The extension is intended to inform Googlers of applications that are not approved for corp data, not just generic "employee guidelines and company policies." This is so you don't e.g. upload PII into a random unsecured S3 bucket.
Yes, it's company policy, but this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer. Worse, it misappropriates a security tool in order to do that. And when it comes to intentional actions that violate or undermine security, Google, like most companies, takes a pretty hard line.
Disclosing that I'm a Googler, and speaking only on my own behalf, with no connection to anyone involved except the fact that the extension is running on my browser.
>Yes, it's company policy, but this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer.
True, but it seems kind of shady to come down harder on an employee based on the content of the interruption, and that content notifying of the right to organize.
Like, imagine there's a documentation page for http cookies. Consider two scenarios:
A) Rogue employee adds to the bottom of the page: "Cookies are also delicious treats given as a reward on the internet."
B) Rogue employee adds to the bottom of the page: "Employees reading this are reminded of their right to organize under NLRA."
Let's say that in scenario A, an employee would typically get a written warning, and in B, you always got fired. In that case, I think it would be fair for B to say -- at least in common speech -- "I got fired for notifying employees of their right to organize."
This is true, even though there is a general policy of not adding non-topical messages to doc pages, because the punishment never escalates to firing unless it's something like scenario B. (In a legal context rather than common speech I don't know enough to say whether it would be legal.)
I'm sympathetic to this. But the fact that it's a security tool being misused is what I think made for the very harsh reaction. Two scenarios:
A) Rogue employee messages a bunch of internal email lists about having the right to organize
B) Rogue employee configures a security extension to issue a popup saying "Happy Birthday Sundar!" every time an employee visits google.com on June 10.
I am confident that A) wouldn't result in any formal adverse action (they'd mostly get a pile of nasty responses about spamming internal lists), and I am confident that B) would at the least earn the employee a reprimand and plausibly get them fired.
It's incredible watching tech people in this thread assert that she wasn't fired for union agitation but if she was, that's okay too because she should have known not to be "inflammatory."
> I am confident that B) would at the least earn the employee a reprimand and plausibly get them fired.
Yikes! That sounds like a dangerous place to work. If an employee with legitimate, assigned access to such a tool makes a change through normal procedures (not bypassing required code review or anything) and it's still a fireable mistake - well, I'm glad I don't work there.
Data is simultaneously Google's greatest strength and its biggest liability. If an employee uploads data to a not-known-to-be-secure third party, it can literally cost Google billions of dollars depending on the data locality. Or, it could plausibly cause a severe security breach (if e.g. an employee uploads a security token into a third party decoder).
And so the security team builds an extension in order to very loudly alert employees when they're on one of these known-to-be dangerous domains. And, as it happens, the implementation of the loud popups could make it a general browser notification platform whenever an employee visits a particular domain.
Is it a good idea for teams to start using it as a general notification platform?
No, not on any level. On top of being annoying for employees, it breaks the security UX. When someone sees one of these popups, they know they're important and that they should be very wary of whatever they're doing. But if it starts being a popup that can be triggered by anyone in the company who can convince themselves that they're providing value by sending out the popup, people start ignoring it. And there's no going back at that point, because employees have been trained to ignore the popup because of it staying stupid shit like "Happy Birthday Sundar!" and "Read these NLRB rights!" and "You can go grab a burger at the cafe today!" Everyone's been made worse off, and the original security problem has come back.
I'm not disputing that, but that still really doesn't seem like a fireable offense. I'm objecting to the fact that she got fired for it after (presumably) making the change through appropriate channels. There are always appropriate channels to roll back a good-faith change, too.
If you could concisely and cogently explain why this change is a bad idea in an HN comment, surely someone can do that in response to the change, revert it, and move on. If it's SOP for Google to fire people who make well-intentioned changes that have the side effect of alert fatigue, then one, I don't want to work there, and two, I would expect to see a lot more firings.
And surely they could explain the problem, revert it, and move on without calling her into a conference room and grilling her about who else she's organizing with. That makes it seem like it's about the content of the notification, not the alert fatigue.
Even in california, it's the companies choice what a "fireable" offense is, not the employee, nor what social media thinks "seems fireable". If you violate any company policy, or even if google does not think you are performing, you can quite legally be fired. There is very little chance of any recourse.
Don't misunderstand, it's not that I'm really trying to defend google. This is to serve as a reality check and warning to those who don't understand the rules of employment. And I'm guessing the Engineer in question understood the risk full well.
> Even in california, it's the companies choice what a "fireable" offense is, not the employee, nor what social media thinks "seems fireable". If you violate any company policy, or even if google does not think you are performing, you can quite legally be fired. There is very little chance of any recourse.
I don't disagree with that either. I'm just saying that, if this is the company's choice of fireable offense if the company actually considers it normal to exercise the right to dismiss an employee (which they legally do have) for this sort of mistake, I'm glad I don't work there.
As I mentioned in another comment, I recently did something at work that you could spin in an equally sinister way, if you want. My company would be within its rights to fire me for it. My employer would be within its rights to fire me for sneezing at the wrong time, or even for no reason at all. I choose to continue working at this company because I trust that, despite their legal ability, they have no intention of actually doing so. If I ever lost that trust, I would leave.
(In fact, my employer and Google's also have very similar employment agreements about ownership of outside IP / personal open source, but I had reasons to trust my employer to act more reasonably than Google, which was part of why I chose my current employer when deciding about it and Google. In practice that trust has turned out to be well-placed, and there's now a thread on the front page about how Google loves to follow the letter of the employment agreement and arbitrarily deny IARC requests.)
