Category Archives: Public Policy Blog

Google’s views on government, policy and politics

Google, the Wassenaar Arrangement, and vulnerability research

Posted by Neil Martin, Export Compliance Counsel, Google Legal & Tim Willis, Hacker Philanthropist, Chrome Security Team

Cross-posted on the Google Online Security Blog

As the usage and complexity of software grows, the importance of security research has grown with it. It’s through diligent research that we uncover and fix bugs — like Heartbleed and POODLE — that can cause serious security issues for web users around the world.

The time and effort it takes to uncover bugs is significant, and the marketplace for these vulnerabilities is competitive. That’s why we provide cash rewards for quality security research that identifies problems in our own products or proactive improvements to open-source products. We’ve paid more than $4 million to researchers from all around the world - our current Hall of Fame includes researchers from Germany, the U.S., Japan, Brazil, and more than 30 other countries.

Problematic new export controls 

With the benefits of security research in mind, there has been some public head scratching and analysis around proposed export control rules put forth by the U.S. Department of Commerce that would negatively affect vulnerability research.

The Commerce Department's proposed rules stem from U.S. membership in the Wassenaar Arrangement, a multilateral export control association. Members of the Wassenaar Arrangement have agreed to control a wide range of goods, software, and information, including technologies relating to "intrusion software" (as they've defined that term).

We believe that these proposed rules, as currently written, would have a significant negative impact on the open security research community. They would also hamper our ability to defend ourselves, our users, and make the web safer. It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure.

Google comments on proposed rules 

Earlier today, we formally submitted comments on the proposed rules to the United States Commerce Department’s Bureau of Industry and Security (BIS). Our comments are lengthy, but we wanted to share some of the main concerns and questions that we have officially expressed to the U.S. government today:

  • Rules are dangerously broad and vague. The proposed rules are not feasible and would require Google to request thousands - maybe even tens of thousands - of export licenses. Since Google operates in many different countries, the controls could cover our communications about software vulnerabilities, including: emails, code review systems, bug tracking systems, instant messages - even some in-person conversations! BIS’ own FAQ states that information about a vulnerability, including its causes, wouldn’t be controlled, but we believe that it sometimes actually could be controlled information. 
  • You should never need a license when you report a bug to get it fixed. There should be standing license exceptions for everyone when controlled information is reported back to manufacturers for the purposes of fixing a vulnerability. This would provide protection for security researchers that report vulnerabilities, exploits, or other controlled information to any manufacturer or their agent. 
  • Global companies should be able to share information globally. If we have information about intrusion software, we should be able to share that with our engineers, no matter where they physically sit. 
  • Clarity is crucial. We acknowledge that we have a team of lawyers here to help us out, but navigating these controls shouldn’t be that complex and confusing. If BIS is going to implement the proposed controls, we recommend providing a simple, visual flowchart for everyone to easily understand when they need a license. 
  • These controls should be changed ASAP. The only way to fix the scope of the intrusion software controls is to do it at the annual meeting of Wassenaar Arrangement members in December 2015. 
We’re committed to working with BIS to make sure that both white hat security researchers’ interests and Google users’ interests are front of mind. The proposed BIS rule for public comment is available here, and comments can also be sent directly to [email protected]. If BIS publishes another proposed rule on intrusion software, we’ll make sure to come back and update this blog post with details.

Improving patent quality one search at a time

Good patents support innovation while bad patents hinder it. Bad patents drive up costs for innovative companies that must choose between paying undeserved license fees or staggering litigation costs. That’s why today we are excited to launch a new version of Google Patents, which has the power to improve patent quality by helping experts and the public find the most relevant references for judging whether a patent is valid.

The ability to search for the most relevant references--the best prior art--is more important today than ever. Patent filings have steadily increased with 600,000 applications filed and 300,000 patents issued in 2014 alone. At the same time, litigation rates are continuing their dramatic climb, with patent trolls bringing the majority of cases, hitting companies of every size in industries from high-tech to main street. 

