Public Policy Blog
Updates on technology policy issues
Iranian phishing on the rise as elections approach
Wednesday, June 12, 2013
Posted by Eric Grosse, VP Security Engineering
Cross-posted from the
Google Online Security Blog
For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.
Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that
targeted users within Iran
. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.
Protecting our users’ accounts is one of our top priorities, so we notify targets of
state-sponsored attacks
and other
suspicious activity
, and we take other appropriate actions to limit the impact of these attacks on our users. Especially if you are in Iran, we encourage you to
take extra steps to protect your account
. Watching out for phishing, using a modern browser like Chrome and
enabling 2-step verification
can make you significantly more secure against these and many other types of attacks. Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don’t enter your Google password.
Asking the U.S. government to allow Google to publish more national security request data
Tuesday, June 11, 2013
This morning we sent the following letter to the offices of the Attorney General and the Federal Bureau of Investigation. Read the full text below.
-Ed.
Dear Attorney General Holder and Director Mueller
Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.
We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.
Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.
We will be making this letter public and await your response.
David Drummond
Chief Legal Officer
Helping passwords better protect you
Thursday, May 30, 2013
Posted by Diana Smetters, Software Engineer
Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. Starting today, we'll also be posting regularly with privacy and security tips. We hope this information helps you understand the choices and control that you have over your online information.
-Ed.
It could be your Gmail, your photos or your documents—whatever you have in your Google Account, we work hard to make sure it’s protected from would-be identity thieves, other bad guys, or any illegitimate attempts to access your information.
But you can also help keep your information safe. Think of how upset you would be if someone else got access to your Google Account without your permission, and then take five minutes to follow the steps below and help make it more secure. Let’s start with the key to unlocking your account—your password:
1. Use a different password for each important service
Make sure you have a different password for every important online account you have. Bad guys will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account. Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.
Giving an account its own, strong password helps protect you and your information in that account. Start today by making sure your Google Account has a unique password.
2. Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them—including potential attackers. Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you. We know it’s hard: the average password is shorter than 8 characters, and many just contain letters. In a database of 32 million real passwords that were made public in 2009,
analysis showed
(PDF) only 54 percent included numbers, and only 3.7 percent had special characters like & or $.
One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password. For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”. Don’t use popular phrases or lyrics to build your password—
research suggests
that people gravitate to the same phrases, and you want your password to be something only you know.
Google doesn’t restrict password length, so go wild!
3. Keep your password somewhere safe
Research shows
(PDF) that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services. But don’t worry—if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it. If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option.
Chrome
and many web browsers have free password managers built into them, and there are many independent options as well—take a few minutes to read through reviews and see what would be best for your needs.
4. Set a recovery option
Have you ever forgotten your password? Has one of your friends ever been locked out of their account?
Setting a recovery option
, like an alternate email address or a telephone number, helps give the service provider another way to contact you if you are ever locked out of your account. Having an up-to-date recovery phone or email address is the best thing you can do to make sure you can get back into your account fast if there is ever a problem.
If you haven’t set a recovery option for your Google Account,
add one now
. If you have, just take a second to make sure it’s up to date.
We have more tips on how to pick a good password on our
Help Center
, and in the video below:
Your online safety and privacy is important to you, and it’s important to us, too. We’ve made a
huge amount of progress
to help protect your Google Account from people who want to break into it, but for the time being, creating a unique, strong password is still an important way to protect your online accounts. Please take five minutes today to reset your important passwords using the tips above, and stay tuned for more security tips throughout the summer.
Protecting Seniors from Identity Theft
Tuesday, May 7, 2013
Posted by Jenny Backus, Public Policy Team
Every day in this country, someone’s mother, grandfather, or older neighbor is a victim of identity theft. Whether the identity thieves attack through a confusing telemarketing scam, a misleading piece of mail, or over the Internet, seniors and their families are increasingly at risk of long-term financial and emotional damage that can take years to undo.
In order to address this issue, the Federal Trade Commission and a coalition of public and private partners like the National Consumer League’s
Fraud.org
are working together to protect seniors from identity theft. Google will also be recognizing Older Americans Month this May by offering tips for seniors to help them stay safe and secure online.
The FTC’s
report
of 2012 consumer complaint data recently showed that complaints about identity theft from older Americans are increasing at a faster rate than for any other age group. In fact, identity theft complaints from those over 70 increased by almost 70% since 2010, while complaints from 60 to 70 year olds increased by 53% in the same period.
Google’s
Good to Know
site is designed to help educate consumers of all ages about online threats and tools they can use to protect themselves, including information on
how to protect themselves from identity theft
.
Here are five tips from our security experts:
Don’t reply if you see a suspicious email, instant message or webpage asking for your personal or financial information. Identity thieves can steal your information and then use it to withdraw money from your bank account.
Never enter your password if you’ve arrived at a site by following a link in an email or chat that you don’t trust.
If you see a message from someone you know that doesn’t seem like them, their account might have been compromised by a cyber criminal who is trying to get money or information from you. Think before responding!
Don’t send your password via email, and don’t share your password with others. Legitimate sites won’t ask you to send them your passwords via email, so don’t respond if you get requests for your passwords to online sites.
Report any suspicious emails and scams. Many email providers, including Gmail, provide an easy way for you to report fishy emails and scams, and it can help our teams stop similar mail from being sent to you and others.
Seniors around the country can also learn more by attending or viewing by webcast the FTC’s workshop today on
protecting seniors from identity theft
. With speakers from some of the most trusted consumer groups, local, state and government leaders, and lead experts on fraud prevention, the FTC workshop will focus on forms of ID theft that are particularly significant for seniors, from the risks that seniors face in nursing homes to the identity theft concerns that arise when they file their taxes or seek government assistance, which is increasingly happening online.
Stopping bad actors who target seniors and preventing the rise of identity theft is a shared mission for all of us. Google is committed to making the Internet safer, and protecting our users of all ages.
Congress, now live on YouTube
Tuesday, April 30, 2013
Posted by
Robert Kyncl, Vice President, Global Head of Content Partnerships for YouTube
& Susan Molinari, Vice President, Public Policy and Government Relations
Video plays a powerful role in bringing us closer together, especially when it connects people in real time. By transcending borders, empowering citizens, and increasing transparency, it’s one of the many ways technology allows democracy to thrive. Starting this week, all members of the U.S. Congress will
have the opportunity to access enhanced features on their YouTube channels, including the ability to live stream video.
Live video is already allowing elected officials and their constituents to reach one another in innovative ways. Thousands tuned in to YouTube to watch the president’s
State of the Union address
and the corresponding
Republican response
this February. Engagement is growing across many types of platforms — Google+ Hang
outs, for example,
have sparked face-to-face conversations on topics ranging from
gun control
to the
national economy
and have allowed people on the other side of the world to
share their stories at Congressional hearings
.
If you’re a member of Congress and would like to know more, check out these Dear Colleague letters issued by the
House
and
Senate
. Whether it’s to share a look into your daily work, broadcast speeches and meetings, or showcase events in your state or district, we can’t wait to see how you connect with your constituents.
The Big Tent comes to Washington
Friday, April 26, 2013
Posted by Susan Molinari, Vice President, Public Policy and Government Relations
When we started holding our
Big Tent
events in London
two years ago
, we wanted to stir up lively conversation about some of the hot topics relating to the Internet and society. After all, the political meaning of a
“big tent”
is to attract diverse viewpoints to come together in one place. Since then, we’ve held more than 20 Big Tents on three different continents to debate issues ranging from arts and culture online to the economic impact of the web.
Later today, the Big Tent is
coming to Washington, D.C
. for the first time. Along with our partner Bloomberg, we'll hear from some of the top names in media, government and the arts for discussions about one of the values we hold most dear:
the right to free expression
.
Can free speech survive in the digital age? At a time when too many governments deny their citizens the right to dissent, we’ll ask if the Internet is reaching its promise of empowering people around the world. We’ll have sessions on the limits to free speech online, national security in the Internet age, and creativity and freedom on the web.
Google’s executive chairman Eric Schmidt and senior vice president and chief legal officer David Drummond will be joined by a variety of speakers, including former U.S. attorney general Alberto Gonzales, deputy secretary of homeland security Jane Holl Lute, Bloomberg chief content officer Norman Pearlstine, former New York Times executive editor Bill Keller, and Saudi Arabian comedian and YouTube star Omar Hussein.
Things kick off at 1:30pm EDT today—you can watch the entire event on
Bloomberg’s live stream
and tune in to the
Big Tent Google+ page
for updates as the event unfolds. Later on, we’ll also upload video clips to the
Big Tent YouTube channel
. We hope you’ll join us for exciting conversations about how to best keep the Internet free and open.
Transparency Report: More government removal requests than ever before
Thursday, April 25, 2013
Posted by Susan Infantino, Legal Director
Three years ago when we
launched
the
Transparency Report
, we said we hoped it would shine some light on the scale and scope of government requests for censorship and data around the globe. Today, for the seventh time, we’re releasing new numbers showing
requests from governments to remove content
from our services. From July to December 2012, we received 2,285 government requests to remove 24,179 pieces of content—an increase from the 1,811 requests to remove 18,070 pieces of content that we received during the first half of 2012.
As we’ve gathered and released more data over time, it’s become increasingly clear that the scope of government attempts to censor content on Google services has grown. In more places than ever, we’ve been asked by governments to remove political content that people post on our services. In this particular time period, we received court orders in several countries to remove blog posts criticizing government officials or their associates. You can read more about these requests by looking at the
annotations
section of the Transparency Report. Of particular note were three occurrences that took place in the second half of 2012:
There was a sharp increase in requests from
Brazil
, where we received 697 requests to remove content from our platforms (of which 640 were court orders—meaning we received an average of 3.5 court orders per day during this time period), up from 191 during the first half of the year. The big reason for the spike was the
municipal elections
, which took place last fall. Nearly half of the total requests—316 to be exact—called for the removal of 756 pieces of content related to alleged violations of the
Brazilian Electoral Code
, which forbids defamation and commentary that offends candidates. We’re appealing many of these cases, on the basis that the content is protected by freedom of expression under the Brazilian Constitution.
Another place where we saw an increase was from
Russia
, where a
new law took effect
last fall. In the first half of 2012, we received six requests, the most we had ever received in any given six-month period from Russia. But in the second half of the year, we received 114 requests to remove content—107 of them citing this new law.
During this period, we received inquiries from 20 countries regarding YouTube videos containing clips of the movie “Innocence of Muslims.” While the videos were within our
Community Guidelines
, we restricted videos from view in several countries in accordance with local law after receiving formal legal complaints. We also temporarily restricted videos from view in Egypt and Libya due to the particularly difficult circumstances there.
We’ve also made a couple of improvements to the Transparency Report since our last update:
We’re now breaking down government requests about YouTube videos to clarify whether we removed videos in response to government requests for violating Community Guidelines, or whether we restricted videos from view due to local laws. You can see the details by scrolling to the bottom of each country-specific page.
We’ve also refreshed the look of the
Traffic
section, making it easier to see where and when disruptions have occurred to Google services. You can see a map where our services are currently disrupted; you can see a map of all known disruptions since 2009; and you can more easily navigate between time periods and regions.
The information we share on the Transparency Report is just a sliver of what happens on the Internet. But as we disclose more data and continue to expand it over time, we hope it helps draw attention to the laws around the world that govern the free flow of information online.
