Tag Archives: Public Policy

Building data portability to help consumers choose

People want the freedom to be able to use different online services without worrying about losing their photos, contacts, emails and other data if they close an account or switch to a new company.

For over a decade, Google has offered its users data portability – the ability to take your Google data with you, even if you are no longer using a Google service. In 2007, we created a team of engineers dedicated to giving people an easy way to export a copy of their data from our products. Since then, we’ve expanded our data portability offering with Google Takeout, which makes it easy to download data from over 70 Google products. Our teams continue to build cutting-edge technologies that help make this process simpler and keep personal data safe and secure as people transfer it between different platforms.

Today, we are announcing new investments and continued collaboration with industry partners and experts to make data portability easier and more secure for every internet user.

Advancing data portability

Data portability can be challenging for people who don’t have high-speed internet, unlimited mobile data plans, or who don’t have a personal device with extra storage. In 2018, we launched Data Transfer Project (DTP), an open source collaboration with Google, Apple, Meta, Microsoft, Twitter and SmugMug to simplify data portability for people around the world.

Unlike traditional methods of moving your files from one service to another, which require reliable broadband or drawing on mobile data plans, with DTP people can simply authorize a copy of the data to safely move to a new service without having to download it to a personal device first. This makes it easier for people to try new services without the burden of needing additional storage. And any company or organization can use DTP’s open source code, meaning even smaller companies that don't have the engineering resources to build custom data portability solutions can take advantage of DTP’s tools and give people an easy way to bring their data to a new service.

Today, we’re pledging to provide $3 million over the next five years, as well as hundreds of hours of our engineers’ time, to help expand the open source libraries that facilitate more types of data transfer and allow more companies and organizations to participate in DTP.

We will also continue to improve our own tools, like Google Takeout, including adding new ways to move your files to different services with DTP technology. On average we see 8.2 million exports per month with Google Takeout, and in 2021, more than 400 billion files were exported, which has doubled since 2019.

Finally, we will continue to support organizations and researchers working on portability and interoperability, and collaborate with them to develop industry-wide standards and guidance on this important issue.

Policy principles for portability

Regulators around the world recognize that data portability is fundamental to promoting consumer choice and data protection. We agree – data portability is a secure way to foster innovation and competition among digital service providers. When people can easily switch to a new product or service, without the fear of losing access to their data, companies are encouraged to provide the best possible services to win over new users.

We believe data portability rules should follow three key principles:

  • Put people first. Data portability supports competition by empowering consumers. Supporting standards for the most common data types will accelerate innovation in products that have a high value for consumers — including services for photos, playlists and contacts.
  • Require exportability. Platforms that allow people to import their data should also allow them to export it. This encourages people to try new services without the risk that they will lose their data. Consumers will be more likely to try something new if they know they can change their mind.
  • Prioritize privacy and security. Portability regulation must include safeguards against unauthorized access, diversion of data, and other types of fraud. This should include account authorization, encryption and delayed delivery.

These are the same principles we relied on to build Google Takeout and launch the DTP – and while we will continue to support regulatory efforts to create responsible data portability, we aren’t waiting for legal mandates. We will continue to advance state-of-the-art data portability through our tools and our support for DTP.

Google at the Munich Security Conference

Since its inception in 1963, the Munich Security Conference has been a vital venue for policymakers, experts and transatlantic leaders tackling the most pressing security issues of the day. Today, against the backdrop of an ongoing pandemic, geopolitical tensions, and increasingly sophisticated cyber attacks, the stakes for these discussions feel particularly high — with many participants perceiving this as a time of heightened risk.

Google’s mission statement has always been to “organize the world’s information and make it universally accessible and useful.” We provide tools that make people more informed, more connected, more productive — and more secure. That’s why I’m traveling to Munich this week and joining conversations about promoting and protecting the public square.

Fighting misinformation online and safeguarding elections

In the last few years, we’ve seen a marked uptick in online disinformation campaigns, attempts to influence democratic elections, and cyber attacks on democracies' critical infrastructure.

Google and YouTube have specialized teams of intelligence and security experts who work around the clock and around the world to thwart these threats and protect the people using our products. When it comes to the content we host on YouTube, our “4R’s” approach includes not just Removing violative content and Reducing the spread of borderline content, but also Raising up authoritative content, and Rewarding trusted creators. And we continuously assess our approach and look at changes we can make to promote thoughtful engagement.

