GOOGLE SUPPRESSES MEMO REVEALING PLANS TO CLOSELY TRACK SEARCH USERS IN CHINA

GOOGLE BOSSES HAVE forced employees to delete a confidential memo circulating inside the company that revealed explosive details about a plan to launch a censored search engine in China, The Intercept has learned.

The memo, authored by a Google engineer who was asked to work on the project, disclosed that the search system, codenamed Dragonfly, would require users to log in to perform searches, track their location — and share the resulting history with a Chinese partner who would have “unilateral access” to the data.

The memo was shared earlier this month among a group of Google employees who have been organizing internal protests over the censored search system, which has been designed to remove content that China’s authoritarian Communist Party regime views as sensitive, such as information about democracy, human rights, and peaceful protest.

According to three sources familiar with the incident, Google leadership discovered the memo and were furious that secret details about the China censorship were being passed between employees who were not supposed to have any knowledge about it. Subsequently, Google human resources personnel emailed employees who were believed to have accessed or saved copies of the memo and ordered them to immediately delete it from their computers. Emails demanding deletion of the memo contained “pixel trackers” that notified human resource managers when their messages had been read, recipients determined.

The Dragonfly memo reveals that a prototype of the censored search engine was being developed as an app for both Android and iOS devices, and would force users to sign in so they could use the service. The memo confirms, as The Intercept first reported last week, that users’ searches would be associated with their personal phone number. The memo adds that Chinese users’ movements would also be stored, along with the IP address of their device and links they clicked on. It accuses developers working on the project of creating “spying tools” for the Chinese government to monitor its citizens.

People’s search histories, location information, and other private data would be sent out of China to a database in Taiwan, the memo states. But the data would also be provided to employees of a Chinese company who would be granted “unilateral access” to the system.

To launch the censored search engine, Google set up a “joint venture” partnership with an unnamed Chinese company. The search engine will “blacklist sensitive queries” so that “no results will be shown” at all when people enter certain words or phrases, according to documents seen by The Intercept. Blacklisted search terms on a prototype of the search engine include “human rights,” “student protest,” and “Nobel Prize” in Mandarin, said sources familiar with the project.

According to the memo, aside from being able to access users’ search data, the Chinese partner company could add to the censorship blacklists: It would be able to “selectively edit search result pages … unilaterally, and with few controls seemingly in place.”

That a Chinese company would maintain a copy of users’ search data means that, by extension, the data would be accessible to Chinese authorities, who have broad powers to obtain information that is held or processed on the country’s mainland. A central concern human rights groups have expressed about Dragonfly is that it could place users at risk of Chinese government surveillance — and any person in China searching for blacklisted words or phrases could find themselves interrogated or detained. Chinese authorities are well-known for routinely targeting critics, activists, and journalists.

“It’s alarming to hear that such information will be stored and, potentially, easily shared with the Chinese authorities,” said Patrick Poon, a Hong Kong-based researcher with the human rights group Amnesty International. “It will completely put users’ privacy and safety at risk. Google needs to immediately explain if the app will involve such arrangements. It’s time to give the public full transparency of the project.”

ON AUGUST 16, two weeks after The Intercept revealed the Dragonfly plan, Google CEO Sundar Pichai told the company’s employees that the China plan was in its “early stages” and “exploratory.” However, employees working on the censored search engine were instructed in late July, days before the project was publicly exposed, that they should prepare to get it into a “launch-ready state” to roll out within weeks, pending approval from officials in Beijing.

“It will completely put users’ privacy and safety at risk.”
The memo raises new questions about Pichai’s claim that the project was not well-developed. Information stored on the company’s internal networks about Dragonfly “paints a very different picture,” it says. “The statement from our high-level leadership that Dragonfly is just an experiment seems wrong.”

The memo identifies at least 215 employees who appear to have been tasked with working full-time on Dragonfly, a number it says is “larger than many Google projects.” It says that source code associated with the project dates back to May 2017, and “many infrastructure parts predate” that. Moreover, screenshots of the app “show a project in a pretty advanced state,” the memo declares.

Most of the details about the project “have been secret from the start,” the memo says, adding that “after the existence of Dragonfly leaked, engineers working on the project were also quick to hide all of their code.”

