It's baffling how many people in previous threads thought a company that gets most of its money from enterprise/business clients, will burn all their reputation by surreptitiously using client data to train their AI.
> Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems [0]
> Mac update nukes dangerous webserver installed by Zoom [1]
> The 'S' in Zoom, Stands for Security - uncovering (local) security flaws in Zoom's macOS client [2]
[0] https://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-...
[1] https://arstechnica.com/information-technology/2019/07/silen...
Occam's razor also applies here.
(Even if revenue was much higher. Revenue doesn't tell you anything about how well a company can take a financial hit)
But, really, does it matter whether the bad thing is caused by incompetence or malice outside of a court of law? The bad thing happens either way.
There is however research (that aligns with a lot of people's experience) to suggest psychopaths and sociopaths are very over represented in leadership:
I now use Hanlon's Shaving Brush. Its a broad brush that I use to paint every sketchy move businesses make. "Is it malice? Or is it incompetence that merely looks like malice?". I don't care! I'll assume malice unless otherwise shown.
It's not my job to try and find out how evil shit was done accidentally. It doesn't matter if they "oopsied" into selling a firehose of my data to a "trusted partner" to analyze to death. Nobody actually gives a shit at these companies, so I need to treat them all as if they're malicious. If the underlying cause was a bit of incompetence a few years ago, that does nothing for me when I'm discovering the fuckery.
Maybe it's both: malice to kick off the effort and incompetence because they got found out.
If the specific misconduct they got caught for netted them $x, and they got fined for $5x, who cares how much % of their global revenue is? That specific crime was still a net negative for them. I'm not sure why conglomerates should be punished more harshly just because they have more revenue overall.
Personally I think that C levels should automatically be disbarred if the corporation is found guilty of criminality as that puts responsibility on the people with the power to prevent it.
The word adequately, and the fact it was made when presuming good faith was more reasonable.
These days it's better to assume everything is theft, fraud, or marketing.
As for "who cares about %": every one who understands that fines that cost a company nothing, do nothing, all they say is "it'll cost you a trivial amount more to do this", turning what should be an instrument to rein in companies into simple monetary transaction that just goes on the books as an entirely expected and affordable expense.
It should be a crime, and they should have been found guilty in court over that, and the fine should be such that no matter your company's size, you can't risk running afoul of the law repeatedly. But it absolutely isn't.
The HN commenters tend to assume #1 when it comes to big companies, while more likely it's #2. The razors capture this situation well.
I think attributing everything to incompetence vastly underrepresents intent. Maybe not all bad acts are malice, but too many are attributed to incompetence. Maybe it is not malice, but it can still be intentional actions against or indifferent to your interests.
While you thought you presented an argument against hefty fines, you actually gave the perfect reason for why they should be hefty. If illegal practices are affordable, they're not illegal. They're just the price of doing business. So make them hurt.