While this is a case of an individual breaching protocol, Google acknowledged that a similar incident had happened before. They have promised to improve their internal security measures and will introduce more stringent restrictions on employee access to user data. However, these policy changes don't address the core problem of huge repositories of personal information that have the potential to be exploited in a variety of ways by employees or hackers.
Thursday, September 16, 2010
Somebody Didn't Read the Company Motto
A pair of recent violations by Google employees highlight the risks to individual privacy associated with the growing amount of personal information being collected by companies like Google and Facebook. Engineer David Barksdale was fired after having accessed the accounts of four minors. He viewed their Google Voice call logs, chat transcripts and contact lists in order to gain personal information. According to accounts in Wired and Tech Crunch, his motivation was petty rather than criminal, but it's still troubling. Also troubling is that Google chose to treat this violation as an internal matter rather than as a criminal breach of cyber law.
Subscribe to:
Post Comments (Atom)
Betsy, I would argue that Google would be the best authority to deal with the issue, rather than turn it into a cyber-crime. Opening this up to a criminal trial (not sure the exact procedure required in that), but that could expose the data in a larger way, or provide hackers with clues as a way to access this information.
ReplyDeleteI personally am not bothered by the repositories of data that they have collected (despite how damning it would be to me ;)!). So long as they don't just simply sell it, but use the data to improve what they do. Many of the advances in gmail or google search have come from studying consumer behavior, and our data. The benefits of what they can provide are limited to the amount of data that they can collect and how they can synthesize it. Probably just my naive and optimistic outlook on life and the modern-super corporation :).
What would you have them do with the data? I guess that they would do the best job protecting it, since it is of HUGE financial interest for them to do so (that initiative would not be there for the government for example). Or would you rather that no data be collected at all? If it's the price I pay for a solid search engine (admittedly I'm a Yahoo! man myself - both in yahoo mail and yahoo searches), then I'd rather do that than pay by the search.
Very interesting article though, and something to definitely keep an eye on!
Tim,
ReplyDeleteThanks for the thoughtful reply. The reason I'm bothered by Google's not turning over the employee to the police is that, if he were an external hacker, he would have violated some pretty serious cyberlaw statutes that make him eligible for somewhere in the 15+ years category for jail time. Handling it as an internal HR matter sends the message to other employees that messing with customer data isn't such a big deal. Knowing that there are major legal ramifications to misuse of sensitive information, while not foolproof, works as an effective deterrent in other sectors like finance and medicine. I think personal information should be just as highly protected.
Admittedly, I was also a little sensitive to Google's attitude about privacy since this closely followed Schmidt's comments about every kid needing to change their name when they start looking for jobs. He seemed pretty cavalier and this reaction further reinforced the idea that he sees his customers as a tool rather than people.
Even though I'm a little worried about privacy, I'm a dedicated Google user - Droid, Gmail, Calendar, Chrome, etc. etc. I've also run a bunch of keyword, Facebook and other online ad campaigns. I think that's why the way this was handled bothered me. I am complicit in their using my information for marketing and trend analysis but I trust that they are going to protect that huge bank of information from getting into the wrong hands. An incident like this that shows the holes in their systems makes me wonder if my trust is misplaced and whether this amount of information is ever able to be really protected.
Make sense?