Google Engineer Spied On Teen Users

bonch writes "Former Google employee David Barksdale accessed user accounts to spy on call logs, chat transcripts, contact lists. As a Site Reliability Engineer, Barksdale had access to the company's most sensitive information and even unblocked himself from a teen's buddy list. He met the minors through a Seattle technology group. Angry parents cut off contact with him and complained to Google, who quietly fired him."

All the data on Google

[odies]

And not only call logs, chat transcripts and contact lists. The article notes:

he pulled up the person's email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend had registered but didn't think were linked to their main account—within seconds.

So even if you think logging out and making a new separate account is enough, it's all linked

And what about Google Analytics and everything else? They can see everywhere you've been on the internet, and obviously abuse it.

More than enough reason for no business

[Shivetya]

to store any business e-mail on their servers and no one with any e-mail which has real world value.

Sorry, but if they can read my e-mail account on GMail without my permission, as in my password, then there is zero security regardless of what all their policies and procedures declare. They should just step up and encrypt all of it using the user's password as part of the key, if not that then automated systems which send e-mail to an audit team, the user, and anyone the user designates, when access by SQL

Re:More than enough reason for no business

[Xiph]

Then they couldn't index it for advertisement, which is Google's business

Re:More than enough reason for no business

[Rob Kaper]

More than enough reason for no business to store any business e-mail on their servers and no one with any e-mail which has real world value.

You are basically suggesting that no one uses the Internet anymore. End-to-end encryption aside, there will always be a system administrator with the technical ability to snoop data stored or in transfer. The only reason you can slam Google here is because they actually caught the guy.

Re:More than enough reason for no business

[jgagnon]

Exactly... any admin worth their position could extract similar information from their corporate network. This was an inside job like any other inside job. It's only news because it is Google.

If this has been an admin of Facebook or MySpace it would have had similar impact. It should be no surprise that any information you give to a company is available to their admins to use or abuse.

Re:

[bsDaemon]

No, if it had been Facebook or MySpace, it wouldn't be a surprise. Dumb-ass kids willfully give up information which could be used to harm them in some way, including "cyber stalking" (its new cause its on the innernets!), and you don't even have to be an employee of the company to perform it. Chances are there are enough holes in the Facebook API that someone could find a way to force an unblock action for themselves.

Of course, no, this doesn't really surprise me either. But, I deleted my Google account

Re:

[Altrag]

And yet here I see you on Slashdot. As an unsubscribed plain old user, I can find:
- Your last few comments
- The last few stories you've submitted
- Your Slashdot friends / fans / foes
- Their comments / stories / etc

I'm not trying very hard, and I'm certainly not a data miner, but I'd guess even that amount of data would be enough to put something together about you -- at least a vague sense of your interests and disinterests. And how much more information would the Slashdot admins have about you? All they

Re:More than enough reason for no business

[Runaway1956]

Hell, I'm not even an admin worthy of the position - and I can do as you say. Crap - some ditzy female was playing one of the kids for a fool - I knew she was a worthless tramp, but you don't just tell your kids that, because they will HATE YOU FOREVER for interfering in their personal love lives. Well - she used a computer at my house to read some personal emails and such stuff. Dad just forwarded all the dirt, complete with account passwords, to the son via a "proxy". The female disappeared from the son's life faster than pizza on football night. No, I don't condone spying on people - but bitches don't count, LOL

Re:

[KingAlanI]

good, gave him the tools/;info to handle it himself and it worked out better.

Re:Youth culture run amok.

[Sancho]

In other words he is acting like a teenager.

Once you grow up, the term becomes "sociopath."

Re:

[jgagnon]

I was not defending Google, I was only stating that SOMEONE on the inside of every company has access to things that could be dangerous in the wrong hands, even your bank of choice. That being said, the problem isn't that someone has access, the problem is that they need to better screen their employees and their behavior to discourage this sort of thing.

