Ouch. Presumably this would have been MDM?
I've never understood why phone makers make this possible for non-device-owners, as it seems like a gigantic foot-gun. To say nothing about the ethics involved.
They will not wipe your personal phone or your personal profile on your phone. This is completely avoidable and shouldn't come as a surprise.
The only brief moment of this being acceptable was Samsung phones being able to have completely split personal/corporate profiles across 2 sims in a single phone and have 2 copies of each app, but that seems to have died.
If your employer is managing the device you're choosing to also use for personal data, it's 100% your fault and 0% surprise when it backfires on you.
If you work in tech and don't have a separate work phone+laptop and personal phone+laptop, you're either a founder or an idiot.
My understanding is that Google can't see the personal stuff. But it doesn't matter that much to me, personally, if they can (I'm not doing any exciting corporate activism, anything illegal, etc.). At least, it doesn't matter more than a couple grand a year plus the inconvenience of two phones. I'm not saying everyone should feel this way, and obviously some people value privacy more than I do, but that's the trade-off that makes sense for this idiot.
You signed something at work that "all data in google owned devices are property of google". Period.
This is the same as using your company-provided computer for something else.
> My understanding is that Google can't see the personal stuff.
You are completely wrong.
First they have access to all your text and calls, since they own the mobile plan you are connecting trhu.
Second, the "device administrator", keyword: device, can wipe out the entire device, not just one account.
> But it doesn't matter that much to me, personally
So why comment on a thread where this is the topic?
Good point about also owning the phone plan. But since I use Google Voice for everything (personal account) I'm not sure how much of that they can see (in their capacity as owners of my phone service), and like I said, I'm not doing anything interesting. If Google really wants to see my call logs of wife, wife, friend, mother in law, wife, wife, wife, dad, friend, etc. it's not worth thousands of dollars a year and an extra phone in my pocket to prevent it.
The answer should be nothing but there's a moral hazard wherein employees can't do much about it without limiting their career.
If they are directly contracted with Google or a sub-contractor through another company they should purchase an additional phone for this purpose. Both the phone and the service would be considered a business expense for tax purposes.
If they are a direct employee of another company then that company should be providing a phone for this purpose. If Google or their employer won't provide a phone for this purpose than neither considers it a requirement for the job and they should not worry about it.
A contractor can deduct work expenses from income, a phone is just one item on a long list of things that will be deducted.
If there is corporate information on a device, it would be a breach of their fiduciary responsibility not to manage that device and have the ability to remotely wipe that data.
I don't think, in a legal sense, that's true. It feels like it comes from the same mindset that corporations have a "fiduciary responsibility" to their shareholders to always put profits above all else; in fact, there's nothing in corporate law or financial regulations that requires that at all.
The IT department has responsibility for network and systems policies and company-owned equipment, and it's perfectly reasonable for them to have the ability to wipe data on that equipment or set policies that disallow personal devices on company networks at all. But they have no requirement -- and I would argue no business -- to wipe a non-company device just because someone added a corporate email account to it.
Does that make it marginally more likely that someone could keep corporate email that they weren't supposed to? Sure. But there are other legal ways of handling that which aren't destructive to non-company property. No one would argue that a policy of "if you take physical work home, upon termination the company can set fire to your house to ensure all copies are destroyed" is enforceable.
If my personal calendar and work emails are being copied onto your device, you better believe the GDPR data protection regulations apply.
The house example is ridiculous. The point is if you commingle the data in ways such that the endpoint protection software no longer supports delineating the corporate data, then the user (employee/contractor) has opted into that situation with eyes wide open.
> Computing devices need to be protected from loss or theft through mobile device management capabilities, such as remote wipe and kill. A lost device could be the weak link in the data protection chain, leading to a data breach based on information stored on the device or accessible through still active user credentials. Enforcing certain settings in order for a device to connect to the network at all – such as local encryption, password complexity, the presence and currency of security software, and the removal of the local administrator account – will be an essential part of protecting the organization within the GDPR framework.
 - https://www.actiance.com/wp-content/uploads/2017/03/WP-GDPR-...
> If you commingle the data in ways such that the endpoint protection software no longer supports delineating the corporate data, then the user (employee/contractor) has opted into that situation with eyes wide open.
You're assuming the user has been given a clear understanding of the situation, and frankly, I think you're letting the IT department off the hook here. They need to either provide protection that can prevent "commingling" to their satisfaction, to grant a comparable level of trust to users with personal devices that they do in other aspects of conducting business (which was the real point of the example you didn't like), or just to ban personal devices.
DLP (data loss prevention) software should be present on any personal computing device that can store company data, which will be a requirement of their cyber-security insurance policy, a requirement of the various audits they surely undergo, and probably also a requirement of GDPR.
It's providing strictly more choice and flexibility to their employees and contractors to allow them to host company data on their personal device, the obvious trade-off being made when you install the DLP endpoint software on your phone and grant it permission to remote-wipe your device if necessary.
If the company required their employees/contractors to use their personal device for company business, this would be an entirely different discussion. In California, the employer is required to reimburse employees for using their personally owned device for company business - i.e. required to pay for the cost of a phone and the service plan.
Employees choose not to buy a second phone and get paid for their service plan on their personal phone for convenience, and to save themselves the cost of a personal plan. Some choices are not strictly good, but include pros and cons which are individual's responsibility to weigh.
I think it's a safe assumption that anyone choosing to install the DLP agent on their personal phone, particularly at a company like Google, does so fully informed of the responsibilities that come with that decision.
Personal devices are excellent attack vectors if allowed on the internal network unmanaged. The alternative is not accessing internal resources, email, etc., unless the employee is given a company-owned device.
