> Kathryn Spiers, who worked as a security engineer, updated an internal Chrome browser extension so that each time Google employees visited the website of IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a groundswell of labor activism at the company — they would see a pop-up message that read: “Googlers have the right to participate in protected concerted activities.”
So basically, the Google employee added arbitrary javascript to an internal chrome extension used by Google employees that triggered a popup when employees visited a specific website.
And Google fires her with the reasoning:
> “We dismissed an employee who abused privileged access to modify an internal security tool,” a Google spokeswoman said in a statement, adding that it was “a serious violation.”
I'm not at all opposed to Google employees organizing. But injecting javascript into an employer's internal chrome extension does seem like something that warrants some type of action by Google in response...
"Part of my job was to write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the web"
If this is true and her job is literally to create javascript notifications of company policy, then I think it's entirely reasonable what she did considering it IS company policy (well, law really) that you have a right to organize.
The extension is intended to inform Googlers of applications that are not approved for corp data, not just generic "employee guidelines and company policies." This is so you don't e.g. upload PII into a random unsecured S3 bucket.
Yes, it's company policy, but this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer. Worse, it misappropriates a security tool in order to do that. And when it comes to intentional actions that violate or undermine security, Google, like most companies, takes a pretty hard line.
Disclosing that I'm a Googler, and speaking only on my own behalf, with no connection to anyone involved except the fact that the extension is running on my browser.
>Yes, it's company policy, but this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer.
True, but it seems kind of shady to come down harder on an employee based on the content of the interruption, and that content notifying of the right to organize.
Like, imagine there's a documentation page for http cookies. Consider two scenarios:
A) Rogue employee adds to the bottom of the page: "Cookies are also delicious treats given as a reward on the internet."
B) Rogue employee adds to the bottom of the page: "Employees reading this are reminded of their right to organize under NLRA."
Let's say that in scenario A, an employee would typically get a written warning, and in B, you always got fired. In that case, I think it would be fair for B to say -- at least in common speech -- "I got fired for notifying employees of their right to organize."
This is true, even though there is a general policy of not adding non-topical messages to doc pages, because the punishment never escalates to firing unless it's something like scenario B. (In a legal context rather than common speech I don't know enough to say whether it would be legal.)
I'm sympathetic to this. But the fact that it's a security tool being misused is what I think made for the very harsh reaction. Two scenarios:
A) Rogue employee messages a bunch of internal email lists about having the right to organize
B) Rogue employee configures a security extension to issue a popup saying "Happy Birthday Sundar!" every time an employee visits google.com on June 10.
I am confident that A) wouldn't result in any formal adverse action (they'd mostly get a pile of nasty responses about spamming internal lists), and I am confident that B) would at the least earn the employee a reprimand and plausibly get them fired.
It's incredible watching tech people in this thread assert that she wasn't fired for union agitation but if she was, that's okay too because she should have known not to be "inflammatory."
> I am confident that B) would at the least earn the employee a reprimand and plausibly get them fired.
Yikes! That sounds like a dangerous place to work. If an employee with legitimate, assigned access to such a tool makes a change through normal procedures (not bypassing required code review or anything) and it's still a fireable mistake - well, I'm glad I don't work there.
Data is simultaneously Google's greatest strength and its biggest liability. If an employee uploads data to a not-known-to-be-secure third party, it can literally cost Google billions of dollars depending on the data locality. Or, it could plausibly cause a severe security breach (if e.g. an employee uploads a security token into a third party decoder).
And so the security team builds an extension in order to very loudly alert employees when they're on one of these known-to-be dangerous domains. And, as it happens, the implementation of the loud popups could make it a general browser notification platform whenever an employee visits a particular domain.
Is it a good idea for teams to start using it as a general notification platform?
No, not on any level. On top of being annoying for employees, it breaks the security UX. When someone sees one of these popups, they know they're important and that they should be very wary of whatever they're doing. But if it starts being a popup that can be triggered by anyone in the company who can convince themselves that they're providing value by sending out the popup, people start ignoring it. And there's no going back at that point, because employees have been trained to ignore the popup because of it staying stupid shit like "Happy Birthday Sundar!" and "Read these NLRB rights!" and "You can go grab a burger at the cafe today!" Everyone's been made worse off, and the original security problem has come back.
I'm not disputing that, but that still really doesn't seem like a fireable offense. I'm objecting to the fact that she got fired for it after (presumably) making the change through appropriate channels. There are always appropriate channels to roll back a good-faith change, too.
If you could concisely and cogently explain why this change is a bad idea in an HN comment, surely someone can do that in response to the change, revert it, and move on. If it's SOP for Google to fire people who make well-intentioned changes that have the side effect of alert fatigue, then one, I don't want to work there, and two, I would expect to see a lot more firings.
And surely they could explain the problem, revert it, and move on without calling her into a conference room and grilling her about who else she's organizing with. That makes it seem like it's about the content of the notification, not the alert fatigue.
Even in california, it's the companies choice what a "fireable" offense is, not the employee, nor what social media thinks "seems fireable". If you violate any company policy, or even if google does not think you are performing, you can quite legally be fired. There is very little chance of any recourse.
Don't misunderstand, it's not that I'm really trying to defend google. This is to serve as a reality check and warning to those who don't understand the rules of employment. And I'm guessing the Engineer in question understood the risk full well.
> Even in california, it's the companies choice what a "fireable" offense is, not the employee, nor what social media thinks "seems fireable". If you violate any company policy, or even if google does not think you are performing, you can quite legally be fired. There is very little chance of any recourse.
I don't disagree with that either. I'm just saying that, if this is the company's choice of fireable offense if the company actually considers it normal to exercise the right to dismiss an employee (which they legally do have) for this sort of mistake, I'm glad I don't work there.
As I mentioned in another comment, I recently did something at work that you could spin in an equally sinister way, if you want. My company would be within its rights to fire me for it. My employer would be within its rights to fire me for sneezing at the wrong time, or even for no reason at all. I choose to continue working at this company because I trust that, despite their legal ability, they have no intention of actually doing so. If I ever lost that trust, I would leave.
(In fact, my employer and Google's also have very similar employment agreements about ownership of outside IP / personal open source, but I had reasons to trust my employer to act more reasonably than Google, which was part of why I chose my current employer when deciding about it and Google. In practice that trust has turned out to be well-placed, and there's now a thread on the front page about how Google loves to follow the letter of the employment agreement and arbitrarily deny IARC requests.)
You obviously didn't read her blog post where she stated the following:
"This kind of code change happens all the time. We frequently add things to make our jobs easier or even to just share hobbies or interests. For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture."
No, the kind of code change she committed has never happened before. A change in desktop wallpaper is not the same as a change in a security extension.
The fact that other employees have participated in pro-employee activism and not been disciplined speaks to that. Some things are fine, some things are not. Abusing security software is not.
Sharing a cute desktop background is inappropriate but it's only a picture on a background, misusing an internal security mechanism for your own pet activism when visiting a harmless website is a totally different tier of unprofessionalism.
Do you activism in your personal time. Don't use important company resources used to protect employees from harm to push your slogans. Regardless if those slogans are legally legitimate statements in a normal context, like handing out a leaflet on the edge of the property.
This is about Google. Apparently their company culture has been the opposite, and they have commonly had lots of political discussions on company time using company resources.
For the millionth time, it was not a general message display tool. It is a security tool to flag domains that run the risk of data leakage and malware. Trying to hijack a security extension to turn it into a general messaging platform is both stupid and bad for security.
>Correction: a warning not to break federal labor law, which Google is actually required to provide.
Labor law requires that those notices be posted somewhere in a prominent place employees are likely to see. They definitely don't require them to be posted in arbitrary places at any employee's choice.
She was protecting employees from harm. Illegally interfering with protected concerted activity hurts the company, and an employee doing so is likely to get fired quite legitimately.
(Furthermore, the laws about protected concerted activity specifically permit you to do your activism at work, not just on your own time.)
Agreed -- so under my rubric, if Google were consistently firing people for all off-topic messages slipped into the security UX, then that would be a non-political firing. But if they came down harder on "oh don't forget NLRB" than "Happy Birthday, Sundar", then that seems political and "fired for notifying co-workers..." seems accurate.
(I don't know enough of the history of Google's firings and this kind of violation to know either way.)
Slipping off-topic messages into a security system just seems like such a ridiculously stupid thing to do that I'd be surprised if it's ever happened before at Google before.
It doesn't matter if it's "political" or not. It's completely 100% google management's choice whether the punishment for a serious (or tiny) rule infraction is anything from no action at all to firing. There is no rule that says it has to be consistent either.
You can't fire a worker for organizing, or on the basis of sex, race, etc. But you CAN fire whoever you want for breaking even the most minor rules or even just poor performance. And the choice can be as politically motivated as google likes, doesn't change a thing.
It's not a pretense when she broke a serious rule. Whether or not she claims she didn't, google has determined she did. So therefore it's clearly not retaliation. That's the default position. Now, there would be a high burden of proof for her to claim it was a conspiracy and it really was related to union organizing. That she did not in fact violate a rule (based on googles own interpretation). Good luck! Unless she finds some incriminating emails or gets an executive to give extremely damaging testimony, she's toast.
No, history has shown about 95% of the time employers prevail in actions like this. The burden of proof is really high for the employee, and the company has plenty of money for lawyers. It can simply run out the clock too. So yeah, 23 years from now after the ex-engineer spends 2.6 million on legal fees, she might win her job back and lost wages.
Furthermore, google has a really easy time with "selective enforcement" They can show that people violating security rules and abusing administrative rights are always fired. Now, she can argue she didn't do this, but because of the nature of our legal system, it will be extremely hard to explain. I main, disgruntled employee abusing security? Whoever heard of such a thing. The civil judge will probably help google refer her to the FBI!
Saying that selective enforcement is hard to prove is different from saying it doesn't matter, which you were originally claiming, and which is what I was disputing.
>They can show that people violating security rules and abusing administrative rights are always fired.
Yes, that agrees with what I was saying: if every message thusly inserted resulted in a firing, then it would not be fair to say she got fired "for notifying employees of their right to organize".
I could see something like (B) happening because Google used to have a lot of April Fools jokes. But it would go through code review, so the team would know about it. Doing it through hacking would be something else.
This is what I suspected and thanks for confirming this. The fact that she wrote that her job is to notify the employees "of employee guidelines and company policies" and chose to withhold the critical bit that it was specifically security policies she was responsible for looks like a deliberate attempt to mislead.
I totally support googlers' right to unionize but it seems that some employees are in an all-out war with the company and think that all is fair in that war. I can't say I support that.
> For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture.
Is this accurate? If it's culturally acceptable to change everyone's desktop wallpaper (including of those who were anti-protest) to a pro-protest image, it seems reasonable that this falls in the lines of culturally acceptable too.
"this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer"
How is this like "running into a meeting"?? Do Googlers visit the IRI website every day? Is this pop-up really a distraction to core work for engineering?
Your party line here makes the change sound like Nest shutting down the house [1] but according to the evidence it looks more like that recruiting thing that gives you a pop-up for google.com/foobar when you enter certain search queries.
It sounds like you are saying SilasX was misinterpreting the policy or taking it a step too far.
That was my question, her job literally to make extensions to inform employees on policies but I was doubting that it was to make any and all notifications but only a specific set of policies like, limit personal browsing activities, or that the computer is the property of google and you consent to blah blah by it’s use.
It’s clear to me that this employee knew this was more of a political notification and took matters into their own hands.
It wasn't her thoughts it was company policy, or to be specific it's required by law that this notice to be posted in the workplace.
It's was her personal judgment that it should be posted in a chrome add-on rather than only by poster like is typical in most workplaces. But assuming her job was to maintain an add-on that informs employees of company policy, and assuming her job typically lets her act with personal judgment, yeah I think that's perfectly reasonable
In fact, you can find further support of her action from the NLRB FAQ:
"The employer is also required to distribute the notice electronically to unit employees if it customarily communicates with employees in the unit electronically, either by email, by posting on an employer intranet site, or both"
Again, it's her judgment to add the notification (which links to the Google intranet posting of the NLRB poster), but considering that Google customarily informs employees of policy via notifications in this add-on, and she is in charge of maintaining said add-on, it doesn't seem like an unreasonable judgment to add this notification
I don't really know enough to agree or disagree with you.
She claims she's in a role to make judgment calls on adding content - and that this was reinforced by her previous stellar performance reviews, which made her confident in her judgment - but I don't personally have enough info to know if that's the truth. She very well could be stretching the truth that maybe every other addition she's made was under the direction of HR or product, in which case she is definitely out of line here - it would take the input of a Googler on her team to know for sure.
Googlers are encouraged---well, in the past, have been encouraged---to consider themselves capable of making judgement calls like this one.
That having been said, this would still be considered an unusual call to have made. But had I been on the receiving end of this message, I suspect I'd have found it annoying unless she remembered to suppress it after first display---if she had, I wouldn't have been bothered by it.
Part of being encouraged to exercise personal judgment is being responsible enough to participate in the consequences. Judgment with no/few personal consequences is reserved for children and legislators.
Getting fired is encouragement to you? Why would anyone input any value if having no platform to excercise judgement calls? 2/3 of typical decisions are either wrong or neutral..
The article says she's a security engineer. It would be pretty unlikely for a security engineer's job to include messaging employees about HR rules. It sounds more like this engineer modified a security tool to spam a bunch of coworkers with pro-union popups.
True, but the optics are terrible on this one. They should have seen this one coming and promoted her instead. They also should stop trying to prevent googlers from unionizing. The google of today is not the google of 15 years ago that's for sure.
While they're at it, they should stop bending (and probably breaking) export controls regarding China, and stop doing immoral DoD and ICE projects.
And heck, why not implement a process by which all private contracts are approved by a company-wide vote? Including the guy that sweeps the floor. Oh, afraid that employees will leak the details of the project? There's always NDAs, but if you are so concerned about leaks, maybe that's not a project you should be doing then.
Um, there's already a process whereby private contracts, as well as all other company business is approved by a vote. It's called the shareholder meeting.
Now understandably the janitor has provided a lot less capital than deeply invested shareholder, so their votes are uniformly weighted according to their share of ownership.
I'm guessing the engineer might own about 1/10,000,000th or so of the company if she has a healthy 401K. So as long as she can convince 10,000 or so other employees and 49.91% of the rest of shareholders to go along...
| And heck, why not implement a process by which all private contracts are approved by a company-wide vote?
Wait, what? How would this work? Who would take a Google bid seriously if, after awarding them the contract, they turn around and have to ask the employee population for permission to proceed?
The big issue I see with a lot of discussion around this issue is not a lot of thought is put into the practicality of running a large business concern. Stuff that works when it's two guys and a server does not (can not) fly when you have a large group of people to manage.
> It wasn't her thoughts it was company policy, or to be specific it's required by law that this notice to be posted in the workplace.
Unless she was asked to do it by management, it was her thoughts. As much as the title makes this seem like David v Goliath this is really just employer v disgruntled former employee.
No matter your thoughts on "its required by law... Blah blah blah" it's not up to her to enforce the law on behalf of an employer. Google has the right to post or not, statements of its choosing. In fact it's absolutely within Google's right to ignore this law, doesn't mean there won't be consequences but it they can do it.
This is so cut and dry I'm surprised she found a lawyer willing to take the case. It's staggering there's even a discussion ok HN about this.
Engineers at Google are not drones. They do not exist to only do exactly what their boss asks. If engineers did do that, they'd never get promoted there. Google's management can't have it both ways.
FTA, your personal assertion is quite wrong. Her line of work was security and at most she was tasked with posting content regarding privacy and security concerns regarding non-Google tools and services.
Her personal political views and opinions don't pass off as InfoSec topics.
How? If I am instructed to email an update notifying our users about new terms of service whenever they are changed, and I add an addendum, "Don't forget, you have 3 days after the old terms of service expire on order to return old devices..." The company has every right to fire me.
She's got a CompTia Security+ certification. That is not a trivial amount of specialist education. You certainly aren't expected to have a college degree to be an "engineer" if that's the thrust of your argument.
Tbh it sounds like other ulterior motives are clouding your judgement here. She seems like exactly the sort of engineer who would benefit from unionization and while I might need it less, I fully support her and I'm disappointed in Google for firing her.
As I've said elsewhere, these sham reasons for firing folks adjacent to union activity are opening up the company to massive liability and imo the board and shareholders should hold more people accountable.
A CompTia Security+ cert is actually pretty trivial. It's complete regurgitation, and not even of industry standard best practices, but of CompTia defined "best" practices. It's the lowest and most basic tech cert you can get. It certainly isn't evidence of any engineering discipline.
The board and shareholders will have to decide whether this action was, or was not, in their best interests. But history has shown that Wall Street would generally agree with this one. It's certainly not a "massive" liability. Should the employee prevail, years from now, in a wrongful termination suit the cost to google will be trivial compared to the employee.
That's why other companies often flagrantly intentionally ignore NLRB protections. It's a very limited civil liability with a very high burden of proof on the employee.
> It's the lowest and most basic tech cert you can get.
As opposed to... what? Do college degrees promise engineering discipline? Surely not. Many successful engineers have nothing more than a high school diploma and industry experience.
This has clearly gone into sexist territory now. She's a she, and therefore her experience and education is going to be audited by arbitrary and increasingly vague standards to make sure she's considered valueless.
> It certainly isn't evidence of any engineering discipline.
There is literally no credential that does this. It's a ridiculous standard to offer forward. Engineering discipline is a property of teams and organizations. On an individual level there is no distinct standard of it.
You are moving the goalposts outside the stadium.
> It's certainly not a "massive" liability. Should the employee prevail, years from now, in a wrongful termination suit the cost to google will be trivial compared to the employee.
I disagree. With the rash of these firings, we may start to see a collective lawsuit. Should systemic problems be found, Google is in genuine danger of both large fines (both the left and right in the US and other countries are eager to give Google a black eye for perceived wrongs) and of severe reputational damage putting it at a competitive hiring disadvantage.
> It's a very limited civil liability with a very high burden of proof on the employee.
Right up until you get enough claimants for various collective actions, I agree this is the sad case for American enforcement.
OK, I have to rebut some of this. I have no axe to grind about whether the engineer is male, female, trans, white, black, whatever. Fact is that when I wrote this I didn't know she was a female. Don't care.
How insane to claim that simple negativity toward a member of a protected group is an -ism. I'm not saying she isn't an engineer because of ANYTHING related to her sex.
She's getting raked over the coals because what she did was stupid and shows incredibly bad judgement. To imply that this is less bad, or maybe we shouldn't discuss it, or maybe we'd have a different opinion if she was not female is itself far more sexist.
I fully support non-degreed engineers. Yes, I agree there is no litmus test for "Engineer".
I'm clearly stating that a CompTIA+ is not sufficient to call someone an engineer. Regurgitating questionable facts does not make you an engineer. I didn't move the goalpost. But I can recognize something that isn't one.
She screwed up bad, because if there is ever any collective action, her case won't be in on it. She gave google an ironclad excuse to be fired. I'm not even arguing right vs. wrong but the way employment lawsuits work, she has zero chance.
> How insane to claim that simple negativity toward a member of a protected group is an -ism. I'm not saying she isn't an engineer because of ANYTHING related to her sex.
If the only way we can distinguish your actions from sexism is via your internal state, you have a problem larger than this conversation and you should expect pushback.
> I'm clearly stating that a CompTIA+ is not sufficient to call someone an engineer. Regurgitating questionable facts does not make you an engineer. I didn't move the goalpost. But I can recognize something that isn't one.
But just before this you said there isn't a clear test. So really, it's just your feelings.
> Yes, I agree there is no litmus test for "Engineer".
This is more arbitrary goal setting to gatekeep a word. The debate is not if she is somehow an amazing engineer or a mediocre engineer, a well trained engineer or a rushed training job, well paid or not. No, that's not the debate.
The debate is, "was she given an engineering position in which she had autonomy to make changes and when she made changes a union buster didn't like, she was fired in retaliation.
If her job was strictly to type things that were handed to her in a field, this might technically evade the law. But that's obviously not her job.
You're obviously eager to categorize her as a not-engineer because (despite protestations) you're obviously eager to shut down any pro-unionization messages, even legally protected ones.
> She screwed up bad, because if there is ever any collective action, her case won't be in on it. She gave google an ironclad excuse to be fired.
I don't think this is true. She acted within her job capacity. She wrote a true and (importantly) legally protected statement. It was in a system that was specifically mean to advise workers about rights, options and obligations.
And unless she was already being evaluated for poor performance, even a single infraction is an extremely rare circumstance for dismissal in modern corporate America.
I think you're missing the larger point. It's mostly the large companies and those in power that create these rules. I'm not siding with either side here, but simply saying that "the rules are the rules" is not enough if the rules themselves are wrong.
If we want to make it harder for unions to organize, then she was rightly fired. But ff she was fired for union organizing and we want to protect that activity, then she was wrongfully fired.
I don't disagree, but you're talking about right/wrong from a moral standpoint, one that many people probably agree with, but it's not an absolute.
The right and wrong I was talking about was with respect to the existing rules, policies, and ethics. And if you do believe these rules are morally wrong, then you change them from within the system.
The upside is there are multiple opportunities to do this without also getting fired. There are also opportunities to do as much union organizing as you like without getting fired. The Thanksgiving four played a very dangerous game, as did this individual, and they got the expected result.
Unfortunately, the other result is that if you want to find examples of blatantly illegal union busting, I'm sure they are out there but these are not them. This smacks of agitation and activism for it's own sake.
> you have a problem larger than this conversation and you should expect pushback
Why is that? Please give an example of what I said that is sexist or any other -ist.
> So really, it's just your feelings.
