Google's secret project to build a censored Chinese search engine bypassed the company's own security and privacy teams

Google's Project Dragonfly is a formerly secret project to build a surveilling, censored version of its search engine for deployment in China; it was kept secret from the company at large during the 18 months it was in development, until an insider leak led to its existence being revealed in The Intercept.

According to named and anonymous senior googlers who worked on the project and spoke to The Intercept's Ryan Gallagher, the secrecy was motivated by the fear that googlers would object to the project so passionately that it would be scuttled (another controversial project, Project Maven, would have provided AI services to the Pentagon's drone project, but the internal outcry was so intense that it was killed and the CEO of Google's cloud division resigned in disgrace).

They were right to be scared. The existence of the project triggered mass protests from inside Google, with waves of resignations (including at the highest levels).

Today's report in The Intercept reveals the great and unethical lengths Project Dragonfly's leadership went to to slip the project past the company's rank-and-file, and its founders.

Yonatan Zunger — a respected security researcher — was on the Dragonfly team, but subsequently quit to work for a startup. He says he would have quit anyway, because of irregularities in the planning and execution of Project Dragonfly.

The Intercept puts the blame for Dragonfly on Google China Operations Head Scott Beaumont, whom sources (including Zunger) say systematically excluded the privacy and security teams from Dragonfly meetings, misleading them about support from Google founders for the project, and keeping them from sharing their research and recommendations from Beaumont's bosses.

The culture of secrecy around Dragonfly was extreme: written notes were rarely kept to prevent them from leaking, engineers were threatened with dismissal if they discussed the project internally, and people on the project were sometimes not allowed to directly communicate — they had to funnel their communications through Beaumont and his cadre. The concern, according to the googlers sourced for the article, was not a widespread public leak, but an internal one — the leadership were worried that the company's own staff would rise up at the idea.

Sources in the article say that Project Dragonfly's secrecy was unheard-of in Google's history. Likewise aberrant was Beaumont's hostile dismissal of the privacy and security team's analysis and recommendations, and their flagging up of the possibility that the company could be complicit in human rights abuses by Chinese authorities if they used Google's search tool to identify and target dissidents.

Zunger and his colleagues produced a privacy report that highlighted problematic scenarios that could arise once the censored search engine launched in China. The report, which contained more than a dozen pages, concluded that Google would be expected to function in China as part of the ruling Communist Party's authoritarian system of policing and surveillance. It added that, unlike in Europe or North America, in China it would be difficult, if not impossible, for Google to legally push back against government requests, refuse to build systems specifically for surveillance, or even notify people of how their data may be used.

Zunger had planned to share the privacy report and discuss its findings during a meeting with the company's senior leadership, including CEO Sundar Pichai. But the meeting was repeatedly postponed. When the meeting did finally take place, in late June 2017, Zunger and members of Google's security team were not notified, so they missed it and did not attend. Zunger felt that this was a deliberate attempt to exclude them.

Google Shut Out Privacy and Security Teams From Secret China Project [Ryan Gallagher/The Intercept]