Hacker News new | ask | show | jobs
by skj 4468 days ago
Not some schmoe. I am a Google engineer (and a bit schmoey) and there's just no way I could do it.

There are people who can, though that number is small. However even then, the access is highly audited.

The only way around it would be to just steal a disk, I think. That's why you can't take any hardware in to or out of one of the data centers.
3 comments
RyanZAG 4468 days ago
That definitely does not tie up with the pcmag article below http://www.pcmag.com/article2/0,2817,2369188,00.asp - can you explain the disparity?

As far as I can tell, a site reliability engineer is a very common position.

link
lsaferite 4468 days ago
An SRE does not immediately mean you have the access needed to spy on email. I'm not saying that SREs don't have the access, but it is conceivable, and likely, that within the SRE field they have higher level clearance for some employees. The response from Google in that article even points to this being the case.
link
skj 4468 days ago
That's correct. There are thousands and thousands of SREs, but gmail data is considered to be basically the most private thing in the data centers - its access is heavily gated and audited.
link
RyanZAG 4468 days ago
I understand that all SREs wouldn't have access - but if one SRE was able to gain access to look at some personal emails, surely it would be fully possible for other employees to manage it as well? I think the stance that a lot of Google employees are taking - that gmail data is secure - seems to have a lot of holes in it. The data can't possibly be that secure if this guy got fired over looking at it.
link
skj 4468 days ago
It's not possible to manage the data if no one has access. The SRE in question didn't "hack" into the data - he had access. The access was audited, so when it was abused, the SRE was fired with cause, and I think that the Google helped the prosecution.
link
glurgh 4467 days ago
And I believe you too! I do think there is some schmoe at google who can read my email. I don't think they do because what business does a schmoe have reading another schmoe's mail? My point was that it can be done, and it has been done, in a documented way, not that google is malicious.
link
skj 4467 days ago
I read schmoe as meaning "any old person with the inclination", which is not the case.
link
glurgh 4467 days ago
You're right. The point was overstated for effect.
link
zurn 4468 days ago
If you could do it by stealing a disk, then you could also image the disk on site and beam the data somewhere...
link