During election cycles, we equip campaigns with best-in-class security features and protect their operations from attack. We work to help voters find high-quality, authoritative election information directly in our products. We employ teams who monitor elections from India to Europe to the United States. We use advanced technology to detect coordinated disinformation networks. And we work with partners like Defending Digital Campaigns and organizations in Europe to give political campaigns access to free Titan Security Keys — the strongest form of two-factor authentication — as well as the International Foundation for Electoral Systems to develop global security programming, protecting those who work to safeguard human rights.

Advancing cybersecurity and moving towards collective standards

When it comes to cybersecurity, we have first-hand, real-world experience. Our systems stop attacks every single day, including attacks from sophisticated nation state actors. But it wasn’t always that way. In the past, when our defenses weren’t strong enough, we rebuilt our entire security infrastructure, sometimes inventing new technologies when state-of-the-art simply wouldn’t do. We know that “high walls” are not enough to stop bad actors, and we’ve learned to use “defense in depth” — creating access controls throughout our services and using multi-factor authentication as part of a zero-trust security approach, in which every node has to authenticate itself. As a result, today we keep more people safe online than any other company in the world.

Image of Google security statistics

We design our products to go beyond “security by design” to provide security by default. When that’s not enough, we invent new ways to keep our users more secure.

In Munich, I will be urging policymakers to work together on establishing collective security standards including those that move democratic governments toward secure cloud services and zero-trust architecture.

In the last fifty years, democratic governments helped advance some of the world’s most important innovations — including the Internet, microchips, computers, global positioning systems, and revolutionary vaccines against COVID. In the next fifty, I’m optimistic about the ability of science and advanced technology to help solve some of the world’s biggest challenges, like climate change, health care, and global development. To do that, we need to partner with governments and civil societies to rebuild trust and confidence in our institutions. Realizing the promise of tomorrow requires protecting the public square today.

The path forward with the Privacy Sandbox

Google’s aim with the Privacy Sandbox is to improve web privacy for people around the world, while also giving publishers, creators and other developers the tools they need to build thriving businesses. This includes building new digital advertising tools, in collaboration with the wider industry, to replace third-party cookies with alternatives that better protect consumer privacy and preserve peoples’ access to free content online.

Since announcing the Privacy Sandbox we have been in open dialogue with the industry, consumer advocates and regulators to gather feedback on this initiative. Over the past year, we have also worked closely with the UK’s Competition and Markets Authority (CMA) and Information Commissioner’s Office (ICO), including on a set of legally-binding commitments to address the CMA’s competition concerns over the Privacy Sandbox which will govern how we will design and implement this initiative. The aim, through this regulatory oversight and supervision, is to provide reassurance that the Privacy Sandbox will protect consumers and support a competitive ad-funded web, and not favor Google.

The commitments address these concerns through three main principles. First, the changes we will make in Chrome in the context of the Privacy Sandbox initiative will apply in the same way to Google’s advertising products as to products from other companies. Second, we will design, develop and implement Privacy Sandbox with regulatory oversight and input from the CMA and the ICO. And third, we will inform the CMA in advance of our intention to remove third-party cookies and agree to wait for their feedback on whether any competition law concerns remain.

Privacy by design and by default have been at the heart of the Privacy Sandbox from the outset, and we are also intent on ensuring that the new tools meet the requirements set out in the recent ICO’s Opinion on Data protection and privacy expectations for online advertising proposals. To that end, we are designing these new tools to avoid cross-site tracking, provide people with better transparency and control, and result in better outcomes for people and businesses on the web. We look forward to further engagement with data protection authorities as we continue to iterate and improve on the proposals.

We’re pleased that today the CMA has accepted these commitments, which now go into immediate effect. The development and implementation criteria that underpin these commitments are summarized below, and can be found in full on the CMA’s website. We will apply the commitments globally because we believe that they provide a roadmap for how to address both privacy and competition concerns in this evolving sector.

Respecting user privacy while maintaining a well functioning ad-funded web

Google’s objectives in developing the Privacy Sandbox proposals are to make the web more private and secure for people, while:

  1. Supporting the ability of publishers to generate revenue from advertising inventory and the ability of advertisers to secure value for money from advertising spend;
  2. Supporting a good user experience when navigating the web, including in relation to digital advertising;
  3. Providing users with substantial transparency and control in relation to their data as they browse the web; and
  4. Not distorting competition between Google’s own advertising products and services and those of other market participants.

