
In a Leaked Memo, Apple Warns Employees to Stop Leaking Information - jsmthrowaway
https://www.bloomberg.com/news/articles/2018-04-13/apple-warns-employees-to-stop-leaking-information-to-media
======
bondolo
Martin Minow liked to tell the story of the time he got a call from Steve Jobs
right after Steve's return to Apple. Martin was working on Copeland which
hadn't been cancelled yet.

Steve called out the blue one afternoon and said "Hi Martin, this is Steve."
Martin had worked with Steve in his early days at Apple before Steve's
departure. "Hi Steve." "Look, we know you've been sending emails to Henry Norr
who works at MacWeek. We can't read them because they are encrypted, but you
better have an explanation of why you are talking to journalists." "He is in
my running group. That's it." "That's it?" "Yep, that's it." "OK, make sure it
stays that way." and Steve hung up. Martin was flustered by this call so got
up and left his office. In the hallway were his manager and a couple security
goons just standing around. "Hey." "Hey." and he went off to the restroom.
When he came back the goons were gone. It never came up again.

I miss Martin.

edit: [Spellcheck corrected "Minow" to "Minnow" and I failed to notice. You
should find plenty more hits on "Martin Minow"]

~~~
bllguo
hmm, the first result in google for "martin minnow apple" that contains all
those keywords is your comment

~~~
newman8r
Yeah I can't find anything either, good fact-checking. Hopefully just a
misspelled name.

~~~
bondolo
Spellcheck had indeed "corrected" the spelling of his last name from "Minow"
to "Minnow". Now fixed.

~~~
newman8r
sounds like he was a pretty cool guy to work with
[https://tidbits.com/2001/01/01/the-passing-of-martin-
minow/](https://tidbits.com/2001/01/01/the-passing-of-martin-minow/)

~~~
Maxious
That even mentions the running club!

------
IBM
Somewhat ironic that this memo got leaked but I think in this case it actually
serves their purpose for it to be read by everyone (including potential
employees).

I think this part is key and is something I've always wondered about:

>While it may seem flattering to be approached, it’s important to remember
that you’re getting played. The success of these outsiders is measured by
obtaining Apple’s secrets from you and making them public. A scoop about an
unreleased Apple product can generate massive traffic for a publication and
financially benefit the blogger or reporter who broke it. But the Apple
employee who leaks has everything to lose.

I completely understand what's in it for the reporter, but I've never
understood what the employee gets out of it. I've been reading Mark Gurman's
scoops about Apple for years so I'm definitely biased in wanting that to
continue. It just seems like there's tons of upside for the reporter and only
downside for the leaker.

Also I wonder what goes through a reporter's head when one of their sources
get fired because they leaked to them. I'd feel extremely guilty if someone
was fired or prosecuted because of me. Not sure how they do it.

~~~
yodon
>I’ve never understood what the employee gets out of it

The intelligence services have done a great deal of research into the persona
of the press leaker/Wikileaks leaker (as distinct from the more traditional
espionage leaker). A common trait is for the press leaker to be either highly
over-qualified for their job or believe themselves to be over-qualified for
their job. The belief coming out of that research is a sense of being under
appreciated and a deep need to be recognized by someone (even themselves) for
something they’ve done is the primary motivation for this class of leaker. The
“leaking good and important things” blanket that the leaks are wrapped in then
becomes a secondary factor that is used by the leaker to justify their actions
to themselves in their quest for the recognition they need. I doubt if
corporate press leakers have been studied as heavily as intelligence sector
leakers, but the chances are good there are some similar motivations at play.

~~~
jadedhacker
I'm a little skeptical. The intelligence services would say something that
would make you skeptical of the motivations of leakers. If they're selfishly
motivated the public doesn't mind them being locked up and put into isolation
and tortured in ways that don't leave a mark.

The leakers that come to mind immediately are Edward Snowden and Chelsea
Manning whom both suffered greatly for their leaks (Snowden had to leave his
life behind and Manning was kept in isolation and had her medical needs
neglected amongst other things). While they both may have wanted to be
recognized as having done something good, they also clearly wanted to let the
public know what the government was doing in their name.

