Google Engineer Spied On Teen Users

bonch writes "Former Google employee David Barksdale accessed user accounts to spy on call logs, chat transcripts, contact lists. As a Site Reliability Engineer, Barksdale had access to the company's most sensitive information and even unblocked himself from a teen's buddy list. He met the minors through a Seattle technology group. Angry parents cut off contact with him and complained to Google, who quietly fired him."

fitting theme

[cosm]

who watches the watchers?

Re:fitting theme

[Chrisq]

who watches the watchers?

Me. I stalk paedophiles. I keep looking over my shoulder for the guy who stalks people who stalks paedophiles though.

mod me down if it must be but

[shakuni]

Is it not possible to make every access to data logged (whether through the application our outside of it) and then provide permissions to change those permissions only to a select group of people. These limited set of people (with ability to change the logging behaviour of the systems) can then be selected/monitored through highly stringent processes. While this will not eliminate the possibility of still having an insider threat but I'd think it'd go a long way towards deterring "insider" threat especially of all admins know that all their actions are logged and only the "superadmins" can change that. It seems to me that it is a design + awareness issue combined. Then comes the issue of even if it can built (the process) and implemented is there sufficient motivation for Cloud providers to do this. This is where regulation may be needed because if this investment is measured using regular business investment metrics around ROI then it is unlikely to meet the criteria.