[glurgh]

I don't think Arrington is particularly credible nor do I believe Google, as a matter of course and policy, runs around reading specific users' emails. But the comparison to Enron is not necessary for something like this to at least conceivably have happened. After all, this happened

http://www.wired.com/threatlevel/2010/09/google-spy/

I tend to believe Google's GC and think Arrington is having some paranoid attention-seeking fantasy. At the same time, can some schmoe at Google read a gmail email? It seems like they can.

[skj]

Not some schmoe. I am a Google engineer (and a bit schmoey) and there's just no way I could do it.

There are people who can, though that number is small. However even then, the access is highly audited.

The only way around it would be to just steal a disk, I think. That's why you can't take any hardware in to or out of one of the data centers.

[RyanZAG]

That definitely does not tie up with the pcmag article below http://www.pcmag.com/article2/0,2817,2369188,00.asp - can you explain the disparity?

As far as I can tell, a site reliability engineer is a very common position.

[lsaferite]

An SRE does not immediately mean you have the access needed to spy on email. I'm not saying that SREs don't have the access, but it is conceivable, and likely, that within the SRE field they have higher level clearance for some employees. The response from Google in that article even points to this being the case.

[skj]

That's correct. There are thousands and thousands of SREs, but gmail data is considered to be basically the most private thing in the data centers - its access is heavily gated and audited.

[RyanZAG]

I understand that all SREs wouldn't have access - but if one SRE was able to gain access to look at some personal emails, surely it would be fully possible for other employees to manage it as well? I think the stance that a lot of Google employees are taking - that gmail data is secure - seems to have a lot of holes in it. The data can't possibly be that secure if this guy got fired over looking at it.

[skj]

It's not possible to manage the data if no one has access. The SRE in question didn't "hack" into the data - he had access. The access was audited, so when it was abused, the SRE was fired with cause, and I think that the Google helped the prosecution.

[glurgh]

And I believe you too! I do think there is some schmoe at google who can read my email. I don't think they do because what business does a schmoe have reading another schmoe's mail? My point was that it can be done, and it has been done, in a documented way, not that google is malicious.

[skj]

I read schmoe as meaning "any old person with the inclination", which is not the case.

[glurgh]

You're right. The point was overstated for effect.

[zurn]

If you could do it by stealing a disk, then you could also image the disk on site and beam the data somewhere...

[corkill]

Yes it would seem.

"Google Engineer Fired for Accessing Teens' Gmail, Chat Logs" http://www.pcmag.com/article2/0,2817,2369188,00.asp

[scottu1]

Just to add it wasn't some highly detailed audit that caught this teen mail voyeur. It was the teens' parents that reported the access to google. This breach could have happened about the time Arrington ran into his problem. Perhaps controls were a little lax back then. We'll never know.