Published on September 11th, 2019 📆 | 2345 Views ⚑0
New California law upgrades Lyft, Uber, other app serfs to staff • The Register
Analysis The California Senate has passed a new gig-economy law that will force app companies like Uber and Lyft to treat their workers as employees, rather than independent contractors.
The new law will come into effect on January 1, and is likely to have a significant impact on the app economy, including on bug bounty platforms who share may of the same characteristics as the ride-sharing and food-delivery businesses that provoked the law in the first place.
As the center of the United States’ gig economy, the California law is likely to have a direct impact on other states and New York, Washington and Oregon have already started pushing for or reviving similar legislation.
AB5 passed late on Tuesday by 29 votes to 11 and will pass to the state Assembly and then the desk of Governor Gavin Newsom, both of which are expected to approve and sign the bill. The governor has been heavily lobbied by companies, including Uber, but made it plain in an op-ed earlier this month that he intends to sign it into law. Newsom said on Wednesday he will “continue negotiating” with labor unions and gig-economy companies to try to find a solution before the bill hits his desk.
“This law is intended to convert thousands of gig-economy workers to employees,” explained labor & employment partner Michael Droke of international law firm Dorsey & Whitney. “While Uber and Lyft come to mind, this law applies to any independent worker in California. Many industries rely on independent contractors to deliver products and services, from food delivery to software coding and design.”
He also warned that “all companies using independent contractors in California should review the relationship… Employers who knowingly violate the statute could be subject to criminal penalties.”
The law basically sets in stone a California Supreme Court decision last year that defined when somebody working for a company is seen as an employee or can be seen as working independently.
As an independent contractor, you are not entitled to a range of benefits including minimum wage, unemployment insurance and other work protections that you get as an employee. Those protections cost businesses roughly an additional 20-30 per cent per worker and so they have been keen to avoid the additional financial burden.
But the Supreme Court, and now the California legislature, have stated that if a company decides how much its workers earn and the job that they do is a core part of their business, they should be treated as employees.
In the case of a company like Uber, what the workers do – drive cars – is the company’s entire business and so they will be obligated to treat them as employees. The company, and its rival Lyft, have lobbied heavily to be granted an exemption from the law – as many other groups including doctors, engineers, architects, fishermen and hair stylists have been allowed.
But legislators refused, leaving them and other groups including truckers and exotic dancers, uncertain of how to respond to the new law. Uber, Lyft and DoorDash have indicated that they intend to try to sidestep the law before it comes into force by pushing a ballot measure during the next election where California voters will be asked to approve an alternative measure. The companies have set aside $90m for the effort, but experts are doubtful of its likely success.
At least one million workers are expected to be impacted by the new law, reflecting the surge in online platforms that act as middlemen in a whole range of industries from ride-hailing to food-delivery, nail salons, construction, janitorial work and a wealth of other service industries. Many of those platforms were developed in response to the apparent success of companies like Uber.
One such industry that may be adversely impacted also hits the technology industry directly: bug bounty platforms. In recent years, a number of platforms, including Bugcrowd, HackerOne and Synack, have grown up to connect tech companies looking to find security holes in their products with a loose global community of hackers who can find and report bugs.
But, as Katie Moussouris, CEO of bug bounty specialists Lula Security, has pointed out, such platforms work in a very similar fashion to companies like Uber. Moussouris created Microsoft’s bug bounty program while an employee there, was closely involved in a similar program at the US Department of Defense and also served as HackerOne’s chief policy officer.
“The whole bug bounty eco-system relies on gig-economy workers,” she explained to The Register. “Not just the bug hunters but also the people who triage reports to send only confirmed bugs to companies.”
Moussouris tells us that while at Microsoft, lawyers were so concerned that the design of their bug bounty program might break labor laws that they sought external legal advice from labor law specialists, which subsequently confirmed it could well be in violation.
Big tech companies have some employees that they pay to work on finding and fixing bugs full-time, so it is easy to argue the point that bug hunting represents a core part of their business. Bug bounty platforms also give clear criteria over the work product that they will pay for – which can be taken as directing work. And they pay people for their time and skills, as well as repeatedly refer to the “work” that the people that sign up to their platforms perform.
In addition, many bug hunters are required to sign non-disclosure agreements, often before they are even allowed to submit bug reports. And, if someone reports a bug that a bug bounty platform has seen before, they are not paid at all, meaning that they are not paid for the work they have carried out, raising minimum wage concerns.
Uber, Lyft and DoorDash put $30m apiece into ballot battle fund to kill gig-economy employee benefits
In short, bug bounty platforms share many of the same characteristics of other gig-economy platforms that the California legislature has identified as requiring companies to hire workers as employees. A radical shake-up in the market may come as a result.
Moussouris is not concerned though. “There are have been bug bounty programs long before these platforms,” she tells us, “companies like Microsoft or Google will just move to an in-house ticketing system. The most useful aspect of these platforms has been payment processing; if [the tech industry] decides to invest resources into their bug bounty programs they could end up being more effective than now.”
We have asked Bugcrowd, HackerOne and Synack for their thoughts on the possible impact of AB5 on their business and will update this story if they get back. ®
MCubed – The ML, AI and Analytics conference from The Register.