Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Privacy Your Rights Online

Google Engineer Spied On Teen Users 338

bonch writes "Former Google employee David Barksdale accessed user accounts to spy on call logs, chat transcripts, contact lists. As a Site Reliability Engineer, Barksdale had access to the company's most sensitive information and even unblocked himself from a teen's buddy list. He met the minors through a Seattle technology group. Angry parents cut off contact with him and complained to Google, who quietly fired him."
This discussion has been archived. No new comments can be posted.

Google Engineer Spied On Teen Users

Comments Filter:
  • by odies ( 1869886 ) * on Wednesday September 15, 2010 @07:54AM (#33585492)

    And not only call logs, chat transcripts and contact lists. The article notes:

    he pulled up the person's email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend had registered but didn't think were linked to their main account—within seconds.

    So even if you think logging out and making a new separate account is enough, it's all linked

    And what about Google Analytics and everything else? They can see everywhere you've been on the internet, and obviously abuse it.

    • to store any business e-mail on their servers and no one with any e-mail which has real world value.

      Sorry, but if they can read my e-mail account on GMail without my permission, as in my password, then there is zero security regardless of what all their policies and procedures declare. They should just step up and encrypt all of it using the user's password as part of the key, if not that then automated systems which send e-mail to an audit team, the user, and anyone the user designates, when access by SQL

      • by Xiph ( 723935 ) on Wednesday September 15, 2010 @08:09AM (#33585688)

        Then they couldn't index it for advertisement, which is Google's business

      • by Rob Kaper ( 5960 ) on Wednesday September 15, 2010 @08:20AM (#33585828) Homepage

        More than enough reason for no business to store any business e-mail on their servers and no one with any e-mail which has real world value.

        You are basically suggesting that no one uses the Internet anymore. End-to-end encryption aside, there will always be a system administrator with the technical ability to snoop data stored or in transfer. The only reason you can slam Google here is because they actually caught the guy.

        • by jgagnon ( 1663075 ) on Wednesday September 15, 2010 @08:33AM (#33585962)

          Exactly... any admin worth their position could extract similar information from their corporate network. This was an inside job like any other inside job. It's only news because it is Google.

          If this has been an admin of Facebook or MySpace it would have had similar impact. It should be no surprise that any information you give to a company is available to their admins to use or abuse.

          • by bsDaemon ( 87307 )

            No, if it had been Facebook or MySpace, it wouldn't be a surprise. Dumb-ass kids willfully give up information which could be used to harm them in some way, including "cyber stalking" (its new cause its on the innernets!), and you don't even have to be an employee of the company to perform it. Chances are there are enough holes in the Facebook API that someone could find a way to force an unblock action for themselves.

            Of course, no, this doesn't really surprise me either. But, I deleted my Google account

          • by Runaway1956 ( 1322357 ) on Wednesday September 15, 2010 @09:15AM (#33586556) Homepage Journal
            Hell, I'm not even an admin worthy of the position - and I can do as you say. Crap - some ditzy female was playing one of the kids for a fool - I knew she was a worthless tramp, but you don't just tell your kids that, because they will HATE YOU FOREVER for interfering in their personal love lives. Well - she used a computer at my house to read some personal emails and such stuff. Dad just forwarded all the dirt, complete with account passwords, to the son via a "proxy". The female disappeared from the son's life faster than pizza on football night. No, I don't condone spying on people - but bitches don't count, LOL
        • by arivanov ( 12034 ) on Wednesday September 15, 2010 @08:42AM (#33586112) Homepage

          It was not Google who caught the guy which is what is worrying in this case, it was the parents of the kids involved.

          I would have expected a shop of their size to have proper security and use at least some of their precious IPR on log analysis.

      • If your email is cleartext, then there's always someone that can read it, no matter what the environment is. You can chose GPG/PGP, SSL, and various other things to solve this problem, but if *you choose* to cleartext, the problem will always exist.

        I can read my bosses emails... doesn't seem at all right to me, but I need to have that access to maintain the mailserver. I'd suggest encryption, but nobody can be bothered to bother with it. Even when they do, it's only for that one email in a year, so

    • Re: (Score:2, Informative)

      by mandark1967 ( 630856 )

      "...So even if you think logging out and making a new separate account is enough, it's all linked"

      That's relatively easy to get around. Create your initial gmail account on 1 machine using a particular ISP, and create your second acct by using a different computing device(like a droid) on another ISP. Of course, you must remember to never use one machine to check both accounts. It takes dicipline, but it an be done.

