Google Tech Stalks & Spies On Minors

Discussion in 'News & Current Events' started by allheart55 (Cindy E), Sep 15, 2010.

  1. Online
    allheart55 (Cindy E)

    allheart55 (Cindy E) ADMINISTRATOR Administrator

    Joined:
    Jun 11, 2009
    Messages:
    6,834
    Location:
    Pennsylvania
    Google Engineer Stalked Teens, Spied on Chats (Updated)
    [​IMG][​IMG]
    We entrust Google with our most private communications because we assume the company takes every
    precaution to safeguard our data. It doesn't. A Google engineer spied on four underage teens for months
    before the company was notified of the abuses.

    David Barksdale , a 27-year-old former Google engineer, repeatedly took advantage of his position as a member
    of an elite technical group at the company to access users' accounts, violating the privacy of at least four minors
    during his employment, we've learned. Barksdale met the kids through a technology group in the Seattle area while
    working as a Site Reliability Engineer at Google's Kirkland, Wash. office. He was fired in July 2010 after his actions
    were reported to the company. [Update: Google has confirmed the security breach. An update appears below.]
    It's unclear how widespread Barksdale's abuses were, but in at least four cases, Barksdale spied on minors' Google
    accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-
    year-old boy who he'd befriended, Barksdale tapped into call logs from Google Voice , Google's Internet phone service,
    after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid's
    account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her.

    In other cases involving teens of both sexes, Barksdale exhibited a similar pattern of aggressively violating others
    privacy, according to our source. He accessed contact lists and chat transcripts, and in one case quoted from an IM
    that he'd looked up behind the person's back. (He later apologized to one for retrieving the information without her
    knowledge.) In another incident, Barksdale unblocked himself from a Gtalk buddy list even though the teen in question
    had taken steps to cut communications with the Google engineer.

    [​IMG]
    What motivated Barksdale to snoop on these teens is not entirely clear. Our source said Barksdale's harassment did not
    appear to be sexual in nature, although his online communication with the minors (such as inviting underage kids to go to
    the movies with him) demonstrated extraordinarily questionable judgment on Barksdale's part. My gut read on the
    situation was that there wasn't any strong sexual predatory behavior, just a lot of violating people's personal privacy,
    our source explained.

    Barksdale declined to speak with us by phone. Via email, however, he confirmed that he'd been fired by Google, although
    he refused to elaborate on the circumstances behind his departure or the specific allegations made against him. You must
    have heard some pretty wild things if you think me getting fired is newsworthy, he responded by email.

    It seems part of the reason Barksdale snooped through the teens' Gmail and Gtalk accounts was to show off the power
    he had as a member of a group with broad access to company data. A self-described "hacker," Barksdale seemed to get
    a kick out of flaunting his position at Google, which was the case when, with a friend's consent, he pulled up the person's
    email account, contact list, chat transcripts, Google Voice call logs—even a list of other Gmail addresses that the friend
    had registered but didn't think were linked to their main account—within seconds. The friend wasn't concerned; Barksdale
    seemed to him to be a "silly," good-natured nerd.

    The parents of the teens whose Google accounts were violated by Barksdale were hardly amused, however. Several attempted
    to cut off Barksdale's access to their children and withdrew them from the technology group where they'd first encountered
    the Google engineer. (Barksdale was kicked out of the group after his abuses came to light.) In July, officials at Google were
    notified of Barksdale's actions. We've obtained an email exchange between one person who complained about Barksdale to
    Google and Eric Grosse , an Engineer Director in Google's security group at the company's Mountain View, Calif. headquarters.
    Grosse quickly responded to the complaint with a curt email: "Thank you very much for reporting; we'll investigate quietly and
    get back to you if we need anything more."

    [​IMG]
    If Google was already aware of Barksdale's privacy violations, Grosse didn't mention it. But while Google seemed initially helpful
    and friendly when dealing with those who'd notified Google of his conduct, they became increasingly tight-lipped as company
    officials realized the seriousness of the problem.