More momentum toward digital due process
Thursday, April 25, 2013
Posted by David Lieber, Privacy Policy Counsel
Three years ago, Google
helped found
a coalition
of technology companies, privacy advocates and academics to update the Electronic Communications Privacy Act (ECPA) of 1986. Today the
Digital Due Process coalition
includes more than 90 members, all devoted to bringing this federal law in line with how people use the web today.
ECPA no longer reflects the expectation of privacy that Google users and other users of the Internet reasonably have.
For example, an email may receive more robust privacy protections under ECPA depending on how old it is or whether it has been opened. The privacy of electronic communications should not hinge on such arbitrary factors.
Today, the Senate Judiciary Committee took a significant step toward updating ECPA by passing
legislation
that would require the government to obtain a warrant in order to compel service providers to disclose the content of emails and other electronic content that they store on behalf of users. The bill replaces a confusing array of distinctions that ECPA makes with a bright line, warrant-for-content rule.
This is an important moment for all Internet users, and we’re deeply appreciative of Senators Leahy and Lee’s leadership in advancing this bill. We’ve also been
working closely
with the House Judiciary Committee on this issue and we look forward to continuing to work with Congress to update ECPA.
YouTube wins case against Viacom (again)
Thursday, April 18, 2013
Posted by Kent Walker, Senior Vice President & General Counsel, Google
Cross-posted from the
Official YouTube Blog
Today is an important day for the Internet. For the second time, a
federal court
correctly rejected Viacom’s lawsuit against YouTube. This is a win not just for YouTube, but for the billions of people worldwide who depend on the web to freely exchange ideas and information.
In enacting the Digital Millennium Copyright Act, Congress effectively balanced the public interest in free expression with the rights of copyright holders. The court today reaffirmed an established judicial consensus that the DMCA protects web platforms like YouTube that work with rightsholders and take appropriate steps to remove user-generated content that rightsholders notify them is infringing.
The growing YouTube community includes not only a billion individual users, but tens of thousands of partners who earn revenue from the platform -- from independent musicians and creators to some of the world’s biggest record labels, movie studios, and news organizations. Today’s decision recognizes YouTube as a thriving and vibrant forum for all these users, creators and consumers alike. Today is an important day for the Internet.
Improving software patent quality to support innovation
Tuesday, April 16, 2013
Posted by Suzanne Michel, Senior Patent Counsel
We filed
comments
yesterday with the U.S. Patent and Trademark Office (PTO) on software patent quality, where we argue that better application of
established legal principles
can help reduce the number of vague, overbroad software patents issued. We think this will protect real innovation while helping to solve some growing problems in the patent system.
Many software patents are so broad as to claim every way of doing something on a computer. And the boundaries of these patents are often unclear. The Patent Office would never permit a patent that covered “any combination of molecules to treat a headache with a pill,” but it regularly does this by allowing software patent claims covering only a goal—not an inventive solution.
By more consistently applying legal rules that require specificity around functional software claims, the PTO can ensure that software patents reward and protect the creative work of building great software products—not just coming up with vague or abstract ideas.
We filed our comments in response to the PTO’s ne
w
partnership with the software community
and its recent
call for
public comment
on improving patent quality
.
We commend the PTO’s efforts in this area and look forward to working constructively with the agency in the future.
In our comments, we also suggest that the PTO consider how improved technical training for patent examiners, expanded
prior art databases
, and standardized terminology used across all software patent applications can help improve quality.
Improving software patent quality is critically important to innovation, which is under attack by patent assertion entities (also known as patent trolls). Trolls don’t make anything; they simply use patents to extract money—almost
$30 billion a year
—from productive companies through litigation. Trolls often target
startups and small businesses
that lack the resources or expertise to effectively deal with such lawsuits.
The trolls’ weapons of choice are low-quality software patents: today, most patent litigation is brought by trolls, and about
82% of those suits
involve software. There is no single fix to the troll problem, but improving software patent quality will help stem the tide while also supporting real innovation.
