Without sounding controversial and having peers in Infosys/TCS since college days, I can attest that leaking design & implementation decisions between projects is very common in consultancies. I have personally privy to one such story where choices made in one healthcare giant's systems were "modified/adapted" to another. IP issues galore, these should be red flags but sneak under the radar being a consultancy
When it comes to consultancies/agencies this is basically put forward as a feature, not a bug. If you're doing a multi million dollar project of course you would want to bring in 'experts' with 'prior experience in the problem space'.
My experience of it is in advertising, look at something like GroupM. They intentionally make a set of agencies to act as different front doors into the group so they can make it look like there are no conflicts of interest. Then once work comes in the door it all gets serviced by the same shared resources. The 'front door' agencies of course promote as a centre of excellence with deep expertise etc. but you really don't need to read between the lines very much.
I think it goes one step further, the companies that employ these consultancies (including/especially healthcare) there are consistent patterns across companies in a given industry.
To contextualize this, in my experience this doesn't happen as a result of some malicious conspiracy but rather as a natural outcome of working with various projects and exchanging with colleagues in various projects.
For the consultancy it boils down to not reinventing the wheel, learning from others and sharing knowledge about what works and what doesn't. Typically, what is shared are anonymized generic design or cases and not actual code or design files though.
Of course what is knowledge sharing and efficiency for consultants might simply boil down to IP theft for the affected companies. My question is rather how much of it is natural human social interaction and collaboration if you put dozens of people from dozens of projects into one room talking about a similar problem.
It's not necessarily consultants in these companies that are malicious. I find working with many to be honest, and deeply caring about their work. It's that some of the management in these companies are incentivized to engage in duplicitous behavior to gain clients one way or another.
Working for a tech consultancy before, they do have clear lines to distinguish for legal reasons and make you take courses. For e.g., you can't give or receive gifts of any monetary value, etc. But management find other ways, to gain client's trust and affection. One way is to overwork the consultants, and other is to share information that is privy sometimes.
In this case "source code and documentation" were copied, these are concrete written artifacts. I'm not bothered by people sharing things verbally and implementing to a blank file.
In the case which I referred to being personally privy, a high-speed data bus of a rapid imaging system (which was a crowning advantage for the first) was 'adapted' over in a slightly different form. Personally, you could say "as long as they didn't Ctrl-C/V it is fine", but then implanting a winning feature to the competition product is a red flag to me. That databus didn't exist previously as a feature - and its addition was a innovation in rapidity.
This happened in 1999-2001, so it isn't recent & won't affect any outcomes. But it goes on to say it can blunt a prior client company's competitive advantage.
It seems normal to me that if someone implements the same thing twice in a row they're gonna do it faster the second time. Though I don't know the specifics of your case (maybe they did copy-paste the original, who knows), it seems perfectly plausible that they did so without copying any code.
To say that this always involves illegal copying of code in some way would imply that an employee is effectively forbidden from ever writing similar code in two different companies - are you supposed to be forbidden from re-using the experience you gained working for a company ?
> are you supposed to be forbidden from re-using the experience you gained working for a company ?
No but adding implementations to competiting company's product based on the innovations seen in the first falls squarely under IP misuse (At the least, bypassing patent licensing etc.)
Software domain would see acrimonious litigations cases based on mundane things like the rubber band scrolling (Apple vs. Samsung). Adding readout specific databus improves acquisition speeds by order of 2 or 3x - and that is not a trivial change which can be disregarded. Most times they've been misused since they were minor trade secrets not patents. There was no way to attempt litigation in this one without opening up certain parts of software ecosystem to legal scrutiny/comparison (which probably exposes more IP).
I wonder how it can apply to an individual - say I am developing a feature at my job today. Five years later, I am on a different job, but developing a similar feature for some other employer. I wonder how much of the two implementations that are apart by 5 years but done by the same person, would be similar (even after accounting for my own personal growth in terms of programming abilities)? What if I am a teacher who is creating quizzes and exercises? Or a graphic artist making illustrations from eerily similar requirements?
I suppose this is an interesting question, not quite black and white? That said, don't these huge companies have armies of lawyers to protect their IP?