We recognize that many publishers and advertisers rely on online advertising to fund their websites and reach new customers. So building tools which aim to improve people’s privacy, while continuing to support advertising, is key to keeping the web open and accessible to everyone and allowing businesses of all sizes to succeed.

Developing the Privacy Sandbox

To achieve the objectives above, Google is committing to designing, developing and implementing the Privacy Sandbox proposals taking into account specific criteria agreed with the CMA:

  1. The impact on privacy outcomes and compliance with privacy laws;
  2. The impact on competition in digital advertising between Google and other market participants, and, in particular, the risk of distortion to competition;
  3. The impact on publishers (including their ability to generate revenue from ad inventory) and advertisers;
  4. The impact on user experience (e.g. relevance of advertising and transparency over the use of personal data); and
  5. The technical feasibility, complexity and cost involved for Google.

Building on many months of open consultation by Google — and the CMA — with the wider industry, Google will be consulting with the CMA and ICO on a regular basis in relation to the design, development and implementation of the Privacy Sandbox (including testing and public announcements). Google will also increase its engagement with industry stakeholders (including publishers, advertisers and ad tech providers) by providing a systematic feedback process to take on board reasonable views and suggestions. This continues our previous engagement with web community members, who are encouraged to participate in the development and testing of the proposed new technologies through public discussion forums like the W3C, developer channels such as GitHub, industry groups and origin trials. We will also establish a dedicated microsite, available from privacysandbox.com, explaining these channels in more detail and offering a new feedback form to submit suggested use cases and API feature requests, by the end of February 2022.

Ensuring compliance

Google will work with the CMA to resolve concerns without delay and consult and update the CMA and the ICO on an ongoing basis. Google has also committed to appoint an independent Monitoring Trustee who will have the access and technical expertise needed to ensure compliance, having consulted with the CMA. The Monitoring Trustee will work directly with the CMA, and will be central in ensuring compliance with the data and non-discrimination commitments offered by Google.

We believe that these commitments will ensure that competition continues to thrive while providing flexibility in designing the Privacy Sandbox APIs in a way that will improve peoples’ privacy online. Helping businesses adapt to a privacy-safe web, through invention and collaboration, can help provide the foundation for long-term economic sustainability and growth.

This process requires close engagement with competition and privacy regulators and new ways of working together. We hope these commitments can contribute to that new framework.

How Google puts you in control of your location data

You may have seen news about lawsuits brought against Google concerning how we handle location data. These suits mischaracterize and inaccurately describe the settings and controls we provide users over location data.

Today, a court in Arizona made a significant legal ruling against the Arizona Attorney General. The AG is somehow claiming this as a big victory but in reality, a judge rejected his central argument. Unfortunately, just before today’s decision, four other state attorneys general rushed to file similar lawsuits making similarly inaccurate and outdated claims.

We wanted to take this opportunity to set the record straight about the location settings we offer, and how you are in control of your location data.

All smartphones use location data — it’s integral to how they work. It’s collected and used by network operators, device makers, apps, websites and operating systems. For our part, location makes Google products work better for you — it’s what helps you navigate around a traffic jam, helps you find your phone when you’ve misplaced it, and lets you find a pizza shop in your neighborhood instead of suggesting one in a different state.

We recognize that you have a lot of decisions to make around the use of location data by various apps and services. That’s why we’ve worked hard over the past few years to build more control and transparency directly into our products to make location easy to understand and simple to manage:

  • Easy-to-use settings: We offer settings like Location History, which creates a timeline of where you have been, saved to your Google Account. You can delete this data or pause saving it at any time. Web & App Activity saves activity like the things you do on Google sites and apps, including associated info like location. Again, you can delete this data or pause saving it at any time.
  • Auto-delete by default: Two years ago, we updated our data retention practices — in addition to turning Location History and Web & App Activity off, you can choose to automatically auto-delete them after a set period of time (3 months, 18 months or 36 months). (For new users, the default is to auto-delete them after 18 months).
  • Transparency: You can instantly see your settings and manage them right from your favorite Google products — for example, on every search results page, we indicate the location information that was used to deliver results, and enable you to change your settings directly. And if you have Location History enabled, we send monthly and annual emails to remind you about places you’ve visited, along with easy access to your settings.
  • Maps Incognito mode: With Google Maps Incognito mode, the places you search for or navigate to in Google Maps won’t be saved to your Google Account.
  • Advertisers and apps: Location data helps you get relevant offers such as local pizza restaurants but we never sell your location data to advertisers — or to anyone. And from Android 10 onwards, you can choose to share your device’s location with third party apps only while they’re in use — or not at all.

