Recently, I have been learning about industry norms, legal discovery proceedings, and incentive structures related to companies building risky systems. I wanted to share some findings in this post because they may be important for the frontier AI community to understand well. 

TL;DR

Documented communications of risks (especially by employees) make companies much more likely to be held liable in court when bad things happen. The resulting Duty to Due Diligence from Discoverable Documentation of Dangers (the 6D effect) can make companies much more cautious if even a single email is sent to them communicating a risk. 

Companies tend to avoid talking about risk through documented media.

Companies often intentionally avoid discussing the risks of what they are doing through permanent media such as email. For example, this article gives some very shady advice on how companies can avoid liability by using “safe communication” practices to avoid the creation of incriminating “bad documents”. 

Often the drafters of these documents tend to believe that they are providing the company with some value to the business. For example, an engineer notices a potential liability in a design so he informs his supervisor through an email. However, the engineer’s lack of legal knowledge and misuse of legal vocabulary in the communication may later implicate the company with notice of the problem when a lawsuit arises.

I personally enjoyed the use of “when” and not “if” in the excerpt. 

This is a perverse consequence of how it is relatively hard for companies to be held liable for risks when it cannot be proven they knew about them, even if they did. When an incident happens and a company is sued, evidence about its role in the problem is gathered during what is known as the “discovery” phase of a lawsuit (emails are usually discoverable). When records showing that a company had knowledge of the problem are found in discovery, they are much more likely to be found liable.

One email can have a lot of power.

The unfortunate consequence of how discovery works is that companies strategically avoid communicating risks via documented media. But there is a silver lining. The threat of liability due to documented communications of risks can have a lot of influence over how cautious a company is. One discoverable record of a risk can be very impactful.

I like to call this the 6D effect – the Duty to Due Diligence from Discoverable Documentation of Dangers. 

 A few examples

Here are some notable examples of companies being held liable for damages because they ignored documented communication of risks (but there are many throughout legal history). 

  • In Grimshaw v. Ford Motor Company, 1981, Ford was held liable for damages involving a fatal crash with a Ford Pinto because it was shown that leadership within the company ignored warnings about problems with the vehicle’s fuel system. 
  • In April of this year, a large settlement was reached after the 2017 Grenfell Tower fire in London, which killed 72 people. A big factor in the lawsuit was that the company managing the tower had ignored numerous fire safety warnings which were found in discovery.
  • Last year, the Hardwick v. 3M case ended. It was a class action lawsuit from 2018 about the presence of harmful “forever chemicals” (PFAS) in consumer products. The company behind these chemicals was found to have known about risks since the 1970s but was knowingly negligent, which led to a ruling against them. 

Miscellaneous notes

  1. The 6D effect can result from any discoverable communication, but it is especially powerful when the warning comes from an employee of the company itself. 
  2. If you communicate a risk, it is important to speak up and bring documentation of it to the attention of a court during the discovery phase of a lawsuit. 
  3. If you are aware that something a company has done is hazardous, it is your ethical obligation to inform the company, but it is NOT your ethical obligation to help them fix it without compensation. Make sure not to let a company take advantage of you. 

Three takeaways

  1. If you work at a company doing potentially risky things, insist on discussing dangers through documented media. If you are retaliated against for documenting communication of risks, you may have grounds for legal recourse. #notlegaladvice
  2. If you notice something risky, say something. If the thing you predicted happens, point out the fact that you communicated it. 
  3. Safety-focused companies (such as those working on frontier AI systems) should have explicit policies about documenting all discussions of risk.
New Comment
42 comments, sorted by Click to highlight new comments since:
[-]Persol5729

I’m an engineer for train systems. Our equipment kills people everyday; usually because of trespassers/suicides, but infrequently due to other reasons.

I can always make a system safer, for a cost. The IS rail industry spent a billions dollars on Positive Train Control, and statistically may have save a life a year, while making trains slower and less reliable.

That system was implemented due to the thought process described here. An email saying “that is too expensive for the cost of one life so we won’t do it” is not going to stand up in court.

Things as simple as the volume of the horn fall into this category… and make life worse for everyone. The US Code of Federal Regulation have an allowable range for horn volume. For residential areas this volume is just too loud. So horns historically are designed to allow the operator to blow however loud they need, with the full horn matching the regulation.

Someone sent an email saying “but the operator can blow the horn noncompliantly”… so now all horns are louder on new trains. Everyone living near a train is more inconvienced, no lives are saved, but legal doesn’t need to argue about the email in court.

