> If you are affected, you will receive this notification in your personal email, because we made the decision to cut access to Coinbase systems for affected employees. I realize that removal of access will feel sudden and unexpected, and this is not the experience I wanted for you. Given the number of employees who have access to sensitive customer information, it was unfortunately the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves.
How typical is this? Is he really talking about the hot wallet and/or cold storage?
Those claiming that this is a "crypto" sentiment thing should consider the possibility that the front page of HN will be filled with stories like this from all over the economy within one month.
Unfortunately it's common enough. It's harsh, it's cold, but ultimately for companies it's a real necessity. The explanation is blunt and correct - even a single malicious actor can enact HUGE devastating harm.
It doesn't have to be hot wallet / cold storage. Source code, business plans, revenue & profit statements, SSH to servers, physical access to datacentre, client contact lists, etc etc... there's a myriad things that are either valuable to the company or can cause harm to the company.
I've been escorted out of the building during a layoff once early in my career. Friendly, smiley, fake. It felt AWFUL. I'm as goody-two-shoes pacifist laid back easy going do-no-harm as it gets... and I definitely had various strong emotions going through my head heart and body at the time. So on both cold & rational, as well as personal & empathetic side, I understand both how the individuals feel as well as why companies need to do it.
My father had to lay off a bunch of people in 2008. I am now a manager. He told me that if I am ever forced to do this to not ever do this crap to my team. Tell them that this is bullshit. Tell them that you are upset. Tell them that you haven't slept. Tell them that the are right to be mad, disappointed, and even to hate you for choosing their head to roll. Anything better than fake smiles and "I'm sure you'll land on your feet."
For me, I think I'd just quit if I was told to lay off people on my team. Maybe that's hard to do in the moment, since I'd also not want to lose my job in a major crisis, but it sounds awful.
I've participated in a number of layoffs, and while I agree with the advice to be honest, not fake smiley, with you'll-land-on-your-feet platitudes, I would strongly recommend not talking about your own feelings. It's not about YOU (the person doing the layoff who gets to keep his job), it's about THEM (the people losing their jobs who probably earn less than you and have less financial security). Telling them how hard it is for you comes across as self absorbed and can provoke a strong negative reaction. Instead, be understanding, give them space to be angry and hurt, and help them any way you can.
I agree wholeheartedly, it's definitely not the right moment to make it about you. I have had to layoff people several times, and was laid off myself once, and the best thing to do in my opinion is to be direct succinct and stick to a script. You can still be authentic and kind, and offer them an opportunity to reach out (to you or HR) afterwards for follow up questions (about the process, not the reasons or anything sensitive). You will feel like shit doing it, and they'll be able to tell, there's no need to say it and pull the attention towards your gainfully-employed feelings at the same moment you're telling someone they're losing their financial security blanket.
I've reached out to some afterwards and offered help (serving as a reference, reviewing resumes, connecting to people, etc.) but in _that_ moment you should say as little as possible give them space to process emotions however they will.
I've had to fire people a few times. It's never fun, it's always been a hard decision that I took for the benefit of my team. It's never "bullshit". If it is bullshit then it would be MY job as manager to fix it and stop it being bullshit.
I've never had a negative reaction to the firing from the team members who remain. If anything, the reaction has always been "why did you wait so long?".
But luckily I've never had to do a team downsizing because of budget cuts. I imagine that would be a more difficult process and managing the emotions involved in that would be difficult. I see entirely why Coinbase chose not to take any of those risks and just cut everyone off first and then answer questions later.
It's hard to know what emotional tenor to put on it. On the one hand, of course you're right that upbeat positive optimistic is fake and maybe feels like it's more for you than them. On the other hand, being like, "this sucks and it's bad for you and I hated doing it" feels like kicking people when they're down, making them feel like it's even worse than it already is.
I have generally give with a pretty emotionless affect, but tried to convey respect for them as a person, even if they didn't work as an employee, but that's hard to convey. It's a generally fraught situation.
>[Firing people is] a generally fraught situation.
It is, but it should not be. In the best world, it's impersonal. Sometimes it's not a good fit, period. The reason it's fraught is at least partly systemic. Having healthcare tied to the employer is particularly wrong. It makes severance (for any reason) akin to having life support turned off.
But also, ours is a culture that discourages employees from participating in the job market while employed - this is deeply hypocritical, especially as most employment is "at will", which means they can dump you whenever you want, and of course the employer is always active in the job market, happy to replace you with someone cheaper/better if they could. If you're already in the market, and have warm leads, this softens the blow considerably. The final thing worth mentioning is that a firing is a severance, and need not reflect poorly on you (except, perhaps, insofar as you didn't adequately anticipate it and quit in advance). On first principles I hate it when those in power tacitly accept the implication that if other, unrelated powerful people have punished you, you're bad. I'm not sure if this is actually believed, or just used as leverage to get a better deal, or both, but either way it's unfair. Hence the importance of privacy in such situations.
Yeah, absolutely. Overly spending time on how difficult it is for yourself makes it sound like, "Well, I'm firing you, but have you considered how it makes me feel?" Which is gross.
Hence, usually going for a somewhat impersonal affect.
Firing someone is the result of poor performance or unacceptable behaviour.
In many jurisdictions (not in the US I suppose), before firing someone for poor performance they must be told that their performance is inadequate and be given a chance to improve.
Bottom line, in general being fired is fully on the person being fired so no need to sugar-coat or to feel bad.
>In many jurisdictions (not in the US I suppose), before firing someone for poor performance they must be told that their performance is inadequate and be given a chance to improve.
Performance Improvement Plans are a thing at larger companies. That said, once someone is on a PIP, the handwriting is almost certainly on the wall.
I've also worked with people who were incredibly oblivious about the quality of their work, however much feedback they received and however much rework others had to put in. I can think of at least one case where this went on far too long and they were incredibly shocked when they were let go.
I'd argue PIP is meant to give you a chance to find another job.
For legal reasons most employers will only verify dates of employment. 2 months of so of PIP is more than enough to find a new role.
This is another reason to not get too attached to any job. I come to work for money, not to feel apart of something.
You WILL get fired if your in this industry. Hell, I've quit several jobs since the manager sucked.
Demanding salary employees work nights regularly is good way to get em to quit.
Imagine if America had a NHS style system, vs the horrific employer provided system. Then more people would be free to quit bad jobs.
Let's say you have an abusive manager, but your husband has an expensive to treat illness. You just need to suffer since if you leave your husband won't have access to treatment
>2 months of so of PIP is more than enough to find a new role.
I think a lot of people here underestimate the difficulty of landing a new job depending on your background, overall skill level, experience, and location.
The PIP thing varies. Some companies just use them as a risk reducing tool to fire people, but a few really believe in them and will keep employees who've gone through them. I take a dim view of that, personally, just because it ends up feeling like management-by-fear.
It doesn't have to. At its best, PIP is a very open, transparent, communicative, supportive method - here is what we need; here's how we believe you can help us; let's work together to meet our mutual targets.
As others have said, in a good company and team, PIP is one amongst many coaching tools, rarely the first one, and can be useful in various situations - somebody not taking a hint or being oblivious, indicator of seriousness, but also to those with potential who need structure and benefit from explicit list. And yes of course, a paper trail and a documented process if things don't work out for various reasons.
I mean, it comes down to how much you trust your HR department to treat you as a human. If you work someplace where that kind of rapport is normal, then great! But that's not been my experience.
People can get their act together especially if external factors were a significant part of the problem. That said, assuming they can find employment elsewhere--which may be easier or harder depending on their skills and location--they're probably better starting fresh somewhere else.
