Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised
from the privacy-concerns dept
The bigger Google has gotten, the more privacy concerns have been raised — and with good reason. At times, unfortunately, the company has appeared dismissive of security and privacy concerns, even though it continues to try to make the case that people should trust the company. Sometimes, it feels like Google’s critics take Google’s comments out of context to slam the company, but that doesn’t mean there aren’t serious security issues to be aware of — and the latest news is exceptionally troubling. A report came out that a Google engineer regularly accessed accounts and information from local teenagers he had met, mainly for the sake of showing off to them. Google has fired the guy, and also admitted that it knows of one other similar security breach, which involved another employee who was then fired.
What’s still rather alarming, however, is that this was possible, and that, despite all of Google’s claims of security and procedures to keep these things from happening, the news did not come out until Google was alerted to the actions by parents of some of the teens involved. Google is notoriously secretive on these issues, and its “statement” on this matter, frankly, is pretty weak:
“We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously.”
That doesn’t explain anything about how Google makes sure these kinds of things won’t happen again. I certainly can understand that there’s always going to need to be some people who can access certain systems, but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this. At a time when Google is under such strict scrutiny for privacy issues, this news and Google’s response are simply unacceptable.
Comments on “Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised”
Firing not a good idea.
It probably would have been better if the engineer had been demoted to a position that would keep him out of the accounts and GMail/Chat databases, yet let him keep doing useful work for Google. Just firing him, from what to some is Paradise to a traditional hacker, would leave him with little choice but to engage in crackery to make a living.
Re: Firing not a good idea.
No.
Google has very strict and well communicated policies that prohibit what the employee did with the penalty for violation being termination.
Who gives a flying fuck what little choices the dipshit has after being thrown out of ‘Paradise’ for breaking the rules of his employment?
Re: Re: Firing not a good idea.
Agreed. This guy is a liability, at the least, and a bonafide nut job and possible postal employee of the month at the worst. There can’t be any room in a supposedly professional organization for such a guy.
Answer me this; which is worse, what this guy did, or an engineer who sits around cruising adult websites all day? In all my years of technology employment I’ve never heard of anyone who was kept on after it was discovered that they spent their on-clock time surfing adult sites. Arguably what this guy did is worse.
Place your bets now
How long before some AG starts a “Google is Child Molesters!” campaign?
I am a pretty strong privacy advocate, but I fail to see how this story is not exactly the kind of “grandstanding” that you often thrash the various politician-cum-prosecutors for. Every single organization has to deal with effective policies and what to do with internal people who fail to follow the policies. There is no technical uber-solution that can fully address the existence of impropriety, and there is no general right that every policy or technical half-solution must be publicly explained.
Re: Re:
I am a pretty strong privacy advocate, but I fail to see how this story is not exactly the kind of “grandstanding” that you often thrash the various politician-cum-prosecutors for. Every single organization has to deal with effective policies and what to do with internal people who fail to follow the policies. There is no technical uber-solution that can fully address the existence of impropriety, and there is no general right that every policy or technical half-solution must be publicly explained.
Indeed. I agree that there’s no perfect solution, but given the extra scrutiny on Google, I would think that the company should be a lot more forthcoming.
Are logs not monitoring?
In the quote you provided from Google they say “… we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective.”
Computer logs are a direct way of monitoring system users. It will tell them what information each employee accessed and when. If Google is going to “significantly” increase the time reviewing their logs employees would rarely be able to access any information without Google knowing about it.
This seems to me to make access not just limited but also monitored.
Re: Are logs not monitoring?
Computer logs are a direct way of monitoring system users. It will tell them what information each employee accessed and when. If Google is going to “significantly” increase the time reviewing their logs employees would rarely be able to access any information without Google knowing about it.
There are different ways to monitor things. The sense given from the quote is that they monitor stuff after the fact, rather than having systems in place to alert them to potential breaches. That’s my concern here. This was only discovered after people complained.