I'd call that a quality of life improvement. Why are contractors required to be available 24/7? I've never experienced that as a contractor, nor would I agree to it.
If it's so important that it must be done during my personal time then my manager can call me and request as much.
Remember pager duty and overtime pay? Doesn't that seem quaint now that many people seem to have accepted that they must make themselves available at all times?
I'm too young to remember, but I have a few years of working experience under my belt now. The amount of people that greenlight everything a supposed authority demands of them just baffles my mind. I'm not even mad if a company tries to maximize their gain on the expertise that I bring to the table. That's just the game: You work for what's in your best interest, I work for mine. But when you push back against a perceived worsening of workplace conditions and the people not supporting you are your colleagues, because they somehow see themselves as being on the same side as the boss... I'm kind of sad about the social achievements people are willfully throwing away in the hopes that they themselves will 'make it' one day
And by the way, this is coming from someone who loves his job and has a good relationship with his boss. Doesn't mean I have to be delusional about what's going to happen when push comes to shove
This instantly qualifies you as "available 24/7"
I'm not convinced you have any knowledge of how things actually work in Google, but my point is that you can give me a ring if something requires immediate attention. If you don't provide a company phone I'm not using mine instead.
The moment my company announced a requirement for having to install a corp policy enforcement application on my personal phone if I wanted to have access to the corp account (a reasonable request, in terms of company policy/security) was the moment I stopped having corp account on my phone (or any phone for that matter). It's been working fine for years.
They can make a non-corporate device have a work profile with Google Apps Device Policy, and only that profile will be purged if the device is wiped by a Google Admin.
They didn't require contractors to bring their own computers and phones to the office if they were needed for their work.
I'm sure Google could afford that as well as to manage it...
I've done this.
You are absolutely right.
Of course, if the user does have their Cloud backup enabled to automatically shunt photos, they're at risk of using the phone in a work environment and accidentally storing proprietary info in their personal account.
The fact the camera UI doesn't really allow you to choose what account you're snapping photos under makes the whole arrangement lose-lose, and this is a really easy failure mode for a user to find themselves in if they don't see it coming.
Sounds like a lose-lose and I'm a strong believer in that if a company the size and as wealthy as big G wants a contractor to make use of a device to accomplish a task for them, they can provide the device and do what they will to it afterward and then re-purpose it for the next round of business. This isn't a new operational pattern, and I've never experienced otherwise. They don't need to buy new, just keep a supply of devices for contractors.
If it's set up to entirely manage the device, then yes it will get fully wiped (we do this for corporate-owned device).
A personal device can access our environment if requested (they have to sign an agreement form, explaining what we can or cannot do) and a work sandbox will be created, in which only the apps installed in this sandbox will have access to corporate data (ex: you'll have a copy of Gmail, Hangouts, Drive, etc in the sandbox).
In the situation of a personal device, a wipe will only remove that sandbox, leaving the personal data untouched.
If photos would be put in the area that doesn't get wiped, any idea what the quote is about?
In either situation, the corp has the ability to remotely wipe the device and enforce other policies on said device.
This should be abundantly clear to anyone who works in Tech.
Same with laptops - if one decides to use work laptop for personal use its their choice at their own risk, but it doesn't become their personal laptop in any meaningful way. Even if hardware would stay after employment ends, every reasonable company would wipe it clean with some deep format & clean image of OS.
Google provides a number of things. Food, showers, vehicles, lockers. You may CHOOSE to use these things or you may CHOOSE not to.
If you CHOOSE to store all your personal docs on your work laptop, and the laptop goes up in flames, who do you blame then?
Victim shaming is one thing, but being a naive child is another. A wise, rational, level-headed adult understands that company-owned assets are not suitable for personal use. Period.
Tell me, how is this situation different?
I believe that on newer Android devices, the option is to wipe your work profile only, but on devices that don't support it, yes, MDM lets you wipe the entire phone. My own employer just rolled out an MDM option that gives them the ability to wipe my personal phone (this is my personal iPhone, acquired before I joined the company, not a corporate perk or anything) in exchange for being able to use native apps like Slack instead of doing everything inside a work-specific specialized browser. I'm steadfastly refusing to install it, and I'm on the older config with the work-specific app until it stops working.
She could have just as easily lost her phone in a car, or had it break. So this seems entirely irrelevant.
And yes, of course Google wiped her phone: if you're not actively working there, you're not allowed to have access to your past business emails that have been cached, photos of whiteboard drawings you took at the end of meetings, offline copies of strategic Docs, Sheets, and Slides, etc. and other resources that are stored on your phone.
If you use the same device for work and personal, this is just what happens.
They don't. You need to adjust your frame of reference to who is the "device owner" here.
The history to this is that smart phones were originally bought by employers who were concerned about the security of their data on said phones. Or at least concerned enough for BB to upsell them on the capability to remote wipe. In Enterprise IT sales you tend to evolve a bewilderingly large set of marginally useful features because each one was used to clinch some large sale over time. Remote wipe would have been one of these.
Fast forward to the introduction of "consumer" smart phones (first WM5, then iPhone 1.0, Nokia S60, ...) those guys entered a market already dominated by BB with the aforementioned huge set of Enterprise features. In order to make inroads into the market, they implemented a subset of the BB feature set. Remote wipe was in that subset. This is because for a period in history you couldn't sell a phone to businesses if it didn't have remote wipe.
The last evolutionary stage was when people mostly started to own their own devices: users wanted the convenience of carrying just one device while Enterprises wanted to keep as many of their vast set of features as they could. The compromise was that device vendors shipped the phones with remote wipe disabled, however if
the device is connected to an enterprise data source (e.g. via Active Sync), then it is programmed to ask the user to opt in to remote wipe. The choice is between : you get Enterprise data on your phone and also allow the Enterprise to remote wipe; or you pound sand.
