From all reports, it seems that this Google employee accessed data which he knew he had no authorization to access. That sounds like a textbook case of computer crime -- why hasn't he been arrested yet?
He did have authorization to access it. He didn't have authorization to abuse it in the way that he did. It's all kinds of icky but what do you think was so obviously criminal about it that you expect him to be in jail?
Unless Google's policies were written by bungling idiot, Barksdale would have authorization to access information required for him to fulfill his duties. The information he accessed very obviously goes well beyond such authorization.
Well. We can get into a silly discussion about what 'authorization' means, I just don't understand why you find this so obviously criminal. Remember these idiots -
Harass maybe. Coerce, I don't really see that. There's a fairly wide gap between being a massive dick and outright criminality. I have no trouble imagining that an ambitious prosecutor might find something to hang on him but I was wondering what 'textbook case', shoved-into-back-of-a-police-cruiser crime cperciva was seeing here.
- reading private communications of people he knew in real life
- retrieving IM conversations and publicizing them without consent or knowledge of the user
- re-inserting himself in contact lists after being removed to stop the harassment
- seeking real life contact with people whose private information he had retrieved
Let's hope there wasn't more.
Each and every one of those would be a firing offense, the fact that this is beyond just snooping and led to irl contact between this guy and the people (kids?) he was stalking means the situation is more than out of control.
Mistakes happen, but such a series is not a mistake any more.
A position of such trust requires a more than ethical behavior and good oversight. Google failed in the second.
A good sysadmin has 'sysadmin blindness', even when you're looking at user data to do your job, you are not going to read the emails that sit in those inboxes unless you are specifically directed to do so by the owner of the data.
For the rest those files might as well contain random bits.
Again, behaviour that's outrageous and reprehensible is not necessarily criminal. I am well aware he did some pretty nasty stuff. I'm not talking about any of the things you're bringing up - I just found it interesting someone saw the this as an obvious crime worthy of immediate arrest. So I asked why. That's all.
Doesn't some of that stuff fall along the lines of stalking? If the term "authorized" can be defined properly in this context, isn't there a branch of cybercrime that deals with "unauthorized" access to or use of information? Is it possible for the victims to use DMCA here? Finally, in that his victims were minors, are there extra protections afforded them, especially with the violation of the intent for users of the service to block? How about trespass? Some of what this guy did is akin to forceful entry into your house in order to press his agenda, whatever it is.
I am not a lawyer, but I can imagine at least asking for someone to look within these categories. I would personally feel very violated if I had some stranger even commenting about an email that was not directed towards them ... and even more violated if that stranger manipulated the system to get beyond whatever walls I threw up.
I fully agree with you. I further wouldn't mind laws covering it. But I'm not sure there are any laws in the USA that do cover it. If not then the legal issues that are available are that he can be fired. Which he was.
(Edit: Note that I work at Google as an SRE. This limits how much I can say in this discussion.)
This is the huge problem we are still facing with computer crime; because the law is still quite vague and unresolved. Juries have a tendency to not really "get" what has happened and so figure it's not all that bad etc.
It seems rotten but the best chance you would have with this is in getting the Jury excited about the stalking aspect and the contact with children.
Technically he has broken the law (at least, I think he has). Proving it though, along with mens rea (intent) is an absolute minefield and it would be torn apart by a decent lawyer. This is why most computer criminals are currently prosecuted for other crimes (in this case, probably the stalking offences).
That might be problematic but there is no indication at all that google did anything to even contact the justice department, let alone that they filed charges.
Assuming California law, I'd say there a fair number of potential violations available for prosecution with a focus on Penal code section 502 http://www.privacyprotection.ca.gov/privacy_laws.htm
Though I am no lawyer, I'm sure a civil case could also be made. Will be interesting to see what actions the affected parties take.
Google likely wanted to keep this quiet, but if they'd turned this over to the FBI, I'm sure there would have been no trouble finding laws he'd broken.
Again, it's the distinction between accessing something you're not authorized to access and accessing something you are authorized to access but shouldn't.
If I break into google and poop on the floor of their server room, I can be arrested, but if one of their sysadmins gets in with their key and then poops on the floor of the server room, they can only be fired.
First let me complain about the rule that says I cannot reply to a direct descendant post. But I'm apparently allowed to reply to you here. Anyway, IANAL, but a google search turned up this, which looks relevant:
From all reports, it seems that this Google employee accessed data which he knew he had no authorization to access. That sounds like a textbook case of computer crime -- why hasn't he been arrested yet?