      I have a gmail account that I created on Comcast with my home desktop, and a completely diffe

      • Perhaps you forgot your browsing habits and the fact that correlation can be a powerful tool. Couple that with the ubiquity of google code (analytics, adsense) and I don't believe it is completely unreasonable to hypothesize that they could figure it out... Not to say that they do "automatically", but if you were to come under investigation for something I'm sure they could do the math.
      • Re: (Score:2, Funny)

        by Aeros ( 668253 )
        oh...we can NOW!
      • That's relatively easy to get around. Create your initial gmail account on 1 machine using a particular ISP, and create your second acct by using a different computing device(like a droid) on another ISP. Of course, you must remember to never use one machine to check both accounts. It takes dicipline, but it an be done.

        I have a gmail account that I created on Comcast with my home desktop, and a completely different one that was created when I purchased my droid through verizon.

        I never check the droid

  • Do No Evil (Score:5, Insightful)

    by whisper_jeff ( 680366 ) on Wednesday September 15, 2010 @07:55AM (#33585506)
    Google's policy may be "Do No Evil" but each individual's policy may differ...
    • Re:Do No Evil (Score:5, Insightful)

      by Richard_at_work ( 517087 ) on Wednesday September 15, 2010 @08:06AM (#33585642)
      And the quietly letting him go rather than warning others about this persons actions is ... whose policy?
      • Re:Do No Evil (Score:5, Insightful)

        by Anonymous Coward on Wednesday September 15, 2010 @08:13AM (#33585722)

        Unless he is charged and convicted, let's not hang a man in the realm of public opinion. He was fired, and hopefully he learned something.

      • Re: (Score:3, Interesting)

        And the quietly letting him go rather than warning others about this persons actions is ... whose policy?

        I expect that quietly means "no media coverage". I guess that, internally, word spread pretty quickly why he was being let go.

      • The shareholders'.

      • by antifoidulus ( 807088 ) on Wednesday September 15, 2010 @08:24AM (#33585868) Homepage Journal
        Holy shit, Pope Benedict must be a majority shareholder at Google!
      • Re:Do No Evil (Score:4, Insightful)

        by UnknowingFool ( 672806 ) on Wednesday September 15, 2010 @08:34AM (#33585970)
        He no longer has access to Google. He's no longer in the program where he first met the teens. What else would you want them to do? Reading the article it does not seem that he did anything illegal that the police can charge. His position allowed him to access the information but he violated the company policies.
        • He no longer has access to Google. He's no longer in the program where he first met the teens. What else would you want them to do? Reading the article it does not seem that he did anything illegal that the police can charge. His position allowed him to access the information but he violated the company policies.

          That's the thing isn't it ... besides, good luck finding another job administering anything more than the computers in a dentist's office. Some people want to jump on the "Do No Evil" bandwagon here but I don't think that's the case. Stupid or bad people sometimes get into positions of responsibility. Google got rid of the man promptly, which I think was the right thing to do here. Besides, given all the laws we now have on the books regarding this kind of thing, my guess is this guy will get charged with s

          • Re: (Score:3, Interesting)

            by epine ( 68316 )

            Stupid or bad people sometimes get into positions of responsibility.

            Speaking of which, Newt recently cleared the bar at 18 feet, elevating "Luo tribesman" into the neo-conservative N-word lexicon in a single bound.

            These people hate Michael Moore with a passion, so why do they expend so much energy making him sound like an intelligent man? As Mr Moore pointed out, it is obvious to anyone who has ever cracked open an American history book, American was founded on the sentiment of anti-colonialism (only when

        • They could inform their users about this and even better tell public what actions they have taken in order to prevent such incidents to happen in future. I don't see any reason why an engineer can access user data. I hope they don't design their systems in a commodity CMS fashion that "admin" can alter any kind of data, let alone viewing them.
          • Re: (Score:3, Insightful)

            Informing their users would likely get Google involved with a lawsuit either from the teens' parents (since the teens were under-aged) or from him for invasion of privacy. Generally admins don't have this kind of access but his particular position allowed him to do so. Google is looking at further restricting policies about access. I don't know about your workplace but different admins have access to all sorts of information. If you have a bad seed, you had a bad seed.
      • Except that now his name can be Googled and found here. How's that for irony.
  • Always a concern (Score:5, Interesting)

    by Pojut ( 1027544 ) on Wednesday September 15, 2010 @07:59AM (#33585564) Homepage

    You never know who is watching or listening in. People don't realize that every single thing they do online can, at some point along the pipe, be potentially seen by someone.

  • by onion2k ( 203094 ) on Wednesday September 15, 2010 @08:04AM (#33585620) Homepage

    Someone always has access to the data, and they're going to look at it at some point. The expectation that no one will be nosey when they're bored one day is just naivety (or stupidity). In this case the motivation is a bit creepier but on other websites people will be looking through "private" data when they're bored - be it Facebook messages, Twitter DMs, GMail emails, or Slashdot private journals.

