This op-ed first appeared in The Guardian on December 12, 2018

It's time to take back your data from Google and Facebook's server farms

In April 2004, the Chinese journalist Shi Tao revealed an order from the Communist party to censor coverage of the 15th anniversary of the Tiananmen Square massacre. Journalists were instructed to “direct public opinion” and uphold party doctrine in their reporting. Hoping to inform others of the censorship, Tao shared notes he had taken on the document with a New York website.

His mistake was sending them from his Yahoo email account.

A year later, Tao was serving the first of a 10-year prison sentence for revealing “state secrets”. The government’s investigation, journalists discovered in 2005, was aided and abetted by Yahoo, which shared Tao’s personal data with Chinese authorities.

Yahoo was lambasted for its role in Tao’s arrest. Among the most pointed criticism was a tongue-lashing its chief executive faced in Congress, where the chairman of the House committee on foreign affairs said: “Much of this testimony reveals that while technologically and financially you are giants, morally you are pygmies.”

We hoped that Sundar Pichai would face similar treatment on Tuesday when he sat in the congressional hot seat, a first time for the 20-year-old, once-beloved tech company. Unfortunately lawmakers failed to home in Google’s evasiveness on their China plans.

The Google CEO testified before the House judiciary committee on myriad issues with the tech giant, and chief among them was the company’s secret project to build a search engine for China capable of being used by the government to expand internet surveillance over a seventh of the world’s population.

Codenamed Project Dragonfly, the search engine would come with a bevy of features attractive to any autocracy: specific keywords like “human rights” could be blocked, searches would be linked to personal phone numbers, data servers located in China would be open to inspection at any time. Dragonfly would even allow the government to change weather and air pollution data to downplay the toxicity in its cities.

There would be no requirement to notify users of how their data is being used or by whom, nor any barrier to Google handing over personal data when requested, as Yahoo did more than a decade ago. In explaining the company’s motives, Pichai said Google had to explore China “given how important the market is and how many users there are”.

These tech companies have gone on long enough. Projects like Dragonfly are dangerous because of Google’s business model: offer a compelling product and amass personal data on the hundreds of millions who flock to use it. Store that data and then monetize it with advertisers.

Project Dragonfly is revealing the depths to which tech giants will sink for financial gain

Of course, if a government comes knocking for an individual’s search history or their email and phone number, they give it right up to protect their ability to continue amassing data and continue selling it. We’ve outsourced this moral decision-making to the companies themselves. It’s them that we trust to say “we’ll cooperate with this government but not with this one” and, on Tuesday, Pichai repeatedly acknowledged Google’s work directly with law enforcement agencies but refused to offer details of what this work entails.

This may have once seemed a fine choice, but it never was, and Project Dragonfly is revealing the depths to which tech giants will sink for financial gain.

The model is fundamentally insecure, and there have been few meaningful steps taken to address that. Individuals can use apps such as Signal to communicate outside of Facebook Messenger or Google Hangouts. They can use browsers like Tor or Brave instead of Chrome, and they can build their own email servers with the right knowhow to avoid Gmail or Yahoo.

These projects still live on the margins, but the way forward is clear: a decentralized internet where personal data is no longer stored on massive server farms owned by a handful of corporations. Messages that live only with sender and recipient, search terms that are known only to the user, emails that are left unscanned, and phones that are not tracked for location in real-time.

Decentralized products and service are best suited to provide this. There’s no way currently to safeguard against government surveillance if a few corporations own the majority of our personal data. Products that seek to decentralize that data are the best way forward. We cannot trust companies like Google to make decisions on which governments are authoritarian and which are not.

Even public shame seems like a poor solution.

Yahoo was eventually forced to settle a lawsuit with Tao’s family and that of another journalist whose imprisonment it also aided and its chief executive apologized to both families. After the berating from Congress, it created a $17m fund to support activists and journalists in China.

It’s not clear that would work today against Google. The company is massive and powerful, and it has thus far successfully weathered public criticism against Dragonfly and, more importantly, criticism from its own employees, who said the search engine would “make Google complicit in oppression and human rights abuses” and have asked Pichai to stop working on the Dragonfly project.

The public accountability model, I fear, is not enough on it’s own for big tech to actually be held accountable. We have to build new tools, new products, that by their very nature cannot be used to amass personal data and either sell it off or hand it over to whichever government authority comes knocking without a legitimate basis.

Companies such as Google and Facebook are giants today, and use of their services seems inescapable. But there are other options, and we can no longer afford to let a handful of companies make the right calls.