Google has confirmed that one of its employees has been fired for breaking into the accounts of several children, shining a light on just how easy it is for a Googler to access supposedly private data.
The claim that 27-year-old engineer David Barksdale had been misusing his access rights to spy on four young teenagers was first made by Gawker's Valleywag
, which criticised the search giant for not making public the reason for Barksdale's departure from the company in July.
Since the story went live, Google's senior vice president of engineering, Bill Coughran, has issued a statement that clarifies that Barksdale was "dismissed [...] for breaking Google's strict internal privacy policies.
" Coughran goes on to claim that Google's managers "carefully control the number of employees who have access to our systems, and we regularly update our security controls - for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective.
The issue appears to have come from Barksdale's position as a Site Reliability Engineer, or SRE. According to Gawker's sources, SREs are entrusted with complete access to the section of Google's services that they are in responsible for monitoring, including the ability to access accounts on those services.
It's this access that Barksdale has apparently misused, in order to monitor the communications of young teenagers he had befriended - and in at least one case to call a boy and taunt him with information obtained from his Gmail account.
While Barksdale has been ejected from Google's employ, and the company has promised to up its auditing to detect similar breaches of its users' privacy quicker in the future, the fact that it took several complaints from those affected by Barksdale's actions to get Google to act is likely to ring alarm bells with those already concerned about the company's approach to personal privacy.
Are you shocked that Google would allow its employees such unfettered access to sensitive personal details, or is this sort of thing unavoidable in a company in the cloud computing business? Is there anything Google should be doing to mitigate the risks of such breaches? Share your thoughts over in the forums