Google has finally admitted that a "Project Dragonfly" is indeed in the works.
But that's about all a Google executive was willing to divulge Wednesday about the codenamed plan, which has been widely reported to be a search product the company is developing for China — one that would need to comply with government censorship.
The rumored existence of the Chinese search engine came up repeatedly during a Senate committee hearing in Washington, where several major technology and telecommunications executives were testifying about a potential federal law to regulate data privacy.
The prospect of a Google-sanctioned search engine for China has become a hot-button issue. Reports began surfacing last month that Google was working on a product that would block sensitive websites and search terms in accordance with Chinese censorship.
The New York Times later reported that more than a thousand Google employees have questioned the plan. That criticism is ongoing — The Times reported early Wednesday that a former Google research scientist blasted the Chinese search product in a letter to lawmakers this week.
However, Google had refused to comment until Wednseday, when Google (GOOG) chief privacy officer Keith Enright joined executives from AT&T (T), Amazon (AMZN), Apple (AAPL), Twitter (TWTR) and Charter Communications (CHTR) at the Senate hearing (AT&T owns CNN.). The point of the hearing was for the executives to outline what they want out of any new US regulatory proposal — they largely opposed any law as restrictive as the recent data privacy reforms adopted or passed by the European Union and California.
But lawmakers fixated on Enright. They lobbed questions at him about all kinds of controversies facing Google and the rest of the tech industry, privacy-related or otherwise.
Enright did not link "Dragonfly" to the reports about developing a Chinese search engine. He name-dropped it only when pressed about the existence of a "Project Dragonfly" by Senator Ted Cruz, a Texas Republican.
"I am not clear on the contours of what is in scope or out of scope for that project," Enright added.
When Cruz prodded Enright for more information, the privacy officer would only reiterate what CEO Sundar Pichai has already said about the rumored product.
"I need to be clear for the record that my understanding is that we are not close to launching a search product in China," Enright said. "And whether we eventually could or would remains unclear."
Though Google received a lot of the attention at Wednesday's hearing, the other companies did not entirely escape scrutiny. Lawmakers peppered the executives with questions about how they use consumer data, and how they define what is private and what is not.
The concept of a federal law that governs data privacy has become increasingly important to lawmakers, especially in recent months.
The European Union made waves earlier this year when its General Data Protection Regulation went into effect. Those rules forced companies that operate in that region to revise their data privacy policies.
Then in June, California passed the toughest data privacy law in the US. When that law goes into effect in 2020, it will grant consumers the right to know what companies like Facebook and Google are collecting from them, why those companies are collecting it and who they are sharing it with. Consumers will also be able to bar tech companies from selling their data.
AT&T's Len Cali, the senior vice president of global public policy, cited a "host of burdens" associated with the GDPR during his testimony Wednesday.
"Perhaps if it existed at the the companies at this table started, we wouldn't be here, none of them would be here," he said.
Other executives argued along similar lines, adding that whatever law is passed should not be so cumbersome as to hurt innovation, especially at small and medium-sized companies. Many also wanted a law that pre-empts state statutes, like the one California just passed.
Consumer advocacy groups have opposed the industry's objections to GDPR and the California law. In a letter to the Senate committee that conducted the hearing, the American Civil Liberties Union called for legislation that would install safeguards for consumers.
"In the last year, we have seen countless data breaches, sharing of sensitive data without consent, and reports that companies have misled consumers regarding their data practices," the ACLU wrote. "It is past time for Congress to right the imbalance in our laws that has failed to protect consumers from industry practices that strip them over control of their data in the interest of profit."
Senator John Thune, the chairman of the commerce, science and transportation committee and a South Dakota Republican, said Wednesday that lawmakers intend to hold a second hearing next month. He added that a California privacy activist and the head of GDPR enforcement have already agreed to testify.