By John Gruber
Kolide — User focused security for teams that Slack.
Mark Gurman has obtained a copy of a company-wide memo on leaking, and published it at Bloomberg. I suggest skipping Gurman’s summary of the memo and scrolling down to the memo itself. Curiously, Gurman doesn’t say when the memo was posted and he omits its headline. I’ve heard the memo was posted on Monday this week, and the headline was “The Impact of Leaks”. Some observations, starting with the opening:
Last month, Apple caught and fired the employee responsible for leaking details from an internal, confidential meeting about Apple’s software roadmap. Hundreds of software engineers were in attendance, and thousands more within the organization received details of its proceedings. One person betrayed their trust.
The employee who leaked the meeting to a reporter later told Apple investigators that he did it because he thought he wouldn’t be discovered. But people who leak — whether they’re Apple employees, contractors or suppliers — do get caught and they’re getting caught faster than ever.
Gurman doesn’t mention that the meeting was leaked to Gurman himself — the person who leaked this story was caught and fired. I can see why Gurman and Bloomberg might not want to emphasize that.
Investments by Apple have had an enormous impact on the company’s ability to identify and catch leakers. Just before last September’s special event, an employee leaked a link to the gold master of iOS 11 to the press, again believing he wouldn’t be caught. The unreleased OS detailed soon-to-be-announced software and hardware including iPhone X. Within days, the leaker was identified through an internal investigation and fired.
The iOS 11 GM leak revealed the name “iPhone X”. It also confirmed features like Face ID and wireless charging, but the name was the big one. Face ID and wireless charging had been rumored for a year, but until that leak just three days before the event, we had no idea what Apple was going to call its new phones.
Global Security’s digital forensics also helped catch several employees who were feeding confidential details about new products including iPhone X, iPad Pro and AirPods to a blogger at 9to5Mac.
It’s unclear which stories at 9to5Mac this is about, but the AirPods story is probably this one, which was a huge scoop published 9 months before AirPods were announced — by none other than Mark Gurman. It seems possible that every single specific example cited by Apple in this memo was someone leaking to Mark Gurman. Makes you wonder who had the balls to send this memo to him. We’ll be getting into Inception territory if the leaker of the memo on leakers getting fired for leaking to Gurman gets fired for leaking it to Gurman.
Leakers do not simply lose their jobs at Apple. In some cases, they face jail time and massive fines for network intrusion and theft of trade secrets both classified as federal crimes. In 2017, Apple caught 29 leakers. 12 of those were arrested. Among those were Apple employees, contractors and some partners in Apple’s supply chain. These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere. “The potential criminal consequences of leaking are real,” says Tom Moyer of Global Security, “and that can become part of your personal and professional identity forever.”
Getting fired for leaking — we all knew that happened. But this is the first I’ve heard of leakers being prosecuted criminally and going to jail. Apple is not fucking around regarding leaks.