How Google Spies on Its Employees

At Google, a seemingly innocuous action can earn an employee the attention of the company's corporate security department. The Information: For example, when Google wants to find out who has been accessing or leaking sensitive corporate information, the company often homes in on employees who are thinking about leaving it. In the past, its security teams have flagged employees who search an internal website listing the cost of COBRA health insurance -- which gives workers a way to continue their coverage after leaving their employer -- for further investigation, according to a person with direct knowledge of its tactics. Employees who draft resignation letters or seek out internal checklists that help workers plan their departures from Google have also faced similar scrutiny, the person said. It has even looked at who has taken screenshots on work devices while running encrypted messaging services at the same time, according to current and former employees with knowledge of the practices. Bulk transfers of data onto USB storage devices and use of third-party online storage services can also raise eyebrows among Google's security staff.

Re: CORBA

[AcidFnTonic]

I know right... need some SOAP to wash it off and take a Rest with Jason.

Re:

[YetAnotherDrew]

And I misread the headline as "How Gargle Spits And Then Squeegees" and just had to post it here.

so it's like the 90's again?

[known_coward_69]

Many stories of people giving their two weeks and being fired right away and given their two week checks shortly after. or being refused access to company info.

If someone is leaving of course you want limit access to sensitive data. kids are so naive these days

Re:

[serviscope_minor]

Of course?

That's total bullshit no you don't. I don't think I've ever left a job without months of notice. What are they going to do? Give me a free 3 month holiday and no chance to hand over my work?

Places with actual important secrets covered by security clearance don't pull this bullshit.

Re:

[Baconsmoke]

That's not always true. Your insulting response was uncalled for and simultaneously in the wrong. Companies that have clearances quite often will have people in IT and Security leave on the day of their resignation and will give them a check for those two weeks. Is that always the case? Of course not, but it most certainly happens on the regular. And no if you give three months of notice they don't pay you for the three months. They pay you for two weeks plus whatever PTO you have accumulated.

Re:

[t0qer]

Things have changed a lot in the workplace depending on where you work. Even in places with security clearances, I've known guys that were told to hand over their CAC and were then escorted off base with no warning (It was a HUGE fuckup). It really boils down to how much you know, and how well you're liked.

So for me it depends on where I'm working. I worked for a place that I knew wouldn't give me 2 weeks when firing me, so I showed up in the AM, handed HR my gear and a sheet full of passwords. I bailed w

Re:

[ayesnymous]

They don't have to worry about those kids, who apparently don't even know what files or directories are nowadays.

Re:

[BardBollocks]

what i want to know is why we need to be logged in to post, but can still post anonymously.

If slashdot removed the post anonymously stuff, we would be able to recognise the shitposters/propagandists.

seems the system is being setup to allow it.

Time to screw with the security types

[TheMiddleRoad]

Search of COBRA... but then GI Joe.
Download massive amounts of linux distributions at work and load them onto your flash drives.
Take screenshots of puppies while the encrypted app is in the background.
Talk about leaving and then go out for lunch.

If only security types had senses of humor.

Now that's what I call Social Justice!

[HanzoSpam]

Given that Google's employees are spying on everyone else, color me unsympathetic. What goes around, comes around.

All very common

[brunes69]

Everything described in this post is common at basically any Fortune 500 company with a capable cybersecurity department. This is standard risk analysis.

Re:

[Ostracus]

Bulk transfers of data onto USB storage devices and use of third-party online storage services can also raise eyebrows among Google's security staff.

We'll never have another Snowden again.

Re:All very common

[BardBollocks]

yeah we will - there will always be staff at the top of the security tree who know how to get around it.

Re:All very common

[LVSlushdat]

Sure, if you're writing resignation letters, searching for COBRA info, or looking at job boards ON COMPANY COMPUTERS, the company is perfectly in the right to start checking you out under the microscope. THIS is why you do that kind of stuff ON YOUR EQUIPMENT, AT HOME or somewhere else besides work...

Re:

[Anonymous Coward]

Everything, EXCEPT the COBRA searching, should be fair game.

Information on COBRA is on your internal HR site/portal and ranks up with other benefits related items that organizations aren't supposed to act upon.

Yes, HR is to act in the benefit of the employer, not the employee - but there are limits dictated by Dept. of Labor (hiring/firing), SEC (401K), ERISA (Pensions & health plans), etc. Basically, the company shouldn't act on an employee's attempt to understand their benefit package, or decisions m

Re:

[jamesL70]

You should be able to search for legitimate information (COBRA info) on the internal company website with security flagging it and holding it against you.

Re:All very common

[BeerFartMoron]

Whew, thank goodness Google doesn't watch what anyone does on the Internet when at home.

Re:

[whoever57]

searching for COBRA info

They can almost certainly identify an employee searching for COBRA information, irrespective of which computer they use.

Re:All very common

[swillden]

Everything described in this post is common at basically any Fortune 500 company with a capable cybersecurity department. This is standard risk analysis.

Indeed, and Google employees are regularly reminded that they have no expectation of privacy on corporate computers. My corporate phone (I work for Google) says "This device belongs to your organization" on the lockscreen and regularly pops up a notification with a more thorough explanation that my device and everything on it may be monitored.

Re:

[swillden]

Indeed, and Google employees are regularly reminded that they have no expectation of privacy on corporate computers. My corporate phone (I work for Google) says "This device belongs to your organization" on the lockscreen and regularly pops up a notification with a more thorough explanation that my device and everything on it may be monitored.

What are you expected to use the phone for (and when)? That level of monitoring would make me think hard about carrying the device and using it outside of business hours.

I use it for everything. I have no concerns about it.

A lot of this is fairly common

[redmid17]

Many, if not most, corporations block USB, messaging apps, and 3rd party hosting sites by default. I've worked at companies that disabled ability to send attachments after a resignation has been tendered. That was really fun after my direct report decided to leave and I had to email every attachment for him to our client.

The screenshot part is kind of creepy but encrypted messaging apps would raise security flags regardless of a person leaving or not. Most of these actiities, save the Cobra search, are not things I'd be doing on a work computer though. In a world with ubiquitous smart phones with data capabilities, it doesn't make much sense to use your work laptop which is tied to an acceptable use policy and all sorts of monitoring / security limitations.

Re:

[Anonymous Coward]

Most of these actiities, save the Cobra search, are not things I'd be doing on a work computer though.

For some, they may only have the work issued computer, and even the work issued phone. The over mixing of work/life is common for a certain generation of employee, and it can easily come back to bite them at some future point.

Accessing the "Sharks with lasers" file is a no-no

[Babel-17]

And it triggers the opening beneath your chair. https://www.youtube.com/watch?... [youtube.com]