Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised

from the privacy-concerns dept

Wed, Sep 15th 2010 9:56am — Mike Masnick

The bigger Google has gotten, the more privacy concerns have been raised -- and with good reason. At times, unfortunately, the company has appeared dismissive of security and privacy concerns, even though it continues to try to make the case that people should trust the company. Sometimes, it feels like Google's critics take Google's comments out of context to slam the company, but that doesn't mean there aren't serious security issues to be aware of -- and the latest news is exceptionally troubling. A report came out that a Google engineer regularly accessed accounts and information from local teenagers he had met, mainly for the sake of showing off to them. Google has fired the guy, and also admitted that it knows of one other similar security breach, which involved another employee who was then fired.

What's still rather alarming, however, is that this was possible, and that, despite all of Google's claims of security and procedures to keep these things from happening, the news did not come out until Google was alerted to the actions by parents of some of the teens involved. Google is notoriously secretive on these issues, and its "statement" on this matter, frankly, is pretty weak:

"We dismissed David Barksdale for breaking Google's strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls--for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly--which is why we take any breach so seriously."

That doesn't explain anything about how Google makes sure these kinds of things won't happen again. I certainly can understand that there's always going to need to be some people who can access certain systems, but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this. At a time when Google is under such strict scrutiny for privacy issues, this news and Google's response are simply unacceptable.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy
Companies: google

46 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Andy (profile), 15 Sep 2010 @ 10:07am

Firing not a good idea.
It probably would have been better if the engineer had been demoted to a position that would keep him out of the accounts and GMail/Chat databases, yet let him keep doing useful work for Google. Just firing him, from what to some is Paradise to a traditional hacker, would leave him with little choice but to engage in crackery to make a living.
[ link to this | view in chronology ]
- Shawn (profile), 15 Sep 2010 @ 10:18am
  
  Re: Firing not a good idea.
  No.
  Google has very strict and well communicated policies that prohibit what the employee did with the penalty for violation being termination.
  
  Who gives a flying fuck what little choices the dipshit has after being thrown out of 'Paradise' for breaking the rules of his employment?
  [ link to this | view in chronology ]
  - interval (profile), 15 Sep 2010 @ 1:08pm
    
    Re: Re: Firing not a good idea.
    Agreed. This guy is a liability, at the least, and a bonafide nut job and possible postal employee of the month at the worst. There can't be any room in a supposedly professional organization for such a guy.
    
    Answer me this; which is worse, what this guy did, or an engineer who sits around cruising adult websites all day? In all my years of technology employment I've never heard of anyone who was kept on after it was discovered that they spent their on-clock time surfing adult sites. Arguably what this guy did is worse.
    [ link to this | view in chronology ]
ChurchHatesTucker (profile), 15 Sep 2010 @ 10:18am

Place your bets now
How long before some AG starts a "Google is Child Molesters!" campaign?
[ link to this | view in chronology ]
halley (profile), 15 Sep 2010 @ 10:20am

I am a pretty strong privacy advocate, but I fail to see how this story is not exactly the kind of "grandstanding" that you often thrash the various politician-cum-prosecutors for. Every single organization has to deal with effective policies and what to do with internal people who fail to follow the policies. There is no technical uber-solution that can fully address the existence of impropriety, and there is no general right that every policy or technical half-solution must be publicly explained.
[ link to this | view in chronology ]
- Mike Masnick (profile), 15 Sep 2010 @ 10:25am
  
  Re:
  I am a pretty strong privacy advocate, but I fail to see how this story is not exactly the kind of "grandstanding" that you often thrash the various politician-cum-prosecutors for. Every single organization has to deal with effective policies and what to do with internal people who fail to follow the policies. There is no technical uber-solution that can fully address the existence of impropriety, and there is no general right that every policy or technical half-solution must be publicly explained.
  
  Indeed. I agree that there's no perfect solution, but given the extra scrutiny on Google, I would think that the company should be a lot more forthcoming.
  [ link to this | view in chronology ]
Kaega (profile), 15 Sep 2010 @ 10:21am

Are logs not monitoring?
In the quote you provided from Google they say "... we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective."

Computer logs are a direct way of monitoring system users. It will tell them what information each employee accessed and when. If Google is going to "significantly" increase the time reviewing their logs employees would rarely be able to access any information without Google knowing about it.

