This isn't a cut-and-dry issue. The internal tool was purportedly used to alert about privacy and security issues on external websites. But the message sent to users was not privacy or security related.
Of course Google is right. She happened to get two coworkers to approve what she was doing.
If I got a manager who I was friends with to approve my purchase of a fully decked out $53K Mac Pro so I could finally use Slack at a decent speed when I am working from home, wouldn’t you think there was something fishy?
Since you can’t spend 53000 dollars on a Mac laptop last I checked, yes! However the whole purpose of a managerial hierarchy is to establish a responsibility chain so at very least I would expect the manager to also get fired.
Google doesn’t care about these antics. They, like all employers, don’t want their employees to have meaningful bargaining power.
Well, there have been plenty of stories about toxic managers in tech companies. If your manager said it was okay to hit on your coworker does that absolve your responsibility to have good judgement?
And as far as having “bargaining power” they are tech workers at Google. If they have even a modicum of skills they have the ultimate power - they can walk away and get another job.
Heck, I’ve worked at a bunch of no name companies over 20 years and even I can walk out of the office and have another job in two weeks and this is nowhere near the west coast.
A single employee walking away has no power to change the status quo at google. A lot of them, however, do. That's what google and all employers wants to crush before it has a chance to coalesce.
Why is that? You can't just get code review / deployment approval. You need to have approval that a certain feature or process is wanted / needed for the system. My guess is the sec engineer in this story did not get approval for this feature in the first place, she just went ahead and changed the code.
What if this change allowed passwords to be captured in plain text? Browsing history? Surely those are fire-able offenses? So how is this situation any different?
So if she escalated her privileges and bypassed the approval process, yes, of course that should merit severe punishment. But that's not what happened, according to Spiers.
Giving her the benefit of the doubt for the sake of argument, you'd agree there's a huge difference between adding malicious phishing code to a company tool, versus displaying a text notification that doesn't fit the tool's original intent?
The text in question read, “Googlers have the right to participate in protected concerted activities.”, which is arguably different than the usual privacy/security warnings that the tool was intended for. But is it a fireable offense, versus an offense that warrants reprimand?
To put it another way, I think very few people would be bothered by Spiers being fired if the text notification she added were "Heil Hitler!". But that kind of content is fireable for a number of reasons. Whereas Spiers note about union rights, while inappropriate for the given plugin, is not patently against Google policy, and (again, assuming it's just a text notification) did not endanger the company.
If an employee tries to set fire to company equipment, they should be fired. If they draw a swastika on a bathroom stall, they should be fired. If they post up a pro-labor pamphlet in a bathroom stall, where it's against company policy to post any materials (regardless of content), should they be fired or reprimanded?
All these 10x developers terrified they'd have to make a reasonable wage like the rest of us serfs.
*By the way, that's very much sarcasm since a well organized union doesn't need to cap wages at any level. It's just the argument that keeps getting put forward and I get sick of it.