Re: Re: Are logs not monitoring?
that’s a nice knee-jerk response but as an IT professional who is tasked with security for PCI/SOX databases, credit card transaction systems and the like, there is NO way to do what you’re asking. The fact that it is being logged is all you can really do. If userA and userB both have unfetterred access into secure data and userB logs in for a standard, job-related reason – does there work and gets out of the system – the userA logs in in the same manner but for nefarious reasons, the log will still say the same thing. UserA logged in at so and so time, accessed so and so resources and logged out. For example I have full administrative access to our credit card transaction system and as such I can see credit card numbers, CCV codes and expiration dates of every credit card used in our stores. The access is logged onsite and also an offsite 3rd party logging process is used. But unless a customer makes a complaint that would cause my access of that info to become suspect, or unless one of our stores has a fraud case or tampering case where credit card data got exposed or something else that would trigger an audit of the access and usage logs – then I could log into the system everyday, multiple times a day for any reason and noone would say a word. At some point all companies have to have a limitation on the accessibility to their secure data/private data to persons they have placed a fair amount of trust in. As IT professionals many if not most of us are in those roles. Just like me, I’d venture to guess that tons of techdirt readers have domain admin access, firewall access, router access, DNS/DHCP access, file-server admin access, application and SQL DB access to almost all the systems in their company. It’s most likely all logged and monitored but rarely unless a security issue rears its ugly head will any of that access cause even so much as a minor blip on anyone’s radar. I am not as yet aware of any technical system or solution that is smart enough to distinguish legitimate access from illicit access when the person/user doing the accessing is granted the privilege to do so in the system and is accessing the systems within the confines of the rules, times, methods and policies set forth by each company. Perhaps when artificial intelligence systems grow up to be like the sci-fi films we watch then we can talk, but right now there is no system or human being capable of actively monitoring the millions and billions of logs generated by the systems that most of us interact with each day. For example we have a configuration monitor system in place which looks at each server on a hourly basis and can detect if something changed on that server from the last scan. Right now it generates over 5 million rows of change data per hour for 140 servers. Needless to say, if there isn’t a problem or somebody isn’t complaining – it goes unread in most cases.
“That doesn’t explain anything about how Google makes sure these kinds of things won’t happen again…but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this.”
Alright Mike, I normally dont side with the “Another typical mike article” people… but it said right in the paragraph that you quoted what they are doing to “monitor” or in this case they used the word “audit.” While monitor implies as it is happening, and audit implies after the fact. Either way they did address what they are doing to fix future issues. Now you can say “Checking after the fact isn’t good enough in a ‘instant’ world of the internet.” but Google probably doesn’t want to say we closely monitor X, Y, and Z so that people can’t figure out how to beat the system as easily.
“for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective.”
They said the they are increasing log auditing, not much can be done to prevent this, some people turn out to be assholes.
A little insight.
“…but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this.”
Do you understand the complexity “monitoring” takes in a system which is comprised of many databases tied together, some probably not even in the same building?
Most companies use the trust system, meaning there are access modes given to employees and while they are monitored, the tools doing the monitoring only get used to prove a breach, not try to prevent them.
Imagine for a second if you were the one hired to monitor each and every single account access. You’d quit within hours.
You often use the “how does a site know what copyright material is owned or illicit” question in copyright discussions but the same type of question can be asked here: How does the monitoring system know the access is legitimate or illicit?
It won’t know. It can’t know. Google gets a well deserved break on this one, at least by me. At least it had monitoring tools to prove the offender did do what he shouldn’t have done.
Also, this should be a very constant reminder of what you, the user, should believe is “private” or “secured”. I’ve stated so many times that once you place data into the hands of someone else, it is no longer private.
Even is these hands are “monitored”. If it’s controlled by 0s and 1s, there is a breach waiting to happen.
Re: A little insight.
There may be a reason that this employee needed access at a level that allowed him to read email from someone’s inbox, but Google has not really told anyone what that reason is.
I have built a number of secure data stores and one of the most critical part is making sure you can prevent even admin level users from getting to sensitive data. Why isn’t Google encrypting emails and requiring the email box owner’s username and password to decrypt them? If they are, why are they giving this particular guy access to username/password combinations – particularly in a way that lets him associate it with a real-world person he knows?
