Should I disclose I know sensitive information about a company relation that I wasn't supposed to know?

Clash Royale CLAN TAG#URR8PPP

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;

up vote
10
down vote

favorite

The story goes like this:

• I am currently interning at one technology company.




• I am probably going to intern at a security consultancy company.

By reading information about the security consultancy, I've figured out that they seemed to have dealt with current (tech) company on a topic that could be described as (quite) sensitive. This was from reading materials that the security consultancy made public.

• The company name have been shortened, but is enough to make me notice by chance and am 85% sure I'm correct. This slight degree of disclosure seems intentional. I'm not sure about the motive for this.


• I'm fairly certain they have contact (it is inferred rather than implied).


• Knowledge that I have acquired after signing an NDA with my current employer (technology company) lets me piece the details together. No NDA with security consultancy yet.


• My work is not classified (albeit a little sensitive) and neither are the released documents. I'd probably guess this knowledge would rank between confidential and secret in government domain.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

(I like my current company and wouldn't like to them to figure this out later and take it badly from some reason. I think they are on good terms, but still.)

security secrecy

share|improve this question

edited Jul 12 '16 at 17:18

asked Jul 6 '16 at 13:33

Peter Smith

5415

• 
  
  
  

  
  25
  

  
  
  
  
  
  

  
  "I know stuff that I shouldn't know...". You said that you found out what you know by reading public documents. How can you say it is something you shouldn't know, then?
  – Brandin
  Jul 6 '16 at 13:39
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Brandin US government Employees are forbidden from reading classified documents even if they were leaked to news outlets, but I doubt this is the case here.
  – SBoss
  Jul 6 '16 at 13:40
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  Whoever wrote the article (someone from your company?) must realize that you can guess if you work there. It would be like if I told you "M. and S. are having an affair." Meaningless to someone on the outside, but obviously people working at the company could guess who M and S are.
  – Brandin
  Jul 6 '16 at 13:47
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  Could you not use latter, former, current, and potential. Pick just two terms. And be clear about which company release the report.
  – paparazzo
  Jul 6 '16 at 21:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  VTC - Have asked for clarification on which company is which. OP has been on and not updated.
  – paparazzo
  Jul 7 '16 at 12:42
  

  
  
  
  

 | 
show 4 more comments

up vote
10
down vote

favorite

The story goes like this:

• I am currently interning at one technology company.




• I am probably going to intern at a security consultancy company.

By reading information about the security consultancy, I've figured out that they seemed to have dealt with current (tech) company on a topic that could be described as (quite) sensitive. This was from reading materials that the security consultancy made public.

• The company name have been shortened, but is enough to make me notice by chance and am 85% sure I'm correct. This slight degree of disclosure seems intentional. I'm not sure about the motive for this.


• I'm fairly certain they have contact (it is inferred rather than implied).


• Knowledge that I have acquired after signing an NDA with my current employer (technology company) lets me piece the details together. No NDA with security consultancy yet.


• My work is not classified (albeit a little sensitive) and neither are the released documents. I'd probably guess this knowledge would rank between confidential and secret in government domain.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

(I like my current company and wouldn't like to them to figure this out later and take it badly from some reason. I think they are on good terms, but still.)

security secrecy

share|improve this question

edited Jul 12 '16 at 17:18

asked Jul 6 '16 at 13:33

Peter Smith

5415

• 
  
  
  

  
  25
  

  
  
  
  
  
  

  
  "I know stuff that I shouldn't know...". You said that you found out what you know by reading public documents. How can you say it is something you shouldn't know, then?
  – Brandin
  Jul 6 '16 at 13:39
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Brandin US government Employees are forbidden from reading classified documents even if they were leaked to news outlets, but I doubt this is the case here.
  – SBoss
  Jul 6 '16 at 13:40
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  Whoever wrote the article (someone from your company?) must realize that you can guess if you work there. It would be like if I told you "M. and S. are having an affair." Meaningless to someone on the outside, but obviously people working at the company could guess who M and S are.
  – Brandin
  Jul 6 '16 at 13:47
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  Could you not use latter, former, current, and potential. Pick just two terms. And be clear about which company release the report.
  – paparazzo
  Jul 6 '16 at 21:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  VTC - Have asked for clarification on which company is which. OP has been on and not updated.
  – paparazzo
  Jul 7 '16 at 12:42
  

  
  
  
  

 | 
show 4 more comments

up vote
10
down vote

favorite

up vote
10
down vote

favorite

The story goes like this:

• I am currently interning at one technology company.




• I am probably going to intern at a security consultancy company.

By reading information about the security consultancy, I've figured out that they seemed to have dealt with current (tech) company on a topic that could be described as (quite) sensitive. This was from reading materials that the security consultancy made public.

• The company name have been shortened, but is enough to make me notice by chance and am 85% sure I'm correct. This slight degree of disclosure seems intentional. I'm not sure about the motive for this.


• I'm fairly certain they have contact (it is inferred rather than implied).


• Knowledge that I have acquired after signing an NDA with my current employer (technology company) lets me piece the details together. No NDA with security consultancy yet.


• My work is not classified (albeit a little sensitive) and neither are the released documents. I'd probably guess this knowledge would rank between confidential and secret in government domain.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

(I like my current company and wouldn't like to them to figure this out later and take it badly from some reason. I think they are on good terms, but still.)

security secrecy

share|improve this question

edited Jul 12 '16 at 17:18

asked Jul 6 '16 at 13:33

Peter Smith

5415

The story goes like this:

• I am currently interning at one technology company.




• I am probably going to intern at a security consultancy company.

By reading information about the security consultancy, I've figured out that they seemed to have dealt with current (tech) company on a topic that could be described as (quite) sensitive. This was from reading materials that the security consultancy made public.

• The company name have been shortened, but is enough to make me notice by chance and am 85% sure I'm correct. This slight degree of disclosure seems intentional. I'm not sure about the motive for this.