My view is that if your employer is telling you to come to Jesus, the productive relationship is already gone. Work isn't a marriage or a family; if it's not working, you don't have to take extraordinary measures to preserve it.
I think managers call HR and put a person on a PIP only after good will and patience have been exhausted, so it's a sign that the person does not improve despite feedback and that management has had enough... So, yeah, writing is on the wall.
> once someone is on a PIP, the handwriting is almost certainly on the wall.
My current manager is particularly transparent about this (with other managers, at least). When he puts someone on a PIP, it is a formality. He deliberately chooses a redemption project that is impossible to achieve.
Edit: Jeez, guys, don't downvote -me- ;-). It's not my policy.
This is likely something that HR would flip out about seeing in writing because being given an impossible redemption task would probably be interpreted as constructive termination in a court.
My assumption is that HR would be irritated to find out he was doing that. Legally, I assume 'at will' handily covers it as long as nobody being targeted is a member of a protect class.
Personally, I do sort of understand his view. He does not like to put anyone on a PIP, and by the time he gets there, he has already concluded that the relationship is not saveable. In his mind, everyone involved should know that the PIP is a formality, and ideally they'd use the time to find another job and have a smooth transition. HR probably would not agree to firing someone with a few months of severance.
I've seen both sides of this: a PIP for a person who was falling behind that wasn't possible for the person to achieve because they were in a role without the skills needed to succeed in that role, and a PIP that was based on one supervisor's bad opinion of a particular person that was easy to accomplish when put in place by a different supervisor.
I have had lots of employees who I think had poor performance but weren't bad people and I don't like the thought that they're in bad financial situation or just feeling emotional distress over being fired. Every manager I've known has felt terrible while firing people.
That doesn't mean the firing shouldn't happen, but it does mean that everyone feels bad.
Company I worked at had a layoff in 2012, security manager escorted 200 people out of the building. At the end of the day, he was escorted out of the building. It was quite shitty for that fellow, I felt terrible for him.
One place I worked at briefly would call the cops and have them escourt you out if they thought there was any risk of "disruption or back talk" (their words). I decided not to work for assholes who lay off little old ladies and then to add insult to injury, call the cops on them.
You could tell the cops weren't happy about it. These were women in their mid 50's and up who worked front desk jobs, not really a risk of violence.
All they wanted to do was go get their personal items and say goodbye to their peers. Some of them were forced to leave phones and purses behind and wait a week for them to be mailed to them.
It's one of those times in life where you see the mask slip off and realize who the people you've been dealing with actually are.
> All they wanted to do was go get their personal items and say goodbye to their peers. Some of them were forced to leave phones and purses behind and wait a week for them to be mailed to them.
How is that even legal?
I wouldn’t leave without my personal belongings or I would file charges for theft with those cops.
One company I worked for (a bank) had an office outside of the security gates, mainly used for exit interviews; they would disable people's access cards and accounts while that was going on.
When RSA Data Security was acquired in the mid `90's they laid off a bunch of people, presumably to sweeten the deal, and security was waiting outside in the morning to block people from coming into the building.
One of my former colleagues, who showed up to work early, inadvertently freaked out one of the executives when they saw them in the hall. Naturally they (not the executive) were soon escorted out of the building and told they had been laid off.
>>I think I'd just quit if I was told to lay off people on my team.
I did that in the dotcom bust. As a manager I was highest paid and had least billable hours, so when asked to reduce costs in my team I was the logical choice to go. The company went through a series of layoffs but at least for that cut I managed to leave my team in place for a bit longer. I went travelling for a year, so also benefitted from not having to deal with any more rounds of layoffs.
There's a lot of advice on how to handle these situations and a lot of it is good, even when conflicting. It's all situational.
One thought though, for whatever little it may be worth:
>>For me, I think I'd just quit if I was told to lay off people on my team.
That has been my personal emotional reaction many a time. As I spend more time as a manager though, I try to force myself to look harder and harder at what will this course of action actually accomplish? And the self-righteous emotional me hates that the rational conclusion is: it'll only accomplish negative things, i.e now the team that remains has lost your support. Bluntly, it will not "send a message", it will not "change things", it will not "make them realize what they're doing / what they're losing". Literally the only thing it'll do majority of time is make things even crappier for those who remain :-/.
So I would put it in inverse: the hard thing in the moment is to NOT go with your emotional reaction, and consider truly how can you be of best benefit / support / help to the team. Basically, I would say most of the time one quits for personal reasons (whether positive "I can get more money there" or negative "I hate this place and everybody in it"), not for the benefit of others.
Oh it wouldn't accomplish anything. It'd be 100% hiding from the emotional pain of laying off employees that I believe are productive and good team members. But I've only got one life to live and emotions are real, so I don't have any problem optimizing for my emotions when making life choices.
> Tell them that the are right to be mad, disappointed, and even to hate you for choosing their head to roll.
This is OK.
> Tell them that you are upset. Tell them that you haven't slept.
No, no, no. Never talk about your own difficulties when you lay someone off, this is one particular time when it's not about you but 100% about the person that you are laying off.
Right. I'm mystified this is anyone's reaction... dishing empathy while garnering sympathy is a weird double bind to put on people on the receiving end.
A friend of mine's manager had to lay him off but the manager was the nicest guy and was basically in tears through the exit process. My friend essentially had to do the break up. We felt for the manager but also, keep your isht together. If you can't then you are putting that on the individual that you are letting go.
That's exactly the thing. Don't make it about you! How much of telling employee "this is bullshit, I could't sleep over this" is actually doing for them? Vs absolving yourself of guilt, having them like you, and making you look like the victim you definitely aren't?
Respect and support and empathy and sincerity are the key, always. Deflecting blame and ranting are not long term helpful.
The proper responsibility of a concerned manager in this case is to make sure the person knows you have their back in terms of future references, petty resources (one guy I knew was on the hook for >$300 in reimbursements when laid off, as far as I know he never got them - another guy was forbidden to take his personal mouse/keyboard home with him), and similar things.
If a mid-level manager actually cares, and was any good at their job, the best thing they can do is to keep doing it for that person.
It isn't doing anything for them. But it is sincere (I didn't say this in my post, but the idea is that my father actually did lose weeks of sleep over this). It, of course, should not be about you in this moment (this is hard to convey in a short post). But it seems far more supportive and honest than pretending that everything is okay and normal or acting like a robot.
Maybe it is also bad. I don't know. But the fake smile seems much worse.
Absolutely this. It was my misfortune to lay off teams of 20+ 3 times. You are the instrument. In that moment, they will want to hate you and you shouldn't try to deflect it. Do everything you can constructively behind the scenes to improve the situation before and after the announcement but, in that moment, it's not about you.
> I think I'd just quit if I was told to lay off people on my team.
I was at a startup that had massive layoffs during the pandemic. I was able to protect my team (though I had to rescind a few offers).
The problem was that after the layoffs, while everyone was still grieving, management decided to come down really hard on my team and others. I realized at one point I could either keep my job, or protect my teams sanity for the next few months.
I chose the latter. Upper management didn't like it, but my team got time to heal and after I was let go and my team survived for another two years.
I had never been fired before, but when I was I honestly felt a bit a pride that this "leadership" team felt I wasn't a good match.
I don't know if there's a point to this story other than that, when the shit hits the fan, you can standup for what you believe in and fight to make the tiny bit of this world you have some say in a bit better. I've known plenty of people who just shrug their shoulders in such times and say "what can you do?", but you can do something and in my experience it is worth it to take a stand at these crucial points.