There could be reasons that this guy needed access of this kind, but without Google showing us the related dirty laundry, we can assume it is because there security measures in their systems suck.
Re: Re: A little insight.
In a lawsuit brought by the Federal Trade Commission, a subpoena was sent to Google for the complete contents of a Gmail account, including deleted e-mail messages.
That’s why. Google may be called upon at any time to hand over emails. Thus they must have a way to decrypt them without the user logging in. That means someone has access to do this task.
Why should Google show the world it’s dirty laundry? It’s a private company with an internal procedure that it has followed.
Re: Re: Re: A little insight.
Google may be called upon at any time to hand over emails. Thus they must have a way to decrypt them without the user logging in.
That doesn’t really play, because if I decide to encrypt an email, if I use strong encryption Google doesn’t have a way to decrypt it*. They can certainly be compelled to hand it over (where “it” is the ciphertext), but they cannot be compelled to decrypt it, because they won’t have the means to do so.
Similarly, they could decide to encrypt user emails before storing them in their database**, in a way that they would not be able to decrypt.
* without spending either many many years or huge amounts of money on it
** they wouldn’t be able to encrypt everything immediately, since they only have access to your password when you type it in. This may be why they don’t bother.
Or what Kaega said… beat me to the punch
“Oh your data will be safe with us.”
LOL, whatever.
Re: Re:
Your data is safe nowhere. I thought that had been established by now.
“That doesn’t explain anything about how Google makes sure these kinds of things won’t happen again”
I love this Blog but, Mike…
I’ll let Tommy say it.
“What I’m trying to say is when you buy a box marked guaranteed, all your getting is a guaranteed piece of shit. Hey if you want me to take a dump in a box and mark it guaranteed, I will, I have spare time.”
Re: Re:
To funny … I am gonna use that one someday
Re: Re: Re:
To funny? Is that a destination, then?
try “too” occasionally, as you statement might ‘loose’ some meaning, if you know what I mean.
Re: Re: Re: Re:
you statement or your statement?
Re: Re: Re:2 Re:
“your”
; P
Nobody’s immune to errors, I suppose.
Re: Re: Re:3 Re:
If no one is immune to human errors, you either are a machine or you think you are a machine. I suspect you are a human; therefore, you should stop calling others out on their errors until you can prevent making your own.
Re: Re: Re:4 Re:
Perhaps you’re just trolling or something, but personally I reject the idea that one has to be perfect before pointing out others’ errors (hopefully in a constructive fashion). Otherwise nobody could ever mention how someone else could improve anything because nobody’s perfect.
Re: Re: Re:2 Re:
“you statement or your statement?”
*You
Sentences begin with capital letters….
Re: Re: Re:3 Re:
You should only type three dots for an ellipse, not four.
Re: Re: Re:4 Re:
Unless it’s omitting an entire paragraph.
Re: Re: Re: Re:
But I like mispelling stuff, it brings out the spelling and grammar police 😉
Does anyone recall that such spying is Google's purpose?
Such stories seem almost intentional propaganda to divert from the fact that Google is SPYING in unprecedented ways. First, it more or less takes attention off that fact, it’s made incidental to prurient interests in a “scandal”, and second, it presents a heartless profit-above-all corporation as deeply concerned about such problems.
So they kicked out an unreliable low-level guy. Big deal. Just look at the revealed capabilities, and imagine what if anyone higher up is less than an angel.
Overarching fact is that Google is a SPY AGENCY, tracking us all every way it can. If you regard its spying as okay because “merely” a corporation, you’re still a fool.
Re: Does anyone recall that such spying is Google's purpose?
There is a minimum level of access required to make any system keep working. You can limit an E-Mail account to only be accessed by the end user, but if it breaks, the end user is screwed. This is not something limited to Google, this isn’t even limited to E-Mail. Any database has this risk, it’s a risk that is required to make the database function. From credit card transactions to voice mail to software activation keys, someone else has access to that data.
