slurpy wrote: »
Holy ****. I mean..I don't even..wow.
snova wrote: »
code names are standard practice for many technology companies.
moreck wrote: »
This all seems resaonable to me.
The code names. keeping new equipment in a locked room and limiting access is nothing new - Apple's been doing it for decades. I was leading software development at a company back in the early Apple ][ days and we had to to sign the same type of agreements with Apple.
What they didn't have back then were huge fines or audit charges if you violated the agreement. Somehow I don't think the corporate lawyers would have been willing to let us sign that.
Apple's security including the concomitant dribbles of leaks and information about upcoming products are very much a part of the whole marketing frenzy that is very much a part of the mystique of Apple. Bottom line: it's worth a lot of money. When you think about the 13Billion that Samsung spent and compare that with the carefully controlled hype that Apple orchestrates, partly with its policy of secrecy as the main tool, then it is clear that they get about 100 billion (name your own value) worth of free advertising already built in to their releases.
Keeping their stuff secret from competitors is of secondary importance. Take 64 bit iOS, Samsung just didn't have the resources to suddenly copy it like they can a shape. Or the SoC chips Apple uses, they go back to at least the investment made in 2008. And it gets more difficult. Even if it were completely impossible for anyone to copy anything Apple does, the secrecy apparent or otherwise fosters continuous curiosity. It's basic human nature, no one wants to be ignorant. Tell your partner before you go to sleep tonight that you have something very important to tell them... in the morning.
Now everybody wants to know how secret are their secrets and have the documents revealed real secrets about their secrecy, or only tantalising glimpses about possibly more weirdly secret practices. Maybe Apple use specially trained carrier pigeons, now that would be a story. If I were in charge of Apple marketing, I'd give that one some legs, or wings.
inkling wrote: »
This is hilarious. What were those efforts intended to hide? Everyone and his brother knew that GT Advanced was making screens for iPhones. They might has well put up a sign at the entrance of the employee parking lot: "Proudly Making Screens for the Next iPhone." These code names weren't going to fool anyone and had nothing to do with the secret manufacturing processes involved.
I dunno, every other supplier managed not to go bankrupt.
Sounds all reasonable. Much like any other NDA when you work with big companies as a smaller one, and very similar the the ones I had to sign over the years. Nothing special inside the documents.
- Code Names - CHECK
Normal just keep it private and make sure that a 3rd party cannot easily understand what a phone call is about when you get a call on a certain topic in the public or any other not authorized person can listen in on. Project always have some code names anyway as names and stuff are mostly decide by marketing anyway or you do not know for which product in the end it will be used and how. Also help to prevent making assumptions for what something might be used and name stuff by accident.
- Not mentioning for whom you work for a project - CHECK
Similar even in nearly any employment NDA if you have access to business details. You are always told not to tell exactly for whom and on what you are working in detail to unknown persons. Standard confidentially agreement. Also so that you do not try to use one of your customers for marketing reasons as a supplier or contractor, which is very tempting for a lot of smaller businesses. This prevents this right from the start. Again, perfectly normal as soon as you work for a big players where these details can have a huge impact like being a publicly traded start-up.
- Security measures at a working place and surveillance to make stuff traceable - CHECK
If you have leaks you want to know from where it comes and prevent leaks to a certain degree in the first place. Especially with physical stuff this is normal practice. Even as a normal employee back when I worked for a big investment bank I had to lock my laptop with stuff I work on in a safe at home to get the permission to work remotely now and then and my employer even reserved the rights to check it at home (a lot more stuff was involved). Again, regardless where I worked over the years there were usually surveillance cameras on every office floor except for certain meeting rooms and for managers with their own office of course. No nothing special here again.
- Track who was given access to which documents/information - CHECK
Well, in any decent larger company who has access to what is already controlled by some RBAC system and ppl. have to sign off to give someone access and every access to such stuff is logged. Absolute standard and any company with a decent infrastructure has something like this in place. Such things are also requirements from different angles including certain company certifications. Traceability is a must.
- Only transport prototypes by selected courier - CHECK
Again, normal. Do not send confidently stuff, especially not prototypes by FedEx. Nice that Apple has an own service here as it seems or specific couriers you can call up any time. Spares a lot of hassle. I like that one.
- Rights reserved to audit security - CHECK
Trust is good, but we reserve the right to check what you claimed. Absolute normal standard procedure.
- Violating security causes you to pay a fine - CHECK
Small fine perfectly ok, so you get the stuff done you agreed to as such payments or later subtraction don't look good on paper for any manager. Given the size of Apple's investment/loan the sum is perfectly fine. Without such a "fine" ppl. may not care to implement certain measures if they are not already in place. It should not be a punishment but still something you want to avoid. And if money is involved no chance to sweep it under the rug. So again, reasonable.
- Leaking detailed information about future projects with a fine - CHECK
10%-15% or a total investment/loan/project sum seems reasonable along the lines of NDAs I came across. Varies depending on projects of course. For contractors with big companies this is usually way worse and set to a fixed 1M even if you are just in for a 50K project for a couple of months. The sum usually comes from because you can be cheaply insured for such cases with exactly this sum. It's just professional behavior not to leak stuff, so everyone signs such clauses easily. It also give incentive to make sure you have tied down your security to the usual measures and make sure you give one required employees access to the the details. This is intended to hurt you and make sure you have done everything you can do to prevent theft/leaks of IP in general.
So perfectly normal stuff here, I expected Apple to have way more requirements. Obviously they have not and everything is pretty much standard. I am really disappointed, as boring as everywhere - at least in these documents. Seems like the famous Apple security is just urban legend.