I was a fairly junior manager at the beginning of COVID when my company decided to make a deep cut (20% of the company) in order to make sure we would survive. I didn't even know about the layoffs until after they happened which annoyed me quite a bit. The director of engineering for my team and 3-4 others was the one to do the calls to each laid off engineer. The 2 engineers that got laid off on my team were pretty recent hires. One was only around for a couple of weeks. They were both already contributing a good amount to the team though which annoyed me even more that my input wasn't taking into account because I would've pushed for different people to be let go instead.
I offered to try and give up some salary to keep one of them because he was on a visa and would have to find a new job within 90 days or something like that. Everything worked out in the end with both engineers that were let go but the "bias for action" by executives and middle management in these kinds of scenarios pisses me off quite a bit since they usually don't ask for any input from the people actually working with the employees that are getting laid off.
I don't mean any offense by this but it's very clear by this sentiment that you're a junior, (maybe) mid-level still.
For myriad reasons, it's not always practical to discuss potential layoffs. It's certainly not ethical to discuss "who should stay?" with more junior folks on the same team who are themselves staying. It's extraordinarily likely that your managers had much better insight into what the other folks were contributing that you did.
Cutting salaries to maintain team size has been tried time and time again, and every time the same thing happens: everyone takes a pay cut, the highest performers leave for more money, and both velocity and morale tank.
I've been here more than 99% of the company and we're now at 2000+ (was ~50 when I started and was ~1000 when COVID hit). I've pivoted back to a lateral IC role but considering the size of the org at the time (not really that large, maybe 30 engineers total under the director) it was totally practical. The salary cut proposition would've been a one time thing to either give the laid off engineer enough time to find another role (because he had a temporary visa) or until we were comfortable enough to pay both of our full-time salaries (this actually would've happened fairly quickly).
To me, saying that "you don't want to be doing it" (paraphrased as "you are upset" or "you haven't slept"), is much more of a fake bullshit than the other thing. Be an adult take responsibility for your actions, don't blame "the guy" (your boss, your company, the economy, whatever).
If you really hated doing it, you wouldn't be doing it. Quitting yourself is always an option.
> Tell them that you are upset. Tell them that you haven't slept.
Dunno. I find it pretty bad when managers talk about their difficulties when e.g. firing people. It's about them, not about you. I agree about the part about fake smiles.
> For me, I think I'd just quit if I was told to lay off people on my team. Maybe that's hard to do in the moment, since I'd also not want to lose my job in a major crisis, but it sounds awful.
Typically layoffs happen for a reason - if its the company failing and trying to survive, it's not a bad idea to jump ship. If its economic (like all of the layoffs right now) - it's a bad idea to jump to a new job if you can avoid it -- you may very well get hired, and laid off as a new hire.
However bad you think you feel, at least you still have a paycheck and don't have to scramble for employment in a market of hiring freezes across the board.
Those you're directly telling this message to don't have that comfort. Now is not the time to talk about how bad you think you have it. You might have a couple sleepless nights, they're going to have sleepless weeks.
I agree with your father's sentiments except for 'I haven't slept.' If you have to layoff people, don't make it about yourself. If I'm the person getting laid off, I don't give a damn how much sleep you've had. You still have job.
Talking about how the layoffs affect you, the still-employed manager, makes any thing else you say sound hollow.
This is the odd one out here. Showing your grief about an undesirable decision is one thing. But implying that you're making significant decisions about your employees' welfare in a deteriorated mental state is wildly unprofessional (even if truthful).
At a long ago company I worked at for quite a few years, there were various periods when you knew layoffs were going to be happening. There were also rare occasions when logins (these were terminals) would go out for some reason. When the two things intersected, it was very nervous making until you determined everyone was out.
We should stop empowering individuals to have this authority over a majority.
No one seems to care about the huge effects this has on private citizens.
All the concern is with the ephemeral belief these businesses are the future.
Anyone remember Nortel? 80% of last generations Fortune 500 is gone.
The future has no obligation to drag along, and will probably mock how primitive it is, our bleeding.
These guys are traditional confidence men promising prosperity for the ages while routinely pumping and dumping all over the public, that despite what memes media and politics try to peddle, does not owe deference to history and self aggrandizing story.
There's something weirdly unnerving about watching HR hurriedly pack other peoples desks without their knowledge moments after they're called into a meeting never to be seen again.
I'd far rather just come back after hours and remove my things supervised than have somebody else hastily throwing my stuff into a box.
Luckily it's never happened to me, but I've seen it happen a couple times.
Pretty standard to not let terminated employees hang around. It feels cold but it’s just the way it has to be. Sone places will even do this when an employee submits a resignation on good terms. Just a way for the company to cover themselves.
I used to work as a contractor at a help desk, the company was based on the east coast while the office we were at was back west.
We hired a guy that while nice enough was not a good fit; he couldn't do the work. HQ decided that we would terminate him on Friday. I have no idea why, but the on site supervisor had gotten the perception that we had the go ahead to inform this guy he was terminated, and right before he was going to get escorted out he realized this was premature.
We basically had to tell this guy, "You're fired, oh wait you're fired on Friday, carry on until then unless you want to quit before that.." it was a Monday or a Tuesday. We practically begged the company to move it up, our supervisor even asking to give the guy his own leave for the rest of the week to get him out of here. They didn't budge. Because of all the bureaucracy we couldn't revoke his building access or even his computer access; we risked getting in trouble just by disabling all of his administrator related privileges just because we didn't know what he was going to do if left to his own devices.
The guy was a mess, he had left a decent job to have a shorter commute and it blew up in his face horribly. I felt awful because he wasn't a bad guy or lazy or anything.. he just wasn't a good fit and couldn't contribute. I remember talking to him later and him saying how humiliating it was to be sitting there knowing full well he was 'a failure' and just 'waiting to be fired', browsing the internet looking for jobs while at 'work'.. but wasn't willing to quit before hand because he needed as big a pay check as possible to support his family. I don't believe it was just because of this but do I do firmly believe this awful experience may have been a contributing factor to him taking his life later that year.
It was such a garbage company. We had the reverse happen with another employee; local management was planning to let him go on Friday; somebody from payroll sent an email telling him to fill out his time card so they could process his termination.
Cold? Maybe, but frankly to me it's a million times better than my experience with the inverse. I do NOT want people who know they're about to get canned hanging around. In the best case they are miserable and just wanting to leave.
> I don't believe it was just because of this but do I do firmly believe this awful experience may have been a contributing factor to him taking his life later that year.
That’s extremly sad to hear. Not saying that the company or anyone owed him anything but we do live in a really mean world. In an alternate universe or maybe eveb a different country nobody would be pushed into taking such decisions as taking their own life.
I had my timeline off; it was a few years later. In any case it was really sad to hear, back in the dark days of my active Facebook use I was friends with a friend of his, his family was very heart broken and I learned more than I cared to of the specifics of his end.
He had apparently took up delivering pizza instead of IT, it was pretty awkward when he delivered Pizza to one of us. Another one of us felt so bad about how it all went down that he kept in regular contact with him right up to when he passed away.
Another coworker however chose to his interactions with this guy as the basis of a post on /r/talesfromtechsupport to win internet points.
I have chosen to keep my strongest memory of this man based around the one potlock we had while he was with us; he brought in an amazing habanero salsa and was a pleasure to chat with.
I miss some of the people but I don't miss working there.
You can definitely be paid laid off employee for a period of time, while having your access revoked. They're completely orthogonal. Depends on role, company, situation. It's an assessment and tradeoff - is it worth / do I need the next two weeks of work and KT from this person, vs the risk of having access.
The notion of revoking security access to limit risk is definitely not a US thing.
In the UK you have to provide employees with a consultation period, which is typically done while the employee is still carrying out their day-to-day jobs (dependent on the reason for the redundancy). I believe it is similar in other EU companies.
Revoking access and not allowing users to complete their jobs would often be seen as a failure to consult (see, for instance, the recent P&O ferries dismissals where they immediately removed ship access from the crew, replaced them with oversees workers, and then began consultation. This was a failure to consult and was found to be illegal).
People tend not to do rash things anyway during this period, as gross misconduct during that time would mean the employee is instantly fired regardless with zero redundancy pay. Treat people fairly and as adults and they tend to behave fairly and respond as adults. Treat people as untrustworthy and rash, and they tend to respond with the same.
This assumes that the employee has been working for the company for more than 2 years. If it's less than that, they have no such protection and can be fired for any reason whatsoever.
> This assumes that the employee has been working for the company for more than 2 years. If it's less than that, they have no such protection and can be fired for any reason whatsoever.
There are some protections, but yes, they are much more limited (in particular, anything that would generally be classified as automatic unfair dismissal is still protected, for instance for whistleblowing, joining a trade union, firing someone for raising a health and safety concern or for going on maternity leave).
You will likely still want to capture and document the genuine reason under either performance, absence or conduct grounds in order to protect against any invalid claim that the dismissal was because of a protected reason if it was brought to tribunal (when in reality it wasn't).
Yep definitely, but if it's just a case of the business isn't doing well and they need to cut headcount then they absolutely can do that without going through a redundancy process.
Although it may still be better to go through formal redundancy so you can make the redundancy on the basis of performance rather than just length of service.
Consultation seems to be more like an explicitly defined way to fire an employee (they are entitled to learn why and what has been done to try to keep them). It does not look like it is prohibiting garden leave.
In the UK, if you place an employee on garden leave immediately there is a legal argument during tribunal that the redundancy was predetermined (and thus unfair).
You mentioned that "they are entitled to learn why and what has been done to try to keep them", but actually it's much further than that - they are entitled to be part of the conversation and to propose alternatives to the dismissal which the company is legally obligated to consider.
As an example, if the redundancy proposes to make a team redundant and split that teams responsibilities across other teams, the consultation might raise that the team being made redundant could take on additional responsibilities and down-size as an alternative which could result in fewer redundancies. Similarly, employees could suggest an initial round of voluntary redundancies first to reduce the people impact (particularly if there are employees nearing retirement age). The employer is legally obligated to genuinely consider these alternatives, however if the action was taken immediately to disband the team and place employees on gardening leave it is much more difficult for them to argue that the consultation was 'genuine'.
If a genuine consultation is not held, where alternatives are listened to and genuinely considered, this could then be brought to an employment tribunal and could open them to unfair dismissal claims.
Maybe only a few countries allow to terminate and put on garden leave immediately, I'm not talking about them. There's always some procedure that ensures that dismissal is fair and justified: when this procedure is concluded and there's no other option found but to fire, the employee should not be entitled to work until contract is terminated - they can be put on the garden leave and in that case their access should be terminated, the equipment they used can be sold etc.
It's quite common in the UK for an employee to work their notice period after redundancy has been announced / consultation has been concluded (e.g. to allow for a handover of the role to respective teams).
Garden leave is not a necessity (particularly if you have structured your company so a single employee cannot go too rogue regardless - if a single bad-apple employee can take down coinbase then they have bigger systemic risks!).
Have had colleagues who were required to not work for their resignation period (3 months). "Professional quarantine," since they were going to competitors.
>You can definitely be paid laid off employee for a period of time, while having your access revoked.
In France, this is a breach of contract as you are not providing your employees with the means to work, and you can be sued for it if it is not done as a disciplinary measure (which you can also be sued for if not done in good faith)
EDIT: my dudes stop trying to link legifrance articles to me, I have literally been in this situation twice, gone to prud'hommes twice and helped multiple friends with such a situation. I'm starting to know our work code a little bit.
EDIT 2: alright, more context for all the nonbelievers and people who never had to face an actual work code:
In the very best case for the employer (in such a way that doesn't expose them to being sued), firing a single employee takes two weeks.
* Initial notification of the firing, with at least 5 days between this notification and the meeting before firing to explain the reasons
* Meeting before firing, a mandatory 48 hours waiting period before taking any decision.
* Notification has to be mailed in as a recommandé, which can only be sent after those 48 hours, and takes a day or two to arrive.
It gets infinitely more complicated for Coinbase sized companies trying to lay off more than 10 people for economical reasons, the company is obligated to have meetings with the employee representatives, at the very least twice spaced by 15 days. For a company the size of Coinbase, the CSE has 2-4 months to answer and can ask for proof that the company is, indeed in financial troubles, having them open their books. https://entreprendre.service-public.fr/vosdroits/F24648
Doesn't seem correct "Upon termination of employment, the employer may release the employee from working during all or part of the notice period and pay him an indemnity in lieu of notice"
However, any firing must be notified of an entretien préalable de licenciement by letter (can be given directly). This is usually a week after, to grant the employee time to prepare (and to eventually be helped by employee representatives). Then, after this, the employer has to give at least 48 hours before doing anything. This gets even worse in the case of a massive layoff like Coinbase's for economical reasons, the company is obligated to have meetings with the employee representatives, at the very least twice spaced by 15 days. For a company the size of Coinbase, the CSE has 2-4 months to answer and can ask for proof that the company is, indeed in financial troubles, having them open their books. https://entreprendre.service-public.fr/vosdroits/F24648
So, in practice, while quick firings are possible for individual cases, massive layoffs like that do not happen over a single day.
So if you want to lay someone off in France, you have to allow them access to company facilities and systems and allow them to work? You cannot just pay them through their severance period, but tell them to stay home? If so, that’s absurd, and I don’t see what purpose it would serve.
Are you sure? This is a quite common practice for businesses to put the fired employees on paid leave until the contract is terminated, I would be really surprised if that would not be possible in France.
Article L1234-5 [1] of French Labor Code looks like it is possible.
Paid leave is entirely different. Paid leave is, well, leave. You do not have to show up to the office, unable to do anything.
L1234-5 (which is a very nice number) merely says that you have to pay the employee a compensation if the préavis is not respected, equal to the amount of days the employee would have worked, in addition to everything else (severance package, etc). It gets more complicated in the case of massive layoffs, because the CSE/lawyers get involved, and for a 50+ employee company firing over 10 employees, a plan de sauvegarde de l'emploi is put into place, which lasts multiple months.
How is it different? If you are on paid leave, you are not supposed to do any work. For security reasons your access can and should be restricted for this period.
The only context in which you can be technically still employed but be refused access to your work tools is if you are suspended for a grave mistake. Abuse this at your own risk, as the employee isn't paid in the mean time and will very likely get tribunal-happy. Any other concept (paid leave, maternity leave, vacation leave, * leave) means you are still an employee of the company and the company is legally obligated to give you access to your work tools.
On leave, you are trusted as an employee to not do any work. Anything you do will be your own responsibility, or eventually the employer's responsibility to refuse any work you hand over. You are also not covered by the company's insurance on your leave. Your company cutting off access is a clear breach of contract.
Can you refer to a specific regulation or legal precedent proving this point in clear words?
This does sound non-sensical to me. If someone is not working, there should not be any entitlement to access.
