
Engineer says Google fired her for notifying co-workers of right to organize - danso
https://www.nbcnews.com/news/all/security-engineer-says-google-fired-her-trying-notify-co-workers-n1103031
======
cj
> Kathryn Spiers, who worked as a security engineer, updated an internal
> Chrome browser extension so that each time Google employees visited the
> website of IRI Consultants — the Troy, Michigan, firm that Google hired this
> year amid a groundswell of labor activism at the company — they would see a
> pop-up message that read: “Googlers have the right to participate in
> protected concerted activities.”

So basically, the Google employee added arbitrary javascript to an internal
chrome extension used by Google employees that triggered a popup when
employees visited a specific website.

And Google fires her with the reasoning:

> “We dismissed an employee who abused privileged access to modify an internal
> security tool,” a Google spokeswoman said in a statement, adding that it was
> “a serious violation.”

I'm not at all opposed to Google employees organizing. But injecting
javascript into an employer's internal chrome extension does seem like
something that warrants some type of action by Google in response...

~~~
helen___keller
I agreed with this at first, but according to her medium post (
[https://medium.com/@ksspiers/google-fires-another-worker-
for...](https://medium.com/@ksspiers/google-fires-another-worker-for-
exercising-her-rights-and-protecting-coworkers-from-illegal-b86c41ef91b9) )

"Part of my job was to write browser notifications so that my coworkers can be
automatically notified of employee guidelines and company policies while they
surf the web"

If this is true and her job is literally to create javascript notifications of
company policy, then I think it's entirely reasonable what she did considering
it IS company policy (well, law really) that you have a right to organize.

Link to the popup:
[https://miro.medium.com/max/2000/0*1BTVYLTvuHiJVvp_.jpg](https://miro.medium.com/max/2000/0*1BTVYLTvuHiJVvp_.jpg)

~~~
scarmig
The extension is intended to inform Googlers of applications that are not
approved for corp data, not just generic "employee guidelines and company
policies." This is so you don't e.g. upload PII into a random unsecured S3
bucket.

Yes, it's company policy, but this is more like running into a meeting and
then interrupting it so you can start reciting NLRB policy than it is posting
a flyer. Worse, it misappropriates a security tool in order to do that. And
when it comes to intentional actions that violate or undermine security,
Google, like most companies, takes a pretty hard line.

Disclosing that I'm a Googler, and speaking only on my own behalf, with no
connection to anyone involved except the fact that the extension is running on
my browser.

~~~
SilasX
>Yes, it's company policy, but this is more like running into a meeting and
then interrupting it so you can start reciting NLRB policy than it is posting
a flyer.

True, but it seems kind of shady to come down harder on an employee based on
the content of the interruption, and that content notifying of the right to
organize.

Like, imagine there's a documentation page for http cookies. Consider two
scenarios:

A) Rogue employee adds to the bottom of the page: "Cookies are also delicious
treats given as a reward on the internet."

B) Rogue employee adds to the bottom of the page: "Employees reading this are
reminded of their right to organize under NLRA."

Let's say that in scenario A, an employee would typically get a written
warning, and in B, you always got fired. In that case, I think it would be
fair for B to say -- at least in common speech -- "I got fired for notifying
employees of their right to organize."

This is true, even though there is a general policy of not adding non-topical
messages to doc pages, because the punishment never escalates to firing unless
it's something like scenario B. (In a legal context rather than common speech
I don't know enough to say whether it would be legal.)

~~~
scarmig
I'm sympathetic to this. But the fact that it's a security tool being misused
is what I think made for the very harsh reaction. Two scenarios:

A) Rogue employee messages a bunch of internal email lists about having the
right to organize

B) Rogue employee configures a security extension to issue a popup saying
"Happy Birthday Sundar!" every time an employee visits google.com on June 10.

I am confident that A) wouldn't result in any formal adverse action (they'd
mostly get a pile of nasty responses about spamming internal lists), and I am
confident that B) would at the least earn the employee a reprimand and
plausibly get them fired.

~~~
anarchodev
It's incredible watching tech people in this thread assert that she wasn't
fired for union agitation but if she was, that's okay too because she should
have known not to be "inflammatory."

~~~
loopz
We don't have all info on this though. Maybe there were more to it. If not, it
follows US workplace culture and is unfortunate.

------
Maxion
Did no one read the article?

> Spiers, 21, said she went through the standard approval process, which
> requires two co-workers to greenlight changes, before updating the Chrome
> browser extension. Another source at Google familiar with the update
> approval process confirmed to NBC news that those two approvals are standard
> practice for a browser extension update.

She did it exactly according to internal policy. The extension she updated
warns site visitors on many websites. I do not see what she did wrong.

~~~
jefftk
_> She did it exactly according to internal policy._

I don't think this person or the other organizers should have been fired, but
code review is not the same as organizational approval.

(Disclosure: I work at Google, speaking only for myself)

~~~
gnopgnip
It doesn't really matter if google would approve. There are a lot of
activities that would not be organizationally approved, but are protected
concerted activities and it would be unlawful to fire someone for.

~~~
jefftk
As I said, I don't think any of them should have been fired.

But I don't think glossing "the change went through code review" as "She did
it exactly according to internal policy" is helpful.

------
drakonka
It feels weird for me to read comments in this thread debating about and
assuming a simple note about unionization or organization by an employee whose
job it was to do exactly this kind of thing is "not in good faith" or a
"violation". In my mind this kind of thing has the same sentiment as _any_
policy notice. The world in which notifying people that they have the right to
organize is a "violation" is a really messed up one. It's simply distributing
a fact, as the company is legally required to do, published by an employee who
was responsible for distributing exactly these kinds of facts. It's sad when
this type of information sparks this kind of a) termination by the company of
an otherwise apparently very well performing employee and b) controversy in a
forum.