This kind of idiotic move happens all the time and people get fired over it. I read recently about a school principal viewing porn on his computer at wor

Re:And let the defense of Google begin

[jgagnon]

What happened around here? Slashdot used to be so pro-privacy as a matter of principle. We're supposed to ignore a huge breach of trust at Google because it happens elsewhere? Nobody else has the enormous amount of data that Google has on you. Think about it.

We're on different pages. This isn't a breach of privacy by Google the company, it is by this individual. Google has policies already in place against this behavior and does not condone or promote it. What else could you possibly expect them to do as a company?

Additionally, you (or whomever) gave your information to Google by using their services. People inside Google have access to that information you willingly gave them (duh). Someone within that inner circle violated Google's policies for people within that inner circle. That person was fired. There is no way for Google to completely prevent this sort of thing from happening, they can only monitor and react.

If you do not want this to happen to you then do not use Google's services. But don't go on the Internet and use publicly available (and free) services and then expect anything other than your "privacy" being violated.

Re:More than enough reason for no business

[arivanov]

It was not Google who caught the guy which is what is worrying in this case, it was the parents of the kids involved.

I would have expected a shop of their size to have proper security and use at least some of their precious IPR on log analysis.

Re:More than enough reason for no business

[Trepidity]

I dunno, at places I've been the low-level sysadmin access is not very closely monitored. "Official" access through the normal APIs is logged and monitored, but when the Unix sysadmin has root on the database machine, he could be grepping through the database for all anybody knows.

Re:

[spottedkangaroo]

If your email is cleartext, then there's always someone that can read it, no matter what the environment is. You can chose GPG/PGP, SSL, and various other things to solve this problem, but if *you choose* to cleartext, the problem will always exist.

I can read my bosses emails... doesn't seem at all right to me, but I need to have that access to maintain the mailserver. I'd suggest encryption, but nobody can be bothered to bother with it. Even when they do, it's only for that one email in a year, so

Their IMAP is slow though

[e065c8515d206cb0e190]

I've tried it. Came back to the web based client. Within 2 minutes.

Re:

[mcvos]

Exactly. Unencrypted email is just shouting something into a crowded party and hoping only the person you're addressing listens.

Re:

[mandark1967]

"...So even if you think logging out and making a new separate account is enough, it's all linked"

That's relatively easy to get around. Create your initial gmail account on 1 machine using a particular ISP, and create your second acct by using a different computing device(like a droid) on another ISP. Of course, you must remember to never use one machine to check both accounts. It takes dicipline, but it an be done.

I have a gmail account that I created on Comcast with my home desktop, and a completely diffe

Re:

[datapharmer]

Perhaps you forgot your browsing habits and the fact that correlation can be a powerful tool. Couple that with the ubiquity of google code (analytics, adsense) and I don't believe it is completely unreasonable to hypothesize that they could figure it out... Not to say that they do "automatically", but if you were to come under investigation for something I'm sure they could do the math.

Re:

[Aeros]

oh...we can NOW!

Re:

[Fnord666]

That's relatively easy to get around. Create your initial gmail account on 1 machine using a particular ISP, and create your second acct by using a different computing device(like a droid) on another ISP. Of course, you must remember to never use one machine to check both accounts. It takes dicipline, but it an be done.

I have a gmail account that I created on Comcast with my home desktop, and a completely different one that was created when I purchased my droid through verizon.

I never check the droid

Re:

[Abstrackt]

Even better, DON'T USE GMAIL for your private and sensitive info....

Even better, don't store your private and sensitive info in plain text on the Internet.

If your email is more sensitive than a postcard use PGP/GPG to provide reasonable security. And if it's too sensitive to have a copy stored on someone else's servers either host it yourself or keep a physical copy in a safe instead.

Do No Evil

[whisper_jeff]

Google's policy may be "Do No Evil" but each individual's policy may differ...

Re:Do No Evil

[Richard_at_work]

And the quietly letting him go rather than warning others about this persons actions is ... whose policy?

Re:Do No Evil

[Anonymous Coward]

Unless he is charged and convicted, let's not hang a man in the realm of public opinion. He was fired, and hopefully he learned something.

