Connect with us

Mobile

How Much Do You Trust Google, Other Could Services?

Published

on

Google has apparently fired an engineer for taking for breaking into several users’ accounts and using the information to taunt several teenagers. Parents complained that the engineer, who met some of the teens at an engineering outreach program, had accessed some very personal information, including chats between a 15-year old and his girlfriend.

Gawker found a source close to the situation and based on David Barsdale’s and Google’s written responses he appears guilty as charged. Barksdale, the former Google Site Reliability Engineer, seems to have been drunk with power.

From Gawker:

It seems part of the reason Barksdale snooped through the teens’ Gmail and Gtalk accounts was to show off the power he had as a member of a group with broad access to company data. A self-described “hacker,” Barksdale seemed to get a kick out of flaunting his position at Google, which was the case when, with a friend’s consent, he pulled up the person’s email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend had registered but didn’t think were linked to their main account—within seconds. The friend wasn’t concerned; Barksdale seemed to him to be a “silly,” good-natured nerd.

When contacted about the issue, Barsdale had a snarky response, but didn’t bother to deny the allegations. In a statement, Google acknowledged that Barsdale had violated Google’s internal privacy policies, but didn’t give any specifics.

We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously.”

— Bill Coughran, Senior Vice President, Engineering, Google

Like a lot of Internet users, I generally trust Google. I store a ton of personal and business information on Google’s various services. In fact, Google probably knows more about my health, finances and daily activities than many of my friends and family members. If given a choice between a stranger walking into my home and being left alone for four hours to rummage through my personal belongings than spend the equivalent time with unfettered access to my Google accounts. I’d sure hate for a burglar to steal my gadgets, family heirlooms  and other valuables, but anyone with a little technical knowledge could do much more serious damage with my Google accounts.

So why do I place so much trust in Google? Well, after reading the Gawker article I shouldn’t. For a lot of users, Google and other tech titans are inanimate entities and they trust their data to machines. In reality, Google and every other tech company out there has human worker bees that have access to anything stored up in the could. I have a lot of friends that work at Google and other jumbo tech companies.I ‘trust’ Microsoft, Google, Apple and others, yet I wouldn’t hand over my Google password to a single one of my friends.

Before trusting these companies we should really think about the people behind scenes. If you met David Barsdale at an event would you hand over you trust him with your password? Probably not. But whether you like it are not, individuals like him can access your data on a whim.

Companies like Google need to take this incident as a serious learning lesson. Site Reliability Engineers, or anyone else with super admin access to personal and business data, should be kept under a microscope and their contact with the public should be minimal. Google has plenty of marketing people, product managers,executives and product engineers to interact with customers and industry players. Periodic polygraphs or stress-analysis tests wouldn’t be a bad idea.

Google has a pretty rigorous interview process and background checks, which hopefully means this is an isolated incident.  But for the families involved, one bad apple is all it takes to lose all faith in Google. Do you trust Google and other cloud services with too much of your data? What would make you feel better and what would you suggest to companies to reassure users that their private information remains private?

14 Comments

14 Comments

  1. aftermath

    09/15/2010 at 7:22 am

    Not at all.

    Why would I trust ANY major company like that much?

    …especially one with which I don’t even have a business relationship
    …especially one with which I’m still bound by a contract that governs my behavior anyways
    …especially one which then uses what I freely give it to make its shareholders wealthy

    Why would I give them ANY of my posessions, even if it’s just my “information”, like personal information, behavior, relationships, communication, and consumer habbits. I’d rather they take my couch or all of my silverware or my socks or my car. I can replace all of that garbage.

    I know I’ve said this before, but I’m not going to let you shove a loaded gun in my mouth, even just for “fun” or to get access to some “free” service. It’s not that I don’t trust you, and it’s not that I can’t handle you or the situation. It’s that the potential for something to go wrong is huge, and it’s not worth it to me. If that make me a moron, then make please me the most moronic person of all. Why would I trust Google when I don’t have to trust Google and the ability for things to go very wrong, very quickly is huge?

    Trust me (especially more than Google), the worst thing that can happen to you because of Google’s power over your life is NOT that some egomaniac snoops on a chat transcript.

    When it comes to technology, people really need to learn their history so that they can know and care about their freedoms. What we’ve gained offline, we are losing on-line, and we are losing it at the same rate that technology is taking over offline aspects of our lives.

    • Mike

      09/15/2010 at 9:47 am

      You would give it to them because they are providing you a valuable service for free.

      If you are putting up copies of truly sensitive data on google then that is just silly.

      You shouldn’t be discussing anything on e-mail that is damning anyway – google or not.

