to identify reusable components and reduce waste from their "totaled" cars?

              • mchahn 75 days ago

                > Is Tesla running an undercover salvage operation, to identify reusable components and reduce waste from their "totaled" cars?

                The economics of the situation would say no. The number of "totaled" teslas is a tiny fraction of the number they are producing.

            • 75 days ago
              [deleted]
              • JumpCrisscross 75 days ago

                > currently being sued by Tesla

                Suing him after firing him was probably an immature overreaction on Tesla's part. It forced the former employee into a more-aggressive posture. Better strategy would have been (a) suing competitors he gave information to (if any) and (b) nudging a local DA to press criminal charges.

                • Klathmon 75 days ago

                  Immature overreaction? He alledgedly stole company secrets and gave them to others in a way that framed other employees at the company, and would continue to run after he left.

                  Assuming those charges are true, why would it be an overreaction to sue the person who did it!? That to me is the only valid reaction. This person is accused of knowingly purposefully trying to harm Tesla and help competition.

                  The only way this would be an overreaction is if Tesla really is guilty of doing illegal things. And in that case going to a DA would be the worst idea.

                  • JumpCrisscross 75 days ago

                    > why would it be an overreaction to sue the person who did it!? That to me is the only valid reaction

                    There are three reasons to sue: (1) as a deterrent, (2) to get an injunction and/or (3) to recover financial damages.

                    The former employee appears broke, so (3) goes out of the window. (2) is a possibility, but mitigated given he already shared the data. As for (1), unemployment + threatened criminal charges would do as much work.

                    Now let's look at the downsides. Tesla has Streisand effected this former employee's claims. The lawsuit will bankrupt the former employee if he can't show whistleblower status. That incentivises him to double down. At the same time, the public attention incentivises the SEC to look closer. Even without any wrongdoing, that attention is time consuming and costly.

                    If all this employee did was share with journalists and the SEC, the lawsuit could become a PR problem. Even if Tesla prevails, it will have dragged itself into an expensive distraction.

                    • koonsolo 75 days ago

                      You are forgetting the upside that the next guy who will try to pull this stunt, will know that Tesla will not just let it slip away.

                    • threeseed 75 days ago

                      > He alledgedly stole company secrets and gave them to others

                      Is there any evidence he gave them to competitors or did anything other than act as a whistleblower ?

                    • asdsa5325 75 days ago

                      (a) assumes that competitors took the information knowing that it came from Tesla. And civil lawsuits can be done whether or not charges are being pressed. A lawsuit is not immature at all. He damaged the company.

                  • typon 75 days ago

                    The media reports on this story are quite conflicting... Not sure who to believe. Is this guy an innocent whistleblower who's being targeted by Tesla or someone with an agenda against Tesla trying to sabotage the company?

                    • jtbayly 75 days ago

                      That’s why we have courts. It’s not our job to decide he said she said cases like this in the public square where we simply cannot have access to the necessary data. Not saying courts are perfect, but at least they have the ability to get the necessary data.

                      • falcolas 75 days ago

                        It's just a shame someone has to do crowdfunding to afford a fair trial.

                      • mcguire 75 days ago

                        That's the thing: what's the agenda? Where's the win?

                        No whistleblower will be completely innocent. Most likely, they will be disgruntled in some way.

                        • danso 75 days ago

                          Of course there's a conflict. Someone is claiming to be a whistleblower, and Tesla is alleging that he is a liar. I doubt we'll have resolution until there are legal proceedings.

                          • JustSomeNobody 75 days ago

                            > Not sure who to believe.

                            Don't. Not until _all_ the facts are laid out.

                            • manicdee 75 days ago

                              What is he blowing the whistle on? Who did he try to notify?

                              • jstandard 75 days ago

                                The article covers your first question. He blew the whistle on misleading investors by overinflating production numbers by as much as 44% and that Tesla is knowingly installing damaged or unfit batteries into cars, increasing their chance of catching fire.