• I'm fairly certain they have contact (it is inferred rather than implied).


• Knowledge that I have acquired after signing an NDA with my current employer (technology company) lets me piece the details together. No NDA with security consultancy yet.


• My work is not classified (albeit a little sensitive) and neither are the released documents. I'd probably guess this knowledge would rank between confidential and secret in government domain.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

(I like my current company and wouldn't like to them to figure this out later and take it badly from some reason. I think they are on good terms, but still.)

security secrecy

share|improve this question

edited Jul 12 '16 at 17:18

asked Jul 6 '16 at 13:33

Peter Smith

5415

share|improve this question

share|improve this question

edited Jul 12 '16 at 17:18

edited Jul 12 '16 at 17:18

edited Jul 12 '16 at 17:18

asked Jul 6 '16 at 13:33

Peter Smith

5415

asked Jul 6 '16 at 13:33

Peter Smith

5415

asked Jul 6 '16 at 13:33

Peter Smith

5415

5415

• 
  
  
  

  
  25
  

  
  
  
  
  
  

  
  "I know stuff that I shouldn't know...". You said that you found out what you know by reading public documents. How can you say it is something you shouldn't know, then?
  – Brandin
  Jul 6 '16 at 13:39
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Brandin US government Employees are forbidden from reading classified documents even if they were leaked to news outlets, but I doubt this is the case here.
  – SBoss
  Jul 6 '16 at 13:40
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  Whoever wrote the article (someone from your company?) must realize that you can guess if you work there. It would be like if I told you "M. and S. are having an affair." Meaningless to someone on the outside, but obviously people working at the company could guess who M and S are.
  – Brandin
  Jul 6 '16 at 13:47
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  Could you not use latter, former, current, and potential. Pick just two terms. And be clear about which company release the report.
  – paparazzo
  Jul 6 '16 at 21:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  VTC - Have asked for clarification on which company is which. OP has been on and not updated.
  – paparazzo
  Jul 7 '16 at 12:42
  

  
  
  
  

 | 
show 4 more comments

• 
  
  
  

  
  25
  

  
  
  
  
  
  

  
  "I know stuff that I shouldn't know...". You said that you found out what you know by reading public documents. How can you say it is something you shouldn't know, then?
  – Brandin
  Jul 6 '16 at 13:39
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Brandin US government Employees are forbidden from reading classified documents even if they were leaked to news outlets, but I doubt this is the case here.
  – SBoss
  Jul 6 '16 at 13:40
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  Whoever wrote the article (someone from your company?) must realize that you can guess if you work there. It would be like if I told you "M. and S. are having an affair." Meaningless to someone on the outside, but obviously people working at the company could guess who M and S are.
  – Brandin
  Jul 6 '16 at 13:47
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  Could you not use latter, former, current, and potential. Pick just two terms. And be clear about which company release the report.
  – paparazzo
  Jul 6 '16 at 21:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  VTC - Have asked for clarification on which company is which. OP has been on and not updated.
  – paparazzo
  Jul 7 '16 at 12:42
  

  
  
  
  

25

25

"I know stuff that I shouldn't know...". You said that you found out what you know by reading public documents. How can you say it is something you shouldn't know, then?
– Brandin
Jul 6 '16 at 13:39

"I know stuff that I shouldn't know...". You said that you found out what you know by reading public documents. How can you say it is something you shouldn't know, then?
– Brandin
Jul 6 '16 at 13:39

1

1

@Brandin US government Employees are forbidden from reading classified documents even if they were leaked to news outlets, but I doubt this is the case here.
– SBoss
Jul 6 '16 at 13:40

@Brandin US government Employees are forbidden from reading classified documents even if they were leaked to news outlets, but I doubt this is the case here.
– SBoss
Jul 6 '16 at 13:40

5

5

Whoever wrote the article (someone from your company?) must realize that you can guess if you work there. It would be like if I told you "M. and S. are having an affair." Meaningless to someone on the outside, but obviously people working at the company could guess who M and S are.
– Brandin
Jul 6 '16 at 13:47

Whoever wrote the article (someone from your company?) must realize that you can guess if you work there. It would be like if I told you "M. and S. are having an affair." Meaningless to someone on the outside, but obviously people working at the company could guess who M and S are.
– Brandin
Jul 6 '16 at 13:47

3

3

Could you not use latter, former, current, and potential. Pick just two terms. And be clear about which company release the report.
– paparazzo
Jul 6 '16 at 21:11

Could you not use latter, former, current, and potential. Pick just two terms. And be clear about which company release the report.
– paparazzo
Jul 6 '16 at 21:11

1

1

VTC - Have asked for clarification on which company is which. OP has been on and not updated.
– paparazzo
Jul 7 '16 at 12:42

VTC - Have asked for clarification on which company is which. OP has been on and not updated.
– paparazzo
Jul 7 '16 at 12:42

 | 
show 4 more comments

5 Answers
5

active

oldest

votes

up vote
25
down vote

Here's the way it is:

If no one asks you whether you know anything about it all, don't volunteer the information.

Most likely if the information was that sensitive no reference would be made to it in public materials, so for all you know you're blowing it all out of proportion anyway.

But asuming that it is super secret, why would you walk up to your potential employer and basically say "I know what you did last summer."

Leave well enough alone, and congrats on the new job.

share|improve this answer

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  @ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
  – AndreiROM
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
  – Chris G
  Jul 6 '16 at 15:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
  – paparazzo
  Jul 6 '16 at 16:09
  
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
  – Anketam
  Jul 6 '16 at 19:14
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  @ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
  – Nate Diamond
  Jul 6 '16 at 20:42
  

  
  
  
  

 | 
show 5 more comments

up vote
8
down vote

Hold your horses - I may have read the question incorrectly and it will would change my answer.

It is not clear on later / former. Not clear on which company released the report.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

Going to assume you have the NDA with you current company.

