More information is coming to light about the situation with Google and David Barksdale, a Google engineer who used his access to the massive stores of data that Google has gathered about its own users to spy on the private lives (and data) of several Google users, who also happened to be minors. That’s right – Google employee David Barksdale was spying on children, even cyberbullying them, using the access that his position with Google afforded him to look at the private information of children. What’s more, it was going on for months.
Apparently, Barksdale first came into contact with at least four young teens while working in Google’s Kirkland, Washington office, meeting them through a Seattle area technology group.
In one case, according to reports, one of the youths started dating a girl, and when he refused to tell Barksdale the name of his new girlfriend, Barksdale simply accessed the boy’s Google account and found both her name and phone number (and, say some accounts, then threatened the boy with calling her).
He’s also accused of spying on other youths, invading their contact lists, reading their Internet chats, and in one case even unblocking himself as a Chat buddy after one of the teens had blocked him in an attempt to cut off communications with him.
Astonishingly, nobody has mentioned, in any of the accounts, that what Barksdale was doing was actually cyberbullying these young teens!
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
While the parents of the children whose privacy had been invaded by Barksdale attempted to block him from access to their children and their accounts (how scary that they could not lock him out!), Google quietly started to look into the situation.
Last week, it was announced that Barksdale had been let go. Said Google Senior VP of Engineering, Bill Coughran, in a prepared statement:
“We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls – for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously.”
Did you catch that last line? “…a limited number of people will always need to access these systems if we are to operate them properly…” There’s the dilemma.
It is absolutely true that some Google employees will need access to the private data of Google users (and make no mistake – you can easily substitute any other data-gathering or data storage service for “Google” here) in order to ensure that the system runs smoothly – or at all.
So, how does such a company ensure that someone they hire who will have access to our private, personal data doesn’t, you know, access that data when they shouldn’t.
And, for that matter, is there ever a time when they should access that data?
On our company server, I have access – the power, if you will – to look at any of our staff’s email. I have the access, but I would never use it – and there is never a time that I can foresee that I should access it. Period.
In the case of Google, do they have a set of operating policies and procedures that spell out when, if ever, it is appropriate – necessary – for an employee to actually access the private data of a user?
(On a side note, if your company does not have such a set of written policies in place, they certainly should, and they should be put in place asap. And I would certainly expect that a company of Google’s size and stature does have such policies in place – in fact I would be shocked if they didn’t).
Having such policies in place not only informs employees’ actions and decisions, but it also makes it much easier to know exactly what to expect from a company – how to deal with a situation – if and when a breach of those policies arises.
(Google has already admitted that a similar security breach had occurred earlier, although that case did not involve minors. The employee in that instance was also fired.)
In addition to having policies in place, though, the question of hiring policies and practices comes into question. How does Google (or any similar company) screen those who are applying for positions in which they will have such a high level of private data access?
Then, how you hire and how you fire for such positions of trust is just the beginning.
How do you monitor those in such positions?
How is it possible that Barksdale was, apparently, spying on, teasing, and intimidating, Google’s own users – minors even – for months without detection?
And, how do you ensure that it doesn’t happen again.
Is that even possible?
And if the answer to that question is “No” – if in fact nobody can really always be watching the watchers – then what the heck are we doing entrusting our private data and information to them?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
This isn’t that much different than any place that stores date – your doctor’s office, the hospital, your insurance company, your bank, etc. All these organizations have access to your private data. Some people in each organization NEED to have access to your data to do business. Some people will always abuse that privilege. Companies must always have measures in place to deal with these issues when they occur. I don’t think there is ever going to be a way to stop it completely.