To give you an example: let’s say a factory is temporarily closed due to lack of supply materials or modernization and workers are put on paid leave. Are those workers allowed to visit their workplace to access their tools? If not, why digital workers should have this privilege when they are on paid leave?
>not providing your employees with the means to work
Logic would dictate that providing the exact same pay/benefits as one would get for the work ought to be sufficient. But, <insert joke about logic and French labour laws here>...
Logic would also dictate that the employer-employee power relationship is inherently biased towards the employer, and that said employer can hurt you much more than you can hurt him. You not doing your job for a month might be impractical, but it's relatively easy to get over. You suddenly being out of a job with no warning and your severance is much more damaging.
Also consider that software developer is an incredibly privileged position and that, while you may not give a shit because you get 100k and can find another job in two weeks, many people have a salary that barely covers their living expenses and take much longer to find a new job. In effect, that would be subsidizing employers through unemployment benefits and therefore, cost society as a whole.
<insert joke about american laws having no foresight or absolutely fuck all experience in fighting for workers>
Coming from an American perspective, that is super interesting. I don't think I understand why it is seen as harm to the employee? They are getting full pay, but aren't required to do anything for it.
* as an employee, you sign a contract that exchanges your time for both a salary and a job. Refusing to provide either of those is a breach of contract. It's one thing to say "things are a bit slow right now, so do whatever". It is an entirely other one to not give your employee tools, access to things they'd need to do their job, or even leave them wondering if they even have a job still. Doubly worse if you require them to come to the office to not know what to do. Hence, the common solution to that is to change their job to something that just puts them in the corner on mostly useless tasks. They're technically working, but you can't fire them unless you have a good reason to. It's then hoped that the boredom makes you leave. However, that goes in to point two:
* Putting people in such a position is alienating and potentially damaging mentally. You are seen as the guy who does fuck all by your colleagues, you are not allowed to take another job in the mean time, itb is mentally unfulfilling and morally discouraging. Do so at your own risks, because there have been plenty of instances where the employer has had to pay damages.
Basically, if you want to fire someone, either do it and pay the (quite expensive if the employee has been here for a while) indemnities, or don't. The halfway solution of boring them until they quit is illegal.
That doesn't seem right. This discussion (as I understand it) is NOT about having a full time employee with no access.
It is when somebody is explicitly fired and laid off (as is the case in Coinbase, and all the examples I believe we've been discussing in this thread).
They DO know what their status is, it's not ambiguous. Essentially it is: "Hi; You've been laid off; your services are no longer required; we will continue paying you for the remainder of your contractual notice period / two weeks; you'll get whatever package is due to you; please go home and ensure you take all of your materials with you."
This is completely unrelated to any notion of effectively dis-empowering an active employee or keeping them in the dark.
>> You can definitely be paid laid off employee for a period of time, while having your access revoked.
and replying
> In France, this is a breach of contract
And now you write
> you may however send the employee home with his full salary and no obligation to work
Which was exactly the original claim!
I'm not sure if you misread or misunderstood, but you have been arguing incorrectly in most of your subsequent replies, and the sarcastic jibes at other countries don't help.
France is a more trusting society than the USA, so I won't be surprised if gardening leave is less common, but you can be sure it's sometimes used when employees of investment banks, defence contractors, the government, military etc are made redundant or resign.
The core part of the problem is "you revoke his access". It's simple. You revoke someone's access, it is akin to firing, and it is illegal.
Send people home with their severence after the necessary period to inform the employee that they're getting fired, sure. But telling them out of the blue "Fuck off, don't come to work today, your access is revoked" is a breach of contract and is illegal.
So, no, you cannot be a paid laid off employee with no access. You're either employee, paid a salary and with access, or not an employee with your severance package and no access. There is no inbetween, and your lack of reading comprehension doesn't mean i misunderstood.
It is not "Akin to firing", it IS an action following firing or laying off.
>>You're either employee, paid a salary and with access, or not an employee with your severance package and no access.
The latter. It's the latter. We've all been discussing the latter (or at least that's my impression, as that's what the original article is about, and certainly what my post was about :).
No. In many places the law and the contract states that the company has to provide the required means to do work described in the contract.
If they change the job description to "do nothing" then it needs unilateral signing of a amendment to the contract. (And that can count as mobbing.)
Nobody is saying it's the only way to do things. In USA it's not the only way to do things. It's not only done in USA (I worked in Canada and in Europe, never in USA).
I'm Canadian, it's our national pastime to diss our neighbours to the South, but the notion that a laid off employee can be a high risk to the company knows no borders. Are we making a claim that those working on Rafale or Gripen get to keep messing with classified files after being fired, because "we don't DO that in Europe"? :)
Let me tell it differently. I have seen people fired or laid off and exactly one was taken away immediately. The exact same company fire also different people, without walking them out immediately via security.
I have heard of one more person fired that way - it was by American company and pretty much everyone else treated it as great injustice. Team members met with him in nearby pub pretty much right after.
This is true in the US as well. While in some cases you can lay someone off, and immediately stop paying, most of the time there is a period where the former employee will be paid and not have to come to work (or really, allowed to).
It’s the exact same in the US. Most companies pay a decent severance that is tied to tenure and is meant to avoid lawsuits. If you resign and they don’t want you to stay for 2 weeks then they will still pay you.
Severance is different, though. My contract, for example, requires the employer to give me 3 month's notice (well, potentially up to 4 since the 3 month timer doesn't start until the first day of the month after notice was given), and without a very good reason to do so (we think we might run into cash problems if we don't do this wouldn't count), they'd have to offer a significant amount of money to get me to leave voluntarily - often times that ends up being about a month's pay per year worked.
Yes but you can't really "cut them off". You can tell them they don't need to be there, and most will be happy not to. But you can't revoke their access for no reason.
If you want to do that you need to prove they have (already) committed a fault of such gravity that allowing them to stay would harm the company irremediably -- it's a high bar to cross.
Europe is not a country, there are different laws everywhere. I haven't seen one yet, that would explicitly make it forbidden to cut off the access. Can you share a link to such law?
I think they can cut you off here but it's less common.
If I get fired from my company I get like a year's wage to go (and government assistance after that) so I wouldn't be that upset. Hence no need for a disorderly exit.
I think it's more in the US when people are let go with nothing, I think it's pretty obvious that they'd be pissed about it.
I've definitely seen people told there's nothing left for them to do, and their accounts and access immediately turned off. Why would they need access to systems or the office if they have no tasks? Are you saying there's some kind of right they have as an employee to come in and work even if they are told not to and there are no tasks assigned to them?
I have seen people fired in the morning and their access cutoff by noon and them being asked to go on "gardening leave" in Europe.
This is rare but depends on your manager, if they don't want you around.
You will still be paid for the remaining of your "employment" but will not be working.
It’s also more typical in situations where serious damage could be done by a malicious act. I’ve seen a UK Finance Director escorted from his desk because of this.
Even in Austria, tech workers ca be fired on the spot without any reason and sent home (though you stil have to pay them the duration of their notice period, which I believe is called gardening leave on this topic), or you can still keep them working in the office during their notice period, but then you need to give them 10 days off to look for jobs.
Over here in North America is common. Been to so many companies last few years and it’s always escort out of building right away.
The one I remember most is how our coworkers coffee was still there for like a week. She had made it literally right before getting called in for the layoff!
Apparently main thing is they don’t want them to start a scene, talk shit about things, and cause issues with their computer access
Those people's contracts aren't invalidated by revoking access. Those companies are basically saying you're not expected to do any more work except react to our emails until the end of whatever the notice period is. And the same thing might be less common but can definitely happen to you in Europe as well, it mostly depends on which sector/roles you work in.
