Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Engineer Spied On Teen Users

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

bonch writes "Former Google employee David Barksdale accessed user accounts to spy on call logs, chat transcripts, contact lists. As a Site Reliability Engineer, Barksdale had access to the company's most sensitive information and even unblocked himself from a teen's buddy list. He met the minors through a Seattle technology group. Angry parents cut off contact with him and complained to Google, who quietly fired him."

37 of 338 comments (clear)

  1. All the data on Google by odies · · Score: 3, Insightful

    And not only call logs, chat transcripts and contact lists. The article notes:

    he pulled up the person's email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend had registered but didn't think were linked to their main account—within seconds.

    So even if you think logging out and making a new separate account is enough, it's all linked

    And what about Google Analytics and everything else? They can see everywhere you've been on the internet, and obviously abuse it.

  2. Do No Evil by whisper_jeff · · Score: 5, Insightful

    Google's policy may be "Do No Evil" but each individual's policy may differ...

    1. Re:Do No Evil by Richard_at_work · · Score: 5, Insightful

      And the quietly letting him go rather than warning others about this persons actions is ... whose policy?

    2. Re:Do No Evil by Anonymous Coward · · Score: 5, Insightful

      Unless he is charged and convicted, let's not hang a man in the realm of public opinion. He was fired, and hopefully he learned something.

    3. Re:Do No Evil by antifoidulus · · Score: 3, Funny

      Holy shit, Pope Benedict must be a majority shareholder at Google!

      --
      Monstar L
    4. Re:Do No Evil by Richard_at_work · · Score: 3, Insightful

      If this case involved credit card numbers, what would your suggestion be then? What about this case does not scream invasion of privacy, misuse of privileges, abuse of trust and numerous other things? This person should not have been simply let go, it should have been referred to the authorities - he didn't make a simple mistake, he took deliberate action. Simply letting him go allows Google to silently preserve their pristine image.

      People seem to be taking my point about quietly letting him go to mean that Google should have issued a press release or made a public announcement - no, that's not what I am suggesting, but its quite apt since reporting this matter to the authorities would have been akin to making a public announcement.

    5. Re:Do No Evil by UnknowingFool · · Score: 3, Insightful

      He no longer has access to Google. He's no longer in the program where he first met the teens. What else would you want them to do? Reading the article it does not seem that he did anything illegal that the police can charge. His position allowed him to access the information but he violated the company policies.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    6. Re:Do No Evil by nomadic · · Score: 3, Insightful

      If this case involved credit card numbers, what would your suggestion be then? What about this case does not scream invasion of privacy, misuse of privileges, abuse of trust and numerous other things?
      Are those crimes, though? "Lock him up!" "But he didn't commit a crime." "Would you make the same excuse if he HAD committed a crime?" "Huh?"

    7. Re:Do No Evil by Shabazz+Rabbinowitz · · Score: 3, Funny

      ...let's not hang a man in the realm of public opinion...

      You're new here, aren't you?

    8. Re:Do No Evil by nschubach · · Score: 4, Funny

      So new that Slashdot hasn't had time to assign them a user ID.

      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    9. Re:Do No Evil by ArsenneLupin · · Score: 4, Informative

      Holy shit, Pope Benedict must be a majority shareholder at Google!

      It said quietly fired, not quietly transferred to a different regional office.

  3. Always a concern by Pojut · · Score: 4, Interesting

    You never know who is watching or listening in. People don't realize that every single thing they do online can, at some point along the pipe, be potentially seen by someone.

    --
    Living With a Nerd
    1. Re:Always a concern by bill_mcgonigle · · Score: 3, Insightful

      People don't realize that every single thing they do online can, at some point along the pipe, be potentially seen by someone.

      Not if you're using end-to-end encryption without a public CA. Computer scientists have known this since 1977 and end-users have had tools since at least 1991. Key distribution is still hard, so it's not quite popular. We could really use some apps that securely exchange keys via phone "bumps".

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re:Always a concern by sjs132 · · Score: 4, Interesting

      An old friend of mine used to work for a high clearance group out in Colorado someplace. This is going back to 1995'sh... He has since gone silent (No contacts) , but I remember one conversation that we had had where he warned:

      "If you want it to be a secret you better keep it in your head. Don't write it down, don't email it, don't call on the phone... Because if they want, they can know." (Paraphrased from so long ago...) But you get the point.

      It was true then and even more so now. Who are "They"? Well, that's the problem... in 1995 I presumed it was the Federal Government that could disseminate the information to state/local. And under Homeland Security we do have "FUSION CENTERS" so you know that happens. But also it seems corporations of large magnitude can fall into it. If it is for "research, Statistics & Administration" then big whoop, but obviously it is a big temptation for people to abuse it once they are on the "inside."