This seems to me to make access not just limited but also monitored.
[ link to this | view in chronology ]
- Mike Masnick (profile), 15 Sep 2010 @ 10:27am
  
  Re: Are logs not monitoring?
  Computer logs are a direct way of monitoring system users. It will tell them what information each employee accessed and when. If Google is going to "significantly" increase the time reviewing their logs employees would rarely be able to access any information without Google knowing about it.
  
  There are different ways to monitor things. The sense given from the quote is that they monitor stuff after the fact, rather than having systems in place to alert them to potential breaches. That's my concern here. This was only discovered after people complained.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Sep 2010 @ 12:13pm
    
    Re: Re: Are logs not monitoring?
    that's a nice knee-jerk response but as an IT professional who is tasked with security for PCI/SOX databases, credit card transaction systems and the like, there is NO way to do what you're asking. The fact that it is being logged is all you can really do. If userA and userB both have unfetterred access into secure data and userB logs in for a standard, job-related reason - does there work and gets out of the system - the userA logs in in the same manner but for nefarious reasons, the log will still say the same thing. UserA logged in at so and so time, accessed so and so resources and logged out. For example I have full administrative access to our credit card transaction system and as such I can see credit card numbers, CCV codes and expiration dates of every credit card used in our stores. The access is logged onsite and also an offsite 3rd party logging process is used. But unless a customer makes a complaint that would cause my access of that info to become suspect, or unless one of our stores has a fraud case or tampering case where credit card data got exposed or something else that would trigger an audit of the access and usage logs - then I could log into the system everyday, multiple times a day for any reason and noone would say a word. At some point all companies have to have a limitation on the accessibility to their secure data/private data to persons they have placed a fair amount of trust in. As IT professionals many if not most of us are in those roles. Just like me, I'd venture to guess that tons of techdirt readers have domain admin access, firewall access, router access, DNS/DHCP access, file-server admin access, application and SQL DB access to almost all the systems in their company. It's most likely all logged and monitored but rarely unless a security issue rears its ugly head will any of that access cause even so much as a minor blip on anyone's radar. I am not as yet aware of any technical system or solution that is smart enough to distinguish legitimate access from illicit access when the person/user doing the accessing is granted the privilege to do so in the system and is accessing the systems within the confines of the rules, times, methods and policies set forth by each company. Perhaps when artificial intelligence systems grow up to be like the sci-fi films we watch then we can talk, but right now there is no system or human being capable of actively monitoring the millions and billions of logs generated by the systems that most of us interact with each day. For example we have a configuration monitor system in place which looks at each server on a hourly basis and can detect if something changed on that server from the last scan. Right now it generates over 5 million rows of change data per hour for 140 servers. Needless to say, if there isn't a problem or somebody isn't complaining - it goes unread in most cases.
    [ link to this | view in chronology ]
ComputerAddict (profile), 15 Sep 2010 @ 10:22am

"That doesn't explain anything about how Google makes sure these kinds of things won't happen again...but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this."

Alright Mike, I normally dont side with the "Another typical mike article" people... but it said right in the paragraph that you quoted what they are doing to "monitor" or in this case they used the word "audit." While monitor implies as it is happening, and audit implies after the fact. Either way they did address what they are doing to fix future issues. Now you can say "Checking after the fact isn't good enough in a 'instant' world of the internet." but Google probably doesn't want to say we closely monitor X, Y, and Z so that people can't figure out how to beat the system as easily.

"for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective."
[ link to this | view in chronology ]
Jon, 15 Sep 2010 @ 10:22am

They said the they are increasing log auditing, not much can be done to prevent this, some people turn out to be assholes.
[ link to this | view in chronology ]
R. Miles (profile), 15 Sep 2010 @ 10:22am

A little insight.
"...but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this."
Do you understand the complexity "monitoring" takes in a system which is comprised of many databases tied together, some probably not even in the same building?

Most companies use the trust system, meaning there are access modes given to employees and while they are monitored, the tools doing the monitoring only get used to prove a breach, not try to prevent them.

Imagine for a second if you were the one hired to monitor each and every single account access. You'd quit within hours.

