> Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension. Another source at Google familiar with the update approval process confirmed to NBC news that those two approvals are standard practice for a browser extension update.
She did it exactly according to internal policy. The extension she updated warns site visitors on many websites. I do not see what she did wrong.
It doesn't really matter if google would approve. There are a lot of activities that would not be organizationally approved, but are protected concerted activities and it would be unlawful to fire someone for.
GP was referring to approval for code review and organizational approval of security extension notifications, not the right to organize or unionizing activities.
What is the purview of a code review? Is it only about making sure the code meets technical standards, or are reviewers expected to comment holistically?
Reviewers are supposed to review holistically, and in cases where something raises larger questions (do we actually have approval for this change?) they shouldn't approve until those questions are resolved.
In this case I suspect the reviewers were supportive of the protest, and so approved it even though their authority didn't cover this kind of change.
I don't think any of these people should have been fired, but "by the book" is not a good way of characterizing this process. That would have been proposing the feature to management, getting their sign-off, and then making the code changes.
That sounds about right. So why doesn't Google fire the reviewers? If they don't, then they are inconsistently applying the standard. If they do, then they are punishing a coordinated employee action.
If Google just doesn't want unionized engineers, it could just fire all engineers. Obviously they need to balance their various objectives and firing productive people is costly to the business. I think they are hoping more to send a strong message to the whole company with as small a disturbance to the business as possible.
Because reviewers aren't held to the same level of responsibility for the content of the change as the author. Making them responsible for back-door vulnerabilities slipped in by employees compromised by a nation-state would grind the company to a halt.
My understanding is that Google is a rather bottoms-up culture regarding internal tooling, and that you don't normally need sign-off from management to take initiative and make changes to tooling like this. They're only mad that the particular change here involved labor organizing, which is obvious retaliation.
It kind of depends, not every task are the same. you won't review a trivial change the same way as a brand new feature.
Let's take for instance the fictional case of adding a list of website to a whitelist.txt. Maybe the source file had thousands of websites to be added. Anyone could add or remove some in the middle and no one would ever know
It looks good when you review it. but there is no way to check the data integrity (at review time), you can only rely on the good faith of your coworkers.
I am not saying that's what happened but this is a good example of how anyone could sneak-in arbitrary code that pass the code review.
Is the literal problem, which necessitated the pop-up.
The Organization Does Not Approve™
It’s like asking someone if you can kick them in the knee before doing so. What do you think they’ll say?
Y’all seem confused: the organization, Google in this case, is antognizing it’s organizing employees. Google absolutely do not, will not, can not approve of unionization efforts. Ever.
>She did it exactly according to internal policy. The extension she updated warns site visitors on many websites. I do not see what she did wrong.
Getting code review approval is not the same as following internal policy.
Adding a conspicuous feature to a security tool installed on every employee's computer requires approval from higher-ups before writing the code. The approvers should have recognized that and rejected the change, but that doesn't absolve Spiers of responsibility for the change.
As an analogy, suppose that I'm a crew member on a submarine. I have authority to fire torpedoes when a higher-up orders it, but I require a peer crew member to push their own "fire" button at the same time. Obviously, if I go rogue and start firing torpedoes myself, that's a serious violation, even if I convince one crewmate to go along with it.
Sounds like a code review—which you should all be familiar with. Adding something like that to a security tool requires more approvals than two engineers sitting next to you giving a green light.
Not necessarily. If it's your job to add notices to internal tools, and you've added notices to tools before without approval outside the engineers on your team, then I wouldn't expect someone to get more approval than that in this situation.
If I were Google, I'd give the employee a warning (one of three strikes). I'd tell them that they need approval from someone in a certain role (that's not an engineer) to post internal notices. Otherwise, it's up to the employee and their fellow engineers to make a judgement call about which notices are right to post.
Not sure why you're downvoted. This does sound like a code review. News sites most often either willfully or through ignorance prefer not to investigate the entire story to truly get to what broke or what didn't break. It's typically just for shock value. I remember a story where cell tower signals were blamed for decline in the North American honey bee population.
Sure you have the right to say it. But you can’t follow me to the bathroom stall and keep telling me. She didn’t post it to a common area. She took it upon herself to plaster it on everyone’s computer screen.
According to her Medium post it only appears on two websites.
> I created a little notification, only a few lines of code, that pops up in the corner of the browser whenever my coworkers visited the union busters’ website or the community guidelines policy. The notification said: “Googlers have the right to participate in protected concerted activities.”
"But you can’t follow me to the bathroom stall and keep telling me."
"plaster it on everyone's screen" did you read the same article I did? The alert was triggered off a single consultancy's site. I really doubt it was a common hang out spot.
> She was using a security tool to spread her message. Does that seem appropriate to you?
Yes, of course.