Re:

[Shabazz Rabbinowitz]

...let's not hang a man in the realm of public opinion...

You're new here, aren't you?

Re:Do No Evil

[nschubach]

So new that Slashdot hasn't had time to assign them a user ID.

Re:

[Abstrackt]

So new that Slashdot hasn't had time to assign them a user ID.

Anonymous Coward's UID is 666 [slashdot.org], you can't go much lower.

Re:

[commodore64_love]

>>>Unless he is charged and convicted, let's not hang a man in the realm of public opinion

Me too:

If this is my competition, I have nothing to worry about.

Re:

[xouumalperxe]

And the quietly letting him go rather than warning others about this persons actions is ... whose policy?

I expect that quietly means "no media coverage". I guess that, internally, word spread pretty quickly why he was being let go.

Re:

[bickerdyke]

Despite "no media coverage", it landed on /.

Re:

[mdm-adph]

The shareholders'.

Re:Do No Evil

[antifoidulus]

Holy shit, Pope Benedict must be a majority shareholder at Google!

Re:Do No Evil

[ArsenneLupin]

Holy shit, Pope Benedict must be a majority shareholder at Google!

It said quietly fired, not quietly transferred to a different regional office.

Re:

[ultranova]

Not to mention, the people he spied on weren't threatened with Hell if they ever spoke of it.

Re:Do No Evil

[UnknowingFool]

He no longer has access to Google. He's no longer in the program where he first met the teens. What else would you want them to do? Reading the article it does not seem that he did anything illegal that the police can charge. His position allowed him to access the information but he violated the company policies.

Re:

[ScrewMaster]

He no longer has access to Google. He's no longer in the program where he first met the teens. What else would you want them to do? Reading the article it does not seem that he did anything illegal that the police can charge. His position allowed him to access the information but he violated the company policies.

That's the thing isn't it ... besides, good luck finding another job administering anything more than the computers in a dentist's office. Some people want to jump on the "Do No Evil" bandwagon here but I don't think that's the case. Stupid or bad people sometimes get into positions of responsibility. Google got rid of the man promptly, which I think was the right thing to do here. Besides, given all the laws we now have on the books regarding this kind of thing, my guess is this guy will get charged with s

Re:

[epine]

Stupid or bad people sometimes get into positions of responsibility.

Speaking of which, Newt recently cleared the bar at 18 feet, elevating "Luo tribesman" into the neo-conservative N-word lexicon in a single bound.

These people hate Michael Moore with a passion, so why do they expend so much energy making him sound like an intelligent man? As Mr Moore pointed out, it is obvious to anyone who has ever cracked open an American history book, American was founded on the sentiment of anti-colonialism (only when

Re:

[camcorder]

They could inform their users about this and even better tell public what actions they have taken in order to prevent such incidents to happen in future. I don't see any reason why an engineer can access user data. I hope they don't design their systems in a commodity CMS fashion that "admin" can alter any kind of data, let alone viewing them.

Re:

[UnknowingFool]

Informing their users would likely get Google involved with a lawsuit either from the teens' parents (since the teens were under-aged) or from him for invasion of privacy. Generally admins don't have this kind of access but his particular position allowed him to do so. Google is looking at further restricting policies about access. I don't know about your workplace but different admins have access to all sorts of information. If you have a bad seed, you had a bad seed.

Re:

[Ollabelle]

Except that now his name can be Googled and found here. How's that for irony.

Re:Do No Evil

[Richard_at_work]

If this case involved credit card numbers, what would your suggestion be then? What about this case does not scream invasion of privacy, misuse of privileges, abuse of trust and numerous other things? This person should not have been simply let go, it should have been referred to the authorities - he didn't make a simple mistake, he took deliberate action. Simply letting him go allows Google to silently preserve their pristine image.

People seem to be taking my point about quietly letting him go to mean that Google should have issued a press release or made a public announcement - no, that's not what I am suggesting, but its quite apt since reporting this matter to the authorities would have been akin to making a public announcement.

