This is incredibly far fetched. None of the audit controls at these companies notice that these employees are constantly accessing user's private data? And these double-agent employees manage to do all this secret work while still maintaining a cover as a regular employee who does well enough of a job to get good perf reviews and stick around?
Yeah, for real. We're not talking about sneaking a few files out on a thumb drive, here. We're suggesting petabytes of data being sent out over Google's networks without Google noticing. Meh.
I guess the question then, is: how big of a cabal of "rogue" employees would it take to put evil code into production at a place like Google. I seriously doubt one person could do it, no matter how highly placed.
one person, maybe not, but if you're a intelligence agency with a multi-million dollar budget to tap Google, you'd probe the organisation and bribe those with access, and anyone in the chain those employees could credibly report to.
this isn't difficult or particularity far-fetched!
The biggest reason is, what is the downside? Working with US spy agencies as an american on american soil you don't risk getting thrown into jail for the rest of your life and the biggest downside is getting caught and fired but you are being compensated with money anyways so why would you care. Working with foreign governments is much more risky but I am sure they have tried and do have agents working in large companies such as google.
who says they haven't?
maybe not completely (it's way easier for the US, as most of Google resides on US soil), but you can bet they have people in a position to extract at least some data on demand.
this has previously happened: stuxnet (a product of several intelligence agencies) was digitally signed by a large semiconductor company!
https://financialcryptography.com/mt/archives/001431.html