You often use the "how does a site know what copyright material is owned or illicit" question in copyright discussions but the same type of question can be asked here: How does the monitoring system know the access is legitimate or illicit?

It won't know. It can't know. Google gets a well deserved break on this one, at least by me. At least it had monitoring tools to prove the offender did do what he shouldn't have done.

Also, this should be a very constant reminder of what you, the user, should believe is "private" or "secured". I've stated so many times that once you place data into the hands of someone else, it is no longer private.

Even is these hands are "monitored". If it's controlled by 0s and 1s, there is a breach waiting to happen.
[ link to this | view in chronology ]
- Michael, 15 Sep 2010 @ 10:50am
  
  Re: A little insight.
  There may be a reason that this employee needed access at a level that allowed him to read email from someone's inbox, but Google has not really told anyone what that reason is.
  
  I have built a number of secure data stores and one of the most critical part is making sure you can prevent even admin level users from getting to sensitive data. Why isn't Google encrypting emails and requiring the email box owner's username and password to decrypt them? If they are, why are they giving this particular guy access to username/password combinations - particularly in a way that lets him associate it with a real-world person he knows?
  
  There could be reasons that this guy needed access of this kind, but without Google showing us the related dirty laundry, we can assume it is because there security measures in their systems suck.
  [ link to this | view in chronology ]
  - Cowardly Annon, 15 Sep 2010 @ 12:04pm
    
    Re: Re: A little insight.
    In a lawsuit brought by the Federal Trade Commission, a subpoena was sent to Google for the complete contents of a Gmail account, including deleted e-mail messages.
    That's why. Google may be called upon at any time to hand over emails. Thus they must have a way to decrypt them without the user logging in. That means someone has access to do this task.
    Why should Google show the world it's dirty laundry? It's a private company with an internal procedure that it has followed.
    [ link to this | view in chronology ]
    - nasch (profile), 19 Sep 2010 @ 7:47pm
      
      Re: Re: Re: A little insight.
      Google may be called upon at any time to hand over emails. Thus they must have a way to decrypt them without the user logging in.
      
      That doesn't really play, because if I decide to encrypt an email, if I use strong encryption Google doesn't have a way to decrypt it*. They can certainly be compelled to hand it over (where "it" is the ciphertext), but they cannot be compelled to decrypt it, because they won't have the means to do so.
      
      Similarly, they could decide to encrypt user emails before storing them in their database**, in a way that they would not be able to decrypt.
      
      * without spending either many many years or huge amounts of money on it
      
      ** they wouldn't be able to encrypt everything immediately, since they only have access to your password when you type it in. This may be why they don't bother.
      [ link to this | view in chronology ]
ComputerAddict (profile), 15 Sep 2010 @ 10:23am

Or what Kaega said... beat me to the punch
[ link to this | view in chronology ]
Overcast (profile), 15 Sep 2010 @ 10:36am

"Oh your data will be safe with us."

LOL, whatever.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Sep 2010 @ 12:06pm
  
  Re:
  Your data is safe nowhere. I thought that had been established by now.
  [ link to this | view in chronology ]
Anonymous Coward, 15 Sep 2010 @ 10:42am

"That doesn't explain anything about how Google makes sure these kinds of things won't happen again"

I love this Blog but, Mike...

I'll let Tommy say it.

"What I'm trying to say is when you buy a box marked guaranteed, all your getting is a guaranteed piece of shit. Hey if you want me to take a dump in a box and mark it guaranteed, I will, I have spare time."
[ link to this | view in chronology ]
- Hephaestus (profile), 15 Sep 2010 @ 10:55am
  
  Re:
  To funny ... I am gonna use that one someday
  [ link to this | view in chronology ]
  - :Lobo Santo (profile), 15 Sep 2010 @ 11:06am
    
    Re: Re:
    To funny? Is that a destination, then?
    
    try "too" occasionally, as you statement might 'loose' some meaning, if you know what I mean.
    [ link to this | view in chronology ]
    - Anonymous Coward, 15 Sep 2010 @ 11:18am
      
      Re: Re: Re:
      you statement or your statement?
      [ link to this | view in chronology ]
      - :Lobo Santo (profile), 15 Sep 2010 @ 11:24am
        
        Re: Re: Re: Re:
        "your"
        