This wasn't just between projects - it was from one firm to another. So there is a conflict of interest; why would any gov. procure anything from anybody if a giant like Tata can swoop in and poach all your workers and steal your project? Personally, I think that any technical implementation details that does work for citizens should be public property and not commercial IP, but that's just me. It's not the world we live in.
That’s why governments should do more in house and rely less on consultancies.
However in many cases of enter-rise software, everyone involved knows perfectly well that copying is happening. In which case there is nothing immoral ~ just a mismatch between elegant and actual reality.
Yeah, I agree 100%. The only corollary is that I view a lot of settlements like this as much more protectionist. I thought that this was for a gov. bid and not an insurance conglomerate, but the principle is the same. DXC lost the bid, probably because they were doing a bad job. So they held the whole effort hostage and sued based on IP protections. And then the Texas court awarded the American company 210 Million dollars from the Indian company.
In this case it is very straightforward legally if they copied documents over. You just can't do that, full stop. But I'm uncomfortable to say that this is an equitable relationship between all these companies, because it gives a level of protectionism to DXC to do a really poor job in delivery knowing that the American court system has their back if they lose on re-compete.
My Indian Engineering college had no course on ethics and nor were ethics mentioned even once. While Ethics was a mandatory course in my Masters abroad.
Indian engineering colleges really need to start cleaning up the detritus, it is time to provide healthy base for the young ones. Once a culture builds up, the managers at consultancy will feel ashamed to cut loose on ethics even under pressure. Or not, but a start has to be made in this aspect.
> Once a culture builds up, the managers at consultancy will feel ashamed to cut loose on ethics even under pressure.
As if the engineering grads make these decisions and not managerial types with MBA degrees and "connections".
Indian engineering colleges already have 2-3 such courses in curriculum and don't need to fit yet another subject which nobody cares about, instead of teaching actual skills.
The actual knowledge of average Indian Engineering grad is very low, except in leetcode.
It's delusional to think humanities / ethics courses fix these problems.
It's managers who usually make these decisions, not engineers.
Doesn't the ruling elite of most countries study humanities courses? Does that prevent them from commuting much worse attrocites than this?
To be clear, I see more "gaming the system" behavior in India, but it's purely a result of more cut-throat competition in the market. "Ethics" and "morality" courses have shit to do with it.
I don't really think ethics courses works even if you just ignore the facts that all ethics are subjective. Most companies I have worked with has ethics training with quiz in the start and it is obvious what the answer should be for each question and you are supposed to select that, not selecting what you would actually believe.
lol - my friend once marked a paper from an Indian student about ethics... they wrote that ethics should be the sole concern of the ethics department because "everyone is too busy and nobody has time to do ethics".
Engineering ethics is knowing what's right or wrong when performing engineering work. Children develop a pretty decent sense of right and wrong. It isn't rocket science.
A 22-year old ordered by their manager to falsify data in their first month on the job knows it's wrong. They aren't going to refuse because they took some course in college. Whether or not they do it is more likely a function of how prevalent that behavior is in the organization, how often it's caught, and how publicly it's punished.
A 22-year old ordered by their manager to falsify data knows it's wrong, but doesn't know how to handle the situation. The point of ethics courses is to teach students how to handle situations like that, else they'll just continue to be exploited until they learn how to handle things on their own.
I think we should stop framing this as ethics. TCS tried to get the best outcome for their client. CSC decided the client should suffer because they didn't win the re-compete. That's basically retaliation. Also a Texas Jury deciding that an Indian company should give 210M to an American company? If you take a step back, none of this is about ethics.
Now, with this kind of money and scrutiny you have to follow the letter of the law, whether it is productive or not. TCS should know better. But we can't pretend that this is about ethics.
Yup. The only surprising thing here to me was that the lawsuit wasn't around TCS taking a customer's own source code and selling it back to them as a consulting product.
However, the champagne corks won't be popping at CSC just yet. If the Epic experience is anything to go by – the decision was appealed – there will likely be legal twists and turns aplenty before payments are made and the case is closed.
6 days ago: TCS will be making a balance provision of $125 million in the December quarter of FY24, after the US Supreme Court rejected the company's plea in a matter pertaining to EPIC Systems Corporation.
They didn’t hear it, and therefore the lower court’s decision remains in place. That’s what this means:
> the United States Supreme Court on November 20, 2023 rejected the Company’s petition to file an appeal against the orders passed by the US Court of Appeals, 7th Circuit
Company CFO and CIOs need to do better dilligence of their vendors. Two simple contract clauses: priced soliciting to price staff pouching, and treble-5x damages for IP theft.
Develop a heuristic - any consultancies brought on from 3rd party contracts must sign enhanced protection clauses. Cite publicly available info to support your position. All it takes is a quick google and a few boilerplate clauses
Trick of the trade - either keep a former employee’s email active or just forward all emails to their address to something searchable. Especially if they are an older exec that was terminated, because they will fuck stuff up all the time with their boomer butter fingers. You will get CCs on all sorts of email chains which will help you in future litigation and termination issues.
You could have given the same advice (which is very good, I do the same) without the age reference because if you've only seen boomers fuck up with butter fingers, you've been very lucky!
(Preemptive disclaimer that I'm not a boomer. I'm not from the US, but if I were, I'd be gen X).
A bit late, but I think these are orthogonal to Western generations. Probably due to increasing globalization of the world, but I find general attitudes toward socialization, romance, and technology to be very similar between Indians and Westerners of similar generations. Obviously Indian differences matter when it comes to a lot of things, but the older Western generation was surprisingly conservative too especially those who grew up in more rural places. The biggest differences usually come from how used to material comfort older Indians seem compared to Westerners.
Heh, fair enough, I won't argue against that particular label, but my geographical disclaimer is because boomer doesn't really make sense (we never had a baby boom here).
While Baby Boomer has a definition with a generally agreed upon starting date for births and a bit more fuzzy ending date, in recent years "boomer" has come to mean older people in general, usually those out of touch with current youth culture. From the perspective of a university student, a thirty year old giving advice on meeting people using OkCupid could be a boomer.
How soon - if ever - will AI tools be able to replace or at least reduce the demand for these offshoring companies? I've seen the code some of them put out. Even chatGPT 3.5 can be better than them.
Didn't people ask that back in ~2000, "how soon before offshore employees take our jobs?". The devil is in the details. Can AI solve a linker error and fix a visual studio project file? Sure, if you train it with a million samples. I think the reason AI won't work for anything more than wireframe is that there are too many edge cases to adequately train it.
A machine that doesn't actually understand anything, but is able to generate a ton of coherent text anyway? That's an offshore technical service company's dream.
What did you say? That it is also complicated to deploy properly? And there is no objective way to measure its success? Christmas keeps coming early.
You are looking at this the wrong way. Moving IT to offshoring companies is a risk mitigation strategy, now if critical systems go down it's someone else's problem.
I have been using 3.5 to write code. I wrote a 'simple' app (200-300 lines) that although 'simple' it took A LOT of back and forth with the 3.5. In the end I had to spend a couple of days combing through it to add some key features (i.e. set values to zero so you don't see old data, etc.). Basically crude (but smart?) coding (I am not a professional developer).
When I finished the code and the app was performing EXACTLY as I wanted (v1.0), I thought to start planning for the v1.1 and when I pasted my code to the 3.5 and asked it to 'work on it on the new features' it was a shitstorm :)
Perhaps it was me feeding the requirements 'wrongly', but it was like pulling teeth 'guiding' it to correct even the simplest mistakes.
I think there is a difference between mastering fluid dynamics to the point where you can have sustained power flight, and building a machine that arranges words next to other words based based problematically in training data.
But even if you want to torture this analogy, LLMs are a godsend to techncial service Companies. It's like saying "Oh, planes are faster so I guess people won't be spending as much time traveling and there will be less of it now".
I think you'll find the most succinct requirements for a program is the code itself - you can add more and more logic to guide GPT to generate something but eventually you're just writing code yourself anyway.
GPT can sew snippets of code and see patterns but it has no understanding of coding and such. But even without this ability it could work amazingly well if you know what to ask for and accept its limitations.
Someone who's not a professional developer was able to take the weakest model OpenAI offers today and get exactly what they wanted for a V1.
