> You'd think so, but most companies have pretty strict internal controls for this sort of thing. Access is also carefully logged so a leaker is pretty much guaranteed to get caught at which point they'd immediately lose their job and likely face criminal prosecution.
That's not enough by any means (edit: and as [1] pointed out, I don't even think it's true). There needs to be more to security than mere deterrence. I'm pretty sure at Google, etc. it's simply impossible for a single rogue employee to mess with customer data (except for a few in very privileged positions), and my impression has been that Facebook is not like this at all (unless it has changed recently).
That sort of access limitation is what I meant by "pretty strict internal controls."
Having never worked there, I can't speak to how it works at FB but I would imagine that there are a lot of limitations on what rank and file employees can do. I guess I could be wrong. Perhaps someone with direct knowledge will chime in.
> I can't speak to how it works at FB but I would imagine that there are a lot of limitations on what rank and file employees can do. I guess I could be wrong.
That's not enough by any means (edit: and as [1] pointed out, I don't even think it's true). There needs to be more to security than mere deterrence. I'm pretty sure at Google, etc. it's simply impossible for a single rogue employee to mess with customer data (except for a few in very privileged positions), and my impression has been that Facebook is not like this at all (unless it has changed recently).
[1] https://news.ycombinator.com/item?id=16675494