Separating "personal data" from "Enterprise data" was a final tweak on this arrangement, although it wouldn't surprise me if devices have a hard time supporting "don't wipe personal data" since the wiping is done by discarding a volume encryption key (for performance reasons -- you don't want to take 5 min to wipe the device while a hax0r is also trying to exfil the data).
Of course from the present day perspective this all looks very odd, but it came about through a series of quite logical steps, like how you make a Duck-Billed Platypus..
Source: I was involved with implementing remote wipe (server side) for all the various phones though this epoch.
As to the ethical question, under some ethical systems, voluntary agreements without coercion are by-default ethical. My employer doesn't force me to install a work profile. They're happy to supply me with a separate phone if need be. But I voluntarily take on that risk for the convenience.
This was mostly out of laziness; I have relatively low patience for doing lots of fiddly configuration on a new device, and don't like the bother of setting up a second account on my phone whenever I get a new one. The only real downside is when I go to a meeting, forget which room I was going to, and need to get out a laptop or go back to my desk to figure out where I was going.
But it's done wonders for my work-life balance and just not thinking about my job when I'm not actually working.
That would reduce the amount of notifications I get from work after-hours. I still don't check them, but having them out of sight would be nice.
But I do have my own phone anyway. We even have a separate wireless network for private devices and guests that is not subjected to any filtering or security screening. All that is really worth having 2 devices in my opinion.
There are also a lot of security benefits if work phones are only used for specific tasks and are locked down as much as possible.
On the other hand, having to manage two devices would be a daily tax. So, yeah, I'm happy with my choice, but I'm happy to accept more information if you have other things I've not thought of.
It can be annoying, or not. Depends a lot on personality, type of work, boss etc.
A lot of people have a phone for work separate from their personal phone...Still, there is a perfectly reasonable middle ground, Google could have requested the employee backup the phone before wiping it since they knew or had reason to know there was personal data on the phone.
I also don't freak out if there's a window open in my bedroom when I'm changing. The chances are small anyone wants to take a peek, and if they do it's not much skin off my back.
So, maybe there are just different kinds of people? The kind that irrationally think everyone is interested in snooping on them, and the kind who have more important things to worry about.
Furthermore, companies like Google have worked hard to blur the lines between their employees' personal and professional lives. I'm not particularly sympathetic to them suddenly drawing hard boundaries when it benefits them.
If it was added with option (1), the GSuite owner can wipe your entire phone. With (2), I believe only the work profile can be wiped.
If it was an iPhone, I'm not sure the controls for managed devices (I don't think it has a work profile type isolation).
Also I think that there are Android models that don't support a separate work profile.
Get a second company phone like anyone with a sliver of opsec intelligence does.
Many years ago ago, at my first tech job, the employer provided a smart phone as part of work/on call responsibilities. (This was still around the era when smart phones were just blossoming as useful devices). Every other employee there decided to use their company phone as both their personal and professional device, while I opted out for what are very obvious reasons. I had my phone and I had the company phone; the latter was only on my person when professionally necessary.
It was common sense then, and it's common sense now. You always keep professional and personal assets separate.
(Fun fact worth noting: not too long ago the company decided to either boot personal usage of company devices, or stop providing those phones altogether. Can't say that I didn't warn them.)
My own employer has us sign an additional document (an addendum to my employment agreement) to get email/calendaring on our personal devices.
(Also my employer is in a regulated industry - trading - where if we talk about work-related stuff on personal devices that don't go through work's logging proxy, the SEC can start digging through my personal text messages in an investigation, in some fashion. I don't know precisely how this works legally, and I hope to never find out.)
That's why Wells Fargo can literally break into random people's home, destroy every possession they have, and get zero criminal charges.
Amazon genuinely tries to embody the Unix philosophy. Two pizza teams that have ownership over their slice of the company, and get to decide how their team/org should operate. As a individual contributor at Amazon, there is zero expectation that you'll have unrestricted visibility into what other organizations are doing.
Google in contrast, breaks every rule in software design. There is no information hiding - everyone can see everything else. Decisions aren't made locally by the team in question - they are made centrally by people you will never see. Or by a mob of random employees who have made it their hobby to lobby against your plans. As a team manager, you cannot even decide which members of your team can check in changes into the (mono) repository - you have to get approval from someone who has been certified by the "readability team", and they have almost year-long waits to get certified.
Amazon is microservices and Google is the majestic monolith.
The Google approach works great at smaller sizes, but as the organization grows in size and complexity, I don't think the monolith approach can still work. I'd wager that is exactly the growing pains they are now going through.
> We’ve seen a recent increase in information being shared outside the company, including the names and details of our employees. Our teams are committed to investigating these issues, and today we’ve dismissed four employees for clear and repeated violations of our data security policies.
> There’s been some misinformation circulating about this investigation, both internally and externally. We want to be clear that none of these individuals were fired for simply looking at documents or calendars during the ordinary course of their work.
> To the contrary, our thorough investigation found the individuals were involved in systematic searches for other employees’ materials and work. This includes searching for, accessing, and distributing business information outside the scope of their jobs — repeating this conduct even after they were met with and reminded about our data security policies. This information, along with details of internal emails and inaccurate descriptions about Googlers’ work, was subsequently shared externally.
> In one case, among other information they accessed and copied, an individual subscribed to the calendars of a wide range of employees outside of their work group. The individual set up notifications so that they received emails detailing the work and whereabouts of those employees, including personal matters such as 1:1s, medical appointments and family activities — all without those employees’ knowledge or consent. When the affected Googlers discovered this, many reported that they felt scared or unsafe, and requested to work from another location. Screenshots of some of their calendars, including their names and details, subsequently made their way outside the company.