      Many people in many places have access to worse more damaging information – bank employees at banks, medical employees at medical facilities etc. The secretary at the law office you use. etc, etc…

      I have to laugh at my mom who tells me of the worries of online baking.
      But it does not bother her to leave the same information in an unlocked box out by the road.

      • Xavier Lanier

        09/15/2010 at 10:43 am

        More and more information is being stored up in the cloud though and it’s not just your inbox. Google/Gmail and other email providers are the ‘keys to the kingdom.’ For many banks, electronic medical health records, etc., all you need to reset a password/gain access is access to a users inbox. How difficult is it to figure out anniversary dates, pets’ name, children’s names, fahter’s birthday, etc., which are often used as answers to challenge questions?
        Fortunately, a few responsible sites, such as bofa.com allow for multi-factor authentication, requiring access to both email and your phone. Unfortunately, that means losing a smartphone without a passcode means you’re toast if a bad guy finds it.

        • Mike

          09/15/2010 at 4:34 pm

          This is true. But using a weak prompt question on your part is not all google’s fault either.
          There are some things which are just going to be difficult problems to solve – and truly secure security that still provides easy access for users is a biggy.

          I’d personally like to see MUCH tougher laws for fraud, including identity theft. These are willful and awful incredibly damaging crimes. The punishments are often a joke. They’d probably get worse if convicted of selling a joint.

      • Xavier Lanier

        09/15/2010 at 10:44 am

        btw- yes, you’re right. My dentist, or any of her staff members, could steal my identity since they have a whole lot of personal data on file in paper form. No password required to grab a manilla folder…

  2. TateJ

    09/15/2010 at 7:38 am

    This is my basic issue with cloud computing. I love the idea of it, but I am just not trusting enough.

    I’ve built my own personal cloud with servers that I own and control. A Broadband internet connection at home, a couple of entry level Dell servers and some software was all I needed to get things going. Not the cheapest or easiest way to have a cloud, but I feel safer. I don’t have to worry about hackers having physical access to my info.

    • Mike

      09/15/2010 at 9:49 am

      And only relatively secure – because if somebody breaks in then all those shiny humming boxes look expensive.
      And if it burns down then all is lost too.

      Google offers redundant multi-site backup of data seen to by people who are paid a lot of money to know a lot more than most any individual about it.

      Sure stuff can happen with google – but so can it happen to your multi server setup in the spare bedroom.

      • TateJ

        09/15/2010 at 2:08 pm

        Very true. You can’t protect yourself from everything. But where I live, I have a better chance of being hacked than being burglarized.

        I just prefer to provide my own cloud services. It’s easy and it works for me.

  3. Mike

    09/15/2010 at 9:52 am

    Not much to see here I think.
    You can’t live in a nerf box.
    I trust google for what I use it for.
    If you want storage for more sensitive documents then that is what encryption is for.

    In the end, this google employee was doing something out of bounds and was fired for it. More could be known about the specifics – like how he was caught (and therefor how good or bad google’s internal security protocols protect us).
    But generally, this is the desired outcome.

  4. Sumocat

    09/15/2010 at 10:29 am

    I trust Google to index everything I give them and keep that data forever. Hence, I have no problem letting them host my blogs and other published items. Don’t trust them as much with my private stuff though. I try to diversify everything else.

  5. Ben

    09/15/2010 at 11:13 am

    Privacy is an illusion. Get over it.

    • Mike

      09/15/2010 at 4:40 pm

      It’s a funny dilemma for an existentialist.
      It’s impossible to really know the other.
      And, it’s impossible to not know – as privacy is an illusion.

      I guess everything is known but nothing is understood.

      That does explain a few relationships I have had actually.

  6. GoodThings2Life

    09/15/2010 at 6:28 pm

    My biggest problem with Cloud Computing is actually not with security (my second concern) but with overall accessibility. As an IT guy, I can nearly guarantee my systems are available to my users unless *I* take them down for scheduled maintenance. I’ve got the skills and the experience to know how long it takes me to do certain things on my equipment, and if I’m doing a project, I double what I estimate when I tell others how long it will take.

    What I can’t do is guarantee the same results from someone else. Everyone from Microsoft to Google to Apple has had their fair share of outages over the years. It happens, and for personal things, meh what’s the big deal for a short time. But for a business, even a few minutes are catastrophic for operations.

    Plus, even if I can trust the hosted solution, I can’t guarantee the accessibility of the solution from my ISP’s or electric companies will provide adequate service.

  7. scouser73

    09/15/2010 at 9:00 pm

    I trust Google with the information that I am happy to share with them, the fact that an engineer was caught proves that they have systems in place to monitor such underhanded activities which caught the unscrupulous engineer out.

Leave a Reply

Your email address will not be published.

As an Amazon Associate I earn from qualifying purchases.