No, it's perfectly reasonable to object to points that were made that don't support the argument. I'm only stating that CompTIA+ does not provide evidence that you are an engineer because of the nature of the certification.
> You're obviously eager to categorize her as a not-engineer
I didn't categorize here as either way. Someone else did, I just object to assuming that a job title or a cert makes you one. It doesn't. I don't think it even matters to the argument at hand either.
> you're obviously eager to shut down any pro-unionization messages, even legally protected ones
I'm not. I'm neutral to whether googler's want a union or not since I don't have to work there and have no interest at all in google's future direction. I'm eager to inject some reality into some very dangerous idealism before more people think they will stand up to the man without understanding the not-so-nice realities.
It's well and good, from the safety of the narrative of her supporters to say things like "she had autonomy to make changes". But engineer or not, she doesn't have that kind of autonomy. No employee really does, including directors. And it's up to her to prove she did. For example: can she show her manager approved this specific action in writing? Who asked her to do this? It looks a lot different when google shows up to a hearing with logs, rules, job descriptions, and her manager's manager having not approved the labor message, corporate security policies, and on and on. Then she shows up with, "but I thought it was OK because I did other stuff similar before, but it didn't involve labor notices. Yes, I had no actual authorization, but I was trusted as an engineer". People need to think adversarially, not just "Oh the NLRB will magically protect me". Because it can't if they don't follow the rules to the letter, and even then only partially.
A company in google's position is just waiting for people to do what she did: combine legal organizing with breaking a verifiable rule. Something with proof, like security logs. Great! now they have plausible reason to make someone an example. Now - do you see why I think it was stoopid?
> Why is that? Please give an example of what I said that is sexist or any other -ist.
Because you are specifically supporting a narrative that declines to grant an arbitrary status to a woman even as you argue that there is no clear delineation of that status. You "know it when you see it" is a hell of a thing to say as you make a pronouncement about someone's termination from a job.
What's more, looking over the history of this thread, you've substantially changed your message depending on how forcefully people reply to you. You've gone from saying that she cannot be an engineer because she has no credentials (which you first try to claim is required, "That IS why (engineers are credentialed and regulated)." https://news.ycombinator.com/item?id=21822286); and eventually move to saying you're a fiat arbiter of: "[I] can recognize something that isn't one." (https://news.ycombinator.com/item?id=21832089)
It's crystal clear you're not having a discussion. You're trying to push a narrative. You're writing anything you think you can get away with, and trusting the thread depth cutoffs of HN to hide that part of the thread.
> No, it's perfectly reasonable to object to points that were made that don't support the argument. I'm only stating that CompTIA+ does not provide evidence that you are an engineer because of the nature of the certification.
The assertion earlier was that she was untrained. She is clearly not.
> I'm not. I'm neutral to whether googler's want a union or not since I don't have to work there and have no interest at all in google's future direction.
This isn't really the question and I don't know why you think this statement is relevant. The question is "should people be fired for talking about unionization." Clearly, you now that some Googlers are friendly to unionization in at least some aspects of the workplace. You're reading a story about one right now.
> I'm eager to inject some reality into some very dangerous idealism before more people think they will stand up to the man without understanding the not-so-nice realities.
Oh? And those not-so-nice realities seem to be that you'll cheerfully throw in with discrediting a woman.
> But engineer or not, she doesn't have that kind of autonomy. No employee really does, including directors.
No technical organization I've ever encountered has to go and get every action stamped and filed by their manager to avoid being fired. That's so far beyond the norm I'm wondering if you've ever been a manager or run your own company.
Quite the contrary, Management has to constantly document directives in writing and carefully apply messages to employees because there is substantial legal risk in just letting managers do whatever they feel like.
> and her manager's manager having not approved the labor message, corporate security policies, and on and on. Then she shows up with, "but I thought it was OK because I did other stuff similar before, but it didn't involve labor notices. Yes, I had no actual authorization, but I was trusted as an engineer". People need to think adversarially, not just "Oh the NLRB will magically protect me". Because it can't if they don't follow the rules to the letter, and even then only partially.
"Thinking adversarially" is at this point collective action. As I've said, Google is making a stronger and stronger case for all its employees that they need to consider a defensive unionization strategy.
> A company in google's position is just waiting for people to do what she did: combine legal organizing with breaking a verifiable rule
If she goes to court, they're going to have to prove there was a rule in place and that it was communicated to her. We'll see then.
> Because you are specifically supporting a narrative that declines to grant an arbitrary status to a woman
I'm supporting a narrative that declines to grant an arbitrary status to a PERSON based on a tech certification.
It is NOT sexist to say that CompTIA+ is insufficient evidence to be called an engineer. Not even CompTIA+ would say that. And I'm not pushing a narrative - you are pushing the narrative that if someone starts questioning a position, they must be sexist.
I don't think I'm changing my message - it's based on replying to the conversation. I'm not even saying she's not an engineer, just that people need to stop conflating tech certs with engineering. In many of these comments I'm still referring to her as an engineer, so now I'm not a sexist right? Good. Got it.
> technical organization I've ever encountered has to go and get every action stamped and filed by their manager to avoid being fired.
Yep, no engineer can or will get every action stamped and approved by management. They are expected to work independently. However, if you ABUSE that independence to bite the hand of your employer, you have absolutely no expectation of top cover. So if you are planning to do something dangerous like this, you better make sure you have it in writing that it was authorized. Because the burden of proof is now on you to show it was. Furthermore, if you go into a legal setting with your argument that engineers always act autonomously, you just sound like a bunch of cowboys to the bureaucrats that get to decide this.
If and when this goes to court, I agree we will see. But it won't. Of course that will be months and years from now either way.
Until then, if the goal was to inform her co-workers that it was safe to discuss union organizing without fear of reprisal, how's she doing at that?
> I don't think I'm changing my message - it's based on replying to the conversation. I'm not even saying she's not an engineer, just that people need to stop conflating tech certs with engineering. In many of these comments I'm still referring to her as an engineer, so now I'm not a sexist right? Good.
You're definitely still saying and have been saying you believe she's not an engineer.
> However, if you ABUSE that independence to bite the hand of your employer, you have absolutely no expectation of top cover.
Again, your bias shows. If your employer is treating you well, why would talking about unionization be threatening? These conversations are happening precisely because people claim to be seeing abusive parts of the system and are looking for recourse.
Is that biting the hand of your employer? You clearly think so. Would that folks like you were more active in demanding action the collective action by corporate CEOs to illegally fix wages. Sadly, folks seem content to shrug and smile and pretend that's the right of their minders.
> Furthermore, if you go into a legal setting with your argument that engineers always act autonomously, you just sound like a bunch of cowboys to the bureaucrats that get to decide this.
No, but the idea that summary dismissal is normal for a simple message not approved by management on a legally protected subject is hogwash. I think you know this, but you'd prefer it's not so.
> You're definitely still saying and have been saying you believe she's not an engineer.
I never said that, nor do I necessarily believe that. I replied to someone else in a one-liner which was to put forward a possible reason other people were questioning it.
> Again, your bias shows. If your employer is treating you well, why would talking about unionization be threatening?
Talking about unionizing is not threatening to me, or my company (which has a union), but it's pretty clearly very threatening to your company. You should be cognizant and careful about that.
> Is that biting the hand of your employer? You clearly think so.
What I think is that google and every other sufficiently large company will think so. It would be naive to think because your company has some zippy slogan like "don't be evil" (now retired) that they are somehow different.
It's interesting, btw., how you believe to know what I think based on not at all what I say. Novel way to run an argument.
> Would that folks like you were more active in demanding action the collective action by corporate CEOs to illegally fix wages. Sadly, folks seem content to shrug and smile and pretend that's the right of their minders.
There's a right and a wrong way to take action. Getting youself fired doesn't seem smart, but it could be a nice martyr move if you don't need the income.
If you are engineers, then you are not just wage slaves. You are independent people and can take - or leave - your employment at will. If you don't like company X, I'd suggest it's far better to simply leave.
Your problem is a bad employer, so you add a union, now you have two problems: a still bad employer and a union full of politicians.
So, I've enjoyed your interesting thought processes, and I leave you with this advice:
- read, carefully, the rights granted by the NLRB. Stick strictly and safely within them.
- for example, do you notice that it gives you the right to talk and distribute literature outside working areas (such as breakrooms or parking lots)? Do you notice how modifying a browser security extension isn't on that list? Nor is doxing your co-workers?
- don't use company time or resources to do it! A) it could easily be construed as not-protected and B) obvious opsec reasons
- martyrs for the cause might energize the base but they scare off those with mortgages.
Please explain why she's not an engineer; and please take care to include discussion of why anyone is an arbiter of the "engineer" title in a field which is largely unregulated and not credentialed.
Otherwise the most charitable reading of your comment is something like "ticmasta thinks security engineers are not real engineers," and the less charitable reading is something like "ticmasta claims this person is not an engineer because she is a woman," which is incredibly juvenile and misogynistic. It has no place on this forum.
Not software/devops/security engineers in the US, as I’m sure you’re aware. You and I can claim to be software “engineers” in the US and no one can reasonably tell us we’re wrong. And the domain of conversation is restricted to the US, because that’s where she worked.
The misogyny comes from the fact that this tends to only come up whenever a woman engineer is in the news. Nobody comments on HN threads saying “but he isn’t even an engineer”.
That's a good question, I don't know, but she claims the latter.
In her Medium post she claims that "Part of what makes me a great fit for Google is that the company is always telling us to take initiative to deliver high impact work." and also that she received stellar (4/5, 4/5, 5/5, where 5/5 is apparently top 2%) performance reviews, which reinforced her view that she should act on her judgment.
If she really was "a great fit for Google" then she'd have realized the obvious fact that her naive attempt to fulfill an NRLB regulatory requirement would be something that should be checked with Google's legal department so a lawyer specialized in labor regulation can confirm that doing what she planned would actually meet the regulatory requirement as well as confirm this requirement wasn't already met in another way.
For example, did her design record sufficient analytics for regulatory compliance reporting? If a regulated company can't verify they did it correctly, it didn't happen. Did it distinguish between contractors, part-time and full-time employees? How did it handle employees outside the U.S.? By IP address or did it look up their country of residence in HR records? What about interns? Did it count these different populations correctly or was it at risk of over-reporting and getting the company fined? Did her design meet the requirements for Spanish-speaking ESL employees based in the U.S. Did her design read-out the text for blind and vision-impaired employees or did it initiate notification via an alternate channel?
In my opinion, she's being extremely disingenuous with her claims.
A little of the former and a little of the latter, most likely. However, that doesn't mean her judgment r.e. what is relevant is immune to review. And if it's sufficiently incorrect, consequences like what happened shouldn't be surprising.
These are stiff consequences for the violation in question for Google.
Individual employees publicly embarrassing the company (https://mobile.twitter.com/jweise/status/491788092710199297?...) or accidentally disrupting the network fabric and costing the company $X in missed revenue don't get fired for first offense. The way this was handled seems unusual, suggesting either there's a piece of the puzzle we internet pundits aren't holding or Google has changed its tolerance policy for honest mistakes.
Depending on what the cause is it might be different. If someone makes a reasonable mistake, like pushes something to production that they should not, then you could argue that there are not enough checks and it is not something you should get fired for. You should change the process.
If someone deliberately goes around those checks to push something anyway then it could be a fire-able offense.
I'd disagree. Another post shows stellar performance reviews, so if this is considered a mistake, it should be remedied and she should be reprimanded. Outright firing seems heavy handed
My take on this is that she was trying to ruffle feathers, and she succeeded. I suspect her firing took into account that intent. Putting myself in the shoes of whoever decided, I can only think that factor would have weighed heavily against her.
She might be naive enough to believe that this was actually protected concerted activity, but I don't think so. I'm not sure I think firing her was the right play, but I also don't have all the information. I will say that I don't think this outcome should surprise her. It should definitely been one of the likely outcomes she modeled when deciding to submit that code.
This firing has created a small storm of bad PR for Google, and I'd be willing to bet it's created a large storm of bad feeling among Google employees. (Although a smaller matter, using "security violation" as a spurious reasoning for the firing probably also slightly downgrades the credibility of the company's internal security efforts.)
So if her goal was to cause disruption at Google, it sounds like management just gave her a major assist. Like a Falcon Heavy's worth of assist.
The analogy Prof. Dubal uses is not apt. They seem to believe that the extension was some kind of public notice board where anybody could post something, but that is not what it is. Since they did not have sufficient context, I would be disinclined to trust their judgment on this issue.
As a level 3 software engineer, the latter (with oversight, which it would appear was in place here. A change like this one doesn't hit the live codebase without at least one other engineer signing off on it).
Yes, really. How about the converse: what if Google used it's ability to control employees' email to send messages on their behalf arguing against unionization?
Part of the right of free speech is correctness of attribution. Trying to speak as someone else, using someone else's communication channels isn't speech, it's fraud.
And I say that as (at least within the spectrum of folks on this site) a full on pinko commie unionizer. If this is the truth of the story, this just wasn't OK, and was a very reasonable firing offense.
Workers need to be willing to break the law in order to win victories against the people that make the laws. Employers aren't even the law, this is such a small thing and is defensible. I don't see a reason to side with Google at all, if they really vociferously disagreed, they could ask her to remove the notification.
> "Workers need to be willing to break the law in order to win victories against the people that make the laws..."
Like most of the general public, I have no desire to associate with criminals. If you build your union on a foundation of illegal acts, there's no reason for anyone to believe you'll stop once it gets fully established. Existing unions in the United States provide ample proof of that.
When workers organize and attempt to make demands greater than than the bosses are willing accede to, the bosses call in the police, private security, and depending on the political climate, right wing street fighters to start cracking heads. For a famous example of a dual power situation consider the 1934 Minneapolis teamsters' strike.
Even setting aside the obvious "Two wrongs do not make a right" response, if you have to cite history from 3/4 of a century ago, well...good luck persuading people with that. On the other hand, the public can easily find news stories of major corruption and criminal involvement by unions for each of the past few decades.
(Oh, and by the way, the Teamsters, whose site you linked to, figure prominently in quite a number of those news stories. There really isn't a better example I can think of of why "Workers need to be willing to break the law in order to win victories against the people that make the laws..." goes down a bad path than them. The Wikipedia article for them contains the word "corrupt" 31 times.)
> Workers need to be willing to break the law in order to win victories against the people that make the laws.
Not if they want to win, they don't. Anarchism won nothing at the turn of the century. Organized (note the adjective!) Labor broke through when it became a political movement with representation in government.
Sorry, what? They have the right to unionize. The whole issue at hand is that the employee put a notice of that legal right into an employer tool. What rights do these people not have that you're thinking of?
Look, the point here is that if you want to win a unionization fight (which is a legal victory, it will happen in courts and with contracts) you have to fight using legal tools. Pulling anarchist tricks like this just makes you feel better, it does nothing but make management's position stronger.
I mean sure, my comment was far too pompous, but calling this anarchism is silly.
If we leave rhetoric aside, what she's done is the equivalent of sending a leaflet or putting up a poster on company property. That's not strictly 'proper', but life does not happen in courtrooms. You actually have talk to people, let them know what's happening, organise, etc. Courtroom is where the fight is settled in it's last stages.
You should comply with laws that are justifiable and not with laws that are unjustifiable and represent petty authoritarianism. The working class can tell the difference. I 100% agree that organized resistance is key. Individualized resistance just earns a beat down.
I disagree that only rights granted by courts are effective in winning labor struggles. Strikes, legal or not, are required for advancing labor's cause.
This worker was attempting to organize her colleagues in an extremely tame way. There was no property damage. We should show our unadulterated support to embolden the working class.
Just because it's a go link doesn't make it an internal document. A go link is just a shortened url. You can make a go link point to a non-internal web page.
>It also included a link to a list of employee rights and protections that Google agreed to post as part of a settlement with the National Labor Relations Board this year.[0]
But in this case it appears to be a link to an internal notice.
She said "So when I heard that Google had hired a union busting firm and started illegally retaliating against my coworkers, I decided to make sure that my coworkers knew about the posting."
This was purely a Moral decision on her part and not reasonable in my opinion to tag it as part of her job. She was not happy with how google was retaliating against her co-workers (right or wrong) and she took action using her own judgement. She did this not because this was part of her job but because she wanted to get back at google for their behavior (again right or wrong, thats not the point here).
I guess the question is did she add a company policy or guideline by adding what she added? I wouldn't classify a union drive as a company policy.
Some may think a union drive is a company function. From what I remember about my experience with unions is you are allowed to put up notices in the employee breakroom that is done by the union rep who is voted in within each shop.
I would say what she did was more along the lines of blasting the union notice over speakers to everyone who entered the cafe.
Her job was to notify people of company policy. Injecting messages based on her personal politics raises red flags. This time she sent a benign message, but what might she do when googlers ultimately don't unionize? What might she do the next time there's a policy she disagrees with?
Google has provided places for people to discuss things. When she didn't think that was good enough she chose to make unapproved code changes that went against corporate direction.
Personally, I'm against unionizing any software company, especially google. Unions were created to prevent systemic abuse of people that were seen as easily replaceable. If you think a recent college graduate making 120k+ that has been provided almost ridiculous perks and freedom unheard of in most of the industry is being abused when they could easily leave Google and expect to receive a similarly paid position virtually anywhere purely because they used to work at Google, then there's no helping you.
Google employees have more rights than at most companies, they can even spend up to 20% of their day working on personal projects and Google won't claim ownership. If they think they need a union when dealing with such a reasonable employer,then those fresh out of college lottery winners need a serious reality check. Let's talk about unionizing Amazon fulfillment centers where they frequently let people go because taking a bathroom break means missing your quota. Let's talk about unionizing virtually any company before we demand labor unions for the most highly privileged group of people in the world.
After reading both of these statements, idk I feel the grey area is large enough that it didn't necessarily justify firing but also I don't blame Google for doing so. Ugh.
This is very reminiscent of laws regarding jury nullification, and how the practice may be legal, but in some jurisdictions / cases it can be illegal to inform a jury of that fact.
That's because it's not legal. It's a violation of the jury's duty to render a verdict based on the law and the facts presented. Stating an intention to vote a certain way without respect to the law and facts is grounds for removal from the jury. See https://www.law.cornell.edu/wex/jury_nullification and the referenced court case.
It's a violation of the jury's duty to render a verdict based on the law and the facts presented.
Who assigned the jury that duty? And when did that happen?
Per http://law2.umkc.edu/faculty/projects/ftrials/zenger/nullifi... and other sources that I have seen, the understanding of the law when the Constitution was written was that juries should judge both the law and the facts. The view that they should not judge the law only arose decades later in the late 1800s. The fact that the legal profession today sees jurors as having a duty to NOT judge the law I see as undermining the intent of having jury trials in the first place.
The understanding of jury trials when the Constitution was written was that juries had a right and obligation to judge both the law and the facts. The first laws
However, jury verdicts of acquittal are unassailable even where the verdict is inconsistent with the weight of the evidence and instruction of the law.
IMO the problem was putting the pop up on the IRI consultants website. She wasn’t protecting anyone or informing anyone of policy, she was being inflammatory and I don’t see it as a stretch for G to say she abused her position to inject that message.
> Part of my job was to write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the web
She needs to understand this power isn't her own to wield.
And the risk of people abusing power to advance their personal agenda is NOT something that would get passed easily once discovered.
It's so disingenuous to call out employees advancing their agenda when the corporations themselves are constantly abusing their power to advance their agenda.
> And the risk of people abusing power to advance their personal agenda is NOT something that would get passed easily once discovered.
Yes, it is. It get discovered all the time and no one gives a sh*t about it.
Um, not disingenuous. See, the company isn't funded nor owned nor managed by its employees. So it's not "abuse" and it is completely legitimate, even a mandate, and a fiduciary duty that compels companies advance their agenda. A corporation MUST take these kinds of actions, it isn't even legal for them not to, let alone abuse.
Conversely, an employee's agenda can be left at home, please, if they agree to be employed. The "Engineer" is lucky she isn't brought up on misuse of computing system charges.
I don't like companies that invade employees and customers outside-of-work freedoms. Just as I don't like employees that abuse and undermine the relationship that they freely entered with their employers. If you don't like it - quit and go work somewhere else. Then become activist.
Individual Googlers inadvertantly violating the law opens the company up to risk of legal discovery processes and is therefore a beach of company security.
In my mind this is the hinge or the crux of the issue. If it was her job to create and inject JavaScript notifications of company policy and they fired her for doing that then shame on Google. Actually, it would be more than just shame on Google. If this is true, then I would say Google is not a safe place to work for anybody. Which is why I find it hard to believe that this was actually in her job description and or that there is more context that we are missing; that the premise of the argument is misleading.
"Part of my job was to write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the web."
-With regard to what exactly? Context matters, if the browser notifications she was creating were only supposed to pertain to surfing the web then I think we can safely say she overstepped her bounds.
"So when I heard that Google had hired a union busting firm and started illegally retaliating against my coworkers, I decided to make sure that my coworkers knew about the posting."
-Again, it depends on what exactly her job was, but this seems to suggest she had motivation outside the bounds of her job description for doing what she did.
I don’t disagree with what she did. In fact, I think it’s kind of great. However, that doesn’t mean Google didn’t have a right to fire her for it.
Unfortunately, I'm leaning toward the other interpretation these days: Google management does not want their software engineers unionized but doesn't have experience to know how to deal with it legally, so they've hired strikebreaking lawyers and given them a lot of leeway on firing calls.
Certainly bold and perhaps ill-advised, but I would hardly characterize this as "injection"
> Spiers told NBC News that she was inspired to create a digital notification because “a poster in the cafeteria is not the best way of reaching the majority of Googlers.”
> The message included a link to a statement that the NLRB required the company to post for employees following the settlement of a complaint that was filed against Google in 2016.
> Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension. Another source at Google familiar with the update approval process confirmed to NBC news that those two approvals are standard practice for a browser extension update.
Prefixing this by saying I am not siding with Google (since people make assumptions). The standard approval process sounds like most merge review processes on any engineering team. There's a sort of assumed good-faith for this process. The fact that 2 coworkers were fine with your change doesn't mean it was made in good-faith and was within the bounds of normal types of changes.
Any engineer with the freedom to make changes without manager approval knows that adding features or making major changes isn't not the sort of thing you just do on your own. You'd go through another process for that.
So I don't buy this argument at all. This was a knowing violation. That does not, however, mean that they punishment was warranted, I don't think that it was.
Yeah let's be real, if she programmed a popup to appear over twitter with a message like "Don't slack off dummy UwU" and or something equally ill informed she would have been rebuked at worst.
To say that it wasn't the union overtones that got her fired is naive.
She’s young and probably a bit naive. I think it’s absolutely a reprimand-worthy offence, and I certainly understand that a security engineer maybe shouldn’t inject code like she did, but that’s why there are reviewers, but they ok’d it. I don’t think it’s something she should have been fired over. I made dumb mistakes early in my career too, after all.
Should she have done it? No, absolutely not. Not like that anyway. Should she have been reprimanded? Yes definitely. Should she have been fired? I don’t think so personally, not for a first time mistake at least (we don’t know if she did other things previously or not, of course)
Different viewing angle needed but Google does similar stuff themselves, e.g:
On Google.com if you present a Vivaldi user agent and arrive via a redirect, the search text box will be misaligned
On Google Docs if you present a Vivaldi user agent you will receive a warning
The problem is, she insisted to the world (and presumably to Google as well) that she did nothing wrong here. This is a pretty minor thing to fire someone over - but what other option does a company have, when someone makes it clear that they refuse to behave properly?
Security tools, and especially extensions that run with full browser access, are in an exceptionally trusted position. Employees who can inject code into arbitrary websites can in effect get administrator access to anything in the company, as Google is run almost entirely off of web apps of various kinds. It's actually hard to get more trusted than that: without a doubt this woman effectively had a greater level of access than Sundar Pichai or other senior executives.
If there's one thing you don't screw around with in any firm, its mis-using administrator access. Mis-use here means doing things that aren't related to your job description. You just don't do it! What she did would be like a logs engineer deleting internal access logs to cover up activity by political allies, or a GMail engineer spying on conversations between executives. It's complete madness to think you can abuse such a high level of trust in such a direct way and get away with it!
I used to have a certain type of Google account system administrator access. The way I used it was watched very closely, and deservedly so. Eventually it was removed because Google built better security systems that could restrict employee access more, and in my team were happy about this (for one, it meant we were less likely to be hacking targets). The idea of anyone abusing this sort of access for political reasons was unthinkable.
I honestly can't believe people here are defending this kind of behaviour. If Googlers feel it's OK to abuse root@chrome for unionisation related purposes, what else might they start doing? What about people perceived as 'bad'? Google needs to explain what happened here pronto, because apparently she was able to get this change through code review? So she had internal allies who approved her abuse of access? That is tremendously worrying.
Google is very rapidly burning the trust it requires for its business models to function. How can anyone trust the firm when 21 year old activists are able to manipulate Chrome for political causes and Google's own security procedures are unable to stop them?
This is reprimanding for the content of the message, not the scope of the code which would have actual security implications. Furthermore, it is a warning about not violating an actual company policy. This is not far off from the scope this pop-up tool is designed for. While it is clear that this was done as a response to google hiring this firm to dissuade folks from organizing, I could argue that it could be done to warn managers not to use the firms presence as permission to violate a specific policy + law. IANAL but this seems like extremely grey legal area. For example, this could be aimed at managers to remind them that even though this firm is hired, they cannot enforce a ban on organization according to that specific policy in the handbook. I think that's an appropriate use IMO, it would save the company some serious money and headache if it stopped a manager from illegally retaliating against organization.
I would not characterize this as evidence that this person is a security risk. It takes existing culture of google, including past incidents like changing the default desktop wallpaper for a protest that was happening, etc.
Also if this is true it is totally insane. Sounds like intimidation tactics to stop exactly what the pop-up warned against.
> They also dragged me into three separate interrogations with very little warning each time. I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace. The interrogations were extremely aggressive and illegal. They wouldn’t let me consult with anyone, including a lawyer, and relentlessly pressured me to incriminate myself and any coworkers I had talked to about exercising my rights at work.
I think you're assuming it's related to the message content, but that's not what Google are saying and it's not how corporations work in my experience. How you do something matters a great deal in any large bureaucracy. If Spiers wanted to remind people they could unionise there are communication systems that exist for people to talk to each other on their own initiative without approval, systems like email or even memegen.
Modifying the behaviour of people's web browsers isn't a channel intended for employees to push personal messages to each other and this should have been really obvious to her. She and her colleagues were trusted with a tremendous amount of power which could be readily abused (see my other comment on this thread), and the expectation was clear that it'd be used only within the bounds of what her management asked her to do, namely corporate security.
When she went outside those bounds and started using her immense technical privileges in ad-hoc ways, and (worse) making arguments like "I got a colleague to approve a code review so it was OK" she gave an extremely clear demonstration that management simply couldn't trust her. It's not about unionisation. It's about someone with the power to steal cookies from her own colleagues going rogue and deciding her own personal political priorities matter more than company policies she had agreed to follow.
Only sort of related, but one time some of the YouTube engineering team made a code change to kill off usage of Internet Explorer 6 by bypassing the usual code screening process to circumvent management. Their boss reprimanded them but eventually got in on it, without going through the appropriate channels. Then the Docs team saw the banner they showed YouTube users, thought they had actually received approval from management and used it as evidence to convince their managers to implement their own banner (who would have normally refused).
All they received was a small rebuke. In fact, management praised the team for the end result of decimating IE6 usage, as intended.
Then one of the architects of the scheme blogged about it in retrospect years later.
It was a configuration change so there were no dangers adding it, so she being a security engineer isn't relevant. The right punishment would be to tell her what channels she can use to send union messages and tell her to just do security related popups in the future. If she continued sending messages like this then fire her, but it is dumb that she got fired over something that would take literally 5 minutes to fix.
Google did tolerate exactly the same kind of behavior from the internal OS distribution team before, you could argue that security is even more important there than in a browser plugin.
I am not a Googler but I reiterate I know exactly 0 CSOs that would tolerate this. You providing an example outside of security team kindah reinforces my point.
Google has a lot of security teams since they do all of their infra themselves. The people who push security patches to peoples OS's is a security team, and they used that channel to push a message similar to this.
from an outsider perspective i can say that to me This is a security tool and it should show popup for restricted sites and/or flagged sites. if its intent was a general notification extension like office emails etc , nobody would have cared. But since it is a security tool even if your action is not malicious the expectation of security only updates is breached, which is what i believe is the core issue. More so the employee is a security engineer, the fact that this is most likely something they would be aware of and proceeded to do this change anyway is something which is extreme-ly worrying. It raises all sorts of questions like how safe is google infrastructure from rouge employees and how does this affect data collected by google and handled by googlers.
> "Yeah let's be real, if she programmed a popup to appear over twitter with a message like "Don't slack off dummy UwU" and or something equally ill informed she would have been rebuked at worst."
What? Granted, I've only worked for large businesses but that would be grounds for immediate termination at any company I've ever worked at.
From her description of her job position it seems like programming a popup to appear over twitter with a message like "Don't slack off dummy UwU" was exactly what Google wanted her to do in her job.
> As a security engineer who worked on the Chrome browser’s use within Google, Spiers wrote browser notifications so that employees could be automatically notified of the company’s policies and guidelines as they browse the internet. Spiers said that engineers regularly implement such code changes to make their jobs easier and share personal interests.
But programming a popup to appear over a union busting law firm website with a message that such and such law exists was not.
> Spiers wrote a few lines of code that created a pop-up message asserting Google employees’ labor rights whenever her co-workers visited the consulting firm’s website or Google’s community guidelines. The message reads: "Googlers have the right to participate in protected concerted activities." The pop-up would have been visible to anyone at Google.
> https://www.vice.com/en_us/article/jgexe8/google-fired-an-en...
I agree that "Don't slack off dummy" would have earned a rebuke, but I wouldn't be surprised if any controversial political activist message would have been grounds for termination, especially with Google's new policy regarding political activism in the workplace. She would likely have been rebuked if she had just posted a flyer in the cafeteria, but she modified an internal tool.
> The fact that 2 coworkers were fine with your change doesn't mean it was made in good-faith
The standard for whether a company is legally allowed to fire an employee for organizing isn't whether their action is in "good faith", but whether their action is concerted. The fact that it passed code review is therefore critical evidence.
IANAL, but California is an at-will state. Again, IANAL, but my educated understanding is that you can fire someone for any reason as long as the reason is not illegal. Lastly, IANAL.
But IANAL firing some one for telling their co-workers about their right to unionize is an illegal reason to fire someone. I'm not completely convinced that's what happened here but still
Technology makes a lot of these good intentioned laws hard to interpret. You cannot be fired for telling your co-workers that they are allowed to unionize. What if you work for a call center, commandeered an auto-dialer, and called every co-worker in the company with the same message? What about a popup on every page of an internal company website? Is someone allowed to stand up in the middle of the office with a megaphone and tell everyone they can unionize?
> What if you work for a call center, commandeered an auto-dialer, and called every co-worker in the company with the same message?
The law already covers situations like this, in terms of whether or not employees are allowed to use the internal technology tools of their employers in order to organize.
Is using whatever mechanism is available to you, including company privileges, in order to organize perfected by law? As a customer support person, would you be able to add "you have the right to sue Google," simply because they did have the right, and I felt like it? Am I allowed to write a script that helps draft automated verbiage to assist you in suing Google?
She went through the corporate approved process with her changes. Her only mistake here is being pro union while Google is decidedly anti-union and pro-worker-abuse.
I don't know how this works where you are, but when I'm asked to review code for someone, that's exactly what I do but also only what I do - I don't ask them if they have a design document for the change or approval from the features team. It's not my job to verify that.
> Prefixing this by saying I am not siding with Google (since people make assumptions).
Prefixing this by saying I'm not making an assumption about who you're siding with, but offering my opinion on the argument you're using.
> The standard approval process sounds like most merge review processes on any engineering team. There's a sort of assumed good-faith for this process. The fact that 2 coworkers were fine with your change doesn't mean it was made in good-faith and was within the bounds of normal types of changes.
Other people have already argued about whether what she added to the extension is in line with the purpose of the extension and whether it was within her purview.
Regardless of that, I would like to point out that we're not hearing that these two coworkers -- or anyone else involved in the process -- have been fired. Only Spiers. If the concern is really about the security and the trust, why is one person singled out?
I have to agree. I'm all for unionization in our industry to improve employee leverage and even more open compensation sharing to help drive comp up... but this is a step too far. Pushing your message in this fashion is clearly irresponsible no matter how "by-the-book" it is.
With that said, the organization and orchestration problem for movements is a very real problem (finding the correct people and disseminating information). This is something businesses are well aware of and they use that to their advantage.
It's an even harder problem when the employer is firing people for trying to organize.
Change the words in the message, and I can't imagine it being anything but a reprimand, at worst. This is a message to other employees that organizing gets you fired.
> There's a sort of assumed good-faith for this process.
I don't understand why two people sign off changes if they assume the person making the changes isn't going to make errors or be "malicious". And I'm not sure why two people sign off changes instead of just one. There's a well understood problem when you have more than one person inspecting product - they both assume the other person is competent and will catch anything they've missed, and they each do a lighter inspection.
>And I'm not sure why two people sign off changes instead of just one.
Because more eyes catch more bugs. I work in a time like this where we have 2 or even 3 people review stuff; it's extremely common for one engineer to miss stuff that another one catches. It's particularly notable I think with junior vs. senior engineers: I think you really need at least one senior engineer reviewing everything before a merge, but you don't want to keep junior engineers out of the process because then they'll never learn. With trivial tickets, however, you can relax this rule and just have one person review before a merge.
But for product inspection we have pretty good evidence, from millions of human hours of factory work, that it's a bit more complicated.
X makes a widget, and sends it for inspection by Y and Z. Y has a look, but assumes Z will catch anything that Y misses. But Z also assumes that Y will catch anything that Z misses.
You end up with two people doing a superficial inspection and missing problems.
Of course, that's only if they're doing the same inspection twice. If they have different and clearly defined inspection roles the two inspector problem doesn't apply.
If you need 2 approvals at Google, then usually 1 is for readability in a specific language. I.e. one of the reviewers is understood to mostly be looking at code style and not domain logic.
In my experience, you more often get the other phenomena where all reviewers (and some other people who get automatically CC'd) dogpile the review and you potentially have too many comments. Or someone ignores the review and it never gets approved. Cursory reviews were basically never a problem.
No, it really depends. It's easy to overlook stuff on a merge request. I'd interview both of the reviewers, and with them look at the actual MR and see what they were looking at, and ask them how they missed this and why they thought it was OK to merge.
I've seen some pretty glaring stuff get through a review process, particularly with junior engineers.
Everywhere I've worked, "signing off" on the changes just meant we were OK with the technical implementation. Unless you were junior, you were trusted to have approval for the purpose of the change.
A change like this, which was linking to an official policy document, wouldn't have raised any eyebrows.
I think the punishment is warranted for the fact that it is an internal security tool. I don't know of any large company that would allow this kind of code commit without that level of punishment being taken. She was trying to be sincere in her actions but comes off as completely naive that what she was doing was a serious violation. I don't see her winning this to any degree and at 21 it will be a big learning lesson.
That just means the code was made to quality standards, not that the she had authority to make that kind of feature modification without approval. In a less technical analogy, just because you have a right to put up flyers doesn't mean you have the right to use the company paper and printers to make them.
Let me preface this by saying I think what she posted is true, employees have a right to unionize.
That said, it seems kind of strange, if this was a better way to post something than the cafeteria, that she added it to the union buster's site, though. Wouldn't only execs and management hiring the union busters go there? Seems like it was a way to argue back with the execs who hired the union busters by essentially defacing the union busters site?
She probably pissed off a high level exec who hired the union busters in the first place and was fired by their order. She was making all the management who visited their site see her notice, and some management obviously support the union busters since they hired them in the first place...
It's still worth discussing if their reaction warranted the offense. Would they have fired her had she added a pop-up on Earth Day encouraging employees to recycle? Or would she have received a slap on the wrist for that. In other words, how much of what she was advocating was part of the decision to fire?
> The particular popup looks pretty official and scary
It's warning of a legal obligation. Is that not enough of an "endorsement"? And it only pops up if you visit the website of a consulting firm that some say has breached these obligations in the past. It's hard to think of a better way of targeting this warning.
Based on what I'm reading here, firing somebody that early in their career is cold and Google deserves all the criticism it is getting lately for basically being a combination of tone deaf, insensitive, overreacting (or shall we call it panicking?), and biased to doing things most of their own people would simply characterize as "the wrong thing". In jurisdictions outside the US, this kind of random act of corporatism could end up being very expensive. Firing people without good reason is a not a thing that holds up in court and this looks like it doesn't stand much scrutiny.
Also, this seems like it is policy rather than an isolated incident. I'd suggest fixing it by maybe correcting people up the food chain. Google is a long way away from their don't be evil motto when they were young, naive, and producing lots of cool new products and services because they weren't held back by corporate idiotism and political correctness.
Does it matter? If she used Google resources in a manner not company-approved, and if labor law doesn't recognize using a resource like that as a protected communications channel, like they would a company break room announcement board, why should Google be subject to a neutrality test? I support unionization, but I don't see what legal ground she has to stand on here.
The firing might hold in court, but to be frank there is no way she would get fired over something like this if it was not related to unionization or other anti corporate messages. Google is typically very lenient on harmless offences like this which is why the firing is a surprise.
>Google is typically very lenient on harmless offences
I know somehow who got fired from Google for taking a half gallon on milk home, because it was late and he didn't feel like swinging by the grocery store.
That is a good question. Is this a fireable offense regardless of the content? If not, what kind of content is fireable, subject matter that is political, religious, vulgar, or offensive?
Putting this into an internal tool does seem unprofessional in my opinion. Why bite the hand that feeds you?
Why the struggle, why the strain?
Why make trouble, why make scenes?
Why go against the grain, why swim upstream?
It ain't, it ain't, it ain't no use
You're bound, you're bound, you're bound to lose
What's done, what's done, what's done is done
That's the way the river runs
So why get wet?
Why break a sweat?
Why waste your precious breath?
Why beat your handsome brow?
Nothing changes, nothing changes, nothing changes
Anyhow
I would say that better you would ask , was this the right time to bite the hand? Because there are good reasons to do it, like if uber self driving cars developers would have done something instead of disabling safety features and lick the hand that feeds them.
Sounds like she went through standard procedure to add code, but the feature was not sanctioned by management....
i.e. if you work on a payment system, add you add code to siphon sub-cent rounding "errors" to a "settlement" account, said code may pass review (because it looks legit to code reviewers), but I bet management would be pissed at the change if not prior approved.
Exactly. What if the pop-up just said “not using disposable cups helps the environment”, or “the Holocaust happened”. Or even something like “Trump is a bigot”. Would she have got the sack? This is the true question. She was just stating a fact...
> Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension
That sounds like code review approvals, not actual project/management approval of the 'feature'.
We have the same: Cannot commit any code change unless 2 other team members have reviewed it. That has nothing to do with having actual project/management approval for the change.
I'd agree, it sounds a lot like a code review, but at Google that was also the approval standard for deploying such an extension.
I don't really see how Google could be in the right here though. If they have an internal program for creating alerts/extensions for specific websites, and Spiers followed the normal procedure for adding such an extension, there doesn't seem to be a problem. The only problem is Google being anti-union, and retaliating against someone for quietly promoting unions in line with existing policies seems a lot like illegal retaliation.
You added your personal code to a browser extension..
I can't see how google is in the wrong. Unless google allows anyone to change this extension for personal reasons and they only flagged her. Could someone change it to let everyone know they are selling cookies or accepting donations to their church.
From what I understand this is actually how google communicates policies and the like via their employees, for which it is legally required to notify such employees via electronic medium if electronic medium is the primary communiation factor. This is based off of the engineer's medium article though.
That's not how Google works. She mentions in the Gizmodo article that she had ownership over these files, which isn't given out casually. Creating these policy notifications would have been a core part of her work.
If indeed the extensions were only for security/privacy notifications, I would categorize what Speier did more as off-topic. That would be maybe something deserving of a correction not outright termination.
The fact that the message was about employee labor rights means that Google might be in a precarious legal position
I think the difference is that Google is a lot less likely to infringe on employees' right to bear arms than they are their right to organize, especially given that this message literally appeared on a website of a firm Google hired specifically to suppress organization
I have a poster here in my home office that was mailed to me by my employer's HR department. It advises me of all my rights under state and federal labor laws: equal opportunity, workplace safety, minimum wage, etc. In my mind, it is not at all inappropriate to advise employees of their rights. In fact, the only reason I have this poster is because state and federal labor laws require such notices. Those laws and those requirements are written in the blood of all the serfs, children, and laborers who couldn't earn living wages or who were forced to work at a tender age or who were injured due to corporate malfeasance. The freedom of association is likewise recognized as a right inherent to all people, and its protections were likewise bought with blood. We should all be reminded of our rights and the reasons we safeguard them. An employer who tries to interfere with its employees' freedom of association only seeks to exploit them. If it treated its employees well, it wouldn't need to worry about organized labor—and its employees wouldn't need to organize in the first place.
It might help a lot if someone leaked the internal repository for this extension... sorry I meant, if Google voluntarily shared the repository for this extension, so that we could see what it was commonly used for.
> but at Google that was also the approval standard for deploying such an extension.
If Google allows any team member to freely push changes without formal change request, it has to be implied that changes must comply with the scope of the project, company policies, professional standards, etc.
In any case, my point would stand: It does not sound like she had actual project/management approval.
To play devil's advocate, the 'approval' she got does not absolve her (if we suppose that she did something wrong), it just means that the coworkers who approved the change are also in hot water.
>but at Google that was also the approval standard for deploying such an extension...I don't really see how Google could be in the right here though.
I don't see how Google isn't in the right here. The approval process for this security tool was designed to minimize red-tape and maximize contributions because the goal was security, and the assumption was that the lax process wouldn't be abused. The clear intent of the tool is not to push the political agenda. It was there to warn about security-related issues while browsing. She abused the process and deserved to be reprimanded.
Here's an example .. like most companies we have a wiki that anybody can edit. The intent is to get contributions from everybody around product-related issues (e.g. debugging a particular problem, how to configure the product for a specific use-case). Nobody polices usage of this wiki, and the wiki has no specific access controls to bar any individual from editing any page. Certainly though if someone started putting in notes at the top of some of the pages to push a political agenda that would be an abuse of the process, wouldn't you say?
> Certainly though if someone started putting in notes at the top of some of the pages to push a political agenda that would be an abuse of the process, wouldn't you say?
Just to be clear: the message she communicated wasn't about some divisive social issue, it was warning employees to not break federal labor law.
Then be clear. We both know what she was doing, why be obtuse?
This was an activist power-play. Every article that is written about this lists the action as activism. Again, why pretend otherwise?
But if you want more clarification: it's not her job as a SECURITY ENGINEER to send warnings about federal statue compliance through a security tool. I also have yet to have anybody demonstrate that Google was breaking any federal law, and I highly doubt they would. They have entire departments that deal with legal complience.
And you linked to a labour consulting company website, which I take is where this actvist decided to helpfully issue threats to senior management through the security tool she was tasked with maintaining so they think twice about contracting them.