~~~
malvosenior
You can read her own words to see it wasn't in good faith:

[https://medium.com/@ksspiers/google-fires-another-worker-
for...](https://medium.com/@ksspiers/google-fires-another-worker-for-
exercising-her-rights-and-protecting-coworkers-from-illegal-b86c41ef91b9)

> _Recently Google was forced to post a list of rights that we have in the
> workplace. So when I heard that Google had hired a union busting firm and
> started illegally retaliating against my coworkers, I decided to make sure
> that my coworkers knew about the posting._

She was mad at her employer and used her role to retaliate.

> _I created a little notification, only a few lines of code, that pops up in
> the corner of the browser whenever my coworkers visited the union busters’
> website or the community guidelines policy._

It only mentions the union busters' website in the OP but she also says it
popped up a notification when people visited the community guidelines policy.
That's pretty invasive, this is a notification everyone will see.

~~~
abj
I agree with Drakonka that it's dystopian when being moderately assertive
talking about labor rights is viewed as a reason to fire someone. Especially
when these kinds of notifications have a history of being used to tamely
spread information before ("Happy Birthday Sundar!" popping up when any
employee visited google.com). Reminds me more of the rules for posting on a
bulletin board.

Edit: "Happy Birthday Sundar!" didn't actually happen, my bad.

~~~
manfredo
The issue isn't about discussing labor rights it's about abusing security
tools for political purposes. A bulletin board is not a good analogy. A
bulletin board is non-invasive. This tool creates pop-ups on people's
browsers. Normally, these notifications are security or privacy warnings so
displaying personal messages here gives it a false sense of authority.
Furthermore, it looks like she used an e-push to do this:

> "She misused a security and privacy tool to create a pop-up that was neither
> about security nor privacy," Hansen wrote. "She did that without
> authorization from her team or the Security and Privacy Policy Notifier
> team, and without a business justification. And she used an emergency rapid
> push to do it."

[https://arstechnica.com/tech-policy/2019/12/engineer-says-
go...](https://arstechnica.com/tech-policy/2019/12/engineer-says-google-fired-
her-for-browser-pop-up-about-worker-rights/?comments=1)

~~~
abj
I agree with you that the issue doesn't have to be labor rights. I agree that
the emergency rapid push seems like a slight misuse.

I'm questioning the double standard of being able to use the tool to display
company wide messages ("Happy Birthday Sundar!"). Why was the "Happy Birthday
Sundar!" poster not held equally accountable? Seems like any topic management
doesn't like is political speech.

Edit: The "Happy Birthday Sundar!" message didn't happen.

~~~
manfredo
Was "Happy birthday Sundar!" made without consulting leadership and using
emergency push to deploy it?

~~~
abj
My mistake - the Happy Birthday Sundar thing didn't happen. I was looking for
a source and realized I read a different comment in this thread wrong. I'll
end my original post to reflect this.

------
helen___keller
From the engineer's medium post:

> For example, someone changed the default desktop wallpaper during the
> walkout last year so that the Linux penguin was holding a protest sign. The
> company has never reacted aggressively in response to a notification such as
> this in the past. It’s always been a celebrated part of the culture.

I suppose this was her mistake: ""It's always been a celebrated part of the
culture"

Google clearly does not always operate in good faith with it's employees on
labor relations issues. The correct approach for her to take would be to get
written approval from her manager on the popup

Her job was supposedly to "write browser notifications so that my coworkers
can be automatically notified of employee guidelines and company policies
while they surf the web", and this was supposedly a notification of one such
company policy, but it was naive to think she could just approach her job in
good faith and be treated in good faith. BigCorp follows the law of the
jungle, and workers are not unionized at google so every engineer has to cover
his or her ass before treading into contentious waters.

For what it's worth, after reading both points of views I think her actions
were highly reasonable. But I would never implement that kind of notification
like she had done, not without written approval from my boss and maybe my
bosses' boss to cover my ass.

~~~
settsu
> But I would never implement that kind of notification like she had done, not
> without written approval from my boss and maybe my bosses' boss to cover my
> ass.

If this is something that goes through your mind, the organization you are at
is broken and probably dangerously hostile.

~~~
helen___keller
No, this is just the truth of working at BigCorp. Most engineers can pretend
office politics doesn't exist because they're working in primarily
nonpolitical roles. But office politics exists, for any office. And
unionization is political.

~~~
kick
How is a big corporation exclusive from being "broken and probably dangerously
hostile"? It seems likely that they all are.

~~~
helen___keller
Ok. I perhaps unfairly was defending against the comment "[more] broken and
probably dangerously hostile [than other comparable organizations]"

------
ramraj07
I was initially tempted to side with Google, a code review process is not just
rigorous enough for catching features being sneaked in.

However, it looks like the sole purpose of the extension is to warn employees
about security issues in websites, and this engineer coopted that to show a
union forming message.

The final paragraph suggests that there's legal precedence for doing this:

“You’re allowed to put posters up on the wall to help organize your workers,
and this can be seen as kind of a digital extension of that,” said Veena
Dubal, a professor at the University of California’s Hastings College of the
Law in San Francisco. “Whether or not you’re in a union or there’s a union
being formed, the law protects organizing activities by employees in the
workplace organizing to improve their working conditions.”

~~~
tanilama
But everyone's laptop is NO public place, and this extension is installed
under the endorsement and requirement of the company.

For someone who doesn't agree with her message, this is best case to shove a
message down your throat, worst case a security breach to their computer.

~~~
joshuamorton
How is it possible to disagree with the message "You as an employee have a
right to engage in protected concerted activity?"

This is just a legal fact.

------
kache_
>Kathryn Spiers, who worked as a security engineer, updated an internal Chrome
browser extension so that each time Google employees visited the website of
IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a
groundswell of labor activism at the company — they would see a pop-up message
that read: “Googlers have the right to participate in protected concerted
activities.”

You should get fired five times over for abusing your privileged access to
modify software that runs on every employee's computer. How stupid can you be?
Start a healthy discussion, don't violate trust. This just puts up a bad
reputation for workers who do want to organize

~~~
iwantagrinder
Did you not read the part where she did, where she followed the process by the
book and it was approved? Or did you just have your mind made up to decide to
side with Google instead?

~~~
Maxion
I'm honestly a little surprised (and worried) about all the commenters who
argue Google is in the right here.

~~~
scarface74
Of course Google is right. She happened to get two coworkers to approve what
she was doing.

If I got a manager who I was friends with to approve my purchase of a fully
decked out $53K Mac Pro so I could finally use Slack at a decent speed when I
am working from home, wouldn’t you think there was something fishy?

~~~
ixtli
Since you can’t spend 53000 dollars on a Mac laptop last I checked, yes!
However the whole purpose of a managerial hierarchy is to establish a
responsibility chain so at very least I would expect the manager to also get
fired.

Google doesn’t care about these antics. They, like all employers, don’t want
their employees to have meaningful bargaining power.

~~~
jacquesm
They did say Mac Pro:

[https://www.hardwarezone.com.sg/tech-news-fully-spec-
apple-m...](https://www.hardwarezone.com.sg/tech-news-fully-spec-apple-mac-
pro-price-singapore)

Taking into account the exchange rate that works out to about 55K USD.

~~~
ixtli
Whoops you're right. I misread.

------
felideon
Spiers' account of what happened: [https://medium.com/@ksspiers/google-fires-
another-worker-for...](https://medium.com/@ksspiers/google-fires-another-
worker-for-exercising-her-rights-and-protecting-coworkers-from-
illegal-b86c41ef91b9)

~~~
panpanna
Thanks for the link. This section caught my attention:

> I was interrogated about separate other organizing activities, and asked
> (eight times) if I had an intention to disrupt the workplace. The
> interrogations were extremely aggressive and illegal. They wouldn’t let me
> consult with anyone, including a lawyer, and relentlessly pressured me to
> incriminate myself and any coworkers

Sounds more foxconn than Google to me...

~~~
whamlastxmas
I don't understand this "wouldn't let me" stuff. Pull out your phone and call
someone. Some random person in a meeting room at Google isn't the police. You
aren't in custody. If you're uncomfortable then walk out. If anyone at my
employer was the least bit aggressive to me I would immediately walk away.

~~~
MiroF
Yes, but they are paying you. There's a power dynamic there, even if you
aren't literally in custody.

------
Miner49er
I'm not a lawyer, but on the surface this seems clearly illegal on Google's
part based on the National Labor Relations Act of 1935. Does anyone know of
any similar cases to this?

EDIT: Found one in _Purple Communications_. It was ruled workers can use work
email to organize. [https://www.littler.com/nlrb-creates-right-use-corporate-
e-m...](https://www.littler.com/nlrb-creates-right-use-corporate-e-mail-
organize-and-complain-about-work-ten-key-implications)

~~~
idlewords
It's significant that she did this on her own. You need multiple people for
protected concerted activity.

~~~
CharlesColeman
It sounds like she went through a code review process for the change, would
that count?

~~~
panpanna
While this does not mean higher-ups _approved_ her messages, it _does_ show
that she did it by the book.

If the higher ups felt this message was inappropriate and should be removed
they could follow the same procedure instead of firing the engineer

~~~
CharlesColeman
Edit: I agree.

~~~
panpanna
I know, I am agreeing with you :)

But alot of people in the comments claim that she more or less hacked the
system.

~~~
CharlesColeman
Sorry, my mistake :)

------
KirinDave
The irony of this is that Google's increasingly abusive behavior towards
people talking about organization is that they're actually building a case for
engineers to unionize to stop Google from these questionably legal firings.

If Google upper management had just shut up and kept the status quo and
recognized that without impetus, comfortable workers almost certainly won't
organize in America, then the unionization of Google would not be a national
topic.

But here we are, with holdout reactionary bro's who ate the
Ellison/Jobs/Schmidt wage-fixing cartel line about how evil unions were (even
as they organized to oppress workers) in positions of power opening up the
company (and thus the company's stock) to huge liability.

------
overgard
I'm not anti-union, but come on, modifying an internal security tool to
display a politically motivated message? That would get you in trouble
anywhere. Also.. managers are humans. You can't provoke people in such a way
and not expect a response.

Speaking of provocation: I suspect she might have done this to intentionally
get fired. It wouldn't be the dumbest play, she's super young (21), if she
doesn't want to code anymore she could use the exposure to parlay this into a
new career, and if she does want to still code, she probably made some new
supporters and her detractors will factor in youthful indiscretion. Wild
speculation sure, but, you just read a big press article about it... Where do
you think the tip came from? This isn't the kind of move you make if you
intend to stick around at a place.

~~~
TheFrizz
Also the people arguing for giving the employee a "talking to" instead of
firing I think are not considering the game theory aspect to this.

If the precedent is "a talking to" with future offenses resulting in a firing,
then smart Google employees will realize that they can create an internal
activist email list, get new hires to join it, and then when an opportunity
for activism presents itself get an employee with a clean record to perform
the activism, rinse repeat.

Of course the message in this case wasn't terribly harmful, so I'm sympathetic
to the argument of "it's not such a big deal". But the problem is, Google
doesn't want to wait for the big deal (for example a chrome extension change
to search exec's TextAreas for keywords a "whistleblower" might want to report
on) to actually happen and then fire them. They want to prevent employees from
thinking they should ever try doing that in the first place which means
putting the foot down before the inevitable happens.