Re:Do No Evil

[nomadic]

If this case involved credit card numbers, what would your suggestion be then? What about this case does not scream invasion of privacy, misuse of privileges, abuse of trust and numerous other things?
Are those crimes, though? "Lock him up!" "But he didn't commit a crime." "Would you make the same excuse if he HAD committed a crime?" "Huh?"

Re:

[Richard_at_work]

How do you know he didn't commit a crime? The issue was never put infront of the police or a prosecutor so they couldn't make the judgment if a law was potentially broken or not and thus had no chance of bringing charges.

Your little dialog between two anonymous people assumes that he didn't commit a crime and uses that supposition to suggest that saying his actions should be referred to the authorities is wrong - my stance is that his actions are definitely morally and ethically wrong, and could indeed

I'm pretty sure Google has lawyers

[KingSkippus]

I'm pretty sure Google has lawyers. Furthermore, I'm pretty sure they were involved in the firing of this guy.

I think it's pretty silly and disingenuous to suggest that anyone, especially a company, should report unethical behavior to the authorities and let them sort it out whether or not it's illegal, especially when it's pretty likely that it's not. Again, we're not talking about someone stealing credit card numbers, which is clearly a crime. (And which, if I'm not mistaken, would require them to repo

Report him for what?

[KingSkippus]

...it should have been referred to the authorities...

Referred for what? As far as I can tell, the guy didn't do anything illegal. Creepy? Oh, hell, yeah, but illegal?

Fact is, I know that when I send and receive e-mail via Google, there are people in the company that has access to that stuff. I run a few web sites myself, and I hope that people understand that with root access to the server, I have access to everything they do, also. I even go so far as to point that out now and then. But I'm a pretty

Re:

[Kilrah_il]

mod +1 insightful

Always a concern

[Pojut]

You never know who is watching or listening in. People don't realize that every single thing they do online can, at some point along the pipe, be potentially seen by someone.

Not just online

[snspdaarf]

I know one or two telephone linemen who enjoyed listening in to phone conversations when they were supposed to be working.

Re:

[piffey]

Not just line men. We used to do that all the time as kids, just cause we figured out we could.

Re:

[nschubach]

What's so hard about hooking a speaker up to the phone line? ;)

Re:Always a concern

[bill_mcgonigle]

People don't realize that every single thing they do online can, at some point along the pipe, be potentially seen by someone.

Not if you're using end-to-end encryption without a public CA. Computer scientists have known this since 1977 and end-users have had tools since at least 1991. Key distribution is still hard, so it's not quite popular. We could really use some apps that securely exchange keys via phone "bumps".

Re:

[Sir_Lewk]

And I don't think you read what he wrote:

Not if you're using end-to-end encryption without a public CA.

Key distribution is still hard

Re:Always a concern

[sjs132]

An old friend of mine used to work for a high clearance group out in Colorado someplace. This is going back to 1995'sh... He has since gone silent (No contacts) , but I remember one conversation that we had had where he warned:

"If you want it to be a secret you better keep it in your head. Don't write it down, don't email it, don't call on the phone... Because if they want, they can know." (Paraphrased from so long ago...) But you get the point.

It was true then and even more so now. Who are "They"? Well, that's the problem... in 1995 I presumed it was the Federal Government that could disseminate the information to state/local. And under Homeland Security we do have "FUSION CENTERS" so you know that happens. But also it seems corporations of large magnitude can fall into it. If it is for "research, Statistics & Administration" then big whoop, but obviously it is a big temptation for people to abuse it once they are on the "inside."