The author of the memo said in the document that they were opposed to the China censorship. However, they added, “more than the project itself, I hate the culture of secrecy that has been built around it.”

The memo was first posted September 5 on an internal messaging list set up for Google employees to raise ethical concerns. But the memo was soon scrubbed from the list and individuals who had opened or saved the document were contacted by Google’s human resources department to discuss the matter. The employees were instructed not to share the memo.

Google reportedly maintains an aggressive security and investigation team known as “stopleaks,” which is dedicated to preventing unauthorized disclosures. The team is also said to monitor internal discussions.

“More than the project itself, I hate the culture of secrecy that has been built around it.”
Internal security efforts at Google have ramped up this year as employees have raised ethical concerns around a range of new company projects. Following the revelation by Gizmodo and The Intercept that Google had quietly begun work on a contract with the military last year, known as Project Maven, to develop automated image recognition systems for drone warfare, the communications team moved swiftly to monitor employee activity.

The “stopleaks” team, which coordinates with the internal Google communications department, even began monitoring an internal image board used to post messages based on internet memes, according to one former Google employee, for signs of employee sentiment around the Project Maven contract.

Join Our Newsletter
Original reporting. Fearless journalism. Delivered to you.
I’m in
Google’s internal security team consists of a number of former military and law enforcement officials. For example, LinkedIn lists as Google’s head of global investigations Joseph Vincent, whose resume includes work as a high-ranking agent at the U.S. Immigration and Customs Enforcement agency’s Homeland Security Investigations unit. The head of security at Google is Chris Rackow, who has described himself as a former member of the Federal Bureau of Investigation’s hostage rescue team and as a former U.S. Navy SEAL.

For some Google employees, the culture of secrecy at the company clashes directly with its public image around fostering transparency, creating an intolerable work environment.

“Leadership misled engineers working on [Dragonfly] about the nature of their work, depriving them of moral agency,” said a Google employee who read the memo.

Google did not respond to a request for comment on this story.