This is a such a clear violation on her part that I am flabbergasted that you would actually defend the move. She deserved to be fired for her arrogant stunt. You don't get to dictate compliance policy (as an early 20-something tech-sister, who knows nothing) to a company employing 50,000 people.
> This was an activist power-play. Every article that is written about this lists the action as activism. Again, why pretend otherwise?
When you use the words like activist and activism you evoke images of people pushing for new things that are politically decisive in some way.
The message she got fired over was expressed pretty settled interpretation of federal labor law that Google recently agreed to disseminate. It's like calling it an "activist power play" to remind the government of the First Amendment when if it tried to censor something or other. It's a stretch.
If anyone's being activist, it's the people who are trying to treat the expression of those rights as some kind of inappropriate activism.
> I also have yet to have anybody demonstrate that Google was breaking any federal law, and I highly doubt they would. They have entire departments that deal with legal complience.
Why do you "highly doubt" Google would break the law? In the past they've broken federal law in pretty obvious ways over labor practices.
Apparently that list is what the notification in question linked to.
> And you linked to a labour consulting company website, which I take is where this actvist decided to helpfully issue threats to senior management through the security tool she was tasked with maintaining so they think twice about contracting them.
I linked to a screenshot of the message we're actually discussing. You can see the so-called "threat" yourself:
> go/nlrbnotice Policy
> Do not violate go/nlrbnotice. Googlers have the right to participate in protected concerted activities.
> View Policy
> This is a such a clear violation on her part that I am flabbergasted that you would actually defend the move.
Black people sitting at lunch counters was once "such a clear violation" of corporate policy, too, but it was pretty defensible, no? Sometimes you have to take a broader view of something than whether it violated policy or not.
I'm not saying this action is fully equivalent to a lunch-counter sit-in, however I do think Google's reaction here was unsupportably harsh. The worst they should have done was issue a reprimand. I'm also "flabbergasted" by the over-the-top condemnation of this engineer's actions.
>When you use the words like activist and activism you evoke images of people pushing for new things that are politically decisive in some way.
Because that's what you are when you co-opt an internal tool to put up messaging over the web page of the consulting group that works with your employer. She knew what she was doing. She knew it was a political statement. She may even have even wanted to be martyred.
>The message she got fired over was expressed pretty settled interpretation of federal labor law.
She didn't get fired for her message even though you're trying to spin it that way. The medium matters here. You don't get to co-opt internal tools to post your interpretation of federal labor law, or to send a message to the management team, or whatever else her motivations were. That's why she got fired.
>What are you talking about? I linked to a screenshot of the message we're actually discussing. You can see the so called "threat" yourself:
I know exactly what she did. She made a political statement about a labour consulting group (that they can or do infringe on federal law) and that was directed at least partly at executive management (who else is going to work with IRI Consultants and browse their page). This was a purposeful activist power-play.
The gaslighting that you're engaging in is offputting. This kind of thing would have gotten her fired from pretty much every company in the country and for good reason - she's untrustworthy and cannot seperate her job as a Security Engineer from her activism, and I'm sorry you can't see that.
>Black people sitting at lunch counters was once "such a clear violation" of corporate policy, too, but it was pretty defensible, no?
She's not a black person during Jim Crow era. She's not oppressed, and it's offputing that you would even make that comparison. She's a bay-area engineer who was making a very good salary and betrayed the trust that her position entitled her to.
>I'm not saying this action is fully equivalent to a lunch-counter sit-in,
I hope not because that would be insane.
>The worst they should have done was issue a reprimand.
That's your opinion. I think she deserved termination. You don't want this kind of person on your security team. You cannot trust her to seperate activism from work.
And it is interesting that you can claim that she did nothing wrong, and at the same time understand why she should be reprimended.
> You don't get to co-opt internal tools to post your interpretation of federal labor law, or to send a message to the management team, or whatever else her motivations were. That's why she got fired.
> This kind of thing would have gotten her fired from pretty much every company in the country and for good reason - she's untrustworthy and cannot seperate her job as a Security Engineer from her activism, and I'm sorry you can't see that.
What Google-specific support do you have for this, than post-hoc rationalizations based on her firing? Every indication I've seen has told me that Google has developed a very unique corporate culture, which makes inferences from "every company in the country" suspect.
I can definitely see your position (which approximately seems to be: a worker's primary moral obligation is to serve his employers to their satisfaction during his employment. Assertion of his own rights on work time with work resources is a severe moral violation as it puts the workers' interest above the employers'.), I just disagree.
> She's not a black person during Jim Crow era. She's not oppressed, and it's offputing that you would even make that comparison. She's a bay-area engineer who was making a very good salary and betrayed the trust that her position entitled her to.
I'd say she is oppressed, just in a different, less-severe way than black people during the Jim Crow era.
> And it is interesting that you can claim that she did nothing wrong, and at the same time understand why she should be reprimended.
Really? I thought it was pretty widely understood that morality and law are not the same. You can have immoral things that are legal, and moral things that are illegal. Corporate policy is a weak kind of law that has even less claim to respect than federal and state law.
>What Google-specific support do you have for this, than post-hoc rationalizations based on her firing?
That's not post-hoc rationalization. That's the stated reason. That's also clearly the reason if you take an inventory of the facts on hand.
>Every indication I've seen has told me that Google has developed a very unique corporate culture
Yes, "unique" just like every snowflake is unique. And "Unique corporate culture" doesn't mean you can do whatever you want, as James Damore found out. And yes, her actions (not anybody elses) led to her termination, as would have been the case in every other company.
>I can definitely see your position (which approximately seems to be: a worker's primary moral obligation is to serve his employers to their satisfaction during his employment. Assertion of his own rights on work time with work resources is a severe moral violation as it puts the workers' interest above the employers'.)
That's not my position and I don't appreciate this distortion.
And no, she's not a moral arbiter of Google. She doesn't have the right to assert her interpretation of law and morality on the entire corporation. Maybe she thinks she was doing a moral action (though I would argue her action is narcissim and attention-seeking), but Google employs tens of thousands of people across the world, with different religions and politics and beliefs. You don't get to co-opt internal tools to advocate for Jesus Christ as your saviour (and what could be more moral than saving people from eternal damnation) just because you think that's the moral action.
>I'd say she is oppressed, just in a different, less-severe way than black people during the Jim Crow era.
Talk about an understatement of the century. She's as much oppressed as a grounded teenager, which, you're right, on the oppression scale is "less-severe way than black people during the Jim Crow era".
> That's not post-hoc rationalization. That's the stated reason. That's also clearly the reason if you take an inventory of the facts on hand.
The stated reason can obviously be a post-hoc rationalization. It's entirely possible that she crossed a line her employer drew after the fact.
> That's not my position and I don't appreciate this distortion.
Well, if you could clarify, that would be great. It's clear to me that there's some moral component to your position, given your language:
>>> she's untrustworthy
>>> [she] betrayed the trust that her position entitled her to.
> She doesn't have the right to assert her interpretation of law and morality on the entire corporation.
(I should note that it's not her interpretation, it is the law.)
> I would argue her action is narcissim and attention-seeking
I does sound like you feel that her overriding moral obligation was to serve her employers to their satisfaction, and that it was a strong moral violation to take a fairly anodyne action that caused her employers some discomfort. No money was lost, no security systems breached, no confidential data exposed. The only thing that happened was a few people saw a required legal notice that her employers would rather have people forget about.
For anyone else who didn't get that far the first time:
> Spiers' pop-up message was inserted into a tool that notifies employees of privacy and security concerns about using non-Google tools and services, like warning employees not to upload proprietary information to Dropbox, Spiers said. The tool is managed by the platform security team, for which Spiers worked for almost two years as a security engineer.
So, seems like the bulletin was pretty far outside the intended function and should have required more than a code review. I wonder what will happen to the people who accepted the patch?
If the message was "I baked cookies, come by my office if you'd like to try some" do you think this person would similarly be fired? A person that was recently promoted, was designated as a high performer, (and I have nothing to back this up but seemed strategically recruited since they did not fit the google mould as a high school drop out?)
I think a reasonable reaction would be to remove the message from the extension, put in place a better review process, better training and possibly some minor negative comments at review time.
> If the message was "I baked cookies, come by my office if you'd like to try some" do you think this person would similarly be fired?
No, but I think they'd similarly be fired if they had written an anti-union popup. (Indeed, if someone wrote an anti-union popup and weren't fired for it, I expect that would itself have made the news as a "Google hates unions" story.)
>If the message was "I baked cookies, come by my office if you'd like to try some" do you think this person would similarly be fired?
Yes I do. 100%.
>put in place a better review process,
This is your solution? The process was intentionally lax so that you wouldn't have too much red-tape when soliciting contributions. The assumption was that this wouldn't be abused by your Security engineers(!!). Your solution to this is to make the process more onerous because one individual couldn't behave like an adult? How about you keep the process as is and you fire the individual who couldn't differentiate activism from security work.
That extension is not limited to privacy and security concerns. One of the sites the extension warns about is Dropbox, and few people would seriously describe Dropbox as inherently insecure or as violating privacy. What is true is that some interactions with Dropbox may be in breach of other existing policies that Googlers must follow, such as wrt. proprietary information and the like. Googlers are also required not to violate labor law.
Dropbox has total access to your unencrypted files. That 100% fits the criteria. Especially in regards to file-access between potentially competing megacorps.
I did but I still have to say it sure sounds like a code review process she went through, not a new feature addition she went through. Although generally I wouldn't approve code unless I could figure out what feature it was related to so I also think huh, maybe it was okay by Google's inner processes - the workings of which I a not informed of.
The extension was specifically designed to notify Google employees about problematic reliance on non-Google services. Seems like her warning fits that use case. How is "warning about Dropbox" any different from "warning about X management consulting firm"?
Edit: Her warning literally said: "Do not violate NLRB notice. Googlers have the right to participate in protected concerted activities." (see screenshot in article, bottom right.) This is something that Google is already obligated to acknowledge under labor law. They're simply shooting the messenger.
I'm sane, and don't want to join a union (I'm not against them in general; there are certainly fields where they make sense). I don't know if your question was serious, but in case it was: I don't feel like my employer is a rival or an enemy; I feel like they are a partner in our mutual goal to make a lot of money. I've never worked at Google, but I've worked at similarly famous large companies, making several times more than any reasonable person would think the average programmer was worth.
To the extent that unions would make the company able to make profit less efficiently, for example by making it harder to fire poor employees, it would have been against my own interests.
I also totally never felt that there was a power imbalance between me and my employer. I got to work whenever I wanted, worked on whatever I wanted, left whenever I wanted, and when I got burned out and started disliking the job, I quite easily found a job somewhere else. Again, probably different for non-software-engineers, but it's not hard to understand why many of us feel no draw to unions.
> I don't feel like my employer is a rival or an enemy; I feel like they are a partner in our mutual goal to make a lot of money [...] it's not hard to understand why many of us feel no draw to unions.
It's hard for me to understand when you look at other similar industries. We're not talking about blue collar unions here: we're talking about white collar unions. They're very different.
Take Hollywood as an example. You have incredibly wealthy individuals who are all members of unions. Kevin Feige makes Disney billions of dollars, but he still pays his PGA dues.
The purpose of unions like the WGA, PGA, DGA, SAG, and Equity aren't to "make it harder to fire poor employees" - they're to provide equal protection to all members regardless of whether they're making millions upon millions of dollars or just getting started in the industry.
Sometimes I feel people in tech forget there is a highly skilled, highly unionized industry just a few hundred miles south of Silicon Valley that seems to be doing OK. Is it perfect? No, definitely not. Is the film industry better to work in with the unions than without? Almost certainly yes.
I'm very pro-labor union, but life as an actor or screenwriter is considerably more precarious. Each job you get lasts only as long as the movie you're currently working on does. Once the movie's done, you're out of a job again. A SWE doesn't experience the same level of chaos, unless they're freelancing.
Maybe not much more. The era of spending your life at a company is long gone, and the role of a distinguished senior engineer over 50 is evaporating. And the number of people who have been screwed out of their options on HN have been too numerous to count.
Yet demand for software engineers are higher than ever. It seems like market forces should counteract these issues, however SV is impervious to these issues.
Well, let me turn the question around. Imagine I was a generally happy mid-level software engineer, making $400k/yr at Google. How would a union help me?
By giving you greater control and direction over the nature of the company, the kind of work they do, and who they work with, to check executive power from engaging in short-sighted or immoral behavior, to provide you with an alternate route for addressing workplace discrimination or harassment, just to begin.
A union doesn't give me, personally, any control or direction or checks on executive power. Union leaders have those powers. And it's not obvious to me why the union leaders would be any more aligned with my interests than management is.
Those union leaders are hopefully elected by employees (otherwise, how do they get to be leaders?) so you can align the union leadership with your interests by voting for someone whom you trust to represent you. Of course you don't need that if management is also elected, but I don't know of any company that does that.
It's not about whether I trust the leaders. Even if they're trustworthy, their job is to work for what's best for the union as a whole, and that's often going to be different than what's best for me. As anyone who's worked in big companies can attest, there are all sorts of ways that facially universal policies can have disproportionate impact on specific people or teams.
Aren't those industry wide unions whose main purpose is to set wage floors because there are so many people desperately trying to get into the industry that without them, employee conditions would be terrible for those just starting out? I don't think that is a problem for programmers and it is way different than a company specific union.
If you want to start an industry wide programmer union, by all means, start one and then try and get people to join it. I'd love to hear what benefits you think I would get by joining an industry wide programmer union.
They specifically made that illegal with Taft-Hartley because of the political power available to workers by allowing it. Most labor parties in Europe actually arose out of these unions, for example.
The WGA was grandfathered in with the law, but you’re not allowed in the US to create sector wide programmers union. It is cool to imagine what you could accomplish with sector-wide software strikes though.
What, the fact that Hollywood highlighted a society wide problem should be counted against it? Or do you honestly think that sexual harassment by exploiting power imbalance only happens in Los Angeles?
Well those industries are not comparable. One random example - our flexibility to change jobs in IT is almost unheard-of. We can literally spin the globe and go work almost anywhere. The only hurdles are immigration rules and possible language barrier. Most of Hollywood jobs would struggle in most places.
Another personal view - as somebody from Europe, I really don't feel any need for any unions. I am not trembling from fear that I will get fired. If I will, there will be good reasons (my poor performance or employer getting into financial troubles). For me, that's a good trade-off for extra pay and interesting work. When I was consulting, I had nano-fraction of current job security, but again it was offset by salary. Again, fair deal for me and for employer too.
Another reason - anytime I even remotely interfered with Union people in my previous jobs, they literally reeked of internal politic games, keeping their comfy jobs as safe as possible. You get this kind of folks in any company, even in my current one, although we don't have unions. They try different ways (ie managing pension fund or other 'political' positions that require little work but add friction to firing process). Needless to say they are never stellar performance workers.
This all obviously doesn't say anything about Google or generally SV culture, my experience is local to 3 European states only, and cca 6 companies.
We in IT are vastly overpaid compared to any other engineering degree holders. Not complaining, but its a fact. Just talk to other engineering folks. High salaries and positions can be achieved quickly, not over 30 years of gradual rise of staying within same company.
If/once market saturates and salaries go down significantly, there might be more need for unions. But most folks are not there I think.
>I don't feel like my employer is a rival or an enemy; I feel like they are a partner in our mutual goal to make a lot of money.
It's hard to concevive of a more asymmetrical partnership, and a partnership in which one party uses all their power, legally and socially, to increase the intensity and duration of work, and dictates the method in which it is done.
> It feels like a lot of astro-turfing going on here. Why would any sane person be against unions?
Going to work without a union is like going to court without a lawyer. Are there incompetent lawyers? Does it cost money to hire a lawyer? Of course, but that doesn't mean it isn't a stupid idea to try to represent yourself pro se.
Unfortunately, workers in the US have been the subject to the equivalent of a fifty year propaganda campaign bankrolled by prosecutors (business owners) to convince people they're really better off if they represent themselves in court pro se (without a union). The sad thing is the campaign has worked surprisingly well.
Dropping the analogy, I think many tech workers are treated relatively well for now by employers. Sort of like a well-treated personal assistant to the boss, who is comfortable and has their small privileges compared to those in the factory floor, and therefore feels like they're more like a boss than a worker, even though that's not at all the case.
The startup ecosystem has also encouraged tech workers to think of themselves as future bosses rather than present-day workers, so they favor the policies they imagine their hypothetical future selves benefiting from, even though it hurts themselves and their friends today.
If you want that metaphor, going to court with a union is more like having one lawyer trying to get the best deal for 5 of his clients, even if one is innocent and the other 4 guilty, he would decide instead for a plea deal where all 5 do minimal time. 4 get better off, 1 is fucked and can't really do anything about it.
> having one lawyer trying to get the best deal for 5 of his clients, even if one is innocent and the other 4 guilty
That's stretching the analogy too far, and adding biasing details to force the impression that unions are bad.
Here's another analogy:
Going to work without a union is like going to war without any military organization. If your enemy is well-organized, how smart is it for you and your fellow soldiers to attack individually in an uncoordinated way without any overall strategy?
re: lawyer one. I am not biased and I am not against unions, but I live in a country where as some others mentioned, they are basically political tools for some small group (or in public unions, actual political parties). I am pro-union, but I believe that outliers or top-performers will be fucked in a union world. (And low performers will be safer). I make about 7-8 times the average salary for my country, and 5 times the average salary for a senior software developer. This is due to my years of developing connections and the fact I deliver quickly and well. From my experience with unions, I might even be at the top of the scale in their 'grades' but I would never be able to get to the multipliers I am making if I didn't have the power to negotiate my contracts myself. Sure it sucks for others that don't have this possibility, but I won't sacrifice myself for that.
That is perhaps a better analogy indeed, but still lacks a bit since each 'soldier' has different goals and capabilities, which may be curtained by if they organise. And the 'enemy' still requires you to cooperate with them at the end, to come to their side and help them achieve their goals, which again, would probably mean you would be fucked if you were fighting alongside, and midway decided that the 'enemy' was actually right and you wanted to work with them.
I understand and agree with many of those points. I think that if software engineers unionize, there should be a lot of innovation and experimentation in union structure and practices to address them.
The other thing is that I see a lot of criticism of some practice or other of some particular union inflated into a critique of unionization in general. I object to that because 1) it often echos management's anti-union propaganda talking points, and 2) it denies the possibly to innovate in the area of worker organization. I think there's a lot of value for workers in worker organization, even for high performers, and I think that needs to be the focus.
I have no horse in this race. But as a counterpoint, pretty much everything in New York is more expensive due to heavy unionisation, particularly around construction and public services.
There's a lot of other reasons stuff is expensive in NY. Europe is heavily unionized and somehow they still manage to build subways at a lot less than $1 billion per mile.
This a perfect example of grass being greener on the other side of the fence ;) In some European countries I know of, unions are solely responsible for forcing the government hands into things like keeping around and subsidising beyond any sense and belief a dirty energy sources (coal mines and power plants for example) resulting in air quality killing more people than car accidents every year. Those unions won't stop at anything and are ready to and have in past organising violent riots on streets, until everyone around surrenders to their demands.
My understanding is that the if-anything-heavier-unionized EU isn't experiencing the same rapid growth in (especially public) construction costs as the US has been for some time—still faster than inflation, but lower than would be explained by just PPP adjustments or COL vs. the US. Unions may not be helping but there's something else causing runaway cost growth in US public sector construction, in particular.
There are “nippers” to watch material being moved around and “hog house tenders” to supervise the break room. Each crane must have an “oiler,” a relic of a time when they needed frequent lubrication. Standby electricians and plumbers are to be on hand at all times, as is at least one “master mechanic.” Generators and elevators must have their own operators, even though they are automatic. An extra person is required to be present for all concrete pumping, steam fitting, sheet metal work and other tasks.
In New York, “underground construction employs approximately four times the number of personnel as in similar jobs in Asia, Australia, or Europe,” according to an internal report by Arup, a consulting firm that worked on the Second Avenue subway and many similar projects around the world.
The "oiler" thing sounds stupid, sure, and overstaffing in general is a fair concern. But, devil's advocate, how much time and money would be wasted if an essential machine broke and there wasn't a mechanic standing around ready to spring into action? How many people would be seriously or fatally injured in a year without a helper on those "An extra person is required..." tasks?
I don't know the answers. Some of them legitimately may be useless sinecures, but it's worth keeping in mind that what looks like redundant waste is sometimes an important guard against some kind of failure. Just because it isn't always used doesn't mean that it's not worthwhile.
The article directly compares the NY subway project to a french one, and finds that it was cheaper and had a quarter of the staffing. So since we've established time and money is not being wasted by not employing 4x the people, all you have to do is check and see if French public construction is more dangerous than the US, and you'll know if elevator operators and underground break room guards are important safety roles.
In the public sector, unions and engineering firms/management contractors are not at odds as they are in the private sector, they collaborate to rip off the public.
==it's worth keeping in mind that what looks like redundant waste is sometimes an important guard against some kind of failure. Just because it isn't always used doesn't mean that it's not worthwhile.==
Even more likely is that the redundancy exists because of something bad that happened in the past. That is how most regulation comes into existence.
If you live in a country where unions are very powerful, like mine, you realize that their power need to be kept in check along with every other power.
Unions at least in my country are all about political power, and little about workers' rights. The major ones are composed of mostly retirees from an era and a work modus operandi that is no longer the case there.
They argue for a model that is equal for everyone - yes, everyone equal at the bottom. They insist that every contract should be handled mostly at the national level (for political bargaining power) and discourage local agreements between unions and employers.
