Google has apparently fired an engineer for taking for breaking into several users’ accounts and using the information to taunt several teenagers. Parents complained that the engineer, who met some of the teens at an engineering outreach program, had accessed some very personal information, including chats between a 15-year old and his girlfriend.
Gawker found a source close to the situation and based on David Barsdale’s and Google’s written responses he appears guilty as charged. Barksdale, the former Google Site Reliability Engineer, seems to have been drunk with power.
It seems part of the reason Barksdale snooped through the teens’ Gmail and Gtalk accounts was to show off the power he had as a member of a group with broad access to company data. A self-described “hacker,” Barksdale seemed to get a kick out of flaunting his position at Google, which was the case when, with a friend’s consent, he pulled up the person’s email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend had registered but didn’t think were linked to their main account—within seconds. The friend wasn’t concerned; Barksdale seemed to him to be a “silly,” good-natured nerd.
When contacted about the issue, Barsdale had a snarky response, but didn’t bother to deny the allegations. In a statement, Google acknowledged that Barsdale had violated Google’s internal privacy policies, but didn’t give any specifics.
We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously.”
— Bill Coughran, Senior Vice President, Engineering, Google
Like a lot of Internet users, I generally trust Google. I store a ton of personal and business information on Google’s various services. In fact, Google probably knows more about my health, finances and daily activities than many of my friends and family members. If given a choice between a stranger walking into my home and being left alone for four hours to rummage through my personal belongings than spend the equivalent time with unfettered access to my Google accounts. I’d sure hate for a burglar to steal my gadgets, family heirlooms and other valuables, but anyone with a little technical knowledge could do much more serious damage with my Google accounts.
So why do I place so much trust in Google? Well, after reading the Gawker article I shouldn’t. For a lot of users, Google and other tech titans are inanimate entities and they trust their data to machines. In reality, Google and every other tech company out there has human worker bees that have access to anything stored up in the could. I have a lot of friends that work at Google and other jumbo tech companies.I ‘trust’ Microsoft, Google, Apple and others, yet I wouldn’t hand over my Google password to a single one of my friends.
Before trusting these companies we should really think about the people behind scenes. If you met David Barsdale at an event would you hand over you trust him with your password? Probably not. But whether you like it are not, individuals like him can access your data on a whim.
Companies like Google need to take this incident as a serious learning lesson. Site Reliability Engineers, or anyone else with super admin access to personal and business data, should be kept under a microscope and their contact with the public should be minimal. Google has plenty of marketing people, product managers,executives and product engineers to interact with customers and industry players. Periodic polygraphs or stress-analysis tests wouldn’t be a bad idea.
Google has a pretty rigorous interview process and background checks, which hopefully means this is an isolated incident. But for the families involved, one bad apple is all it takes to lose all faith in Google. Do you trust Google and other cloud services with too much of your data? What would make you feel better and what would you suggest to companies to reassure users that their private information remains private?