Great point. In a lot of cases, we're too reactive to perceived risk rather than not enough. I have a hard time guessing whether enforcing that through litigation is worse than regulation, which has its own iffy track record.

Some (Exxon, as an example) have communication policies, which I always understood to be about spam or phishing, that automatically delete any externally-originating email unless it is on a pre-approved whitelist. Now I'm wondering if this thinking plays a role as well.

There's rules about discovery that definitely make the auto-delete practices helpful. Deleting suspicious records based on their content is fraudulent and can land you in jail or with bigger damages if you're ever caught. But having a standard policy of deleting all messages after X amount of days is protected until you have positive knowledge that there's impending litigation.

Sorry for the delayed response, but fyi in this case I don't mean after X days, I mean if you aren't whitelisted in advance the intended recipient never gets the email at all.

I genuinely can't think of a situation where this makes sense, either as a way to keep the email clean for discovery or anything vaguely related (like concerns about employees leaking to journalists). On the other hand, it makes a lot of sense for phishing prevention. Seriously, if you can think of an example, tell me. I'm stumped.

I have no idea, I was thinking in terms of outsiders informing people of problems. It would be more for downstream products than anything else. But you're probably right and this whole line of thinking is irrelevant.

On reading this post, I immediately thought of sending companies email about risks as a way to inject potential liability into their decision process. "Hey, I cut my finger on your sharp holiday ornament. You should get that looked at." Then, when there's an ornament class action suit, it can be shown that they ignored the information. More to the point, in theory they might be motivated to preemptively address the risk to avoid this newly enlarged liability, especially if legal counsel is copied. It's slightly fanciful in the real world, but that's the theory.

So yes, I would not be at all surprised if the email whitelist practice is in part to avoid liability.

Promoted to curated: I liked this post in how it made a single and concrete point clearly. 

I do feel a bit like there is a mood missing here about how this is doing something that in-aggregate makes it much harder for an organization to get anything done, and that the thing proposed here is of course in some sense a defection, but I still overall think the post is pretty valuable as a reference.

Persol's comment upthread seems to address the missing mood if I'm interpreting them (and you) correctly? 

If you notice something risky, say something. If the thing you predicted happens, point out the fact that you communicated it.

I think this needs to be emphasized more. If a catastrophe happens, corporations often try to pin blame on individual low-level employees while deflecting blame from the broader organization. Having a documented paper trail indicating that you communicated your concerns up the chain of command prevents that same chain from labeling you as a "rogue employee" or "bad apple" who was acting outside the system to further your personal reputation or financial goals.

  1. If you work at a company doing potentially risky things, insist on discussing dangers through documented media. If you are retaliated against for documenting communication of risks, you will have grounds for legal recourse. 

Based on what legal reasoning? 

You put in hashtag 'not legal advice', but to say it so confidently suggests it's not just a random thought.

He might be thinking of whistleblower protections? But really, I've done a bit of research into this just now and I don't see any legal protections for not following company policy on e-mails. I would err on side of listen to company policy unless you want to get fired.

The flip side: if you know damn well you're breaking the law, don't talk about it over email or text messages - stick to voice calls.

I agree. I further recommend sticking to in person unless you have no reason to believe that your calls are automatically recorded or being tapped. Records of WHO you called are pretty easy to get too so if you have a history of only 1 call per week with your engineering team but all of a sudden have 20 calls with them in one day right after knowledge of a big incident occurred that can be used against you.

What do you think is in general the proportion of times that such things when they happen count as technicalities rather than substantial proof of liability? Is the legal practice such that it can be a problem to even discuss about products in development, or is the law mostly reasonable and only goes after substantial problems?

? Is the legal practice such that it can be a problem to even discuss about products in development, or is the law mostly reasonable and only goes after substantial problems?

It's not just the law. It's juries. 

Yep, I meant law as the process of law.

The answer there is if you can get it into evidence then you can get it in front of a jury.  A big part of what lawyers do in litigation is argue about what gets into evidence and can get shown; all of that arguing costs time and money.  I think a fair summary is if it's plausibly relevant, the judge usually can't/won't exclude it.

[-]jsd31

I'm grateful for this post: it gives simple concrete advice that I intend to follow, and that I hadn't thought of. Thanks. 

