September 18, 2010

Google violating user privacy again

There was yet another user privacy violation at Google. This time a Google engineer - David Barksdale, 27 - had accessed users accounts curious about their voice calls, chats and contact lists. Barksdale has been fired but Google also acknowledged that such an incident has happened before with another employee, also terminated.

Barksdale accessed the accounts of a few minors apparently to impress them with his administrative access level. Google said that there was no sexual motive in his actions. I'm curious about the ethics training that the data collecting giant's employees take part in.

Gawker reports:

"It’s unclear how widespread Barksdale’s abuses were, but in at least four cases, Barksdale spied on minors’ Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he’d befriended, Barksdale tapped into call logs from Google Voice, Google’s Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid’s account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her."

This problem is pretty sensitive as Google gathers information about chats, emails, videos watched, blogs, voice calls, articles read, pages seen, search queries and so on.. If we are to trust them with our data they better get their employees straight and keep our data available only for the use of search bots and advertisement purposes.

Bear in mind that Google possesses more information about its users than probably the worlds intelligence agencies combined. Talking about a *true* know-it-all. I would probably suggest that the big G should only employ people with the appropriate security clearance, training and certifications for positions that deal closely with user data.

Google Senior Vice President, Engineering stated (per Gawker):

"We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously."

Let's just hope that this isn't a bold PR statement (although it surely is PR) and that Google will do something about this.


SANS Institute
The Register

No comments:

Post a Comment