GCN LAB IMPRESSIONS
Google fires engineer for stalking
How was it detected?
- By John Breeden II
- Sep 16, 2010
When I heard that Google had fired one of its engineers, I thought it was because of those maddening bouncing balls
they threw up on the site a few weeks ago. But no, it was actually because the engineer in question was allegedly stalking teenagers by using their Google accounts and data. The four teens had been using
Google Voice, Gmail and Google Chat, all of which the fired employee allegedly hacked.
One of the teens even tried to break off contact with the man, blocking him as a friend, but our oh-so-clever engineer simply went into the Google servers and unblocked himself. This may have lead to his downfall, because parents of the teens complained to Google afterward, and it wasn’t difficult for the company to look at their log files and see what he was up to. No criminal charges were filed, but the guy was told to hit the bricks, and not to let the door hit him on the way out.
Originally reported by Gawker.com, where you can see the man’s smiling picture, the moral of the story, I think, is more about the need for tighter controls on people who manage data than about this specific incident. Google stressed that its controls work because the man was caught.
"We dismissed David Barksdale for breaking Google's strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls -- for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems, if we are to operate them properly -- which is why we take any breach so seriously," Google's Bill Coughran, senior vice president of engineering, said in a statement.
But what Coughran didn’t stress was the fact that this alleged abuse went on for months and months without anyone detecting a thing. Only after the engineer unblocked himself as a friend and parents began to complain did Google even know to act. Sure Google went back after the fact and found enough evidence to fire the employee in question, but how many months was he able to listen in to those kid’s most intimate secrets from his corner of the darkened Google server room?
Data protection and snooping employees are nothing new. I was writing about Social Security employees getting fired for snooping data out of servers thirteen years ago.
Perhaps it’s time to actually get serious about our privacy online, and to enact legal protections for it. Federal regulators are presently discussing the possibility of enforcing tighter rules where Internet privacy is concerned, a change Google and other large companies have opposed. But enough is enough. We trust companies such as Google with a lot of personal data, even if we don’t intend to. They have the responsibility to keep that data safe from snoops, thieves and perverts. And if they don’t, then they need to suffer consequences.
John Breeden II is a freelance technology writer for GCN.