> The smart thing would have been to do #1. [Talk to a lawyer on how to avoid assisting a crime] [...] Here's what Singh did instead: he asked for a personal meeting with Bankman-Fried and confronted him about the missing funds.
If you're not sure something illegal is happening, you could do both. The lawyer might tell you what questions to get answered, to inform what you do next.
(But don't do talk to anyone at the company if you think there is any risk that they will try to neutralize you as a weak link. "The coverup is worse than the crime" happens in organizations with shitty people, and you might have just discovered an especially shitty person.)
As an engineer, I once told a company that it was about to accidentally do something that I suspected was seriously illegal. They were able to prevent it from happening, in time. Problem solved, no wrongdoing occurred, and no one had to quit, nor go to federal prison.
Longer ago, I once told an organization about some bad things, using the appropriate internal channels. And then I had to keep going up the chain of command, when each level would suppress it, and sometimes even retaliate. Which was a rare opportunity to realize that an organization had infected its org chart with a high degree of shittiness. I'm now a big fan of people consulting a lawyer.
On another occasion, not necessarily "illegal" was averted, but at least "big liability" was. I had reverse-engineered a customer's security-related protocol, for an integration, and found a grave vulnerability. (Critical info that must be inside the cryptographic signature envelope, was outside of it, meaning that an attacker could replay a captured message later, with changed data.) To interoperate with the customer's system, I'd need to implement the security thing in an unambiguously wrong and insecure way. So I told the appropriate person on my end, and thankfully they handled it well, and figured out how to break the news to the customer.
That time, to be sure the appropriate person understood the severity, I mentioned that, in a different engineering field (including one in the application domain), I would "lose my license or go to jail" for implementing that.
Occasionally, I briefly muse that our field could use the obligations and authority of Professional Engineers. But moments later, I realize that our field went too long without that, and I can't imagine that being implemented with integrity at this point.
If you're not sure something illegal is happening, you could do both. The lawyer might tell you what questions to get answered, to inform what you do next.
(But don't do talk to anyone at the company if you think there is any risk that they will try to neutralize you as a weak link. "The coverup is worse than the crime" happens in organizations with shitty people, and you might have just discovered an especially shitty person.)
As an engineer, I once told a company that it was about to accidentally do something that I suspected was seriously illegal. They were able to prevent it from happening, in time. Problem solved, no wrongdoing occurred, and no one had to quit, nor go to federal prison.
Longer ago, I once told an organization about some bad things, using the appropriate internal channels. And then I had to keep going up the chain of command, when each level would suppress it, and sometimes even retaliate. Which was a rare opportunity to realize that an organization had infected its org chart with a high degree of shittiness. I'm now a big fan of people consulting a lawyer.
On another occasion, not necessarily "illegal" was averted, but at least "big liability" was. I had reverse-engineered a customer's security-related protocol, for an integration, and found a grave vulnerability. (Critical info that must be inside the cryptographic signature envelope, was outside of it, meaning that an attacker could replay a captured message later, with changed data.) To interoperate with the customer's system, I'd need to implement the security thing in an unambiguously wrong and insecure way. So I told the appropriate person on my end, and thankfully they handled it well, and figured out how to break the news to the customer.
That time, to be sure the appropriate person understood the severity, I mentioned that, in a different engineering field (including one in the application domain), I would "lose my license or go to jail" for implementing that.
Occasionally, I briefly muse that our field could use the obligations and authority of Professional Engineers. But moments later, I realize that our field went too long without that, and I can't imagine that being implemented with integrity at this point.