• United States



Christopher Burgess
Contributing Writer

Tesla insider with expired NDA spills the tech beans

News Analysis
Aug 30, 20183 mins
Risk ManagementSecurity

A former Tesla engineer with an expired non-disclosure agreement (NDA) shared inside technical information on an obscure forum, which was quickly shared across multiple social media platforms.

CSO slideshow - Insider Security Breaches - Futuristic car technology races along a binary highway
Credit: Nadla / Getty Images

The early morning hours of August 24 turned out to be both entertaining and explosive, as a former employee of Tesla began posting on an obscure online forum what it was like to work within Tesla’s IT shop.

The individual took all the readers who were asking questions on the fly through the trials and tribulations of being a Tesla engineer. Many readers then reposted his posts on social networks, such as Twitter, so that more of us could follow along.

He started by discussing the Tesla data center configuration, which was characterized as “in a single location on the worst VMware deployment known to man.” He went on to describe how a “Jenkins pipeline once caused almost the entire fleet to reboot loop for about an hour.”

Not exactly what any company wants to have published in a public forum. But this former employee was just getting started.

The insider then began sharing a number of unique aspects of the Tesla Model S and X tidbits, such as:

  • Both models use OpenVPN to talk to their backend.
  • Quality control is sometimes an afterthought (providing an example or two of when a system failure required the employee to be called and deployed with quality assurance engineers to rectify unexpected issues.
  • Firmware load and validation processes on assembly line.
  • How Tesla’s firmware isn’t encrypted and can be gleaned from the VPN.
  • Updates to Tesla vehicles occur over cellular and Wi-Fi networks.
  • Safety issue lays within the vehicles’ touch screen.

The engineers concluded with how the culture, in the individual’s opinion, was one of the most toxic cultures due to poorly trained management.  

Tesla has insider woes

One may recall in June 2018, Elon Musk sent and email alert to his employees concerning a former employee who had “conducted quite extensive and damaging sabotage to our operations.” And then took the individual to court.

The jury is still out on whether this former insider’s sharing of anecdotal information warrants legal remedy – that’s what general counsels are for – but what is not in doubt is that it paints an unsavory image of the Tesla environment.

While a copy of the NDA signed by this individual is not available for perusal, and accepting at their word that the validity of the NDA has expired, then all of the above is based on 2- to 3-year-old memories and/or working notes retained by the trusted insider.

Which begs the question: What could your insider share with your competitors or customers that would be deleterious or disadvantageous to your company when their NDA expires?

Exit interviews and re-attestation of the content of NDAs are an excellent means to ensure that both the departing employee and the company know when the NDA will expire. This can, and should be, cataloged, especially if the exit interview indicates the parting is on less-than-amicable terms.

Few if any episodes such as this happen in a vacuum. Forewarning of disgruntlement often times is present, even if it is being ignored. It is for this reason that exit interviews should be conducted for every exiting insider, and they should be conducted by an individual other than the direct supervisor.

Christopher Burgess
Contributing Writer

Christopher Burgess is a writer, speaker and commentator on security issues. He is a former senior security advisor to Cisco, and has also been a CEO/COO with various startups in the data and security spaces. He served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Cisco gave him a stetson and a bottle of single-barrel Jack upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit, Senior Online Safety.

More from this author