How do you hire remotely when you have to turn over the crown jewels?

1. Don't hire someone without knowing who they are. 2. Be prepared to sue if it came to that.

If you're US based and hiring US employees, you'll already have plenty of personal info available to be able to pay them, so you're unlikely to not know who they are.

If you're hiring out contract workers via 1099s, this is part of the risk.

Ways to lower this risk: - Meet in person before hiring. - Check references. - Check past work.

Also, if what you're actually worried about is someone launching a competing service, unless they have resources to Marketing, Sales, and Operations, it's unlikely to be so trivial as to just stand up your source code and have a viable business. And if it is that easy, you're probably not making any money now anyway.

I don't hire, but work for a 100% remote company. All of our code is open source, so I don't have any more access to take it than random person on the Internet. Don't make secrecy the key to your company's value.

For what it's worth, though, clearly a company needs some secrets even if the code isn't. I've only worked on government contracts and they handle this in a pretty simple way. You're required to use a CaC to access anything. That means you need to be a US person and go in person to an ID card office to have your identity and location verified. While your company doesn't have the means to set up remote offices all over the country to verify identities and issue smart cards to your employees, you can at least have them go to IdentiGO or something to get fingerprinted, which has the same effect of verifying they're in a locality where you can sue them and they won't easily disappear if they steal something from you. Remote workforce doesn't mean all of your employees are digital nomads. They can have a nice, stable, law-abiding existence in a US city that just happens to not be the same one you're in, and that is easy enough to verify.

If its that much of a concern don't hire "some digital nomad" and instead hire someone in a country (or state) that has to follow your laws, non-compete, and NDA agreements.

Pretty much everyone takes a copy of the codebase they've been working on with them when they leave, unless it's too huge to copy without being noticed. For reference purposes more than anything.

I know people with private copies of some decent chunks of FAANG source code, for example. They'd never leak it, it's tucked away just in case they want to refer back to it, for whatever reason.

Just don't worry about it, it's not a big deal.

This problem is much worse if you have an unmotivated untrustworthy person sitting in the office, meaning they have access to your internal LAN, too.

But in any case, you handle it the same way you'd handle this problem with regular employees. Get their personal data written down as part of the employment contract. Verify that it seems plausible. If legal issues occur, sue them at that address.

Not sure whether their 'remote' attribute is the biggest concern if they're liable to behave in that way.

"Hire the right people" might be the best advice; remote or otherwise.

is this a resolved problem outside of remote work?

as far as I have ever been able to tell 'trust' is a commodity that has to be managed no matter how the work is being done.

to put it another way : does a lawsuit actually prevent an employee from stealing the code and launching a competing service?

How is this any different from having full access in an office?