SAN FRANCISCO, Sept. 23 (Reuters) – When a senior executive at the virtual private network company ExpressVPN admitted last week that he was hacking American machines on behalf of a foreign intelligence agency, it stunned the employees of his new company, according to interviews and electronic records.
What ExpressVPN said after the US Department of Justice’s deferred law enforcement deal further worried some employees. The company knew of Dan Gericke’s history as a mercenary hacker for the United Arab Emirates.
The VPN provider said it had no problem with the former secret service agent protecting its customers’ privacy. In fact, the company had repeatedly given Gericke more responsibility at ExpressVPN even as the FBI investigation into his behavior pushed for its conclusion.
According to an internal email at the time, Gericke was appointed Chief Technology Officer in August and remains in office.
Shortly after court records showed that Gericke and two other former US intelligence agencies agreed to pay a fine and give up all future covert work, he emailed his colleagues at ExpressVPN.
“I can imagine that this type of news is surprising or even unpleasant,” wrote Gericke in the message received from Reuters, then assured them that he had used his skills to protect consumers from threats to their security and privacy.
When company executives answered questions about Gericke’s deal last Friday during a regular online question-and-answer session with employees, and then discussed the company’s previously announced sale to British-Israeli digital security software provider Kape Technologies PLC the employees of their anger.
One employee wrote anonymously in an internal chat forum: âThis episode undermined consumer confidence in our brand, regardless of the facts. How do we want to rebuild our reputation? “
More than 40 employees voted for this question during the meeting and put it at the top of the queue. Other employee complaints were reported earlier Thursday by Vice. The questions and the total number of votes were provided to Reuters by an authorized person.
When asked about the controversy, ExpressVPN said in a statement that the exchange was part of a regular monthly meeting between management and employees.
“As a company, we value openness, dialogue and transparency – this includes solid debates and incisive questioning,” said the company.
It was said to have known nothing of the federal investigation or the details of Gericke’s work in the United Arab Emirates, and it said the country’s surveillance campaign was “completely contrary to our mission.”
A 2019 Reuters investigation showed how a team embedded in Gericke, codenamed Project Raven, had helped the UAE oversee a wide variety of targets, including human rights activists and journalists. Gericke did not name the story individually.
At ExpressVPN’s meeting with executives on Friday, he was also the second most-supported question.
âAs an individual, I have a problem accepting that Dan was hired despite disclosing previous actions. These actions are no small thing that we can easily forget or accept. asked this person.
The company replied to Reuters: “It was only through clear commitment and contributions to our mission that Daniel was able to gain senior management positions within the company and the full trust of our co-founders.”
Reporting by Joseph Menn; Editing by Will Dunham and Diane Craft
Our Standards: The Thomson Reuters Trust Principles.