Jacques Mattheij

Technology, Coding and Business

Good System Administrators are Blind

When you’re a system administrator, and not one of the ‘BOFH’ variety, you have at your disposal all the tools that you need in order to snoop on your users.

A certain SRE (search reliability engineer) working for google had all that power, and then he decided to abuse it.


Now of course, it is inevitable that google employs people that have access to your data, but like every other person that has access to sensitive information good system administrators are ‘blind’.

With that I don’t mean that after they successfully complete the job approval procedure that you take them out back and poke their eyes out, it would be considerably harder for them to do their work that way and they might not take kindly to you.

What I mean is that a good system administrator is so disciplined about the data they deal with that even when presented with a screen full of private user information they only look at the bits that are relevant to doing their jobs, and they do their best to not even glance at the rest.

It’s a self-censoring mechanism. If some user were to contact me to see if some email had been received or not I wouldn’t dream of logging in under their ID to check their inbox. Instead I’d ask them enough information so that I could grep their mailbox for the right header. If the header is present, then I can report the mail is there, if not then it isn’t. Like that their private information never appears on a screen long enough for me to read it. (and of course I’d made real sure they are who they claim to be).

Google should train their SREs to deal with end user data as though it is radioactive, exposing yourself to more data than you need to do your job should get you demoted to a part of the company where people with a less than 100% clean approach to this stuff can work without potentially harming themselves, google and of course the end users.

Apparently this is the second time this has happened. If this were to happen in my company I would not only fire the person that did this I would file charges on the simple principle that everybody in that same position would get the signal that being careful with user data is not ‘just’ a firing offense. To try to sweep it under the carpet and to hope the problem goes away sends the wrong signal imo, it basically says: “if you do this, worst case you no longer work for Google”.

It’s only a matter of time before this happens again like that, in this case we’re talking about a situation that is already quite out of control, stalking a bunch of minors is apparently not enough. But then, what would be grounds enough to file charges? In my opinion that line has already been crossed, here in Europe a number of data privacy laws have been enacted that in this case would be deemed to be broken. Of course, the employer has a liability as well, and maybe that’s why this did not make it to a courtroom.

If you’re a system administrator, and you’re in a position of power with respect to to a userbase please heed this, find a way to be ‘blind’. The temptation to be curious is probably as human as can be, but when you’re in a role of trust like this you will have to control it. The easiest way to arrange for that is to minimize your exposure, the second is to have iron self discipline when you see a tiny bit that might lead to more interesting stuff, resist the urge to go further.

Recuse yourself if possible from working with data of people that you know ‘in real life’ if you can.

Not just because you want to hold on to that job, but also because you could do your users, your relationship with people you know and your employer significant damage.

HN Submission/Discussion
If you read this far you should probably follow me on twitter: