Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Engineer Spied On Teen Users

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

bonch writes "Former Google employee David Barksdale accessed user accounts to spy on call logs, chat transcripts, contact lists. As a Site Reliability Engineer, Barksdale had access to the company's most sensitive information and even unblocked himself from a teen's buddy list. He met the minors through a Seattle technology group. Angry parents cut off contact with him and complained to Google, who quietly fired him."

33 of 338 comments (clear)

  1. All the data on Google by odies · · Score: 3, Insightful

    And not only call logs, chat transcripts and contact lists. The article notes:

    he pulled up the person's email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend had registered but didn't think were linked to their main account—within seconds.

    So even if you think logging out and making a new separate account is enough, it's all linked

    And what about Google Analytics and everything else? They can see everywhere you've been on the internet, and obviously abuse it.

    1. Re:All the data on Google by stanlyb · · Score: 1, Insightful

      Even better, DON'T USE GMAIL for your private and sensitive info....

  2. Do No Evil by whisper_jeff · · Score: 5, Insightful

    Google's policy may be "Do No Evil" but each individual's policy may differ...

    1. Re:Do No Evil by Richard_at_work · · Score: 5, Insightful

      And the quietly letting him go rather than warning others about this persons actions is ... whose policy?

    2. Re:Do No Evil by Anonymous Coward · · Score: 5, Insightful

      Unless he is charged and convicted, let's not hang a man in the realm of public opinion. He was fired, and hopefully he learned something.

    3. Re:Do No Evil by Richard_at_work · · Score: 3, Insightful

      If this case involved credit card numbers, what would your suggestion be then? What about this case does not scream invasion of privacy, misuse of privileges, abuse of trust and numerous other things? This person should not have been simply let go, it should have been referred to the authorities - he didn't make a simple mistake, he took deliberate action. Simply letting him go allows Google to silently preserve their pristine image.

      People seem to be taking my point about quietly letting him go to mean that Google should have issued a press release or made a public announcement - no, that's not what I am suggesting, but its quite apt since reporting this matter to the authorities would have been akin to making a public announcement.

    4. Re:Do No Evil by UnknowingFool · · Score: 3, Insightful

      He no longer has access to Google. He's no longer in the program where he first met the teens. What else would you want them to do? Reading the article it does not seem that he did anything illegal that the police can charge. His position allowed him to access the information but he violated the company policies.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    5. Re:Do No Evil by nomadic · · Score: 3, Insightful

      If this case involved credit card numbers, what would your suggestion be then? What about this case does not scream invasion of privacy, misuse of privileges, abuse of trust and numerous other things?
      Are those crimes, though? "Lock him up!" "But he didn't commit a crime." "Would you make the same excuse if he HAD committed a crime?" "Huh?"

    6. Re:Do No Evil by UnknowingFool · · Score: 2, Insightful

      Informing their users would likely get Google involved with a lawsuit either from the teens' parents (since the teens were under-aged) or from him for invasion of privacy. Generally admins don't have this kind of access but his particular position allowed him to do so. Google is looking at further restricting policies about access. I don't know about your workplace but different admins have access to all sorts of information. If you have a bad seed, you had a bad seed.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    7. Re:Do No Evil by Anonymous Coward · · Score: 1, Insightful

      Oh great, a voice of reason. Don't you want jump to an immediate conclusion based on a 3-post Slashdot sentiment and demonize this man and his kin for generations? Come on, get with the program.

  3. Happens on every website. by onion2k · · Score: 3, Insightful

    Someone always has access to the data, and they're going to look at it at some point. The expectation that no one will be nosey when they're bored one day is just naivety (or stupidity). In this case the motivation is a bit creepier but on other websites people will be looking through "private" data when they're bored - be it Facebook messages, Twitter DMs, GMail emails, or Slashdot private journals.

    If you want it to remain secure and unread by other people, don't put it where other people might access it.

    --
    http://twitter.com/onion2k
    1. Re:Happens on every website. by Aqualung812 · · Score: 4, Insightful

      This is Google. They drive up and take pictures of your house.

      OMG! Pictures of my house, on a public street, where thousands of people can drive by and see it? MY PRIVACY IS RUINED! I might as well post my SSN on the Internet now!

      --
      Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  4. To be honest by Dyinobal · · Score: 1, Insightful

    Well to be honest Google employees some of the smartest and clever people in the tech field. When you employee that many intelligent people you tend to run into their odd habits, and thought processes. Employeeing that many strange ducks I imagine it was only a matter of time before one of them managed to make the company look bad, or do something stupid with their position. I really doubt there was anything sinister in it, but you can't keep someone employeed after something like this.

  5. Re:Always a concern by bill_mcgonigle · · Score: 3, Insightful

    People don't realize that every single thing they do online can, at some point along the pipe, be potentially seen by someone.

    Not if you're using end-to-end encryption without a public CA. Computer scientists have known this since 1977 and end-users have had tools since at least 1991. Key distribution is still hard, so it's not quite popular. We could really use some apps that securely exchange keys via phone "bumps".

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  6. Re:More than enough reason for no business by Xiph · · Score: 3, Insightful

    Then they couldn't index it for advertisement, which is Google's business

    --
    Blah blah sig blah blah blah irony blah blah
  7. Big Google is watching by Drakkenmensch · · Score: 2, Insightful

    "Is it 1984 already?" Daria

  8. This just in! by mdm-adph · · Score: 4, Insightful

    Individual person does nefarious actions -- name of company he works for used in title of news article for salacious reasons. More at 11.

    --
    It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
    1. Re:This just in! by crunzh · · Score: 2, Insightful

      mayor company that keeps houge amounts of personal data dont protect user data from employees, I think thats the story.

      --
      Visit http://www.crunzh.com/ for free software. Mac/Lin/Win
    2. Re:This just in! by Combatso · · Score: 4, Insightful

      so you think they should have left out Googles name? I for one will think twice about how private any emails / chats sent through google really are. Without getting in to a 'think of the children' rant here... the real story is this guy was spying on teenagers conversations, chatting with them... and actually unblocked himself... if one rogue employee at google can do this, than many more can... and I stand by theory that anything than can happen, will happen... So yeah... the company name belongs here..

    3. Re:This just in! by crunzh · · Score: 2, Insightful

      either encrypting userdata, or atleast limiting access or not giving access to multiple services. If he only had access to one of the services damages would be less, but he had access to both voice, email and google talk.

      --
      Visit http://www.crunzh.com/ for free software. Mac/Lin/Win
  9. Re:Did Google do enough? by bberens · · Score: 4, Insightful

    Google has no grounds to prosecute the guy. The kids/parents may have some grounds based on harassment or something but the guy legitimately had access to that data, he just abused it. It happens, he was fired. I love these posts which act as if "my company" could never hire anyone who would abuse their access to data. It happens regularly at every company I've ever worked at to some degree or another. When it happens, you deal with it. *shrug*

    --
    Check out my lame java blog at www.javachopshop.com
  10. Cannot really be prevented by gweihir · · Score: 5, Insightful

    As anybody with real system administration experience knows, what protects user privacy is that you do not look at their data without explicit permission. That means people with this level of access have to have certain personality traits, and a high level of personal integrity is the most important one. I guess this is just another failed Google hiring process result.

    What now needs to follow is criminal proceedings resulting in a a rather unpleasant punishment. Oh, wait, the US does not have working privacy laws...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Re:More than enough reason for no business by jgagnon · · Score: 4, Insightful

    Exactly... any admin worth their position could extract similar information from their corporate network. This was an inside job like any other inside job. It's only news because it is Google.

    If this has been an admin of Facebook or MySpace it would have had similar impact. It should be no surprise that any information you give to a company is available to their admins to use or abuse.

    --
    Remember to maintain your supply of /facepalm oil to prevent chafing.
  12. define 'quiet' by WhitePanther5000 · · Score: 2, Insightful

    Google, who quietly fired him

    Not as quietly as they might have hoped...

  13. Re:More than enough reason for no business by arivanov · · Score: 5, Insightful

    It was not Google who caught the guy which is what is worrying in this case, it was the parents of the kids involved.

