When news broke in November that Google had hired an anti-union consulting firm to handle mounting labor unrest at the company, a 21-year-old security engineer named Kathryn Spiers decided to take action. As part of her job, Spiers creates pop-up notifications informing workers about policy changes at the company. After she learned that Google had hired the anti-union firm, Spiers wrote a few lines of code that created a pop-up message asserting Google employees’ labor rights whenever her co-workers visited the consulting firm’s website or Google’s community guidelines. The message reads: "Googlers have the right to participate in protected concerted activities." The pop-up would have been visible to anyone at Google.

On Friday, Google fired Spiers—after two weeks of suspension and three separate interviews, she said.

“Following the hiring of the union busting firm, I wrote the code because I thought all Googlers could benefit from knowing their rights,” Spiers told Motherboard. “Google said they were firing me because I violated security policy as well as standard of conduct. I’ve read those policies, and I don’t think I did. I feel this is pretty clearly retaliation for organizing work.”

Before implementing the code, Spiers said she followed the standard three-pronged process for code changes at Google, which involves approval from three people. (In this instance, Spiers said she was one of the three people who had the authority to grant herself approval.)

Spiers is the fifth Google employee involved in labor activism at the company who has been fired for violating security policies within the past month. Three of the five recent firings have been transgender women, who have taken an active role in organizing to end Google’s relationship with immigration enforcement agencies, among other issues. “We make up a disproportionate number of the organizers at Google, but we’re also more vulnerable as members of the trans community,” Spiers said. “It’s easier to retaliate against us.”

Spiers said Google would not offer her any further details about how she specifically violated security policies. On Monday, she filed an unfair labor practice complaint with the National Labor Review Board (NLRB).

“Google’s interrogation of Ms. Spiers regarding her lawful actions and termination of her employment based upon those lawful actions, was done to attempt to quell Spiers and other employees from asserting their right to engage in concerted protected activities,” according to a draft of the complaint provided to Motherboard.

Spiers’ firing threatens to stoke further distrust between employees and management at Google, which since its founding had been known as a model for workplace democracy and transparency in Silicon Valley.

“We dismissed an employee who abused privileged access to modify an internal security tool. This was a serious violation," a Google spokeswoman said.

While Google would not confirm the fired engineer by name, the spokeswoman told Motherboard it fired an engineer who did not have authorization from her team or the security or privacy policy notifier team to create a pop-up, and that the engineer used an emergency rapid rush, contacting two outside Googlers to approve the code. Both of these engineers have received coaching to remind them what constitutes privileged access, Google said.

In response to Google's claim that she lacked authorization, Spiers told Motherboard, "My team is OWNERS on this code which is how the internal systems decide who needs to give authorization for a change. To my knowledge neither engineer who reviewed my change have received coaching." She says after her firing her team lead told her that he supports her and will be writing a letter of support to NLRB.

“Google has been making a lot of changes lately. I believe that a less transparent Google is a less trustworthy Google, for workers and users,” Spiers told Motherboard. “Engineers have a lot of leverage, and I believe the only way to change what’s going on at Google is with workers standing up for our rights.”

As a security engineer who worked on the Chrome browser’s use within Google, Spiers wrote browser notifications so that employees could be automatically notified of the company’s policies and guidelines as they browse the internet. Spiers said that engineers regularly implement such code changes to make their jobs easier and share personal interests. Last year, during the 20,000 employee walkout over the company’s handling of sexual harassment, an engineer changed the default wallpaper for Google employees to a Linux penguin carrying a protest sign. Google did not retaliate.

Just two months ago, Spiers said she had received a “superb” five-of-out-five stars employee review—which only 2 percent of Google employees receive each rating cycle—as well as a promotion. She said that prior to publishing the protest code, she had received approval from all appropriate channels. Spiers began working at Google two years ago, at age 19.

While we don't know how the anti-union firm IRI Consultants is advising Google, its website advertises that it conducts “union vulnerability assessments” and has helped large companies persuade employees against union elections. Celine McNichols, labor counsel at the Economic Policy Institute and the author of a recent report on union busting, says that during ‘union vulnerability tests,’ consultants typically advise employers to monitor employee behavior and organizing. (Google workers have not formally announced a union drive.)

According to The New York Times, since Google’s founding over two decades ago, Google employees have been able to search through nearly any company document regardless of their role at the company.

Spiers' pop-up reminder to employees about their labor rights on the company’s community guidelines web page was likely meant as a not-so-subtle criticism of recent changes to company policy. This year, Google rewrote its guidelines to prohibit employees from accessing certain documents, and from “disrupting the workday to have a raging debate over politics or the latest news story,” as the policy states. Organizers say the changes have been used to target workers who organize within the company. Prior to their termination, the four workers who were fired in November were interrogated for accessing and sharing information without authorization.

In October, workers accused Google of installing a new tool on its internal web browsers that would report workers who created large Google calendar events. In other words, Google’s hiring of IRI Consultants seems to coincide with increased surveillance of employee activity.

“What I did is entirely consistent with Google’s mission of organizing the world’s information and making it universally accessible and useful,” Spiers wrote in a post on Medium published Tuesday. “I changed code as part of my job, which was part of a long track record of excellent work that I did for the company. Google is resorting to firing those of us who organize and assert our collective voice because it is afraid.”

This article was updated to include a comment from Google.