I feel like a flaw here is that given that we're assuming that our hero is willing to both speak up about risks and provide evidence to lawyers suing his company when things go wrong (because he wanted to communicate those risks in discoverable form), how much actual benefit does this provide over just being willing to testify? If I testify that I told the CEO that our widgets could explode and kill you, the opposition isn't going to be so stupid as to ask why there isn't any record of me bringing this to the CEO's attention. The first lawyer will be hardly able to contain his delight as he asks the court to mark "WidgetCo Safe Communication Guidelines" for evidence. The opposition would much rather just admit that it the conversation happened.

If there isn't much benefit, then why would you take the risk of defying the company's communication policies? You may have legal recourse in the event of retaliation, but you may not succeed. You don't want to do something stupid just because you have legal recourse if it goes wrong. Especially if you have less stupid options that meet the case.

I think companies have these policies in part because not every discoverable document which can be used effectively against them in a lawsuit is necessarily an actual example of something that was an actual legal wrong that should be used against them. Sometimes you might have an innocuous concern which is effectively twisted into damning evidence by some shyster of a lawyer. You can ultimately prove that it is innocuous, but you have to spend millions of dollars in legal fees to do so. And so you take the $250,000 settlement offer said shyster proposes, which was his plan all along.

So then when you go to sue your former employer for firing you over your defiance of the company's communication policy, the company's lawyer says that they have legitimate concerns about frivolous lawsuits, they have a policy to help prevent this, and you refused to abide by it, so they fired you. They recognize that you couldn't have been prevented from testifying about risks and your communication of those risks if they got sued and you were subpoenaed, so it's not like they were trying to fire you to cover something up. So it wasn't retaliation. So you lose.

If I testify that I told the CEO that our widgets could explode and kill you, the opposition isn't going to be so stupid as to ask why there isn't any record of me bringing this to the CEO's attention. The first lawyer will be hardly able to contain his delight as he asks the court to mark "WidgetCo Safe Communication Guidelines" for evidence. The opposition would much rather just admit that it happened.

This feels like an extreme claim. What makes you conclude that personal testimony weighs more under the law than written documents? Why would the defense prefer to basically concede the case than have their communication policy entered into evidence?

My model of this, based on personal experience, is that the communication policies don't go much farther than trivial inconveniences. Because trivial inconveniences are so effective, this is a powerful risk reducer for them. My personal experience also suggests that the primary enforcement of the communication policy is to filter employee speculation. Mainly because I was part of a thread doing precisely that - wild speculation over email - and someone from legal popped in to admonish everyone about discoverability and to follow the communication policies if anyone had direct knowledge of a genuine problem to bring up. It seems to me even companies that always do the right thing don't want to have to litigate about email chains where a bunch of people are talking out of their backside.

What makes you conclude that personal testimony weighs more under the law than written documents?

 

It doesn't matter. Plaintiff wants to prove that an engineer told the CEO that the widgets were dangerous. So he introduces testimony from the engineer that the engineer told the CEO that the widgets were dangerous. Defendant does not dispute this. How much more weight could you possibly want? The only other thing you could do was to ask defendant to stipulate that the engineer told the CEO about the widgets. I think most lawyers wouldn't bother.

Why would the defense prefer to basically concede the case than have their communication policy entered into evidence?

Because it makes it look like they're trying to conceal evidence, which is much worse for them than simply maybe being negligent. This could it be grounds for punitive damages or an adverse inference ruling or both. It would also be so easy for plaintiff to score off of that the court might not even bother with an adverse inference

If I say I want you to turn over your email records to me in discovery to establish that an engineer had told you that your widgets were dangerous, but you instead destroy those records, the court will instruct the jury to assume that those records did contain that evidence. This is an adverse inference.

Even if there's no adverse inference, just think about what happens. Defendant attempts to counter the testimony by saying that if this meeting took place there would be records, but there aren't, so you must be lying. Plaintiff responds by showing that defendant had a policy designed to prevent such records from being created, so defendant knows that records would not exist whether the meeting took place or not, and thus his argument is disingenuous. Would you follow defendant's strategy here? I wouldn't.

Remember, they're not conceding the whole case, just the fact that the engineer told them his opinion. What they're going to do instead is admit that the first engineer told them, but that they asked some other other engineers to weigh in on the point, and those engineers disagreed. They decided to trust the other engineers and thus the resulting injury wasn't negligent, it was just a mistake.

It seems to me even companies that always do the right thing don't want to have to litigate about email chains where a bunch of people are talking out of their backside.

This is what I was saying before. And moreover, if the actual main effect of these policies was to prevent creation of discoverable records of real bad stuff the companies deserved to burn for, they'd probably risk trouble just for having them in the first place.