Case in point would be Crystal Bowersox. She had her privacy violated multiple times in Ohio. Probably by people paid to dig up dirt for tabloids or something, but just like Google, Creepy.

http://www.dispatchpolitics.com/live/content/local_news/stories/2010/09/09/copy/ohio-apologized-to-idol-star-for-illegal-snooping.html?adsec=politics&sid=101 [dispatchpolitics.com]

http://content.usatoday.com/communities/idolchatter/post/2010/09/crystal-bowersoxs-privacy-breached-by-ohio-officials/1 [usatoday.com]

http://marquee.blogs.cnn.com/2010/09/09/ohio-apologizes-to-crystal-bowersox-for-security-breach/ [cnn.com]

http://www.google.com/hostednews/ap/article/ALeqM5i_29YKZdSnooBzedGCwrNGaqfyDgD9I4IR7G1 [google.com]

http://au.eonline.com/uberblog/b199540_why_were_cops_snooping_on_idols_crystal.html [eonline.com]

 

Happens on every website.

[onion2k]

Someone always has access to the data, and they're going to look at it at some point. The expectation that no one will be nosey when they're bored one day is just naivety (or stupidity). In this case the motivation is a bit creepier but on other websites people will be looking through "private" data when they're bored - be it Facebook messages, Twitter DMs, GMail emails, or Slashdot private journals.

If you want it to remain secure and unread by other people, don't put it where other people might access it.

Re:

[CraftyJack]

If you want it to remain secure and unread by other people, don't put it where other people might access it.

This is Google. They drive up and take pictures of your house.

Re:Happens on every website.

[Aqualung812]

This is Google. They drive up and take pictures of your house.

OMG! Pictures of my house, on a public street, where thousands of people can drive by and see it? MY PRIVACY IS RUINED! I might as well post my SSN on the Internet now!

Re:

[PhxBlue]

Could you post your date of birth and mother's maiden name, too? Thanks!

Re:

[buck-yar]

Many people have gotten fines from evidence collected on google earth. Specifically swimming pools that don't meet zoning, that would not be visible from public view (only satellite or airplane).

http://www.switched.com/2010/08/02/long-island-town-uses-google-earth-to-find-rogue-swimming-pools/ [switched.com]

Re:

[nschubach]

I think it's a matter of how many people have access to that information. While it's not "private", now people are shocked that that information can be stored and kept literally forever and searched by many.

Walking down the street talking on a cell phone is fairly private even though you are in a public place because people will tone you out, forget about what you said, or only catch parts of your conversation. However, if someone followed you around with a microphone you might get pissed off.

Re:

[Chrisq]

People will be looking through "private" data when they're bored - be it Facebook messages, Twitter DMs, GMail emails, or Slashdot private journals.

In the latter case they usually run out screaming "aaaaaghhhh...." never to be seen again. Access logs show they have been reading a file named "CowboyNeal's sexual fantasies".

Re:

[mikael_j]

In this case the motivation is a bit creepier...

Well, if the linked article has its guesses and quotes correct then it seems this guy was just trying to show off with his neat GEP (Google Employee Powers) and overstepped privacy boundaries doing so. Now, IMHO this is generally worse than just being curious or "nosey[sic]" but probably not creepier (I worked tech support just after college and I saw more than one "curious" co-worker search the customer database for members of the opposite sex who happened to live in the same city as we were in and who had

TFA firewalled off here

[mcgrew]

But I found anotherFA. [computerworld.com]

Re:

[Jeslijar]

according to this FA, it wasn't some creepy stalker type deal.

He found a techie group and wanted to impress them with his 'haxor' skills. It probably didn't come out until later that he worked for Google. It was a stupid move and an abuse of power, but it wasn't something as creepy as the original post here makes it sound.

"Barksdale's harassment did not appear to be sexual in nature, although ... [he] demonstrated extraordinarily questionable judgment. ... It seems part of the reason ... was to show off the

Big Google is watching

[Drakkenmensch]

"Is it 1984 already?" Daria

Duh

[ebonum]

Young single male admins at companies like Google and Yahoo are golden contacts. If you are looking to research something, they can help. For a price.

Re:

[M4n]

"Research something" or "Research something"?

Come on...

[grub]

...the question is: what's his /. ID? It must be in the 4 or 5 figure range.

This just in!

[mdm-adph]

Individual person does nefarious actions -- name of company he works for used in title of news article for salacious reasons. More at 11.

Re:

[crunzh]

mayor company that keeps houge amounts of personal data dont protect user data from employees, I think thats the story.