Also the public transportation seems to enjoy the "special" privilege of having a strike (not necessarily for workers' rights) at least once every month, "by chance" almost always on a Monday or a Friday.
Oh, and when an acquaintance of mine tried to get a union to help her file her retirement papers, they basically left her to her own devices (she was a retiree, no longer a worker, so "tough luck") and she had to fix the many problems that emerged by herself.
If we need unions, they need to be nothing like the one I hear about every day in the news.
EDIT: And for this reason I also refuse to take part in any union (last time someone wanted to do so, all I heard were "marches" and "strikes": people, it's not the 1970s anymore).
Unions are good for private companies, as there is a balance of powers - if the owners pay employees too little, employees quit, whereas if the employees protest too much, the company doesn't sell anything - both scenarios lead to collapse / bankrupcy, so both sides are motivated to cooperate and find a compromise.
In public services, there is no such balance - the state isn't constrained by market forces, and it won't collapse no matter how much employees protest. In addition, state employment usually comes with other benefits (e.g. job & pension security), so really the employees shouldn't be complaining and holding the whole country hostage.
"...The very nature and purposes of Government make it impossible for administrative officials to represent fully or to bind the employer in mutual discussions with Government employee organizations. The employer is the whole people, who speak by means of laws enacted by their representatives in Congress. Accordingly, administrative officials and employees alike are governed and guided, and in many instances restricted, by laws which establish policies, procedures, or rules in personnel matters."
-FDR Letter on the Resolution of Federation of Federal Employees Against Strikes in Federal Service
I think we've seen this play out in how public unions now dominate policy discussions putting the public good as an often secondary consideration.
Because they, like any other organization, tend to become corrupt and exercise their power to the benefit of the "party insiders", at the expense of the everyday member. And I, for one, don't feel any need to have my pay rate negotiated based on some group average or least common denominator. And union dues.
I personally fully support the right of people to bargain collectively, but being a member of a union is not something I'm particularly interested in.
> Because they, like any other organization, tend to become corrupt and exercise their power to the benefit of the "party insiders", at the expense of the everyday member. And I, for one, don't feel any need to have my pay rate negotiated based on some group average or least common denominator. And union dues.
Going to work without a union is like going to court without a lawyer. Are there incompetent lawyers? Does it cost money to hire a lawyer? Of course, but that doesn't mean it isn't a stupid idea to try to represent yourself pro se.
I'd join a union if one were available to me, then I'd work in it to make sure it was well-run and effective.
Sure, but why add one more variable to the equation? Eschew additional complexity. As long as I live in a "right to work" state and there is plenty of demand for the kind of work I do, I'd rather deal with companies on a one-to-one basis. If company treats me unfairly, I quit and go somewhere else.
And while the company may not be "on your side", companies are still bound by market forces, on both sides of the equation. You can't compete (for now!) without people, and if you constantly run your best people off by mistreating them, you aren't going to be very successful in the long run.
If that was actually true, employee abuse would be essentially non existent, especially in large successful companies, and unions would have little reason to exist.
Real life isn't that simple. These things aren't binary, "it's true" or "it's false". There is a continuum along which things vary. The extent to which companies are compelled by market forces to treat their employees well is obviously something that varies by sector / geography / profession / etc.
I'm not saying that nobody is justified in joining a union, or that unions have no reason to exist. I'm just saying that relative to my combination of the above factors, I do not find any appeal in the idea of joining a union, when you balance it against the associated negatives.
There are examples of bad unions. Police unions protect the "bad apples" that kill people with no consequences. Teacher unions protect teachers at the expense of students and education as a whole. Unions are designed to protect the weakest link which many people with highly sought-after skills feel is not in their best interests.
A lot of "sane" folks are skeptical of unions. Well well-run unions can certainly have a positive impact, unions also have a long history of protecting incompetent workers at the expense of competent ones, and they are particularly harmful for younger workers. When I was in college, the unions on campus successfully pressured the school to cut back on student hiring because the students typically made less than older workers, which meant less for union dues. A lot of kids on financial aid had a harder time finding work on campus because of this, and work off campus was not plentiful.
No, it feels like wilful cognitive dissonance where you all seem to think having two coworkers of no real managerial importance signing off on your company-wide political statement is somehow 'by the book' and everyone else is just a shill, ignorant and somehow didn't read this press release for this poor, poor person who knew exactly what would happen.
EDIT: Let's read the second paragraph of the article again:
"each time Google employees visited the website of IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a groundswell of labor activism at the company"
You see that phrase 'labor activism'? This is the exact cognitive dissonance I am describing here. You want to pretend activism isn't political, that an employee planting a message on the website of a company affiliated with their employer related to this political subject is totally innocent and not a politically charged message. Just 'totally telling you your rights' and nothing more than that. That's intellectually dishonest.
It's not a "political" statement, it's a notice of Googlers' existing obligations under labor law and pursuant to a NLRB settlement. She was indeed correct to warn any Googlers who might interact with the external consulting firm about those obligations.
It's an odd world we live in where factual information about legal rights is dismissed as a "political statement".
As others have said, if she'd abused her access to insert, say, a pithy pop-up about recycling on Earth Day, she would have received a slap on the wrist at the very worst. This isn't about changing the code without authorization. This is about a message Google doesn't want employees to hear.
Let me explain this to you very simply. If you are making significantly more than someone of your work experience length, you probably don't want a union. most of them put in rules that align pay with seniority, seniority being very stupidly defined as length of time in career.
The biggest reason is because union laws would force other people to join the union, if it got established.
I believe that you should be able to join whatever professional organization that you want.
But the moment that you try and force me to join that professional organization, with legal provisions that would cause me to lose my job if I refuse, is the moment that I go to war against you.
I will retaliate. I will fight back. Because I no longer have any sympathy for you, if you are going to cause me to lose my job because I refused to join your special club.
Literal decades of highly-funded propaganda by business interests to manufacture this consensus, for starters, Taft-Hartley banning sector-wide bargaining to render unionizing as company-level adversarialism vs. a broader fight for worker security and rights, the purging of leftists from the labor movement with Red Scare postwar...
Not compared to business interests and certainly nowhere near comparable to their political force in European democracies where sector wide bargaining isn’t banned.
Seems like they need to rethink the book. I'm not sure a Googley culture of permissiveness can exist at the kind of scale that they have now, and with the competing activist factions that they have cultivated.
If they really fired her for just this bagatelle, it speaks more against Google.
I don't know why there is this pervasive desire to strangle developers. This is a pretty recent phenomena in my opinion and certainly nothing close to a requirement to develop great software.
If I were an employee at Google, actions such as this would let me seriously consider to look for other work. The requirement for the code review for internal tools already seems awefully restrictive.
Give employees power / freedom and fire fast if you do stupid things.
Stricter regulations/ checks so they cannot mess up hard in the first place. At the cost of slower pace and less risks taken.
Google has historically been the former. And it comes with people doing stupid things and getting fired. Just the world is not used for huge companies to keep operating in such mode.
I applaud Google for keeping being open and not enforcing processes. The rest of the world will grow up eventually.
True that the former strategy requires more responsibility from employees. In larger companies you have more opportunity for your behavior not being penalized, so many companies increase strictness of processes.
But I fail to see how the employee in question did something that justifies firing her. Maybe there are other factors involved, but I certainly think that people opting for getting rid of her only on the basis of publicly available information shouldn't have any form of responsibility for staff to be honest.
Google's open culture wasn't designed to be robust against internal activists trying to leak, spam political messages, and incite dissatisfaction everywhere. Google's open culture assumed good faith, and that's gone now.
>The requirement for the code review for internal tools already seems awefully restrictive.
How on earth is that restrictive? Having code review for any important code should be normal at any company. Just because the tool is internal doesn't mean it's trivial and any engineer (especially a 21-year-old: how is she even an employee and not an intern at that age?) should be able to merge anything in willy-nilly.
Why wouldn't she be an employee at 21? 21 is three years into legal adulthood. The idea of being an intern at 21 is degrading. They're adults. Treat them like adults, not children.
Maybe this is news to you, but engineers typically have to go to college and get a degree before they can work as a software engineer. That typically takes 4 years, starting at age 18, which is when most people graduate high school. A 21-year-old working as an "engineer" at a company is typically an intern.
So to answer your inane question, she wouldn't be an employee because she's not old enough to have graduated college yet. And that's just to get a BS degree; lots of engineers these days (esp. at top-tier companies like Google) get an MS degree before they enter the workforce full-time.
I'm rather appalled that I have to spell this out here on this forum.
Getting a degree is largely unnecessary in the present time, and a substantial volume of people skip that step, especially in large companies like Google that are constantly buying others.
>Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension.
Yeah. I don't think so. The tool in question is an internal security tool, not a communication tool to get her message out. The two engineers who signed off on this should also be reprimanded. This is a clear abuse of a process meant to take in security-related contributions without too much red-tape.
And you want a separation of concerns here. You don't want a tool created for security to push the political agenda of some activists.
And she literally says the only reason for her change was because she wanted to get the word out because posters aren't effective enough: "Spiers told NBC News that she was inspired to create a digital notification because “a poster in the cafeteria is not the best way of reaching the majority of Googlers.”" ... yeah. Sorry posters aren't effective enough for you, you can't do that.
When a cop pulls speeders but strongly focuses on one demographic group, even though each pull is justified in that the one pulled was violating the law, the pattern that emerges shows a greater level of injustice and the actual reasoning used is quite different than the stated reasoning because the stated reasoning is not consistently being applied.
In this particular case, does Google consistently apply the stated reasoning? Google says it does, the engineer says they don't. Do we just trust Google despite a very long history of corporations taking illegal or unacceptable actions against employees engaging in similar actions, or do we let it go before a court to be decided?
That justice isn't equally applied doesn't excuse the perpetrator.
If you're speeding over the limit and the cops pull you over, you still deserve the fine, simply because that's the law. This doesn't mean that the cops themselves are innocent of any wrongdoing, but the two issues are separate.
And of course civil disobedience can be justified if the law or its application are unjust, but using it as an excuse after the fact is lame.
>That justice isn't equally applied doesn't excuse the perpetrator.
If you can prove it isn't being applied fairly it can result in rewards that more than cancel out any such penalty. Such discrimination cases can be hard to prove but can result in significant rewards magnitudes greater than the ticket fine.
> injecting javascript into an employer's internal chrome extension
The purpose of the extension is to serve site-specific pop-ups. Spiers added a pop-up to an existing pop-up tool using existing, precedented processes.
The analogy to a poster in a cafeteria, which is explicitly protected by federal law, passes a first-order smell test.
Is this a precedent that Google or any company wants to have, though? Engineers with access to company-wide tools or extensions can put political or divisive content into them?
This is more than just a "poster in the cafe" because of the reach and invasiveness of the approach.
Disclaimer: I work for Google, speaking for myself only.
> Is this a precedent that Google or any company wants to have, though?
Google is free to pull the tool or change the documented process. (I admit, the process seems lax.) Instead, they fired the employee. That’s an aggressive response.
> the reach and invasiveness of the approach
It’s a pop-up generated when one visits the site of the “firm that Google hired this year amid a groundswell of labor activism at the company”. That sounds like a reasonable scope.
Again, using a tool whose entire purpose is to serve site-specific pop-ups.
Random speech doesn't become any less random just because it is federally protected. On the contrary, it actually becomes less federally protected if it is random, because federal protection of speech requires specific time, place, and manner.
At a broader level, federally protected speech in the US isn't absolute; the Supreme Court has ruled a number of times that restrictions can be placed on organizing protests, such as you can't protest in the middle of a busy freeway at rush hour blocking traffic and use "my right to protest is federally protected" as an excuse. There's more info here [1] (PDF warning; go to page 9).
More specifically to unionizing, employees are allowed to discuss unions but employers are allowed to place some restrictions on when/where such discussions can take place. From the NLRB [2]:
> Working time is for work, so your employer may maintain and enforce non-discriminatory rules limiting solicitation and distribution, except that your employer cannot prohibit you from talking about or soliciting for a union during non-work time, such as before or after work or during break times; or from distributing union literature during non-work time, in non-work areas, such as parking lots or break rooms.
I think it's less about Management endorsement and more about notification blindness.
If you start adding wholly unrelated messages into the security warnings, people start ignoring them. We've seen the same with medical systems where doctors and nurses ignore the important pop ups because so many are just interruptions.
> The analogy to a poster in a cafeteria, which is explicitly protected by federal law, passes a first-order smell test.
This doesn't feel like the right analogy. She (ab)used her access after all. A better one IMO would be a cafeteria worker sneaking in a leaflet among the napkins. Definitely feels less innocent.
Come now. It's a browser extension, it's written in JavaScript, and knowingly installed by employees. No "injecting" went on here, let's not try to make this sound more nefarious than it was (not very). Fireable? Perhaps. But not because of a security concern.
(edit: reading more, it's clear that the only thing that makes this "fireable" in google's view is that it promotes union organizing that they oppose. Any other such message would probably not cause firing unless it caused a PR problem, and perhaps not even then.)
> So basically, the Google employee added arbitrary javascript to an internal chrome extension used by Google employees that triggered a popup when employees visited a specific website.
This is actually false (it's not listed in the article, so I wouldn't expect you to know). It was a config file containing URL patterns and plain text messages. Most messages were things like: "please don't upload random company files to dropbox.com/upload".
So my take is that this employee's job responsibilities probably involved notifying sending these types of notifications. However I'd actually agree that there was some "abuse" because letting someone know they are about to upload a file to dropbox is pretty different than using it as a forum to remind people that organizing is a protected activity. I wouldn't fire someone over that because despite them being in the wrong, it doesn't seem malicious.
> So basically, the Google employee added arbitrary javascript
This is a little disingenuous. She's a software engineer who works on this extension. "Injecting arbitrary JavaScript" is her job.
If she bypassed code review, introduced a vulnerability, abused a known weakness to violate policy (e.g. logged into an account with signing keys to deploy manually when it's usually automated), etc. then you'd have a case. If she did her job and followed all policies about review and the only question is the content of the notification, then the way she sent it is an unfair criticism. It reeks of CFAA-style stretching of the truth about authorized access, and we as hackers shouldn't stand for it.
I wrote a command-line tool at work to automatically add a bunch of party parrots to a Slack message. This tool runs with your personal credentials, and web-scrapes your Slack access token in order to run. As a normal UNIX tool it also has access to your homedir etc. The credentials it uses can also read your private Slack DMs, access data that you can get to but I am legally forbidden from seeing, etc. - but it does none of those things. I installed it to a bin directory in everyone's path, without code review, because we have a system that explicitly allows this and it is often useful. Our security team raised a general ticket to the effect of, hm, maybe code review should be required before you stick code in everyone's PATH. Nobody is thinking of firing me for "injecting arbitrary Python" or "stealing credentials" or anything because nothing I did was against either policy or convention, even though you can make it sound horrid if you choose.
Indeed. And there are a ton of comments here saying it's OK because "she went through the standard approval process, which requires two co-workers to greenlight changes."
But that doesn't mean it was OK. It just means the co-workers might have greenlit it without taking a close look, or were misled as to what they were approving, or that they were approving it because the code was correct technically, and approval isn't about judging the code's product purpose.
If this tool was NOT meant to be used as the equivalent of "posters on the wall" and she modified it, regardless of co-worker code approval, it DOES seem to be an abuse of privileges.
If her manager had given her the OK, then she's in the right. Otherwise, I have a hard time seeing how this isn't abuse of one's position.
Almost irrespective of the website that it was triggered on, it represents a huge waste of her time, as well as that of the hapless employees forced to click through her automatically-created popups.
It also weaponizes the internal browser to advocate for political causes.
It shows such stunningly bad judgement that they are entirely justified in firing her.
I mean, I know I'd be highly annoyed if I got a "Don't post copyrighted material" popup every time I visited Stack Overflow. It's the law, but it doesn't mean I want an addon nagging me about my legal obligations.
In the same way, I know I have a right to vote, but I definitely felt it was annoying when I had a coworker who would regularly spam us to remind us to vote. It's not necessarily Political, but it's advocacy. I only have so much mental bandwidth - hijacking it to have my read a message of your choosing is cause advocacy whether I agree with it or not.
Advocating a certain level of involvement/mindfulness of specific issues is political - Most of the difference between folks in the same party/ideology is just in if they think about or prioritize certain issues over others. Do you care more about Union Rights or the Environment? International Wars or domestic policing? Pushing people towards one over the other is political even if they already agree with you on the underlying issue.
Perhaps I'm misunderstanding you, but it sounds like you're saying telling people facts about reality they should know is advocacy, and advocacy is somehow inherently political? By extension of this logic teaching children math is a political act.
So, teaching anything is certainly advocacy in the literal sense. Your math teacher is an advocate for you learning math, and the importance of math. I wouldn't say that's political advocacy, because most people would agree that the rules and facts around of algebra generally aren't something that's commonly debated by governments.
That said, if I was taking a world history class, and my teacher spent the whole class for a year exclusively going over US war atrocities and rights abuses, I think you could argue that would be political, even if it was all factual and correct. They chose to present a set of facts that leads people towards a specific ideology and worldview that influences how they observe politics and the government.
Telling people truths can still be political. Having a popup at work, or a chat message, that informed me of a political candidate's policy positions would be "telling people facts about reality they should know", but is definitely political advocacy. Just because that candidate happens to be in favor of workers rights, or union power, or parental leave, doesn't mean that it's now a relevant work topic.
In a perfect world, everyone would know all their rights and all the laws that are relevant to them, but most people don't. Trying to impose that I take time at work to inform myself about them is thus innately political advocacy. That's not to say that it's a bad thing - I appreciate folks who remind people to vote/registration deadlines, or post informative information about relevant local laws, but it doesn't mean it's not political advocacy to do so when you're doing it in a targeted manner.
It's possible to both think that what this person did was political activism, and to believe that it probably shouldn't have been punished this hard.
So.... this is interesting. The answer is if they are strict authoritarians and go by the book, yes. There is no leeway. If they are flexible and are open to interpretation and intent then no... but then that leaves them open to risk.
Because of that most companies over time become very strict and unforgiving.
That's the most important question, and there's a pretty good case to be made for "yes". It's a severe error in judgment for a security engineer to co-opt an security notification system in order to spread personal messages. Not only is it spam, it desensitizes users to real warnings. (Imagine an email from Google where the subject is "SECURITY ISSUE WITH YOUR ACCOUNT" and the content is an ad for a Pixel). I probably would have given a strong warning rather than firing, but it's not unreasonable to be especially strict when dealing with security matters.
> So basically, the Google employee added arbitrary javascript to an internal chrome extension used by Google employees that triggered a popup when employees visited a specific website.
No, the "so basically" is the employee added another URL & a string to a map of URLs & strings in an existing extension.
The extension already existed. It already showed notifications on various URLs. She didn't create that part.
This is a mischaracterization, if you read what the extension is used for: Showing popups when people visit certain sites. For example, popping up a notice to remind users not to upload Google data to Dropbox when they visit Dropbox.
So no, she wouldn't have "added arbitrary JavaScript". She would've added an additional message and triggering website to an existing script.
What would be the cheapest-approved mechanism of presenting this legally mandated notice to employees? Remembering this isn’t just a generic legal requirement but a specific demand imposed on Google at this point in time.
The management is giving each other high fives now. As they no doubt strategize their plan from the comfort of their boardroom, they know this activist's personality will become the face of effort to collectively bargain.
Despite news articles mentioning walkouts themed on identity politics and out of court sexual assault allegations - those are narrow and not representative of the collective: a small, but vocal clique demanding VIP treatment at the expense of everything else. As for the feelings of those not fitting those characteristics? Do they not have their own personal and professional struggles, ambitions to cooperate and rise in the organization and live a happy life with a family?
It's a perfect distraction from the worker's struggle for union representation.
In order to form a union, you need votes. Google's management knows enduring the most radical and loud is a small price compared to having a union to ensure everyone is treated fair.
I think there's a piece that some people are overlooking. There are very specific statutory protections about when, where, and how you have a right to organize.
Things that would likely require legal review and Google has the budget to test the waters of at this point.
The last clause in the link below pertains to this scenario, I think, which may bite Google. Or it may not because it all depends on case law and what union leadership is willing to push back on (which could take years to sort out via legal proceedings)
Really, at the end of the day all Google has to risk via this kind of behavior is some lawyer time, setting precedent, and potentially being required to post a notice if they end up losing.
> Working time is for work, so your employer may maintain and enforce non-discriminatory rules limiting solicitation and distribution, except that your employer cannot prohibit you from talking about or soliciting for a union during non-work time, such as before or after work or during break times; or from distributing union literature during non-work time, in non-work areas, such as parking lots or break rooms. Also, restrictions on your efforts to communicate with co-workers cannot be discriminatory. For example, your employer cannot prohibit you from talking about the union during working time if it permits you to talk about other non-work-related matters during working time.
This isn't how extension development works? The APIs for calling the notify methods already exist. Depending on how their tools work the diff could have been
1. A list of one website on which to notify
2. The static content to display on that website in a predefined (provided by the browser) popup context.
While I grant what you're saying is possible given the dev's access rights, it's not required for the functionality described in the article.
The concerning thing is she seems to call out that employees have the right to “concerted activities” which means Google sung only opposed to unionization efforts but to any “concerted action” by their employees.
Even so much as organizing could be viewed as a threat by Google’s management.
Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension.
This isn't the first time either. Just before the walkout, a group of employees force-changed everyone's desktop background to an advertisement for the walkout. That particular change, while obnoxious, was harmless --- but that change could have been anything, including very difficult to detect spyware. It's essential that company-wide code and configuration changes occur only with official approval and process. Emotional and activism do not constute reasons to bypass this process.
