Accessing user data is one of the 2 main ways to get fired (the other is being racist or making sexual harrassment) at FB. There are warning signs everywhere and the company does a great job in letting you know the boundaries.
That may not have held as true in 2015 as now, but what's the point of reporting an event happened 6 years ago, when the world had a completely different face?
The employee mentioned in the title was also fired, so that part doesn't seem like it was different in 2015.
But as the victim, does it matter to you if a Facebook-employed stalker gets fired? They still have your data.
The bulk of the article is about how Facebook intentionally makes user data accessible to many thousands of employees and relies on measures to audit for inappropriate access after the fact. The concern is not about whether people should get fired or be told it's a fireable offense - the article mentions that many people were fired for this in 2015 - the concern is that the data is so easily available in the first place. From what you're saying, that seems still true: if Facebook has to warn employees against inappropriate access, it means the technical possibility of inappropriate access remains. It seems entirely possible to design systems in a way where access to production data requires live signoff by another employee, etc., and certainly isn't granted to thousands of employees as a matter of course.
I actually think the title buries the lede (and the HN-truncated title even more so). The article starts, "Facebook fired 52 people from 2014 to August 2015 over abusing access to user data, a new book says." Fifty-two people is a lot!
(And I am curious about your description of it being a "main" way to get fired - at my finance employer, insider trading is very much against the rules as well as the law, and we have annoying compliance training about it, but I would hardly call it a "main" way to get fired precisely because it is by and large not a thing people do! If we fired 52 people in a year-ish for insider trading, I think you would be entirely justified in asking questions even though they were getting fired.)
3 comments
[ 4.1 ms ] story [ 15.3 ms ] threadAccessing user data is one of the 2 main ways to get fired (the other is being racist or making sexual harrassment) at FB. There are warning signs everywhere and the company does a great job in letting you know the boundaries.
That may not have held as true in 2015 as now, but what's the point of reporting an event happened 6 years ago, when the world had a completely different face?
But as the victim, does it matter to you if a Facebook-employed stalker gets fired? They still have your data.
The bulk of the article is about how Facebook intentionally makes user data accessible to many thousands of employees and relies on measures to audit for inappropriate access after the fact. The concern is not about whether people should get fired or be told it's a fireable offense - the article mentions that many people were fired for this in 2015 - the concern is that the data is so easily available in the first place. From what you're saying, that seems still true: if Facebook has to warn employees against inappropriate access, it means the technical possibility of inappropriate access remains. It seems entirely possible to design systems in a way where access to production data requires live signoff by another employee, etc., and certainly isn't granted to thousands of employees as a matter of course.
I actually think the title buries the lede (and the HN-truncated title even more so). The article starts, "Facebook fired 52 people from 2014 to August 2015 over abusing access to user data, a new book says." Fifty-two people is a lot!
(And I am curious about your description of it being a "main" way to get fired - at my finance employer, insider trading is very much against the rules as well as the law, and we have annoying compliance training about it, but I would hardly call it a "main" way to get fired precisely because it is by and large not a thing people do! If we fired 52 people in a year-ish for insider trading, I think you would be entirely justified in asking questions even though they were getting fired.)
So I think this is entirely reasonable reporting.
Yes, I think so, certainly. It matters in that the person is punished for the bad thing and no longer has access.
It’s like asking whether it matters if a rapist is jailed because the victim still has the trauma of the rape.
I think that having strict punishment is good and should be part of other controls that prevent inappropriate access in the first place.