> We have always taken information security very seriously, and will not tolerate efforts to intimidate Googlers or undermine their work, nor actions that lead to the leak of sensitive business or customer information. This is not how Google’s open culture works or was ever intended to work. We expect every member of our community to abide by our data security policies.
> Fortunately, these types of activities are rare. Thank you to everyone who does the right thing every day — doing amazing work, while inspiring and maintaining the trust of our users, partners, and each other.
Google has traditionally embraced an open culture so accessing documents outside the scope of your job has traditionally been totally fine & is the stated reason why every full time employee is considered an insider for trading purposes, with legal restrictions imposed on when you can trade.
'm guessing from memory (& this would be from before my time so ex-Googlers with a better memory please remind me), but the data policy was introduced to deal with SREs looking at customer data they weren't supposed to, not about the work product of coworkers.
In terms of people's calendars I'm totally confused - it's super-easy to change sharing permissions even on a per event level. Sounds like it's a pretext - the reasonable approach would be A) Improve training about the available privacy settings B) Improve Google Calendar to make it easier to manage those privacy settings since I'm sure other workplaces have a similar problem.
So the calendar stalking is the bigger problem I think on the part of the fired employees but the "accessing documents outside the scope of their jobs" is total BS. The leaking "sensitive business or customer information" seems like pure FUD - seems like a lawyer-approved way to slander about what happened.
I'm really curious whose calendars were accessed "inappropriately" and who reported feeling threatened. Moreover just accessing a calendar is not something you're notified about so that would indicate this is either BS on Google's part or these people were doing a bit of active stalking on the side. Could come out that everyone is the asshole in this story but given how bad management/labor relations have gone under Sundar, I'd wager that Google is definitely engaging in really shady shit on their own here.
Whether this was a legitimate policy change or a change simply made to find reasons to fire activists, I don't know. But, it was made clear many months ago that digging around to access docs outside your spec could result in a firing.
From the outside it seems like a very legitimate policy change. If my co-workers are stalking my calendar to find meetings they politically disagree with so they can pressure me and/or leak it to the press, well that's super creepy. I think this is a perfect example of why "full transparency" can actually be conducive to a toxic working environment.
Even if it wasn't formally against the rules the intent behind that type of stalking should get anyone who engages in it fired. It's literally harassment. I think Google's change in policy is for the best here as it codifies common sense.
More on topic, I'll note that nowhere did anyone use the word "politics" except you.
> Rivers had said she was being targeted for protesting against U.S. Customs and Border Protection, which is testing a Google cloud product. Berland was active in protests against YouTube for its handling of hate speech policies.
As others have stated in this thread, they were apparently policing people's meetings around these topics. If you don't like your company's legal clients, quit. Do not stalk your co-workers, harass them and leak info about them to the press.
None of the four employees in question have been accused of leaking anything to the press.
Google's statement insinuates many things that aren't actually true.
Do you have any sources that back that statement up? Google's accusations are very explicit about what these people were doing:
The leaking was not explicitly blamed on the people that were fired.
> We want to be clear that none of these individuals were fired for simply looking at documents or calendars during the ordinary course of their work.
> To the contrary, our thorough investigation found the individuals were involved in systematic searches for other employees’ materials and work [...] This information, along with details of internal emails and inaccurate descriptions about Googlers’ work, was subsequently shared externally.
"These individuals subsequently leaked some of this material."
But the statement doesn't use this very natural wording, it uses a strange, highly passive, construction. One is left to wonder why. To be fair, you're not the only person who fell for this trick, I know a lot of very smart people who didn't notice this until it was pointed out, but it is a trick.
Edit: replying to your other comment, You're asking me to prove a negative, that these individuals didn't leak anything. Why should I do that when they haven't even been explicitly accused of having leaked something? No one, not the employees, and not google, as claimed they leaked anything. Google claimed that some stuff was leaked. This is true. And yes, its hard to read Google's statement and come to that conclusion. That's intentional it was worded the way it was very carefully. That's the point. They're being duplicitous.
Is there anything beyond the semantics of the Google statement that makes you feel that it's false?
To be clear, I believe that everything Google has actually stated is factual. You're just drawing wrong conclusions from partial information. So in one sense, no, because Google hasn't lied. I don't have any proof that I could share. But yes, I have strong reasons to believe the things I'm stating.
As an aside, are you a native English speaker? There's some very interesting cultural aspects when assigning blame. In American English, its the norm to assign blame directly "John leaked the documents.", whereas in other cultures/languages, a passive structure is more common "John had the documents. The documents were leaked." This would be a common and correct way of blaming John for leaking something in some cultures, but in English it isn't.
Presumably Google and its lawyers are primarily English speakers.
Out of curiosity if you think that the statement is true, but constructed in a way that hides information, what do you think actually happened? If I understand your position it looks something like this:
1. The four people mentioned setup watches on people's calendars, went looking for information on people... the targets of their searches weren't part of their every day work life.
2. They shared that information with someone (no one knows who) but not the press or externally.
3. The people who had the information shared with them then leaked it externally.
4. Google found out and fired the original four people from step 1 and wrote a memo deliberately masking step 2.
It's possible the above is accurate (please let me know if I got your position incorrect), but I don't think the wording of Google's announcement alone is enough to prove that. I'm apt to take it at its face value, especially because step 1 is by far the worst part in my mind and that doesn't seem to be in doubt.
That's why I'm curious if you have some inside knowledge or something (your bio says you work at Google).
Are they? If you can quote for me where Google actually states these people leaked material, I'll concede the point, but they don't. Google says two things:
1. These four individuals searched for information that was outside of their job scope
2. Information these individuals searched for (along with other information) was shared externally
They don't claim that the individuals that did 1 also did 2, in fact the statement is carefully worded to not make that claim, but to still heavily imply it. The untrue (or at least, unsubstantiated) insinuation in this case is that any of these people leaked things to the press.
