Nobody associates Google with a cybersecurity company. Kent Walker, head of global affairs at Google subsidiary Alphabet, is determined to change that perception. This week he has made a European tour (Paris, London, Brussels, Madrid, Prague) participating in various events related to cybersecurity. In Madrid, he announced the opening of a cybersecurity center in Malaga in 2023, the third of its kind for Google, and highlighted the importance of protecting systems in the context of cyberwarfare unleashed by the military invasion of Ukraine.
This is part of a 61-year-old Californian’s job that can be counted. The second, and more mysterious, concerns the meetings with high-ranking political leaders he had in all those countries. Including Spain, where he came across at an event with the Minister of the Interior, Fernando Grande Marlasca, and sat down “with representatives” of the government. “We do not go into details about government meetings, but we appreciate the constructive and collaborative approach of the Spanish executive,” he confined himself to saying.
Walker’s diplomatic tone matches his responsibilities. If Google were a country, it would be its Secretary of State. The comparison is not unreasonable, both because of the company’s international influence and its size: Alphabet’s market capitalization ($1.2 trillion) is practically equal to Spain’s GDP (1.4 trillion). The American has more than 30 years of experience in technology, law, and politics. He was an assistant attorney general for the United States in San Francisco and Washington, D.C., where he started one of the nation’s first computer crime units. He later became an advisor to the United States Attorney General on technology policy issues. He joined Google in 2006 after working at Netscape, AOL, and eBay. Walker attends EL PAÍS shortly before boarding a plane for Prague, the last leg of his trip before returning to the United States.
I ask. What can Google offer in the field of cybersecurity?
Answer. We are one of the most attacked websites in the world, but we also protect more people than any other company. And we’ve had the opportunity to learn since we had a major cyberattack in 2009. At the time, we had a high perimeter model, but weaker defenses on the inside. We knew that once attackers got in, they could exploit it. We moved to a model called Zero Trust, where credentials must be approved at every stage, albeit in a simple way. Otherwise, no one will use it. We enhance the concept of security by design. So, instead of security products, we are talking about safe products. Security is built-in, not built-in after the fact.
s. You argue that companies and governments should be more transparent about the cyber attacks they are exposed to. But no one likes to admit that their defenses have been violated.
R was found. I have worked for the US Attorney’s office and am familiar with this problem. When we experienced a cyber attack in 2009, we studied it and learned that 50 other companies were affected, as well as many government agencies. Some did not detect the intrusion, while others decided not to make it public. We decided it was important to change that. So we announced it and attributed the attack to the Chinese government. We’ve done that since then. We believe that this is an important part of responsibility in the global security system.
s. Ukraine is one of the global cybersecurity hotspots. What is Google’s role in this war?
R was found. In Ukraine there is a military war and an economic war. But there is also electronic warfare and information warfare. In terms of electronic warfare, we’ve seen several attacks coming. We work with the Ukrainian government to protect your Gmail accounts with our Advanced Protection Program, and we’ve identified and stopped hundreds of different attacks. We also have Project Shield, which was originally for journalists and small print publications that have been subject to denial-of-service attacks. We are also working with the government on air strike alerts: Ukrainians with Android phones are alerted when missiles are approaching so they can go to shelters. We removed Russia Today, RT, and Sputnik because they were spreading misinformation and false claims about the war. YouTube remains available in Russia so that accurate information about what is happening can be provided.
s. Do they still work in Russia?
R was found. We stopped a good part of our business there. We no longer accept or display ads in Russia. We no longer have employees in the country. The Russian government has fined hundreds of millions of euros and we have already gone bankrupt in response.
s. How do you choose which countries to be in and which not?
R was found. It’s a complex balance. We are constantly trying to fulfill our mission of providing access to information, organizing the world’s information and making it accessible to everyone. However, we also recognize the need to comply with local laws. Countries have different views on what information is appropriate or not. There comes a time when we just can’t do both at once. It is known that in 2010 we had to move our services outside of China. Great Cyber Wall blocks access to Google. We want to stay in as many countries as possible for as long as possible and provide as much information as possible. But sometimes that becomes very difficult.
s. To what extent do you think Google is a tool of US foreign policy?
R was found. We see ourselves as a company serving people all over the world. We have offices in more than 40 countries. It is important that we cooperate with open, democratic societies of all kinds, and support the idea of equal access to information regardless of country. How can we be a responsible global player and, at the same time, realize that we have deep ties and ties with the United States, Europe, and increasingly with Latin America? We are a platform, and a tool for people to find information and achieve things in their lives.
s. The United States and China are fighting a silent battle for technological supremacy. Don’t they look like pieces of that chess game?
R was found. We are not allowed to provide consumer services in China. However, we try to work where we can. We are, in many ways, the smartest and craziest among technology platforms. Almost half of our employees are engineers. And engineers want to solve problems for people all over the world. I think the fact that more than half of the world is online is a real achievement because it has allowed people to access information. It’s a tool that improves people’s lives, no matter what country you live in.
s. The European Union recently approved two important regulations, Digital Services and Digital Markets, that directly affect your business. what do you think? Did you feel like Brussels was listening to you?
R was found. We believe it is good for democracies to regulate technology, set clear guidelines, and build trust. We participate in both the legislative process and the regulatory dialogue. Once laws are passed, how should they be interpreted? what do they mean? This is valid for the Digital Markets Regulation (DMA) and the Digital Services Regulation (DSA), just as before for the General Data Protection Regulation (RGPD). Regulations on data management or freedom of the press, among others, will soon be issued. We are working constructively with governments to try to get it to a good place.
s. What do you think of the arrival of the last two, DSA and DMA?
R was found. DMA is mostly about competition, and DSA is about content moderation. It introduces some complexities into our business and we try to balance a lot of different factors since we are in compliance with the regulators. I think the European Union has not solved some of the major dilemmas. Different governments in different places will draw the line between freedom of expression and social responsibility, utility and privacy, anonymity and reputation value. These are important discussions.
s. Do you see these European regulations and the negotiation of a new data-sharing framework to replace the Privacy Shield as obstacles to developing your business in Europe?
R was found. We hope that the European Union and the United States will solve this latest legal problem. We are optimistic that Europe will undergo the appropriate approval process. We’ve heard that this is likely to happen in the next six months and will eventually enable information exchange across the Atlantic, which is important not just for tech platforms, but for any company that wants to serve customers outside of their country. We hope it is satisfactorily resolved.
s. Would you consider leaving Europe as dead slide if these negotiations fail?
R was found. We are from California so we are optimistic. We think we can probably find the formula that will allow us to provide excellent services to people who live in Europe.
s. To what extent does the €4,000 million fine approved this summer impede your negotiations with Brussels?
R was found. The issue was about integrating different services into Google search. We are in discussions with the European Commission on how to interpret the new WFD rules across all of our services. Given that we not only have Google Search or Google Maps, but also ads from Gmail, Chrome or Android, how can we share data between these services? What types of user consent are required? How can we integrate services in ways that are beneficial to users? And when is it not necessary to integrate them so that other competitors can also provide services? We are in the middle of these discussions. In fact, DMA won’t come into effect until January 2024, so we have a little time, but not much, as this will require profound engineering changes in our architecture.
You can follow country technology in Facebook s Twitter Or sign up here to receive Weekly Bulletin.