~~~
Cyph0n
Didn't Manning leak classified information that threatened the lives of
foreign operatives?

I never understood why Snowden and Manning are put on equal footing in that
regard.

~~~
ebullientocelot
I don't know, but I can speak from experience as a former enlisted soldier in
a deployed military intelligence section of the US Army: 95%+ of the "secret"
stuff I had access to wouldn't even have been of great interest to the local
insurgents, to be honest. The line soldiers going out on mission everyday
openly talked in chow halls about their mission schedules and things that
would have been far more interesting to the insurgents than what I had on my
computer.

Now granted, the mission plans would have been pretty interesting to the other
team (I almost wrote the word enemy, but I don't believe that to be accurate,
but that's irrelevant to this post), but those were printed out and ended up
laying around on desks, all the platoon leaders / platoon sergeants had them,
and despite best efforts to keep track of that stuff it is never 100%.

Granted, Chelsea may have had WAY more access than I did, I'm not trying to
speak about things I have no facts regarding. I am trying to say that I find
it VERY hard to believe that an E-4 intel soldier (or even most O-6's, to be
honest) would have access to anything that could compromise field intelligence
activities or actionable information about the goings on with special forces
teams. The overwhelming majority of the information we had on SIPR (basically
the 'secret' internet for USG, the computers with red cables coming out of
them) relevant to the local theater of operations was an insanely disorganized
mess of reports following missions, almost none of which had anything juicy in
them.

Having become a software engineer and math guy after getting out of the
service, looking back on the "information" available to US and allied
commanders in Afghanistan I'm 100% certain that my current boss would fire me
for delivering such a mess.

EDIT Looked up Manning's unit level: Full Disclosure: Chelsea Manning worked
in a Brigade level S-2 (intel section), and I was only at Battalion, so she
definitely had better systems / access than I did. I still doubt she could
find out what Jason Bourne was up to.

------
cromwellian
I think Apple obsesses too much about secrecy and attributes too much of it to
its success. Except for the iPhone launch, almost nothing they've launched
hasn't been leaked ahead of time, and yet, it is still the most valuable
company in the world and their sales are through the roof.

It seems they are still pining for that "shock-and-awe" of Steve Jobs original
2007 iPhone introduction, but don't realize that's no why people buy Apple
products these days.

Think of the negative repercussions of this. Creating a hermit kingdom, with
chilling effects where people worry about collaboration with the outside
world. It has certainly had some effect on the ability to recruit AI
researchers.

~~~
stouset
There's a huge advantage in your competitors not knowing what your focus is,
particularly if you're working on something out of left fields.

The more you can hide from them, the more of a head start you can have over
them.

~~~
cromwellian
Does Apple have a head start on most things they do? Most observers
acknowledge they aren't usually the first to do something, rather, they're
good at execution and polish. They were beaten to market on pretty much
everything: watches, bezelless displays with notch (e.g. Essential Phone),
smart/speakers (Amazon, Google, Sonos), Streaming/TV (Roku, Amazon,
Chromecast), etc.

Really, I think the world would be better if they published more openly and
were more open, and I don't think it would really hurt their ability to
outsell their competitors at all. Let's say they're working on AR glasses
(which they probably are) and Samsung catches wind of this and rushes to
market with Samsung AR glasses. How many Apple fans actually think this will
make a difference to people in the Apple ecosystem buying Apple AR glasses?

At this point I think the secrecy does more harm than good.

~~~
valuearb
If they told the world that the solution for touch screen phones failing in
the market was this little idea called the “proximity sensor”, Google would
have beaten them to the market with Android and the iPhone would be far less
successful.