~~~
overgard
Yeah, in terms of what she did I would agree it wasn't terribly harmful; and I
applaud her for taking a principled stand. I just don't really blame
management for saying: that was a step too far, you're out. I mean, unionizing
is a super sensitive topic at any company, and by adding the message to the
tool it added extra weight to the message by making it look like it was
endorsed by the higher ups, rather than being a message from a 21 year old.
There's no way management is going to be happy that someone is essentially
acting as their voice on a topic that is very sensitive.

------
abj
> They also dragged me into three separate interrogations with very little
> warning each time. I was interrogated about separate other organizing
> activities, and asked (eight times) if I had an intention to disrupt the
> workplace. The interrogations were extremely aggressive and illegal. They
> wouldn’t let me consult with anyone, including a lawyer, and relentlessly
> pressured me to incriminate myself and any coworkers I had talked to about
> exercising my rights at work. [1]

Why was this necessary by management? Regardless of what Kathryn did, this is
a bad faith move by management.

[1] [https://medium.com/@ksspiers/google-fires-another-worker-
for...](https://medium.com/@ksspiers/google-fires-another-worker-for-
exercising-her-rights-and-protecting-coworkers-from-illegal-b86c41ef91b9)

~~~
WhompingWindows
"They wouldn’t let me consult with anyone, including a lawyer"

Yikes, that feels so dystopian to me...

------
kop316
I think the relevant test is here:

"Kathryn Spiers, who worked as a security engineer, updated an internal Chrome
browser extension so that each time Google employees visited the website of
IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a
groundswell of labor activism at the company — they would see a pop-up message
that read: “Googlers have the right to participate in protected concerted
activities.”"

It sounds like the person updated an internal extension on everyone's computer
to do this. I am tending to side with Google on this, that is not the right
way to go about notifying co-workers of right to organize.

------
scarmig
I feel like, for consistency, if she committed a firable offense, so did her
coworkers who LGTMed the CL, unless she intentionally deceived them about
having gotten organizational approval.

My gut is that if she had spammed a bunch of internal mailing lists, she'd not
be being fired or even getting a formal reprimand. But the fact that she
hijacked an internal security tool for an unintended purpose is alarming. I am
fine granting Google rights to run arbitrary code on my browser, but only
because I know it has strict processes (including disciplining of employees
who subvert the process) to manage submission and deployment of that code.

My preference here would have been for her to get a rebuke and an explanation
of why this was bad behavior (unless these ad hoc non-security related
messages are common), especially since she's young. But there is a core
assumption and trust that is violated when someone abuses control of trusted
client code to do something unapproved by organizational review processes.

Most of my anger is directed at the approving coworkers, since they should
know better, assuming they are more senior than her.

------
todd3834
> Kathryn Spiers, who worked as a security engineer, updated an internal
> Chrome browser extension

> “We dismissed an employee who abused privileged access to modify an internal
> security tool,” a Google spokeswoman said in a statement, adding that it was
> “a serious violation.”

The only times I’ve ever seen people fired quickly in Tech without a
performance improvement plan or something similar is a security violation. Be
sure you always take security seriously if you like your job.

~~~
dominotw
one time i was fired for leaving my computer unlocked to go get some coffee.
true story.

~~~
javajosh
Which is pretty dumb. The most important threat to a typical office dev
computer is not console access, it's wayward processes and network traffic.
What's more secure, a locked console (that protects you from ~1 local people
that you know) or something like Little Snitch, which protects you from ~10e6
people you don't know?

~~~
txcwpalpha
I've worked in security for years. This isn't really true. The majority of all
security breaches are caused by internal threats, not by some hacker group
breaching your firewall. Malicious actors tailgating someone into an office
and stealing an unlocked laptop, or an unlocked laptop being stolen while at a
coffee shop or airport, is also a very common occurrence I've seen at most of
my clients.

~~~
javajosh
The thing is its easy to see that someone stole your machine and take action
to revoke credentials. Further, the damage a person can do with a dev machine
is rather limited - probably the worst that might happen is exfiltrating code.
Yes, devops machines can do more damage, but presumably all their remote
access is 2FA protected (at least). But a devs main influence is pushing to a
git remote, and triggering a build. Maybe the build is a weak spot, but it
seems unlikely that an attacker would find and exploit it faster than the
defender would realize the box is gone and revoke keys.

No, my main concern is ongoing, persistent, secret access to my machine,
particularly delivered via a malicious package. Something like Little Snitch
is going to make it much harder for such an attack to work. Locking your
machine, 2FA, PKI, etc is not going to help with that threat _at all_. And I
have reason to believe it's more common than people think.

~~~
txcwpalpha
>probably the worst that might happen is exfiltrating code

This is far far from the worst that might (and does) happen. I think you
_severely_ underestimate the average dev's access to critical systems.

>but presumably all their remote access is 2FA protected

hahahahahaha

You also severely overestimate the security of most companies. A lot of F500s
don't even use 2FA _at all_ , let alone on something like CI/CD.

> unlikely that an attacker would find and exploit it faster than the defender
> would realize the box is gone and revoke keys

I have firsthand seen many cases where this isn't true at all. OTOH, I've
never once heard of anyone catching a breach by using Little Snitch or
anything close to it (though I'm not opposed to it at all as a good practice).

And in many cases, it has very little to do with "revoking keys" or any kind
of remote access. Many people, whether they realize it or not, usually have
some very valuable data just sitting in a csv file on their machine (I've
encountered a large number of devs that have partial exports of customer
databases stored locally on their machine that they were using for local
testing). That type of stuff is easily lifted, no remote access required.

~~~
javajosh
We're talking about Google.

