Photo : Justin Sullivan ( Getty )

At 19, Kathryn Spiers was hired on as one of the youngest Google security engineers in the company. Less than two years later, she’s been abruptly terminated for what she believes is her involvement in internal activism.


Google’s firing of Spiers is the latest in a string of employee terminations apparently based on their internal activism—an escalation that portends a fierce ongoing conflict between workers and management within one of the world’s most influential corporations.

As in the case of her four colleagues who were similarly fired with little specific justification the week of Thanksgiving, Spiers does not believe she violated internal Google policies. Over the course of three investigative interviews and a meeting announcing her termination, Spiers took contemporaneous notes, which she shared with Gizmodo. According to her notes, Spiers was informed of having violated the Google code of conduct, the networking policy, and the security policy. However, at the meeting, which allegedly included Stephen C. King, the company’s director of global investigations, Google representatives declined to explain how her actions had violated those policies, Spiers said.




Like the “Thanksgiving Four” fired before her, Spiers has filed an unfair labor practices charge with the National Labor Relations Board (NLRB), with assistance from the Communication Workers of America. The charge claims that these interrogations and her eventual firing were “done to attempt to quell Spiers and other employees from asserting their right to engage in concerted protected activities.”



Perhaps as a sign of escalating tactics on Google’s side, several of these investigative meetings, according to Spiers’s notes, involved Elizabeth Karnes, a Google staff attorney. Worryingly, Spiers claims in a Medium post she was denied her own legal representation during these proceedings. Laurence Berland, one of the Thanksgiving Four, told Gizmodo his own set of lengthy interviews did not involve being questioned by members of the company’s legal team, and it’s unclear if this is standard practice.



In her Medium post, Spiers describes herself as an exemplary employee who consistently received high marks in her performance reviews and recently received a promotion. “I was very good at my job and Google has acknowledged this,” she writes.

So what did Spiers do to draw so much heat from Google’s hall monitors? Speaking to Gizmodo, she described pushing a bit of code that would generate a small popup in the Chrome web browser on company machines. “Googlers have the right to participate in protected concerted activities,” the popup read, when an employee accessed either the corporate policy document or the website of IRI, an infamous union-busting firm, the services of which Google recently retained. The popup also linked out to an NLRB notice Google is required by law to post publicly in its headquarters as part of a September settlement with the agency. A portion of that lengthy notice states:

WE WILL NOT reprimand, discipline, or issue a final written warning to you because you exercise your right to bring to us, on behalf of yourself and other employees, issues and complaints regarding your wages, hours, and other terms and conditions of employment.


Spiers was also involved in writing some of the code behind the Always Ask Kent tool first reported by Bloomberg last week. Seemingly in protest of new restrictions around data access, the tool, once installed, would send an email to Kent Walker—the company’s chief legal officer—whenever any document was opened for any reason.

In both cases, Spiers told Gizmodo, she received the appropriate approvals—though as an “owner” of the corporate policy notifier popup, she needed none—and reviews before pushing the code. Within three hours of the code going live, Spiers said, she’d been put on administrative leave, and which point she could no longer view corporate documents, such as the internal policies that might be pivotal to investigative interviews—a frustrating irony encountered by Berland and others.


“What I did is entirely consistent with Google’s mission of organizing the world’s information and making it universally accessible and useful. I changed code as part of my job, which was part of a long track record of excellent work that I did for the company,” Spiers writes (emphasis hers). “Google is resorting to firing those of us who organize and assert our collective voice because it is afraid.”

In tweet this afternoon, a colleague of Spiers, Matthew Garrett, backed this interpretation of the events. “Kathryn was on my team,” he wrote, “There was zero reason why she should have asked anyone else on the team for authorisation (sic) to make changes to this extension. That’s not how we do things.”Spiers later clarified that Garrett was her team lead.


“Google’s unlawful attempts to prevent workers from joining together to advocate for change are outrageous,” CWA’s communications director, Beth Allen, told Gizmodo. “CWA believes in the power of worker-led movements, and we are happy to support employees at Google and other tech companies who are addressing the serious issues they face on the job.”

It’s not clear if other employees involved in either creating Always Ask Kent or in the approvals process of the policy notifier update have been similarly disciplined, as Google declined to answer specific questions related to these circumstances. A spokesperson provided the following statement: “We dismissed an employee who abused privileged access to modify an internal security tool. This was a serious violation.”


What seems abundantly clear is that Alphabet, now fully under the reign of Sundar Pichai, is attempting to steer against a company culture that has rapidly become one of the most outspoken among the tech giants, and doing so in ways the NLRB way well deem illegal. Given the appetite for mass activism and capabilities of engineers at Google who might chafe at management’s heavy-handedness and blunt disregard for their colleagues, a polite popup may soon be the least of the company’s worries.



Update 12/17/19 1:00 p.m. ET: In addition to a short statement, Google sent a number of points on background that contradicted Spiers’s claims but refused to send this information as a quote attributable to the company itself or send copies of the policies it references. As a result, we declined to include those assertions in our story.


An hour later the same spokesperson made the highly irregular step of forwarding an email stating: “As follow up to the story you published this morning, you’re welcome to quote from the below ‘according to a copy of an email sent by Royal Hansen, VP Technical Infrastructure Security & Privacy, and provided by a Google spokesperson.’”

The date and time of the email (7:45 a.m. PST, today) indicate it was sent after our story went to publication, and the contents of this alleged email—it’s not clear to whom it was sent or why—mirror the on-background points sent this morning by Google’s press shop.


Spiers disputes the claims made by Hansen which Google itself was seemingly unwilling to stand behind. This email, such as it is, is copied below:

Hi everyone, Kathryn was a Security Engineer in my org and it was her job to help secure the platforms and infrastructure used by Googlers. Here, she misused a security and privacy tool to create a pop-up that was neither about security nor privacy. She did that without authorization from her team or the Security and Privacy Policy Notifier team, and without a business justification. And she used an emergency rapid push to do it. I want to be very clear: the issue was not that the messaging had to do with the NLRB notice or workers’ rights. The decision would have been the same had the pop-up message been on any other subject. As you know, we trust our employees to properly exercise their privileged access to our internal tools and systems. The decision to abuse the access she had as a Security Engineer was an unacceptable breach of a trusted responsibility. Royal

Updated with comments from Google, Matthew Garrett, and CWA

Have a tip for us? Contact us via email, Twitter DM, Keybase, or SecureDrop.