In my own case, I was working on a project where I thought it would be useful for us to have a copy of the entire WHOIS database. Under ICANN's rules (IIRC), a registrar who got the WHOIS database in the first place was required to sell copies to organizations which meet certain criteria, which we definitely did. I was told that regardless of ICANN's rules, registrars all just ignore that rule and refuse to sell the database. I said that in that case we should just flagrantly violate their ToS and scrape ourselves a full copy from their free lookup interface, and if they didn't like it they could sell me a copy like they were required too. It's not like they'd be able to stop me. Legal got in touch and said basically "Look, we're not saying you're wrong, but keep that off of discoverable channels. Proving that you're right in court costs money." Which of course was correct, and exactly what I was missing. As an engineer, I could establish that it was both feasible and legally winnable, but it takes a lawyer to know about the expected legal costs in the event of a conflict and how to minimize those. Anyway, we never ended up actually doing it for unrelated reasons.

Because it makes it look like they're trying to conceal evidence, which is much worse for them than simply maybe being negligent.

The part that confuses me about this is twofold: one, none of the communication policies I have worked under went as far as to say something like "don't talk about risks vial email because we don't want it to be discoverable in court" which is approximately what would be needed to establish something like adverse inference; two, any documented communication policy is discoverable by itself, so I expect that it will wind up in evidence regardless.

Returning to the conversation with the CEO example, if the communication policies were like those I have worked under, I expect it would go more like this:

  • The witness says they told the CEO about the risks in a conversation on such and such a date.
  • Defense counsel asks where they documented this concern.
  • Witness says they're not supposed to do that.
  • Defense counsel introduces communication policy as exhibit A, which contains what is surely a mildly kafkaesque procedure for raising risks of that type.
  • Defense counsel asks why, if the risk was so great and the witness so certain, they were unwilling to follow the clearly established procedure under section 34.B.II.c of the communication policy.

After that the defense and prosecution/plaintiff can wrangle with more witnesses showing a pattern of discouraging communication about risk (undocumented of course) vs previous risks communicated according to policies and how they were properly dealt with etc, but this is hardly a slam-dunk in either direction. As you mentioned in your personal experience, proving that you are right in court costs money, and I strongly expect that this mechanism favors the defense as the actual risks increase because they have so much more to lose in the event of an actual judgement and the defense can get by with a strategy of maintaining uncertainty, unlike the plaintiff or prosecution who has to actually prove stuff.

Linking this back to the OP, the strategy of sending an email to make the risk discoverable as suggested is reliant on converting the actual risks to a legal risk because the legal risk is a bigger factor in company decision making, and the goal is to make the company choose not to take the risk at all. I feel like this is a bigger version of your experience of a real but small risk: the company thought the juice just isn't worth the squeeze.

Out of curiosity, did you get any static afterward, or was it just an "oops" and done?

The part that confuses me about this is twofold...

What you're missing is how specific and narrow my original point was. The thing that makes it look like you are concealing evidence is only if you do two things simultaneously

  • Challenge witness testimony by saying it's not corroborated by some discoverable record.

  • Have a policy whereby you avoid creating the discoverable record, periodically delete the discoverable record, or otherwise make it unlikely that the record would corroborate the testimony.

So basically you have to pick one or the other. And you're probably going to pick the 2nd. So as a witness, you probably just aren't going to have to worry about those kinds of challenges.

Defense counsel asks why, if the risk was so great and the witness so certain, they were unwilling to follow the clearly established procedure under section 34.B.II.c of the communication policy.

This is a really good and interesting point, but I ultimately don't think it will work.

I'm going to say I just told my boss because I didn't understand 34.B.II.c, nobody does. The fact that I didn't follow the exception rule isn't going to convince anyone that it didn't happen. The jury will get to see the communication policy in its full glory. Plaintiff counsel will ask me whether anyone ever explained the policy or rule 34.B.II.c to me (of course not), if we had a class to make sure we understood how to use the policy in practice like we had for the company sexual harassment policy (of course there was no class). And failure to follow the exception rule won't prove that I didn't think it was as serious. I told my boss and colleagues. People knew. What good would getting out my legal dictionary and parsing the text of 34.B.II.c do as far as helping people address the issues I raised? I dunno, I never even considered it as a possibility. I'm just a simple country engineer who wanted people to fix a safety issue.

Linking this back to the OP, the strategy of sending an email to make the risk discoverable as suggested is reliant on converting the actual risks to a legal risk because the legal risk is a bigger factor in company decision making, and the goal is to make the company choose not to take the risk at all.