As we design our products, we focus on three important principles: keeping your information safe, treating it responsibly, and putting you in control. We aim to strike a balance between offering granular customization for users who want to pick and choose between options, while keeping our controls simple and easy to understand. We will continue to focus on providing simple, easy-to-understand privacy settings to our users, and will not be distracted from this work by meritless lawsuits that mischaracterize our efforts.

AG Paxton’s false claims still don’t add up

Today we’re filing a motion asking the court to dismiss Texas Attorney General Ken Paxton’s antitrust lawsuit over our advertising technology (“ad tech”) business.

This lawsuit has now been rewritten three times. With each version, AG Paxton follows the same pattern: make inaccurate and inflammatory allegations, publicize them widely, and repeat. This playbook may generate attention, but it doesn’t make for a credible antitrust lawsuit.

AG Paxton's allegations are more heat than light, and we don't believe they meet the legal standard to send this case to trial. The complaint misrepresents our business, products and motives, and we are moving to dismiss it based on its failure to offer plausible antitrust claims.

Why this lawsuit misses the law and the facts

At its heart, AG Paxton is asking the court to force us to share user data and design our products in a way that helps our competitors rather than our customers or consumers. But American antitrust law doesn’t require companies to give information to, or design products specifically for, rivals. This lawsuit fails to acknowledge that ad tech is a highly dynamic industry with countless competitors. It’s been recognized that competition in ad tech has led to reduced fees, encouraged new entry, led to increased investment and expanded options for advertisers and publishers alike.

Correcting AG Paxton’s false and misleading allegations

AG Paxton overlooks, or misstates, a litany of clear facts. We want to publicly and unequivocally refute the more egregious allegations:

  • We don’t force “tying”: A central allegation in AG Paxton’s lawsuit is that publishers are forced to use our ad server in order to access our ad exchange. This allegation is simply wrong, and AG Paxton offers no evidence to prove otherwise. If a publisher wants to use our ad exchange with a different ad server, they are free to do so.
  • Header bidding is thriving: A core claim is that we prevented rivals from using a technology, header bidding, through our Open Bidding program. But again, the facts don’t support that. Since we launched Open Bidding, header bidding’s popularity has continued to grow. Recent surveys show a vast majority of publishers currently use header bidding. We simply haven’t held header bidding back.
  • Our auctions are fair: The complaint uses deliberately inflammatory rhetoric to accuse us of a litany of wrongdoings: “misleading” publishers, “rigging” auctions through special data access, running “third price auctions,” “pocketing the difference.” But quite simply, we have – provably – done none of these things. AG Paxton is distorting various optimizations that we have created to improve publisher yields and returns for advertisers. To be clear, contrary to his claims, these optimizations did not and do not result in Google “pocketing” additional revenue share and do not make auctions unfair. And our auction was always a second price auction (until 2019 when it became a first price auction).
  • Out-of-date claims: And more broadly, much of AG Paxton's lawsuit is based on out-dated information that bears no correlation to our current products or business in this dynamic industry (and in any event never amounted to a violation of antitrust laws).

Facebook Audience Network’s participation in Open Bidding

The allegation that has generated the most attention is that we somehow “colluded” with Facebook Audience Network (FAN) through our Open Bidding agreement. That’s simply not true.

To set the record straight, we are today including the full text of our agreement with FAN in our motion to the court. Here are some facts that contradict AG Paxton's claims:

  • This is far from a secret deal: We announced FAN’s participation as one of over 25 partners in our Open Bidding program, all of whom have signed their own agreements to participate.
  • This is a procompetitive agreement: FAN’s participation benefits advertisers because it gives them additional ways to reach their desired audiences. And it benefits publishers because it introduces additional bidders to compete for their ad space, earning them higher returns. In fact, if FAN weren’t a part of Open Bidding, AG Paxton may have claimed we were preventing a rival from accessing our products and depriving publishers of additional revenue.
  • FAN’s involvement is not exclusive: The agreement doesn’t prevent FAN from participating in header bidding or other competing auctions. In fact, FAN participates in several similar auctions on rival platforms. The agreement also doesn’t prevent FAN from building a competing product. Our agreement explicitly states that FAN’s participation is not exclusive (and nowhere in our agreement is header bidding even mentioned). And the entire Open Bidding program (of which Facebook is one of 25 participants) accounts for a small fraction of the display ads we place.
  • We do not manipulate the auction: Finally, this agreement does not provide FAN with an advantage in the Open Bidding auction. FAN competes in the auction just like other bidders: FAN must make the highest bid to win a given impression, period. If another eligible network or exchange bids higher, they win the auction. We don’t allocate ad space to FAN, they don’t receive speed advantages, and we don’t guarantee that they win any auctions.