Apples success is built on unique inventions, in design, software and
hardware. They rarely are first to market in any category. They are almost
always first to market with the first mass market useful combination of
features in those categories.

~~~
dpkonofa
Except that wasn't at all what Android was when the iPhone was released.
Android was still a Blackberry clone at that period in time due, in part, to
the secrecy surrounding the technology in the iPhone.

------
Jyaif
Weird, a friend at Apple received the same email, but with different numbers.

(giving leakers heart attacks is a hobby of mine)

~~~
calvinbhai
Easy way to narrow down who is leaking eh?

Always thought that’s the best way to narrow down the leaks. Give variations
of info to subgroups, and target the group based on which variant was leaked.

~~~
jlgaddis
As I was reading the memo in TFA, I thought "I wonder if this memo has slight
differences in it based upon who is viewing it".

Specifically, I noted one place where I thought a comma should normally have
been. Perhaps it's "paranoia", but it seemed like that is one possible
"variation" that could have been used.

I don't know how many Apple employees would view this memo (it seems unlikely
that all ~135,000 would) but it doesn't seem like it would take very many
slight differences like this to be able to generate a unique version of this
memo for each viewer.

At that point, Apple just has to sit back and wait for the memo to leak.
Compare the version of the memo posted in TFA to the "unique versions"
rendered to the employees and you've either identified the leaker or, at the
very least, significantly narrowed down the possibilities.

If Bloomberg were being careful, they would attempt to obtain copies of the
memo from multiple "leakers" and compare them very carefully before
publishing, making sure to look for these minute differences between them. If
any were found, they'd have to be very diligent when posting the memo for all
the world to see -- _if_ they were being careful and _if_ they cared about
protecting the leaker's identity (one would assume they do but I think it'd be
safe to assume there's a limit to how far they're willing to go).

Regardless, it's pretty clear that this is a huge attempt by Apple to deter
any leakers or potential leakers from doing so.

~~~
walrus01
> As I was reading the memo in TFA, I thought "I wonder if this memo has
> slight differences in it based upon who is viewing it".

> Specifically, I noted one place where I thought a comma should normally have
> been. Perhaps it's "paranoia", but it seemed like that is one possible
> "variation" that could have been used.

This is one of the methods taught in "counterintelligence 101" type classes at
intel agencies. Create something hot and surprising, salt it with specific
phrases, grammar or punctuation, and then leak it into a number of different
compartments. If you have access to where the intel is leaking _to_ , obtain a
copy after it gets leaked, and figure out which of your compartments it came
from.

~~~
lifeformed
If people are aware of this, what if someone finds the variations, and
modifies the document and then leaks it, framing someone else for the leak?

~~~
walrus01
You would have to be in possession of the index of which unique modification
correlates with which person or group it was distributed to, which is usually
knowledge only held by the creators of the salted documents.

~~~
duckmysick
Not necessarily. You don't need to randomly change the structure of the memo.
You just need to leak a version of the memo that someone else received. It's
not that hard to believe that someone would leave their account unattended for
a moment.

------
trevyn
My favorite take on Apple’s culture of secrecy and how it harms everyone comes
from the illustrious Bret Victor:
[http://worrydream.com/Apple/](http://worrydream.com/Apple/)

In short, your personal goals and the goals of the corporation and its
executives rarely align as much as you think.

~~~
kec
I don't really understand what you're trying to get at. That just sounds like
sour grapes from someone who didn't totally grok that what you do on company
time belongs to the company.

~~~
wpietri
The notion that "what you do on company time belongs to the company" is one
possible relationship between labor and capital, but far from the only one.
And even that phrasing is a little misleading, because executives often get
much more latitude here; the principle in practice seems to be less about
serving the collective interest of all stakeholders (that is, the company) as
serving the power structure's current occupants.

Many companies are pretty flexible about what you talk about as long as giving
out the information doesn't cause immediate harm. It's not unreasonable for
people at much stricter companies to complain that their company is being
unnecessarily strict in ways that are detrimental to the employees.