Were this criminal court, the burden of proof would be on Google to show that people who did the information gathering did do the leaking.
This is, of course, the court of public opinion, so one's own biases will come into play on who one assumes is telling the truth. But Google's internal statement (at least, what of it we've seen) doesn't connect the dots tightly enough to eliminate reasonable doubt.
"Hey, I guess we didn't think we needed to make it explicit that you shouldn't stalk, leak about, or facilitate harassment of your colleagues because they're working on projects with which you have personal objections. Let's now be clear that's not OK; these people just got fired for it and now we're going to make bright lines around that type of conduct to be clearer about the company we are."
I would care if the person doing this then leaked my meeting information and tried to use my meetings for political gain.
Bloomberg article for example: https://www.bloomberg.com/news/articles/2019-11-12/one-googl...
"A Google spokeswoman said the company is investigating the employees who were placed on leave. One of them had searched for and shared confidential documents outside the scope of their job, while the other tracked the individual calendars of staff working in the community platforms, human resources, and communications teams, she said. The tracking had made the staff in those departments feel unsafe, the spokeswoman said."
IMO, this is grey behavior. Certainly stalking people is creepy. But how is this different from accessing any other web page that isn't behind a security boundary?
This is at least partially a Calendar problem. Its difficult to set up G Calendar to keep personal appointments private without lots of manual intervention.
Either Google has proof that it was the fired employees and are being weirdly vague about it, or they don't actually know that it was them. If it's the latter, that is extremely scummy on Google's part to heavily imply it was those employees without proof.
The calendar notification feature does not discriminate, but it also doesn't automatically leak data to an external source. So if, hypothetically, one believed a coworker was involved with a project the company was trying to keep hushed up (such as a search engine built conforming to the design constraints of the Chinese government, or an object recognition tool for military applications), one could keep an eye on the evolution of that project by turning on calendar notifications and observing what meetings that coworker is invited to. But if that coworker also puts "Doctor's appointment" on their work calendar, the observer will of course be notified about that also if the event is made (internal) public.
Now, once the observer is notified, they may have chosen to leak to an external source "Hey, a name-notable VP appears to be having a meeting on Thursday titled 'PROJECT: DEFINITELY NOT FACILITATING CHINESE CENSORSHIP'." That doesn't imply they chose to then leak "And they have a doctor's appointment Friday."
Google has made the claim the individual in question set up notifications, and those notifications may have caught medical appointments and family activites. Google has made the separate claim that some information was leaked externally. Google has notably not made the claim that doctor's appointments, family activities, etc. were leaked externally.
... and the privacy concerns we honor for people's personal lives do not necessarily extend to the work they're quietly doing on things the public may find unacceptable.
See the slippery slope there?
Building vaccines is unlikely to be an activity in violation of the law; exporting algorithms to China is far more delicate.
We protect whistleblowers for a reason.
Software is, however, still regulated by export control (https://www.millercanfield.com/resources-alerts-845.html). This is currently a hot topic, as China has used facial recognition software in ongoing persecution of the Uighur minority. The US government responded by blacklisting several Chinese firms, and selling software to those firms could land an individual in jail (https://www.nytimes.com/2019/10/08/business/china-human-righ...).
I'm not saying Google did anything illegal in its liaison with the Chinese government to build out a search engine to their specifications. But it is exactly the sort of business venture that needs to be carefully monitored and that whistleblower protections are intended to guard.
In this case, the intent seemed to be: to stalk political opponents. Unacceptable abuse of the open culture.
Most reporting and discussions I've seen about this, pose the firing as union-busting behavior by Google. I also disagree there. Just because it took aim at people wanting to organize and rally for their cause, does not mean their cause was the motivation. To me, it means these people took their cause too far, mixed it with work, and publicly attacked the decisions of their colleagues, because these were perceived as homophobic. Just because you are an LGBT+ in reliability engineering, does not mean you get to raise a fuzz anytime Youtube makes a (better informed, less biased) decision you don't agree with. That gets tedious and detrimental to work relations very fast.
Yes; but just because an employee can access data doesn't mean that they can just do anything they like with it, does it?
The complaint from Google seems to be that access was used to harass, leak personal information and surveil the actions of other employees.
If that's true, then "well, you gave me access" doesn't seem like a strong defense.
An interesting question for Google to answer would be how many Google employees have accessed/crawled all the internal data. Considering the sort of talent, curiosity, and technical skills that Google hires I would expect that the four fired workers are not unique in that regard.
Maybe they’re both guilty of wrongdoing. In the end it’ll likely be difficult for them to prevail over Google.
Plus, as many people have said over and over, leave your politics at home, despite this “bring your whole self to work”. It just opens you up to more scrutiny. Of course google is to blame for fostering this attitude. I’m sure they regret their initial idealism and realize you simply cannot mould people into your vision any more than a few societies have tried and failed at raising the perfect citizen.
To be clear, there is a right to unionize. There isn’t a right to politicize work and bring your personal politics into the work realm.
I don’t want to hear your take on 1A, 2A, reproductive rights, medical rights, whatever, at work unless it’s a conversation we volunteer to enjoin in.
Work is the most significant part of our lives in terms of how much time it requires. It's a give and take - you can ask for concessions from your employer just as they can ask for concessions from you. It's not just "accept everyone and everything exactly as it was before", that's ludicrous.
And unionizing has been made political by corporations - it's simply a smart and legally protected right to improve workers' negotiation power in the face of huge corporations.