~~~
txcwpalpha
This comment chain started off by talking about getting fired from tech
companies, not specifically Google. But okay.

------
tomerico
It looks like Kathryn posted her side here -
[https://techcrunch.com/2019/12/17/google-has-fired-
another-w...](https://techcrunch.com/2019/12/17/google-has-fired-another-
worker-activist/)

A few interesting tidbits: 1\. She received extraordinary performance ratings
during her short time at google, and got promoted recently 2\. Google has not
acted this aggressively in the past, where someone deploy a change in people’s
Linux wallpaper while the protest happened. 3\. She limited the notification
to just people visiting the union busting firm

Given those, it does looks like an unusually aggressive response from Google,
which would imply that Google has become very aggressive when it comes to
unions.

With that said, it is also mentioned in her post that it took several weeks of
investigation from Google until they made the final call, which could imply
that there is more of a back story here.

------
whiddershins
I see contradictory impressions about what this article is even saying.

My contribution is that it’s foolish to react too quickly to a story like
this.

If the headline were accurate, it would be such an obvious own-goal on the
part of Google HR, it beggars belief.

I think the wise course is to wait until more details are made public before
getting worked up about it.

~~~
throw_m239339
Of course we should wait for more facts to comment or try to think about the
situation, but we don't live in a era of reason anymore.

All I have to say is that it will be interesting to see a drastic change in
culture in the coming years at Google. Google did foster an "open" culture for
more than a decade and now that their own employees are coming after the
higher ups, they are trying to squash the rebellion they encouraged? they were
fine as long as other employees or other businesses were getting the short
hand of the stick...

------
Kylekramer
Lot of people are confusing "following standard procedures" with "immune from
consequences". To be honest, looks like the employee got a few sympathetic
people to sign off on an inappropriate use of a tool. According to the Verge,
there are two other people who are also being disciplined.

~~~
kawfey
I'm starting to assume the two others are the two peer reviewers that approved
the change.

------
gvx
I'm constantly baffled by how anti-union many Americans are, how willing to
give up their rights.

~~~
chance_state
My impression of these tech unionization efforts are that they're mostly about
pushing a social/political agenda, with workers rights being an afterthought.

Every single time I see these posts the involved employees are activist LGBT
folks.

Am I wrong here? Why do all these issues seem to stem from the same group of
people?

~~~
bluntfang
That's a great question. Are you familiar with the historic treatment of
LGBTQ+ folks?

~~~
antpol
Historically big tech companies are treating their LGBTQ+ folks the best in
comparison with any other industry though

I guess it’s not enough

~~~
bluntfang
Have any info to back that up? And just because an entity is the best at
something doesn't mean they are good at it.

------
kawfey
Bad headline. It should read "Engineer fired her for abusing privileged access
to modify an internal security tool."

That's a pretty dumb way to notify co-workers of their right to organize, but
I guess it's a really good way to get fired and draw up a big media stink
about it.

~~~
relluic
She didn't abuse anything. She followed the standard process and she created
the alert on the appropriate page (labor relations) to inform people of
company policy:
[https://miro.medium.com/max/1000/0*1BTVYLTvuHiJVvp_.jpg](https://miro.medium.com/max/1000/0*1BTVYLTvuHiJVvp_.jpg)

------
mariopt
> “You’re allowed to put posters up on the wall to help organize your workers,
> and this can be seen as kind of a digital extension of that,”

Well, that digital extension belongs to Google. If she wanted to rally company
developers she could have used email, created her own website, slack account,
WhatsApp, telegram, etc. There are plenty of channels that don't belong to
Google.

I doubt anyone in upper management asked her to do this, maybe she took too
much freedom and abused her privileged access? "Oh but someone else approved
that PR", well probably they ganged up.

She is a Security Engineer, not HR/Management.

If this approved by HR/Management, there would be no problem at all but I
think she/they did whatever they wanted without thinking about it.

~~~
maxk42
As an employee, you have no right to put up posters anywhere in the workplace
unless condoned by your employer. She must be conflating this concept with the
requirement for your _employer_ to put up posters informing employees of their
rights to unionize when there's a unionization effort.

------
jmull
It sounds like she coopted a security tool to spam users with a political
advocacy message.

Hard to see why she shouldn't be fired for that.

Of course she has the right to express that message, and it seems to be
factually correct. But that doesn't mean she can use a security tool to spam
people.

------
Touche
The article is confusing. She says she was fired for doing one thing. Google
says she did something else (modified Chromium without permission). Does she
deny their claims, or is her statement just spin? Given just her quotes you
would think that she was fired for literally telling coworkers that they have
a right to organize.

~~~
iwantagrinder
Did you not read the part where she did, where she followed the process by the
book and it was approved? Or did you just have your mind made up to decide to
side with Google instead?

~~~
Touche
Nope, I am not siding with Google, if you'll see my other comments in this
thread. It's just not super clear to me that there's agreement on what
actually happened here.

------
Animats
This is an old labor issue, but it used to revolve around handing out union
flyers at work and posting on company physical bulletin boards.[1] That's
generally allowed by law for labor activity, even if the employer doesn't like
it. How this translates to online activity isn't entirely clear yet. But
courts will make that analogy.

An employer who tried to pull this in 1970 would have had a picket like
outside the door the next day. Union truckers wouldn't deliver to their
loading dock.

