That's exactly my point. In a company like Twitter there is some person or probably many people who are "the dba" and accessing a mysql directly or even using tools to access the underlying storage is an event of no discernible consequence. By contrast in a Google-style stack there is no person who is "the DBA", making it far easier to audit. A Gmail admin might need to unwrap the encryption keys that protect your attachments to, for example, diagnose a message-of-death that is crashing their backends, but that event would be so rare as to be easily audited, and it would tie a specific actor to a specific victim. Also I would say a custom auditing stack is way more resilient to things like just deleting the logs off the server, restarting the server without auditing, and whatnot.