> This kind of code change happens all the time. We frequently add things to make our jobs easier or even to just share hobbies or interests. For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture
> Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension. Another source at Google familiar with the update approval process confirmed to NBC news that those two approvals are standard practice for a browser extension update.
She did it exactly according to internal policy. The extension she updated warns site visitors on many websites. I do not see what she did wrong.
It doesn't really matter if google would approve. There are a lot of activities that would not be organizationally approved, but are protected concerted activities and it would be unlawful to fire someone for.
GP was referring to approval for code review and organizational approval of security extension notifications, not the right to organize or unionizing activities.
What is the purview of a code review? Is it only about making sure the code meets technical standards, or are reviewers expected to comment holistically?
Reviewers are supposed to review holistically, and in cases where something raises larger questions (do we actually have approval for this change?) they shouldn't approve until those questions are resolved.
In this case I suspect the reviewers were supportive of the protest, and so approved it even though their authority didn't cover this kind of change.
I don't think any of these people should have been fired, but "by the book" is not a good way of characterizing this process. That would have been proposing the feature to management, getting their sign-off, and then making the code changes.
That sounds about right. So why doesn't Google fire the reviewers? If they don't, then they are inconsistently applying the standard. If they do, then they are punishing a coordinated employee action.
If Google just doesn't want unionized engineers, it could just fire all engineers. Obviously they need to balance their various objectives and firing productive people is costly to the business. I think they are hoping more to send a strong message to the whole company with as small a disturbance to the business as possible.
Because reviewers aren't held to the same level of responsibility for the content of the change as the author. Making them responsible for back-door vulnerabilities slipped in by employees compromised by a nation-state would grind the company to a halt.
My understanding is that Google is a rather bottoms-up culture regarding internal tooling, and that you don't normally need sign-off from management to take initiative and make changes to tooling like this. They're only mad that the particular change here involved labor organizing, which is obvious retaliation.
It kind of depends, not every task are the same. you won't review a trivial change the same way as a brand new feature.
Let's take for instance the fictional case of adding a list of website to a whitelist.txt. Maybe the source file had thousands of websites to be added. Anyone could add or remove some in the middle and no one would ever know
It looks good when you review it. but there is no way to check the data integrity (at review time), you can only rely on the good faith of your coworkers.
I am not saying that's what happened but this is a good example of how anyone could sneak-in arbitrary code that pass the code review.
Is the literal problem, which necessitated the pop-up.
The Organization Does Not Approve™
It’s like asking someone if you can kick them in the knee before doing so. What do you think they’ll say?
Y’all seem confused: the organization, Google in this case, is antognizing it’s organizing employees. Google absolutely do not, will not, can not approve of unionization efforts. Ever.
>She did it exactly according to internal policy. The extension she updated warns site visitors on many websites. I do not see what she did wrong.
Getting code review approval is not the same as following internal policy.
Adding a conspicuous feature to a security tool installed on every employee's computer requires approval from higher-ups before writing the code. The approvers should have recognized that and rejected the change, but that doesn't absolve Spiers of responsibility for the change.
As an analogy, suppose that I'm a crew member on a submarine. I have authority to fire torpedoes when a higher-up orders it, but I require a peer crew member to push their own "fire" button at the same time. Obviously, if I go rogue and start firing torpedoes myself, that's a serious violation, even if I convince one crewmate to go along with it.
Sounds like a code review—which you should all be familiar with. Adding something like that to a security tool requires more approvals than two engineers sitting next to you giving a green light.
Not necessarily. If it's your job to add notices to internal tools, and you've added notices to tools before without approval outside the engineers on your team, then I wouldn't expect someone to get more approval than that in this situation.
If I were Google, I'd give the employee a warning (one of three strikes). I'd tell them that they need approval from someone in a certain role (that's not an engineer) to post internal notices. Otherwise, it's up to the employee and their fellow engineers to make a judgement call about which notices are right to post.
Not sure why you're downvoted. This does sound like a code review. News sites most often either willfully or through ignorance prefer not to investigate the entire story to truly get to what broke or what didn't break. It's typically just for shock value. I remember a story where cell tower signals were blamed for decline in the North American honey bee population.
Sure you have the right to say it. But you can’t follow me to the bathroom stall and keep telling me. She didn’t post it to a common area. She took it upon herself to plaster it on everyone’s computer screen.
According to her Medium post it only appears on two websites.
> I created a little notification, only a few lines of code, that pops up in the corner of the browser whenever my coworkers visited the union busters’ website or the community guidelines policy. The notification said: “Googlers have the right to participate in protected concerted activities.”
"But you can’t follow me to the bathroom stall and keep telling me."
"plaster it on everyone's screen" did you read the same article I did? The alert was triggered off a single consultancy's site. I really doubt it was a common hang out spot.
> She was using a security tool to spread her message. Does that seem appropriate to you?
Yes, of course.
Apparently this "security tool" exists to notify Googlers of policy, and the notification just linked to a Google policy notice with a warning not to violate it. This is apparently the actual notification that was displayed:
Yes email exists to notify employees too but just because I can email the entire company doesn’t mean that I should take it upon myself to notify them about anything that’s not in my job description.
You keep moving the goalposts every time someone refutes one of your points.
> Does that seem appropriate to you?
Yes. It's a tool for showing notifications related to the page being visited. Not to mention the whole thing is appropriate on moral grounds, regardless of any technicality.
If that's was an actual requirement, can you make or point to a statement in an official Google capacity that states the notices displayed by the tool she maintained had to be written or pre-cleared by Google's legal team? If you can, was the requirement for legal team involvement established practice and not some post-hoc rationalization for her firing?
Some things are just common sense. It wasn’t her role to disseminate information about any type of compliance outside of security. As a professional, you should know what’s appropriate in a workplace based on your position.
> Some things are just common sense. It wasn’t her role to disseminate information about any type of compliance outside of security. As a professional, you should know what’s appropriate in a workplace based on your position.
"Common sense" often isn't as common or as sensible as some people think.
You often make seemingly-authoritative statements like "it wasn't her role." Avoiding post-hoc rationalizations based on the fact that she was fired, can you explain to me how that was communicated to her?
> Do you really need someone to tell you that if you work on security it’s not your told to disseminate information about hiring?
Maybe if you're fully indoctrinated into a particular corporate culture that very hierarchical, siloed, and highly biased towards management and shareholders.
However, Google, at least for now, has a very unusual corporate culture.
That's certainly not the case, not even close. Unions are regulated by law almost everywhere which makes them an inherently political issue.
But if you look at, say, the UK, then unions actually fund one of the major political parties and have tremendous influence over it. Unions have in the past managed to topple elected governments. Beating the unions was Margaret Thatcher's flagship effort when she was first elected. And union membership has been in steady decline.
It's certainly not a USA specific thing. Union/management wars in the UK got very nasty indeed.
It's really not, and the fact that you believe you have a part of the political spectrum that disagrees in good faith is something that is really wrong with whatever society you live in.
The purpose of the extension within Google is to notify you of privacy and security risks for potentially dangerous websites.
The comment she injected into a benign law website has nothing to do with that and whether there was some weak approval process that missed this glaring fact doesn’t make it okay.
In the English languages words are understood in the context they are used. In this case it was obviously about security and privacy. So it's a nice attempt at spin but much like other attempts at defending this behaviour that's all it really is. A whole lot of spin to justify it via the ends while glossing over the completely unprofessional means.
It's literally an internal tool for google employees to popup informational or warning messages on a per-site basis. The ends was exactly what the freaking tool was built for.
IIRC, an employer has to make the content available in some form in a place where employees will see it, not just anywhere. Traditionally it's a wall display of posters in a cafeteria or break room. Trying to fulfill the requirement by putting the posters up in a broom closet of the CEO's office would be forbidden.
I think the employee has a point with the pop-up. Wall posters aren't a good way to reach technology workers. Some kind of digital notification like a pop-up or regular reminder email would be more sensible. Remote employees can't see a poster at the office, for instance.
The idea of the popup isn't the issue I have with this.
It's coopting an internal tool for political messages then implying "it passed PR" means you had permission from where it should come from.
It's not even the message itself, I don't want politics, even those I agree with, living in the codebase I use at work.
Sure the notice is required, but putting it so it shows up solely on the website for the legal firm hired by your employer is a political message before it is a helpful message.
> It's coopting an internal tool for political messages then implying "it passed PR" means you had permission from where it should come from.
No one's saying it "passed PR", it passed the review process that was in place for similar changes.
> IIRC, an employer has to make the content available in some form in a place where employees will see it, not just anywhere. Traditionally it's a wall display of posters in a cafeteria or break room. Trying to fulfill the requirement by putting the posters up in a broom closet of the CEO's office would be forbidden.
> It's not even the message itself, I don't want politics, even those I agree with, living in the codebase I use at work.
A lot of this thread feels like unusual sudden concern for the aesthetics of the cafeteria wall.
No, more to point out that it's a weird concern to have about an internal tool used by a company that uses their code to exert huge, global political influence. It's a strangely specific grain of rice to make an issue of.
That is such a stretch I'd need a yogi to grasp it all.
There are plenty of ways to protest that are just as effective as a pop up that only appears on a specific site for a specific lawyer that don't involve messing with work code.
It feels weird for me to read comments in this thread debating about and assuming a simple note about unionization or organization by an employee whose job it was to do exactly this kind of thing is "not in good faith" or a "violation". In my mind this kind of thing has the same sentiment as _any_ policy notice. The world in which notifying people that they have the right to organize is a "violation" is a really messed up one. It's simply distributing a fact, as the company is legally required to do, published by an employee who was responsible for distributing exactly these kinds of facts. It's sad when this type of information sparks this kind of a) termination by the company of an otherwise apparently very well performing employee and b) controversy in a forum.
> Recently Google was forced to post a list of rights that we have in the workplace. So when I heard that Google had hired a union busting firm and started illegally retaliating against my coworkers, I decided to make sure that my coworkers knew about the posting.
She was mad at her employer and used her role to retaliate.
> I created a little notification, only a few lines of code, that pops up in the corner of the browser whenever my coworkers visited the union busters’ website or the community guidelines policy.
It only mentions the union busters' website in the OP but she also says it popped up a notification when people visited the community guidelines policy. That's pretty invasive, this is a notification everyone will see.
I agree with Drakonka that it's dystopian when being moderately assertive talking about labor rights is viewed as a reason to fire someone. Especially when these kinds of notifications have a history of being used to tamely spread information before ("Happy Birthday Sundar!" popping up when any employee visited google.com). Reminds me more of the rules for posting on a bulletin board.
Edit: "Happy Birthday Sundar!" didn't actually happen, my bad.
The issue isn't about discussing labor rights it's about abusing security tools for political purposes. A bulletin board is not a good analogy. A bulletin board is non-invasive. This tool creates pop-ups on people's browsers. Normally, these notifications are security or privacy warnings so displaying personal messages here gives it a false sense of authority. Furthermore, it looks like she used an e-push to do this:
> "She misused a security and privacy tool to create a pop-up that was neither about security nor privacy," Hansen wrote. "She did that without authorization from her team or the Security and Privacy Policy Notifier team, and without a business justification. And she used an emergency rapid push to do it."
I agree with you that the issue doesn't have to be labor rights. I agree that the emergency rapid push seems like a slight misuse.
I'm questioning the double standard of being able to use the tool to display company wide messages ("Happy Birthday Sundar!"). Why was the "Happy Birthday Sundar!" poster not held equally accountable? Seems like any topic management doesn't like is political speech.
Edit: The "Happy Birthday Sundar!" message didn't happen.
My mistake - the Happy Birthday Sundar thing didn't happen. I was looking for a source and realized I read a different comment in this thread wrong. I'll end my original post to reflect this.
The thing that gets me is that this isn't a "message board" or email, or forum... or anything like that. They needed 2 approvals to put this message out there.
It doesn't sound like just anyone could do this, but only people with specific privilege and approvals.
A company being "legally required" to do something doesn't mean that individual employees can decide for themselves to implement that policy... Otherwise you could ask random employees to Right-To-Be-Forgotten and delete you from Google...
I think the real questions are: 1) Was it part of their job? [no] 2) Was it a message board? [no] 3) Was it protected speech anyway? [unsure]
There's a difference between leaving a "simple note" and abusing a security tool to spam employees. Google is tired of employees using their job as a political soapbox.
Furthermore, it sets a precedent. Next week someone uses the same tool to argue against unionization. And now Google had to let them do it or they'll be seen as being impartial.
Using access granted to you as a developer to alter work tools to spam controversial messages to your coworkers is wildly inappropriate and unprofessional. There's no rationalization that makes this acceptable behavior.
This is exactly what I'm talking about - that we consider a message about organising/unionising to be so controversial at all. To me that is some dystopian level weird.
It's controversial merely because it doesn't belong in a security tool that's intended to warn users about malware.
I say this as a non-management, rank-and-file employee: I don't like the idea of activists (whether I agree with their cause or not) hijacking the company's internal tools to broadcast their message. There are plenty of ways to communicate with your colleagues, there's just need to resort to that.
The worst part is that when the activists abuse the company's open tools, the likely response will be to put more restrictions down the tools. In the end, everyone loses because of one individual's thoughtless, narcissistic actions.
>“You’re allowed to put posters up on the wall to help organize your workers, and this can be seen as kind of a digital extension of that,” said Veena Dubal, a professor at the University of California’s Hastings College of the Law in San Francisco.
This professor completely ignores the sign-off, and I wonder if actually it's really important... Can we really call it a digital-extension of a wall, if it's impossible to put something without 2 approvals?
I would start protesting Google if they did not fire a security engineer for abusing systems like this. A security engineer subverting internal security systems is what is messed up. Turning it all in a horrible PR story about a retaliatory union-busting firing should disqualify your career for many years to come. Maybe she can exchange this loss of career prospect for some activism credit against the Big Bad Google.
Performance does not matter: fire both the genius and the slacker for abuse. The factual content of the message does not matter: fire both those who lie, spam, or those who distribute relevant activist messages. Legally required company does not matter: if it is not your role, it is not your role (distributing these "facts" was never part of her job description, it has nothing to do with security. It is also naive to assume Googlers visiting that very website would be interested or unaware of this policy notice).
The controversy is because people have different opinions: those who feel activism trumps profession, and those who feel it don't. Like said, any company that employs security engineers who hold their activism as more important than their profession is a dangerous company worth avoiding. I am glad this firing happened.
Subverting internal security systems by going through the usual approvals process for a code review? When it was her job to add notices to the tool she was working on? And arguing that she deserves to have her career sunk because of it entirely?
What absolute extreme bullshit. By your own arguments if a security engineer was advocating for increased security against management, they would be considered an activist and someone that deserves to be fired, tarred and feathered and tried as a witch.
She used an emergency push to deploy this change. Her job was to add notices for security purposes, not political activism:
> "She misused a security and privacy tool to create a pop-up that was neither about security nor privacy," Hansen wrote. "She did that without authorization from her team or the Security and Privacy Policy Notifier team, and without a business justification. And she used an emergency rapid push to do it."
She was doing activism, not work. She knew damn well that she could not push without a code review, so she basically threw two colleagues under the bus (they were reprimanded).
She will get work somewhere else, but, to me, it does not look good to be fired for abusing internal security tooling, with the huge responsibility that security engineers have. Burning bridges and making a stink about it was her own choice, and this should have consequences, like crying about any other unrelated protected status (I did this very bad thing, but my employer fired me for racism, unionizing, being a (trans) woman, being old, etc.). You poison the well for everyone with that crap. Your group identity becomes so important to you, that you start to label individuals as "old white men" and anything negative happening to you must be related to your group identity. I don't play that game, so don't handicap me with your stereotypical groupthink.
The only one being tarred and feathered here is Google, for union-busting and retaliatory firing (as if... some even argue these firings target transgenders). Your example misrepresents my argument: advocating increased security against management is harmless and part of your job. Trying to be cute and score brownie points with activist pals is a risk she thought worth taking. Good on her.
She did not abuse any sort of security tooling. She was working on a application designed to serve notices both security and legal to Google users. She added this notice because as part of being legally compliant with the law people have to be informed of their right to unionize.
The rest of your argument is massive projection because she did nothing of the sort. She added a notice which linked to internal Google documentation which was reviewed by her peers and by any account incredible benign. Acting like this was some severe security violation is out of line.
> She was working on a application designed to serve notices both security and legal to Google users. She added this notice because as part of being legally compliant with the law people have to be informed of their right to unionize.
That's a valid point, though it takes me a lot of energy to hold this view even for seconds. But I see where you are coming from now.
It does assume / hinges on: adding such legal and security notices without approval of higher-ups is the way security and legal compliance at Google is done. That would look bad on Google, because it is bad security practice (using a rapid code push meant for solving critical bugs, for something that could go live next week), bad culture practice (why not ask input from more experienced Googlers?), and bad legal practice (a legal notice is worth at least one meeting with someone hired to do / deal with law issues).
> She added this notice because as part of being legally compliant with the law people have to be informed of their right to unionize.
I do not believe this for a single moment. This was her "temporarily change the Linux background"-moment, not a "oh, let's be proactive and do legal requirements for Googlers who can't Google 'right to unionize'.". That is the one you use to cover your ass and turn this into a political hot potato. But then still, if true, you go to your supervisor and you can bring this up. You don't emergency push a legal notice.
> Acting like this was some severe security violation is out of line.
I think that what she did would be grounds for insta-firing a security engineer, even in very employee-friendly countries in the EU. It betrays trust of all colleagues (the message would be no different from a carefully vetted company policy, so she basically spoofed her colleagues). She played an activist prank using internal security tooling: I laugh when I think of the confused angry emails upper management must have been sending the Privacy Policy Notifier team lead, they got trolled hard. I also think all this backlash from the diversity crowd is something that Google has deserved: They are either hypocritical (they never meant it, and are now stuck babysitting 20+ genders), or supporting Damore's argument that the ideological echo chamber within Google does not really work, and in business terms is a very ugly beast (if this was an action movie, they fired the scientist for pointing out that the volcano is about to explode).
So for severity I would not go as far as a good wry laugh about this. The mask is coming off. I can understand not wanting to build government murder machines and stick to ads, or not wanting to be part of the deeply ingrained rapey culture and this being the reason to protest and organize. But an internal security tool that your colleagues trust you to run on their machines is just a very bad "murder baby hitler" way to go about it. Murders your trust, processes, and protocols. Some big nasty lawyers are going to push the "disrupt the workplace"-argument hard, Google is going to be even more careful to fire blue-haired employees, and the argument that Google is intentionally targeting on anything protected by law will make even less sense.
Choosing which facts to be highlighted is an editorial decision. Google probably already complied with the letter of the law by publishing this fact internally at least once.
Whether it is published once or 1000 times is editorial. It is not within scope of their job to notify >1 time if Google’s management wants employees to be nominally reminded of their rights against their employer exactly once.
Note that I am not arguing for or against; I personally think it’s wrong she was fired and I hope the wage-thieves at Google get held to the flames over it. But let’s not pretend that she wasn’t editorializing because it can be described as “simply distributing a fact”.
She was further distributing a fact which is in her former employer’s best interest to publicize the minimum amount required by law.
That’s why retaliation like this is illegal. I’m surprised they’re surprised; Google has already conspired (and gotten caught) to illegally cheat employees out of billions of dollars of wages.
> For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture.
I suppose this was her mistake: ""It's always been a celebrated part of the culture"
Google clearly does not always operate in good faith with it's employees on labor relations issues. The correct approach for her to take would be to get written approval from her manager on the popup
Her job was supposedly to "write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the web", and this was supposedly a notification of one such company policy, but it was naive to think she could just approach her job in good faith and be treated in good faith. BigCorp follows the law of the jungle, and workers are not unionized at google so every engineer has to cover his or her ass before treading into contentious waters.
For what it's worth, after reading both points of views I think her actions were highly reasonable. But I would never implement that kind of notification like she had done, not without written approval from my boss and maybe my bosses' boss to cover my ass.
> But I would never implement that kind of notification like she had done, not without written approval from my boss and maybe my bosses' boss to cover my ass.
If this is something that goes through your mind, the organization you are at is broken and probably dangerously hostile.
No, this is just the truth of working at BigCorp. Most engineers can pretend office politics doesn't exist because they're working in primarily nonpolitical roles. But office politics exists, for any office. And unionization is political.
Acting from the motivation of CYA as you described it is not a part of a healthy mode of operation in any relationship, personal or professional.
An approach that has some form of checks, however formal (for purposes of quality and accountability), is entirely reasonable, and especially where there is a notable risk of exploitation (historical or likely potential.)
But I've worked full-time essentially non-stop for a quarter century in a wide range of organizations (in an employee context: 3-person small business up through several thousand people enterprises), and default distrust is a red flag regardless.
The entire landscape of being a wage slave is "dangerously hostile". I can't think of any place I've ever worked where I would think this was a good idea if I wanted to keep my job. Not saying I agree that I should lose my job for organizing in this manner, just saying the net you're casting is probably too narrow.
I don't really agree. The notice is required by law to be posted in workplaces. It's also required by law for Google to post it on their intranet. It's not a stretch to provide a link to that intranet info, in an add-on that provides links to company policy - assuming you are operating in good faith.
But again, law of the jungle and all that. If I were her boss and she came to me for approval, I also would get approval from my boss and my bosses' boss.
>Kathryn Spiers, who worked as a security engineer, updated an internal Chrome browser extension so that each time Google employees visited the website of IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a groundswell of labor activism at the company — they would see a pop-up message that read: “Googlers have the right to participate in protected concerted activities.”
You should get fired five times over for abusing your privileged access to modify software that runs on every employee's computer. How stupid can you be? Start a healthy discussion, don't violate trust. This just puts up a bad reputation for workers who do want to organize
Did you not read the part where she did, where she followed the process by the book and it was approved? Or did you just have your mind made up to decide to side with Google instead?