[1] [https://www.jacksonlewis.com/resources-
publication/employers...](https://www.jacksonlewis.com/resources-
publication/employers-discriminatory-and-overbroad-restrictions-union-
activity-violate-nlra-court-rules)

------
throwaway17_17
I can not seem to find any energy to be against Google here, a 21 year old
individual working at one of the most prominent and successful business in the
world, making more money per year than a vast amount of the global (not to
mention national population) does something that will certainly subject her to
reprimand and I am expected to feel some negativity toward Google. I am stuck
outside of SV, as a middle age person with many, many hundreds of commits to
open source projects, a descent of non-professional experience in software
engineering, but because I do not have a BS or Masters in computer science and
am over the age of 35 there is no chance I can ever get hired at Google (or
any other FAANG realistically). If some of these ardent unionization workers
end up fighting loudly and publicly and Google decides they will not deal with
some nascent Software Engineer’s Union, maybe I and people like me stuck
outside the valley will be able to gladly make boat loads of money working
long hours for these thankless corporate taskmasters, while just sitting down
and doing our jobs on whatever the company decides it wants to spend its money
on, I will gladly work on Maven or Dragonfly or dark as patterns, whatever, I
just want to be relevant to the industry not stuck away doing the same job for
peanuts until I can afford to retire.

Rant over - but seriously, I don’t have a problem putting aside any personal
feelings or beliefs to achieve my employers goal, that is what employment is.
Spiers apparently decided that the security position allowed for this action
and did it. Google did not want this type of behavior from an employee in that
position. She knew Google management wasn’t going to approve, she assumed that
risk.

------
DSingularity
These efforts will be broken up. No matter the cost. A google beholden to
unionized employees is a threat to the establishment. Where google goes other
companies go. A democratized tech space is the last thing power wants.

------
40acres
I interviewed at Google last week and asked 3 of my interviewers if the
constant churn of bad news from the outside gets to them.

For the most part, no one seemed concerned and the biggest complaint was
regarding leaks which make it harder to deal with issues internally and
threaten transparency.

------
bag531
I don't know why anyone would choose to work at Google anymore.

~~~
shantly
Giant piles of money.

Probably still gets you an easy CTO title at a startup after 2-4 years at
Google.

~~~
decebalus1
> Giant piles of money.

Not anymore, really. It was the case a couple of years ago but right now, for
rank-and-file employees, Google downlevels heavily and targets around 80% of
the market rate. For some reason, people are still flocking at their doors and
because of high supply of candidates, they can afford to be both very
selective and very cheap.

~~~
raxxorrax
Probably still a net plus if you have Google on your resume and decide to look
elsewhere.

~~~
decebalus1
that's what 'my' (as it's the same person pinging me for the past couple of
years) recruiter keeps telling me. It's not a net plus considering that I can
just look elsewhere in the first place. No point in taking a paycheck cut for
a while to do some boring work for a company about which I have ethical
concerns so that maybe when I want to change jobs I'll have a competitive
edge.

------
ggggtez
When I read this, and the other one, the only idea that I can come up with is
that everyone is lying, at least a little bit.

It seems pretty unlikely that it would be within your job description to
create notifications like this on specific websites, and from reading the blog
post and the content here, it seems like these notifications are not meant for
"company policies" whatever that means, or at the very least it doesn't make
sense why a "security engineer" would have a job that notified employees about
this.

So, the assumption therefore must be that this person knew they were going out
of the norm, but assumed it was acceptable or protected speech.

That raises a good question: Is it the same thing as a message board? My gut
instinct is... no, it really isn't.

This sounds like a tool that requires a specific level of authority to use
(you need 2 approvals). Not just anyone can put notifications like this in the
tool! So this isn't like a message board... this sounds like it was a person
abusing their privileges.

Now, for me the next question is: does that mean they should be fired?
Personally, I'd say... no. It shows bad judgement, but firing seems
disproportionate. In that regard, even if it was a misguided attempt at using
their organizing rights, there is an argument to be made that they shouldn't
be fired for it (maybe warned, but not fired). So I think even though it
sounds pretty fishy, I think there is likely still a possible case here for
workers rights issues (though I am not a lawyer).

------
yahyaheee
Had this been an isolated incident, I would maybe have been on googles side
here, but this is happening in the context of many other anti-union efforts by
management

------
jpmcglone
I see no issue here. Business feels threatened and neutralizes threat.

There's nothing wrong with Unions, but there is something wrong with
government-backed unions.

Let people collectivize if they'd like. Collective bargaining is fine, and you
aren't living in a free country if you can't collectively bargain -- but
collective bargaining shouldn't mean you automatically get government as an
ally.

The battle between Union and Company should be between Union and Company.

------
scarejunba
I'm glad not to be working with people like this. I think I really don't want
to be working with people who want to push their pet topic on me via a
security tool I consented to have installed on my work machine that's supposed
to be helpful to me.

It would feel like a violation. Not "siding with Google" here. It just
definitely would feel like a violation of my trust in the platform engineering
team. At that point, I want them to promise not to do it in future, or get
their software off my machine. And to be honest, relations are going to be
strained between us anyway. I'm not going to be thrilled about any further
software.

I don't even want reciprocal "I can push to you" powers. And I have no problem
discussing these things where we agreed to discuss them.

But letting you install software on my machine comes with an obligation - you
don't get to use that as a backdoor soapbox. Feels so very icky.

Like if a friend told me she would like to stay over and I gave her a key and
she decided to plaster my home with posters. It doesn't matter if the posters
are against the freaking Holocaust. I'm not pro-Holocaust and I'd want the
friend to leave. Pronto.

------
mtnGoat
This as a whole just doesn't look good for Google/Alphabet, but then again the
optics of a lot of their choices lately have looked very poor from the outside
looking in.

Honest question for long term(4+ years) Google Engineers reading... has the
change in culture and bad press lately had any effect on your feelings towards
your employer? Do you think it is eroding their culture at G? Do you see any
of this leading to a loss of talent?

------
shantly
> IRI Consultants — the Troy, Michigan, firm that Google hired this year amid
> a groundswell of labor activism at the company

Anyone know the likely reasons your average Googler might have visited this
consulting firm's site? Like, was Google sending employees to it for some
reason (why?), or would it have just been by chance or because they read
Google hired them in the news and wanted to see what they were up to?