    If you want it to remain secure and unread by other people, don't put it where other people might access it.

    • If you want it to remain secure and unread by other people, don't put it where other people might access it.

      This is Google. They drive up and take pictures of your house.

      • by Aqualung812 ( 959532 ) on Wednesday September 15, 2010 @08:16AM (#33585772)

        This is Google. They drive up and take pictures of your house.

        OMG! Pictures of my house, on a public street, where thousands of people can drive by and see it? MY PRIVACY IS RUINED! I might as well post my SSN on the Internet now!

        • Re: (Score:3, Funny)

          by PhxBlue ( 562201 )
          Could you post your date of birth and mother's maiden name, too? Thanks!
        • Re: (Score:3, Interesting)

          by buck-yar ( 164658 )

          Many people have gotten fines from evidence collected on google earth. Specifically swimming pools that don't meet zoning, that would not be visible from public view (only satellite or airplane).

          http://www.switched.com/2010/08/02/long-island-town-uses-google-earth-to-find-rogue-swimming-pools/ [switched.com]

    • by Chrisq ( 894406 )

      People will be looking through "private" data when they're bored - be it Facebook messages, Twitter DMs, GMail emails, or Slashdot private journals.

      In the latter case they usually run out screaming "aaaaaghhhh...." never to be seen again. Access logs show they have been reading a file named "CowboyNeal's sexual fantasies".

    • Re: (Score:3, Informative)

      by mikael_j ( 106439 )

      In this case the motivation is a bit creepier...

      Well, if the linked article has its guesses and quotes correct then it seems this guy was just trying to show off with his neat GEP (Google Employee Powers) and overstepped privacy boundaries doing so. Now, IMHO this is generally worse than just being curious or "nosey[sic]" but probably not creepier (I worked tech support just after college and I saw more than one "curious" co-worker search the customer database for members of the opposite sex who happened to live in the same city as we were in and who had

  • by mcgrew ( 92797 ) * on Wednesday September 15, 2010 @08:09AM (#33585682) Homepage Journal

    But I found anotherFA. [computerworld.com]

    • Re: (Score:2, Informative)

      by Jeslijar ( 1412729 )

      according to this FA, it wasn't some creepy stalker type deal.

      He found a techie group and wanted to impress them with his 'haxor' skills. It probably didn't come out until later that he worked for Google. It was a stupid move and an abuse of power, but it wasn't something as creepy as the original post here makes it sound.

      "Barksdale's harassment did not appear to be sexual in nature, although ... [he] demonstrated extraordinarily questionable judgment. ... It seems part of the reason ... was to show off the

  • by Drakkenmensch ( 1255800 ) on Wednesday September 15, 2010 @08:10AM (#33585706)
    "Is it 1984 already?" Daria
  • Duh (Score:5, Interesting)

    by ebonum ( 830686 ) on Wednesday September 15, 2010 @08:10AM (#33585708)

    Young single male admins at companies like Google and Yahoo are golden contacts. If you are looking to research something, they can help. For a price.

  • Come on... (Score:5, Funny)

    by grub ( 11606 ) <slashdot@grub.net> on Wednesday September 15, 2010 @08:16AM (#33585770) Homepage Journal

    ...the question is: what's his /. ID? It must be in the 4 or 5 figure range.
  • This just in! (Score:4, Insightful)

    by mdm-adph ( 1030332 ) on Wednesday September 15, 2010 @08:19AM (#33585818)

    Individual person does nefarious actions -- name of company he works for used in title of news article for salacious reasons. More at 11.

    • Re: (Score:2, Insightful)

      by crunzh ( 1082841 )
      mayor company that keeps houge amounts of personal data dont protect user data from employees, I think thats the story.
      • Well if the mayor of Google isn't properly protecting our user data then I'm certainly not voting for him again!!
      • Barring not letting any employee see protected user data (a completely unreasonable practice), I don't see how this could have been prevented.

        If simple forms and NDA's are good enough for HIPPA, it's good enough for Google.

        • Re: (Score:3, Insightful)

          by crunzh ( 1082841 )
          either encrypting userdata, or atleast limiting access or not giving access to multiple services. If he only had access to one of the services damages would be less, but he had access to both voice, email and google talk.
    • Re:This just in! (Score:4, Insightful)

      by Combatso ( 1793216 ) on Wednesday September 15, 2010 @08:33AM (#33585956)
      so you think they should have left out Googles name? I for one will think twice about how private any emails / chats sent through google really are. Without getting in to a 'think of the children' rant here... the real story is this guy was spying on teenagers conversations, chatting with them... and actually unblocked himself... if one rogue employee at google can do this, than many more can... and I stand by theory that anything than can happen, will happen... So yeah... the company name belongs here..
      • Re: (Score:3, Interesting)

        by Dhalka226 ( 559740 )

        And what company do you think exists where nobody has access to this sort of information?

