Tag Archives: Public Policy

Managing your location data

Location information lets us offer you a more helpful experience when you use our products. From Google Maps’ driving directions that show you how to avoid traffic, to Google Search surfacing local restaurants and letting you know how busy they are, location information helps connect experiences across Google to what’s most relevant and useful.

Over the past few years, we’ve introduced more transparency and tools to help you manage your data and minimize the data we collect. That’s why we:

  • Launched auto-delete controls, a first in the industry, and turned them on by default for all new users, giving you the ability to automatically delete data on a rolling basis and only keep 3, 18 or 36 months worth of data at a time.
  • Developed easy-to-understand settings like Incognito mode on Google Maps, preventing searches or places you navigate to from being saved to your account.
  • Introduced more transparency tools, including Your Data in Maps and Search, which lets you quickly access your key location settings right from our core products.

These are just some ways that we have worked to provide more choice and transparency. Consistent with those improvements, we settled an investigation with 40 U.S. state attorneys general based on outdated product policies that we changed years ago. As well as a financial settlement, we will be making updates in the coming months to provide even greater controls and transparency over location data. The updates include:

  • Revamping user information hubs: To help explain how location data improves our services, we’re adding additional disclosures to our Activity controls and Data & Privacy pages. We’re also creating a single, comprehensive information hub that highlights key location settings to help people make informed choices about their data.
  • Simplified deletion of location data: We’ll provide a new control that allows users to easily turn off their Location History and Web & App Activity settings and delete their past data in one simple flow. We’ll also continue deleting Location History data for users who have not recently contributed new Location History data to their account.
  • Updated account set-up: We’ll give users setting up new accounts a more detailed explanation of what Web & App Activity is, what information it includes, and how it helps their Google experience.

Today’s settlement is another step along the path of giving more meaningful choices and minimizing data collection while providing more helpful services.

Why Google supports the US Securing Open Source Software Act

Open source software — code that is made freely available to the public to use or modify — is the foundation of the modern internet. It’s given us a world that is more innovative and more accessible. Yet the very openness that makes the digital world accessible to everyone, also leaves it uniquely vulnerable to security threats and cyber attacks.

At Google, we’ve been working to solve this paradox for years — and have arrived at the conclusion that modern digital security actually can come through embracing openness. We protect more people online than anyone, and we recently announced a $10 billion investment in making the internet safer and more secure. But with the dramatic rise of state-sponsored cyber attacks and malicious actors online, it’s clear that we not only need stronger public-private partnerships — but dynamic policy frameworks to shore up security for everyone.

That’s why we welcome efforts by the U.S. Government to advance open source software security, such as the Securing Open Source Software Act introduced in the Senate last month. This bipartisan bill proposes the creation of a framework to guide the federal government in their use of open source software. The proposed legislation reflects a helpful focus on security and cyber risk mitigation to respond to a recent spike in malicious cyber activity against the software supply chain.

We are glad to see a continued emphasis on the importance of open source software security from the U.S. Government, and we hope that both public and private organizations will follow their lead to promote improved cybersecurity for the ecosystem at large.

The problem of securing open source

The world of open source software development allows collaboration and rapid innovation by sharing solutions freely. This community, built on openness and sharing, contributes an enormous amount of code to a majority of the applications we use today.

However, despite the benefits of this openness, the unprecedented scale of recent attacks has emphasized gaps in infrastructure and tooling and the need for improved transparency into the security practices and attributes of open source projects. Seemingly simple questions about the open source supply chain are still difficult to answer:

  • Does a project contain known vulnerabilities?
  • Are the project’s maintainers and community following security best practices during software development?
  • What open source dependencies are part of a particular piece of software?
  • How secure was the distribution supply chain?

Answering these questions requires specialized technical skills and capabilities, and given the primarily volunteer-driven nature of the open source community, we cannot expect open source developers to shoulder the full burden of advancing software security on their own.

Continued advances

Through our work with multiple industry collaborators, Google has helped create free tools, services and best practices to make it easier for the open source community to develop and distribute software securely, while providing consumers with information about the security of the software they use.

We envision a more secure future where the burden of security is shared, and there is increased trust in and resilience of the open source software ecosystem. To get there, we need freely available, automated solutions that make developer’s lives easier, such as:

  • Infrastructure that prevents tampering, by default, when software is being built and released
  • Advances in vulnerability discovery and management that automate finding, tracking and fixing bugs for developers
  • Seamless connections across sources of security data and tools for analysis so consumers can have meaningful insight into the security of their software

We’re currently working to make these solutions a reality, at scale, with little to no additional work for developers.

Sustaining the community

We hope that the framework that will emerge due to U.S. Government efforts drives further investments in open source communities by both the public and private sectors. We’re already seeing the impact of the $100M Google pledged to non-profit organizations and software foundations like the Open Source Security Foundation to support open source creators.

This pledge backs efforts like our “open source maintenance crew,” a team of developers who spend 100 percent of their time directly enabling critical open source projects to adopt key security improvements. It also supports our Linux Kernel team, which continues to drive efforts to eliminate entire classes of bugs from open source code, including paving the way for greater memory safety using the Rust language.

We encourage other major consumers of open source to follow this lead and directly invest both funds and developer time in securing open source projects and ecosystems. Furthermore, we call on other major consumers of open source, both public and private, to implement similar policies around safe open source usage as well.

Securing open source software is a shared responsibility, and we look forward to continued collaboration on this urgent, critical problem.