Ex-Google Employee Urges Lawmakers to Take On Company - The New York Times

Image Google’s chief privacy officer is set to testify on Wednesday before a congressional committee about the company’s approach to data protection. Credit Credit Jose Luis Magana/Associated Press

SAN FRANCISCO — Google is facing increased scrutiny by lawmakers in Washington over its size and influence. Now, a research scientist who recently resigned from the company in protest is urging them on.

In a harshly worded letter sent this week, the former employee, Jack Poulson, criticized Google’s handling of a project to build a version of its search engine that would be acceptable to the government of China. He said the project was a “catastrophic failure of the internal privacy review process.”

He said lawmakers should increase transparency and oversight of the company and technology industry, saying that there is a “broad pattern of unaccountable decision making.”

Dr. Poulson left the company after news articles revealed the existence of the project last month. It was first reported on by the Intercept news site.

Google’s chief privacy officer, Keith Enright, testified on Wednesday before a congressional committee about the company’s approach to data protection. Executives from Apple, AT&T, Amazon, Twitter and Charter Communications also appeared at the hearing.

Dr. Poulson said the Chinese project, called Dragonfly, had several “disturbing components.” A prototype, he said, would allow a partner company in China to view a person’s search history based on his or her phone number. He said the project also censored an extensive list of subjects that included information about air quality and China’s president, Xi Jinping.

He also pointed lawmakers to commitments Google made as part of a settlement with the Federal Trade Commission in 2011. Google, among other requirements, must submit to regular privacy audits and follow a comprehensive privacy program under the settlement. The privacy program includes reviews of all Google products for privacy issues before they are released.

Image Google on Monday released a framework for privacy legislation. Credit Pau Barrena/Agence France-Presse — Getty Images

Google’s privacy reviewers are assigned to analyze Google code and make sure it does not violate user privacy. But after Dragonfly became public, several reviewers said they had signed off on sections of code for Dragonfly without fully understanding the project or its privacy implications, according to two people familiar with the process. The people would speak only on the condition of anonymity to protect their relationships at the company.

The reviewers, they said, felt that pertinent information about Dragonfly’s code had been withheld from them, and raised questions about the review process that went unanswered.

In his testimony on Wednesday, Mr. Enright said Google was not close to releasing a search product in China.

“If we were, in fact, to finalize a plan to launch a search product in China, my team would be actively engaged,” he said. “Our privacy and security controls would be followed, and any such project or product would follow and be consistent with our values in privacy and data protection.”

Google on Monday released a framework for privacy legislation that describes to lawmakers how the company views its role in data protection.

“Innovative uses of data shouldn’t be presumptively unlawful just because they are unprecedented, but organizations must account for and mitigate potential harms,” the framework says. “This includes taking particular care with sensitive information that can pose a significant risk. To enable organizations to develop effective mitigations, regulators should be clear about what constitutes a harm.”

In a blog post, Mr. Enright said the company supported comprehensive regulation on privacy. Google has also recently increased its privacy efforts, forming a team dedicated to privacy and data protection.

Google left China in 2010, denouncing government censorship. That year the company also said it had discovered that Chinese hackers had attacked the company’s corporate infrastructure.

“It should be pretty obvious that they should be asked what changed between 2010 and today,” said Cynthia Wong, a senior researcher at Human Rights Watch.

Interested in All Things Tech? Get the Bits newsletter delivered to your inbox weekly for the latest from Silicon Valley and the technology industry.

https://www.nytimes.com/2018/09/26/technology/google-privacy-china-congress.html