Senior GitLab exec resigns over plan to stop hiring engineers in China and Russia
Code hosting company considers risk of pressure to betray customer data too great
GitLab's director of global risk and compliance, Candice Ciresi, has resigned from the company, accusing the code hosting biz of engaging in discriminatory and retaliatory behavior.
Ciresi declined to discuss the matter with The Register, but the cause of her departure appears to be a company plan to refuse to hire engineers in China or Russia or to let current employees with access to customer data move there.
Ciresi's resignation post is no longer publicly accessible, though it has been screen-captured. In an email to The Register on Friday, a GitLab spokesperson said, "GitLab can confirm that Candice Ciresi has resigned from GitLab. We can not comment further on personnel departures."
GitLab is an "all-remote company" that lets people work from home, or wherever a network connection can be had, and has employees in more than 60 countries around the world.
But as of last month, the biz proposed through a git Issues post – its favored method of distributed management – to adopt a "job family country-of-residence block" for employees with access to customer data. The proposal has not yet been formally adopted.
GitLab's habit of hashing its corporate policies out in public yielded some confusion last month when the company asserted it would work with any customer, regardless of moral considerations, and banned employees from talking politics. Pilloried on social media and internally for embracing amorality and censorship, the company reversed its ill-considered policy the next day.
GitLab's latest concern, as spelled out by VP of engineering Eric Johnson, is that workers in China and Russia might be pressured by local authorities or whoever to surrender customer data or to subvert GitLab product code.
Three weeks ago, Ciresi questioned why China and Russia had been singled out since there's no law that prevents hiring employees in those countries, with the exception of the Crimean Region of Ukraine.
"It seems odd that we proclaim that we will accept any customer not prohibited by law (b5a35716) but we are implementing controls that impact employees based on a perceived political climate," Ciresi wrote.
"This is contradictory. If the concern is the contribution of employees from these regions, could we not find a more moderate solution such as ensuring that the contributions of those employees are vetted before release?"
Rejoining the discussion a week ago, she called out the arbitrariness of the proposed restrictions on hiring in China and Russia, noting,"The highest risk countries for hackers are: Romania, Brazil, Taiwan, Russia, Turkey, China and the United States. ...If hackers are the basis for restricting employees, then we would be foolish to not exclude the US for future hiring."
This issue came up for Twitter recently: The US government just indicted two Twitter employees, one a US citizen and one a Saudi citizen, for leaking internal Twitter account data to the Saudi royal family.
GitLab pulls U-turn on plan to crank up usage telemetry after both staff and customers cry foulREAD MORE
Ciresi went on to argue that China and Russia were not selected because of legal requirements, risk analysis, or other legitimate criteria. "I do hope they were not selected because a customer asked for it – or that could violate anti-boycott laws," she wrote. "In fact, having no objective basis for the restrictions is not conservative – it is careless.
It's suggested in the discussion that an enterprise customer asked specifically for a guarantee that admins in China and Russia could not access its data through GitLab and GitLab has no technical means to prevent that. GitLab's CFO Paul Machle says in the discussion thread that the US government has made similar requests.
Individuals participating in the discussion who appears to be located in China and Russia mostly object to the proposal. And there are those who point out that the company's stance makes a mockery of its stated values of diversity and inclusion.
On Friday afternoon, Pacific Time, the company's executive group held a meeting to discuss the situation. At the time this article was filed, the outcome of that meeting had not been made public. ®