Have you actually worked with a consultancy? Have you priced out what the back and forth you had with 3.5 would have cost with a real human with a similar level of depth?
_
I personally don't think AI's effect on offshoring will be so cut and dry, since it's not like offshore developers can't level up with it too, but your example is showing how badly people are underestimating the impact AI will have on programming.
Makes me wonder if they did the same for a large system we built for a state agency. I was lead developer on that project, so I'm pretty familiar with most aspects of it. The first few years after delivery, the agency had us come back a couple of times for change requests and to train their in-house developer when there was turnover in that role. At some point after I left that consultancy, the agency switched to using TCS. A few years later, several other states had very similar systems built for them by TCS. While I can't see any of the internal management portions, based on URLs, the public facing portals all use similar somewhat obsolete tech stacks. The workflow is also the same.
But I have no way of knowing what happened behind the scenes. Perhaps the state agency gave TCS a license to use the code we developed (the agency, not our consultancy, retained ownership of the code). Or maybe some of the TCS people who worked on maintaining the code for the agency later went on to build a new system from scratch inspired heavily by our system. There's no way to really know from my vantage point, but given this story, it sure makes me wonder.
One of our clients had a consultancy agreement with TCS. As one of their software vendors, we had to work with some TCS guys. It looked like their job was to make other people's work harder. They were full of work politics, bad mouthing other people, and shit like that. They didn't seem to be good at their job either.
Didn’t Nvidia also get pulled up by courts recently for stealing code? I am not condoning either action, but this seems to be a tech culture issue of which almost every company seems to be guilty of rather than just everyone’s fav punching bag tcs.
Man, it sucks that the law makes this situation. Texas would rather punish TCS than have stuff work well. But I guess you can't go around sharing confidential information - it's a big no no in these contracts. TCS should know better.
Let's say that I hire you as a software engineer. I tell you to implement several new features in the product you are assigned to. But, you aren't allowed to read any documentation or source code of the project you are working on. It exists, but by law you aren't allowed to read it.
That's the situation TCS contractors are in. Now, laws are laws, and we have to follow them. There is always plenty of money to do things by the book. I thought this was a gov. project, not insurance, but the principle is the same. Transamerica is getting worse service because the contractor that they prefer wanted to look at documentation for a system they payed for. This is why enterprise IT is a legally mandated mess.
> Transamerica is getting worse service because the contractor that they prefer wanted to look at documentation for a system they payed for. This is why enterprise IT is a legally mandated mess.
No, I don't believe that's at all what was happening. I really recommend reading the original compliant[1]. TCS was leveraging their employees with access to CSC's documentation and source code to glean information about how a particular feature was implemented, _not_ for supporting Transamerica, but for reimplementing the feature in their own product.
From paragraph 29 of the compliant:
> A TCS employee, who upon information and belief is part of the U.S. BaNCS development team, wrote in an email: “Quite honestly, I’m not sure how VTG [Vantage] does this today, so maybe we should engage [TCS employees with access to the Vantage source code] if we want to emulate that?”
The complaint goes on to describe the engineers sending the actual source code to the team. This is pretty clear cut theft IMO.
Yes, I have stated that I understand it is legally a no-no because they are violating the terms under which they have access to that documentation. But ethically, I think it is a lot less clear cut, because it allows CSC/DXC to hold their platform hostage and not really have to try for re-competes because they know that they can try their luck in court. They gave TCS access to the documentation, is it really a good use of the American justice system to enforce what they do with it? Is it a matter of ethical concern? I don't think so.
This is why enterprise IT is a mess. Every time you need to do anything, you have to triple check that you aren't violating some clause buried in some obscure legal agreement that you probably don't have access to. Or else, you could cost your firm a quarter billion dollars or more. So you end up with reams of dead software that is unusable by design since it is being held hostage by various different commercial interests. I understand that is just the world we live in when millions of dollars are involved, but we can do better.