You read some public information and attached that to some sensitive information. Disclosing ANYTHING about the sensitive information is disclosing sensitive information. Even if you don't disclose the information directly saying I know this company is really X based on access I had to sensitive information is a breach of security. A leak (intentional or not) does not make the information public. If you know the information (or anything about it) to be sensitive then you have an obligation to treat it as sensitive.

If the sensitive information is about your current company then you are not disclosing anything sensitive to you current company.

You read a public report. That is not something you shouldn't know. Give a copy of the report to your current company and tell them it may be disclosing more than they want.

Cannot go the security company and say I think you are talking about my current company as then you would be violating you NDA (in my opinion).

If you disclose to the security company you suspect a prior relationship based on knowledge of sensitive information then the security companay will think this guy is not very good at keeping sensitive information to himself.

I work in IT and have had security clearance. Many times I have had to pretend I don't know. You only discuss or acknowledge sensitive information with a 3rd party when your boss tells you to.

share|improve this answer

edited Jul 11 '16 at 18:22

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Does not change my answer but is the govt classified information and do you a govt clearance?
  – paparazzo
  Jul 6 '16 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Down vote I hope you don't have access to sensitive information.
  – paparazzo
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
  – whrrgarbl
  Jul 6 '16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
  – paparazzo
  Jul 6 '16 at 16:39
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
  – whrrgarbl
  Jul 6 '16 at 16:50
  

  
  
  
  

 | 
show 3 more comments

up vote
2
down vote

Is there an actual problem that you discovered

The first step in determining of whether to disclose or not to disclose is if you found something that has an impact. Would the information you found have an impact on your current employer (tech company) if the media came to the same conclusion as you and decided to broadcast it to the world? If not then there is no point in reading any further you have no obligations in anyway. Let it go and look forward to your new job.

Types of obligations

Per the wording of your question you do not have a moral or ethical obligation to let your current employer know, even if it has the potential to hurt the company. If you signed any document like what people sign when they get a government clearance then you would be legally obligated to report this information (this likely does not apply to you, but you should know what you signed when you started working for them). If your job description included things like security, public relations, or interacting with the security company in question, then you would be obligated to act upon it since that would be part of your job (again I am assuming this does not apply to you).

I could only think of one reason to share it with your current employer despite not being obligated to which is: You don't want to risk your current company getting damaged. If your company gets damaged it can mean downsizing which could mean loss of employment or the work place becoming toxic.

Sharing can be dangerous

Lastly note that if you do share this with your current employer there is a slim chance that this can go far differently then you would expect. For example it could turn out that it was your company that produced the document and the security company has no responsibility or knowledge of this. As a result they (tech company) could try to react by suppressing all information on it, discrediting those who know of it, and/or retaliating against the person who exposed it (which in this case would be you).

share|improve this answer

edited Jul 6 '16 at 19:38

answered Jul 6 '16 at 19:33

Anketam

3,75321134

suggest improvements | 

up vote
1
down vote

Assuming you're dealing with government classified information. Check with your company's security department.

One of the classification considerations is whether unclassified information can be combined to discover classified information.

The company likely has a strong security policy (you likely should have been briefed on it during an orientation). Check any resource or self-help documents related to security and ethics.

I know that I am encouraged to report any potential violation. As someone uncleared, if I learn something classified, it is my responsibility to report it ASAP. If I don't, I am responsible for a security breach.

There is no down side here. You demonstrate that you care about company security, and potentially save the company a HUGE problem. Go talk to security right now.

share|improve this answer

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
  – Anketam
  Jul 6 '16 at 19:36
  

  
  
  
  

suggest improvements | 

up vote
0
down vote

First off, you got the information through legitimate means, so no moral quandary there.

Second, I'd hire you on the spot for being that clever and maintaining such high legal and ethical standards.

Third, you've got one heck of an answer to the old "Why should we hire you" question.

That said, you should not reveal the information unless you are doing so to advance your career.

You may want to approach the management and show them how their obfuscation failed, but only if you have a way to demonstrate how you would have done better.

You have a real opportunity here that you can put on your resume that will make you shine like a star:

-Discovered security vulnerability in public documentation linking collaboration between two companies. Reported to superiors, protecting company from X dollars in potential losses.

EDITED to say:

You're clever, but keep this close to the vest.

Here's the question you need to ask yourself before proceeding: "If I were not employed by this company, could I have discovered this on my own" If it's "yes", then you may want to approach the company. If no, then keep it to yourself, you've breeched security, though unintentionally, and it could be an embarrassment to the company.

share|improve this answer

edited Jul 6 '16 at 14:50

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
  – AndreiROM
  Jul 6 '16 at 13:49
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
  – Richard U
  Jul 6 '16 at 13:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
  – Peter Smith
  Jul 6 '16 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
  – paparazzo
  Jul 6 '16 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Paparazzi ah, yeah, I see that now. going to revise...
  – Richard U
  Jul 6 '16 at 14:46
  

  
  
  
  

 | 
show 7 more comments

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "423"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f70939%2fshould-i-disclose-i-know-sensitive-information-about-a-company-relation-that-i-w%23new-answer', 'question_page');

);

Post as a guest

Name Email

StackExchange.ready(function ()
$("#show-editor-button input, #show-editor-button button").click(function ()
var showEditor = function()
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
;

var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True')
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');

$(this).loadPopup(
url: '/post/self-answer-popup',
loaded: function(popup)
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');

pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);

)
else
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true)
showEditor();


);
);

5 Answers
5

active

oldest

votes

5 Answers
5

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
25
down vote

Here's the way it is:

If no one asks you whether you know anything about it all, don't volunteer the information.

Most likely if the information was that sensitive no reference would be made to it in public materials, so for all you know you're blowing it all out of proportion anyway.

But asuming that it is super secret, why would you walk up to your potential employer and basically say "I know what you did last summer."