Hiring women and racial minorities at all, and then to particular positions, was a political issue for a long time. It still is, in many places and companies in the world (hiring a woman or minority to positions could get you killed). The idea that politics and people and corporations are not intimately intertwined is a reflection of privilege.
Politics is necessary to structure the relations between people. But that doesn't mean that politics pervades every corner of life. You might as well argue that "life is about water" because we can't do without water.
I'm not saying that your kulturkritik perspective is without any value. It has value. But there are other perspectives that also have value, and you should seek them out. If you don't, you'll only have one perspective, which is an ideology. Ideological people do bizarre things like spying on their coworkers and then playing the victim when they get fired.
The failure to discuss power doesn't make things any more or less political, either. It just makes you mute.
But from the outside perspective, America's democracy looks complacent. It appears as if a major aspect of the American political game is wondering whether black people or Latinos are going to vote more. What a game. There's a nasty smell here, and one wonders the degree to which people might carry on amid that nasty smell because they are so very tired of the blah blah.
America already has a culture of avoiding political talk in person. Is it working? Does American democracy smell healthier than ever?
Everyone should be voting. If everyone voted, people might have to start talking about black futures.
But it does, whether we like it or not. Everything from the media we consume, to the drugs we take, to how we expect our significant others to behave in a relationship, to what software we use - is political in one form or another. The politics isn't always national or party politics, though. For example, software freedom is a very strong and popular political goal among technologists, and because of that, proprietary software is political. The fact that some people are ignorant of that fact doesn't change it.
And "having one perspective" alone does not constitute ideology. Most people are extremely ideological; people forget that just because an ideology seems natural or is normal, it doesn't mean it ceases to be an ideology. Belief in the democratic state is ideology, freedom of speech is ideology, the US Constitution is ideology, the democratic process is ideology, the culture propagated in daily life is ideology. I think Althusser and Lefevbre made a very good point about how ideology reproduces itself and how everyday life is subsumed into ideological functions of the workplace or the state. Culture, like anything else, must reproduce itself, a dead culture is one that failed to reproduce itself. Within this reproduction we are making all kinds of choices (conscious or not) to keep certain elements of our society in moving forward.
There may come times when I think this or that sibling is favored or given the short shrift, but not in every single interaction.
As Zizek asks, what do you do the day after the revolution?
Most people just want to go about their daily business. Most people don’t want to have on going never ending political processes like some revolutionaries do, just because they can’t abandon that mode.
Thing is, waiting usually makes problems worse. Divisiveness seems on a recent all time high already, and two political extremes won't just cancel each other making everything go back to normal. One of them will probably just win. That's how it went prior to the Reich, at least.
So yeah, increasing divisiveness makes defending the good parts of our current societies require more and more effort. Had we not let it get to were we are now we would have required a lot less "being political". Waiting will likely make it worse down the line.
Yes, politics is a never ending process. Since there will always be rules needing to be revised and people trying to use that processes to gain power. Again, allowing this to happen initially and undoing so later will require us to pay extra.
But yeah, obviously most people just want to live their lives not having to spend their valuable time (and more) on politics. Doesn't mean this is a great move. Even more so in times were shit is about to hit the fan.
Me neither. But being critical and analysing our desires and interests should be the supreme goal of any self-reflecting person. It is possible to enjoy media and relationships while being aware of what drives you to make certain choices, and importantly, what drives others to make choices. Why is your culture the way it is?
The fact that "everything is political" (a phrase I try to avoid using because of its ignorant lack of nuance) does not mean we have to constantly think about it. Climate change activists will use buses, Marx still got Capital published through a publishing company, and I still watch porn sometimes. The point is to be aware and critical about what you do, not necessarily while you do it.
What I don’t want is anyone making it a point to bring their personal politics to work. We have other forums for that.
Don’t politicize every part of our existence. I wanna go to work and provide some productivity to my employer. If I don’t like their politics I can vote at the ballot box, donate to causes, volunteer etc. I don’t need to bring my POVs to work. You may not like mine, I may not like yours. We don’t need this kind of confrontation at work.
Unionization is political but it’s on a different plane. It’s worker vs employer rather than potentially worker vs worker.
Do we really want to approach a time when one group of workers takes one side, another takes another side and they protest against each other and cause disruption to the vast majority who have no interest in getting personally involved?
Presumably both groups would have this “right” though be their opinions different.
* In the US, and in Tech, I hardly think trying to organize a union is going to not have worker v. worker politics. "We should organize" involves all kinds of Why's and How's about which there are widely divergent opinions among today's workforce.
* Employers routinely bring politics into the office, for starters by funding Political Action Committees and lobbying for what they perceive to be in "the company's" interest. I actually heard a COO in an all-hands once say "yeah I guess we don't support the Democrats <chuckle>" -- so if your employer is going to make their support of Candidate X part of the work culture, is there any reason other than job security why I'd want to keep my support for Candidate Y under wraps?
The American life has been completely subsumed into corporate culture. These other forums have either been rendered useless through an impossible-to-navigate political system that swallows any real momentum, been disbanded due to the nature of work requiring communities to fragment and move, or are facades for community like you see in Reddit or HN--posting isn't politics, people.
I have the same inclination with you that I don't want to hear other people's personal politics at work (likely for different reasons), but it's unavoidable when every company attempts to become your family. I don't really know what to do about it, but I don't think it's as easy as HN believes it to be.
And few forums affect us for 40 hours / week of working plus whatever impact they have outside of the workday. And few forums provide the opportunity that our employers do. Getting Google to care about climate change has far more of an impact than holding a sign up in the street does.
> If I don’t like their politics I can vote at the ballot box, donate to causes, volunteer etc.
Good luck - your employer can spend billions per year and make your efforts inconsequential.