Traditional searches often focus on other patents. But the best prior art might be a harder-to-find book, article, or manual. That was true in the “shopping cart” patent case. After many companies paid out millions in settlements, a court finally struck down the patent in light of two books that were not found by the examiner who issued the patent.

The new Google Patents helps users find non-patent prior art by cataloguing it, using the same scheme that applies to patents. We’ve trained a machine classification model to classify everything found in Google Scholar using Cooperative Patent Classification codes. Now users can search for “autonomous vehicles” or “email encryption” and find prior art across patents, technical journals, scientific books, and more.

We’ve also simplified the interface, giving users one location for all patent-related searching and intuitive search fields. And thanks to Google Translate, users can search for foreign patent documents using English keywords. As we said in our May 2015 comments on the PTO’s Patent Quality Initiative, we hope this tool will make patent examination more efficient and help stop bad patents from issuing which would be good for innovation and benefit the public.

Posted by Allen Lo, Deputy General Counsel for Patents and Ian Wetherbee, Software Engineer for Google Patents

“Revenge porn” and Search

by Amit Singhal, SVP, Google Search

We’ve heard many troubling stories of “revenge porn”: an ex-partner seeking to publicly humiliate a person by posting private images of them, or hackers stealing and distributing images from victims’ accounts. Some images even end up on “sextortion” sites that force people to pay to have their images removed.

Our philosophy has always been that Search should reflect the whole web. But revenge porn images are intensely personal and emotionally damaging, and serve only to degrade the victims—predominantly women. So going forward, we’ll honor requests from people to remove nude or sexually explicit images shared without their consent from Google Search results. This is a narrow and limited policy, similar to how we treat removal requests for other highly sensitive personal information, such as bank account numbers and signatures, that may surface in our search results.

In the coming weeks we’ll put up a web form people can use to submit these requests to us, and we’ll update this blog post with the link.

We know this won’t solve the problem of revenge porn—we aren’t able, of course, to remove these images from the websites themselves—but we hope that honoring people’s requests to remove such imagery from our search results can help.

UPDATE, 7/9/2015: People can use this webform to submit revenge porn removal requests.

Encouraging Innovation: Wi-Fi and LTE in Unlicensed Spectrum Bands

by Nihar Jindal, Hardware Engineer, Access & Energy

In the 20 years since the Federal Communications Commission (“FCC”) first made spectrum available on an unlicensed basis, technologies such as Wi-Fi and Bluetooth have flourished. Innovation in unlicensed spectrum has given people more opportunity to access the Internet, when and where they need it.

Carriers are also innovating in licensed spectrum, deploying Long Term Evolution (“LTE”) networks that enable the delivery of data traffic faster and more efficiently than previous generations of technology such as 3G. Indeed, a spectrum policy that balances licensed and unlicensed opportunities has allowed expansive growth of the wireless economy, benefiting consumers, innovators, and investors.

With the rapid growth of data services and high bandwidth applications, mobile operators need more capacity than ever. One way to meet the need is to move traffic from their licensed network to the 2.4 GHz and 5 GHz unlicensed bands, known as “Wi-Fi offloading”. Offloading benefits carriers and consumers: carriers find additional capacity to relieve congestion on their network and consumers have a high-quality experience.

In recent months, several carriers and suppliers have announced plans to deploy LTE, a technology historically deployed only in licensed frequencies, in the 5 GHz unlicensed band as a means for providing additional capacity to customers. One part of the LTE stream operates in a licensed frequency, and the mobile operator has the flexibility to determine whether to send other portions over licensed or unlicensed frequencies. This arrangement provides licensed operators access to additional spectrum without the expense of obtaining a license, while allowing them to maintain the quality of service expected for licensed services. This form of LTE cannot be used without access to licensed spectrum.

However, LTE over unlicensed — at least as currently conceived — presents new challenges for coexistence with other unlicensed technologies. A new white paper by Google engineers, which we filed with the FCC this week, summarizes our initial investigation into the issue of coexistence between license-anchored LTE and Wi-Fi in the 5 GHz band. The paper shows that in many circumstances, LTE over unlicensed coexists poorly with Wi-Fi.

