[citation][nom]LORD_ORION[/nom]Sooo... if someone is not a git and blatantly flaunting that they are violating privacy, they probably won't get caught?Brilliant.[/citation]
Same as if you work for the DOD and have a top secret clearance and expose confidential documents....they are trusting you to keep that stuff controlled. It would actually be very easy to walk in an copy stuff onto a thumb drive and walk out the door with it. It is all built on trust.
Of course if caught, they wont just fire you, you also get charged with treason but that is not the point I am making
We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective.
hmmm gee this guy wasn't caught by googles system, he was caught by complaints from the victims/parents.
we all worried this would happen, this one time it was a least case scenario, however the guy was an idiot and blatantly threw out proof how stupid he was. this is the only guy they publicly caught, what about the ones they didn't publicly out, and what are the ones who haven't been caught doing? a through investigation should be done of all it's employees activities by an independant watch dog group.
now imagine your personal information floating around Google, Facebook, Tweeter, etc. and some support people who are paid 10-20$ an hour having access to all that. Now imagine someone wants to get all info about you. They can just bribe one of those support techs and they can easily target you. Before this was much harder than today. I wonder why people willingly trust all their private information to companies like Google and Facebook. Those companies spit on the privacy. If people knew how the data is kept in their datacenters and how open it is to anyone in those companies then they would not do trust them...
There are people out there in society that we all pay (one way or the other) to dig around in our confidential data. Medical records, financial data, employment records... the list goes on. Having been one of them, I can tell you, the shine wears off pretty quickly. Before long it's just "data". That said, if someone's going to get up to no good, you can't stop them... you can only react after the fact. Incidents like this wouldn't surprise you if you really understood the enormity of it all. What's surprising is that this trust is abused so seldom. Personally, it makes me feel pretty good about my fellow man.
I feel sorry for the guy. He did something really dumb, and I hope he learned from his mistake. Being in IT means that often you are a gatekeeper to some pretty touchy information.
You have to /ignore that info or you will lose your job though. It is mostly not about the info, it is about making stuff work properly, which happens to be keeping the information of an organisation moving. It is often not the CEO with the top password, it is the CIO or CTO with that one.
This isn't just a problem with websites and the internet. Your private medical data at a doctor's office or clinic is accessible by any number of underpaid, un-motivated office assistants, medical assistants, etc.. Hell, I bet the janitor could get your records if he wanted to. I've heard stories of people trying to use medical records to blackmail patients. Maybe someone who works at your doctors office is also your neighbor, and they're jealous of your swimming pool. Some psychopath might just take your medical records and tell the whole neighborhood how you have herpes or an irritable bowel, just to hurt you, no other reason.
The problem with any security is that its always monitored by humans, and humans are always susceptible to greed, anger, jealousy, stupidy, insanity, etc... Think about that the next time some cop pulls you over for speeding, you better hope his/her spouse wasn't just caught cheating on them.