> Unionization is political but it’s on a different plane. It’s worker vs employer rather than potentially worker vs worker.
I'm glad you've come around! But this is also potentially worker vs worker, as there are plenty of workers who are happy to not negotiate on a level playing field, and who are happy not to have things like healthcare or higher wages for all (there's a weird strain of authoritarian subservience in American workers).
> Do we really want to approach a time when one group of workers takes one side, another takes another side and they protest against each other and cause disruption to the vast majority who have no interest in getting personally involved?
This has already been happening with union protests for hundreds of years. Workers don't always agree and aren't always compelled to join a union. Corporations hired groups like the Pinkertons to attack unions and kill some disruptive workers (and your employer has recently hired a firm know for squashing unionization efforts...).
Nondisruptive protests do much less to effect change than disruptive ones. Rosa Parks was disruptive when she sat in the front of the bus, early unionizers were disruptive when they shut down factories and rail, unions and activists were disruptive when they marched for civil rights, or against murders and abuses by police and government. The US was founded on such principles - tossing tea into Boston harbor was a political, disruptive act, and I bet the workers on the ship were pissed about it the next day. None of these past actions were undertaken by a majority. A minority of people supported the patriots in the Revolutionary war and fewer still participated.
Some peoples mere existence is political, hiring black people or women is sometimes seen as playing some sort political card. And for the people who have been hired they must personally defend their presence.
Corporate wants to be perceived as authentic, but they mean something entirely different. And professionalism dictates that you either get it or don't. I am not fan of emphasized professionalism, but I restrict myself in the interest of the business from time to time. Because that are largely my interests too and that of my colleges if you have a cooperative relationship.
That said, I do think unions can be a worthwhile endeavor and they can be constructive, especially for larger employers. Googles actions strongly seem to hint that they disagree though and this could be a case where they just wanted to get rid of some inconvenient people.
And most of that stuff needs to be left at home. Work is a rarefied environment where we're paid for our time to focus on someone else's problem.
And in tech and other skilled professions, how many of us go over 40 hours for keeping our skills up? Or for finding new positions? Or for education to enhance our careers? Work is clearly the most significant part of our lives.
Those who work from multiple locations might understand this better, independent consultants maybe best of all: Work is a thing you do, not a place you go.
if it doesn’t, then workers don’t have a right to self organization , and that, uh, doesn’t end well.
i don't like that.
“Accept large sums of money for building your boss’ vision for tomorrow while complaining about it” has a lot going for it, but I have a hard time actually sympathizing for folks that think they’ve a right to that.
People feel confident because they have many like minded colleagues. What happens when the winds change? Are people going to be happy when the workers of Exxon decide that it’s in their best interest to extract from some wildlife refuge? It’s not a good idea. We have laws that should govern corporations and businesses . It should not be a referendum for everything.
> Are people going to be happy when the workers of Exxon decide that it’s in their best interest to extract from some wildlife refuge?
No, but that's because they're not happy when the managers of Exxon decide that either?
Really the underlying problem is that giant companies and especially media companies like Google have a very large amount of political power. Almost more than the big parties, and certainly more than the average grassroots organisation. How google uses that power matters.
If Google want to be apolitical, the very first step should be to end all their corporate political donations and PACs. A good second step would be to end all recommendations (ie free promotion) for political videos on youtube.
We should all be free to form our own opinions, whatever they may be, and not fear retribution from anyone.
But when you have to make a difficult decision (whether to ban a popular Youtuber for hate speech), make that decision based on precedent, the good of the company, and for the users. Don't view it as a personal attack to your political beliefs, and default to banning when the free speech happens to clash with your beliefs, while defaulting to complaining when people talking about LGBT+ rights get demonitized.
Also, if you are allowed to take your politics to work, accept that others may bring their opposing politics to work too. The vocal conservative-right Googlers are in the minority, and are mistreated as such by the political power brokers. A union should be for all the workers.
For example you can advocate for unions but you don’t have to conflate that with your personal politics.
I may simply want better working conditions with no strings attached.
If the entire union pitch is "the bosses are greedy fat cats, let's get them!", I do think that's toxic. There are good reasons why companies can't ban even toxic kinds of union organizing, but I would be very unhappy if I had to hear that all the time.
I find myself wondering (from the aggregate of posts in this topic) how many people actually have union experience. Unions are highly political creatures. In my state, at least one of the unions requires during election seasons that their membership take time out of their personal lives (time the union knows they have because they've held hours and overtime standards for over a century) to work the phones to stump for political candidates the union supports.
When you see a union taking stances on random unrelated political issues, that's not solidarity. That's union leaders exploiting solidarity for their own political benefit.
If you accept sexual harassment, abuse of power, support of dictatorial regimes, etc. at the workplace you are going to live in a hell hole for the lest of your life. I will recommend being smart about politics and do it from inside a union or other protected group. But, to never just accept that things are bad without remedy. We have gotten really far as a society to give up now that things are easier to change than ever.
> I’m sure they regret their initial idealism
What great things Google have done since? Google is big enough and rich enough to not have to innovate or do anything interesting anymore. Google is just another part of the system. But, for any startup is impossible to succeed without people involved with strong believes and able to move and inspire others.
Google change makes sense from an economic perspective. But, as a society hurts us and we need to fix their attitude individually and together through unions and other collective actions.
And Google spans such a wide range of users' lives, that at Google at least, it's going to be hard to do one's job properly in a lot of areas of the company without having some political / philosophical conversations about free speech (YouTube bans and censorship), the right to bear arms (Google's block against firearm ads), etc. One can consider the decisions the company makes to be divorced from political issues, but politics ultimately rides atop philosophy, and companies are entities within societies, so the politics will inevitably come into play.