        ; P
        
        Nobody's immune to errors, I suppose.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 15 Sep 2010 @ 12:22pm
        
        Re: Re: Re: Re: Re:
        If no one is immune to human errors, you either are a machine or you think you are a machine. I suspect you are a human; therefore, you should stop calling others out on their errors until you can prevent making your own.
        [ link to this | view in chronology ]
        
        nasch (profile), 19 Sep 2010 @ 7:49pm
        
        Re: Re: Re: Re: Re: Re:
        Perhaps you're just trolling or something, but personally I reject the idea that one has to be perfect before pointing out others' errors (hopefully in a constructive fashion). Otherwise nobody could ever mention how someone else could improve anything because nobody's perfect.
        [ link to this | view in chronology ]
      - Dark Helmet (profile), 15 Sep 2010 @ 11:52am
        
        Re: Re: Re: Re:
        "you statement or your statement?"
        
        *You
        
        Sentences begin with capital letters....
        [ link to this | view in chronology ]
        
        The Groove Tiger (profile), 15 Sep 2010 @ 2:52pm
        
        Re: Re: Re: Re: Re:
        You should only type three dots for an ellipse, not four.
        [ link to this | view in chronology ]
        
        nasch (profile), 19 Sep 2010 @ 7:50pm
        
        Re: Re: Re: Re: Re: Re:
        Unless it's omitting an entire paragraph.
        [ link to this | view in chronology ]
    - Hephaestus (profile), 15 Sep 2010 @ 11:24am
      
      Re: Re: Re:
      But I like mispelling stuff, it brings out the spelling and grammar police ;)
      [ link to this | view in chronology ]
out_of_the_blue, 15 Sep 2010 @ 10:50am

Does anyone recall that such spying is Google's purpose?
Such stories seem almost intentional propaganda to divert from the fact that Google is SPYING in unprecedented ways. First, it more or less takes attention off that fact, it's made incidental to prurient interests in a "scandal", and second, it presents a heartless profit-above-all corporation as deeply concerned about such problems.

So they kicked out an unreliable low-level guy. Big deal. Just look at the revealed capabilities, and imagine what if anyone higher up is less than an angel.

Overarching fact is that Google is a SPY AGENCY, tracking us all every way it can. If you regard its spying as okay because "merely" a corporation, you're still a fool.
[ link to this | view in chronology ]
- Chronno S. Trigger (profile), 15 Sep 2010 @ 11:17am
  
  Re: Does anyone recall that such spying is Google's purpose?
  There is a minimum level of access required to make any system keep working. You can limit an E-Mail account to only be accessed by the end user, but if it breaks, the end user is screwed. This is not something limited to Google, this isn't even limited to E-Mail. Any database has this risk, it's a risk that is required to make the database function. From credit card transactions to voice mail to software activation keys, someone else has access to that data.
  
  One tries to prevent this by having auditing policies, and having strict hiring polices, but not everything can be accounted for.
  
  This is not a sign of Google being evil, this isn't even a sign of Google spying on you. This is a sign of Google being run by people, and people are fallible. At least they found the problem, fired the guy, and announced that it happened. That's better then most companies and governments (if not all).
  [ link to this | view in chronology ]
- Nastybutler77 (profile), 15 Sep 2010 @ 11:26am
  
  Re: Does anyone recall that such spying is Google's purpose?
  Careful when you get on and off your soapbox that your tin foil hat doesn't slide off. ;)
  [ link to this | view in chronology ]
  - out_of_the_blue, 15 Sep 2010 @ 1:03pm
    
    Re: Re: Does anyone recall that such spying is Google's purpose?
    Please state your alternative view of Google's purpose.
    [ link to this | view in chronology ]
    - Nastybutler77 (profile), 15 Sep 2010 @ 2:19pm
      
      Re: Re: Re: Does anyone recall that such spying is Google's purpose?
      Please state your alternative view of Google's purpose.
      