I'm not sure this makes sense, except as a psychological trick. Like, the legal risk is that the actual risk will manifest itself and then someone will sue. I feel like everyone just understands this clearly already. Remember I've already told everyone about the risk. If the risk manifests, of course we will be sued. So maybe by making the fact that I told them readily discoverable, they'll be less likely to ignore it just because the idea that I'd be willing to testify about it is something they could ignore or not consider. This is plausible, but we have to compare it to other options. Like I could also just say "If this were to happen, I would testify that I thought it might happen and that I told you guys." How well would that work compared to trying to make things discoverable? I dunno, it might work better.

Out of curiosity, did you get any static afterward, or was it just an "oops" and done?

Assuming you're talking about my story, it was the basically the latter, although that might have had something to do with the fact that we abandoned the idea, so it was never going to come up. I'm pretty sure that I was quietly regarded as less reliable and less of the sort of clever operator who would instinctively keep them out of trouble, and that this affected my chances of advancement. No doubt I could have demonstrated growth in that regard and fixed the issue, but I didn't stick around that company long enough for it to be relevant (again, for other reasons).

I'm not sure this makes sense, except as a psychological trick.

This is indeed about half the pitch in my view. The strategy comes in two parts as I understand it: one, the psychological trick of triggering a fear of successful lawsuits; two, slightly increasing the likelihood that if the risk becomes reality they will have to pay significant penalties.

Plaintiff wants to prove that an engineer told the CEO that the widgets were dangerous. So he introduces testimony from the engineer that the engineer told the CEO that the widgets were dangerous. Defendant does not dispute this.

Why wouldn't the defendant dispute this? In every legal proceeding I've seen, the defendant has always produced witnesses and evidence supporting their analysis. In this case, I would expect the defendant to produce analyses showing that the widgets were expected to be safe, and if they caused harm, it was due to unforeseen circumstances that were entirely beyond the company's control. I rarely speak in absolutes, but in this case, I'm willing to state that there's always going to be some analysis disagreeing with the engineer's claims regarding safety.

If I say I want you to turn over your email records to me in discovery to establish that an engineer had told you that your widgets were dangerous, but you instead destroy those records, the court will instruct the jury to assume that those records did contain that evidence.

Only if you do so after you were instructed to preserve records by the court. If you destroyed records, per your normal documented retention policies prior to any court case being filed, there's no grounds for adverse inference.

Plaintiff responds by showing that defendant had a policy designed to prevent such records from being created, so defendant knows that records would not exist whether the meeting took place or not, and thus his argument is disingenuous. Would you follow defendant’s strategy here? I wouldn’t.

Every company I've worked for has had retention policies that call for the automatic deletion of e-mails after a period of time (5-7 years). Furthermore, as I alluded to in my other post, Google had an explicit policy of disabling permanent chat records for certain sensitive conversations:

At trial, the DOJ also presented evidence and testimony about Google's policy called “Communicate with Care." Under that policy, Google employees are trained "to have sensitive conversations over chat with history off," the DOJ said, ensuring that the conversation would be auto-deleted in 24 hours.

This policy has created much tension between the DOJ and Google before the trial. The DOJ has argued that "Google's daily destruction of written records prejudiced the United States by depriving it of a rich source of candid discussions between Google's executives, including likely trial witnesses." Google has defended the policy, claiming that the DOJ has "not been denied access to material information needed to prosecute these cases and they have offered no evidence that Google intentionally destroyed such evidence."

And while this does look bad for Google, one can very easily argue that the alternative, the release of a "smoking gun" memo like the "embrace, extend, innovate" document would be far worse.

Why wouldn't the defendant dispute this?...In this case, I would expect the defendant to produce analyses showing that the widgets were expected to be safe

 

You're not reading carefully enough. The thing I said that the defendant would not dispute is the fact that the engineer said something to them, not whether they should have believed him. This is why I said later on

Remember, they're not conceding the whole case, just the fact that the engineer told them his opinion. What they're going to do instead is admit that the first engineer told them, but that they asked some other other engineers to weigh in on the point, and those engineers disagreed.

Of course the company will defend their decision in either case. My point is about what you gain by having a record of having raised a concern versus testifying that you raised that concern. My opinion is that they're the same unless there's a reason to doubt that you raised the concern like you say you did. And if the defendant doesn't challenge the claim that the concern-raising happened, why would there be?

If you destroyed records, per your normal documented retention policies prior to any court case being filed, there's no grounds for adverse inference.

Yes, this is correct. I was simplifying it. 