Leave well enough alone, and congrats on the new job.

share|improve this answer

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  @ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
  – AndreiROM
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
  – Chris G
  Jul 6 '16 at 15:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
  – paparazzo
  Jul 6 '16 at 16:09
  
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
  – Anketam
  Jul 6 '16 at 19:14
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  @ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
  – Nate Diamond
  Jul 6 '16 at 20:42
  

  
  
  
  

 | 
show 5 more comments

up vote
25
down vote

Here's the way it is:

If no one asks you whether you know anything about it all, don't volunteer the information.

Most likely if the information was that sensitive no reference would be made to it in public materials, so for all you know you're blowing it all out of proportion anyway.

But asuming that it is super secret, why would you walk up to your potential employer and basically say "I know what you did last summer."

Leave well enough alone, and congrats on the new job.

share|improve this answer

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  @ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
  – AndreiROM
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
  – Chris G
  Jul 6 '16 at 15:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
  – paparazzo
  Jul 6 '16 at 16:09
  
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
  – Anketam
  Jul 6 '16 at 19:14
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  @ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
  – Nate Diamond
  Jul 6 '16 at 20:42
  

  
  
  
  

 | 
show 5 more comments

up vote
25
down vote

up vote
25
down vote

Here's the way it is:

If no one asks you whether you know anything about it all, don't volunteer the information.

Most likely if the information was that sensitive no reference would be made to it in public materials, so for all you know you're blowing it all out of proportion anyway.

But asuming that it is super secret, why would you walk up to your potential employer and basically say "I know what you did last summer."

Leave well enough alone, and congrats on the new job.

share|improve this answer

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

Here's the way it is:

If no one asks you whether you know anything about it all, don't volunteer the information.

Most likely if the information was that sensitive no reference would be made to it in public materials, so for all you know you're blowing it all out of proportion anyway.

But asuming that it is super secret, why would you walk up to your potential employer and basically say "I know what you did last summer."

Leave well enough alone, and congrats on the new job.

share|improve this answer

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

share|improve this answer

share|improve this answer

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

answered Jul 6 '16 at 13:41

AndreiROM

44k21101173

44k21101173

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  @ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
  – AndreiROM
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
  – Chris G
  Jul 6 '16 at 15:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
  – paparazzo
  Jul 6 '16 at 16:09
  
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
  – Anketam
  Jul 6 '16 at 19:14
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  @ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
  – Nate Diamond
  Jul 6 '16 at 20:42
  

  
  
  
  

 | 
show 5 more comments

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  @ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
  – AndreiROM
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
  – Chris G
  Jul 6 '16 at 15:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
  – paparazzo
  Jul 6 '16 at 16:09
  
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
  – Anketam
  Jul 6 '16 at 19:14
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  @ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
  – Nate Diamond
  Jul 6 '16 at 20:42
  

  
  
  
  

8

8

@ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
– AndreiROM
Jul 6 '16 at 15:38

@ChrisG - give me a break. It's not as if the OP wrote those documents, or has any personal responsibility, especially as an intern who's there for a few months.
– AndreiROM
Jul 6 '16 at 15:38

3

3

If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
– Chris G
Jul 6 '16 at 15:42

If you've ever worked around classified information, you actually do have that responsibility. I likely would have had your same reaction before exposure to the defense industry.
– Chris G
Jul 6 '16 at 15:42

2

2

That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
– paparazzo
Jul 6 '16 at 16:09

That is an irresponsible view of security. I can tell you that is not the US federal government view of security. Leaked/published information (intentional or unintentional) is still sensitive. If you have knowledge it is sensitive then you have to treat it as such. Adding inference to published information based on sensitive information is a security beach.
– paparazzo
Jul 6 '16 at 16:09

2

2

The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
– Anketam
Jul 6 '16 at 19:14

The OP was asking about whether or not to tell his current employer not whether or not to tell his potential employer. Good answer, but wrong question.
– Anketam
Jul 6 '16 at 19:14

4

4

@ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
– Nate Diamond
Jul 6 '16 at 20:42

@ChrisG Why would an intern have classified clearance from either company? This seems obviously confidential information and not classified information with very high probability.
– Nate Diamond
Jul 6 '16 at 20:42

 | 
show 5 more comments

up vote
8
down vote

Hold your horses - I may have read the question incorrectly and it will would change my answer.

It is not clear on later / former. Not clear on which company released the report.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

Going to assume you have the NDA with you current company.

You read some public information and attached that to some sensitive information. Disclosing ANYTHING about the sensitive information is disclosing sensitive information. Even if you don't disclose the information directly saying I know this company is really X based on access I had to sensitive information is a breach of security. A leak (intentional or not) does not make the information public. If you know the information (or anything about it) to be sensitive then you have an obligation to treat it as sensitive.

If the sensitive information is about your current company then you are not disclosing anything sensitive to you current company.

You read a public report. That is not something you shouldn't know. Give a copy of the report to your current company and tell them it may be disclosing more than they want.

Cannot go the security company and say I think you are talking about my current company as then you would be violating you NDA (in my opinion).

If you disclose to the security company you suspect a prior relationship based on knowledge of sensitive information then the security companay will think this guy is not very good at keeping sensitive information to himself.

I work in IT and have had security clearance. Many times I have had to pretend I don't know. You only discuss or acknowledge sensitive information with a 3rd party when your boss tells you to.

share|improve this answer

edited Jul 11 '16 at 18:22

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Does not change my answer but is the govt classified information and do you a govt clearance?
  – paparazzo
  Jul 6 '16 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Down vote I hope you don't have access to sensitive information.
  – paparazzo
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
  – whrrgarbl
  Jul 6 '16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
  – paparazzo
  Jul 6 '16 at 16:39
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
  – whrrgarbl
  Jul 6 '16 at 16:50
  

  
  
  
  

 | 
show 3 more comments

up vote
8
down vote

Hold your horses - I may have read the question incorrectly and it will would change my answer.