------
shaneprrlt
Moral of the story: don't use internal security tools at your work as a
platform for your political activism.

Totally agree with the spirit of what she did and applaud her efforts to
organize, but there's no way she didn't know what she did could get her fired.
What did you think would happen when you made unauthorized changes to software
that promote actions against the company's interests?

Not saying the company is a blameless party (especially after the news today
of their expiring cloud business, this is clearly a shady company), honestly,
I'm not even commenting on the substance of what she wrote.

This just seems like something that anyone with half a brain would realize
could get them fired before they deployed those changes.

I still feel bad when anyone loses their job and source of income, and maybe a
reprimand would have been more balanced given her high performance reviews
before, I just can't see any context where this is seen as neutral or ok.

------
andai
> Google’s response to this was to suspend me immediately and without warning.
> This was the week of Thanksgiving, the same day they fired the Thanksgiving
> Four. They also dragged me into three separate interrogations with very
> little warning each time. I was interrogated about separate other organizing
> activities, and asked (eight times) if I had an intention to disrupt the
> workplace. The interrogations were extremely aggressive and illegal. They
> wouldn’t let me consult with anyone, including a lawyer, and relentlessly
> pressured me to incriminate myself and any coworkers I had talked to about
> exercising my rights at work.

------
Arete314159
She should have just put up flyers in the women's bathroom stalls. If Google
is anything like my old workplace, there's no chance any management would've
seen it...

------
itronitron
It _seems_ to _me_ that Google fired Ms. Spiers specifically to discourage
future labor organizing activities within Google. Because it was a process-
approved insignificant revision by both functional change and reach means that
the inevitable Streisand effect actually plays in Google's favor. They will be
perfectly happy with any slap on the wrist as long as it moves the eventual
union further down the road.

------
someonehere
Does anyone have the code approval process?

The chrome extension was modified but approved by two other people? Were these
two other people on her side?

Regardless of policy or no policy, having an internal tool modified to say,
“we have the right to organize,” clearly sets off some trust concerns with me.

If this extension was approved by two people who were on her side, then those
two need to be removed as well and there should be a rethinking of the
approval process.

~~~
panpanna
I believe this is an internal toy updated very frequently. It's by no means a
"product":

> This kind of code change happens all the time. We frequently add things to
> make our jobs easier or even to just share hobbies or interests.

------
kords
>“We dismissed an employee who abused privileged access to modify an internal
security tool,” a Google spokeswoman said in a statement, adding that it was
“a serious violation.”

This doesn't sounds like privileged access, it sounds more like they have
issues with their pipeline. If all what it takes for code to get in
Production(even if it's internal), is at least two approvals, I think that's a
bigger problem.

~~~
w0m
Partially true, her code reviewers should have said, 'hey - that popup isn't
the point of the . tool' and nixed it there.

She was a member of the group maintaining that toola and abused her authority
for a personal crusade; hence terminated.

------
jmpman
I’d call this bold.... ideals aside, maybe she calculated how much she’d win
in the lawsuit? Possibly a large net win?

------
someonehere
I’ve decided that if I’m at work, please keep me out of your protest. Let me
decide how I want to react to a company policy my way. Don’t violate the trust
given to your team of managing my work tools to inject your political/social
objections. Organize outside of work.

------
FpUser
It is a right of a juror to say that the defendant is innocent even though the
law says otherwise (jury nullification). But trying to inform jurors about
that jury nullification right can get one into a very hot water.

------
miguelmota
The message in the popup was:

“Googlers have the right to participate in protected concerted activities.”

which seems pretty reasonable since her job is literally to place
notifications of what employees legally can and can’t do when visiting
websites.

------
nothal
One thing this thread has made me realize is that the work culture (at least
of Googlers on HN) seems to kowtow to the company over the employees. Really
affects my view of the company.

~~~
uwuhn
Is there a major company, tech or otherwise, that breaks this convention?

------
WhompingWindows
In the end, how much would unionizing hurt Google's shareholders/executives?
Surely they have enough riches already, why not allow the employees to improve
their lot as well?

------
ainiriand
I think it is incredible that she is 21 and already fired by Google.

------
Waterluvian
The method in which she tried to notify co-workers is the real headline to me.
It tells me that they really struggle to be able to communicate broadly with
co-workers.

~~~
seriesf
But that’s so untrue. Google internally has a number of different platforms
with universal reach.

------
IshKebab
> I was doing nothing more than notifying my co-workers about Google's
> obligations under labor law

> Kathryn Spiers updated an internal Chrome browser extension so that each
> time Google employees visited the website of IRI Consultants — the Troy,
> Michigan, firm that Google hired this year amid a groundswell of labor
> activism at the company — they would see a pop-up message that read:
> “Googlers have the right to participate in protected concerted activities.”

Yeah ok.

~~~
throwaway2048
This extension popping up messages on various sites was a completely normal
thing for it to do, she simply added another message.

~~~
w0m
unrelated to actual purpose of the tool; she co-opted internal security tool
for a personal soap box and pushed it to the entire company. That's a clear
violation of trust in her job role.

------
axython
Kinda stupid question, but why are people that want to unionize in Google
dont? Is there a certain limit, requirements?

------
Vervious
How come this is so low on the front page? It was posted 4 hours ago and has
accumulated 607 points...

------
twobat
How does one get to update a Google extension (internal tool) at 21 without
any other oversight?

------
nswest23
arguing about the minutiae of whether google acted in accord with their own
policies is exactly what google wants to happen here. She was fired for
organizing. Google found a valid excuse to fire her but make no mistake, she
was fired for organizing.