Every company I've worked for has had retention policies that call for the automatic deletion of e-mails after a period of time (5-7 years).

I don't doubt it, but I think you're missing the point here. What I'm referring to by "defendant's strategy" is not the practice of regularly deleting things, but the trial strategy of attempting to rebut witness testimony by claiming that testimony is not corroborated by records while simultaneously regularly deleting records. I agree that regularly deleting things can be very useful to your legal strategy, it just takes certain options off the table for you. Either you can rebut testimony by saying it doesn't match the record or you can regularly delete that record, but you can't do both without getting crucified.

The thing I said that the defendant would not dispute is the fact that the engineer said something to them, not whether they should have believed him.

I still disagree. If it wasn't written down, it didn't happen, as far as the organization is concerned. The engineer's manager can (and probably will) claim that they didn't recall the conversation, or dispute the wording, or argue that while the engineer may have said something, it wasn't at all apparent that the problem was a serious concern.

There's a reason that whistleblowers focus so hard on generating and maintaining a paper trail of their actions and conversations, to the point that they will often knowingly and willfully subvert retention policies by keeping their own copies of crucial communications. They know that, without documentation (e-mails, screenshots, etc), it'll just be a he-said-she-said argument between themselves and an organization that is far more powerful than them. The documentation establishes hard facts, and makes it much more difficult for people higher up in the chain of command to say they didn't know or weren't informed.

I still disagree. If it wasn't written down, it didn't happen, as far as the organization is concerned.

So obviously I violently disagree with this, so assuming it was supposed to be meaningful and not some kind of throwaway statement, you should clarify exactly what you do and don't mean by this.

The engineer's manager can (and probably will) claim that they didn't recall the conversation

They may say this, but I think that you aren't thinking clearly enough in terms of the logical chain of argument that the hypothetical legal proceeding is trying to establish. A lawyer has a witness answer specific questions because they support specific facts which logically prove his case. They don't just say stuff.

Suppose plaintiff didn't have a witness, but wanted to try to establish that the company knew about the widgets in order to establish responsibility and/or negligence. Plaintiff might ask a manager "Did any engineers mention that the widgets were dangerous?" And he might reply "I don't recall" at which point plaintiff is SOL. On the other hand, if plaintiff has already elicited testimony from the engineer to the effect that the conversation happened, could defendant try to imply that it didn't happen by asking the manager whether he recalled the meeting? I mean, yes, but it's probably a really bad strategy. Try to think about how you would exploit that as plaintiff: either so many people are mentioning potentially life-threatening risks of your product that you can't recall them all, in which case the company is negligent, or your memory is so bad it was negligent for you to have your regularly-delete-records policy. It's like saying I didn't commit sexual harassment because we would never hire a woman in the first place. Sure, it casts doubt on the opposition's evidence, but at what cost?

or dispute the wording, or argue that while the engineer may have said something, it wasn't at all apparent that the problem was a serious concern.

Disputing the wording is probably a bad idea; arguing that the engineer did say something, but we decided it was not an issue is what I've been saying they would do. But it involves admitting that the conversation happened, which is most or all of what a discoverable record would establish in the first place.

Suppose the engineer originally told management that the widgets would explode if heated to 80C, and this is what he testified that he told management. One approach that management could take is to say "I recall that conversation precisely and the engineer said it would explode at 70C, not 80C. We tested it up to 70C and nothing went wrong. Now they're lying and saying they said 80C all along in order to make us look negligent." This is possible, but it's an extremely dangerous game. For example, as a lawyer you would be ethically prohibited from advising a client to attempt this defense, and your career would be over if it ever came out. Also, it's the sort of thing that could be checked: does it even make sense to believe that it would explode at 70C? Assuming the engineer used the normal methods he always used in his job (like some kind of simulation software) to arrive at 80C, what would he have to do wrong to think it was 70C? Does this even make sense to make those errors? Successfully lying in court about something technological could be very difficult.

Also keep in mind that if we're going to assume the company will lie on the stand about complex technical points, presumably they're also willing to doctor the discoverable record, if they think they can get away with it. If they are, then creating a discoverable record might not be enough. Now you'd have to steal copies of the discoverable record prior to anything going wrong. In other words we're going to do something wrong because we think that maybe someone else will do something wrong in the future. This is not something to mess around with.

One reason not to mess with this is that we have other options. I could keep a journal. If I keep notes like "2023-11-09: warned boss that widgets could explode at 80C. boss said they didn't have time for redesign and it probably wouldn't happen. ugh! 2023-11-10: taco day in cafeteria, hell yeah!" then I can introduce these to support my statement. Also, if I told my wife that I was unhappy about the conversation with management right after it happened and she recalls that I said 80C, plaintiff can call her to testify to prove my point (this is the present sense impression exception to hearsay).