This was the process: "the standard approval process, which requires two co-workers to greenlight changes"
In my company, I could put in travel orders to let me go to and from Hawaii on the company dime, have a vacation, and have my supervisor approve (which is following the standard process), but doing that should get me in a lot of trouble and/or fired.
Sorry, but could you clarify what you would be fired for in your hypothetical situation? Presumably, it's not automatically against company policy to expense a trip to Hawaii.
And your supervisor knew of your intent to deceive the company when they made the approval? And if so, why would they make the approval unless they too wanted to be fired?
Sorry to be pedantic about a hypothetical, but I think it's necessary to consider the specifics of the actual case. Assuming this process involves something akin to a codebase commit, where the contents of the approved change can be clearly seen by the approvers, it raises the question of what sanctions her colleagues faced if Spiers' violation was so severe as to result in near immediate termination.
(because obviously, in your hypothetical situation, your supervisor would be fired if they knowingly approved a deceptive work expense)
If your supervisor knew that you were taking the trip to vacation, why would they approve it?
If the supervisor did not know, then your analogy is flawed. There was no information asymmetry between Spiers and her reviewers - they knew what the change did and they approved it.
No, to follow the analogy: The supervisor trusted that person to only put in requests that are actually work-related. Just because the process says "supervisor approves" doesn't mean that it absolves the subordinate of responsibility.
So in this case process was followed, yeah. But trust was broken, and it only stands to reason that Google would fire this employee because of it. All other stuff is secondary and pollutes the discussion.
Because adding harmless code and stealing plane tickets, hotel fare, and maybe a rental car are the same thing.
How do you think old-school labor organizing went down? Do you think the bosses stood there smiling as employees handed out flyers at lunch? Google shouldn't have a say in how employees unionize. They have every reason, literally EVERY SINGLE REASON to sabotage it at every stage to make it as ineffective as possible.
If it was a code review, it would judge code quality and similar things. Not whether that change is in Google's interest. I guess if she was a product owner and added this feature, she would have been fired as well, despite following the process. She just acted against the company's interest.
This isn't a cut-and-dry issue. The internal tool was purportedly used to alert about privacy and security issues on external websites. But the message sent to users was not privacy or security related.
Of course Google is right. She happened to get two coworkers to approve what she was doing.
If I got a manager who I was friends with to approve my purchase of a fully decked out $53K Mac Pro so I could finally use Slack at a decent speed when I am working from home, wouldn’t you think there was something fishy?
Since you can’t spend 53000 dollars on a Mac laptop last I checked, yes! However the whole purpose of a managerial hierarchy is to establish a responsibility chain so at very least I would expect the manager to also get fired.
Google doesn’t care about these antics. They, like all employers, don’t want their employees to have meaningful bargaining power.
Well, there have been plenty of stories about toxic managers in tech companies. If your manager said it was okay to hit on your coworker does that absolve your responsibility to have good judgement?
And as far as having “bargaining power” they are tech workers at Google. If they have even a modicum of skills they have the ultimate power - they can walk away and get another job.
Heck, I’ve worked at a bunch of no name companies over 20 years and even I can walk out of the office and have another job in two weeks and this is nowhere near the west coast.
A single employee walking away has no power to change the status quo at google. A lot of them, however, do. That's what google and all employers wants to crush before it has a chance to coalesce.
Also for a less tongue-in-cheek response this is related to the notion of "false consciousness" first written about by Friedrich Engels in the 1800s: https://en.wikipedia.org/wiki/False_consciousness
Why is that? You can't just get code review / deployment approval. You need to have approval that a certain feature or process is wanted / needed for the system. My guess is the sec engineer in this story did not get approval for this feature in the first place, she just went ahead and changed the code.
What if this change allowed passwords to be captured in plain text? Browsing history? Surely those are fire-able offenses? So how is this situation any different?
So if she escalated her privileges and bypassed the approval process, yes, of course that should merit severe punishment. But that's not what happened, according to Spiers.
Giving her the benefit of the doubt for the sake of argument, you'd agree there's a huge difference between adding malicious phishing code to a company tool, versus displaying a text notification that doesn't fit the tool's original intent?
The text in question read, “Googlers have the right to participate in protected concerted activities.”, which is arguably different than the usual privacy/security warnings that the tool was intended for. But is it a fireable offense, versus an offense that warrants reprimand?
To put it another way, I think very few people would be bothered by Spiers being fired if the text notification she added were "Heil Hitler!". But that kind of content is fireable for a number of reasons. Whereas Spiers note about union rights, while inappropriate for the given plugin, is not patently against Google policy, and (again, assuming it's just a text notification) did not endanger the company.
If an employee tries to set fire to company equipment, they should be fired. If they draw a swastika on a bathroom stall, they should be fired. If they post up a pro-labor pamphlet in a bathroom stall, where it's against company policy to post any materials (regardless of content), should they be fired or reprimanded?
All these 10x developers terrified they'd have to make a reasonable wage like the rest of us serfs.
*By the way, that's very much sarcasm since a well organized union doesn't need to cap wages at any level. It's just the argument that keeps getting put forward and I get sick of it.
People can disagree with you in good faith without being shills.
I am totally against people pushing their political messages on me while at work, and dislike working with the sort of person depicted in this article. I think they're bad for morale and a distraction from the business.
You can quite easily convince yourself by reading through my comment history that I'm not part of any PR firm, just a guy who wastes too much time commenting on HN.
In this case, the people who approved it should be fired as co-conspirators. The sanctity of the software that runs on employee's hardware should never be violated.
Even if she followed the rules that doesn't mean she should be absolved of guilt. You can follow the rules and submit a PR, have 2 code reviews and plenty of tests, if you brake production then you can still be fired for incompentency.
The fact that 2 reviewers approved her change doesn't mean that she has the right to send notifications like this through a browser extension.
The spyware was designed to pop up notifications on visiting URLs to users, she just added another message for a url.
"Part of my job was to write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the web. "
I'd be curious to know what URLs employees get alerts about? Perhaps services which do not take kindly to seeing IPs from Google offices?
"Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension. Another source at Google familiar with the update approval process confirmed to NBC news that those two approvals are standard practice for a browser extension update."
I'm pretty sure that if I stood up in my office, I could find one or two people who would rubber stamp a change for me, assuming it was in good faith/approved, and would discuss implementation details/issues with the code, rather than question the reason for the changes. Particularly if the changes were tagged with a Jira. If your only defence is "well, what I did wasn _technically_ allowed", you lose the benefit of the doubt.
Incidents like this are the reason why red tape ends up introduced on small teams, and are what turn projects into a nightmare to work on.
Does what she did even pass the sniff test? What if she got permission from her supervisor to inject $political_message_you_dont_agree_with in your browser. Would you be okay with that?
A pro-union statement may be a "political message", but it is also content that has special protections in labor law. As the article says, as part of a legal settlement over alleged labor violations, Google is required to print out and post a statement of employee rights [0] that begins, "FEDERAL LAW GIVES YOU THE RIGHT TO: Form, join, or assist a union;...Act together with other employees for your benefit and protection;"
Is it part of the security teams mission to insure legal compliance to workplace laws?
I’m part of my company’s “architecture team” but that doesn’t mean I have the right (even though I do have the access) to spin up an X1 AWS instance at work with 2TB of RAM. If my immediate manager said it was okay, I would have sense enough to get it confirmed by my CTO.
Company management does not typically go out of its way to disseminate right-to-unionize speech. They are legally prevented from stifling such speech. And apparently, their alleged labor violations were serious enough that the NLRB mandated as part of their settlement that Google must post more material informing workers of their right to unionize [0].
But my overall point is not that I think her alteration was appropriate (given the context of the tool). But that her mistake could reasonably be seen as one made in good faith, especially because the content itself does not outright violate company policy or labor law. In other words: approved content, unapproved venue. The question is: that's a fireable offense?
So why do you keep likening it to hypotheticals that would reasonably violate standard policy and procedure, such as conspiring with your manager to spend $53K on a Mac Pro that you use at home? Or injecting via browser notification a "political_message_you_dont_agree_with"?
A former company I worked for was under a consent decree. Their legal team had to come up with remedies that were acceptable by the government to address them - not their security team.
I was the dev lead responsible for writing software that would be used by the department that was most impacted by the decree. Should I have taken it upon myself to create pop ups informing them to be careful about compliance? Legally, I probably couldn’t have been fired but would that have displayed good judgement?
When you are part of certain departments or positions, you have more access and therefore are expected to have better judgement.
Many startups have a culture where you could spin up an X1 AWS instance with 2TB of RAM if you need it, without having to go and get approval. Similarly, Google has a culture where engineers make various changes to internal tools without needing approval from higher ups.
No, the post states that it is obviously the case:
>This kind of code change happens all the time. We frequently add things to make our jobs easier or even to just share hobbies or interests. For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture.
Well no, but considering that she seems to have followed the correct processes if she had done that I'd have expected the response to be rolling back the commit and a follow up postmortem to document what was missing from the process that allowed it to happen and changes made to the process to prevent it from happening in the future. Not firing the employee. You shouldn't blame workers for system failures.
What if your manager told you it was okay to post “Make America Great Again” or “Hope” (Obama’s slogan) slogans on everyone’s desk because he was staunch Republican/Democrat - would you just shrug and say “my manager said it was okay”?
Again, labor/union messaging has protections that political campaigning does not. If you were a manager and you told your employee to throw away the pro-union pamphlet that you taped to your cubicle wall, your manager would be putting the company in legal trouble.
why, and more importantly, why is this an "immediately fire" level of offense, would this have been the result if the popup reminded you that its earth day?
Its naive to think her firing had nothing to do with the fact Google doesn't like unions.
Why? It’s just like religion. If your religion tells you not to drink, I will respect that. If your religion tells you that I’m not allowed to drink I will tell you to f’ off.
And guess what? I don’t need government intervention for that either. I can install an ad blocker, not use software that is ad based with no way to get rid of the ads and not buy Android phones. Free will is great isn’t it?
Agreed, but the engineer's claim is that she followed the standard approval process "which requires two co-workers to greenlight changes". The article says another Googler confirmed that this is the process. But the article doesn't say that Spiers' assertion (that she went through the process, and had two colleagues sign off) has been specifically confirmed.
Presumably, audit logs would make this an easy thing to set straight.
You can follow the rules and submit a PR, have 2 code reviews and plenty of tests, if you brake production then you can still be fired for incompentency.
The fact that 2 reviewers approved her change doesn't mean that she has the right to send notifications like this through a browser extension.
I was initially tempted to side with Google, a code review process is not just rigorous enough for catching features being sneaked in.
However, it looks like the sole purpose of the extension is to warn employees about security issues in websites, and this engineer coopted that to show a union forming message.
The final paragraph suggests that there's legal precedence for doing this:
“You’re allowed to put posters up on the wall to help organize your workers, and this can be seen as kind of a digital extension of that,” said Veena Dubal, a professor at the University of California’s Hastings College of the Law in San Francisco. “Whether or not you’re in a union or there’s a union being formed, the law protects organizing activities by employees in the workplace organizing to improve their working conditions.”
I don't buy this analogy. If there's one thing news reporting has demonstrated over the last few years, it's that Google is not lacking in actual digital equivalents of noticeboards where people can put up the equivalent of posters. This seems like she decided that wasn't aggressive enough and implemented the political equivalent of slipping adware into a browser extension instead.
Apparently Google was already doing this with other sites. Why is this one different? It wasn't like she put up something that was illegal or could increase Google's liability. It's one thing to say: "Hey we don't like that one, change it." It's another to fire someone when they engage in a protected activity.
If she had put it up and refused to take it down I could understand firing her. But this is suspect for sure.
Putting adware into a browser extension that is already just adware (pops up messages on sites the employer doesn't want you to visit) is not a security risk.
This person used their access as a developer to alter internal security tools to promote their own messaging. That shows a profound lack of judgement, and it's not surprising their access would be revoked.
What do you mean by "someone who doesn't agree with her message"? You mean someone who believes that Googlers don't "have the right to participate in protected concerted activities"? That would just be ignorant of the law.
Thanks for the link. This section caught my attention:
> I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace. The interrogations were extremely aggressive and illegal. They wouldn’t let me consult with anyone, including a lawyer, and relentlessly pressured me to incriminate myself and any coworkers
Google seems to be using tactics used on factory floors to suppress organization. It doesn't seem like a good idea considering how individual googlers have a lot more resources at their disposable compared to a hourly factory line worker. Whoever these consultants are, they seem to be providing very bad advice for a white collar environment where the workers are pretty wealthy and have friends who are in the media.
I don't understand this "wouldn't let me" stuff. Pull out your phone and call someone. Some random person in a meeting room at Google isn't the police. You aren't in custody. If you're uncomfortable then walk out. If anyone at my employer was the least bit aggressive to me I would immediately walk away.
I'm not a lawyer, but on the surface this seems clearly illegal on Google's part based on the National Labor Relations Act of 1935. Does anyone know of any similar cases to this?
It's a multibillion dollar company. If some of the managers are annoyed/bothered, even greatly, by activities that eventually result in unionization, I'm entirely OK with that. If some of those activities are—oh no!—not nice or Officially Sanctioned, again, don't mind a bit. Given past behavior and the general tendencies of large corporations it'd be pretty surprising if they weren't getting away with breaking some employment laws here and there, so some incredibly mild poking at them is hardly anything to worry about.
You have to satisfy the criteria of labor law, which is (working from memory here) that two or more employees come together in concert around a workplace issue. At that point they are engaged in protected concerted activity and you can't just fire them.
I don't believe the code review meets this test, but I'd love to hear from someone who knows what they're talking about.
The irony of this is that Google's increasingly abusive behavior towards people talking about organization is that they're actually building a case for engineers to unionize to stop Google from these questionably legal firings.
If Google upper management had just shut up and kept the status quo and recognized that without impetus, comfortable workers almost certainly won't organize in America, then the unionization of Google would not be a national topic.
But here we are, with holdout reactionary bro's who ate the Ellison/Jobs/Schmidt wage-fixing cartel line about how evil unions were (even as they organized to oppress workers) in positions of power opening up the company (and thus the company's stock) to huge liability.
I'm not anti-union, but come on, modifying an internal security tool to display a politically motivated message? That would get you in trouble anywhere. Also.. managers are humans. You can't provoke people in such a way and not expect a response.
Speaking of provocation: I suspect she might have done this to intentionally get fired. It wouldn't be the dumbest play, she's super young (21), if she doesn't want to code anymore she could use the exposure to parlay this into a new career, and if she does want to still code, she probably made some new supporters and her detractors will factor in youthful indiscretion. Wild speculation sure, but, you just read a big press article about it... Where do you think the tip came from? This isn't the kind of move you make if you intend to stick around at a place.
Also the people arguing for giving the employee a "talking to" instead of firing I think are not considering the game theory aspect to this.
If the precedent is "a talking to" with future offenses resulting in a firing, then smart Google employees will realize that they can create an internal activist email list, get new hires to join it, and then when an opportunity for activism presents itself get an employee with a clean record to perform the activism, rinse repeat.
Of course the message in this case wasn't terribly harmful, so I'm sympathetic to the argument of "it's not such a big deal". But the problem is, Google doesn't want to wait for the big deal (for example a chrome extension change to search exec's TextAreas for keywords a "whistleblower" might want to report on) to actually happen and then fire them. They want to prevent employees from thinking they should ever try doing that in the first place which means putting the foot down before the inevitable happens.
Yeah, in terms of what she did I would agree it wasn't terribly harmful; and I applaud her for taking a principled stand. I just don't really blame management for saying: that was a step too far, you're out. I mean, unionizing is a super sensitive topic at any company, and by adding the message to the tool it added extra weight to the message by making it look like it was endorsed by the higher ups, rather than being a message from a 21 year old. There's no way management is going to be happy that someone is essentially acting as their voice on a topic that is very sensitive.
> They also dragged me into three separate interrogations with very little warning each time. I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace. The interrogations were extremely aggressive and illegal. They wouldn’t let me consult with anyone, including a lawyer, and relentlessly pressured me to incriminate myself and any coworkers I had talked to about exercising my rights at work. [1]
Why was this necessary by management? Regardless of what
Kathryn did, this is a bad faith move by management.
"Kathryn Spiers, who worked as a security engineer, updated an internal Chrome browser extension so that each time Google employees visited the website of IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a groundswell of labor activism at the company — they would see a pop-up message that read: “Googlers have the right to participate in protected concerted activities.”"
It sounds like the person updated an internal extension on everyone's computer to do this. I am tending to side with Google on this, that is not the right way to go about notifying co-workers of right to organize.
I feel like, for consistency, if she committed a firable offense, so did her coworkers who LGTMed the CL, unless she intentionally deceived them about having gotten organizational approval.
My gut is that if she had spammed a bunch of internal mailing lists, she'd not be being fired or even getting a formal reprimand. But the fact that she hijacked an internal security tool for an unintended purpose is alarming. I am fine granting Google rights to run arbitrary code on my browser, but only because I know it has strict processes (including disciplining of employees who subvert the process) to manage submission and deployment of that code.
My preference here would have been for her to get a rebuke and an explanation of why this was bad behavior (unless these ad hoc non-security related messages are common), especially since she's young. But there is a core assumption and trust that is violated when someone abuses control of trusted client code to do something unapproved by organizational review processes.
Most of my anger is directed at the approving coworkers, since they should know better, assuming they are more senior than her.
> Kathryn Spiers, who worked as a security engineer, updated an internal Chrome browser extension
> “We dismissed an employee who abused privileged access to modify an internal security tool,” a Google spokeswoman said in a statement, adding that it was “a serious violation.”
The only times I’ve ever seen people fired quickly in Tech without a performance improvement plan or something similar is a security violation. Be sure you always take security seriously if you like your job.
Which is pretty dumb. The most important threat to a typical office dev computer is not console access, it's wayward processes and network traffic. What's more secure, a locked console (that protects you from ~1 local people that you know) or something like Little Snitch, which protects you from ~10e6 people you don't know?
I've worked in security for years. This isn't really true. The majority of all security breaches are caused by internal threats, not by some hacker group breaching your firewall. Malicious actors tailgating someone into an office and stealing an unlocked laptop, or an unlocked laptop being stolen while at a coffee shop or airport, is also a very common occurrence I've seen at most of my clients.
The thing is its easy to see that someone stole your machine and take action to revoke credentials. Further, the damage a person can do with a dev machine is rather limited - probably the worst that might happen is exfiltrating code. Yes, devops machines can do more damage, but presumably all their remote access is 2FA protected (at least). But a devs main influence is pushing to a git remote, and triggering a build. Maybe the build is a weak spot, but it seems unlikely that an attacker would find and exploit it faster than the defender would realize the box is gone and revoke keys.
No, my main concern is ongoing, persistent, secret access to my machine, particularly delivered via a malicious package. Something like Little Snitch is going to make it much harder for such an attack to work. Locking your machine, 2FA, PKI, etc is not going to help with that threat at all. And I have reason to believe it's more common than people think.
>probably the worst that might happen is exfiltrating code
This is far far from the worst that might (and does) happen. I think you severely underestimate the average dev's access to critical systems.
>but presumably all their remote access is 2FA protected
hahahahahaha
You also severely overestimate the security of most companies. A lot of F500s don't even use 2FA at all, let alone on something like CI/CD.
> unlikely that an attacker would find and exploit it faster than the defender would realize the box is gone and revoke keys
I have firsthand seen many cases where this isn't true at all. OTOH, I've never once heard of anyone catching a breach by using Little Snitch or anything close to it (though I'm not opposed to it at all as a good practice).
And in many cases, it has very little to do with "revoking keys" or any kind of remote access. Many people, whether they realize it or not, usually have some very valuable data just sitting in a csv file on their machine (I've encountered a large number of devs that have partial exports of customer databases stored locally on their machine that they were using for local testing). That type of stuff is easily lifted, no remote access required.
A few interesting tidbits:
1. She received extraordinary performance ratings during her short time at google, and got promoted recently
2. Google has not acted this aggressively in the past, where someone deploy a change in people’s Linux wallpaper while the protest happened.
3. She limited the notification to just people visiting the union busting firm
Given those, it does looks like an unusually aggressive response from Google, which would imply that Google has become very aggressive when it comes to unions.
With that said, it is also mentioned in her post that it took several weeks of investigation from Google until they made the final call, which could imply that there is more of a back story here.
Of course we should wait for more facts to comment or try to think about the situation, but we don't live in a era of reason anymore.
All I have to say is that it will be interesting to see a drastic change in culture in the coming years at Google. Google did foster an "open" culture for more than a decade and now that their own employees are coming after the higher ups, they are trying to squash the rebellion they encouraged? they were fine as long as other employees or other businesses were getting the short hand of the stick...
Lot of people are confusing "following standard procedures" with "immune from consequences". To be honest, looks like the employee got a few sympathetic people to sign off on an inappropriate use of a tool. According to the Verge, there are two other people who are also being disciplined.
That comment: "the company had fired someone last week for misusing the browser notification, and it had also disciplined two others as part of the incident"
My impression of these tech unionization efforts are that they're mostly about pushing a social/political agenda, with workers rights being an afterthought.
Every single time I see these posts the involved employees are activist LGBT folks.
Am I wrong here? Why do all these issues seem to stem from the same group of people?
I’m constantly baffled how Europeans, who get paid 50-60% as much as Americans, and have almost no innovative companies of their own, think their system is somehow better.
I’m referring to unionization, since this is the topic of the post, but also the broader idea of top-down market regulation that includes provisions for workers rights and taxation of externalities, driven by generally left-leaning, anti-capitalist sentiment. In general, it seems Europeans expect more of their government than Americans do. Historically, Americans have tended to be more distrustful of their government, believing that the less it gets involved in their affairs, the better.