It is not clear on later / former. Not clear on which company released the report.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

Going to assume you have the NDA with you current company.

You read some public information and attached that to some sensitive information. Disclosing ANYTHING about the sensitive information is disclosing sensitive information. Even if you don't disclose the information directly saying I know this company is really X based on access I had to sensitive information is a breach of security. A leak (intentional or not) does not make the information public. If you know the information (or anything about it) to be sensitive then you have an obligation to treat it as sensitive.

If the sensitive information is about your current company then you are not disclosing anything sensitive to you current company.

You read a public report. That is not something you shouldn't know. Give a copy of the report to your current company and tell them it may be disclosing more than they want.

Cannot go the security company and say I think you are talking about my current company as then you would be violating you NDA (in my opinion).

If you disclose to the security company you suspect a prior relationship based on knowledge of sensitive information then the security companay will think this guy is not very good at keeping sensitive information to himself.

I work in IT and have had security clearance. Many times I have had to pretend I don't know. You only discuss or acknowledge sensitive information with a 3rd party when your boss tells you to.

share|improve this answer

edited Jul 11 '16 at 18:22

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Does not change my answer but is the govt classified information and do you a govt clearance?
  – paparazzo
  Jul 6 '16 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Down vote I hope you don't have access to sensitive information.
  – paparazzo
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
  – whrrgarbl
  Jul 6 '16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
  – paparazzo
  Jul 6 '16 at 16:39
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
  – whrrgarbl
  Jul 6 '16 at 16:50
  

  
  
  
  

 | 
show 3 more comments

up vote
8
down vote

up vote
8
down vote

Hold your horses - I may have read the question incorrectly and it will would change my answer.

It is not clear on later / former. Not clear on which company released the report.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

Going to assume you have the NDA with you current company.

You read some public information and attached that to some sensitive information. Disclosing ANYTHING about the sensitive information is disclosing sensitive information. Even if you don't disclose the information directly saying I know this company is really X based on access I had to sensitive information is a breach of security. A leak (intentional or not) does not make the information public. If you know the information (or anything about it) to be sensitive then you have an obligation to treat it as sensitive.

If the sensitive information is about your current company then you are not disclosing anything sensitive to you current company.

You read a public report. That is not something you shouldn't know. Give a copy of the report to your current company and tell them it may be disclosing more than they want.

Cannot go the security company and say I think you are talking about my current company as then you would be violating you NDA (in my opinion).

If you disclose to the security company you suspect a prior relationship based on knowledge of sensitive information then the security companay will think this guy is not very good at keeping sensitive information to himself.

I work in IT and have had security clearance. Many times I have had to pretend I don't know. You only discuss or acknowledge sensitive information with a 3rd party when your boss tells you to.

share|improve this answer

edited Jul 11 '16 at 18:22

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

Hold your horses - I may have read the question incorrectly and it will would change my answer.

It is not clear on later / former. Not clear on which company released the report.

Question:

Do I have an (moral/ethical) obligation to reveal to my current employer that I (probably) know stuff that I shouldn't know between them and the company I might intern with?

Going to assume you have the NDA with you current company.

You read some public information and attached that to some sensitive information. Disclosing ANYTHING about the sensitive information is disclosing sensitive information. Even if you don't disclose the information directly saying I know this company is really X based on access I had to sensitive information is a breach of security. A leak (intentional or not) does not make the information public. If you know the information (or anything about it) to be sensitive then you have an obligation to treat it as sensitive.

If the sensitive information is about your current company then you are not disclosing anything sensitive to you current company.

You read a public report. That is not something you shouldn't know. Give a copy of the report to your current company and tell them it may be disclosing more than they want.

Cannot go the security company and say I think you are talking about my current company as then you would be violating you NDA (in my opinion).

If you disclose to the security company you suspect a prior relationship based on knowledge of sensitive information then the security companay will think this guy is not very good at keeping sensitive information to himself.

I work in IT and have had security clearance. Many times I have had to pretend I don't know. You only discuss or acknowledge sensitive information with a 3rd party when your boss tells you to.

share|improve this answer

edited Jul 11 '16 at 18:22

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

share|improve this answer

share|improve this answer

edited Jul 11 '16 at 18:22

edited Jul 11 '16 at 18:22

edited Jul 11 '16 at 18:22

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

answered Jul 6 '16 at 14:17

paparazzo

33.3k657106

33.3k657106

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Does not change my answer but is the govt classified information and do you a govt clearance?
  – paparazzo
  Jul 6 '16 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Down vote I hope you don't have access to sensitive information.
  – paparazzo
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
  – whrrgarbl
  Jul 6 '16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
  – paparazzo
  Jul 6 '16 at 16:39
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
  – whrrgarbl
  Jul 6 '16 at 16:50
  

  
  
  
  

 | 
show 3 more comments

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Does not change my answer but is the govt classified information and do you a govt clearance?
  – paparazzo
  Jul 6 '16 at 15:37
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Down vote I hope you don't have access to sensitive information.
  – paparazzo
  Jul 6 '16 at 15:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
  – whrrgarbl
  Jul 6 '16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
  – paparazzo
  Jul 6 '16 at 16:39
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
  – whrrgarbl
  Jul 6 '16 at 16:50
  

  
  
  
  

Does not change my answer but is the govt classified information and do you a govt clearance?
– paparazzo
Jul 6 '16 at 15:37

Does not change my answer but is the govt classified information and do you a govt clearance?
– paparazzo
Jul 6 '16 at 15:37

Down vote I hope you don't have access to sensitive information.
– paparazzo
Jul 6 '16 at 15:38

Down vote I hope you don't have access to sensitive information.
– paparazzo
Jul 6 '16 at 15:38

Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
– whrrgarbl
Jul 6 '16 at 16:25

