Google Shut Out Privacy and Security Teams From Secret China Project

 

Google’s Senior Vice President of Engineering John Giannandrea speaks onstage during TechCrunch Disrupt SF 2017 at Pier 48 on Sept. 19, 2017 in San Francisco, Calif.

Photo: Steve Jennings/TechCrunch/Getty Images

In 2016, a handful of Google executives — including CEO Sundar Pichai and former search chief John Giannandrea — began discussing a blueprint for the censored search engine. But it was not until early 2017 that engineers were brought on board to begin developing a prototype of the platform. The search engine was designed to comply with the strict censorship regime imposed by China’s ruling Communist Party, blacklisting thousands of words and phrases, including terms such as “human rights,” “student protest,” and “Nobel Prize.” It was developed as an app for Android and iOS devices, and would link people’s search records to their personal cellphone number and track their location. (Giannandrea could not be reached for comment.)

The company managed to keep the plan secret for more than 18 months — until The Intercept disclosed it in August. Subsequently, a coalition of 14 leading human rights groups, including Amnesty International and Human Rights Watch, condemned the censored search engine, which they said could result in Google “directly contributing to, or [becoming] complicit in, human rights violations.” Employees who opposed the censorship staged protests inside the company. Meanwhile, a bipartisan group of U.S. senators called Dragonfly “deeply troubling,” and Vice President Mike Pence demanded that Google “immediately end” its development.

Google employees who had worked on Dragonfly watched the furor unfold and were not surprised by the backlash. Many of the concerns raised by the human rights groups, they noted, had already been voiced inside the company prior to the public exposure of the plans, though they had been brushed aside by management.

 

Many of the concerns raised by human rights groups had already been voiced inside the company and been brushed aside by management.

 

Every new product or service that Google develops must be reviewed by legal, privacy, and security teams, who try to identify any potential issues or problems ahead of the launch. But with Dragonfly, the normal procedure was not followed: Company executives appeared intent on watering down the privacy review, according to the four people who worked on the project.

In January 2017, Zunger, the 14-year veteran engineer at the company, had been tasked with producing the privacy review. However, it quickly became apparent to him that his job was not going to be easy. His work was opposed from the outset by Beaumont, Google’s top executive for China and Korea.

Beaumont, a British citizen, began his career in 1994 as an analyst for an investment bank in England and later founded his own company called Refresh Mobile, which developed apps for smartphones. He joined Google in 2009, working from London as director of the company’s partnerships in Europe, Asia and the Middle East. In 2013, Beaumont relocated to China to head Google’s operations there. He described himself in his LinkedIn biography as a “technology optimist” who cares about “the value and responsible use of technology in a range of fields.”

According to Zunger, Beaumont “wanted the privacy review [of Dragonfly] to be pro forma and thought it should defer entirely to his views of what the product ought to be. He did not feel that the security, privacy, and legal teams should be able to question his product decisions, and maintained an openly adversarial relationship with them — quite outside the Google norm.”

Three sources independently corroborated Zunger’s account. Beaumont did not respond to multiple requests for comment, and Google declined to answer questions for this story.

During one meeting, Zunger recalled, Beaumont was briefed on aspects of Dragonfly that Google’s privacy and security teams planned to assess. He was told that the teams wanted to check whether the Chinese search system would be secure against state and non-state hackers, whether users in China would have control over their own data, and whether there may have been any aspects of the system that might cause users to unintentionally disclose information about themselves.

“I don’t know if I want you asking those questions,” Beaumont retorted, according to Zunger, who said the comment was “quite surprising to those in the room.”

Beaumont micromanaged the project and ensured that discussions about Dragonfly and access to documents about it were tightly controlled. “Different teams on the Dragonfly project were actively segmented off from one another and discouraged from communicating, except via Scott’s own team, even about technical issues,” said Zunger.

This was “highly unusual,” according to Zunger. Normally, even for extremely confidential work inside the company, he said, there would be “open and regular communication within a project, all the way up to senior leadership.”

“The project, as it was then specified, was not something I could sign off on in good conscience.”

With Dragonfly, the opposite was true. The restrictions around the project limited the ability for discussion and seemed intended “to prevent internal objections,” Zunger said. Some members of the Dragonfly team were told that if they broke the strict confidentiality rules, then their contracts at Google would be terminated, according to three sources.

Despite facing resistance, the privacy and security teams — which together included a total of between six and eight people — proceeded with their work.

Zunger and his colleagues produced a privacy report that highlighted problematic scenarios that could arise once the censored search engine launched in China. The report, which contained more than a dozen pages, concluded that Google would be expected to function in China as part of the ruling Communist Party’s authoritarian system of policing and surveillance. It added that, unlike in Europe or North America, in China it would be difficult, if not impossible, for Google to legally push back against government requests, refuse to build systems specifically for surveillance, or even notify people of how their data may be used.

Zunger had planned to share the privacy report and discuss its findings during a meeting with the company’s senior leadership, including CEO Sundar Pichai. But the meeting was repeatedly postponed. When the meeting did finally take place, in late June 2017, Zunger and members of Google’s security team were not notified, so they missed it and did not attend. Zunger felt that this was a deliberate attempt to exclude them.


Source Article from http://feedproxy.google.com/~r/blacklistednews/hKxa/~3/KuW7mcTRi84/google-shut-out-privacy-and-security-teams-from-secret-china.html

Related Posts
Reuters – Iraq will send delegations to Washington and Tehran to help “halt tension” amid
MNA – Iran’s Intelligence Ministry said it has so far eliminated 300 terrorist groups inside
NEW YORK — The Intercept, along with its parent company First Look Media, recently hosted
NEW YORK — The Intercept, along with its parent company First Look Media, recently hosted
The two countries will launch a humanitarian project for Syria to provide care and medicine

Hits: 7

You can leave a response, or trackback from your own site.

Leave a Reply

*

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes