Dr. C. Scott Ananian (cananian) wrote,
Dr. C. Scott Ananian

Google's Evil NDA

Tomorrow I am going to interview over at Google. Before I do so, I need to sign an NDA which states, among other things, that I'm not allowed to tell anyone I'm interviewing over there, or indeed, to mention the name of Google at all. So I'm going to do all that now and get it out of my system, so I'm not tempted to violate the agreement after I've signed it. Since linking the entire NDA would likely violate Google's copyright on the document, I'll just quote sections of it below:

  • The biggest flaw, to my mind, is the lack of any expiration date. Clause 8, "This Agreement shall remain in effect until such time as all Confidential Information of Google disclosed hereunder becomes publicly known and made generally available through no action or inaction of Participant." Since some of the information "disclosed hereunder" will only ever be known to me and Google (see next bullet), this means that the NDA lasts forever. Technology moves fast — certainly it must be possible to put some time limit on the information I might (inadvertently) receive. 3 years? 5 years? 10? 20?
  • The definition of "Confidential Information" in section 2 includes, "the terms of any agreement and the discussions, negotiations, or proposals related to any agreement." So, according to the NDA, I can't even tell my mother (not an "employee, director, agent, or third party contractor", even if she signs a Google NDA herself) what salary or options are in any Google offer. I'd like to ask my friends at Google, say, what ballpark compensation I might expect, but under the terms of their NDAs they couldn't tell me either. Further, since it's highly unlikely that the terms of my offer become "publicly known ... through no action or inaction of Participant" this bullet combined with the previous makes the agreement eternal.
  • I can never mention Google again in any public statement after I sign this NDA:
    4. Participant agrees not to do the following, except with the advanced review and written approval of Google: (a) issue or release any articles, advertising, publicity, or other matter relating to this Agreement (including the fact that a meeting or discussion has taken place between the parties) or mentioning or implying the name of Google."
    So, after I sign this NDA, I can't tell you that I've done so. (Luckily, I haven't signed it yet.) I have crossed out "mentioning or implying the name of Google" in my copy, as I simply cannot in good conscience promise never to "mention or imply the name of Google" in public (say, on this blog) ever again. What lawyer wrote this crap?
  • The third clause of item 4, whose first clause is above, is:
    [4] (c) reverse engineer, disassemble, decompile, translate, or attempt to discover any prototypes, software, algorithms, or underlying ideas which embody Google's Confidential Information.
    As the NDA is very loosey-goosey about what, exactly, Google considers Confidential Information — nowhere in the NDA does is say that Confidential Information will be marked or identified in any way — this may effectively forbid me ever to take apart any of Google's software. US law allows me to (for example) reverse engineer for compatibility (what Ed Felten calls the Freedom to Tinker), and as a practicing computer scientist I'd rather not forfeit those rights for all time for all Google code. Time-limiting the NDA or clearly marking Confidential Information may have made this term less objectionable. One may also attempt to argue that "Confidential Information" is limited to stuff I directly observe or is presented to me — for example, if I'm told that there's some secret at the heart of Google Mail, I can't ever "view source" in my browser to try to discover what it is, but that I'm still free to view the source of (say) Google Calendar. I'd prefer that to be the case, but the language used in the NDA is:
    2. Google may disclose certain information under this Agreement it considers confidential and/or proprietary concerning Google's business and/or technology ("Confidential Information") including, but not limited to...
    Is the Confidential Information only that information which Google discloses, or is there a broad swath of Confidential Information owned by Google, some of which it may disclose, but all of which I'm forbidden to "attempt to discover"?
  • Finally, item 5 provides that "If Confidential Information is required to be produced by law, court order, or other governmental demand... Participant must immediately notify Google of that obligation," regardless of the fact that disclosure of a National Security Letter is illegal. Not that this possibility is likely, but it is just one more term with which it could be impossible to comply.

I have signed NDAs with other companies which seemed entirely reasonable. The Google NDA, however, seems to fly directly in the face of Google's reported "Do No Evil" motto. What's more, after tomorrow I may be entirely unable to complain about it — and I expect that current Google employees are similarly contractually bound not to comment. But while I can, let me say: this stinks!

UPDATE: A quick google for "Google NDA" turned up several more complaints about the Google NDA, such as this one from Colin Percival. Valleywag reproduces the entire Google NDA, so you can read it in its entirety yourself. Further, I've written an amendment to the NDA which remedies its faults as I see them. If I can get Google to agree to at least term 2 of this amendment, then you'll hear about my experiences here tomorrow.

UPDATE x2: I crossed out some terms before I signed the NDA this morning. At the end of the interview (4 or so hours later) my recruiter returned to tell me that he'd talked to his supervisor and it turns out that I could have not signed it at all. (Thanks for checking, Jeff!) They'll still talk to you if you decline. In fact, when you arrive at Google they ask you to sign a different NDA (a much less evil one) in order to get a visitor's badge, and it turns out that you can decline that as well: your badge will have a big red "No NDA" label or some such on it, but no harm done. So, my advice to future interviewees: be brave! Just decline the NDAs, and ask your recruiter to check with their boss if that makes them nervous. It would probably be a good idea to warn your recruiter first if you plan to do this, so that the boss-checking won't throw off the schedule. It will be all right.

Tags: google, jobs, nda
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded