We use GitLab self-hosted at my company so I've been following this for a while.
My speculation is there's pressure for the C suite to push this Russia and China hiring ban for some reason. Looks like the board is telling the CEO this has to happen or they're in negotiation talks to be acquired by a big company like Google who wants this to happen now and the backlash to have passed by the time it's announced. So this will happen whether it's illegal or not (and it looks like it will and is illegal) but the risk will cost less than the reward.
If they go to court they spend at most a few mil fighting it over the course of a few years and the executives walk away super rich anyway. If they don't go to court they walk away even more rich. But if they don't do it they might rely on an IPO that's looking shaky because of this bad decision making for the past 2 months. So even if it's illegal, it still makes sense to do this. It looks like an exit strategy because they will never be personally liable.
She probably sees this and knows everything going on behind the scenes, but she won't walk away super rich from this but could lose her law license by engaging in discrimination.
No need to speculate, it's right there in the GitLab issue. The now-resigned director of risk and global compliance Candice Ciresi wrote this six days ago [0]:
"The countries selected were not chosen because of legal requirements, they were not chosen based on risk, they were not chosen based on political climate (as other countries are facing heightened sanctions from the US). I do hope they were not selected because a customer asked for it - or that could violate anti-boycott laws. In fact, having no objective basis for the restrictions is not conservative - it is careless. (Please let me know immediately if a customer has requested that we not do business with any particular country as that may be a reportable event.) I recommend against proceeding until you have developed a sound basis - that gets applied equally - for any exclusion of any country."
To which VP of Engineering Eric Johnson replied:
"I appreciate your position. Please be aware there is an active, time-sensitive contract negotiation linked to this matter. And you need to advocate to the DRI that the company walk away from that contract in order to enact your proposal."
> "I appreciate your position. Please be aware there is an active, time-sensitive contract negotiation linked to this matter. And you need to advocate to the DRI that the company walk away from that contract in order to enact your proposal."
Thanks for putting that together, I do remember reading that exchange. I can't help but think this is more than just a single customer tho. I was talking to someone who told me offhand that this was actually decided on by the executive team and the customer didn't say ban hiring in Russia or China. The way they put it is the customers asked about people in Russia or China accessing their data and the executive team came up with this as a solution because they have no technical solution they can put together quickly.
Looks like there's a lot more happening privately that we don't know about and is probably why she decided to resign.
One other thought: in most companies, you just don't open an office there. Or you lock your data down. But they don't have the technical capability to monitor or restrict access to prod data (their VP said this).
Because they're remote they can't just not open an office there so they have to restrict hiring to keep Chinese and Russians living in China and Russia out. Normally what would happen is you'd hire them but then not give them access to prod data (usually by saying it requires some background check or clearance you know they can't get) or when it's illegal not to give access, just lock the data down. The alternative is probably illegal, but it's the only one that GitLab has.
For sure I totally see both points to this but from reading the discussion in the issues it looks like there are several very legitimate legal concerns the executives are ignoring to do this. From what I read her objections weren't specific to if this is good or bad for customers, but if it was legal or not. Seems like the legal concerns were just ignored and they decided to move forward without addressing them. I think she even outlines some steps for things they need to do if they plan to move forward but the executive team just rejected the advice completely.
I went through her comments on this topic and found this [1], regarding her specific legal concerns:
> Anticorruption laws prohibit agreements (oral or in writing) that discriminate based on various factors including nationality. The Export Administration Regulations (EAR) requires U.S. persons to "report quarterly requests they have received to take certain actions to comply with, further, or support an unsanctioned foreign boycott." So a customer simply asking to exclude a country that is not prohibited by law could potentially run afoul of the regulations (there are various caveats here but, regardless, we should not sell out diversity, inclusion and compliance for sake of profit). I should also note that under the 1976 Tax Reform Act (TRA), the behavior isn't prohibited but could result in a loss of tax benefits.
So just claims without citations? I know government entities and certain government contractors can require no foreign nationals, and perhaps even non residents?, have access to their data.
Requiring that people living in countries with no effective legal structuring in place preventing government coercion of residents not have access to data seems reasonable in certain contexts. Certainly more so for countries that are also adversarial.
I'd be surprised to find out there were real legal obstacles to this. On the surface it looks like somebody trying to build a case for their personal stance on the situation. Is she their legal council? Was this run by legal council? "Legal has concerns" would have been a power play and I don't see that..
I don't pretend to know whether restricting country of residence counts as discriminating on any of race, national origin, or nationality... but at least at first glance it seems very plausible.
Edit: And according to her linkedin she is a lawyer licensed to practice in (at least) Minnesota, i.e. she is (was) part of "legal".
That seems to mostly focus on declarations of being non-Jewish which is a thing in some countries and the enforcing of a boycott against Israel.
Technically it could be made to apply to employing people in Russia or China but such restrictions are found with some regularity, if they are problematic that does not just affect GitLab but also lots of other companies.
Yes, discriminating based on national origin is usually illegal. "No Irish" etc. It's up to the government to decide whether someone has the legal right to work, not individual employers.
Yeah, but discrimination based on location is different. I've seen remote companies say they'll only hire employees within 3 time zones of GMT, for example.
So if GitLab employs Russian nationals (living outside of Russia) but bans employees of any nationality living in Russia, I'm not sure this is discrimination based on national origin.
I'm a US remote contractor and the legal departments of many US companies won't even employee me full-time if I reveal that I don't spend 270 days inside the US (aka don't have US residence). Pretty standard practice to care about place of residence.
The guesses made by HNers in this thread about what's illegal must be way off.
The discussion is not about national origin, but place of residence. They explicitly mention that existing employees moving to those countries would also be blocked.
While I think that's true for foreign nationals who have a legal right to work in the US, I haven't seen anything to suggest it applies if they are residing in their home country.
As you probably know, Gitlab is 100% remote employees. Surely, if I had a remote development position posted I would be under no obligation to consider a candidate in China who sent me their resume (that intends to work from China).
My speculation is there's pressure for the C suite to push this Russia and China hiring ban for some reason. Looks like the board is telling the CEO this has to happen or they're in negotiation talks to be acquired by a big company like Google who wants this to happen now and the backlash to have passed by the time it's announced. So this will happen whether it's illegal or not (and it looks like it will and is illegal) but the risk will cost less than the reward.
If they go to court they spend at most a few mil fighting it over the course of a few years and the executives walk away super rich anyway. If they don't go to court they walk away even more rich. But if they don't do it they might rely on an IPO that's looking shaky because of this bad decision making for the past 2 months. So even if it's illegal, it still makes sense to do this. It looks like an exit strategy because they will never be personally liable.
She probably sees this and knows everything going on behind the scenes, but she won't walk away super rich from this but could lose her law license by engaging in discrimination.