> You can fire people from the night to the morning only in US
And in most of the Europe and I'd guess also world during probation period (typically in Europe 1-3 months).
But yeah, you can't do that once probation period pass, then it's usually at least 1-3 months PAID resignation period. You can tell people not to come to work and still get salary though, but if they would still wanna come it could get very messy legally.
I had actually only fixed contracts during my EU jobs and either company told me they won't extend the contract or I told them I won't extend it, but they were happy to keep me working until very end.
Only in China during Microsoft layoff I was told I don't need to come to work, while getting compensation, but that was understandable considering me and other Israeli girl were only two people fighting against company trying to cheat us for our legal compensation and it came to me telling them whether they wanna leak certain data and me contact labor bureau about their illegal procedures.
The same happens in Europe. It did not happen to my but a friend but he knew that he was the one to go when he couldn't login to his laptop after lunch break. And when they let him do it to finish some things he got someone watching behind his back.
In Europe I think it's far less common to be fired in the first place, I actually know zero people that was ever fired (but I'm not saying that it doesn't happen, I think it even happened recently at Klarna).
Firing is very common in Europe depending on specific country and it's laws and the industry we're talking about (is it unionized? are the employees easily replaceable? immigration, etc).
In Austria it's super easy to fire jobs like white collar tech workers and sales people without any reason as the employee protection laws are very weak (you just have to give them their notice period). At every company I've worked here I've seen people get fired after not meeting their performance goals(PIPs), or even having too slow velocity in Jira's charts, or just some manager having an axe to grind.
There's no magic protection aura from the government to save you from getting fired here.
Redundancy is a different matter to firing for cause, and I definitely read 'firing' as meaning the latter.
I suspect the fact that some people in this thread read it the way I do, and others (I guess including you?) read 'firing' to include redundancy, is causing a fair amount of confusion / people talking past each other.
(I'm not claiming I'm right and you're wrong, btw, just observing a linguistic disconnect)
It’s true in the US too, depends on the risk of terminated employees causing intentional harm. Most of the time layoffs come with severance making it similar to your “garden leave” situations.
It depends on the company/position more than the country. People with high access levels / dealing with lots of money will be treated differently than receptionists for example.
I’ve been laid off and it’s varied between 6 months notice and 2 weeks.
Note, whether you get walked out the door right away or later, in these types of job you get a severance package.
In my case where it was two weeks it was work 2 weeks, go home keep getting paid for another 30 days, then start your paid 60 day WARN period, then actually separate and receive severance of ~9 months pay plus heath insurance for 1 year.
Did you see the severance the ex-employees are getting? It’s super generous and amounts to months of work. Id rather that than face the humiliation of having to come in for weeks to a company that has fired me.
Flexible labor laws are also a major reason Americans are paid considerably more than euros.
It is not generous everywhere. In the Netherlands you get 1/6 salary for every 6 months, so only two months salary if you’ve been at the company for six years.
talk to your laywer. there is probably some mistake in your paperwork or something that's not so clear or maybe the wrong people were left out/included in the process. European work laws can be complicated and not all hr people are on top of everything.
Helped me a lot a few years back and got me from "you are fired without severance" to "you are paid for six more months, you don't have to come in and here is half a year's pay in severance". Companies want to shock you into submission, hand it to an external party, lean back end enjoy.
I haven't been laid off myself, fortunately, just relaying the information that was given by the company I worked for. That is the standard policy and is quite different from "months of work enshrined in law" as the parent comment suggested.
> Having to spend half your available income for things that are automatically taken on your salary in Europe is _the_ major reason Americans are paid considerably more, with "US tech companies and VCs have so much money they don't give a damn about salary" as a close second.
I don’t think you can name many things here that the American tech workers have to spend on, that are included in typical European social benefits package. For example, if you were thinking about healthcare, you would be very wrong, as American tech workers spend very small fraction of their pay on healthcare, smaller than a typical European tech worker.
Health care for my family of four is $5000/yr at my employee, although that’s pre-tax. If I were single it would be free. This covers essentially everything, I’ve had $10s of thousands of surgery for which I paid nothing myself. I never have to wait for medical care, I can just go same day whenever I want. Prescriptions cost me $0.
Health care in the US is only expensive if you are poor and unemployed, sad to say.
> Having to spend half your available income for things that are automatically taken on your salary in Europe is _the_ major reason Americans are paid considerably more
Are you thinking of anything beyond healthcare? Youre correct that salaries and GDP are difficult to compare, but US disposable income pc is dramatically higher than almost anywhere in Europe, with the couple exceptions being tiny enclaves like Luxembourg or petrostates like Norway. Subtracting healthcare spending doesn't come close to closing the gap btwn the US and eg France.
And this isn't explicable by retirement either, as Actual Individual Consumption is also dramatically higher in the US.
Hell, I'm not even sure your hypothesis makes sense at first glance. If the salary difference was simply a matter of shifting govt spending into the personal ledger, wouldn't pretax incomes be as high in Europe? After all, much of the layoffs we're talking about are high-income enough that the employees would surely be net-payers in any mildly progressive tax system.
I(an american) was quitting a job at a UK company and tried to put in my 2 weeks notice, they said the standard was a 2 months notice for them and so I just kinda bumbled along for 2 months not doing much. Really odd practice
I've usually (in the UK) had 1 month's notice upon quitting and spent it doing documentation updates and handover meetings. I managed to use pretty much the entire time productively - though admittedly one could make a good argument that that was because I hadn't been making time to document things better previously.
I've known quite a few senior developers with a 3 months' notice period baked into their contract.
It's not odd at all really -- it just sounds like you weren't a perticularly key employee. For many roles, the extra time to ensure continuity and handover is very valuable.
Only in the US? What about Australia or Canada? What about China or Russia? You have no idea how hard it can be to fire a state or federal employee here in the US. I’m guessing there are regions or industries in Europe where it is easy to fire employees. The situation is so much more complex than US bad Europe good. Poorly constructed swipes like this are becoming more and more common and it’s disappointing.
This was a well known thing at a company I worked for that was involved with government work. If you were leaving for another industry the last 2 weeks were for finishing up work and saying goodbye to your coworkers.
If you were leaving for a competitor you were walked out within an hour of submitting your resignation and promised your 2 weeks pay. It was so well known that engineers would schedule vacations starting the day after they planned to resign and say their goodbyes to coworkers before telling their bosses.
All sorts of things. Sometimes it's code or documentation/guides they wrote that they believe they're entitled to... Sometimes it's personal things they kept on their work computer/account.... Sometimes it's contact lists... Sometimes it's strategy docs they authored... Sometimes it's password files (which often mix personal and work creds). Sometimes it's whatever-they-can-think-of that might be of value on the share drive...
It's just so incredibly common that I don't understand why any employer doesn't terminate access the instant someone is let go. When people they're in a state of stress just grab whatever they can think of.
If they file a case in court, they are entitled subpoena documents that might support their case, including emails. There is an established procedure for that and company legal/compliance departments have legal-hold policies to freeze anything that might be relevant for a pending legal case.
Trying to forcibly steal those documents/emails is a wonderful way to being charged with a computer crime if it's serious enough. ...but lesser consequences include public lawsuits that impact your career prospects (we did this to one high ranking employee who tried to email herself powerpoint strategy presentations she made and copied to a USB). ...but at the very least, having an attempted theft of documents on record will get any future allegations they might make against the company much easier to throw out.