Not downvoter, but wouldn't OP have the obligation to the party who wrote the article, to make sure it was ok to disclose? For instance, if you have a clearance and come across something that is or should be classified, you are obliged to report it to the government so they can take appropriate action.
– whrrgarbl
Jul 6 '16 at 16:25

1

1

@whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
– paparazzo
Jul 6 '16 at 16:39

@whrrgarbl Comments are not for discussion but I don't get your logic. No it is not ok to disclose sensitive information (even if someone else has). The party that wrote the article attempted to anonymize. It may just be by chance. You cannot discuss or acknowledge sensitive data with B with disclosing sensitive information. If they had legit access to the sensitive information does not change that. Now company A where you actually have the security clearance is another story. Take the report to them and say there may be a leak is fair play.
– paparazzo
Jul 6 '16 at 16:39

My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
– whrrgarbl
Jul 6 '16 at 16:50

My comment was intended for clarification; I didn't understand which entities "A" and "B" were your answer. Your answer only discusses not disclosing to "B", but does not address "A" (your reply has clarified that, thanks).
– whrrgarbl
Jul 6 '16 at 16:50

 | 
show 3 more comments

up vote
2
down vote

Is there an actual problem that you discovered

The first step in determining of whether to disclose or not to disclose is if you found something that has an impact. Would the information you found have an impact on your current employer (tech company) if the media came to the same conclusion as you and decided to broadcast it to the world? If not then there is no point in reading any further you have no obligations in anyway. Let it go and look forward to your new job.

Types of obligations

Per the wording of your question you do not have a moral or ethical obligation to let your current employer know, even if it has the potential to hurt the company. If you signed any document like what people sign when they get a government clearance then you would be legally obligated to report this information (this likely does not apply to you, but you should know what you signed when you started working for them). If your job description included things like security, public relations, or interacting with the security company in question, then you would be obligated to act upon it since that would be part of your job (again I am assuming this does not apply to you).

I could only think of one reason to share it with your current employer despite not being obligated to which is: You don't want to risk your current company getting damaged. If your company gets damaged it can mean downsizing which could mean loss of employment or the work place becoming toxic.

Sharing can be dangerous

Lastly note that if you do share this with your current employer there is a slim chance that this can go far differently then you would expect. For example it could turn out that it was your company that produced the document and the security company has no responsibility or knowledge of this. As a result they (tech company) could try to react by suppressing all information on it, discrediting those who know of it, and/or retaliating against the person who exposed it (which in this case would be you).

share|improve this answer

edited Jul 6 '16 at 19:38

answered Jul 6 '16 at 19:33

Anketam

3,75321134

suggest improvements | 

up vote
2
down vote

Is there an actual problem that you discovered

The first step in determining of whether to disclose or not to disclose is if you found something that has an impact. Would the information you found have an impact on your current employer (tech company) if the media came to the same conclusion as you and decided to broadcast it to the world? If not then there is no point in reading any further you have no obligations in anyway. Let it go and look forward to your new job.

Types of obligations

Per the wording of your question you do not have a moral or ethical obligation to let your current employer know, even if it has the potential to hurt the company. If you signed any document like what people sign when they get a government clearance then you would be legally obligated to report this information (this likely does not apply to you, but you should know what you signed when you started working for them). If your job description included things like security, public relations, or interacting with the security company in question, then you would be obligated to act upon it since that would be part of your job (again I am assuming this does not apply to you).

I could only think of one reason to share it with your current employer despite not being obligated to which is: You don't want to risk your current company getting damaged. If your company gets damaged it can mean downsizing which could mean loss of employment or the work place becoming toxic.

Sharing can be dangerous

Lastly note that if you do share this with your current employer there is a slim chance that this can go far differently then you would expect. For example it could turn out that it was your company that produced the document and the security company has no responsibility or knowledge of this. As a result they (tech company) could try to react by suppressing all information on it, discrediting those who know of it, and/or retaliating against the person who exposed it (which in this case would be you).

share|improve this answer

edited Jul 6 '16 at 19:38

answered Jul 6 '16 at 19:33

Anketam

3,75321134

suggest improvements | 

up vote
2
down vote

up vote
2
down vote

Is there an actual problem that you discovered

The first step in determining of whether to disclose or not to disclose is if you found something that has an impact. Would the information you found have an impact on your current employer (tech company) if the media came to the same conclusion as you and decided to broadcast it to the world? If not then there is no point in reading any further you have no obligations in anyway. Let it go and look forward to your new job.

Types of obligations

Per the wording of your question you do not have a moral or ethical obligation to let your current employer know, even if it has the potential to hurt the company. If you signed any document like what people sign when they get a government clearance then you would be legally obligated to report this information (this likely does not apply to you, but you should know what you signed when you started working for them). If your job description included things like security, public relations, or interacting with the security company in question, then you would be obligated to act upon it since that would be part of your job (again I am assuming this does not apply to you).

I could only think of one reason to share it with your current employer despite not being obligated to which is: You don't want to risk your current company getting damaged. If your company gets damaged it can mean downsizing which could mean loss of employment or the work place becoming toxic.

Sharing can be dangerous

Lastly note that if you do share this with your current employer there is a slim chance that this can go far differently then you would expect. For example it could turn out that it was your company that produced the document and the security company has no responsibility or knowledge of this. As a result they (tech company) could try to react by suppressing all information on it, discrediting those who know of it, and/or retaliating against the person who exposed it (which in this case would be you).

share|improve this answer

edited Jul 6 '16 at 19:38

answered Jul 6 '16 at 19:33

Anketam

3,75321134

Is there an actual problem that you discovered

The first step in determining of whether to disclose or not to disclose is if you found something that has an impact. Would the information you found have an impact on your current employer (tech company) if the media came to the same conclusion as you and decided to broadcast it to the world? If not then there is no point in reading any further you have no obligations in anyway. Let it go and look forward to your new job.

