
Can high ranking employees at Google view my personal information? - privacyisdead
Yes, there are policies but there have been verified stories of personal privacy being violated by others and Google is probably the biggest offender when it comes to privacy violations. Employees that get to manage large swathes of personal information (brain&#x2F;research groups) could potentially retain access and I&#x27;m curious what you all think.
======
cypherpunks01
Not Google-specific, but access to production servers in the industry is
heavily restricted to server ops roles so the majority of employees, even high
ranking ones, do not have unfettered server/db access.

High ranking Google SRE's, on the other hand, can view your personal
information as their job is to run and maintain the production servers where
your personal information lives. I don't know what portion of Google employees
are SREs but I would guess much less than 5 percent.

I don't agree that Google is a major offender as far as negligent or malicious
data/privacy leaks. Their security seems fairly top-notch, especially
considering the context of new hacks/leaks that come out constantly from other
companies.

~~~
illys
"Their security seems fairly top-notch"

That sounds optimistic: a mass-leak would be a major company issue touching
its credibility, with a possible black-out if the hackers do not make it
public. Think of Yahoo: how many years to admit a massive leak?

In addition, who can be sure there are no DBA leaving with data on USB keys?

~~~
androidbishop
This is an easy thing to confirm, and I guarantee you that nobody with
physical access to machines also has access to any data ON those machines, nor
can anybody simply copy over some data to a usb stick and walk out with it. We
have a highly complex system with very strict security protocols, and the mere
act of inserting a usb into a server in production would not only fail to
work, but it would set off alarm bells like you wouldn't believe.

------
jedmeyers
From my personal communications with Google employees not directly involved
with the tasks of maintaining correct customer data: they themselves did not
have access to it, and they knew some people involved in analytics who could
only access anonymized variants of said data. So from outside it looks like
the access is on the "need to know" basis, as it should be.

------
oppositelock
I used to work at Google as an engineer. Accessing user data in production
systems was a fireable offense if you didn't have permission to do it, and
permission was seldom given - you don't need actual user data to test stuff,
since user-like data is sufficient.

Technically, it's possible to access it, bit no one person can do it without
oversight.

~~~
atomical
Has anyone ever been fired for doing it?

~~~
NotSammyHagar
Yes, absolutely. There was someone fired when I worked there for looking up
personal info on people.

------
skj
Citations needed on those violations.

(I work for Google, and cannot access your data)

~~~
__john
An old story (from 2010)

[http://gawker.com/5637234/gcreep-google-engineer-stalked-
tee...](http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-
on-chats)

[https://www.wired.com/2010/09/google-
spy/](https://www.wired.com/2010/09/google-spy/)

I'm sure if you dug around you could find more. I'm certain it doesn't happen
often. I'm not sure how accurate the "source" in those articles is but ...

> "We dismissed David Barksdale for breaking Google's

> strict internal privacy policies. We carefully control

> the number of employees who have access to our systems,

> and we regularly upgrade our security controls–for

> example, we are significantly increasing the amount of

> time we spend auditing our logs to ensure those controls

> are effective. That said, a limited number of people will

> always need to access these systems if we are to operate

> them properly–which is why we take any breach so seriously."

> — Bill Coughran, Senior Vice President, Engineering, Google

~~~
chatmasta
Totally unrelated, but when is gawker going to disappear? Didn't they declare
bankruptcy? Who is paying the server bills?

~~~
1123581321
Univision bought Gawker during the bankruptcy and still owns them.

------
idlewords
"There have been verified stories of personal privacy being violated by others
and Google is probably the biggest offender"

What verified stories are you referring to?

------
snarf
When Google Photos was mistakenly identifying black people as gorillas in
2015, there was a tweet where the Chief Architect for Social was asking the
user who reported the issue for permission to examine the data in his account:

[https://twitter.com/yonatanzunger/status/615356310410760193](https://twitter.com/yonatanzunger/status/615356310410760193)

It's not entirely clear who "we" is in that tweet.

~~~
nthcolumn
we == Yonatan.

------
ManlyBread
Definitively yes, and not just high-ranking ones.

A while ago I have been contacted by a Google recruiter several times over
e-mail, which I found bizarre, as I did not apply to any job at that time. I
asked the recruiter to disclose where she exactly got my mail from and she
dodged the answer.

Turns out there's a guy with the same name as me who is also a programmer
(except he has been in the field for several years and works on awesome stuff,
unlike me) and they were eager to recruit him, since I got the same mail
several times over the course of a year from two or three different
recruiters.

The only thing connecting me and the other guy was our last name. My e-mail
address doesn't mention my last name in the slightest, I did not post it
publicly (just tried to google it - zero results) and it's not connected in
any way to a service where one could figure out the combination of the email,
user and password (such as facebook or linkedin). I've also checked the data
breaches on haveibeenpwned and I definitively did not use my real name on the
services where the data was stolen.

Considering that the original guy's e-mail address was lumped in CC (fully
visible - how professional of them) I can only think that they essentially did
"SELECT * WHERE lastname = 'myname'", spammed all the available e-mail address
and hoped for the best.

~~~
jimmywanger
> Definitively yes, and not just high-ranking ones.

> I can only think that they essentially did "SELECT * WHERE lastname =
> 'myname'", spammed all the available e-mail address

I'm pretty sure that's what they did, except they probably did something like
trawl external 3rd party databases in order to find your email address.

It's a huge leap to go from "definitely yes" to "I can only think". Although I
don't approve of it, leaking your email account -> name infromation is very
easy to inadvertently do, and I am sure that there's a huge wall between
recruiting and Google PII.