Re:

[kevinNCSU]

Well if the mayor of Google isn't properly protecting our user data then I'm certainly not voting for him again!!

Re:

[mdm-adph]

Barring not letting any employee see protected user data (a completely unreasonable practice), I don't see how this could have been prevented.

If simple forms and NDA's are good enough for HIPPA, it's good enough for Google.

Re:

[crunzh]

either encrypting userdata, or atleast limiting access or not giving access to multiple services. If he only had access to one of the services damages would be less, but he had access to both voice, email and google talk.

Re:This just in!

[Combatso]

so you think they should have left out Googles name? I for one will think twice about how private any emails / chats sent through google really are. Without getting in to a 'think of the children' rant here... the real story is this guy was spying on teenagers conversations, chatting with them... and actually unblocked himself... if one rogue employee at google can do this, than many more can... and I stand by theory that anything than can happen, will happen... So yeah... the company name belongs here..

Re:

[Dhalka226]

And what company do you think exists where nobody has access to this sort of information?

If your logic is "anything than[sic] can happen, will happen" then it is happening everywhere. You're out of luck.

Google knew something was wrong...

[GPLDAN]

Barksdale was working on GChat Roulette.

wonder if he did it for the lullz

[bl8n8r]

He sounds a little like an egomaniac windbag that hasn't grown out of adolescence yet (like a lot of geeks). I find it hard to beleive that anyone who wears a "Free the Mallocs" and "I Love toxic waste" t-shirts isn't going to keep tight-lipped about freaking someone out with his "m4d l33t 5k11z".

Cannot really be prevented

[gweihir]

As anybody with real system administration experience knows, what protects user privacy is that you do not look at their data without explicit permission. That means people with this level of access have to have certain personality traits, and a high level of personal integrity is the most important one. I guess this is just another failed Google hiring process result.

What now needs to follow is criminal proceedings resulting in a a rather unpleasant punishment. Oh, wait, the US does not have working privacy laws...

Re:

[Viol8]

"What now needs to follow is criminal proceedings "

Criminal proceedings for what? Reading some private stuff he legally had access to anyway and for wounding up some teens. Whats your verdict then judge? 30 years in max security?

Jeez, get a sense of perspective.

Re:

[ceejayoz]

I'm sure a DA could get him on a variety of wiretapping, invasion of privacy, unauthorised access to a computer system, etc. charges.

Luckily for David Barksdale, creepy kiddy stalker

[Rogerborg]

He - David Barksdale, notorious harasser of vulnerable teens, I mean - shares a name with a more famous chap, who will remain at the top of Google searches. Unless enough people start referring to David Barksdale primarily in the context of the famous freaky violator of childrens' privacy. You know, David Barksdale. The freaky creepy weird fucked up emotionally stunted probably-not-a-pederast basket case fired by Google for stalking children. That guy.

Re:Luckily for David Barksdale, creepy kiddy stalk

[Stiletto]

So you'd be willing to try to ruin some guy you don't even know over 'evidence' in a three-line Slashdot blurb? You want to at least wait and see if actual charges are filed, let alone a guilty verdict? Talk about jumping to conclusions...

Surprise!

[nomad-9]

Hardly surprising, since Google CEO Eric Schmidt's notorious "if you want privacy, you have something to hide" remark.

The problem with this guy power-tripping on some kids, was not that he didn't give importance to people's privacy - which is apparently along the lines of the company's general mindset - but that he got caught for being stupid.

Re:

[nomad-9]

Here's the citation you asked:

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

"And it’s important, for example, that we’re all subject in the United States to the Patriot Act... "

The "Patriot Act" was given as just one example, not as the main reason. The old "security versus privacy."

define 'quiet'

[WhitePanther5000]

Google, who quietly fired him

Not as quietly as they might have hoped...

Anybody still up for The Cloud ?

[obarthelemy]

This is a taste of things to come. Companies will do it. Subcontractors will do it. Employees will do it. Trainees will do it.