Our advertising technology helps fund digital content that benefits everyone, and it supports thousands of businesses, from small advertisers to major publishers. Our work in this space is designed to balance and support the needs of publishers, advertisers and consumers.

We’re confident that this case is wrong on the facts and the law, and should be dismissed. However, if it does move forward, we’ll continue to vigorously defend ourselves.

The harmful consequences of Congress’s anti-tech bills

Every day, millions of Americans use online services like Google Search, Maps and Gmail to find new information and get things done. Research shows these free services provide thousands of dollars a year in value to the average American, and polls show that 90% of Americans like our products and services.

However, legislation being debated in the House and Senate could break these and other popular online services, making them less helpful and less secure, and damaging American competitiveness. We’re deeply concerned about these unintended consequences.

Antitrust law is about ensuring that companies are competing hard to build their best products for consumers. But the vague and sweeping provisions of these bills would break popular products that help consumers and small businesses, only to benefit a handful of companies who brought their pleas to Washington.

Some specifics:

Harming U.S. technological leadership

These bills would impose one set of rules on American companies while giving a pass to foreign companies. And they would give the Federal Trade Commission and other government agencies unprecedented power over the design of consumer products. All of this would be a dramatic reversal of the approach that has made the U.S. a global technology leader, and risks ceding America’s technology leadership and threatening our national security, as bipartisan national security experts have warned:

  • Americans might get worse, less relevant, and less helpful versions of products like Google Search and Maps (see below for some examples).
  • An “innovation by permission” requirement could force American technology companies to get approval from government bureaucrats before launching new features or even fixing problems, while foreign companies would be free to innovate. Foreign companies could also routinely access American technology as well as Americans' data.
  • Handicapping America’s technology leaders would threaten our leading sources of research and development spending — just as bipartisan voices in Congress are recognizing the need to increase American R&D investment to stay competitive in the global race for AI, quantum, and other advanced technologies.
  • That’s why national security experts from both parties have aligned in warning that current anti-tech bills could threaten America’s national security.

Degrading security and privacy

Google is able to protect billions of people around the world from cyberattacks because we bake security and privacy protections into our services. Every day, Gmail automatically blocks more than 100 million phishing attempts and Google Play Protect runs security scans on 100 billion installed apps around the world.

These bills could prevent us from securing our products by default, and would introduce new privacy risks for you. For instance:

  • The bills could hamper our ability to integrate automated security features if other companies offer similar features. For example, we might be prevented from automatically including our SafeBrowsing service and spam filters in Chrome and Gmail to block pop-ups, viruses, scams and malware.
  • Breaking apart the connections between Google tools could limit our ability to detect and protect you against security risks that use security signals across our products.
  • These bills may compel us to share the sensitive data you store with us with unknown companies in ways that could compromise your privacy.
  • And when you use Google Search or Google Play, we might have to give equal prominence to a raft of spammy and low-quality services.

Breaking features that help consumers and small businesses

When you come to Google Search, you want to get the most helpful results. But these bills could prohibit us from giving you integrated, high-quality results — even when you prefer them — just because some other company might offer competing answers. In short, we’d have to prefer results that help competitors even if they don’t help you.

  • If you search for a place or an address, we may not be able to show you directions from Google Maps in your results. As just one example, if you search for “vaccine near me,” we might not be able to show you a map of vaccine locations in your community.
  • When you have an urgent question — like “stroke symptoms” — Google Search could be barred from giving you immediate and clear information, and instead be required to direct you to a mix of low quality results.
  • When you search for local businesses, Google Search and Maps may be prohibited from highlighting information we gather about hours of operation, contact information, and reviews. That could hurt small businesses and local retailers, as well as their customers.
  • The bills would also harm small businesses if tools like Gmail, Calendar and Docs were not allowed to be integrated or work together seamlessly.