~~~
ManlyBread
The e-mail account in question is very rarely used for signups. None of the
services - except for Google ones - contain my actual name. As a rule of thumb
I simply do not do it.

Google is the only company where the name / e-mail association is clear. I
can't think about a single other source of information that could have lead a
google recruiter to my e-mail address aside from the data that Google itself
has.

Call it circumstantial evidence, but to me it's very clear what happened
there.

~~~
jimmywanger
> The e-mail account in question is very rarely used for signups....

> I can't think about a single other source of information...

It only takes one slip up.

> Call it circumstantial evidence, but to me it's very clear what happened
> there.

You sort of have to pick one.

Google is paranoid about PII. Most recruiters at Google are contractors, not
allowed to access any PII. Heck, even as a high level engineer/manager, you're
not allowed to see PII unless you have a specific business reason or work on
an abuse or security team where you have business reasons to see the
information, and even then the access is logged and traced.

My question for you is, even if you believe this is the case, are you still
using Google services?

------
wakkaflokka
Tangentially related to this - what if there was a major Google information
leak, and a bunch of people's lives were unleashed on the net? Think about an
Android user (me), who has their 1) google searches, 2) photos, 3) voice
searches, 4) location history, 5) phone calls/sms, 6) email, 7) time/date of
what apps you've opened, 8) contacts, 9) grocery lists/notes, 10)
tasks/reminders, 11) calendar events - practically everything about me -
stored with Google. If enough people's information were released, it could be
almost a social upheaval.

Beyond just keeping my data out of that ecosystem, I sure as hell hope Google
has some _serious_ talent to keep my data safe from outsiders, and insiders
wanting to make a splash. I mean, I obviously trust them to some degree. But
it's a scary prospect to think what would happen if an enormous trove of
Google data were ever leaked.

------
rgovind
An easy way is to walk up to a QA or engineer, tell him "We are reviewing some
sessions by customer and we keep getting this error". can you please help me
replay customer sessions? This is an executive escalation?

------
androidbishop
Don't believe this horseshit. I work in Google Support, and I can assure you
that the personal information of users is tightly protected and subject to
stupid amounts of security and oversight. Like, to the point of constant
frustration by support staff.

Gmail personal data is stored encrypted. Just because algorithms can profile
you doesn't mean every google employee can simply read your emails or personal
information raw from some db somewhere. I can't even pull up basic technical
troubleshooting data from a cloud customer without begging them for the data.

Higher up executives don't necessarily have more access, access is given based
upon your responsibilities, and level of need. A VP of marketing is not going
to be granted access to a customer's gmail messages, because they don't need
that information to do their job. There is no reason to grant them that
access, the liability of a leak is far worse than any benefit.

Everything an employee accesses is controlled by a complex system, subject to
oauth2 authentication, a permission handling technology, and fido u2f yubico
security key 2fa. Everything an employee accesses is logged and monitored.
Nobody is able to walk out of there with an archive of user info, that would
alert every alarm in the system. Nobody has been able, as far as we know, to
phish access into our internal network since we started using yubikeys for
everything[1].

The employees with the most access are typically SREs and Developers, and
their access is designed to facilitate their jobs. Example: the data in your
BigQuery db won't be able to be easily read by any employee, but the right
ones will be able to read logs, activity histories, and relevant statistics in
order to be able to troubleshoot and diagnose bugs and issues and things. They
don't need to know what data the table holds, and therefore aren't given
access to read it.

We are pretty far from a major offender of negligence over the security of our
user's data. As far as I know, we were hacked by China and the NSA, which
immediately prompted us to encrypt our server2server communications, encrypt
our storage data, and research and develop novel security best practices. Our
development and trial with fido u2f keys, for instance, has resulted in a drop
to 0 KNOWN successful phishing attempts, all while making 2fa more convenient
than ever[1].

It may be hard to believe, but Google's information about your lives in the
machine. Our employees only have access to the bits we need to do our jobs,
which always sides on your privacy. Trust me, I wish I did have more access,
because trying to troubleshoot in the dark sucks.

But they respect you and your privacy more than they respect me. And they work
hard to keep your private information safe, to levels I doubt most companies
you regularly use or shop at would ever care to. Remember, just because some
company doesn't sell your info to advertisers doesn't make them more
trustworthy. They could be storing your info in an unencrypted db with a basic
admin/login on a rack of poorly administered and configured servers in a
budget datacenter somewhere. Google uses the latest technology, funds new
research, and implements a security policy built on state of the art equipment
and software other companies could only dream of. This is not a secondary
consideration for them, they bust their ass to keep your info safe.

[1] [https://www.yubico.com/2016/02/use-of-fido-u2f-security-
keys...](https://www.yubico.com/2016/02/use-of-fido-u2f-security-keys-focus-
of-2-year-google-study/)

------
rocky1138
I'd assume yes.

------
earthly10x
Ever hear of rogue Russian submarine commanders?