      To make money.
      [ link to this | view in chronology ]
      - out_of_the_blue, 15 Sep 2010 @ 4:28pm
        
        Re: Re: Re: Re: Does anyone recall that such spying is Google's purpose?
        EXACTLY. You fell right in as expected. All I needed was for you to admit that it's not guided by *any* other consideration. All else follows.
        [ link to this | view in chronology ]
        
        nasch (profile), 19 Sep 2010 @ 7:51pm
        
        Re: Re: Re: Re: Re: Does anyone recall that such spying is Google's purpose?
        So you admit their guiding purpose is not to spy on us?
        [ link to this | view in chronology ]
Michael Knight, 15 Sep 2010 @ 11:30am

Google security breach
What you don't seem to understand is eventually a human needs to be relied on to be ethical and hiring staff to watch other staff is absurd and unsustainable. So the only issue here is hiring practices as Google has a system which is just fine if the humans were just ethical. Now we are talking about the actually topic here, can humans be relied on? No, we have proven this through history, eventually we humans will abuse each other, always have and always will.
[ link to this | view in chronology ]
- nasch (profile), 19 Sep 2010 @ 7:52pm
  
  Re: Google security breach
  There can be incentives set up for one group to find abuses by another though.
  [ link to this | view in chronology ]
Nastybutler77 (profile), 15 Sep 2010 @ 11:30am

I'll point to this post the next time people start commenting on how much Mike is in love with Google.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Satan, 15 Sep 2010 @ 12:21pm

you were warned you ignorant sheeple
Even my demons know what Revelations says about the end times. You sheeple just go on buying, selling, marrying and giving in marriage (biblical scholars will make the connections) while I go about my prophesized works.

Now move along...nothing to see here.
[ link to this | view in chronology ]
- nasch (profile), 19 Sep 2010 @ 7:53pm
  
  Re: you were warned you ignorant sheeple
  Prophesized? Is that like super-sized?
  [ link to this | view in chronology ]
FormerAC (profile), 15 Sep 2010 @ 12:36pm

So you want Google to have a monitor in place to let them know anytime any of their employees accesses something inappropriate? Kinda like the RIAA wants the ISPs to have monitoring in place to let them know anytime someone uploads infringing content?

Google was notified of a problem and acted. What is the problem? Any time there is a system, someone will abuse it. End of story. Google fired those responsible. Why are we talking about it?
[ link to this | view in chronology ]
ranon (profile), 15 Sep 2010 @ 1:13pm

"...but the question is what Google does to make sure that access is not just limited, but monitored to avoid serious abuses like this."

Monitoring something in real time is very difficult and is not a productive way to work things. The best way to go is to do a check later on and also at the same time have quick and effective punishment for any transgressions.

This has happened in this case.

I am sure that everybody in Google now knows that their job is on the line for privacy issue violations. It is at least as effective as active monitoring if not more.
[ link to this | view in chronology ]
- Mike Masnick (profile), 15 Sep 2010 @ 1:52pm
  
  Re:
  I am sure that everybody in Google now knows that their job is on the line for privacy issue violations. It is at least as effective as active monitoring if not more.
  
  Actually, it seems like everybody in Google now knows that their job is on the line if they violate privacy *and* let people know about it. As long as they don't tell anyone, there's no indication that Google will figure it out. That's what I'm concerned about.
  [ link to this | view in chronology ]
  - Yuliy, 15 Sep 2010 @ 2:28pm
    
    Actually, it seems like everybody in Google now knows that their job is on the line if they violate privacy *and* let people know about it. As long as they don't tell anyone, there's no indication that Google will figure it out. That's what I'm concerned about.
    
    I think your concern is a bit extreme. Clearly if there's external bragging going on, then yes people will eventually find out, and the dude will get fired. But that's not the only way an internal security group would find out. I'm sure they have various other more automated tools to search access logs looking for suspicious patterns, or have more accurate logging of actions which are more suspicious (i.e. looking at a particular user's account, fetching data which includes PII, or accessing the data of the employee's acquaintances).
    
    If the employee is just browsing individual profiles randomly in a plausible way and never tells anyone, and nobody ever finds out about it, then it can also fall into the bundle of things that aren't worth worrying about, because their impact is miniscule and the occurrence from your view unknowable.
    [ link to this | view in chronology ]
Rodney, 21 Feb 2014 @ 8:47pm

Spy
I worked for a google employee when I was in there house I set my iPad on the counter, when I came back to retrieve the iPad I opened it to find history ans cookies erased.i am sure some one in the house did that,and there was only one person in there.Why what happened what did they do?
[ link to this | view in chronology ]