A boost for competitors, not consumers

While these bills might help the companies campaigning for them, including some of our major competitors, that would come at a cost to consumers and small businesses. Moreover, the bills wouldn’t curb practices by our competitors that actually harm consumers and customers (they seem to be intentionally gerrymandered to exclude many other major companies). For example, they don’t address the problem of companies forcing governments and small businesses to pay higher prices for enterprise software. And of course, the online services targeted by these bills have reduced prices; these bills say nothing about sectors where prices have actually been rising and contributing to inflation.

The wrong focus

There are important discussions taking place about the rules of the road for the modern economy. We believe that updating technology regulations in areas like privacy, AI, and protections for kids and families could provide real benefits. But breaking our products wouldn’t address any of these issues. Instead, it would eliminate helpful features, expose people to new privacy and security risks, and weaken America’s technological leadership. There’s a better way. Congress shouldn’t rush to judgment, and should instead take more time to consider the unintended consequences of these bills.

Making Open Source software safer and more secure

We welcomed the opportunity to participate in the White House Open Source Software Security Summit today, building on our work with the Administration to strengthen America’s collective cybersecurity through critical areas like open source software.

Industries and governments have been making strides to tackle the frequent security issues that plague legacy, proprietary software. The recent log4j open source software vulnerability shows that we need the same attention and commitment to safeguarding open source tools, which are just as critical.

Open source software code is available to the public, free for anyone to use, modify, or inspect. Because it is freely available, open source facilitates collaborative innovation and the development of new technologies to help solve shared problems. That’s why many aspects of critical infrastructure and national security systems incorporate it. But there’s no official resource allocation and few formal requirements or standards for maintaining the security of that critical code. In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis.

For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that “many eyes” were watching to detect and resolve problems. But in fact, while some projects do have many eyes on them, others have few or none at all.

At Google, we’ve been working to raise awareness of the state of open source security. We’ve invested millions in developing frameworks and new protective tools. We’ve also contributed financial resources to groups and individuals working on securing foundational open source projects like Linux. Just last year, as part of our $10 billion commitment to advancing cybersecurity, we pledged to expand the application of our Supply chain Levels for Software Artifacts (SLSA or “Salsa”) framework to protect key open source components. That includes $100 million to support independent organizations, like the Open Source Security Foundation (OpenSSF), that manage open source security priorities and help fix vulnerabilities.

But we know more work is needed across the ecosystem to create new models for maintaining and securing open source software. During today’s meeting, we shared a series of proposals for how to do this:

Identifying critical projects

We need a public-private partnership to identify a list of critical open source projects — with criticality determined based on the influence and importance of a project — to help prioritize and allocate resources for the most essential security assessments and improvements.

Longer term, we need new ways of identifying software that might pose a systemic risk — based on how it will be integrated into critical projects — so that we can anticipate the level of security required and provide appropriate resourcing.

Establishing security, maintenance & testing baselines

Growing reliance on open source means that it’s time for industry and government to come together to establish baseline standards for security, maintenance, provenance, and testing — to ensure national infrastructure and other important systems can rely on open source projects. These standards should be developed through a collaborative process, with an emphasis on frequent updates, continuous testing, and verified integrity.

Fortunately, the software community is off to a running start. Organizations like the OpenSSF are already working across industry to create these standards (including supporting efforts like our SLSA framework).

Increasing public and private support

Many leading companies and organizations don’t recognize how many parts of their critical infrastructure depend on open source. That’s why it’s essential that we see more public and private investment in keeping that ecosystem healthy and secure. In the discussion today, we proposed setting up an organization to serve as a marketplace for open source maintenance, matching volunteers from companies with the critical projects that most need support. Google stands ready to contribute resources to this effort.

Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges. Today’s meeting at the White House was both a recognition of the challenge and an important first step towards addressing it. We applaud the efforts of the National Security Council, the Office of the National Cyber Director, and DHS CISA in leading a concerted response to cybersecurity challenges and we look forward to continuing to do our part to support that work.

How to sustain a safe, thriving app and game ecosystem

There have been a lot of discussions globally about how mobile ecosystems and app stores operate, and the role good policy plays in ensuring that these platforms provide ample choice and flexibility for developers and users. We have been following these discussions closely and agree that policies in this space should be guided by foundational principles that spur innovation, maintain security and expand user choice across the ecosystem, whether on mobile desktop or gaming consoles.

It’s our belief that operating systems and app stores should:

  • Let consumers download apps and games from anywhere — operating systems should support multiple app stores and allow consumers to get apps and games directly from developers.
  • Keep consumers safe by building protections into the core operating system and requiring app stores and developers to follow high safety standards.
  • Avoid using non-public data about developers to build competing products and services.
  • Be upfront with developers about the rules of the road, enforce policies in a predictable way, work with developers to address problems and offer clear means of appeal and redress when issues arise.
  • Permit developers to build direct customer relationships, with reasonable safeguards to protect consumer safety.