Although all players in the wireless ecosystem should have the ability to utilize unlicensed spectrum within the FCC’s rules, LTE over unlicensed has the potential to crowd out unlicensed services. Holders of licensed spectrum shouldn’t be able to convert the unlicensed 5 GHz band into a de-facto licensed spectrum band, and certainly they should not have the ability to drive out other unlicensed users.

The ability for diverse technologies to operate together in the unlicensed bands has typically been resolved through cooperation and without regulatory intervention. Providers of unlicensed services share an incentive to make sure that players are able to deliver services in the band without fundamentally degrading other unlicensed activity. The incentives to coexist may be different when providers can fall back to licensed spectrum in the event of conflicts in unlicensed spectrum. But there is still time for the industry-led cooperation that enables technologies like Wi-Fi and Bluetooth to coexist successfully.

A potential solution that would avoid coexistence problems in the 5 GHz band is for carriers instead to utilize newly available spectrum in the 3.5 GHz band for additional capacity. The FCC recently identified the now-underutilized 3.5 GHz band spectrum as ideal for this kind of use.

The entire wireless ecosystem should be concerned about allowing one innovation to block others — past and future. The best way to stimulate innovation without regulatory intervention is for the industry to maximize use of all available spectrum and develop workable coexistence and coordination mechanisms that encourage widespread access to unlicensed spectrum. 

Creating Broadband Abundance

by Staci Pies, Senior Counsel, Public Policy and Government Relations

Over the last few years, we've started to see gigabit Internet service transform communities. It has provided a platform for economic development and new ways to use technology to improve citizens’ lives. What’s more, where there is competition, it is driving a race between broadband providers, giving consumers higher speeds, greater choice, and lower prices.

The U.S. shouldn’t settle for less than ubiquitous, abundant broadband access. Unfortunately, many consumers don’t have much choice in broadband providers and for most, gigabit Internet is still a dream. Market-based solutions are critical to closing the gap, yet regulation on the federal, state, and local levels has not kept pace with technological innovation. Some regulations, such as those addressing access to infrastructure, fail to remove — and sometimes worsen — barriers to broadband deployment. Policymakers’ top broadband goal should be abundance, which can be brought about by competition, investment, and adoption.

Earlier this year, the Obama Administration created a “Broadband Opportunity Council” of federal government agencies to examine how each agency could remove barriers to broadband deployment. Today, we’re sharing our ideas with the Council in a filing with the U.S. Commerce Department.

Google has always invested in making online content and applications more widely available. We’re also creating more abundant broadband access through services like Google Fiber and wireless projects. Our experience has given us some ideas for how government officials can implement policies to make the U.S. fiber ready, wireless ready, and consumer ready.

Fiber Ready 
One of the biggest challenges facing new broadband entrants, including Google Fiber, is accessing existing infrastructure. Policymakers can help reduce delays associated with obtaining adequate information, attaching to existing utility poles, and increasing access to existing conduit and rights of way. Moreover, we can streamline processes that pole owners and existing attachers use to get poles ready for a new provider (known as “make-ready” work).

Another challenge for new broadband entrants is unreasonably high rates for access to video programming. The FCC's policy of allowing non-cost based discounts under the guise of permitted volume discounts undermines broadband entry and deployment. The policy should be revised to require covered programmers to justify how their discounts for the biggest incumbents relate to actual cost savings. Most consumers want to buy Internet and video programming in one package. Encouraging the competitive availability of video services can spur the deployment of high-speed networks, resulting in more consumer choice.

Wireless Ready 
Wireless service plays a critical role in bringing broadband to rural areas where low population densities and challenging terrain make traditional deployments prohibitively expensive, and to underserved areas that lack robust infrastructure. Whether a consumer uses a DSL, cable or fiber connection, she likely is using Wi-Fi as the last link for connectivity. To promote broadband abundance, policymakers can ensure that sufficient spectrum is available for Wi-Fi and other unlicensed technologies and adopt policies to enable sharing of underused spectrum.

