A significant privacy breach from a Google engineer has web privacy experts questioning the Mountain View, Calif. company's control system and transparency methods.
David Barksdale, a 27-year-old engineer who worked in Google's Seattle office, leveraged his role as a member of an elite technical group to access private data about minors. Google fired Barksdale after getting complaints from the minor's parents.
"We dismissed David Barksdale for breaking Google's strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls--for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly, which is why we take any breach so seriously," Bill Coughran, Google's senior vice president of engineering, said in a statement.
For web privacy experts, the Barksdale incident is a huge red flag. Furthermore, Google reportedly told TechCrunch it was not the first time one of its engineers was fired for a privacy breach. Even though these are largely isolated incidents for a 10-year-old company with approximately 20,000 employees, it does signify some within the company has access to people's critical, private data. What they do with it, is up to them.
"We don't know who can see our data and we don't know who gets access to our passwords or are sensitive information," Siva Vaidhyanathan, an associate professor of media studies at the University of Virginia and author of 'The Googlization of Everything,' said. "That's because there are no laws that require Google or Facebook or Amazon or anybody with large amounts of private data to inform us of their level of insecurity. None of these companies have the incentive to be honest or truthful, but we're asked to trust them anyway."
Many like Michael Zimmer, associate professor at the University of Milwaukee-Wisconsin's School of Information Studies, says an incident like this comes from natural instincts. He says it's up to companies like Google to install control methods to prevent it from ever happening.
"It's human nature that if you have access to something, you're going to want to peek. You hear about hospitals peeking at medical files of celebrities, it's the same kind of thing," Zimmer said. "They have to make sure there is some kind of barrier in order to gain that kind of access. There also needs to be a recording audit that tells who has access, and then they would have to report some kind of log in information."
Both Zimmer and Vaidhyanathan admit it's plausible Google does have those kinds barriers and auditing trails already in place. However, with its lack of transparency, it's impossible to tell.
"They don't let us see their access or control methods, there's no transparency there. We have to take them for their word," Zimmer said. "Most people use Google, or Facebook, or something else without realizing there are people at that company that can access their data. Maybe Google needs to come out from a PR standpoint and provide more detail about how they protect data and how many people have access to it."
In the case of Barksdale, Vaidhyanathan said he would even have been more comfortable had Google said they handed the case off to a U.S. attorney. If that were the case, he said he would at least know the U.S. attorney would treat it as a felony.
"If I hack into a Gmail account it's a serious crime, why is it different for a Google employee? If they could alleviate those concerns, it'd be fine. But they don't. They know everything about us and we know nothing about them," Vaidhyanathan said.
The only solution to Vaidhyanathan is for a congressman to take on the issue and implement legislation. "There's too much important stuff on servers by companies with no oversight or regulation. If this doesn't do it, I don't know what will. It may take someone getting hurt," he said.
Zimmer said at a data intensive company like Google, letting a privacy stalker like Barksdale slip through the cracks is bound to happen. He said while the focus on data has created useful applications, with so much of it floating around, it's hard to audit all of it.
Meanwhile, Google declined to further discuss the Barksdale case. It did say its always evaluating and improving security practices and over time it has significantly reduced the number of people with access to these internal systems.
About International Business Times
The International Business Times is composed of twelve high-growth online editions (ibtimes.com) that give readers local reports balanced with multinational perspectives. Exclusive and transparent insights from global markets make The International Business Times an indispensable news source for business-minded individuals.