A Google product manager filed a lawsuit in California Superior Court yesterday, alleging the company’s strict internal confidentiality policies represent a breach of California labor laws.
The lawsuit alleges that Google has implemented an enterprise wide “spying program” for current employees to voluntarily report coworkers and colleagues suspected of leaking confidential information or trade secrets.
The lawsuit refers specifically to Google’s Code of Conduct, which classifies confidential information as “everything” done by Google, including the “Stop Leaks” program – run by their central HR team – which encourages employees to come to HR to report issues as innocuous as “asking detailed questions about projects” or “trying to obtain information or work details which are not pertinent or related to the employee’s role or scope of work.”
The result is the widespread suppression of information across the enterprise, including any employee communication (even internally), written or otherwise, which references any potential legal or contract violations or “potentially illegal products or practices” at Google as “confidential information” that’s protected under employee NDA agreements.
Which means that the company must be “Feeling Lucky,” since this is a pretty blatant violation of labor law and a seemingly clear cut attempt to subvert legal and financial reporting requirements. Google, effectively, has positioned itself as Judge Dreadd: judge, jury and executioner, based entirely on personal discretion and situational judgement.
For a company helping to invent the future, it appears that as far as work goes, that future might be even more dystopian than we ever imagined possible.
The New Big Brother: Don’t Trust Your Coworkers and Colleagues.
While Google’s algorithms remain its most closely guarded secrets, and statistically speaking, fully 38% of all data breaches or information leaks come from current employees or executives, this policy calls into questions some of the very real costs – and big picture concerns – of data privacy and information security in the workplace.
As originally reported by The Information, “the lawsuit alleges that Google wants employees to put into writing concerns about potential illegal activity within Google, even to the company’s own attorneys, because the disclosures could fall into the hands of regulators and law enforcement.”
The lawsuit further alleges that the sweeping terms of Google’s NDA are so restrictive that their confidentiality provisions preempt employees from participating in a sweeping list of restricted activities, most of which are tangentially related to Google and present almost no potential for abusing or disclosing proprietary data.
For example, Google’s employment agreement specifically bars employees from writing “a novel about someone working at a tech company in Silicon Valley” or contributing to any movie or film project about anything related to technology, startups or “any business, direct or indirect” in which Google “is currently or may someday enter,” which is to say, a sweeping prohibition, considering the contingencies involved.
The rest of the mostly redacted list of examples of potential employee misconduct seem far more sweeping than even the most restrictive NDA or non-compete agreements, and certainly seem to suggest a culture that’s more Soviet than Silicon Valley in philosophy and approach.
“Google’s motto is ‘don’t be evil.’ Google’s illegal confidentiality agreements and policies fail this test,” the lawsuit poignantly points out. For a company ostensibly operating on good faith, that faith seemingly fails to extend to its actual employees.
This is a pretty big indictment in terms of company culture, since it’s implicitly stating that the company has little to no trust in its employees to do the right thing without using a stick instead of the carrots so commonly ascribed to a company known for its collaborative, matrixed and relatively autonomous corporate ethos. This suit comes on the heels of a similar complaint lodged with the National Labor Relations Board in June.
In that filing, the aggrieved employee, a former product manager at Nest, a Google subsidiary focused on developing IoT devices, alleges wrongful termination by the company. The complaint alleges that the employee was terminated due to posting complaints about Nest’s CEO from his private Facebook, which was confirmed by a written letter sent by Google’s HR Department citing termination for “violation of the Company’s data security policies.”
This seems like something of a stretch, considering that personal opinions shared on public figures constitute free speech, according to a precedent established by an earlier lawsuit. The implications of this seemingly innocuous act and its enforcement by Google, however, raise serious questions about the future of work.
“Confidential Data” and Company Culture.
While these examples may seem extreme, the lawsuit seems justified in its insinuation such policies seem to be selectively enforced, particularly given the process is predicated on employee self-reporting – meaning popularity or company politics rather than HR or data policies could play a significant role, since investigations are initiated by employees rather than the company itself, and, well, you know how that one goes.
The obvious rationale behind NDA and non-compete policies is simple: to keep proprietary data or competitive information confidential and secure. Google’s policy, on the other hand, seems to not only to actively preempt most employees from handling sensitive information or company data, but also to keep this information from being shared with the press or law enforcement.
By dealing with breaches and data leaks as internal investigations, Google effectively self-policies its own data, meaning the company could minimize any illicit activity or subvert reporting requirements or public information requests by treating all business activities as “confidential data.” To quote the lawsuit,
“Everything at Google is confidential information.”
And THAT is a huge problem.
There’s a reason you never see search history used as evidence in trials or civil cases, despite such information being pretty clearly material to most litigation or investigation: because, well, that’s a trade secret, and a violation of the company’s data privacy policies. And who’s going to argue with Google on such a seemingly pedestrian and pedantic point?
Turns out, at least one ex-employee, and the filing reveals just how far Google has gone to control the flow of proprietary information and company data. The suit alleges that a company co-founder (either Larry Page or Sergey Brin, ostensibly, although neither is explicitly named) reiterated at a company all-hands meeting that the result of anyone sharing “confidential information” would be “immediate termination, no questions asked.”
The founder apparently added how important monitoring and reporting coworkers was for fighting a “disease” that apparently threatened to “poison” the future of one of the world’s most profitable and respected companies. This underlying paranoia seems to suggest that there’s a whole lot more than simply employee privacy that’s at stake with this lawsuit.
Google, after all, has data on all of us, personally and professionally, although what it does with that information, exactly, remains a closely guarded “trade secret” – and while users have faith that Google won’t misappropriate that data, it seems as if the company doesn’t share those concerns with its current employees.
Even more disturbing is the fact that the employee policies about data privacy at Google seem to openly flaunt and disregard the many “whistleblower” protections for reporting corporate maleficence that was passed in the wake of the Enron and Worldcom scandals. The reason?
This is problematic for several obvious reasons, most obviously, the possibility for financial and market manipulation coupled with a culture of fear in which reporting even major violations would result in potential termination – a possibility more likely to become a reality given the policy of peer policing and “internal surveillance” permeating all levels of the organization.
Illegal Search and Seizure: Damages and Data Privacy.
The stakes of this week’s lawsuit are steep in terms of potential settlement – the company could be fined $100 for each of the 12 violations alleged in the filing, multiplied by its more than 60k global employees. This amount could double to $200 per pay period per employee up to an entire fiscal year should the investigation conclude (as is looking likely) that repeated violations occurred over multiple pay periods.
The total amount of recoverable damages in the suit could work out to a maximum of $3.8 billion, or around $15,000 an employee – who would receive direct payments for damages as part of a class action suit, since the issue in question is specific to employment law and individual workers’ right to privacy. Google will likely settle out of court without admitting guilt, which means this might not set a precedent since prosecuting this case in public could be an even more significant financial impairment than even the staggering maximum amount of damages possible under the current suit, according to an independent attorney asked to comment on this case to RecruitingDaily.
In response to the lawsuit, a Google spokesperson dismissed it as frivolous and baseless (don’t they always), releasing a statement which reads:
“Transparency is a huge part of our culture. Our employee confidentiality requirements are designed to protect proprietary business information, while not preventing employees from disclosing information about terms and conditions of employment, or workplace concerns.”
If this is what transparency looks like in action, then we should all have “workplace concerns.” Because in the future, it won’t only be Big Brother (or HR) watching you – it’s going to be your coworkers and colleagues, too.
This is one case we’ll definitely be watching closely.