Earlier this year, a group of influential software engineers in Google’s cloud division surprised their superiors by refusing to work on a cutting-edge security feature. Known as “air gap,” the technology would have helped Google win sensitive military contracts. The coders weren’t persuaded their employer should be using its technological might to help the government wage war, according to four current and former employees.
After hearing the engineers’ objections, Urs Hölzle, Google’s top technical executive, said the air gap feature would be postponed, one of the people said. Another person familiar with the situation said the group was able to reduce the scope of the feature.
The act of rebellion ricocheted around the company, fuelling a growing resistance among employees with a dim view of Google’s yen for multi-million-dollar government contracts. The engineers became known as the “Group of Nine” and were lionised by like-minded staff.
The current and former employees say the engineers’ work boycott was a catalyst for larger protests that convulsed the company’s Mountain View, California, campus and ultimately forced executives to let a lucrative Pentagon contract called Project Maven expire without renewal. They declined to name the engineers and requested anonymity to discuss a private matter.
Internal disputes are common at Alphabet Inc’s Google, which gives employees ample space to air grievances. But dissent is on the rise (as it is at other tech companies).
Last month, in a highly unusual move, a Google employee proposed that executive compensation be tied to efforts to make the company more diverse and inclusive.
That proposal was easily voted down by shareholders, but the engineers’ boycott could actually hamper Google’s ability to compete. Big federal contracts often require certification to handle sensitive data-authorisations that rivals Amazon.com Inc and Microsoft Corp have, but Google doesn’t.
Without certain measures including air gap technology, Google may struggle to win portions of the Joint Enterprise Defense Infrastructure, or JEDI, a Pentagon deal worth upwards of $10bn.
It’s unclear if Google has abandoned air gap technology or is still planning to build it over employees’ objections. The feature is not technically very difficult, so Google could easily find other engineers to do the work. While over 4,000 people at the company signed a petition against Project Maven, that’s roughly 5% of total full-time staff. A company spokesperson declined to comment.
Google cloud chief Diane Greene has put government contracts at the centre of her strategy. Federal agencies are among the largest spenders on corporate computing and starting to gravitate toward cloud services. In March, Greene and her deputies proudly touted Google’s new approvals under FedRAMP, federal compliance standards for information technology. Google was approved FedRAMP “Moderate,” a designation required for almost 80% of government cloud contracts. Google cloud staff said internally that the Project Maven deal was “fast-tracking” higher FedRAMP authorisation, according to a Gizmodo report.
For now, Google falls short of rivals. Both Microsoft’s Azure and Amazon Web Services (AWS) have “High” certificates that authorise them to hold sensitive or classified data and sell to bodies like the Central Intelligence Agency. To do so, both companies had to set up a separate service called a government cloud.
A critical component of that service is the air gap. Put simply, it physically separates computers from others on a network. So rather than store data from multiple companies on a single server or system, as the commercial cloud providers typically do, a company or agency can place its data and computing processes in isolation on a single piece of hardware. That separation is particularly desirable for agencies in national security, says Michael Carter, vice president of Coalfire, a cybersecurity firm. “Amazon and Azure can literally say, ‘This is your rack,’” he says. “In the government, they want to know where their data is. So if you want to wipe it, go wipe it.”
In sales pitches, Google touts the security features of its cloud service. In a March press briefing, company executives noted how their artificial intelligence software could spot cybersecurity attacks early. “We think that Google cloud is today the most secure cloud out there,” Hölzle said during the briefing.
The entities most likely to require air-gap security systems are government agencies or financial firms. While experts debate the technology’s merits, it does give customers “psychological” comfort, according to Jim Reavis, who runs Cloud Security Alliance, an industry group. “They’re used to having their own computer that they look at, their own blinking light,” he says. “I do question whether or not that’s useful security.”
Greene and other Google executives will have to persuade employees it’s possible to bid for government contracts without violating Google’s new ethical standards. After pledging not to renew the Project Maven contract, which involves using artificial intelligence to analyse drone footage, the company issued a set of AI principles this month that prohibit weapons work. But they don’t rule out selling to the military, and Google continues to pursue other Defense Department cloud contracts.
Several Googlers protesting Project Maven have complained about poor communication from senior leaders. Most staff outside the cloud unit were unaware of the contract until February — five months after it was signed — when questions about the deal began circulating more widely on internal message boards. At one point, Greene told staff the deal was worth a meagre $9mn. Subsequent reports revealed Google expected the contract to rake in $15mn and grow to as much as $250mn.





Related Story