Google has reportedly fired a systems engineer after he accessed private details from the Gmail, Google Voice and instant messages of four users.
According to a report by Gawker, in at least four cases, David Barksdale spied on minors' Google accounts without their consent, according to a source close to the incidents. The report claimed that Barksdale accessed contact lists and chat transcripts, and in one case quoted from an IM that he had looked up behind the person's back.
Communicating by email, Barksdale said that he had been fired by Google, although he refused to elaborate on the circumstances behind his departure or the specific allegations made against him. “You must have heard some pretty wild things if you think me getting fired is newsworthy,” he responded by email.
Gawker claimed that site reliability engineers (SREs) have access to the company's most sensitive data, and are given unfettered access to users' accounts for the services they oversee, according to a former SRE who left the company in 2007.
A statement from Google, published by TechCrunch, confirmed that it fired Barksdale for privacy violations. Bill Coughran, senior vice president of engineering at Google, said: “We dismissed David Barksdale for breaking Google's strict internal privacy policies.
“We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls. For example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly, which is why we take any breach so seriously.”
Following the incident, Google has stated that it has greatly increased the time that it devotes to checking logs in order to pick up on any undesirable employee activity that could put customer data at risk.
Ed Macnair, CEO of Overtis, said: “Wherever a company is holding large amounts of customer data, there is a risk that this will be surreptitiously viewed by employees with privileged access. Google has stated that it is increasing its monitoring, but this comes after the breach has occurred and customers' privacy has been compromised.
“Controlling and recording precisely who has accessed data and regularly reviewing activity logs to spot any adverse behaviour, is the only way to mitigate this risk and prevent systems administrators from abusing the trust of their employers and customers.”