      Case in point would be Crystal Bowersox. She had her privacy violated multiple times in Ohio. Probably by people paid to dig up dirt for tabloids or something, but just like Google, Creepy.

      http://www.dispatchpolitics.com/live/content/local_news/stories/2010/09/09/copy/ohio-apologized-to-idol-star-for-illegal-snooping.html?adsec=politics&sid=101

      http://content.usatoday.com/communities/idolchatter/post/2010/09/crystal-bowersoxs-privacy-breached-by-ohio-officials/1

      http://marquee.blogs.cnn.com/2010/09/09/ohio-apologizes-to-crystal-bowersox-for-security-breach/

      http://www.google.com/hostednews/ap/article/ALeqM5i_29YKZdSnooBzedGCwrNGaqfyDgD9I4IR7G1

      http://au.eonline.com/uberblog/b199540_why_were_cops_snooping_on_idols_crystal.html

       

      --
      --- Relax, that mass muderer is just trying to reduce our carbon footprint, one fetus at a time...
  4. Happens on every website. by onion2k · · Score: 3, Insightful

    Someone always has access to the data, and they're going to look at it at some point. The expectation that no one will be nosey when they're bored one day is just naivety (or stupidity). In this case the motivation is a bit creepier but on other websites people will be looking through "private" data when they're bored - be it Facebook messages, Twitter DMs, GMail emails, or Slashdot private journals.

    If you want it to remain secure and unread by other people, don't put it where other people might access it.

    --
    http://twitter.com/onion2k
    1. Re:Happens on every website. by Aqualung812 · · Score: 4, Insightful

      This is Google. They drive up and take pictures of your house.

      OMG! Pictures of my house, on a public street, where thousands of people can drive by and see it? MY PRIVACY IS RUINED! I might as well post my SSN on the Internet now!

      --
      Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  5. Re:More than enough reason for no business by Xiph · · Score: 3, Insightful

    Then they couldn't index it for advertisement, which is Google's business

    --
    Blah blah sig blah blah blah irony blah blah
  6. Duh by ebonum · · Score: 5, Interesting

    Young single male admins at companies like Google and Yahoo are golden contacts. If you are looking to research something, they can help. For a price.

    1. Re:Duh by M4n · · Score: 3, Funny

      "Research something" or "Research something"?

      --
      In space no-one can hear your vuvuzela.
  7. Come on... by grub · · Score: 5, Funny


    ...the question is: what's his /. ID? It must be in the 4 or 5 figure range.

    --
    Trolling is a art,
  8. This just in! by mdm-adph · · Score: 4, Insightful

    Individual person does nefarious actions -- name of company he works for used in title of news article for salacious reasons. More at 11.

    --
    It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
    1. Re:This just in! by Combatso · · Score: 4, Insightful

      so you think they should have left out Googles name? I for one will think twice about how private any emails / chats sent through google really are. Without getting in to a 'think of the children' rant here... the real story is this guy was spying on teenagers conversations, chatting with them... and actually unblocked himself... if one rogue employee at google can do this, than many more can... and I stand by theory that anything than can happen, will happen... So yeah... the company name belongs here..

  9. Re:More than enough reason for no business by Rob+Kaper · · Score: 3, Informative

    More than enough reason for no business to store any business e-mail on their servers and no one with any e-mail which has real world value.

    You are basically suggesting that no one uses the Internet anymore. End-to-end encryption aside, there will always be a system administrator with the technical ability to snoop data stored or in transfer. The only reason you can slam Google here is because they actually caught the guy.

  10. Re:Did Google do enough? by bberens · · Score: 4, Insightful

    Google has no grounds to prosecute the guy. The kids/parents may have some grounds based on harassment or something but the guy legitimately had access to that data, he just abused it. It happens, he was fired. I love these posts which act as if "my company" could never hire anyone who would abuse their access to data. It happens regularly at every company I've ever worked at to some degree or another. When it happens, you deal with it. *shrug*

    --
    Check out my lame java blog at www.javachopshop.com
  11. Cannot really be prevented by gweihir · · Score: 5, Insightful

    As anybody with real system administration experience knows, what protects user privacy is that you do not look at their data without explicit permission. That means people with this level of access have to have certain personality traits, and a high level of personal integrity is the most important one. I guess this is just another failed Google hiring process result.

    What now needs to follow is criminal proceedings resulting in a a rather unpleasant punishment. Oh, wait, the US does not have working privacy laws...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. Re:More than enough reason for no business by jgagnon · · Score: 4, Insightful

    Exactly... any admin worth their position could extract similar information from their corporate network. This was an inside job like any other inside job. It's only news because it is Google.

    If this has been an admin of Facebook or MySpace it would have had similar impact. It should be no surprise that any information you give to a company is available to their admins to use or abuse.

    --
    Remember to maintain your supply of /facepalm oil to prevent chafing.
  13. Luckily for David Barksdale, creepy kiddy stalker by Rogerborg · · Score: 3, Funny

    He - David Barksdale, notorious harasser of vulnerable teens, I mean - shares a name with a more famous chap, who will remain at the top of Google searches. Unless enough people start referring to David Barksdale primarily in the context of the famous freaky violator of childrens' privacy. You know, David Barksdale. The freaky creepy weird fucked up emotionally stunted probably-not-a-pederast basket case fired by Google for stalking children. That guy.

    --
    If you were blocking sigs, you wouldn't have to read this.
  14. Surprise! by nomad-9 · · Score: 4, Interesting
    Hardly surprising, since Google CEO Eric Schmidt's notorious "if you want privacy, you have something to hide" remark.

    The problem with this guy power-tripping on some kids, was not that he didn't give importance to people's privacy - which is apparently along the lines of the company's general mindset - but that he got caught for being stupid.

    1. Re:Surprise! by nomad-9 · · Score: 3, Informative
      Here's the citation you asked:

      “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

      "And it’s important, for example, that we’re all subject in the United States to the Patriot Act... "

      The "Patriot Act" was given as just one example, not as the main reason. The old "security versus privacy."

  15. ah by Chrisq · · Score: 5, Funny
    What part of heaven is most popular?

    ...the fucking Cloud.

  16. Re:More than enough reason for no business by arivanov · · Score: 5, Insightful

    It was not Google who caught the guy which is what is worrying in this case, it was the parents of the kids involved.

    I would have expected a shop of their size to have proper security and use at least some of their precious IPR on log analysis.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  17. Re:More than enough reason for no business by Runaway1956 · · Score: 4, Interesting

    Hell, I'm not even an admin worthy of the position - and I can do as you say. Crap - some ditzy female was playing one of the kids for a fool - I knew she was a worthless tramp, but you don't just tell your kids that, because they will HATE YOU FOREVER for interfering in their personal love lives. Well - she used a computer at my house to read some personal emails and such stuff. Dad just forwarded all the dirt, complete with account passwords, to the son via a "proxy". The female disappeared from the son's life faster than pizza on football night. No, I don't condone spying on people - but bitches don't count, LOL

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  18. Federal laws were violated by glittermage · · Score: 3, Informative

    After RTA it appears that David Barksdale violated Google internal policies so that means some Federal ECPA laws were violated, specifically 18 USC 2701(a).

    The exceptions outlined in voluntary 18 USC 2702 and mandatory 18 USC 2703 don't apply either.

    If Google doesn't have a policy of handing privacy violations over to AUSA/Federal or local law enforcement then I would urge a review of Google's policies.

  19. Re:Luckily for David Barksdale, creepy kiddy stalk by Stiletto · · Score: 3, Insightful

    So you'd be willing to try to ruin some guy you don't even know over 'evidence' in a three-line Slashdot blurb? You want to at least wait and see if actual charges are filed, let alone a guilty verdict? Talk about jumping to conclusions...

  20. Re:More than enough reason for no business by Trepidity · · Score: 4, Insightful

    I dunno, at places I've been the low-level sysadmin access is not very closely monitored. "Official" access through the normal APIs is logged and monitored, but when the Unix sysadmin has root on the database machine, he could be grepping through the database for all anybody knows.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  21. Re:Youth culture run amok. by Sancho · · Score: 3, Insightful

    In other words he is acting like a teenager.

    Once you grow up, the term becomes "sociopath."

  22. Re:And let the defense of Google begin by jgagnon · · Score: 3, Insightful

    What happened around here? Slashdot used to be so pro-privacy as a matter of principle. We're supposed to ignore a huge breach of trust at Google because it happens elsewhere? Nobody else has the enormous amount of data that Google has on you. Think about it.

    We're on different pages. This isn't a breach of privacy by Google the company, it is by this individual. Google has policies already in place against this behavior and does not condone or promote it. What else could you possibly expect them to do as a company?

    Additionally, you (or whomever) gave your information to Google by using their services. People inside Google have access to that information you willingly gave them (duh). Someone within that inner circle violated Google's policies for people within that inner circle. That person was fired. There is no way for Google to completely prevent this sort of thing from happening, they can only monitor and react.

    If you do not want this to happen to you then do not use Google's services. But don't go on the Internet and use publicly available (and free) services and then expect anything other than your "privacy" being violated.

    --
    Remember to maintain your supply of /facepalm oil to prevent chafing.