At one place I've worked at the company policy was to hand you laptop and badge in at 3pm in the afternoon. I had a scheduled meeting/shadowing a installation after handover scheduled at 2pm (due to timezone differences), but it had to pushed back till 5pm, so I kept my badge and laptop over the weekend and I've returned it on Monday morning.
So not only I hanged around, I also made sure that my replacements had all the information they need and I saw that they can fulfill my duties :)
Granted, it was me who gave in his resignation, but it was nice to see that the trust didn't erode during this leaving process.
While in colleague I interned for a major investment bank. They extended my internship since I was doing a good job and have a few weeks to spare.
However IT did not get the memo and the very next day after my original termination date I came to my desk to find my machine wiped and account deactivated.
> we made the decision to cut access to Coinbase systems for affected employees
Apparently they used to do this at Microsoft. Microsoft stopped doing it though because people would freak out if the network ever went down - employees would think "oh my god, I'm about to get fired".
Perhaps Coinbase is speedrunning the evolution of modern HR practices, just as the market it serves is speedrunning through the history of financial regulation.
In finance it's pretty common practice (and in that sense Coinbase is similar to a broker). I remember stories about how half (?) the people working at UBS London came to work one morning to find that their badges didn't unlock the entrance gates anymore. And lots of stories like that in the years following the 2008 crash.
Phones stop working for lots of reasons other than "I've been fired". I'd still show up to work. It'd be pretty bad if your phone indeed had just stopped working, and rather going in to get it fixed, you just assumed you were fired and then stopped going into work, thus actually getting fired for not showing up.
Most people there would probably come into work between 8 and 9am. Even if the phones were deactivated before then, most might not even have noticed (those that did notice might have had a premonition, but what are you going to do about it on your commute?).
Never heard this happen (Scandinavia) other than in the cases where an employee clearly breached laws or company policy. Standard procedure here is that you as a salaried employee will be guaranteed 1-2-3 months (depending on your contract) of notice.
> An employee may usually remain in the post as long as negotiations or legal proceedings are in progress, provided the courts have not decided otherwise.
> [...]
> The employer may summarily dismiss an employee if he or she is guilty of a gross breach of duty or other serious breach of the contract of employment. The employee has no right to remain in his post while the matter is being considered, unless the court has decided otherwise.
A decent amount of states in the US have “at-will employment” laws, meaning you can be fired for any reason (excluding specific things to do with “protected classes” like race, etc.), at any time, with immediate effect and without any notice. Similarly, this means you can quit your job at any time, with immediate effect and without any notice. If you quit, it’s only if you want to maintain reputation or relationships that you should work a notice period, but given the asymmetry of employer-employee power, that ends up being pretty common. For at-will employment, I don’t think there needs to be any severance package or mandatory weeks of pay, but I think it’s offered in many cases.
Having said that, in finance (I used to work at a proprietary trading firm in an at-will state), it’s extremely common for firings to be immediate, e.g., arrive at work, boss calls you to office, get fired, badge taken and you’re walked out and your desk belongings are mailed to you later. More often, you’re walked to your desk to pick up your things instead of having them mailed out, but both happen. But even more often, people are “incentivized” through bad reviews and bad bonuses to quit in advance of a firing.
When I quit, they didn’t want me to leave, and I negotiated a couple weeks of notice to hand over my responsibilities and knowledge, and to maintain some relationships.
I had a non-compete in my original contract, so I would have to negotiate with the original firm as to whether they would enforce it. If so, I would receive gardening leave pay in order to delay my employment at a competing firm. That could be for as much as 2 years, and they would pay my base salary at the original firm in order for me to not start at the competition. This gardening leave is totally different than a severance package though.
Being paid for 1-3 months is entirely independent of whether they want you in the office or not.
In Britain it's called gardening leave, and it's common in finance and other jobs with tight security. You are paid, but you stay and home and do some gardening. (Or, more likely, look for a new job.)
I work with online payment processor and early during the covid pandemic we had some layoffs. They were all notices of 1+ month and everyone of them continued to work for the majority of the notice period. Nobody had anything revoked early.
I understand it happens, but it seems _way_ too common (reading the comments here) compared to what is actually necessary.
Yeah, I worked at a UK bank and was given gardening leave even when I left to start a (somewhat orthogonal) competitor. Actually, they didn't even insist that I served out my leave before starting work. It's an odd system.
I’m would say pretty common? Sometimes it happens to personal accounts if the user has access to sensitive data. For setups that aren’t as sensitive or groups of employees that don’t have access to such data, various systems may be locked down for a period. For example, access to source control or staging/production environments may be generally limited. For unexpected one-off firings, the user is often locked out before they’re aware they’ve been let go.
There's a lot of commentary on this, but people seem to be conflating a couple of points - namely that this cut all access - everything, and emailed to personal email and not just access to "secure" systems. That is pretty unusual, and not something I've seen.
Typically access to sensitive systems is cut, but cutting everything and notifying to personal email seems unusual. Sensitive information should always be segregated and subject to tight controls, which is easy to sever, and then leave regular email and video conferencing in place - ie. the bare minimum necessary to communicate over a work device.
In this episode of Coinbase they learn that authentication and authorization are two different things :D
I was similarly shocked that the only control plane they had to limit access to sensitive information was literally terminating everything. They don't have any kind of access control that would allow them to keep an employee in their system but limit their access. How exactly are they running a "finance company" if they don't have these basic protections.
I could see if they were an early stage startup and just haven't gotten around to it, but they are multiple thousands of employees at this point. In every start up I've worked in, implementing access controls ends up being a priority around 100 employees.
I've never used Coinbase but this revelation makes me not want to ever use them in the future.
Email is often "production data" -- it contains personal data, IP, business relationship information and so on. Sending an email from an @coinbase.com is certainly a production action.
It is only fairly recently that locking people out of the office didn't implicitly remove their access to email, memos, letters and so on.
Common in lots of jobs. I’ve seen people get fired from Gov IT and F500 IT teams where they only find out they’re fired when they rock up to work and their pass doesn’t let them in. Security has their stuff in a box to give to them along with a letter explaining everything.
To be fair, getting fired from those companies meant you actually did something wrong. There wasn’t these mass culls that crypto/startup type companies are famous for.
This is very typical. He is talking about cutting now former employees access to email, source code repositories, internal systems. It is done all the time. It looks very harsh.
IMO it's concerning that they don't have more granular security controls than totally shutting down someone's access (or maybe they do, but they laid off the person who knows how to take access away from production systems without taking away someone's ability to read email)
Every tier 1 support rep needs to be able to pull up at least some of my account information. Sure IT and other internal teams shouldn't have direct access, but when your business is managing other people's accounts/money a lot of people will need to have access to customer data.
But you can still restrict that. Make it so every access must be tied to a specific open ticket. Don't just say "well, this person sometimes needs access to a specific customer's information so they can have permanent always-on access to all customer information."
How do you know it isn't? The only claim was that there are many employees with acess to 'sensitive customer information'. That would be the case even if the employees could only see customer information associated with tickets that they had been assigned.
I have a lot of access to very confidential customer information at my job. But based on passwords I need to request that require someone else to approve. Based on a ticket/incident/change number that actually needs to exist. The password rotates as soon as it expires. All password requests and usage are logged and audited.
If you need to completely revoke someone's account overnight to prevent adverse impact, you designed your "access matrix" incorrectly.
> If you need to completely revoke someone's account overnight to prevent adverse impact, you designed your "access matrix" incorrectly.
This doesn't make any sense to me, and is in fact exactly how it should work.