Apparently this "security tool" exists to notify Googlers of policy, and the notification just linked to a Google policy notice with a warning not to violate it. This is apparently the actual notification that was displayed:
Yes email exists to notify employees too but just because I can email the entire company doesn’t mean that I should take it upon myself to notify them about anything that’s not in my job description.
You keep moving the goalposts every time someone refutes one of your points.
> Does that seem appropriate to you?
Yes. It's a tool for showing notifications related to the page being visited. Not to mention the whole thing is appropriate on moral grounds, regardless of any technicality.
If that's was an actual requirement, can you make or point to a statement in an official Google capacity that states the notices displayed by the tool she maintained had to be written or pre-cleared by Google's legal team? If you can, was the requirement for legal team involvement established practice and not some post-hoc rationalization for her firing?
Some things are just common sense. It wasn’t her role to disseminate information about any type of compliance outside of security. As a professional, you should know what’s appropriate in a workplace based on your position.
> Some things are just common sense. It wasn’t her role to disseminate information about any type of compliance outside of security. As a professional, you should know what’s appropriate in a workplace based on your position.
"Common sense" often isn't as common or as sensible as some people think.
You often make seemingly-authoritative statements like "it wasn't her role." Avoiding post-hoc rationalizations based on the fact that she was fired, can you explain to me how that was communicated to her?
> Do you really need someone to tell you that if you work on security it’s not your told to disseminate information about hiring?
Maybe if you're fully indoctrinated into a particular corporate culture that very hierarchical, siloed, and highly biased towards management and shareholders.
However, Google, at least for now, has a very unusual corporate culture.
That's certainly not the case, not even close. Unions are regulated by law almost everywhere which makes them an inherently political issue.
But if you look at, say, the UK, then unions actually fund one of the major political parties and have tremendous influence over it. Unions have in the past managed to topple elected governments. Beating the unions was Margaret Thatcher's flagship effort when she was first elected. And union membership has been in steady decline.
It's certainly not a USA specific thing. Union/management wars in the UK got very nasty indeed.
It's really not, and the fact that you believe you have a part of the political spectrum that disagrees in good faith is something that is really wrong with whatever society you live in.
The purpose of the extension within Google is to notify you of privacy and security risks for potentially dangerous websites.
The comment she injected into a benign law website has nothing to do with that and whether there was some weak approval process that missed this glaring fact doesn’t make it okay.
In the English languages words are understood in the context they are used. In this case it was obviously about security and privacy. So it's a nice attempt at spin but much like other attempts at defending this behaviour that's all it really is. A whole lot of spin to justify it via the ends while glossing over the completely unprofessional means.
It's literally an internal tool for google employees to popup informational or warning messages on a per-site basis. The ends was exactly what the freaking tool was built for.
IIRC, an employer has to make the content available in some form in a place where employees will see it, not just anywhere. Traditionally it's a wall display of posters in a cafeteria or break room. Trying to fulfill the requirement by putting the posters up in a broom closet of the CEO's office would be forbidden.
I think the employee has a point with the pop-up. Wall posters aren't a good way to reach technology workers. Some kind of digital notification like a pop-up or regular reminder email would be more sensible. Remote employees can't see a poster at the office, for instance.
The idea of the popup isn't the issue I have with this.
It's coopting an internal tool for political messages then implying "it passed PR" means you had permission from where it should come from.
It's not even the message itself, I don't want politics, even those I agree with, living in the codebase I use at work.
Sure the notice is required, but putting it so it shows up solely on the website for the legal firm hired by your employer is a political message before it is a helpful message.
> It's coopting an internal tool for political messages then implying "it passed PR" means you had permission from where it should come from.
No one's saying it "passed PR", it passed the review process that was in place for similar changes.
> IIRC, an employer has to make the content available in some form in a place where employees will see it, not just anywhere. Traditionally it's a wall display of posters in a cafeteria or break room. Trying to fulfill the requirement by putting the posters up in a broom closet of the CEO's office would be forbidden.
> It's not even the message itself, I don't want politics, even those I agree with, living in the codebase I use at work.
A lot of this thread feels like unusual sudden concern for the aesthetics of the cafeteria wall.
No, more to point out that it's a weird concern to have about an internal tool used by a company that uses their code to exert huge, global political influence. It's a strangely specific grain of rice to make an issue of.
That is such a stretch I'd need a yogi to grasp it all.
There are plenty of ways to protest that are just as effective as a pop up that only appears on a specific site for a specific lawyer that don't involve messing with work code.
> Spiers, 21, said she went through the standard approval process, which requires two co-workers to greenlight changes, before updating the Chrome browser extension. Another source at Google familiar with the update approval process confirmed to NBC news that those two approvals are standard practice for a browser extension update.
She did it exactly according to internal policy. The extension she updated warns site visitors on many websites. I do not see what she did wrong.