        If your logic is "anything than[sic] can happen, will happen" then it is happening everywhere. You're out of luck.

  • Barksdale was working on GChat Roulette.
  • He sounds a little like an egomaniac windbag that hasn't grown out of adolescence yet (like a lot of geeks). I find it hard to beleive that anyone who wears a "Free the Mallocs" and "I Love toxic waste" t-shirts isn't going to keep tight-lipped about freaking someone out with his "m4d l33t 5k11z".
  • by gweihir ( 88907 ) on Wednesday September 15, 2010 @08:33AM (#33585960)

    As anybody with real system administration experience knows, what protects user privacy is that you do not look at their data without explicit permission. That means people with this level of access have to have certain personality traits, and a high level of personal integrity is the most important one. I guess this is just another failed Google hiring process result.

    What now needs to follow is criminal proceedings resulting in a a rather unpleasant punishment. Oh, wait, the US does not have working privacy laws...

    • by Viol8 ( 599362 )

      "What now needs to follow is criminal proceedings "

      Criminal proceedings for what? Reading some private stuff he legally had access to anyway and for wounding up some teens. Whats your verdict then judge? 30 years in max security?

      Jeez, get a sense of perspective.

      • I'm sure a DA could get him on a variety of wiretapping, invasion of privacy, unauthorised access to a computer system, etc. charges.

  • by Rogerborg ( 306625 ) on Wednesday September 15, 2010 @08:35AM (#33585994) Homepage
    He - David Barksdale, notorious harasser of vulnerable teens, I mean - shares a name with a more famous chap, who will remain at the top of Google searches. Unless enough people start referring to David Barksdale primarily in the context of the famous freaky violator of childrens' privacy. You know, David Barksdale. The freaky creepy weird fucked up emotionally stunted probably-not-a-pederast basket case fired by Google for stalking children. That guy.
  • Surprise! (Score:4, Interesting)

    by nomad-9 ( 1423689 ) on Wednesday September 15, 2010 @08:35AM (#33585998)
    Hardly surprising, since Google CEO Eric Schmidt's notorious "if you want privacy, you have something to hide" remark.

    The problem with this guy power-tripping on some kids, was not that he didn't give importance to people's privacy - which is apparently along the lines of the company's general mindset - but that he got caught for being stupid.

  • Google, who quietly fired him

    Not as quietly as they might have hoped...

  • This is a taste of things to come. Companies will do it. Subcontractors will do it. Employees will do it. Trainees will do it.

    When you put your data out there... well, it's out there. Your choice. THis was Google's responsibility.. what was their punishment ? nothing.

  • Oops: Parents at Google in the US talking about child safety online [youtube.com], from the just-announced Google Family Safety Center [blogspot.com], apparently still in Beta.

  • Well , it had to be said :)

  • by glittermage ( 650813 ) on Wednesday September 15, 2010 @09:23AM (#33586662)
    After RTA it appears that David Barksdale violated Google internal policies so that means some Federal ECPA laws were violated, specifically 18 USC 2701(a) [cornell.edu].

    The exceptions outlined in voluntary 18 USC 2702 [cornell.edu] and mandatory 18 USC 2703 [cornell.edu] don't apply either.

    If Google doesn't have a policy of handing privacy violations over to AUSA/Federal or local law enforcement then I would urge a review of Google's policies.
  • iso certification (Score:3, Interesting)

    by StripedCow ( 776465 ) on Wednesday September 15, 2010 @09:33AM (#33586824)

    Isn't there some ISO 9000 rule (or other standard) that says that admins cannot look at user data? And why isn't google adhering to this standard?

  • Google screwed up (Score:3, Interesting)

    by Coward Anonymous ( 110649 ) on Wednesday September 15, 2010 @11:25AM (#33588772)

    Evidently, Google does not have a process controlling the access of user accounts by employees of the company. Google needs to stop ignoring the fact that it is dealing with increasingly more private information on individuals and that like other organizations with such information (think banks) it needs to develop a full fledged process (with well defined protocols, auditing, etc.) to ensure that any access to a user's private information is authorized and accounted for.
    Google wants to think of itself as a technology company where process is a hindrance. Google is too big to continue thinking and acting like that.
    I'm guessing Google will not deal with this particular problem until it gets sued.

Think lucky. If you fall in a pond, check your pockets for fish. -- Darrell Royal

Working...