Do they actually prevent malicious abuse, or do they just catch people after the fact and fire them? I know from reading about the NSA that they watch what data agents retrieve, and they're restricted by policy from going snooping, but there's nothing except fear of losing their job that stops them.

Google's servers have the ability to send email from myname@gmail.com and it comes with all the appropriate DKIM signatures to be from "me". They have some kind of auto-reply system such that their computer can automatically send "as me". They're already 90% of the way there: I think you've overestimating how big a change this would be.

I'll also say that I have little to no confidence in "strong internal objections". VW engineers built the emissions-cheating system, Facebook engineers built Beacon, Google engineers dutifully slurped up everyone's private wifi traffic. As long as management dressed it up a little bit and/or reassigned any dissenters, I'm sure they'd get a compliant team to build whatever garbage they wanted.

Obviously you think you're the good guys, and you'd never do that, but you'd be surprised how "good" people can gradually slide into really unethical behaviour. If you haven't read them I recommend https://www.goodreads.com/book/show/558867.Disciplined_Minds and https://www.goodreads.com/book/show/37976541-bad-blood