Last week I wrote about a privacy-related controversy and extolled the Code of Ethics that proposed by my colleague Brian McConnell. I heard shortly afterward from the other side of the controversy, Virtual PBX, so I want to air their point of view here and wrap up what I've been told.
I was never interested in dissecting the conflicting reports over business plans, schedules, software quality, circumstances of termination, etc. I couldn't do a credible job without subpoena power anyway. Here I just want to set some grounds for discussion of employee privacy rights, the subject of my original blog (and the subject about which Brian started the conversation with me).
First, here's a summary of Virtual PBX's official statement to me:
Virtual PBX is a small, privately held, non VC funded, 10-year old family enterprise that took a calculated business risk by acquiring the assets of Brian McConnell's business in an attempt to further the progress of its technology. Brian willingly signed a business agreement with Virtual PBX and subsequently entered into an employment contract with the company. Those facts are not in dispute.Virtual PBX contends that Brian breached material terms of the agreement as well as the subsequent employment contract. We do not believe it appropriate to discuss the nature of the ongoing contract disagreement publicly, despite the fact that Brian has issued a stream of what we regard as misleading and even malicious statements in his blog about the relationship.
We do take exception that Brian has chosen to invoke the mantle of privacy as a means to avoid taking responsibility for his behavior. He chose to store large volumes of data on a company issued laptop, some of which was unrelated to company business. The laptop and the data stored on it were appropriately retained by the company upon his departure. The company's only interest in the data stored on the computer is that which relates to business issues. Brian's allegation the company committed cybercrime is malicious and unfounded. It is unfortunate Brian has chosen to pursue counter-productive rhetoric in lieu of reaching a mutually acceptable and business-like solution to this contract dispute.
And Brian's response:
Mr. Hammond said in writing on Oct 19th that I had been laid off in a restructuring, made no mention of problems with the company or product at that time, and also assured us that they'd continue the product and continue paying me and the investors. However, they never paid us a dime after the "layoff." Mr. Hammond explicitly stated in his letter that I was not fired for cause. Yet on July 29th, he made disparaging remarks about me (and mentioned my email) when a private investigator cold called him to do a background check on me.
I bought and configured the machine myself. It was not "company issued". It was a replacement for a four year old personal machine.
By their own admission, they have been trolling through messages that predated both my employment and the acquisition of the machine in question, which raises questions about how the information was obtained. They have shared privileged correspondence with third parties who never worked for them as well. My guess is that after the "layoff" they realized they were still on the hook to pay royalties and pay my investors, and decided to retroactively trump up an excuse for backing out of the deal while conveniently keeping our IP. (I logged into our service this morning, it's still working, and I'm still not getting paid.)
Lastly, and most importantly, because I bought that machine and encrypted my section, I had a reasonable expectation of privacy. Virtual PBX made a deliberate decision and effort to crack that partition without my consent, and now is trying to use private correspondence against me by taking comments out of context to justify seizing our property for a year without compensating us. If asked, I would have shared relevant communication with them. I was never asked; they simply broke in and helped themselves to 14,000+ messages.
He expands on these assertions on his blog, although Virtual PBX is pressuring him to remove what they consider "the false and misleading comments." They told me the company "has also requested that he resolve the dispute through the dispute resolution procedures that are already outlined in the agreements he's signed, and that Virtual PBX has even offered to rescind the deal with him and give him back everything he sold to the company including the IP."
Virtual PBX claims that his private email was mixed in with company material that they needed access to--in fact that, he conducted company business on his private email account. Brian claims he kept his private material on a separate encrypted filesystem and that they went looking for it. There's no way to verify that now, and if Virtual PBX did figure out how to break into an encrypted filesystem it would challenge our confidence in such products.
An important sticking point is whether CEO Paul Hammond exposed Brian's private email to people outside the company. Brian claims that he did so--and maliciously, to hurt his reputation. The company representative I talked to couldn't confirm or deny whether they showed the email to outsiders. I don't expect to get to the bottom of the question, but I think it's important to establish some expectation of privacy: even if someone happens to get access to private email, they shouldn't show it to third parties.
The other points of contention lie outside the issues covered by the Code of Ethics, and I don't plan to cover this distasteful dispute further. I just published another column that further explores the risks of the "dossier" or digital record we all build up; clearly it's something every person has to do his best to control but that no one ultimately can control.