Google bypassed its own security and privacy teams for Project Dragonfly reveals Intercept
Google’s Project Dragonfly has faced significant criticism and scrutiny from both the public and Google employees. In a major report yesterday, the Intercept revealed how internal conversations around Google’s censored search engine for China shut out Google’s legal, privacy, and security teams.
According to named and anonymous senior Googlers who worked on the project and spoke to The Intercept’s Ryan Gallagher, Company executives appeared intent on watering down the privacy review. Google bosses also worked to suppress employee criticism of the censored search engine.
Project Dragonfly is the secretive search engine that Google is allegedly developing which will comply with the Chinese rules of censorship. It was kept secret from the company at large during the 18 months it was in development until an insider leak led to its existence being revealed in The Intercept. It has been on the receiving end of a constant backlash from various human rights organizations and investigative reporters, since then. Earlier this week, it also faced criticism from human rights organization Amnesty International and was followed by Google employees signing a petition protesting Google’s infamous Project Dragonfly.
The secretive way Google operated Dragonfly
Majority of the leaks were reported by Yonatan Zunger, a security engineer on the Dragonfly team. He was asked to produce the privacy review for the project in early 2017. However, he faced opposition from Scott Beaumont, Google’s top executive for China and Korea.
According to Zunger, Beaumont “wanted the privacy review of Dragonfly]to be pro forma and thought it should defer entirely to his views of what the product ought to be. He did not feel that the security, privacy, and legal teams should be able to question his product decisions, and maintained an openly adversarial relationship with them — quite outside the Google norm.”
Beaumont also micromanaged the project and ensured that discussions about Dragonfly and access to documents about it were under his tight control. If some members of the Dragonfly team broke the strict confidentiality rules, then their contracts at Google could be terminated.
Privacy report by Zunger
In midst of all these conditions, Zunger and his team were still able to produce a privacy report. The report mentioned problematic scenarios that could arise if the search engine was launched in China. The report mentioned that, in China, it would be difficult for Google to legally push back against government requests, refuse to build systems specifically for surveillance, or even notify people of how their data may be used.
Zunger’s meetings with the company’s senior leadership on the discussion of the privacy report were repeatedly postponed. Zunger said, “When the meeting did finally take place, in late June 2017, I and my team were not notified, so we missed it and did not attend. This was a deliberate attempt to exclude us.”
Dragonfly: Not just an experiment
Intercept’s report even demolished Sundar Pichai’s recent public statement on Dragonfly, where he described it as “just an experiment,” adding that it remained unclear whether the company “would or could” eventually launch it in China.
Google employees were surprised as they were told to prepare the search engine for launch between January and April 2019, or sooner. “What Pichai said [about Dragonfly being an experiment] was ultimately horse shit,” said one Google source with knowledge of the project. “This was run with 100 percent intention of launch from day one. He was just trying to walk back a delicate political situation.”
It is also alleged that Beaumont had intended from day one that the project should only be known about once it had been launched. “He wanted to make sure there would be no opportunity for any internal or external resistance to Dragonfly.” said one Google source to Intercept.
This makes us wonder the extent to which Google really is concerned about upholding its founding values, and how far it will go in advocating internet freedom, openness, and democracy. It now looks a lot like a company who simply prioritizes growth and expansion into new markets, even if it means compromising on issues like internet censorship and surveillance. Perhaps we shouldn’t be surprised.
Google CEO Sundar Pichai is expected to testify in Congress on Dec. 5 to discuss transparency and bias. Members of Congress will likely also ask about Google’s plans in China.
Public opinion on Intercept’s report is largely supportive.
The most dangerous company in the world.
— Dennis M. Gordon (@DennGordon) November 29, 2018
“They [leadership] were determined to prevent leaks about Dragonfly from spreading through the company,” said a current Google employee with knowledge of the project. “Their biggest fear was that internal opposition would slow our operations.” https://t.co/VFMktdYtjd
— MPJ (@mpjme) November 29, 2018
Latest from @rj_gallagher on #ProjectDragonfly confirms @Google was aware of the human rights risk & its privacy review process was undermined, confirming what former Googler Jack Poulson wrote to Congress: https://t.co/Jyl1NCZVpY @DropDragonfly pic.twitter.com/rkXtj6W7HR
— cynthia wong (@cynthiamw) November 29, 2018
Google employee and inclusion activist Liz Fong Jones tweeted that she would match $100,000 in pledged donations to a fund to support employees who refuse to work in protest.
And that includes *all* of us thinking about what a strike fund would look like and what a mass resignation mutual support fund would look like, especially to provide cover to folks on H1B visas.
I’ll match $100k to start off, if @techworkersco wants to start gathering funds.
— Liz Fong-Jones (@lizthegrey) November 29, 2018
She has also shown full support for Zunger
“Had Zunger not received the offer to join Humu when he did, he said, he would likely have ended up resigning in protest from Google over Dragonfly.”
If you don’t believe in me, believe @yonatanzunger.
End-run around the S&P teams at Google will produce mass resignations.
— Liz Fong-Jones (@lizthegrey) November 29, 2018
Read Next
Google employees join hands with Amnesty International urging Google to drop Project Dragonfly
OK Google, why are you ok with mut(at)ing your ethos for Project DragonFly?
Amnesty International takes on Google over Chinese censored search engine, Project Dragonfly.
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Sugandha Lahoti. Read the original post at: https://hub.packtpub.com/google-bypassed-its-own-security-and-privacy-teams-for-project-dragonfly-reveals-intercept/