You obviously didn't read her blog post where she stated the following:
"This kind of code change happens all the time. We frequently add things to make our jobs easier or even to just share hobbies or interests. For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture."
No, the kind of code change she committed has never happened before. A change in desktop wallpaper is not the same as a change in a security extension.
The fact that other employees have participated in pro-employee activism and not been disciplined speaks to that. Some things are fine, some things are not. Abusing security software is not.
Sharing a cute desktop background is inappropriate but it's only a picture on a background, misusing an internal security mechanism for your own pet activism when visiting a harmless website is a totally different tier of unprofessionalism.
Do you activism in your personal time. Don't use important company resources used to protect employees from harm to push your slogans. Regardless if those slogans are legally legitimate statements in a normal context, like handing out a leaflet on the edge of the property.
This is about Google. Apparently their company culture has been the opposite, and they have commonly had lots of political discussions on company time using company resources.
For the millionth time, it was not a general message display tool. It is a security tool to flag domains that run the risk of data leakage and malware. Trying to hijack a security extension to turn it into a general messaging platform is both stupid and bad for security.
>Correction: a warning not to break federal labor law, which Google is actually required to provide.
Labor law requires that those notices be posted somewhere in a prominent place employees are likely to see. They definitely don't require them to be posted in arbitrary places at any employee's choice.
She was protecting employees from harm. Illegally interfering with protected concerted activity hurts the company, and an employee doing so is likely to get fired quite legitimately.
(Furthermore, the laws about protected concerted activity specifically permit you to do your activism at work, not just on your own time.)
Agreed -- so under my rubric, if Google were consistently firing people for all off-topic messages slipped into the security UX, then that would be a non-political firing. But if they came down harder on "oh don't forget NLRB" than "Happy Birthday, Sundar", then that seems political and "fired for notifying co-workers..." seems accurate.
(I don't know enough of the history of Google's firings and this kind of violation to know either way.)
Slipping off-topic messages into a security system just seems like such a ridiculously stupid thing to do that I'd be surprised if it's ever happened before at Google before.
It doesn't matter if it's "political" or not. It's completely 100% google management's choice whether the punishment for a serious (or tiny) rule infraction is anything from no action at all to firing. There is no rule that says it has to be consistent either.
You can't fire a worker for organizing, or on the basis of sex, race, etc. But you CAN fire whoever you want for breaking even the most minor rules or even just poor performance. And the choice can be as politically motivated as google likes, doesn't change a thing.
It's not a pretense when she broke a serious rule. Whether or not she claims she didn't, google has determined she did. So therefore it's clearly not retaliation. That's the default position. Now, there would be a high burden of proof for her to claim it was a conspiracy and it really was related to union organizing. That she did not in fact violate a rule (based on googles own interpretation). Good luck! Unless she finds some incriminating emails or gets an executive to give extremely damaging testimony, she's toast.
No, history has shown about 95% of the time employers prevail in actions like this. The burden of proof is really high for the employee, and the company has plenty of money for lawyers. It can simply run out the clock too. So yeah, 23 years from now after the ex-engineer spends 2.6 million on legal fees, she might win her job back and lost wages.
Furthermore, google has a really easy time with "selective enforcement" They can show that people violating security rules and abusing administrative rights are always fired. Now, she can argue she didn't do this, but because of the nature of our legal system, it will be extremely hard to explain. I main, disgruntled employee abusing security? Whoever heard of such a thing. The civil judge will probably help google refer her to the FBI!
Saying that selective enforcement is hard to prove is different from saying it doesn't matter, which you were originally claiming, and which is what I was disputing.
>They can show that people violating security rules and abusing administrative rights are always fired.
Yes, that agrees with what I was saying: if every message thusly inserted resulted in a firing, then it would not be fair to say she got fired "for notifying employees of their right to organize".
I could see something like (B) happening because Google used to have a lot of April Fools jokes. But it would go through code review, so the team would know about it. Doing it through hacking would be something else.
This is what I suspected and thanks for confirming this. The fact that she wrote that her job is to notify the employees "of employee guidelines and company policies" and chose to withhold the critical bit that it was specifically security policies she was responsible for looks like a deliberate attempt to mislead.
I totally support googlers' right to unionize but it seems that some employees are in an all-out war with the company and think that all is fair in that war. I can't say I support that.
> For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture.
Is this accurate? If it's culturally acceptable to change everyone's desktop wallpaper (including of those who were anti-protest) to a pro-protest image, it seems reasonable that this falls in the lines of culturally acceptable too.
"this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer"
How is this like "running into a meeting"?? Do Googlers visit the IRI website every day? Is this pop-up really a distraction to core work for engineering?
Your party line here makes the change sound like Nest shutting down the house [1] but according to the evidence it looks more like that recruiting thing that gives you a pop-up for google.com/foobar when you enter certain search queries.
It sounds like you are saying SilasX was misinterpreting the policy or taking it a step too far.
That was my question, her job literally to make extensions to inform employees on policies but I was doubting that it was to make any and all notifications but only a specific set of policies like, limit personal browsing activities, or that the computer is the property of google and you consent to blah blah by it’s use.
It’s clear to me that this employee knew this was more of a political notification and took matters into their own hands.
Yes, it's company policy, but this is more like running into a meeting and then interrupting it so you can start reciting NLRB policy than it is posting a flyer. Worse, it misappropriates a security tool in order to do that. And when it comes to intentional actions that violate or undermine security, Google, like most companies, takes a pretty hard line.
Disclosing that I'm a Googler, and speaking only on my own behalf, with no connection to anyone involved except the fact that the extension is running on my browser.