This distrust of government pushed the US toward a generally laissez-faire approach to regulation, while most European countries have gone the opposite direction. The approaches differ in terms of workers rights, labor laws, and taxation. Specifically, as a simple example, in the US, you can fire somebody whenever you want. Generally speaking, taxes are lower, it’s easier to start a company, and the regulatory environment is friendlier to business models driven by venture capital.
I’m arguing that it shouldn’t be a surprise, then, that the US has produced more innovation and economic capital than European countries, partially because the regulatory environment is friendlier and more encouraging of risk.
No change to the American system is being proposed. They are instead advocating that workers use the rights they have already been assigned, the same rights that have been exercised in many other American industries (electrical, auto, steel, etc) to form unions.
Unionization is the topic of the post, but workers' rights are not ontologically related to statism. There are plenty of libertarian socialists and plenty of authoritarian capitalists. Some of your points are non sequitur as a result. To this point, though:
"I’m arguing that it shouldn’t be a surprise, then, that the US has produced more innovation and economic capital than European countries, partially because the regulatory environment is friendlier and more encouraging of risk."
I tend to agree, but that's not really what's at stake for businesses facing organized labor. After WWII, the (capitalist) USA controlled about half of the world's wealth and was home to a robust labor movement. In many ways the American labor movement between ca. 1850 and 1960 was hugely influential in the Western world, including and especially Western Europe. During that time, American businesses produced an astonishing amount of inventions. For these historical reasons, I think the narrative about America's relationship to organized labor is far more complex than you've asserted, unless we're supposed to pretend that American history only dates back to the Reagan administration.
Bad headline. It should read "Engineer fired her for abusing privileged access to modify an internal security tool."
That's a pretty dumb way to notify co-workers of their right to organize, but I guess it's a really good way to get fired and draw up a big media stink about it.
She didn't abuse anything. She followed the standard process and she created the alert on the appropriate page (labor relations) to inform people of company policy: https://miro.medium.com/max/1000/0*1BTVYLTvuHiJVvp_.jpg
What if the message was: "Make America Great Again".
What if the message was: "H1B - go back to your country".
would it still feel ok to you?
etc
it is grossly unprofessional to insert unrelated messaging and hijack a tool to push your agenda.
"Going through standard protocols" in this case meant two other people approved the change - those two people also show serious unprofessionalism and bear responsibility as well - it is not an excuse.
It's more like posting a reminder of the current legal minimum wage—and only showed up, apparently, if the user visited the site of a consulting firm Google hired to help them figure out how to avoid unionization.
A great and entirely "professional" thing to do? Nah, but hardly worth the vigorous harumphing and tut-tutting it's receiving. It's not like she contributed code to Amp or spearheaded putting ads inline with and above search results. You know, nothing terribly evil.
I think, especially in the light of how it was targeted, a better analogy would be the act of popping a message from the Democrats when visiting the Republican RNC website or vice-versa.
I find it oppressive - the mere "reminder" wants to interfere, it wants to to take away your ability to think for yourself and make up your own mind.
Well the article didn't really go into details. When I read it I got the idea she got two thumbs up on a merge request which is a far sight from getting approval from introducing a new feature by some change management board.
I suspect the details of what really happened would be quite illuminating.
> We dismissed an employee who abused privileged access to modify an internal security tool,” a Google spokeswoman said in a statement, adding that it was “a serious violation.”
I love that a site full of engineers is pretending that getting a pull request approved by colleagues is the same thing as getting management's approval for a new, most likely controversial feature. Google is clearly trying to squash union organizing at the company but let's not pretend this employee was correct in her actions. Google being evil and this employee being in the wrong are not mutually exclusive.
I'm stunned by the number of people who think that reviewing a PR is just a matter of checking the code works and looks clean.
Does nobody ask what the code is for and why you're doing it? I mean, I don't expect people to require detailed specs before approving, but a quick "what's this code for, and why are you doing it?" before addressing the details.
Even if they asked those questions, the PR would've looked pretty legit. No one directly asks "did your manager approve this?", that would be silly. When a PR is made and you're asked to review, you assume that the person went through the proper steps to get approval in the first place. In this case those other employees would've seen just another notice being added to an employee page
The employee was not correct in doing her legal obligation to inform people of their right to organize in an app designed to inform employees about various rights and things as they browse the web? Which she had the authority to do because it's literally what she was hired to do?
Can you explain how this makes the employee wrong if they follow the law and their company fires them for doing so?
A writer hired to write the wording on Google's websites could submit a change that rot13s every word on Google's web properties. This would not be against the law, additionally it would be exactly what the employee was hired to do. But the employee should be fired all the same.
> "The employee was not correct in doing her legal obligation to inform people of their right to organize..."
The corporation as an entity has the legal obligation to inform people of their right to organize. The corporation has designated specific people with the appropriate expertise and authority as those permitted to do so. Said group does not include this individual. End of story.
> "Which she had the authority to do because it's literally what she was hired to do?"
This individual is a legal or HR specialist with expertise in US labor law and knowledge of approved mechanisms for complying with said laws? No? How odd it is, then, that people are claiming that is what she was "hired to do" despite having no qualifications or permission to to do so.
If my company's handbook on privileged access is anything like Google's, it's completely against the rules to do something like this, even if it's for a noble or worthy cause for its employees, even if other employee's must sign off on the change. Our employee agreement comes with an NDA that tells us to not speak bad about the company, and insubordination of this has resulted in firings just from social media criticism.
I'm not siding with Google, but I'm not siding with her either. The facts and evidence presented to me don't give me an impression that Google was in the wrong by firing her. My opinion will change if I see that the guiding principles or Employee handbook that led Google to this decision are not in agreement.
> “You’re allowed to put posters up on the wall to help organize your workers, and this can be seen as kind of a digital extension of that,”
Well, that digital extension belongs to Google. If she wanted to rally company developers she could have used email, created her own website, slack account, WhatsApp, telegram, etc. There are plenty of channels that don't belong to Google.
I doubt anyone in upper management asked her to do this, maybe she took too much freedom and abused her privileged access?
"Oh but someone else approved that PR", well probably they ganged up.
She is a Security Engineer, not HR/Management.
If this approved by HR/Management, there would be no problem at all but I think she/they did whatever they wanted without thinking about it.
As an employee, you have no right to put up posters anywhere in the workplace unless condoned by your employer. She must be conflating this concept with the requirement for your employer to put up posters informing employees of their rights to unionize when there's a unionization effort.
I don't think she'd even have to do that. Google apparently has internal communication channels for employees where this topic would actually be appropriate, there's probably legal precedent that they couldn't stop people using them, and if I remember correctly from previous news coverage their employees have in fact been using them in their attempts at union organizing.
It sounds like she coopted a security tool to spam users with a political advocacy message.
Hard to see why she shouldn't be fired for that.
Of course she has the right to express that message, and it seems to be factually correct. But that doesn't mean she can use a security tool to spam people.
The article is confusing. She says she was fired for doing one thing. Google says she did something else (modified Chromium without permission). Does she deny their claims, or is her statement just spin? Given just her quotes you would think that she was fired for literally telling coworkers that they have a right to organize.
that's the problem with seeing one side of the story, and the other side being a megacorporation which will never explain the firing more than "abusing privileges."
Did you not read the part where she did, where she followed the process by the book and it was approved? Or did you just have your mind made up to decide to side with Google instead?
Nope, I am not siding with Google, if you'll see my other comments in this thread. It's just not super clear to me that there's agreement on what actually happened here.
Do you understand that you can follow the process by the book and still do something wrong and be rightfully fired? "The book" doesn't contain everything that an employee shouldn't or should do.
Sending political messages thorugh a browser extension to other employees seems like a reason for being fired no matter how many reviews you've got.
This is an old labor issue, but it used to revolve around handing out union flyers at work and posting on company physical bulletin boards.[1] That's generally allowed by law for labor activity, even if the employer doesn't like it. How this translates to online activity isn't entirely clear yet. But courts will make that analogy.
An employer who tried to pull this in 1970 would have had a picket like outside the door the next day. Union truckers wouldn't deliver to their loading dock.
I can not seem to find any energy to be against Google here, a 21 year old individual working at one of the most prominent and successful business in the world, making more money per year than a vast amount of the global (not to mention national population) does something that will certainly subject her to reprimand and I am expected to feel some negativity toward Google. I am stuck outside of SV, as a middle age person with many, many hundreds of commits to open source projects, a descent of non-professional experience in software engineering, but because I do not have a BS or Masters in computer science and am over the age of 35 there is no chance I can ever get hired at Google (or any other FAANG realistically). If some of these ardent unionization workers end up fighting loudly and publicly and Google decides they will not deal with some nascent Software Engineer’s Union, maybe I and people like me stuck outside the valley will be able to gladly make boat loads of money working long hours for these thankless corporate taskmasters, while just sitting down and doing our jobs on whatever the company decides it wants to spend its money on, I will gladly work on Maven or Dragonfly or dark as patterns, whatever, I just want to be relevant to the industry not stuck away doing the same job for peanuts until I can afford to retire.
Rant over - but seriously, I don’t have a problem putting aside any personal feelings or beliefs to achieve my employers goal, that is what employment is. Spiers apparently decided that the security position allowed for this action and did it. Google did not want this type of behavior from an employee in that position. She knew Google management wasn’t going to approve, she assumed that risk.
These efforts will be broken up. No matter the cost. A google beholden to unionized employees is a threat to the establishment. Where google goes other companies go. A democratized tech space is the last thing power wants.
I interviewed at Google last week and asked 3 of my interviewers if the constant churn of bad news from the outside gets to them.
For the most part, no one seemed concerned and the biggest complaint was regarding leaks which make it harder to deal with issues internally and threaten transparency.
Not anymore, really. It was the case a couple of years ago but right now, for rank-and-file employees, Google downlevels heavily and targets around 80% of the market rate. For some reason, people are still flocking at their doors and because of high supply of candidates, they can afford to be both very selective and very cheap.
I have a suspicion given a bunch of things happening there (of which I have only outsider knowledge, mind you) that they're already well into a transition to a more boring bigco stance & structure, and are just letting their reputational momentum carry them until people notice rather than coming out and saying that. Starting to push comp downward would be in line with that.
that's what 'my' (as it's the same person pinging me for the past couple of years) recruiter keeps telling me. It's not a net plus considering that I can just look elsewhere in the first place. No point in taking a paycheck cut for a while to do some boring work for a company about which I have ethical concerns so that maybe when I want to change jobs I'll have a competitive edge.
When I read this, and the other one, the only idea that I can come up with is that everyone is lying, at least a little bit.
It seems pretty unlikely that it would be within your job description to create notifications like this on specific websites, and from reading the blog post and the content here, it seems like these notifications are not meant for "company policies" whatever that means, or at the very least it doesn't make sense why a "security engineer" would have a job that notified employees about this.
So, the assumption therefore must be that this person knew they were going out of the norm, but assumed it was acceptable or protected speech.
That raises a good question: Is it the same thing as a message board? My gut instinct is... no, it really isn't.
This sounds like a tool that requires a specific level of authority to use (you need 2 approvals). Not just anyone can put notifications like this in the tool! So this isn't like a message board... this sounds like it was a person abusing their privileges.
Now, for me the next question is: does that mean they should be fired? Personally, I'd say... no. It shows bad judgement, but firing seems disproportionate. In that regard, even if it was a misguided attempt at using their organizing rights, there is an argument to be made that they shouldn't be fired for it (maybe warned, but not fired). So I think even though it sounds pretty fishy, I think there is likely still a possible case here for workers rights issues (though I am not a lawyer).
Had this been an isolated incident, I would maybe have been on googles side here, but this is happening in the context of many other anti-union efforts by management
I see no issue here. Business feels threatened and neutralizes threat.
There's nothing wrong with Unions, but there is something wrong with government-backed unions.
Let people collectivize if they'd like. Collective bargaining is fine, and you aren't living in a free country if you can't collectively bargain -- but collective bargaining shouldn't mean you automatically get government as an ally.
The battle between Union and Company should be between Union and Company.
I'm glad not to be working with people like this. I think I really don't want to be working with people who want to push their pet topic on me via a security tool I consented to have installed on my work machine that's supposed to be helpful to me.
It would feel like a violation. Not "siding with Google" here. It just definitely would feel like a violation of my trust in the platform engineering team. At that point, I want them to promise not to do it in future, or get their software off my machine. And to be honest, relations are going to be strained between us anyway. I'm not going to be thrilled about any further software.
I don't even want reciprocal "I can push to you" powers. And I have no problem discussing these things where we agreed to discuss them.
But letting you install software on my machine comes with an obligation - you don't get to use that as a backdoor soapbox. Feels so very icky.
Like if a friend told me she would like to stay over and I gave her a key and she decided to plaster my home with posters. It doesn't matter if the posters are against the freaking Holocaust. I'm not pro-Holocaust and I'd want the friend to leave. Pronto.
This as a whole just doesn't look good for Google/Alphabet, but then again the optics of a lot of their choices lately have looked very poor from the outside looking in.
Honest question for long term(4+ years) Google Engineers reading... has the change in culture and bad press lately had any effect on your feelings towards your employer? Do you think it is eroding their culture at G? Do you see any of this leading to a loss of talent?
> IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a groundswell of labor activism at the company
Anyone know the likely reasons your average Googler might have visited this consulting firm's site? Like, was Google sending employees to it for some reason (why?), or would it have just been by chance or because they read Google hired them in the news and wanted to see what they were up to?
Moral of the story: don't use internal security tools at your work as a platform for your political activism.
Totally agree with the spirit of what she did and applaud her efforts to organize, but there's no way she didn't know what she did could get her fired. What did you think would happen when you made unauthorized changes to software that promote actions against the company's interests?
Not saying the company is a blameless party (especially after the news today of their expiring cloud business, this is clearly a shady company), honestly, I'm not even commenting on the substance of what she wrote.
This just seems like something that anyone with half a brain would realize could get them fired before they deployed those changes.
I still feel bad when anyone loses their job and source of income, and maybe a reprimand would have been more balanced given her high performance reviews before, I just can't see any context where this is seen as neutral or ok.
> Google’s response to this was to suspend me immediately and without warning. This was the week of Thanksgiving, the same day they fired the Thanksgiving Four. They also dragged me into three separate interrogations with very little warning each time. I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace. The interrogations were extremely aggressive and illegal. They wouldn’t let me consult with anyone, including a lawyer, and relentlessly pressured me to incriminate myself and any coworkers I had talked to about exercising my rights at work.
She should have just put up flyers in the women's bathroom stalls. If Google is anything like my old workplace, there's no chance any management would've seen it...
It seems to me that Google fired Ms. Spiers specifically to discourage future labor organizing activities within Google. Because it was a process-approved insignificant revision by both functional change and reach means that the inevitable Streisand effect actually plays in Google's favor. They will be perfectly happy with any slap on the wrist as long as it moves the eventual union further down the road.
The chrome extension was modified but approved by two other people? Were these two other people on her side?
Regardless of policy or no policy, having an internal tool modified to say, “we have the right to organize,” clearly sets off some trust concerns with me.
If this extension was approved by two people who were on her side, then those two need to be removed as well and there should be a rethinking of the approval process.
>“We dismissed an employee who abused privileged access to modify an internal security tool,” a Google spokeswoman said in a statement, adding that it was “a serious violation.”
This doesn't sounds like privileged access, it sounds more like they have issues with their pipeline. If all what it takes for code to get in Production(even if it's internal), is at least two approvals, I think that's a bigger problem.
I’ve decided that if I’m at work, please keep me out of your protest. Let me decide how I want to react to a company policy my way. Don’t violate the trust given to your team of managing my work tools to inject your political/social objections. Organize outside of work.
It is a right of a juror to say that the defendant is innocent even though the law says otherwise (jury nullification). But trying to inform jurors about that jury nullification right can get one into a very hot water.
One thing this thread has made me realize is that the work culture (at least of Googlers on HN) seems to kowtow to the company over the employees. Really affects my view of the company.
In the end, how much would unionizing hurt Google's shareholders/executives? Surely they have enough riches already, why not allow the employees to improve their lot as well?
The method in which she tried to notify co-workers is the real headline to me. It tells me that they really struggle to be able to communicate broadly with co-workers.
> I was doing nothing more than notifying my co-workers about Google's obligations under labor law
> Kathryn Spiers updated an internal Chrome browser extension so that each time Google employees visited the website of IRI Consultants — the Troy, Michigan, firm that Google hired this year amid a groundswell of labor activism at the company — they would see a pop-up message that read: “Googlers have the right to participate in protected concerted activities.”
unrelated to actual purpose of the tool; she co-opted internal security tool for a personal soap box and pushed it to the entire company. That's a clear violation of trust in her job role.
arguing about the minutiae of whether google acted in accord with their own policies is exactly what google wants to happen here. She was fired for organizing. Google found a valid excuse to fire her but make no mistake, she was fired for organizing.
The can has been opened, i doubt it will stop with this. Any opinion that is not the companies position will not be tolerated. I bet the people who encouraged Google to "act" of opposing views did not think it through
I think a lot of people are missing the bigger picture here and are too zoomed in on the specific issue of unionisation. Google really had no choice here, and it's actually a problem for them that this is coming out now via a blog post by the fired employee and not by their own admission.
Google is in a phenomenally trusted position in the world. Chrome is the most popular browser. It auto updates silently and continuously, as do installed extensions. Vast swathes of information and infrastructure is accessed via web apps. We tend to forget that browser makers have access to all our authentication tokens and can do whatever they like.
Put simply, given the level of web dependence in our lives and infrastructure, those who can modify browsers are practically gods. The same goes for operating system developers of course.
We don't think about this because our level of trust in those developers and the corporations they work for is extremely high and deservedly so: after decades of using operating systems and web browsers they've never violated that trust. In fact they've reinforced it by rolling out encryption to block rogue government departments who were exploiting the lack of it, they've invested heavily in security to lock out hackers and done many other great things.
But trust is hard to build and easy to destroy. What if browser makers stopped being so trustworthy? What if they started to become convinced of their own superior morality, the correctness of their political judgements, the importance of their role in the world? What could they do?
They could use SafeBrowsing to arbitrarily censor the web.
They could edit out individual comments, rewrite news stories, insert their own views into the middle of documents purporting to be neutral. They could distort your view of the web at will.
They could violate our privacy at will by linking our identities together and then publishing what we've written, they could publish browsing logs, they could take over any accounts we have and use them for whatever purposes they like, they could feed sensitive information to political enemies to give themselves plausible deniability, they could even frame us by posting illegal material under those accounts. It'd just look like someone phished the password.
They could do many other things we never even considered.
Google absolutely needed to go nuclear on this employee. The news has been filled over the past years with stories about Googler's increasingly hard-left political activism. As a consequence some users and even politicians have started to wonder if Google Search is trustworthy, but their trust in browser developers is so total, so blind, the world hasn't yet taken the next mental leap and started to wonder if Chrome is. Mozilla is hardly in a better position: it's funded by Google and literally just down the road from them. If the integrity of the Chrome devs start to be doubted, few will consider Mozilla devs to be radically different.
Inserting political JavaScript via browser security mechanisms targeted at Googlers, even if it may seem fairly harmless in this case, is a very problematic situation and a slippery slope Google simply cannot afford to go near. It raises fundamental questions, like are Google's internal procedures robust? What else might have been slipped through code review already? Are Google employees only adjusting their own tools or did some already start to abuse their access to people's private data and systems? How many of them feel the ends justify the means when dealing with political causes they feel passionately about?
She didn't weaponise a neutral extension. The extension was already weaponised. It already pushed notifications to users when they visited flagged URLs. She probably just changed a config file to add a new rule and message, 1 line.
So are you guys seeing unionization efforts picking up any steam?
I've seen it reach the collective conscious more in the last two years in San Francisco, but I'm not at a FAANG to see if its really permeating. As in at a bar or courtyard it might not be the most outlandish topic of conversation, compared to an idea immediately scoffed at since all of us made conscious financial decisions to pursue high paying jobs without union dues. People are curious about the benefits.
My only observation is that multiple of the largest publicly listed companies in the world are right here, and that the high compensation has nothing to do with what's possible. If compensation reached ratios with housing that haven't been seen since the 1980s, then the compensation would still be substantially higher on average than it is today. For reference, it means fully owning your house in 5 years. Not the 8-11 year situation that even highly compensated FAANG workers experience. But compensation may or may not improve with unionization, with the reality that higher comp outliers might disappear. The employees may have more say in other perks such as the company towns their employers have created in south bay. Overall at this point I am seeing net benefits, distinct from the public sector blue-collar work that unions have become associated with.
Sorry you're probably right, but what's unproductive is people believing the lie that she is an engineer, or considering her role in the company as irrelevant.
A cursory search of her name reveals no evidence she participated in any engineering activities, and this whole story is considered substantiating evidence. Sad.
Look, I'd much prefer to see her boss fired than her but obviously Google is not going down that route.
You must be missing the point of the internet. I don't see a problem here; Only you made graduation year and age the proxy.
Why would the engineer reveal their HS graduation year if they didn't want the world to know it? I considered that they must have had little experience considering their graduation year and the average or even above average experience of those graduating the same year.
So basically, the Google employee added arbitrary javascript to an internal chrome extension used by Google employees that triggered a popup when employees visited a specific website.
And Google fires her with the reasoning:
> “We dismissed an employee who abused privileged access to modify an internal security tool,” a Google spokeswoman said in a statement, adding that it was “a serious violation.”
I'm not at all opposed to Google employees organizing. But injecting javascript into an employer's internal chrome extension does seem like something that warrants some type of action by Google in response...