One tries to prevent this by having auditing policies, and having strict hiring polices, but not everything can be accounted for.
This is not a sign of Google being evil, this isn’t even a sign of Google spying on you. This is a sign of Google being run by people, and people are fallible. At least they found the problem, fired the guy, and announced that it happened. That’s better then most companies and governments (if not all).
Re: Does anyone recall that such spying is Google's purpose?
Careful when you get on and off your soapbox that your tin foil hat doesn’t slide off. 😉
Re: Re: Does anyone recall that such spying is Google's purpose?
Please state your alternative view of Google’s purpose.
Re: Re: Re: Does anyone recall that such spying is Google's purpose?
Please state your alternative view of Google’s purpose.
To make money.
Re: Re: Re:2 Does anyone recall that such spying is Google's purpose?
EXACTLY. You fell right in as expected. All I needed was for you to admit that it’s not guided by *any* other consideration. All else follows.
Re: Re: Re:3 Does anyone recall that such spying is Google's purpose?
So you admit their guiding purpose is not to spy on us?
Google security breach
What you don’t seem to understand is eventually a human needs to be relied on to be ethical and hiring staff to watch other staff is absurd and unsustainable. So the only issue here is hiring practices as Google has a system which is just fine if the humans were just ethical. Now we are talking about the actually topic here, can humans be relied on? No, we have proven this through history, eventually we humans will abuse each other, always have and always will.
Re: Google security breach
There can be incentives set up for one group to find abuses by another though.
I’ll point to this post the next time people start commenting on how much Mike is in love with Google.
you were warned you ignorant sheeple
Even my demons know what Revelations says about the end times. You sheeple just go on buying, selling, marrying and giving in marriage (biblical scholars will make the connections) while I go about my prophesized works.
Now move along…nothing to see here.
Re: you were warned you ignorant sheeple
Prophesized? Is that like super-sized?
So you want Google to have a monitor in place to let them know anytime any of their employees accesses something inappropriate? Kinda like the RIAA wants the ISPs to have monitoring in place to let them know anytime someone uploads infringing content?
Google was notified of a problem and acted. What is the problem? Any time there is a system, someone will abuse it. End of story. Google fired those responsible. Why are we talking about it?
“…but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this.”
Monitoring something in real time is very difficult and is not a productive way to work things. The best way to go is to do a check later on and also at the same time have quick and effective punishment for any transgressions.
This has happened in this case.
I am sure that everybody in Google now knows that their job is on the line for privacy issue violations. It is at least as effective as active monitoring if not more.
Re: Re:
I am sure that everybody in Google now knows that their job is on the line for privacy issue violations. It is at least as effective as active monitoring if not more.
Actually, it seems like everybody in Google now knows that their job is on the line if they violate privacy *and* let people know about it. As long as they don’t tell anyone, there’s no indication that Google will figure it out. That’s what I’m concerned about.
Re: Re:
Actually, it seems like everybody in Google now knows that their job is on the line if they violate privacy *and* let people know about it. As long as they don’t tell anyone, there’s no indication that Google will figure it out. That’s what I’m concerned about.
I think your concern is a bit extreme. Clearly if there’s external bragging going on, then yes people will eventually find out, and the dude will get fired. But that’s not the only way an internal security group would find out. I’m sure they have various other more automated tools to search access logs looking for suspicious patterns, or have more accurate logging of actions which are more suspicious (i.e. looking at a particular user’s account, fetching data which includes PII, or accessing the data of the employee’s acquaintances).
If the employee is just browsing individual profiles randomly in a plausible way and never tells anyone, and nobody ever finds out about it, then it can also fall into the bundle of things that aren’t worth worrying about, because their impact is miniscule and the occurrence from your view unknowable.
Spy
I worked for a google employee when I was in there house I set my iPad on the counter, when I came back to retrieve the iPad I opened it to find history ans cookies erased.i am sure some one in the house did that,and there was only one person in there.Why what happened what did they do?