These principles have roots in our work in the early days of mobile, when we made an unprecedented bet that a free, open-source operating system like Android, built with safety and choice at its core, would be good for developers and consumers and could support the growth of the entire smartphone ecosystem. At the time, there were many different business model options to support a platform — some charged licensing fees for their operating system, others sold high-margin hardware devices. We chose to do things differently by making our operating system and app store free, with minimal restrictions.

We also believe that operating systems and app stores should have a business model that enables both platforms and developers to succeed financially. Just as it costs money to build an app, it costs money to build a platform, and a platform’s business model should align its success with developers’ success.

Over the years we’ve made a significant investment in Android and Google Play, and like any business, we need a business model that lets us keep investing in our mobile efforts. Today, Android is used on tens of thousands of device models from smartphone companies around the world and more than two million developers use Google Play to reach more than 2.5 billion users in 190 countries.

We’ve been able to sustain Android and Google Play through a fee paid by developers who sell in-app digital content, which is a common model across technology platforms. Ninety-seven percent of developers globally don’t sell digital content and are not subject to a service fee. For developers who do sell digital content, we recognize that one size doesn't fit all, and we’ve evolved our business based on feedback from our developer ecosystem. We've tailored our fee structure with a number of programs to meet different businesses' needs. With the new programs we announced this year, 99% of developers globally qualify for a service fee of 15% or less, and developers have welcomed these changes.

App and game platforms need to balance consumers’ expectations of choice and safety, developers’ desire to innovate and grow, and their own need for a viable business model. We look forward to contributing to the public policy conversation, guided by our steadfast commitment to building thriving, open platforms that empower consumers and help developers succeed.

Welcoming US-EU collaboration on cybersecurity

Armistice Day is a perennial reminder of the perils of unchecked escalation and the sacrifices of prior generations to protect peace and security. Multilateralism, borne out of the 20th century’s conflicts, is just as relevant in a world of 21st-century threats. That’s particularly true for one of the most pressing multi-stakeholder challenges today: cybersecurity.

The internet itself is a multi-stakeholder system, and protecting citizens online requires cooperation among governments and businesses. For example, this week’s crackdown on ransomware operators by Europol and the U.S. Department of Justice, resulting in the arrests of two REvil operators, capped off an enforcement effort that spanned a year and as many as 17 nations. These actions, coming just ahead of the 20th anniversary of the Budapest Convention, highlight the value of cross-border cooperation in fighting cybercrime, as well as the importance of protecting individuals and their rights online.

Likewise, we applaud the news, announced by U.S. Vice President Kamala Harris in Paris, that the United States is expanding its efforts to advance international cooperation in cybersecurity, by joining the Paris Call for Trust and Security in Cyberspace — a voluntary commitment to work with the international community to advance cybersecurity and preserve the open, interoperable, secure, and reliable Internet.

Google was among the first signatories to the Paris Call in 2018 when it was initially advanced by the government of President Macron of France.

The Paris Call’s 9 principles are something we should all agree to, but it is past time to put them into action. Google has unique expertise supporting many of these principles. To name a few:

  • Defend electoral processes. Through our Advanced Protection Program (APP), we partner with organizations around the world to protect elected officials, campaign offices, and other high-risk users such as human rights workers and journalists. During the 2020 United States elections, APP was the go-to choice for 140 federal campaigns. Since the launch of APP, there have been zero identified instances of a successful targeted attack on an APP user.
  • Lifecycle Security. The Solarwinds attack underscored the real risks and ramifications of supply chain attacks. To improve our own security and support the broader community, we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply-chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.
  • Cyber Hygiene. Advancing cyber hygiene is a simple way to reduce the majority of successful attacks. At our Google Safety Engineering Center (GSEC) in Munich and at Google security engineering hubs around the world, we are making it easier for our users to stay safe. For example, Google has been at the forefront of innovation in two-step verification (2SV) for years. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on.

Though there is much we can do as a community, what we have learned in the wake of SolarWinds, Hafnium, and other attacks is that companies need to contribute more of their technology and expertise to solving these challenges. In that vein, we are doubling down to develop solutions to protect users, organizations, and society. Earlier this year, we announced that we will invest $10 billion over the next five years to keep users and customers safer, including expanding access to zero-trust security tools and offering free security skills training programs for workers in the U.S. and Europe.