------
sjg007
This will be a great lawsuit and exploration of the right to organize in the
digital age.

------
papreclip
Eventually these political types will convince google it's not worth hiring
them

------
Andrew_nenakhov
Bring your whole* self to work.

* but please leave some tiiiiny little bits home

------
amachefe
The can has been opened, i doubt it will stop with this. Any opinion that is
not the companies position will not be tolerated. I bet the people who
encouraged Google to "act" of opposing views did not think it through

------
jijji
You can do all the things you want that are against the company, but it
doesn't mean you have a right to continue to work there...

------
yahwrong
Let the freemarket decide! If people don't like this then they can stop
working for Google or using their products.

------
thu2111
I think a lot of people are missing the bigger picture here and are too zoomed
in on the specific issue of unionisation. Google really had no choice here,
and it's actually a problem for them that this is coming out now via a blog
post by the fired employee and not by their own admission.

Google is in a phenomenally trusted position in the world. Chrome is the most
popular browser. It auto updates silently and continuously, as do installed
extensions. Vast swathes of information and infrastructure is accessed via web
apps. We tend to forget that browser makers have access to all our
authentication tokens and can do whatever they like.

Put simply, given the level of web dependence in our lives and infrastructure,
those who can modify browsers are practically gods. The same goes for
operating system developers of course.

We don't think about this because our level of trust in those developers and
the corporations they work for is extremely high and deservedly so: after
decades of using operating systems and web browsers they've never violated
that trust. In fact they've reinforced it by rolling out encryption to block
rogue government departments who were exploiting the lack of it, they've
invested heavily in security to lock out hackers and done many other great
things.

But trust is hard to build and easy to destroy. What if browser makers stopped
being so trustworthy? What if they started to become convinced of their own
superior morality, the correctness of their political judgements, the
importance of their role in the world? What could they do?

They could use SafeBrowsing to arbitrarily censor the web.

They could edit out individual comments, rewrite news stories, insert their
own views into the middle of documents purporting to be neutral. They could
distort your view of the web at will.

They could violate our privacy at will by linking our identities together and
then publishing what we've written, they could publish browsing logs, they
could take over any accounts we have and use them for whatever purposes they
like, they could feed sensitive information to political enemies to give
themselves plausible deniability, they could even frame us by posting illegal
material under those accounts. It'd just look like someone phished the
password.

They could do many other things we never even considered.

Google absolutely needed to go nuclear on this employee. The news has been
filled over the past years with stories about Googler's increasingly hard-left
political activism. As a consequence some users and even politicians have
started to wonder if Google Search is trustworthy, but their trust in browser
developers is so total, so blind, the world hasn't yet taken the next mental
leap and started to wonder if Chrome is. Mozilla is hardly in a better
position: it's funded by Google and literally just down the road from them. If
the integrity of the Chrome devs start to be doubted, few will consider
Mozilla devs to be radically different.

Inserting political JavaScript via browser security mechanisms targeted at
Googlers, even if it may _seem_ fairly harmless in this case, is a very
problematic situation and a slippery slope Google simply cannot afford to go
near. It raises fundamental questions, like are Google's internal procedures
robust? What else might have been slipped through code review already? Are
Google employees only adjusting their own tools or did some already start to
abuse their access to people's private data and systems? How many of them feel
the ends justify the means when dealing with political causes they feel
passionately about?

How safe is Chrome, really?

~~~
thinkingemote
She didn't weaponise a neutral extension. The extension was already
weaponised. It already pushed notifications to users when they visited flagged
URLs. She probably just changed a config file to add a new rule and message, 1
line.

~~~
chance_state
>It already pushed notifications to users when they visited flagged URLs.

Did it push notifications with a particular political message? I don't think
it did.

~~~
TheFrizz
If the employee had added a message,

"You have the constitutional right to keep and bear arms" when employees
visited cabelas.com, would you call it a political message?

Both are simply informing people of their rights.

~~~
domnomnom
Yes I would call it a political message.

------
downdown4eva
More like fired for pulling a stupid stunt that she's now trying to turn into
a press release.

------
rolltiide
So are you guys seeing unionization efforts picking up any steam?

I've seen it reach the collective conscious more in the last two years in San
Francisco, but I'm not at a FAANG to see if its really permeating. As in at a
bar or courtyard it might not be the most outlandish topic of conversation,
compared to an idea immediately scoffed at since all of us made conscious
financial decisions to pursue high paying jobs without union dues. People are
curious about the benefits.

My only observation is that multiple of the largest publicly listed companies
in the world are right here, and that the high compensation has nothing to do
with what's possible. If compensation reached ratios with housing that haven't
been seen since the 1980s, then the compensation would still be substantially
higher on average than it is today. For reference, it means fully owning your
house in 5 years. Not the 8-11 year situation that even highly compensated
FAANG workers experience. But compensation may or may not improve with
unionization, with the reality that higher comp outliers might disappear. The
employees may have more say in other perks such as the company towns their
employers have created in south bay. Overall at this point I am seeing net
benefits, distinct from the public sector blue-collar work that unions have
become associated with.

------
buboard
Google getting a taste of ad injection. Nice!

------
debt
“a poster in the cafeteria is not the best way of reaching the majority of
Googlers.”

I heard the food had gotten bad, but I didn’t know it was this bad.

------
ct0
According to their linkedin, they graduated highschool in 2015.

~~~
krisroadruck
I just don't get the internet anymore. You're avoiding using gendered pronouns
but needlessly displaying ageism?

~~~
ct0
You must be missing the point of the internet. I don't see a problem here;
Only you made graduation year and age the proxy.

Why would the engineer reveal their HS graduation year if they didn't want the
world to know it? I considered that they must have had little experience
considering their graduation year and the average or even above average
experience of those graduating the same year.