~~~
ghaff
I learned recently of the formal approvals needed at $LARGE_TECH_COMPANY that
I don't think of (as an outsider) as being especially super-secretive to give
an external presentation. I was probably more surprised than I should have
been. But it did shock me a bit compared to where I am--which is admittedly
pretty far on the open side of the spectrum.

------
bhuga
> Leakers do not simply lose their jobs at Apple. In some cases, they face
> jail time and massive fines for network intrusion and theft of trade secrets
> both classified as federal crimes. In 2017, Apple caught 29 leakers. 12 of
> those were arrested.

This is an email they sent to employees? It sure doesn't sound fun to work
there.

~~~
brianpan
You can also go to prison for insider trading. Is this also too onerous for
you?

What reason is there for leaking information about the company you are
currently working for?

~~~
pcwalton
I think the tone is heavy-handed. Leaking can happen accidentally--for
example, by leaving an iPhone in a bar--and sending the message that this
could result in criminal prosecution doesn't seem good for morale.

Of course, every employee at Apple knows the culture of the company, so it's
not like it should be any surprise.

~~~
IBM
The guy who left the iPhone 4 at a bar was never fired _because_ it was an
accident. In fact he stayed at Apple until 2017 [1].

[1]
[https://www.linkedin.com/in/graypowell/](https://www.linkedin.com/in/graypowell/)

------
walrus01
I wonder how many ex-intelligence-agency counterintelligence people Apply
employs. Probably at least a few.

Question for those who've gone through CI training: Do Apple leaks all fit
into one of the MICE categories? I don't think there is any _new_ motivation.

(Money, Ideology, Conscience, Ego)

Would be very interested to see what programs they have developed to
intentionally generate false but plausible information internally, get it into
the hands of specific people or workgroups, and see if/where/how/when it
leaks. Usually done for the purpose of identifying specific leakers or
compartments that are leaking.

~~~
trisimix
As of a CI would respond haha

~~~
walrus01
Given the scale/size/financial scope of Apple I would be entirely unsurprised
if they had an entire TSCM group recruited from ex-three-letter-agency people
and a group of HUMINT experts functionally equivalent to CI, but with a
different name.

------
Fice
There is also a possibility, that at least some of the "leaks" are in reality
marketing ploys orchestrated by the company.

~~~
Apocryphon
It really seems like a company with the resources and obsessiveness of Apple
would have counterintelligence teams to manipulate public perception with
false leaks.

------
cabaalis
I am interested in what criminal activity warrants an arrest for leaking
company information. Seems like it would be a civil issue?

~~~
UseStrict
The Computer Fraud and Abuse Act casts a pretty wide net, stealing
credentials, abusing shared access, etc.

~~~
paxys
Also IP laws, industrial espionage laws.

------
foobaw
This highly contrasts Netflix, which barely has any leaks, although discloses
almost all their information to employees.

Is it Apple's company size and culture that make leaks inevitable?

~~~
sugarpile
There are about five comments saying there is nothing Netflix employees can
leak that people care about. You’re all thinking too tech centric.

Nielsen, studios, and the press would love to get their hands on Netflix’s
viewer numbers and associated demographic data for a given show or movie.

~~~
apetresc
Sure, but how would we know if those did get leaked? I'm sure it happens all
the time. We just know about consumer-product leaks because they're being
leaked to _us_ , the public.

------
forapurpose
> The crackdown is part of broader and long-running attempts by Silicon Valley
> technology companies to track and limit what information their employees
> share publicly

The contrast between the aggressive privacy of companies (and government) and
the non-existent privacy of individuals is shocking. Apple claims to have
people arrested for violating its privacy; practically, I have no power - they
can take almost whatever they want and do whatever they want with it, and
there's nothing I can do.

In fact, the complete lack of privacy by individuals may the means by which
companies find who released the information.