There's a reason that whistleblowers focus so hard on generating and maintaining a paper trail of their actions and conversations, to the point that they will often knowingly and willfully subvert retention policies

I agree, but we're now talking about whistleblowers in general, and corporate malfeasance in general. There are absolutely situations in which subversion is reasonable. But there are also situations in which it's unreasonable. In the original example, an engineer has a safety concern which he wants to communicate to management, and to be able to establish that he did this at a later date. I don't think this calls for full-on defiance, open or secret.

In general, I'd say it makes sense to do subversion/defiance when I have good reason to believe that the organization's conduct is criminal (not e.g. tortious) right now. For example, I work for Madoff Investment Securities and I think they're actively doing securities fraud right now, not maybe in the future. Then I should consider keeping a few documents for later in defiance of company policy.

On the other hand, if plaintiff has already elicited testimony from the engineer to the effect that the conversation happened, could defendant try to imply that it didn’t happen by asking the manager whether he recalled the meeting? I mean, yes, but it’s probably a really bad strategy. Try to think about how you would exploit that as plaintiff: either so many people are mentioning potentially life-threatening risks of your product that you can’t recall them all, in which case the company is negligent, or your memory is so bad it was negligent for you to have your regularly-delete-records policy. It’s like saying I didn’t commit sexual harassment because we would never hire a woman in the first place. Sure, it casts doubt on the opposition’s evidence, but at what cost?

If it's a criminal trial, where facts have to be proven beyond a reasonable doubt, it's a common strategy. If the whistleblower doesn't have evidence of the meeting taking place, and no memos, reports or e-mails documenting that they passed their concerns up the chain, it's perfectly reasonable for a representative of the corporation to reply, "I don't recall hearing about this concern." And that's that. It's the engineer's word against not just one witness, but a whole slew of witnesses, each of whom is going to say, "No, I don't recall hearing about this concern."

Indeed, this outcome is so predictable that lawyers won't even take on these sorts of cases unless the whistleblower can produce written evidence that management was informed of a risk, and made a conscious decision to ignore it and proceed.

Also keep in mind that if we’re going to assume the company will lie on the stand about complex technical points

I'm not assuming anything of the sort. I'm merely saying that, if the whistleblower doesn't have written evidence that they warned their superior about a given risk, their superiors will be coached by the company's lawyers to say, "I don't recall," or, "I did not receive any written documents informing me of this risk." Now, at this point, the lawyers for the prosecution can bring up the document retention policy and state that the reason they don't have any evidence is because of the company's own document retention policies. But that doesn't actually prove anything. Absence of evidence is not, in and of itself, evidence of wrongdoing.

One reason not to mess with this is that we have other options. I could keep a journal. If I keep notes like “2023-11-09: warned boss that widgets could explode at 80C. boss said they didn’t have time for redesign and it probably wouldn’t happen. ugh! 2023-11-10: taco day in cafeteria, hell yeah!” then I can introduce these to support my statement.

Yes, that's certainly something you can do. But it's a much weaker sort of evidence than a printout of an e-mail that you sent, with your name on the from line and your boss's name on the to line. At the very least, you're going to be asked, "If this was such a concern for you, why didn't you bring it up with your boss?" And if you say you did, you'll be asked, "Well, do you have any evidence of this meeting?" And if your excuse is, "Well, the corporation's data retention policies erased that evidence," it weakens your case.

I think we've gone well past the point of productivity on this. I've asked some lawyers for opinions on this. I'll just address a few things briefly.

If the whistleblower doesn't have evidence of the meeting taking place, and no memos, reports or e-mails documenting that they passed their concerns up the chain, it's perfectly reasonable for a representative of the corporation to reply, "I don't recall hearing about this concern."

I agree this is true in general, but my point is limited to the cases where documentation would in fact exist were it not for the company's communication policy or data retention policy. If there was a point in the Google case you brought up earlier where Google had attempted to cast doubt on a DOJ witness by pointing out the lack of corroborating evidence (which would have been deleted per Google's policy), I'd strongly reconsider my opinion.

What the article about the case said was just that DOJ complained that it would like to have all the documentation that Google destroyed, and that this probably contained evidence which proved their case. It did not say that Google challenged DOJ witnesses on a lack of corroboration between their testimony and the discoverable record.

