Sept 15, 2010
Source: Gawker
What number security breach is this?
Remember Google Street View vehicles that were accessing wifi info as they drove by? Hasn’t stopped them from continuing to collect wifi data.
This time an internal Google employee (allegedly) used his position to (allegedly) access four teenager’s (female and male) accounts FOR MONTHS before the teenagers’ parents contacted Google.
Google had no idea what their own employee was doing.
Gawker: And the company does not closely monitor SREs to detect improper access to customers’ accounts because SREs are generally considered highly-experienced engineers who can be trusted, the former Google staffer said.
How have they proven they can be trusted when there is no procedure in place to check their trustworthiness?
The only reason this guy was caught is because the parents notified Google. So who is making sure Google has investigated to see if other kids were involved who never notified their parents?
It is being reported that Barksdale’s cyberstalking “did not appear to be sexual in nature” even though there is no mention of what Mr Barksdale did with the information and what type of sexual release it might have brought him.
According to Gawker, Barksdale (allegedly) accessed a teenager’s account because one of the terrorized boys wouldn’t share the name of his girlfriend.
In an incident this spring involving a 15-year-old boy who he’d befriended, Barksdale tapped into call logs from Google Voice, Google’s Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid’s account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her.
I consider that to be of a sexual nature. Why else does a 27 y/o man care what a 15 y/o boy is doing and who his minor girlfriend is? How safe do you think that girl feels?
And how far did Barksdale actually go? He allegedly had met the teens in question in person. Did he steal personal pix/video of them? And what are the chances this is the first group of kids Barksdale did this to?
Most of all, why is what he did not a punishable crime?
Barksdale, an adult, was (allegedly) cyberstalking minors by (allegedly) accessing their private password protected Google accounts. Where is the mystery other than it hasn’t been proven in a court of law?
We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously.
If some random person hacked into another person’s account it would be a crime. Case in point: David Kernell, son of Democrat State Rep Michael Kernell, hacked into Sarah Palin’s email account and was convicted of a felony and faces jail time. Now add in that the cyberstalker/cyberharasser was a Google employee and that it involved multiple minors over a period of months. Children were victimized by an adult in a position of authority in a company that provided the minors a service – how is that not a crime?
And who is making sure this is not a pattern of behavior of Google employees?
The only way that will be known is if an external agent investigates the incident. I hope the parents are suing Google so there is some type of accountability.
Was Google planning this or was it brought about in response to Barksdale?
Gawker: Ironically, just last week Google launched its Family Safety Center, dedicated to helping parents keep their children safe on the Internet. But as this disturbing incident suggests, the biggest threat to kids’ privacy might be Google employees themselves.
It comes down to arrogance. Why is Google so arrogant to believe their employees are trustworthy? If anything, they should have security procedures in place like the FBI/CIA because Google employees have access to private citizens, politicians, companies, governments and personal acquaintances’ allegedly personal information. It is counter intuitive that a company who employs top line hackers and supernerds (affectionate) does not have a security system that spies on the very same people. And what are the chances that none of Barksdale’s fellow employees knew nothing?
The solution is very easy.
Every 24 hours, randomly assign one employee to audit the logs of another employee with no two people auditing each other on the same day. Then require the employees to account to a third employee, also randomly assigned. That way a lone offender would be easily caught and it would require a long list of conspiracists to look the other way. And Google wouldn’t have to “significantly increas[e] the amount of time we spend auditing our logs to ensure those controls are effective” to make sure their employees aren’t spying on folks and creepily [and illegally] inserting themselves in teenagers’ lives.
What are the chances Google is manipulating *David Barksdale* search results.