If political strategic decisions are something Google is deciding is "above the pay grade" of swathes of engineers, that's a decision they can make but it is a shift for the company from its roots.
Why do you believe this is true? CA has arguably the most employee-favorable laws in the country, particularly wrt workplace discrimination.
I would withhold judgement until more facts come to light; an important one being which legal firm(s) they have chosen to represent them.
If I had to bet now: Google settles before it goes to trial; plaintiffs walk away very rich in exchange for signing a non-disparagement agreement; no one else will know the full story.
If she had personal photos on the phone, she had copyright on those and Google flat-out violated that specific right by denying her access to her works.
Remember, what's written in a contract cannot go against the law. Copyright is very firmly enshrined in our legal system.
There is similar understanding about how de-corpification works if someone's phone gets de-corped (though I doubt most employees read the fine print).
Remember, copyright gives the owner of the work full control over it. For Google to remove that specific control without a court order means they're violating the law.
Go read chapters 2 and 5 of Title 17. This makes it abundantly clear.
Who’s data did they access? What data was accessed? How was that data used?
Google knows they’re in a bind, because if a few SJWs accessed internal Google data in a “bad way” (as viewed outside the Bay Area monoculture) then that’s going to be a really bad look, maybe even worse than a hacker.
If they just subscribed to public calendars, it doesn't sound like such a big deal (after all... the data is public). But if they used an internal API or used their position to elevate their privilege, that's a big deal.
So say Alice who is a Search Engine Data Analyst finds that Daryl over in Corporate Finance has a meeting "CBP update Washington". Alice reasons that CBP is US Customs & Border Patrol who she believes are inhumane and Google shoudn't work wit them - and she pulls up all Daryl's other meetings and sets an alert to tell her if Daryl books any other meetings with the word CBP in. Alice gets fired.
The problem for this current plan is that sure it looks like Alice is being fired for _snooping on corporate plans_ which historically wasn't against Google's rules but is also not a legally protected activity. Sure, she was snooping on those plans for the same reason she was organizing (to stop Google working with CBP), but that doesn't make her fired for organizing.
The most senior person I knew properly at Google left citing this sort of ethical problem as one reason, they felt that working on products that might be used by people who had beliefs they disagreed with was unacceptable. Weirdly they left to work for... a famous AAA video games vendor that specifically brought them on to add obviously unethical monetisation features to future games which prey on people with gambling addiction and other problems. We have agreed to disagree on whether this is outright hypocrisy.
At the very least the game company doesn't have the power of the state to force their shitty loot box gambling on people where CBP et al do. That is CBP /will/ use the tools Company X develops on anyone and the video game you can not buy. They may be ruining a game you want to play but no one is forced to play the Gashapon MTX Slot machine games.
You could potentially have to hand your personal device over to lawyers where they can then put your personal device through an e-discovery process should your employer be sued .
People need to really think hard before they relinquish that kind of control of a device that you own.
There's also questions about "IP" law here. If you're developing interesting software at home, having separate hardware for that work is going to be critical for the legal analysis to get funding, etc.
Those at Google who undermine the power of labor to organize are evil people.
Google's management is having a hard time in dealing with this aspect, evidently by the scaling back of their weekly town halls, internally categorized as "TGIF meetings", mostly known by the public as those quick fire chat Q&A sessions with management. The recent cancellations of many Google products and services were probably an indirect result of this too, it was also an attempt of scaling back. Its huge size must have exceeded the current limitations of their operation structure, unless some of its core policies and missions must be altered significantly. A few of these changes may have already been carried out, the hiring of an anti-union organization and the installing of internal web browser monitoring tool.
This begs the question though, when you have something that got scaled up to such an enormous size which inevitably would accompany with more unique and challenging chaotic scenarios, what are the possible approaches to resolve these situations in a harmony and effective way? The solutions are not easy and these problems are becoming increasingly common in our modern world. The same issues that were once very simple have upgraded themselves to become much more difficult to deal with and with many added layers of complexity.
I attended a recent startup event in Vietnam in which Mr. Nguyen Thanh Nam, chairman of Endeavor Vietnam, told the story of his personal experience in facing a similar challenge in managing a large number of people. The numbers were probably not at the same crazy level at Google's but the effective solution for him in the end was to go and live in some rural villages for a while where thousands of people manage to participate daily in a very large but well-behaved community and all in harmony.
The challenge facing with an increase of diversity is alignment. The greatest benefit of diversity is new innovations, but only if its chaotic nature can be managed by correct alignment. Without this anchoring element, things will quickly spiral out of control. To effectively aligning a massive group of people, this anchoring element must be based on basic core values or principles that naturally DO NOT or RARELY CHANGE over time. There won't be any consistent alignment if those values change too often or just cannot be applied effectively for long enough. I believe Google might be approaching it incorrectly. Some of the methods reported by the media seem very similar to censoring. That is not alignment, that is the equivalent of putting a dome structure over everyone. It would slowly create an environment that inhibits creativity limiting people's abilities. It's certainly an alternative method but just not a preferred one.
Correct alignment is a much better and more efficient method for the long game. Talents and technical skills can all change very quickly in modern time, what binds people together are the common mindsets and personality attributes that are always considered good under any environments and withstanding any degrees of change. This alignment is applied even to the management themselves, and not just to the engineers whom they manage, it is actually more critical at the top level. What is the Google's personna? There should be a mechanism in place for the management to detect when they are deviating too much from the anchoring alignment as well. What we are seeing at Google is probably an early sign of this deviation, or perhaps the values being used in aligning everyone together just do not have as much longevity?
"I wish I had a job where a corporate phone was a thing, but I certainly wouldn't give my employer access to my personal device, that's what the one they provide in this situation is for".
Some people apparently forgot why they come to work.