On the other hand I get the concern: you would want some legally enforceable agreement with TCS that they won't steal confidential information you share with them in good faith to steal business. Nor go and hire a bunch of staff to poach your contract. But documentation of the software that Transamerica paid for is secret, are you kidding me? They would have been fine, legally, if they got the materials directly from Transamerica. Because they got it from someone who merely used to work there, it is a quarter of a billion dollar mistake. Seems like a pretty narrow difference to me, hardly some kind of grand ethical quandary.
It sucks that they wrote a contract where they didn't have legal access to redistribute documentation to the contractors they hired, but them's the breaks when you write shitty contracts. Any insurance company has armies of lawyers available, so it's hard to feel bad for them.
Oh yeah, you need to follow the law, no doubt about that. But is the law there to provide an ethical framework for productive business to occur, or to provide a level of protectionism to local interests? I don't think you can look at the Indian IT industry and think the former.
> That's the situation TCS contractors are in. Now, laws are laws, and we have to follow them. There is always plenty of money to do things by the book. I thought this was a gov. project, not insurance, but the principle is the same. Transamerica is getting worse service because the contractor that they prefer wanted to look at documentation for a system they payed for. This is why enterprise IT is a legally mandated mess.
This is not the case. Regardless you state that there is a single choice to be made, getting something that works OR having it done legally.
Many of these business domains - insurance, healthcare etc - have complex state-specific business rules evolved over decades. I’d even suspect that the software implementations in some big players, like Epic, would be the default interpretation of some regulations (like, say, CRuby acts as the specification for Ruby language).
It seems TCS might have tried to plagiarize those rule implementations.
No, it's probably implementation specific. They probably refered to some documents regarding the ongoing implementation of a DXC app. Remember that with the enterprise deals it is pretty custom how these things are deployed. CSC probably set something up for Transamerica, and then info about it leaked to TCS. Probably through one of the 2000 Transamerica employees they poached. I doubt there is any internal platform documentation that got leaked, or that CSC even has access to from its vendors that TCS doesn't. Who knows what kind of vendors are under the hood of this thing.
> "In any given quarter, there will always be some amount of de-growth. What's happening now is that de-growth is not being compensated fully because clients are optimising and there is some deferral happening," said K Krithivasan, MD & CEO, TCS.
> "If the existing projects get paused or optimised more than the incoming revenue, it results in muted or moderated revenue growth," Krithivasan added.
> According to Krithivasan, once things settle down, this optimisation will be compensated by new projects.
I asked ChatGPT to rewrite the quote to be more readable and this is what it came up with:
"Every quarter experiences some level of decline. Currently, this decline is more noticeable because our clients are optimizing their operations and delaying certain activities, which isn't being completely offset," explained K Krithivasan, MD & CEO of TCS.
There's no degrowth in that case, tcs clearly has deinvested maintenance of its humanoid resources, resulting in deperformance, ultimately ending in the detrust of its customers, who will degive them their money, tcs deriching, and deemploying people. One can only hope those will successfully deunemploy, hopefully following the dedecline of the economy
The goal of these words is to minimize the negative associations, or maximize the positive ones. A lot of corporate lingo is aimed at this. It's a trend that won't die (pardon, "won't un-live") because it's unreasonably effective at obscuring an otherwise bad situation.
Either it leaves a better or less worse opinion of what was said compared to normal language, or it makes everything so unclear that the listener has no hopes of understanding the real, desolate, message.
No, that's a feature. Replacing your gormless CEO with a machine is one of the highest-impact ways to leverage an LLM. Frankly, it's a shame that OpenAI is too afraid to eat their own dogfood.
It was supposed some event about signing up for intern roles with them.
Instead they had some activity that people had to do and it was more like a mini competition.
The example activity was they had acquired some company and the objective of the task was giving ways to tear the acquired company apart to extract value (layoffs, spinoffs, IP etc).
That sounds like a refreshingly upfront recruiting first impression.
And the winning kid to join the Wonka consultancy was the one who not only chopped up the hypothetical company, like all the other kids did... but then also loaded what remained with debt, while self-dealing (or whatever it is they do)?
> These former employees had access to its code and documents, and forwarded them on to the Tata BaNCS development team
And these (ladies and gentlemen) is why you need smart IT auditors in your corporations. Also robust DLP systems with alerts when emails are sent to 'some' specific domains.