So you're telling me that every time, say, a CS rep needs to access some sensitive customer information (which is almost every single call), you think they should need to go through some password approval process? Security procedures that are so cumbersome to getting work done get bypassed.
The whole point of SSO systems is that you can immediately revoke access to any and all systems at once by just changing one setting.
Of course it will depend on exactly how sensitive etc. the information is and there are always grey areas.
But indeed, permanent access to sensitive info without ever needing approval from a second person (beyond being hired and gaining the access) seems like a bad idea.
As a teenager I worked an evening job at one of the largest banks in the world, processing mail-in credit card orders. I would sit at a computer, run an app that could query any bank account number, and I'd get their current balance (along with all other personal info). It was part of a series of checks I had to do to make sure they qualified for the credit card.
One kid definitely got fired for querying data on persons they weren't supposed to query for.
With work-from-home, I can imagine there's employees with all sorts of access. And with them being a startup, who knows how much controls they've got in place yet.
Not sure why you are being downvoted, I think in an industry that is rife with crime and theft of enormous sums you would indeed hope that some mature player like Coinbase restricts access to sensitive customer information to a really small part of their workforce.
Having said that, we're still talking about hundreds of people being laid off, so even with excellent access controls this step might be prudent -- e.g. even customer support staff would have access to some stuff that would be useful for social engineering, at the very least.
Unfortunately, least privilege access is not common practice in the industry yet. It's coming along, but it's a huge lift to get everything and everyone onboarded, especially if you have a bunch of legacy systems you need to retrofit. At companies where least privilege is a thing you can just revoke most of a person's permissions while leaving them access to, say, internal email and Slack. Without pervasive RBAC or ABAC that's basically impossible.
> Surly they should have very very few employs that have access to that type of information?
It depends on the nature of the information. If we're talking anything that directly affects liquidity, I'd be surprised if that number was large. But if we're talking regulated or contractually protected consumer information (e.g PCI), that number's probably a bit bigger.
From a customers point of view, sensitive is a fairly broad term. Every customer service agent (of which they're hopefully quite a lot) has access to sensitive information.
You are completely right. Sensitive customer information should be only accessible as a per need basis. It's very bad practice, possibly illegal in many countries, to have free access to production customer data. It's also quite dangerous for a big company. Production databases should not be accessible by developers, logs should need enough to debug problems, and should be scrapped after some time. Metrics can be stored as long as needed, as should not contain personal data but just counters, averages, etc.
A responsible company would consider "sensitive customer information" to be pretty much every bit of customer information - names, addresses, phone numbers, bank accounts. Maybe low-level developers won't have access to that but every member of the infrastructure and customer facing teams will in some fashion because it's 100% part of their job and odds are good that's the majority of the people in the company.
> Those claiming that this is a "crypto" sentiment thing should consider the possibility that the front page of HN will be filled with stories like this from all over the economy within one month
That may very well happen, but Coinbase is directly blaming their layoffs on over-hiring for web3 usecases and ideas that they feel are no longer financially viable.
Places where employees have physical keys face a similar problem; what to do to keep an employee that was fired or quit from having access to things of value they shouldn't be able to access anymore. This is a big part of why key fobs are so popular since you can have thousands of unique ones to enable or disable.
I worked at hotel once where I had keys to everything and I would take them home nightly at the end of my shift. When the hotel changed ownership one of the changes implemented was anyone with hotel keys had to lock them up in one of the front desk safety deposit boxes when their shift ended. At the time I thought this was pointless security theater that wasted 10 minutes of my day. In retrospect, it was probably so we could safely be fired if necessary with our keys still accounted for.
I think it's typical and I would honestly prefer this if I worked somewhere. Our working relationship is over and you've let me go so let's call it a day.
I've worked on security products as a SWE and as a SRE over critical systems, I've never seen this kind of behavior. This says a lot about the relationship Bryan and his team have with the people that work with them, imo.
Edit: not sure what's up with the current iteration of the HN crowd, but downvote is not equal to "I disagree".
Mass-scale layoffs it's almost guaranteed. When you're talking even a single percentage point of employees departing, it's more normal than you might expect.
Some companies even do it after an employee submits notice on their end (paying through the end of the term but disabling access earlier than expected, or even immediately), though this is far less common.
You can keep saying it, but it doesn't make it more true or acceptable. Anyway, the current HN crowd has been disappointing lately, so time to take a break.
> You can keep saying it, but it doesn't make it more true or acceptable.
We agree on whether it's acceptable, but let's be honest, any roles I've held in the past (and all security jobs around the world, really) exist only because people have a surprising potential to be absolutely crappy.
Extremely common in fintech and health care. It's the remote analog to being escorted out by security. I've worked for two health care companies and have had access removed the literal last minute of my last day. One, a large pharma co, used a policy update to remove my ability to log into the company laptop. Not a comment on the practice, only sharing experience.
Very, very typical. Insider threat teams are a thing at many tech or otherwise companies. Nothing specific to crypto other than a higher incentive to have an ithreat team. You should be doing nothing and no one on a work computer that is not 100% work related. Blows my mind that people do otherwise.
Common practice. In places where I have worked if you told the company you had a competitive offer the standard practice was to take 15 minutes to try to get you a matched offer. If you declined or they couldn’t match it was automatic walk off the premise
My first thought is that there could easily be a malicious actor within the not yet laid off employees who could now be actually incentivized to do their bad deed seeing clearly that they may get no notice when fired.
People just "disappear" overnight. Access cut. You've had nothing on your personal computer anyways (all work & data is on company machines, accessed through Remote Desktop).
Asking as a layman to macroeconomics, if you think that the current rash of crypto companies collapsing heralds a greater economic catastrophe, do you have any advice on how to best survive another dot-com style crash?
I'm also a layman, though one of my degrees is in economics, which tbh isn't that helpful here beyond understanding the fundamentals.
My current working model is that there are multiple simultaneous effects, mostly separable but interrelated. In order of decreasing acuteness:
a) asset bubble popping due to imminent rate increases. Crypto the obvious candidate for a correction that IMO was predictable? Future of the industry unpredictable (by me)
b) Tech stock correction and hiring freeze, due to skyrocketing value growth and some overextension during the pandemic. This is a good thing, and a healthy pullback on very recent overestimate of value gains. Fundamentals largely unaffected
c) More secular pullback of tech value into a lower equilibrium. High-growth stocks do well in historically low-rate environment, that we're potentially exiting
d) General recession expected. Marginal tech startups wiped out, bigtech generally still a great place to get paid a ton and buy the market while it's low
I'd love to hear if anyone has anyone else has any disagreements with my working model! I'm far from an expert, but using it for my own decision-making. Eg, I just quit my job, but I was planning to go back to bigtech so I'm not especially worried (plus I have tons of savings and frankly don't care about $ that much). OTOH, I'm not taking much time off, because I expect hiring and possibly salaries to start tightening even in bigtech.
Know how much you spend per month, and what are essentials (Rent, Food, Transport etc.) and what can go if you really need to (Netflix, eating out, etc.)
2. Have 3-6 months expenses in an emergency fund
Usually cash or things not likely to tank during a downturn like stock/crypto.
Do whatever you have to in order to keep your job. Your investments may go up, down or sideways, prices of things might move around, but it's all secondary to keeping a job.
In my first job, the company laid off 200 people, and they found out when they couldn't use their badge to enter the building. Corporations love to do that type of things.
How typical is this? Is he really talking about the hot wallet and/or cold storage?
Those claiming that this is a "crypto" sentiment thing should consider the possibility that the front page of HN will be filled with stories like this from all over the economy within one month.