Consumer Ready 
About 30 percent of Americans still don’t use the Internet at home, leaving them at a disadvantage when it comes to education, job opportunities, and social and civic engagement. Google Fiber has committed to address digital inclusion and adoption with community partners and local leaders, but a broader effort is needed to bring all Americans online. As part of our filing with the Commerce Department, we propose a number of ideas for how the government can further broadband adoption and digital inclusion.

These proposals include expanding digital literacy programs; driving public awareness about why the Internet matters; and modernizing the Lifeline program to shift the responsibility for determining eligibility away from carriers to enable consumers to choose connectivity services that meet their needs. These ideas are an essential complement to the work of Google and others to make the Internet faster and more affordable for more people across the country.

A successful agenda to increase broadband deployment and bandwidth abundance will benefit consumers, small businesses and the economy. We hope that the new Broadband Opportunity Council will remove barriers, give Americans more choices at higher speeds, and help reach the goal of nationwide broadband abundance.

Congress takes a significant step to reform government surveillance

Posted by Susan Molinari, Vice President, Americas Public Policy and Government Relations

In passing the USA Freedom Act, Congress has made a significant down payment on broader surveillance reform. Today marks the first time since its enactment in 1978 that the Foreign Intelligence Surveillance Act (FISA) has been amended in a way that reflects privacy rights enshrined in our history, tradition, and Constitution.

While most of the focus has been on ending the bulk telephony metadata program under Section 215 of the PATRIOT Act, there are other meaningful reforms in the bill for Internet users. The USA Freedom Act shuts the door to the bulk collection of Internet metadata under a separate legal authority that the government relied upon in the past to collect Internet metadata in bulk. The USA Freedom Act additionally prevents bulk collection of Internet metadata through the issuance of National Security Letters.

Not all of these legal authorities expired on June 1, and we are pleased that Congress took the initiative to prevent the bulk collection of Internet metadata under these legal authorities.

Today’s vote represents a critical first step toward restoring trust in the Internet, but it is only a first step. We look forward to working with Congress on further reforms in the near future.

Trade Promotion Authority that supports digital economic growth

Posted by Susan Molinari, VP of Americas Public Policy and Government Affairs

Today, there are more artists, publishers, and authors creating more works for global audiences, on a growing number of platforms -- on YouTube, Facebook, Spotify, Twitter, Dailymotion, Tumblr, Medium, SoundCloud, Etsy, Vine, Pinterest and more.

These digital exchanges have become an increasingly important driver of the global economy. As a result, more open trade has the potential to give creators, online platforms and other businesses access to more consumers around the world. And Trade Promotion Authority -- which empowers U.S. officials to negotiate trade agreements subject to up or down votes in Congress -- presents an opportunity to modernize our trade strategy for the Internet era.

While U.S. trade agreements have historically included copyright provisions to protect right holders, the Internet’s success depends on both copyright protection and pro-innovation limitations and exceptions, such as fair use and safe harbors for online platforms. Without both, Internet platforms -- and the explosion of creativity and new distribution channels they have enabled -- would not be possible.

We tend to take this balanced approach for granted in the U.S. But without trade agreements reflecting that balance, there is a very real risk that the Internet’s most popular platforms -- like search engines, video sharing sites, and social networks -- could be hindered or even blocked in foreign markets on the basis of one-sided copyright principles. And that could hurt the overall U.S. economy; one study found that 1 in 8 U.S. jobs are tied to industries that rely on copyright limitations and exceptions.

We were glad that U.S. Trade Representative Michael Froman last year committed to “asking our trading partners to secure robust balance in their copyright systems -- an unprecedented move that draws directly on U.S. copyright exceptions and limitations, including fair use.” That was a big step. 

And while it’s unfortunate that the Trade Promotion Authority legislation now being debated by Congress does not on its face fully reflect Ambassador Froman’s commitment, we’re happy that the bill’s authors made clear for the first time ever (in their accompanying report on the bill) that trade agreements should foster an appropriate balance, including copyright limitations and exceptions. It’s progress. We’re also glad to see other provisions to promote pro-innovation policies globally.