Europe Finally Has an Excuse to Challenge the Dollar

With more and more European companies fleeing Iran following the re-imposition of U.S. sanctions, it may be tempting for Americans to write off Europe’s efforts to save the Iran nuclear deal. It would be wiser to resist the temptation. A new plan by Germany, France, Britain, China and Russia to create special financial infrastructure to work with Iran could be a credible challenge to the U.S. dollar’s long global dominance. Federica Mogherini, the European Union’s top foreign-policy official, said in New York on Monday that the plan to create a “special purpose vehicle” for trade with Iran “will mean that EU member states will set up a legal entity to facilitate legitimate financial transactions with Iran, and this will allow European companies to continue trade with Iran.” The technical details are still to be worked out, but her wording provides some useful hints on how the scheme will work.The U.S. sanctions, reimposed after President Donald Trump pulled his country out of the 2016 agreement that severely restricted the Iranian nuclear program, make it virtually impossible for an entity with any U.S. exposure — including correspondent accounts with U.S. banks — to do business with Iran. The cost of defying American sanctions can be steep: in 2015, BNP Paribas SA, the French bank, paid a penalty of almost $9 billion for violating U.S. sanctions against Iran, Cuba and Sudan. The French government’s angry protests over the “disproportional” punishment were ignored.Now sanctions are back, it is clear to the Europeans (as well as the Chinese and Russians) that any future transactions with Iran must go through entities insulated from the American financial system. In a July 2018 report, Axel Hellman of the European Leadership Network think tank and Esfandyar Batmanghelidj of the Iranian company Bourse & Bazaar proposed “a new banking architecture” in response to the U.S. sanctions, relying on the existing system of “gateway banks,” such as the Hamburg-based Europaeisch-Iranische Handelsbank, and the European branches of private Iranian bank. “A further third category of gateway banks can be envisioned,” they wrote, “which would comprise of special purpose vehicles established by European governments, or as part of public-private partnerships in order to facilitate Iran trade and investment.”The new plan appears to focus on this third option. Mogherini indicated that Germany, France and the U.K. would set up a multinational state-backed financial intermediary that would deal with companies interested in Iran transactions and with Iranian counter-parties. Such transactions, presumably in euros and pounds sterling, would not be transparent to American authorities. European companies dealing with the state-owned intermediary technically might not even be in violation of the U.S. sanctions as currently written. The system would be likely be open to Russia and China as well.Europe would thus provide an infrastructure for legal, secure sanctions-busting — and a guarantee that the transactions would not be reported to American regulators. It would be pointless to sanction the special purpose vehicle because the U.S. would have no way of knowing who deals with it, and why. All the U.S. could do is sanction the participating countries’ central banks or SWIFT, the Brussels-based financial messaging system, for facilitating the transactions (if the special purpose vehicle uses SWIFT, rather than ad hoc messaging). That, Hellman and Batmanghelidj wrote, would be self-defeating: “There are two possible outcomes if these institutions proceed to work with Iran despite U.S. secondary sanctions. Either U.S. authorities fail to take enforcement action given the massive consequences for the operations and integrity of the American financial system, serving to “defang” the enforcement threats and reduce the risk of European self-sanctioning on the basis of fear, or U.S. authorities take such an enforcement action, a step that would only serve to accelerate European efforts to create a defensible banking architecture that goes beyond the Iran issue alone.”Creating “a defensible banking architecture” may well be the end goal for the Europeans, China and Russia, anyway. Iran is only a convenient pretext: the nuclear agreement is one of the few things that unite the EU, China and Russia against the U.S. But working to undermine the dollar’s global dominance isn’t ultimately about Iran at all. In his recent State of the European Union speech, European Commission President Jean-Claude Juncker called for strengthening the euro’s international role and moving away from traditional dollar invoicing in foreign trade. China and Russia have long sought the same thing, but it’s only with Europe, home of the world’s second biggest reserve currency, that they stand a chance of challenging American dominance. Whether or not the “special purpose vehicle” would entice European companies such as France’s Total or Germany’s Daimler to get back into business with Iran remains to be seen. Given U.S. law enforcement’s wide reach, there would still be a risk involved, and European governments may not be able to protect the companies from it. Some firms will be tempted to try the new infrastructure, however, and the public isn’t likely to find out if they do. In any case, it’s worthwhile for Europe, Russia and China to experiment with dollar-free business.No currency’s international dominance has lasted forever, and there’s no reason for the U.S. dollar to be the exception to this rule. Trump’s confidence in his ability to weaponize the dollar against adversaries and stubborn allies alike could eventually backfire for the U.S. as efforts to push the dollar off its pedestal grow ever more serious.

To contact the author of this story:Leonid Bershidsky at lbershidsky@bloomberg.net

You’ve reached your free article limit.
Subscribe now to get unlimited access.
View Offers Sign in
Bloomberg Anywhere clients get free access

Product updates based on your feedback

We recently made a change to simplify the way Chrome handles sign-in. Now, when you sign into any Google website, you’re also signed into Chrome with the same account. You’ll see your Google Account picture right in the Chrome UI, so you can easily see your sign-in status. When you sign out, either directly from Chrome or from any Google website, you’re completely signed out of your Google Account.

Chrome sign in .png
We want to be clear that this change to sign-in does not mean Chrome sync gets turned on. Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync.

The new UI reminds users which Google Account is signed in. Importantly, this allows us to better help users who share a single device (for example, a family computer). Over the years, we’ve received feedback from users on shared devices that they were confused about Chrome’s sign-in state. We think these UI changes help prevent users from inadvertently performing searches or navigating to websites that could be saved to a different user’s synced account.

We’ve heard—and appreciate—your feedback. We’re going to make a few updates in the next release of Chrome (Version 70, released mid-October) to better communicate our changes and offer more control over the experience.

While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in—that way users have more control over their experience. For users that disable this feature, signing into a Google website will not sign them into Chrome.
Chrome settings.png
We’re updating our UIs to better communicate a user’s sync state. We want to be clearer about your sign-in state and whether or not you’re syncing data to your Google Account.
Chrome UI.png
We’re also going to change the way we handle the clearing of auth cookies. In the current version of Chrome, we keep the Google auth cookies to allow you to stay signed in after cookies are cleared. We will change this behavior that so all cookies are deleted and you will be signed out.
We deeply appreciate all of the passionate users who have engaged with us on this. Chrome is a diverse, worldwide community, and we’re lucky to have users who care as much as you do. Keep the feedback coming.