Finally, these moves are counter to an open society. In an open society, it's
the powerful people and public institutions who need to be transparent - they
are the threats to democracy and liberty - not the everyday private citizens.

~~~
dpkonofa
I don't understand the article's assertion in the context of this being
something unique or new to Silicon Valley. Companies have always tried to keep
trade secrets behind closed doors and limit what employees share about them.
They wouldn't be "secrets" if they weren't limited to select individuals and
had information that was ok to disclose publicly.

The idea that this is some new Orwellian culture shift is so stupid...

~~~
forapurpose
I was going to address this comment until I read the last two words, which
just shut down intelligent discussion.

~~~
dpkonofa
Why? Intelligent people can't use the words "so stupid"?

------
jaclaz
>In 2017, Apple caught 29 leakers. 12 of those were arrested.

And what happened to the other 17 (the majority)?

Were they "just" fired, were they hot iron branded or obliged to wear at all
times a scarlet L ?

~~~
jacquesm
> 12 of those were arrested

It's pretty weird to see the breach of an NDA in a corporate environment lead
to an arrest rather than just a civil lawsuit between the two sides of a
contract. Apple seems to be a bit eager here to play the fear card and I find
it surprising that law enforcement would do more than take their statement and
give them a copy of it. Breach of contract would be the worst that you could
accuse a leaker of, which is not typically a criminal affair.

Is it normal to have people that break NDA's to be arrested?

~~~
pcwalton
I would guess that those who are arrested are the ones along the supply chain
involved in leaks to countries who are economic rivals to the US (China, in
particular).

But I wouldn't put it past Apple to try to prosecute anyone and everyone who
leaks.

------
rm_-rf_slash
I worked at Apple in the past. I pride myself on having never told a soul what
I really did there, as anyone who does know was informed through proper
channels.

Perhaps if I had worked at some other company and saw highly unethical/illegal
shit going on, I might consider whistleblowing, but I would never leak for the
sake of leaking, even if it would cause a lot of hype or news commentary. It
just seems sociopathic to do so.

Same goes for this memo. And if the leaker is reading this comment right now,
then I ask, rhetorically, if you don’t feel comfortable with your employer’s
preference for secrecy, then why are you working there?

------
userbinator
Fortunately companies cannot yet control their employees completely, and so
leaks will keep happening. This may be rather controversial, but I think
that's a good thing. It pleases me to see people who do not completely toe the
line getting themselves into companies for the purpose of eventually leaking
something, effectively hindering the rise of total corporate control.
Especially with a company so secretive and forceful in its mission of locking
out devices against their owners (and attackers, ostensibly), it's good to see
some "retaliation".

To all the leakers: we need people like you, who are not afraid of the
consequences of doing what you think is right. Many thanks to those who leaked
the schematics and service manuals for various products (including Apple's),
the HDCP master key, the AACS key, the SD card specs, the memory stick specs,
everything on SciHub, and the list goes on... countless people would not have
gained the knowledge and skills they have without your neighbourly efforts.

Some related commentary:

[https://news.ycombinator.com/item?id=11008717](https://news.ycombinator.com/item?id=11008717)

[https://news.ycombinator.com/item?id=16346174](https://news.ycombinator.com/item?id=16346174)

Edit: interesting to see the points on this bounce up and down. It seems I've
struck a nerve.

------
mattsfrey
The most disconcerting thing about this is how effective their security
measures appear to be. One has to imagine how pervasive their surveillance is
to catch this many leakers.

------
sergiotapia
Can they not tweak specific word variations to track down where the leak is
coming from? You can narrow it down to which department the leak is coming
from at least.

~~~
tajen
Is there a name for that? Steganography? Watermarking? Both don’t specifically
describe the idea of swapping words or homographs (rn = m) to embed the name
of the person who received a copy of a document to bust the leaker.

------
Mrtierne
You gotta love when real headlines are indistinguishable from The Onion

------
rajacombinator
Can’t think of many relevant product leaks from Apple ... maybe stuff about
their chip and display manufacturing? Their consumer products are pretty
straightforward and all the leaks come from China anyway.