Google keeps more people safe online than anyone else by putting security at the core of everything we do. We are committed to advancing community-driven, multi-stakeholder approaches to cybersecurity. We look forward to expanding our work with governments and the private sector to develop security technologies and standards that make us all safer.

Bringing COP26 to people everywhere

This November at COP26, global leaders will meet in Glasgow to discuss how to jointly address the challenge of climate change. Recent research has found that more than 70% of the global population is concerned or fearful about climate change. So we’re focused on making this year’s conference accessible to everyone. In partnership with the COP26 Presidency, we’ll livestream the activities through YouTube and Google Arts and Culture, helping COP26 expand the reach of its digital channels. YouTube creators at the conference will create content to share with their global audiences, and we’ll publish video, imagery and artworks from “the green zone” — the center of COP26 activity — via a new page on Google Arts and Culture, inviting people everywhere to learn about the discussions and activities taking place.

"I'm delighted COP26 is partnering with Google to help bring the Green Zone of COP26 to the world in a few days’ time,” COP President-Designate Alok Sharma said. “With more than 200 captivating and diverse events on offer we want everyone to have the opportunity to learn more about climate action and help protect our planet."

Our work at COP26 is part of our larger third decade of climate action strategy. We’re not only committed to be more sustainable in how Google operates as a business, but we’re also focused on building new technologies to make sure that partners, enterprise customers and the billions of people who use Google products every day can be more sustainable as well.

How we’re leading at Google

At Google, our goal is to achieve net zero emissions across all of our operations and value chain by 2030. We aim to reduce the majority of our emissions (versus our 2019 baseline) before 2030, and plan to invest in nature-based and technology-based carbon removal solutions to neutralize our remaining emissions.

We were the first major company to operate as carbon neutral in 2007, and have matched our energy use with 100 percent renewable energy for four years in a row. Last year we set a moonshot goal to operate on 24/7 carbon-free energy by 2030 for all of our data centers and campuses. That means that by the end of the decade, we aim to deliver every search, every email, and every YouTube video without emitting carbon. We’re making strong progress — in 2020 we achieved 67% carbon-free energy on an hourly basis across our data centers, up from 61% in 2019. Five of our data centers, including those in Denmark and Finland, are at or near 90% carbon-free energy.

On our campuses we’re investing in sustainable energy innovations, like dragonscale solar and geothermal pilings, to get us closer to our goal to be carbon-free by 2030. We hope these new technologies will inspire similar projects from others that advance sustainability without compromising design and aesthetics.

How we’re enabling our partners

Urban areas are currently responsible for 70% of the world’s carbon emissions. Last year we pledged to help more than 500 cities reduce one gigaton of carbon emissions per year by 2030 via Google’s Environmental Insights Explorer (EIE). EIE is helping major cities, including Amsterdam, Birmingham UK and Copenhagen, map their emissions data, solar potential, and air quality for their remediation plans.

Technology can also help cities decarbonize in more direct ways. We recently shared an early research project that is deploying AI to help cities make their traffic lights more efficient, and we have a pilot program in Israel accomplishing this. So far, we have seen a 10-20% reduction in fuel consumption and delay time at intersections. We’re excited to expand this pilot to Rio de Janeiro and beyond.

Finally, we’re helping business customers like Whirlpool, Etsy, HSBC, Unilever and Salesforce develop solutions for the specific climate change challenges they face. Unilever is working with the power of Google Cloud and satellite imagery through Google Earth Engine to help avoid deforestation in their supply chain. At Cloud Next, we launched Carbon Footprint, a tool that helps large and small businesses understand their gross carbon emissions associated with the electricity of their Google Cloud Platform usage. This new information will help companies track progress toward their own climate targets.

How we’re aiming to empower everyone

In addition to businesses, increasingly individuals are focused on what more they can do to help the planet. That’s why we committed to help 1 billion people make more sustainable choices by 2022 through Google’s products and services. Recently, we shared several new ways people can use Google’s products to make sustainable choices — from choosing eco-friendly routes and searching for greener flights, hotels, and appliances to supporting clean energy from home with Nest and surfacing authoritative information on climate change from sources like the United Nations.

Google’s goal is to make the sustainable choice an easier choice — for governments, businesses, and individuals. We look forward to a carbon-free future and are excited to continue the conversation at COP26.