Kent Walker, from Google: “We are the geekiest and craziest of technology platforms” | Technology

No one associates Google with a cybersecurity company. Kent Walker, president of global affairs at Google parent Alphabet, is determined to change that perception. He has been on a European tour this week (Paris, London, Brussels, Madrid, Prague) participating in different events related to cyber security. In Madrid, he announced the opening in 2023 of a cybersecurity center in Malaga, the third of its kind for Google, and highlighted the importance of protecting systems in the context of the cyber war unleashed by the military invasion of Ukraine.

That’s the part of this 61-year-old Californian’s job that can be counted. The other, much more opaque, has to do with the meetings with high-level political leaders that he has held in all those countries. Including Spain, where he coincided in an event with the Minister of the Interior, Fernando Grande-Marlaska, and sat down “with representatives” of the Government. “We do not go into details about the government meetings, but we appreciate the constructive and collaborative approach of the Spanish Executive”, he limits himself to saying.

Walker’s diplomatic tone matches his responsibilities. If Google were a country, he would be its foreign minister. The comparison is not unreasonable, both because of the company’s international influence and its size: Alphabet’s market capitalization (1.2 trillion dollars) is practically equivalent to the GDP of Spain (1.4 trillion). The American has more than 30 years of experience in the fields of technology, law and politics. He was an Assistant United States Attorney in San Francisco and Washington DC, where he started one of the first computer crime units in the country. He later advised the US Attorney General on technology policy issues. He joined Google in 2006 after working at Netscape, AOL and eBay. Walker attends to EL PAÍS shortly before catching a plane to Prague, the last stage of his trip before returning to the US.

Ask. What can Google offer in the field of cybersecurity?

Response. We are one of the most attacked websites in the world, but we also protect more people than any other company. And we have had the opportunity to learn since we suffered a major cyberattack in 2009. At the time, we had a high perimeter model, but weaker defenses on the inside. We learned that once attackers got in, they could exploit it. We moved to a model called Zero Trust, in which credentials must be certified at each stage, albeit in a simple way. Otherwise no one would use it. We are promoting the concept of security by design. Therefore, instead of security products, we talk about secure products. Security is built in, not consolidated after the fact.

P. You argue that companies and governments should be more transparent about the cyberattacks they suffer. But nobody likes to admit that their defenses have been violated.

R. I worked at the United States Attorney General’s Office and am familiar with this problem. When we suffered the cyberattack in 2009, we studied it and learned that there were 50 other companies affected, as well as several government agencies. Some had not detected the intrusion, others decided not to make it public. We decided it was important to change that. So we announced it and attributed the attack to the Chinese government. We have been doing that ever since. And we think that’s an important part of responsibility in the global security ecosystem.

P. Ukraine is one of the hot spots of global cybersecurity. What is Google’s role in this war?

R. In Ukraine there is a military war and an economic war. But there is also a cyber war and an information war. On the cyberwar side, we saw several attacks coming. We work with the Ukrainian government to protect your Gmail accounts through our Advanced Protection Program, and have identified and stopped hundreds of different attacks. We also have Project Shield, which was originally for journalists and small publications that were experiencing denial of service attacks. We also work with the government on air strike alerts: Ukrainians with Android phones are alerted when missiles are approaching so they can go to bomb shelters. We removed Russia Today, RT and Sputnik because they were spreading misinformation and false claims about the war. YouTube remains available in Russia so that accurate information about what is happening can be provided.

P. Do they still operate in Russia?

R. We have discontinued a substantial part of our business there. We no longer accept or show ads in Russia. We no longer have employees in the country. The Russian government has fined us hundreds of millions of euros and we have actually gone bankrupt in response to that.

P. How do you choose which countries to be in and which not?

R. It is a complex balance. We are constantly trying to fulfill our mission of providing access to information, organizing the world’s information and making it universally accessible. However, we also recognize the need to comply with local laws. And countries have different perspectives on what information is appropriate or not. Sometimes there comes a time when we can’t do both things simultaneously. It is known that in 2010 we had to move our services out of China. The Great Cyber ​​Wall blocks access to Google. We want to stay in as many countries as we can for as long as possible and provide as much information as possible. But sometimes that becomes too difficult.

P. To what extent do you think Google is a tool of US foreign policy?

R. We see ourselves as a company serving people all over the world. We have offices in more than 40 countries. It is important that we collaborate with open democratic societies of all kinds, and we support the idea of ​​equal access to information regardless of country. How can we be a responsible global player and, at the same time, recognize that we have deep ties and relationships with the US, Europe and, increasingly, Latin America? We are a platform, a tool for people to find information and achieve things in their lives.

P. The US and China are engaged in a silent battle for technological supremacy. Don’t they look like a piece from that chess game?

R. We are not allowed to provide consumer services in China. However, we are trying to operate where we can. We are, in many ways, the geekiest and craziest of technology platforms. Approximately half of our employees are engineers. And engineers want to solve problems for people all over the world. The fact that more than half of the world is now on the Internet is, I think, a real achievement because it has allowed people to have access to information. It is a tool that improves people’s lives, no matter what country you are in.

P. The EU has recently approved two important regulations, Digital Services and Digital Markets, which directly affect your business. What do you think? Have you felt listened to by Brussels?

R. We think it’s good for democracies to regulate technology, set clear guidelines and build trust. We are involved in both the legislative process and the regulatory dialogue. Once laws are passed, how should they be interpreted? What do they mean? This is valid for the Digital Markets Regulation (DMA) and the Digital Services Regulation (DSA), just as it was before for the General Data Protection Regulation (RGPD). And regulations on Data Governance or Freedom of the Press, among others, will soon come. We are working constructively with governments to try to get them to a good place.

P. What do you think of the last two to arrive, the DSA and the DMA?

R. The DMA is mostly about competition, and the DSA is about content moderation. They introduce some complexities into our business and we’re trying to balance a lot of different factors as we comply with regulators. I think the EU has not resolved some key dilemmas. Different governments will in different places draw the line between freedom of expression and social responsibility, utility and privacy, and anonymity and reputation value. These are important discussions.

P. Do you see these European regulations and the negotiation of a new data sharing framework to replace the Privacy Shield as obstacles to developing your business in Europe?

R. We hope that the EU and the US will resolve this latest legal issue. And we are optimistic that Europe will go through the proper approval process. We have heard that this is likely to happen in the next six months and will ultimately enable the transatlantic exchange of information, which is important not only for technology platforms, but for any company that wants to serve customers outside of their country. originally. We hope that it will be resolved satisfactorily.

P. Do you consider leaving Europe, as Meta slipped, in case these negotiations fail?

R. We come from California and therefore we are optimistic. We believe that we can probably find the formula that will allow us to offer excellent services to people living in Europe.

P. To what extent does the fine of 4,000 million euros that was ratified this summer hinder your negotiations with Brussels?

R. The case had to do with the integration of different services in Google search. We are in discussions with the European Commission on how to interpret the new WFD rules across all of our services. Considering that we not only have Google search or Google Maps, but also ads from Gmail, Chrome or Android, how can we share data between those services? What types of user consent are required? How can we integrate services in ways that are useful to users? And when is it not necessary to integrate them so that other rival companies can also provide services? We are in the middle of these discussions. In fact, the DMA won’t go into effect until January 2024, so we have a little time, but not a lot, as this will require deep engineering changes to our architecture.

You can follow THE COUNTRY TECHNOLOGY in Facebook Y Twitter or sign up here to receive our weekly newsletter.