39 comments

[ 4.7 ms ] story [ 89.7 ms ] thread
(comment deleted)
I don't get it. Cracking down on leaks is called security. Everycompany should do it, and the big ones certainly do. What's the deal with that?
Sure but if you setup a system that encourages leak reporting by your employees and then unjustly fire an innocent person claiming they leaked data, wouldn't that be a big deal?
I suppose it's a signal-detection problem.

One would need to understand the frequency at which misses vs false-alarms happen to judge whether this is a big deal or not.

From one data-point alone, this is absolutely a "non-story".

(comment deleted)
I am pretty sure firing requires much more than reporting by employees. It just gives them a place to look. Given the verbosity of the logging they collect on employee laptops, as seen in the Levandowski/Uber case, I am sure they can get solid evidence leading up to a firing.
In my country you can fire everybody all the time. Of course the literal wording in the law is different. So the lawyers will figure out how much money your employer needs to pay you after. The major question for the employer therefore is not whether or not he can fire, but whether or not he can afford the budget cut.
Sure. Though there is a culture cost to an environment where you actually fire people without cause.
Well, people get fired for wrong/incomplete reasons all the time. And if the employer can't proof it well enough he just needs to pay more. Most of us are happy to get 50-200% of a year's salary for no work. That's why it's not really a big deal or a problem for society.
I have no idea what this means.
Well, it would be better to either not say anything, or ask some kind of question that brings the conversation forward. I really don't want to guess what you don't understand. E.g., I hope you mean what "getting fired" means. But maybe you don't know that getting fired often results in receiving a severance package when the employee sues? But that is common practice as well. So really, from where should I pick you up?
who said the person was innocent? I would give google benefit of doubt that it's in their utmost interest to identify the actual leaker and not just make an example of anyone
You might be right that the person was not innocent.

No, you do not give the accuser (and in this case, the company firing someone from their job) the 'benefit of the doubt' in my world.

Either it's a clear cut case (fine) or it's not (if you fire someone in this case, you're an asshole working for a shitty company).

Now, I'm not saying that Google DID this. But the defendant should have the benefit of the doubt.

google dismissed the person. I'm giving google benefit of doubt to dismiss the actual leaker. Why would google dismiss a random individual who may be innocent? It doesn't provide them with the resolution they seek
Well that is why you have to have a "fair" discipline procedure with the right to be accompanied by a "friend" and appeals process heard by a member outside of your team.
This is a non story. Product leaks have a massive business impact. Hence Apple's culture of extreme secrecy. Google is somewhere in between
It doesn't seem that simple. It sounds as if the scope includes more than just products.

> The lawsuit alleges that Google’s leaks policy covers essentially all company information and prohibits reasonable discussion about company activities.

...

> One policy allegedly even prevents employees from writing a novel about working for a large Silicon Valley corporation — like, for instance, Dave Eggers’ dystopian novel, The Circle — without first getting final draft approval from Google.

John Doe v. Google, Inc [1].

[1] https://www.scribd.com/document/334736972/John-Doe-vs-Google...

Not sure that would be Justiciable on first amendment rights alone
Google is not bound by the First Amendment - only the federal, state and local governments are (and institutions they run, such as state universities).
Banning employees from discussing pay /conditions etc is illegal in the USA
From Google's internal investigator's memo:

> If you’re considering sharing confidential information to a reporter—or to anyone externally—for the love of all that’s Googley, please reconsider! Not only could it cost you your job, but it also betrays the values that makes us a community.

So the question is-- what constitutes "confidential" at Google?

Let's say a bad apple-- coworker or boss-- is abusing their power in a way that affects a particular class of employees, and the employee has exhausted the proper internal channels without success/resolution.

Is that information "confidential" according to the typical contract Google employees sign?

Your example would actually be part of a different mailing list . See https://www.bloomberg.com/news/articles/2017-05-23/at-google...
To essentially repeat the question: what happens if the employee cannot resolve a problem that affects a class of employees using this internal mailing list? Is the employee's account of such an abuse of power considered "confidential" according to the terms of their contract?

I'd really like to hear an answer from a current or former Google employee, and preferably a yes/no answer.

I see the memo author is former US Dept State diplomatic security. I always thought of State DS agents in terms of personal protection and not so much counterintelligence and investigations. Guess I was wrong. I would have expected to see a senior ex-FBI or former IC community member in this role.
Prior to Google, he had 6 years as a "Special Agent" for the US State Department in Israel. He lists his department as DS/CI, where CI would be "criminal investigations". So, specifically in the subarea that's doing that. That agency, for example, investigated and apprehended one of the 1993 WTC bombers.

Interesting story involving Mr Katz: http://www.dailymail.co.uk/news/article-2224589/Google-threa...

Great link. I'm pretty sure the CI stands for counterintelligence, but I may be wrong. Regardless, I have no opinion, just though it was interesting to see where former DS agents find themselves after service.
Looked it up...you're right:

"Bureau of Diplomatic Security, Office of Investigations and Counterintelligence,Counterintelligence Division (CI division)"

With 3 branches:

DS/CI/ASB - Analysis Branch

DS/CI/IB - Investigations Branch

DS/CI/PPR - Policy and Programs Branch

I'm curious on others insight about one section of the email management sent to employees regarding leaks:

"Please remember: whether malicious or unintentional, leaks damage our culture. Be aware of the company information you share and with whom you share it. If you’re considering sharing confidential information to a reporter—or to anyone externally—for the love of all that’s Googley, please reconsider! Not only could it cost you your job, but it also betrays the values that makes us a community."

I certainly understand the potential business impact leaking information, but what is the aspect of the Google culture a leaked email harms?

The culture of transparency.

Google is enormously transparent internally. The more there are leaks, the less incentive there is to be transparent.

Trading the short game for the long game.
You're right - it doesn't apply to culture.

The "corporate person" is being a sociopath as usual and rather than saying "it harms our company" they attempt to spin it into something that hurts the individuals that work at the company. It doesn't. It hurts the "corporate person", but they can't come out and say that.

Lawsuit against world's leading AI corporation that tries to stop leaking secret dank memes. What a time to be alive!
Reporter decries company for prohibiting its employees from discussing company business with reporters.
I think it's more than fair to expect a company aiming to make the entire world population fully transparent to itself, to be transparent to the media/public.

Eric Schmidt believes you shouldn't do anything you wouldn't want to share with anyone (aka Google). Why doesn't that work both ways? Does Google have "something to hide"?

Or is Google exempt from the whole "privacy is a thing of the past" situation these companies are trying to force on us all?

It's sad to see that they've harmed accessibility (no more transcripts) under some misguided notion that it helps keep secrets. The video of these talks is still available, of course. Maybe it's captioned?
Always raises the issues of due process.

An interesting challenge when I was there was leaving your workstation unlocked. You go up to get a soda or something and don't want to lock your workstation, go get your beverage, come back and reenter your password. But you should, someone in your cube or nearby could prank you and send an email to the group of an embarrassing nature. Of course they could also send an internal only email to re/code which if they didn't like you might get you fired.

The key is keeping the investigation folks above reproach. If they can't convince that they have done a fair job investigating, you open yourself up for a lot of issues down the road.