It doesn't have to be the Google case. Any case where the defense tried to impeach a witness on grounds of lack of corroborating evidence where that evidence would have been intentionally destroyed by a data retention policy would do.

There are other things I disagree with, but as I said, we're being unproductive.

[-]Ben40

I am a little confused by this. If there is an email chain where all the engineers are speculating wildly about what could go wrong, then that posses a legal risk to the company, if and only if, they are later being sued because one of those wild speculations was actually correct.

That is not to say that the speculation is necessarily useful, an infinite list of speculative failure modes, containing a tiny number of realistic ones, is just as useless and a zero-length list. But I would prefer that the choice between a longer list (where true dangers are missed because they are listed alongside reams of nonsense) and a shorter list (where true dangers are missed because they were omitted)  was made to maximise effectiveness, not minimize legal exposure*.

*This is not a criticism of any organisation or person operating sensibly within the legal system, but a criticism of said system.

If there is an email chain where all the engineers are speculating wildly about what could go wrong, then that posses a legal risk to the company, if and only if, they are later being sued because one of those wild speculations was actually correct.

Close - the risk being managed is one of total costs to go through the process, rather than their outcomes per se. So the risk to the company is increased if any of the wild speculations happens to be consistent with any future lawsuit, whether correct or spurious. How I think legal departments model this is that the length of the lawsuit determines the costs, and lawsuit length increases with the amount of purported evidence (since anything the other side says still needs to be argued against or countered, even if it is not ultimately a factor in any judgment).

I agree on the maximize effectiveness criterion, and furthermore I suspect that this could be a source of strategic advantage for companies to implement. I suspect this because I have seen a lot of commentary about how companies are much more risk-averse about lawsuits than is warranted as measured in settlements and judgments. I haven't validated these comments, but I do observe being utterly cavalier about legal risk doesn't seem to hurt tech companies near as much as you would expect given how other industries treat it.

The first lawyer will be hardly able to contain his delight as he asks the court to mark “WidgetCo Safe Communication Guidelines” for evidence.

Having safe communication guidelines isn't as damning as you think it is. The counsel for WidgetCo would merely reply that the safe communication guidelines are there to prevent employees from accidentally creating liabilities by misusing legal language. This is no different than admonishing non-technical employees for misusing technical language.

Indeed this was Google's actual strategy.

It's not that safe communication guidelines are damning. It's that claiming that the lack of discoverable evidence corroborating your statement disproves it while simultaneously having conspired to ensure that discoverable evidence would not exist would be damning.

Would it be as self evidently damning as you think it would be? If so, then why would a company like Google explicitly pursue such a weak strategy? It's not just Google either. When I worked at a different FAANG company, I was told in orientation to never use legal terminology in e-mail, for similar reasons.

Google did not pursue that strategy. Or at least, if they did, the article you linked doesn't say so.

What I am saying that Google did not and would not do is that when Barton testified that

Google feared if Bing became the default search engine on Android, "then users would have a 'difficult time finding or changing to Google.'"

Google would not respond that he was talking horseshit and if what he was saying was true, why isn't there any evidence of it in our internal employee communications? They would not say this because DOJ would say that this corroborating evidence did not exist because Google took steps to ensure it would not.

When I worked at a different FAANG company, I was told in orientation to never use legal terminology in e-mail, for similar reasons.

Same here. I was told not to say that this new change would allow us to "Crush Yahoo in terms of search result quality". But I understood the idea to be that since in real life what we were trying to do was just maximize search result quality, we shouldn't let our jocularity and competitive spirit create more work for Legal.

Of course, maybe the real FAANG I worked for wasn't Google and I'm just adapting the real story to Google for anonymity purposes. Who knows?

The LessWrong Review runs every year to select the posts that have most stood the test of time. This post is not yet eligible for review, but will be at the end of 2024. The top fifty or so posts are featured prominently on the site throughout the year.

Hopefully, the review is better than karma at judging enduring value. If we have accurate prediction markets on the review results, maybe we can have better incentives on LessWrong today. Will this post make the top fifty?

The LessWrong Review runs every year to select the posts that have most stood the test of time. This post is not yet eligible for review, but will be at the end of 2024. The top fifty or so posts are featured prominently on the site throughout the year.

Hopefully, the review is better than karma at judging enduring value. If we have accurate prediction markets on the review results, maybe we can have better incentives on LessWrong today. Will this post make the top fifty?

Fascinating -- I would love a whole series of your learnings of industry norms

A good critical paper about potentially risky industry norms is this one