We hope Congress will approve Trade Promotion Authority, and urge trade officials to increasingly promote the balanced copyright policies abroad that have enabled great content and Internet platforms to thrive.

A strong vote to reform our surveillance laws

Posted by Susan Molinari, VP, Public Policy and Government Affairs, Americas 

We’re grateful that the U.S. House of Representatives just approved the USA Freedom Act, which -- as I blogged last week -- takes a big step toward reforming our surveillance laws while preserving important national security authorities. It ends bulk collection of communications metadata under various legal authorities, allows companies like Google to disclose national security demands with greater granularity, and creates new accountability and oversight mechanisms.

The bill’s authors have worked hard to forge a bipartisan consensus, and the bill approved today is supported by the Obama Administration, including the intelligence community. The bill now moves to the other side of the Capitol, and we hope that the Senate will use the June 1 expiration of Section 215 and other legal authorities to modernize and reform our surveillance programs, while recognizing the importance of protecting Americans from harm. We believe the bill approved today achieves that goal.

Event @ Google DC: Inspiring Girls to Learn Computer Science

Posted by Kate Sheerin, Public Policy and Government Affairs Analyst 

For students today, coding is becoming an essential skill just like reading, writing and math. And the need for coders is only going to increase over the next few years. But today, fewer than one percent of high school girls express interest in majoring in computer science.

Research tells us that perceptions of CS and computer scientists are primary drivers that motivate girls to pursue CS. Disney Junior and Google recently teamed up on their series “Miles from Tomorrowland” to take on this challenge in a new way.

This Monday, May 18, we invite you to join us at our DC office to hear more about this exciting project.

“Coding Tomorrow: A Conversation About Inspiring Girls to Learn CS” 
Monday, May 18, 2015 
3:00-4:00PM ET 
Google DC 
25 Massachusetts Ave NW - Ninth Floor 
Washington DC 

The event will feature a panel discussion with Dr. Yvonne Cagle, NASA’s Johnson Space Center Space and Life Sciences Directorate and Series Consultant, “Miles from Tomorrowland”, Julie Ann Crommett, CS Education in Media Program Manager at Google, Nancy Kanter, Executive Vice President, Original Programming and General Manager at Disney Junior, Angela Navarro, Google Software Engineer, and Sascha Paladino, Creator and Executive Producer of “Miles From Tomorrowland” and remarks by Congresswoman Susan Brooks and Congresswoman Suzan DelBene.

Hope to see you there.

Congress Has Only A Few Weeks Left to Modernize Surveillance Laws

by Susan Molinari, Vice President, Americas Public Policy and Government Relations

Nearly two years have passed since the initial Snowden revelations. In about a month, Section 215 of the Patriot Act -- one of the key authorities relied upon by the government to undertake bulk collection -- is set to expire. As we and others noted last month, Section 215 should not be reauthorized without significant changes.

Yesterday, a bipartisan group of legislators in the House and Senate introduced legislation that represents a step toward broader surveillance reform while preserving important national security authorities. Google supports this measure as introduced, the USA Freedom Act of 2015, and we urge Congress to move expeditiously to enact it into law.

The bill would advance several important goals that Google and other members of the Reform Government Surveillance coalition (RGS) underscored in principles unveiled in 2013:

  • First, the bill would end the bulk collection of communications metadata under various legal authorities. This not only includes telephony metadata collected under Section 215, but also Internet metadata that has been or could be collected under other legal authorities. 
  •  Second, the bill would enable companies like Google to disclose the volume and scope of national security demands in smaller ranges (bands of 500) than we are currently permitted to report national security demands (bands of 1,000). 
  •  Finally, the bill would create new oversight and accountability mechanisms that will shed greater light on the decisions reached by the Foreign Intelligence Surveillance Court (FISC), and enable participation by outside attorneys in cases involving significant interpretations of the law. 

While the USA Freedom Act of 2015 does not address the full panoply of reforms that Congress ought to undertake, it represents a significant down payment on broader government surveillance reform. It is critical that Congress now act to begin to restore consumers’ trust in the Internet.