Beyond the Password: Protecting Your Online Identity
Friday, April 12, 2013
Posted by David Lieber, Public Policy Team
Just like burglars and thieves, cyber criminals have many different ways to steal personal information and money. Consumers and technical experts alike are awakening to the reality that passwords - even those that are developed in ways that reduce the likelihood of a breach - are
not the cure-all for online security
.
Last year,
Wired
senior writer Mat Honan drew attention worldwide for his first-person account of having his online identity hijacked -- a story that spurred a conversation about passwords and online privacy and security. On
Wednesday, April 17th
, Google DC is hosting a talk with FTC Commissioner Maureen Ohlhausen on data security, followed by a fireside chat with Mat Honan and security experts to discuss security challenges and the solutions that companies are working on to protect consumers against existing and emerging threats.
Beyond the Password: Protecting Your Online Identity
Wednesday, April 17th
5:00 PM - 6:00 PM
Google DC
If you are in the DC area, p
lease join us
for an engaging discussion about
protecting your online
identity. RSVP by
clicking
here
.
Plan your digital afterlife with Inactive Account Manager
Thursday, April 11, 2013
Posted by Andreas Tuerk, Product Manager
Not many of us like thinking about death — especially our own. But making plans for what happens after you’re gone is really important for the people you leave behind. So today, we’re launching a new feature that makes it easy to tell Google what you want done with your digital assets when you die or can no longer use your account.
The feature is called
Inactive Account Manager
— not a great name, we know — and you’ll find it on your Google Account settings
page
. You can tell us what to do with your Gmail messages and data from several other Google services if your account becomes inactive for any reason.
For example, you can choose to have your data deleted — after three, six, nine or 12 months of inactivity. Or you can select trusted contacts to receive data from some or all of the following services: +1s; Blogger; Contacts and Circles; Drive; Gmail; Google+ Profiles, Pages and Streams; Picasa Web Albums; Google Voice and YouTube. Before our systems take any action, we’ll first warn you by sending a text message to your cellphone and email to the secondary address you’ve provided.
We hope that this new feature will enable you to plan your digital afterlife — in a way that protects your privacy and security — and make life easier for your loved ones after you’re gone.
Labels
Accessibility
5
Ad
2
Advertising
11
AdWords
2
Anti-defamation league
1
Book Search
16
Broadband
11
Business Issues
26
Buzz
1
buzzemail
1
Canada
1
Child Safety
18
Chrome
1
Cloud Computing
2
Competition
19
Congress
10
Constitute
1
copyright
7
Cuba
1
Cybersecurity
9
D.C. Talks
16
Digital Due Process
1
Digital Playbook
1
Economic Impact
5
Economy
13
ECPA
4
Elections
24
email
1
Energy Efficiency
29
Europe
2
FCC
7
fellowship
2
Fighting Human Trafficking
1
Free Expression
54
Geo
1
Gmail
1
GNI
2
Good to Know
5
Google Fellow
2
Google for Entrepreneurs
1
Google Ideas
2
Google Maps
1
Google Policy Fellowship
1
Google Tools
78
Government Transparency
33
Hate Speech
1
Health
5
How Google Fights Piracy
1
Human trafficking
1
Identity theft
1
Immigration
1
Intellectual Property
19
International
46
Journalists
1
Malware
1
Maps
1
National Consumer Protection Week
1
Net Neutrality
24
Patents
5
piracy. ad networks
2
Politicians at Google
11
Politics
23
Privacy
93
Public Policy
1
Public Policy Blog
806
Safe Browsing
3
scams
1
search
3
Security
17
Small Businesses
3
spectrum
4
State Issues
5
Surveillance
6
Technology for Good
1
Telecom
71
Trade
3
Transparency Report
4
White Spaces
23
WiFi Network
1
Workforce
5
Yahoo-Google Deal
5
YouTube
4
YouTube for Government
1
Archive
2016
Sep
Aug
Jul
Jun
May
Apr
Mar
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2007
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Feed
Follow @googlepubpolicy
Give us feedback in our
Product Forums
.