Types of obligations

Per the wording of your question you do not have a moral or ethical obligation to let your current employer know, even if it has the potential to hurt the company. If you signed any document like what people sign when they get a government clearance then you would be legally obligated to report this information (this likely does not apply to you, but you should know what you signed when you started working for them). If your job description included things like security, public relations, or interacting with the security company in question, then you would be obligated to act upon it since that would be part of your job (again I am assuming this does not apply to you).

I could only think of one reason to share it with your current employer despite not being obligated to which is: You don't want to risk your current company getting damaged. If your company gets damaged it can mean downsizing which could mean loss of employment or the work place becoming toxic.

Sharing can be dangerous

Lastly note that if you do share this with your current employer there is a slim chance that this can go far differently then you would expect. For example it could turn out that it was your company that produced the document and the security company has no responsibility or knowledge of this. As a result they (tech company) could try to react by suppressing all information on it, discrediting those who know of it, and/or retaliating against the person who exposed it (which in this case would be you).

share|improve this answer

edited Jul 6 '16 at 19:38

answered Jul 6 '16 at 19:33

Anketam

3,75321134

share|improve this answer

share|improve this answer

edited Jul 6 '16 at 19:38

edited Jul 6 '16 at 19:38

edited Jul 6 '16 at 19:38

answered Jul 6 '16 at 19:33

Anketam

3,75321134

answered Jul 6 '16 at 19:33

Anketam

3,75321134

answered Jul 6 '16 at 19:33

Anketam

3,75321134

3,75321134

suggest improvements | 

suggest improvements | 

up vote
1
down vote

Assuming you're dealing with government classified information. Check with your company's security department.

One of the classification considerations is whether unclassified information can be combined to discover classified information.

The company likely has a strong security policy (you likely should have been briefed on it during an orientation). Check any resource or self-help documents related to security and ethics.

I know that I am encouraged to report any potential violation. As someone uncleared, if I learn something classified, it is my responsibility to report it ASAP. If I don't, I am responsible for a security breach.

There is no down side here. You demonstrate that you care about company security, and potentially save the company a HUGE problem. Go talk to security right now.

share|improve this answer

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
  – Anketam
  Jul 6 '16 at 19:36
  

  
  
  
  

suggest improvements | 

up vote
1
down vote

Assuming you're dealing with government classified information. Check with your company's security department.

One of the classification considerations is whether unclassified information can be combined to discover classified information.

The company likely has a strong security policy (you likely should have been briefed on it during an orientation). Check any resource or self-help documents related to security and ethics.

I know that I am encouraged to report any potential violation. As someone uncleared, if I learn something classified, it is my responsibility to report it ASAP. If I don't, I am responsible for a security breach.

There is no down side here. You demonstrate that you care about company security, and potentially save the company a HUGE problem. Go talk to security right now.

share|improve this answer

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
  – Anketam
  Jul 6 '16 at 19:36
  

  
  
  
  

suggest improvements | 

up vote
1
down vote

up vote
1
down vote

Assuming you're dealing with government classified information. Check with your company's security department.

One of the classification considerations is whether unclassified information can be combined to discover classified information.

The company likely has a strong security policy (you likely should have been briefed on it during an orientation). Check any resource or self-help documents related to security and ethics.

I know that I am encouraged to report any potential violation. As someone uncleared, if I learn something classified, it is my responsibility to report it ASAP. If I don't, I am responsible for a security breach.

There is no down side here. You demonstrate that you care about company security, and potentially save the company a HUGE problem. Go talk to security right now.

share|improve this answer

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

Assuming you're dealing with government classified information. Check with your company's security department.

One of the classification considerations is whether unclassified information can be combined to discover classified information.

The company likely has a strong security policy (you likely should have been briefed on it during an orientation). Check any resource or self-help documents related to security and ethics.

I know that I am encouraged to report any potential violation. As someone uncleared, if I learn something classified, it is my responsibility to report it ASAP. If I don't, I am responsible for a security breach.

There is no down side here. You demonstrate that you care about company security, and potentially save the company a HUGE problem. Go talk to security right now.

share|improve this answer

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

share|improve this answer

share|improve this answer

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

answered Jul 6 '16 at 15:25

Chris G

10.8k22549

10.8k22549

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
  – Anketam
  Jul 6 '16 at 19:36
  

  
  
  
  

suggest improvements | 

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
  – Anketam
  Jul 6 '16 at 19:36
  

  
  
  
  

2

2

At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
– Anketam
Jul 6 '16 at 19:36

At no point in the question does it even mention government, let alone classified information. So despite having good information in your answer it does not address the moral/ethical obligation part of the question.
– Anketam
Jul 6 '16 at 19:36

suggest improvements | 

up vote
0
down vote

First off, you got the information through legitimate means, so no moral quandary there.

Second, I'd hire you on the spot for being that clever and maintaining such high legal and ethical standards.

Third, you've got one heck of an answer to the old "Why should we hire you" question.

That said, you should not reveal the information unless you are doing so to advance your career.

You may want to approach the management and show them how their obfuscation failed, but only if you have a way to demonstrate how you would have done better.

You have a real opportunity here that you can put on your resume that will make you shine like a star:

-Discovered security vulnerability in public documentation linking collaboration between two companies. Reported to superiors, protecting company from X dollars in potential losses.

EDITED to say:

You're clever, but keep this close to the vest.

Here's the question you need to ask yourself before proceeding: "If I were not employed by this company, could I have discovered this on my own" If it's "yes", then you may want to approach the company. If no, then keep it to yourself, you've breeched security, though unintentionally, and it could be an embarrassment to the company.

share|improve this answer

edited Jul 6 '16 at 14:50

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
  – AndreiROM
  Jul 6 '16 at 13:49
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
  – Richard U
  Jul 6 '16 at 13:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
  – Peter Smith
  Jul 6 '16 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
  – paparazzo
  Jul 6 '16 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Paparazzi ah, yeah, I see that now. going to revise...
  – Richard U
  Jul 6 '16 at 14:46
  

  
  
  
  

 | 
show 7 more comments

up vote
0
down vote

First off, you got the information through legitimate means, so no moral quandary there.