------
Mononokay
> Josh Shaffer, whose team’s work was part of the iOS 11 leak last fall.

Is leaking the reason it was rushed out the door? If not, I can't imagine why
he's upset about it.

~~~
deft
Yeah, how does it affect him at all? He worked on a great product and the leak
didn't make it worse. Most likely just Apple trying to add a personal element
to dissuade leakers, by also accusing them of hurting friends/colleagues.

~~~
djcapelis
For a moment, imagine the situation:

You show up to work each day. You've been working a lot lately, but you're
really excited about the thing you're working on. You're looking forward to
when it's ready and ships. But it's not time yet. It's not ready. You want the
world to see it when you're ready to really show them something. Not just the
idea of a thing, but the actual thing. When they can see it, touch it,
understand it and breathe it. When they can really appreciate what you've been
doing.

You've been working on this thing for awhile. You know there's still a long
slog ahead. But you think—hey, one day soon, we'll get to talk about this
thing.

Then one morning, you get into the office and you see some blog is talking
about your project. They have a bunch of the details wrong, but it's
definitely the project you're working on. And they're saying it's coming out
in the next update.

Your work never has the chance to speak for itself. Someone decided to speak
for your work instead. Just so they could feel important. It wasn't even their
work to speak for. It was yours, and you and others had already been making
decisions on how you wanted to talk about it, what things you wanted to show
and where and how you wanted the work to speak for itself.

Wouldn't you be annoyed about it?

Wouldn't you be disappointed that someone leaked your work when later when you
do finally announce it people don't let your work speak for itself, but just
compare your work to whatever their minds imagined, made up and idealized
about what you might be working on, doing or building?

------
5_minutes
What I find baffling is the difference in leaks pre and post Jobs era.

Perhaps management should look at themselves also why people are leaking now
and weren’t before.

~~~
djrogers
Nothing baffling about it - things leaked a lot when Steve Jobs was around. We
all knew about the iPad before it was announced, we all knew they were making
a phone, etails would leak about new MacBook Pros, etc. etc.

What we do see now that's different than it was 10 years ago are supply chain
leaks. Apple has to have such a long ramp to manufacture it's first week worth
of iPhones, that it's inevitable that some of the 10s of thousands of people
in the supply chain will leak. Often for money, given the culture and pay
scales in China...

~~~
ksec
I think there are difference. The leaks wasn't as detailed in SJ era, he will
be pissed if things not go his way. Supply Chain were doing a lot more to
cover up.

These days Tim takes a much more relax approach, comparatively speaking. You
have employees that doesn't even know what you should or should not talk
about. ( The Person responsible for NFC ).

Steve's era employees used to joke about Information leaking from the higher
up management, which was true. Nowadays it seems to be going out everywhere.

------
fishnchips
Now looking forward to the leak the memo about the leak of the memo about the
leaks.

------
arnonejoe
I wonder how the leakers mentioned in the memo were caught?

------
wannabedevelopr
The irony...

------
ninjakeyboard
Yo dawg! I heard you liked leak memos, so I put a leak memo out on your leak
memo.

------
readhn
How much does a major leak of apple inside information cost?

$50,000

$100,000

$200,000

more?

I am assuming they dont leak the information for free. And if they do it for
monetary reasons - the amount has to be large enough to justify risking your
job (freakonomics 101). If they do it just for their ego boost (oh i got
approached by so and so i must be very important) - then they are dumber than
i thought.

------
sneak
This article sounds like it was written by Apple. “everything to lose”?
Really?

~~~
jsnell
Everything after the bolded "Here’s the memo:" is indeed written by Apple.
That's kind of the nature of quoting a memo...

~~~
MajorSauce
TBF, they should have worked the formatting so that it is easier to find for
someone looking the said memo without having to scan through the whole
article.

~~~
ghaff
And the wording of the memo--quoting people and so forth--reads more like a
news story than it does an internal memo. I had to go back through it to
realize that the entire bottom section is a memo because memos are typically
written in a single person's voice.