                            • 27182818284 75 days ago

                              As a Monday morning quarterback of Tesla, I'm really curious to see how this turns out. On the one hand, I see whistle blowers as heroes and if they have information about dangerously using unsafe batteries, then that's great.

                              On the other hand, if the early allegations are true that the employee was altering code and logging in under usernames other than their own to do so, that sure doesn't feel like whistleblowing.

                              • danso 75 days ago

                                The civil complaint doesn't say anything about logging under other usernames, just that his data-scraper-exporter was running on other people's machines:

                                https://arstechnica.com/tech-policy/2018/06/tesla-sues-emplo...

                                > His hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties.

                                I guess it's possible that Tripp did indeed add some code that explicitly tried to frame actual employees. But the fact that his code ran on other people's computers, without any other specific evidence (which may be forthcoming, of course) does not necessarily entail that he intended to frame people.

                                • stephengillie 75 days ago

                                  How did he have permissions to run unauthorized software on other computers - let alone his coworkers' workstations? Where is the OpSec?

                                  • Klathmon 75 days ago

                                    In just about any office I can see it being pretty trivial to walk over to a co-worker's PC and insert a USB drive and run a program. It would take seconds, and unless all employees lock their PCs 100% of the time even if they walk away for a few seconds, there isn't much in the way of "opsec" that can stop it (just things like cameras that can find the guilty party after the fact).

                                    Things like disabling USB ports or requiring passwords to be entered constantly for everything would most likely impact the business enough that it would be more harmful than any single instance of stolen IP, and even then they only reduce the likely hood of an attack like this, they don't stop it.

                                • mcguire 75 days ago

                                  Gathering evidence for whistleblowing will almost certainly require violating security policies.

                                  • extralego 75 days ago

                                    On the other hand, a fair trial currently hinges on a crowd-funding campaign.

                                  • codeisawesome 75 days ago

                                    > Tripp’s allegations were summarized in a statement from Meissner Associates, a New York-based law firm that represented a former Monsanto Co. employee who was awarded $22 million in August 2016 for tipping off the SEC to improper accounting.

                                    much later down the winding language of the article

                                    > Meissner said he won’t be representing Tripp in the federal lawsuit in Nevada. Tripp “is in the process of interviewing attorneys,” he said in a phone interview Wednesday. “It’s not easy to find counsel. There’s almost a cult of Tesla.”

                                    Why not present these facts together in one paragraph? Because people don’t read all the way through, and it helps feed rumours.

                                    Just another article hitting the HN front page with a sensationalist title and breathless writing.

                                    • staunch 75 days ago

                                      Tesla should have an internal whistleblower program. Elon Musk should run it himself with a dedicated email address that strips "From" information to anonymize the sender.

                                      Really, any CEO of a large company should do this but he's the kind of person that would actually care to hear about problems rather than ignore them.

                                      • olefoo 75 days ago

                                        "a cult of Tesla"

                                        Nope, not possible. I mean it would be ridiculous if a large number of people displayed unthinking loyalty to a money-making venture just because it projected an image that catered to their prejudices, wouldn't it?

                                        • pwaai 75 days ago

                                          > Nope, not possible. I mean it would be ridiculous if a large number of people displayed unthinking loyalty to a money-making venture just because it projected an image that catered to their prejudices, wouldn't it?

                                          basically ICOs

                                          • olefoo 75 days ago

                                            I'm pretty sure some of the people involved in IOTA are going to wind up living in a commune and wearing identical tracksuits.

                                            I do find it interesting how personally invested many people on this site are in the success of Elon Musks ventures.

                                            I mean it's OK to be a fan; but when you start rejecting evidence of mistakes or even malfeasance and attack other people for showing signs of critical thinking on the topic. That gets to be a problem.

                                            • pwaai 74 days ago

                                              so 99% of ICO isn't a scam or never deliver? are you involved or invested in crypto or ico?

                                              • olefoo 72 days ago

                                                Your reading comprehension is as evolved as your attitude.

                                        • pwaai 75 days ago

                                          should i withdraw whatever money I have left in my stock brokerage or

                                          go all in on nearly expiry puts