Second, I'd hire you on the spot for being that clever and maintaining such high legal and ethical standards.

Third, you've got one heck of an answer to the old "Why should we hire you" question.

That said, you should not reveal the information unless you are doing so to advance your career.

You may want to approach the management and show them how their obfuscation failed, but only if you have a way to demonstrate how you would have done better.

You have a real opportunity here that you can put on your resume that will make you shine like a star:

-Discovered security vulnerability in public documentation linking collaboration between two companies. Reported to superiors, protecting company from X dollars in potential losses.

EDITED to say:

You're clever, but keep this close to the vest.

Here's the question you need to ask yourself before proceeding: "If I were not employed by this company, could I have discovered this on my own" If it's "yes", then you may want to approach the company. If no, then keep it to yourself, you've breeched security, though unintentionally, and it could be an embarrassment to the company.

share|improve this answer

edited Jul 6 '16 at 14:50

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
  – AndreiROM
  Jul 6 '16 at 13:49
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
  – Richard U
  Jul 6 '16 at 13:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
  – Peter Smith
  Jul 6 '16 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
  – paparazzo
  Jul 6 '16 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Paparazzi ah, yeah, I see that now. going to revise...
  – Richard U
  Jul 6 '16 at 14:46
  

  
  
  
  

 | 
show 7 more comments

up vote
0
down vote

up vote
0
down vote

First off, you got the information through legitimate means, so no moral quandary there.

Second, I'd hire you on the spot for being that clever and maintaining such high legal and ethical standards.

Third, you've got one heck of an answer to the old "Why should we hire you" question.

That said, you should not reveal the information unless you are doing so to advance your career.

You may want to approach the management and show them how their obfuscation failed, but only if you have a way to demonstrate how you would have done better.

You have a real opportunity here that you can put on your resume that will make you shine like a star:

-Discovered security vulnerability in public documentation linking collaboration between two companies. Reported to superiors, protecting company from X dollars in potential losses.

EDITED to say:

You're clever, but keep this close to the vest.

Here's the question you need to ask yourself before proceeding: "If I were not employed by this company, could I have discovered this on my own" If it's "yes", then you may want to approach the company. If no, then keep it to yourself, you've breeched security, though unintentionally, and it could be an embarrassment to the company.

share|improve this answer

edited Jul 6 '16 at 14:50

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

First off, you got the information through legitimate means, so no moral quandary there.

Second, I'd hire you on the spot for being that clever and maintaining such high legal and ethical standards.

Third, you've got one heck of an answer to the old "Why should we hire you" question.

That said, you should not reveal the information unless you are doing so to advance your career.

You may want to approach the management and show them how their obfuscation failed, but only if you have a way to demonstrate how you would have done better.

You have a real opportunity here that you can put on your resume that will make you shine like a star:

-Discovered security vulnerability in public documentation linking collaboration between two companies. Reported to superiors, protecting company from X dollars in potential losses.

EDITED to say:

You're clever, but keep this close to the vest.

Here's the question you need to ask yourself before proceeding: "If I were not employed by this company, could I have discovered this on my own" If it's "yes", then you may want to approach the company. If no, then keep it to yourself, you've breeched security, though unintentionally, and it could be an embarrassment to the company.

share|improve this answer

edited Jul 6 '16 at 14:50

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

share|improve this answer

share|improve this answer

edited Jul 6 '16 at 14:50

edited Jul 6 '16 at 14:50

edited Jul 6 '16 at 14:50

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

answered Jul 6 '16 at 13:45

Richard U

77.2k56200307

77.2k56200307

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
  – AndreiROM
  Jul 6 '16 at 13:49
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
  – Richard U
  Jul 6 '16 at 13:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
  – Peter Smith
  Jul 6 '16 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
  – paparazzo
  Jul 6 '16 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Paparazzi ah, yeah, I see that now. going to revise...
  – Richard U
  Jul 6 '16 at 14:46
  

  
  
  
  

 | 
show 7 more comments

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
  – AndreiROM
  Jul 6 '16 at 13:49
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
  – Richard U
  Jul 6 '16 at 13:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
  – Peter Smith
  Jul 6 '16 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
  – paparazzo
  Jul 6 '16 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Paparazzi ah, yeah, I see that now. going to revise...
  – Richard U
  Jul 6 '16 at 14:46
  

  
  
  
  

Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
– AndreiROM
Jul 6 '16 at 13:49

Or the OP might just come across as a smart ass know it all. Remember, he's just an intern, so he's pretty low on the totem pole.
– AndreiROM
Jul 6 '16 at 13:49

Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
– Richard U
Jul 6 '16 at 13:52

Pascal's wager. The risk of being wrong is far lower than the reward for being right in this instance. Having read the evil overlord's list, I'd want the kid, let the other company keep the genius.
– Richard U
Jul 6 '16 at 13:52

Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
– Peter Smith
Jul 6 '16 at 14:18

Thank you for thinking highly of me, but feel I needed to clarify the question: Consultancy helped tech company, it was not independent lines of thought.
– Peter Smith
Jul 6 '16 at 14:18

Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
– paparazzo
Jul 6 '16 at 14:35

Not going to vote you down but no way I reward a person that disclosed sensitive information. The connection was made based on sensitive information. That would be a leak of sensitive and really frowned upon.
– paparazzo
Jul 6 '16 at 14:35

@Paparazzi ah, yeah, I see that now. going to revise...
– Richard U
Jul 6 '16 at 14:46

@Paparazzi ah, yeah, I see that now. going to revise...
– Richard U
Jul 6 '16 at 14:46

 | 
show 7 more comments

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f70939%2fshould-i-disclose-i-know-sensitive-information-about-a-company-relation-that-i-w%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email