When you put your data out there... well, it's out there. Your choice. THis was Google's responsibility.. what was their punishment ? nothing.

Parents at Google lecture about child safety

[theodp]

Oops: Parents at Google in the US talking about child safety online [youtube.com], from the just-announced Google Family Safety Center [blogspot.com], apparently still in Beta.

Think of the children!

[Viol8]

Well , it had to be said :)

Federal laws were violated

[glittermage]

After RTA it appears that David Barksdale violated Google internal policies so that means some Federal ECPA laws were violated, specifically 18 USC 2701(a) [cornell.edu].

The exceptions outlined in voluntary 18 USC 2702 [cornell.edu] and mandatory 18 USC 2703 [cornell.edu] don't apply either.

If Google doesn't have a policy of handing privacy violations over to AUSA/Federal or local law enforcement then I would urge a review of Google's policies.

iso certification

[StripedCow]

Isn't there some ISO 9000 rule (or other standard) that says that admins cannot look at user data? And why isn't google adhering to this standard?

Google screwed up

[Coward Anonymous]

Evidently, Google does not have a process controlling the access of user accounts by employees of the company. Google needs to stop ignoring the fact that it is dealing with increasingly more private information on individuals and that like other organizations with such information (think banks) it needs to develop a full fledged process (with well defined protocols, auditing, etc.) to ensure that any access to a user's private information is authorized and accounted for.
Google wants to think of itself as a technology company where process is a hindrance. Google is too big to continue thinking and acting like that.
I'm guessing Google will not deal with this particular problem until it gets sued.

Re:

[gparent]

What do you want them to do, hang him high?

You can't prevent access to the info without stopping them from doing their jobs. All you can do is severely limit the access, and strike whenever someone abuses the right.

Re:

[sunking2]

When you hang a man, you better look at him.

Re:Did Google do enough?

[bberens]

Google has no grounds to prosecute the guy. The kids/parents may have some grounds based on harassment or something but the guy legitimately had access to that data, he just abused it. It happens, he was fired. I love these posts which act as if "my company" could never hire anyone who would abuse their access to data. It happens regularly at every company I've ever worked at to some degree or another. When it happens, you deal with it. *shrug*

Re:

[cervo]

They might. A lot of companies have huge disclaimers on all their systems. Something about people unauthorized to use a system or using it in excess of their authority will be prosecuted. They also typically include a blurp about information being intended for you as well....Also typically some type of consent to being monitored.

I would think that it is similar to an EULA and maybe could be enforced. Also most companies have an acceptable use policy and people who violate it can be subject to civil pe

Re:

[Spad]

There's little you can do.

Administrators of IT systems almost always require - or can trivially gain - access to personal data at some point in order to do their jobs and while sometimes there are signs that point to it, you often have no idea who's going to flip and start abusing their power until they've already started doing it.

The best you can do it put detection and auditing mechanisms in place and ensure that you deal with an violators swiftly, but you're never going to entirely prevent it from happen

Re:

[ScrewMaster]

Google should of stepped it up a bit and sent this guy off to jail to set an example.

Uh ... what? You do realize that a publicly-held corporation is not a law enforcement agency or a court of law, and can't actually send anyone to jail? The guy was fired, the company reported the incident, and if the cops think they have anything on the guy that will stick they'll charge him with something. That's how it works. The best an employer can do is to co-operate with law enforcement.

Besides, if you're that concerned about people reading your emails, run your own server, it's not hard, and the s

Re:

[srussia]

who watches the watchers?

meta-voyeurs?

Re:

[deek]

Smart and clever, sure. But immature and lacking self-esteem as well? That is a recipe for disaster, especially if you put them in a position of informational power.

A mature person, no matter how strange their thought processes, does not spy on the conversations of others (work purposes excepted), or brag about their hacking abilities. He may have had the smarts, but he didn't have the maturity for his position.

Google would do well to employ more older staff to help in this regard. This may not have hap

ah

[Chrisq]

What part of heaven is most popular?

...the fucking Cloud.