    Later, when asked if Google had taken steps to deal with Barksdale, Grosse would only say, "I am personally satisfied that we've
    taken decisive steps to limit any additional risk." When emailed again several weeks later about whether Barksdale was still
    employed by Google, or if the company had determined the extent of his privacy violations, Grosse refused to get into any
    specifics: "Google has taken the appropriate actions, I can't say more."

    Right around the same time, Barksdale was quietly fired by the company.

    It's no surprise that Google execs were skittish about discussing the case in detail. Site Reliability Engineers (or SREs) have
    access to the company's most sensitive data. Responsible for a variety of tasks including responding to technical difficulties
    across Google's ever-expanding portfolio of products, SREs are given unfettered access to users' accounts for the services
    they oversee, according to a former SRE who left the company in 2007.

    [font="Comic Sans MS"]If you're an SRE, for instance, on Gmail, you will have access to mailboxes because you may have to look into the databases,
    the former Google SRE who did not work with Barksdale explained to us by phone. You'll need access to the storage mechanisms,
    he explained, pointing out that in order to determine the cause of a technical issue with Gmail, an SRE might have to access emails
    stored on Google's servers to see if data is corrupted.

    [font="Comic Sans MS"]Barksdale's intrustion into Gmail and Gtalk accounts may have escaped notice, since SREs are responsible for troubleshooting
    issues on a constant basis, which means they access Google's servers remotely many times a day, often at odd hours. I was looking
    at that stuff [information stored on Google's servers] every hour I was awake, says the former Google employee. And the company
    does not closely monitor SREs to detect improper access to customers' accounts because SREs are generally considered highly
    experienced engineers who can be trusted, the former Google staffer said.

    [font="Comic Sans MS"]"There's a whole bunch of trust involved. There's a lot of data inside Google, and I'm willing to bet some of it is really valuable.
    But for me and the people I worked with, it was never worth looking at."

    [font="Comic Sans MS"]It's unclear how many accounts Barksdale inappropriately accessed while employed by Google, or if the company has conducted
    a thorough investigation into possible privacy abuses by other employees. (Calls to Google for comment were not returned.) It's
    also not clear what measures are in place to prevent Google staffers from snooping on users.

    [font="Comic Sans MS"]The Barksdale case comes as Google has attempted to address concerns about privacy by [url="http://www.wired.com/threatlevel/2010/01/google-turns-on-gmail-encryption-to-protect-wi-fi-users/"][font="Comic Sans MS"]encrypting [/font][/url][font="Comic Sans MS"][font="Comic Sans MS"] Gmail to protect messages
    from hackers, and by [url="http://techcrunch.com/2010/09/03/google-privacy-policy-update/"][font="Comic Sans MS"]simplifying [/font][/url][font="Comic Sans MS"][font="Comic Sans MS"] its privacy policies to make them more comprehensible to users. Ironically, just last week Google
    [url="http://googleblog.blogspot.com/2010/09/announcing-our-new-family-safety-center.html"][font="Comic Sans MS"]launched [/font][/url][font="Comic Sans MS"][font="Comic Sans MS"] its Family Safety Center, dedicated to helping parents keep their children safe on the Internet. But as this disturbing
    incident suggests, the biggest threat to kids' privacy might be Google employees themselves.

    [b][b][font="Comic Sans MS"]Update: [/font][/b][font="Comic Sans MS"][/font][/b][font="Comic Sans MS"]
    [font="Comic Sans MS"]Google [url="http://techcrunch.com/2010/09/14/google-engineer-spying-fired/"][font="Comic Sans MS"]has released a statement [/font][/url][font="Comic Sans MS"][font="Comic Sans MS"] confirming it fired Barksdale for privacy violations:

    [indent][font="Comic Sans MS"]"We dismissed David Barksdale for breaking Google's strict internal privacy policies. We carefully control the number of
    employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly
    increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number
    of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously."

    — Bill Coughran, Senior Vice President, Engineering, Google
    [url="http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-on-chats?skyline=true&s=i"][b][color="#000000"]Full Article[/color][/b][/url]

    [/font][/indent][font="Comic Sans MS"][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font][/font]

Share This Page