Google Protected Computing: Ensuring privacy and safety of data regardless of location

In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general.

Data protection regulations are rapidly developing globally. What impact does this have on organizations that process large amounts of personal data?

Companies all over the world and in every sector use data and technology to drive innovation, which is why we see so many exciting new services and products created every day. To continue this innovation, we need consistent privacy and safety rules across the digital economy and, as best possible, ones that are global in nature to ensure businesses can operate for people everywhere.

We believe organizations of all sizes deserve clarity and consistency around data protection regulation so that they spend less time trying to navigate inconsistent rules and more time preventing harm and responsibly innovating. This is especially true for small and medium-sized enterprises, who don’t always have the resources to overcome challenges brought on by fragmented privacy regulations.

Most importantly, any privacy regulation must put the user first, which is paramount for us when developing our own products and services. We need to ensure people can enjoy the helpful experiences the internet provides while having peace of mind that their data is protected, including easy-to-use controls for managing their own data choices knowing privacy is personal.

What should be considered in the larger context of privacy regulations, digital security, and AI, given the increasing concern for privacy?

Privacy underpins every element of our growing digital economy and we believe regulation must focus on the user. Businesses should be required to adhere to a responsible data approach. For example, we could start by giving consumers baseline assurances around transparency and control. And we could build on that, by creating guidelines on privacy reviews and data minimization for every organization that can be easy to implement, promoting shared processes for protecting people’s data. Norms around good development processes could improve privacy practices for everyone.

At Google, we also know that protecting user privacy requires advanced security. That’s why we have built-in, automatic protections that detect and block threats before they ever reach people in products like Gmail and Search. Baselines and standards in these areas will go a long way in creating a safer digital ecosystem.

How does Protected Computing ensure data privacy and safety?

Over the last decade, we have invested in AI and machine learning that has contributed to us leading the way in developing privacy-enhancing technologies (PETs), like federated learning, differential privacy and fully homomorphic encryption. These tools minimize and protect personal data by allowing for analysis of large data sets in a way where no one person’s information is ever disclosed. They also serve as the foundation of Protected Computing, which we originally announced at I/O last year.

By employing a combination of PETs along with other solutions, we are able to focus on three areas with Protected Computing:

• Minimizing your data footprint: leveraging techniques like edge processing and ephemerality, we shrink the amount of your personally identifiable data.
• De-identifying data: through blurring and randomizing identifiable signals, to adding statistical noise, we use a range of anonymization techniques to strip your identity from your data.
• Restricting access: through technologies like end-to-end encryption and secure enclaves, we make it technically impossible for anyone, including Google, to access your sensitive data.

Beyond Protected Computing, we launched an effort several years ago to make our PETs freely available via open source, allowing any developer or researcher to deploy the same tools we use in their own work and products, including differential privacy, fully homomorphic encryption and more. Our open source contributions democratize access to PETs and this work is a priority for us because we know these technologies have the power to help make the internet safer for every user.

What are the current privacy concerns expressed by users, and what feedback are you receiving from them regarding Protected Computing?

As technology continues to grow increasingly complex, and more people use digital products and services in their daily lives, expectations for privacy and security are rising – as they should be.

Computing no longer happens just on a phone or a laptop, but across our homes, in our cars, on our wrist and in the cloud. It is part of what makes technology so intuitive and helpful. It requires technological innovation to work across such complex and different experiences, and equally it demands an evolution of privacy technologies to keep everyone’s data safe and private.

Protected Computing represents Google’s version of this evolution, and it already powers many great features used by billions of people daily. For example, Android’s Private Compute Core, a secure environment that is isolated from the rest of the operating system and apps, enables AI features like Smart Reply, Live Translate, Spam detection in Messages and Cough & Snore detection. It does so while processing the information on-device, isolated so no other app on your device, or Google, can see that information. Private Compute Core is also open source so its privacy protections are inspectable and verifiable.

What are your plans for the future regarding Protected Computing?

As computing continues to evolve, so will our approach with Protected Computing. Just ten years ago, PETs were largely an academic exercise – ideas that were still untested. But with our continued investment in Protected Computing and work from our engineering teams, we’re now able to apply these novel data processing techniques to more products than ever before, helping protect billions of users around the world.

We’re excited to see how we can deliver even more private experiences across all of our products and will have more news to share throughout the year.