    I would have expected a shop of their size to have proper security and use at least some of their precious IPR on log analysis.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  14. Re:Always a concern by Net_fiend · · Score: 2, Insightful

    While that may be true citizens should have some sort of integrity about themselves. There was a time when, regardless of the abilities people had, that privacy was respected. This "Its the internet age you have no privacy" is bunk. We only have privacy regardless of whether its digital or not if people kept some sort of respect and integrity about themselves. However we live in an age where people are selfish as hell and could care less about smearing or stabbing someone in the back to get ahead or just watch the fires burn around them. Sad days.

    --
    "When the people fear the government, there is tyranny. When the government fears the people, there is liberty."
  15. Re:Luckily for David Barksdale, creepy kiddy stalk by Stiletto · · Score: 3, Insightful

    So you'd be willing to try to ruin some guy you don't even know over 'evidence' in a three-line Slashdot blurb? You want to at least wait and see if actual charges are filed, let alone a guilty verdict? Talk about jumping to conclusions...

  16. Re:More than enough reason for no business by Trepidity · · Score: 4, Insightful

    I dunno, at places I've been the low-level sysadmin access is not very closely monitored. "Official" access through the normal APIs is logged and monitored, but when the Unix sysadmin has root on the database machine, he could be grepping through the database for all anybody knows.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  17. Re:Youth culture run amok. by Sancho · · Score: 3, Insightful

    In other words he is acting like a teenager.

    Once you grow up, the term becomes "sociopath."

  18. Re:And let the defense of Google begin by jgagnon · · Score: 2, Insightful

    I was not defending Google, I was only stating that SOMEONE on the inside of every company has access to things that could be dangerous in the wrong hands, even your bank of choice. That being said, the problem isn't that someone has access, the problem is that they need to better screen their employees and their behavior to discourage this sort of thing.

    This kind of idiotic move happens all the time and people get fired over it. I read recently about a school principal viewing porn on his computer at work (in the school) and getting canned for it. Idiots are everywhere and people with access or power are not except from being idiots. Again, this is not news.

    --
    Remember to maintain your supply of /facepalm oil to prevent chafing.
  19. Re:And let the defense of Google begin by jgagnon · · Score: 3, Insightful

    What happened around here? Slashdot used to be so pro-privacy as a matter of principle. We're supposed to ignore a huge breach of trust at Google because it happens elsewhere? Nobody else has the enormous amount of data that Google has on you. Think about it.

    We're on different pages. This isn't a breach of privacy by Google the company, it is by this individual. Google has policies already in place against this behavior and does not condone or promote it. What else could you possibly expect them to do as a company?

    Additionally, you (or whomever) gave your information to Google by using their services. People inside Google have access to that information you willingly gave them (duh). Someone within that inner circle violated Google's policies for people within that inner circle. That person was fired. There is no way for Google to completely prevent this sort of thing from happening, they can only monitor and react.

    If you do not want this to happen to you then do not use Google's services. But don't go on the Internet and use publicly available (and free) services and then expect anything other than your "privacy" being violated.

    --
    Remember to maintain your supply of /facepalm oil to prevent chafing.
  20. Re:More than enough reason for no business by KingAlanI · · Score: 2, Insightful

    good, gave him the tools/;info to handle it himself and it worked out better.

    --
    I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
  21. Re:More than enough reason for no business by Anonymous Coward · · Score: 1, Insightful

    Hell, I'm not even an admin worthy of the position - and I can do as you say. Crap - some ditzy female was playing one of the kids for a fool - I knew she was a worthless tramp, but you don't just tell your kids that, because they will HATE YOU FOREVER for interfering in their personal love lives.

    Well - she used a computer at my house to read some personal emails and such stuff. Dad just forwarded all the dirt, complete with account passwords, to the son via a "proxy".

    The female disappeared from the son's life faster than pizza on football night.

    No, I don't condone spying on people - but bitches don't count, LOL

    The way you talk about women is disgusting, 'some ditzy female', 'worthless tramp', 'No, I don't condone spying on people - but bitches don't count, LOL', I don't care what this woman did but you should be ashamed of your language.