Google has a privacy problem on its hands. On Wednesday, the company
announced it fired an employee who violated its "strict" privacy
policies. The rogue engineer, a 27-year-old named David Barksdale, reportedly spied on minors and accessed
their personal information. Adrian Chen at Gawker has the scoop:
It's unclear how widespread Barksdale's abuses were, but in at least four cases, Barksdale spied on minors' Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he'd befriended, Barksdale tapped into call logs from Google Voice, Google's Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid's account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her. In other cases involving teens of both sexes, Barksdale exhibited a similar pattern of aggressively violating others' privacy, according to our source. He accessed contact lists and chat transcripts, and in one case quoted from an IM that he'd looked up behind the person's back.Since Google announced Barksdale's firing, a horde of tech bloggers have expressed outrage at the privacy breach. Here's what they're saying:
- Google's Response Wasn't Good Enough, writes Michael Arrington at TechCrunch: "If a Google employee rampages through my email, Google Voice or other data for no justifiable reason I expect a lot more from the company than simply terminating them. There needs to be criminal charges brought as well... So much of our life is lived online, and so much of our highly sensitive personal data is stored on Google's servers, that it is absurd that there aren't more dire consequences facing those that choose to molest that data. If a Google employee broke into my home and stole files from my office they'd go to jail. And frankly I'd be far less concerned with that situation than if they were perusing my email for entertainment during their lunch break."
- Reminds Me of Something, writes Levi Sumagaysay at Good Morning Silicon Valley: "This brings to mind that a couple of weeks ago, Consumer Watchdog took out a provocative video ad in New York's Times Square that portrayed Schmidt as an ice-cream-truck driver stealing children's personal information. Incidentally, the group has now invited Schmidt and co-founders Larry Page and Sergey Brin to 'a serious discussion' about online privacy at an October conference. File that under not gonna happen."
- What More Do You Want Google to Do? wonders Fahmida Rashid at Digital Trends: "Could Google have prevented this from happening? The company said it constantly upgrades its security controls, and will take greater care auditing its logs to make sure the policy is being adhered to. Beyond that, there's not much it can do, unless it decides to regularly psychologically evaluate all job applicants and employees. But last we checked, this isn't the FBI."
- People Are Going to Lose Faith in the Cloud, writes Doug Simmons, a consultant and blogger: "Not the headline I wanted to read this morning as in addition to being an exhausted Google apologist I'm trying to fire up a business migrating companies to the Google cloud. One thing I like to be able to assure clients I'm pitching this to is that this sort of thing doesn't happen. Damnit."
- 5 Questions for Google In a forgiving tone, Lauren Weinstein says that "no system is 100% secure." But he'd like to have Google directly address the following questions:
- Who at Google has access to Google users' content data?
- Under what conditions are Google employees officially authorized to access such data?
- Can an individual at Google access such data on their own without specific "need-to-know" authorization for specific cases, and without the oversight of any other employees during such access itself?
- What technical measures are in place to control Google employees' access to users' content data and to limit the possibilities of abuse?
- What reporting and/or logging mechanisms, and any associated audit procedures, are in place to routinely track (in real-time or retrospectively) employee access to such user content data?