SAN FRANCISCO — Google is facing increased scrutiny by lawmakers in Washington over its size and influence. Now, a research scientist who recently resigned from the company in protest is urging them on.
In a harshly worded letter sent this week, the former employee, Jack Poulson, criticized Google’s handling of a project to build a version of its search engine that would be acceptable to the government of China. He said the project was a “catastrophic failure of the internal privacy review process.”
He said lawmakers should increase transparency and oversight of the company and technology industry, saying that there is a “broad pattern of unaccountable decision making.”
Dr. Poulson left the company after news articles revealed the existence of the project last month. It was first reported on by The Intercept news site.
Google’s chief privacy officer, Keith Enright, is set to testify on Wednesday before a congressional committee about the company’s approach to data protection. Lawmakers will also hear testimony from Apple, AT&T, Amazon, Twitter and Charter Communications.
Dr. Poulson said the Chinese project, called Dragonfly, had several “disturbing components.” A prototype, he said, would allow a company Google would partner with in China to view a person’s search history based on their phone number. He said the project also censored an extensive list of subjects that included information about air quality and China’s president, Xi Jinping.
He also pointed lawmakers to commitments Google made as part of a settlement with the Federal Trade Commission in 2011. Google, among other requirements, must submit to regular privacy audits and follow a comprehensive privacy program under the settlement. The privacy program includes reviews of all Google products for privacy issues before they are released.
Google’s privacy reviewers are assigned with analyzing Google code and making sure it does not violate user privacy. But after Dragonfly became public, several reviewers said that they had signed off on sections of code for Dragonfly without fully understanding the project or its privacy implications, according to two people familiar with the process. The people would speak only on condition of anonymity to protect their relationships at the company.
The reviewers, they said, felt that pertinent information about Dragonfly’s code had been withheld from them, and raised questions about the review process that went unanswered.
A Google representative did not respond to requests for comment.
Google on Monday released a framework for privacy legislation that describes to lawmakers how the company views its role in data protection.
“Innovative uses of data shouldn’t be presumptively unlawful just because they are unprecedented, but organizations must account for and mitigate potential harms,” the framework says. “This includes taking particular care with sensitive information that can pose a significant risk. To enable organizations to develop effective mitigations, regulators should be clear about what constitutes a harm.”
In a blog post, Mr. Enright of Google said the company supported comprehensive regulation on privacy. Google has also recently increased its privacy efforts, forming a team dedicated to privacy and data protection.
Google left China in 2010, denouncing government censorship. That year the company also said it had discovered that Chinese hackers had attacked the company’s corporate infrastructure.
“It should be pretty obvious that they should be asked with changed between 2010 and today,” said Cynthia Wong, a senior researcher at Human Rights Watch.