Merci. Thank you, Mr. Chair, members of the committee.
My name is Colin McKay. I'm a policy manager working for Google Canada. Thank you for inviting me today and for giving me an opportunity to talk a bit about Google, and in particular, Google's policies on privacy protection and user control of personal data.
Canada is important to Google. We have offices in Kitchener–Waterloo, Toronto, Montreal, and Ottawa. Our engineering offices in Montreal and Kitchener–Waterloo are growing particularly quickly. These offices are developing products that are being used by hundreds of millions of people every day worldwide. Particularly relevant to today's meeting, our Montreal office works on products that make your online experience as secure as possible, and for users around the world.
Google Canada has also been working to help small business owners across the country use the Internet effectively to grow and flourish. To recognize their success, we created the Google eTown awards, which are designed to showcase communities that are leading the way by using online tools and services.
We looked at countless cities and towns across Canada and found that some municipalities—Moncton, New Brunswick; Dorval, Quebec; Parry Sound, Ontario; Canmore, Alberta; and Duncan, B.C.—stood out from the crowd. They exhibited strong engagement and potential for growth within the digital economy.
Google is proud to help Canadians not only make the best use of the Internet, but also to help them do it safely and securely.
Privacy and security matter to us, and we know how important they are to users. It's what our users expect from us and it's what we expect from ourselves.
That's why we at Google are committed to the highest security and privacy standards. We've backed up our commitment with real dollars and people. We spend hundreds of millions of dollars every year on security, and employ world-renowned experts in data security, who work around the clock to keep your and my information safe. We provide a whole suite of security and privacy tools so that individual Canadians can take control of their data management in a simple and straightforward way. With a few clicks of the mouse, users can remove all of their web history from Google's records, and at the same time, if they choose, prevent Google from recording their web history in the future.
We also provide Canadians with tools to secure their information while using the web. Two-step verification for Google accounts provides each user with extra protection against unauthorized access to their information. Our Chrome browser, which is increasingly popular among users around the world, includes something called the “incognito mode”, which allows a user to browse the Internet in what we can call “stealth mode”. Any pages opened or files downloaded aren't recorded in Chrome's browsing or download history. This is especially useful for users who regularly access the web on public computers at libraries or cafés, which are renowned for being large security holes. They're also useful if you're planning a surprise party and you just don't want your family members to stumble across something that you would rather keep a secret till a future date.
We strongly believe in data-driven innovation at Google. It's the kind of innovation that leads to things like crisis maps, developed on the fly, that help forecast the impact of hurricanes like Hurricane Sandy, or the creation of more pedestrian, yet extremely useful services that help you plan your vacation more quickly and more cheaply. We are constantly improving our products and creating new ones using a variety of data sources. Much of this data is pulled from other sources, but some of it is provided by users.
Data-driven innovation at Google also means developing and improving our security mechanisms and processes, meaning we use data to protect our users and the web at large.
When you get right down to it, I think we can all recognize that while providing user control is important, without strong security to keep data safe, it's all for naught. So before I discuss how we enable users to control their data, I'd like to start with a few examples of how we keep that data safe.
All 425 million active Gmail users, and the people in contact with them, receive extensive protection against spam, phishing, and malware every day.
I suspect there are some Gmail users in the room right now. I'd just prompt you to think about the last time you actually saw a spam message in your Gmail inbox, as opposed to any of the other services I'm sure you'd choose or are forced to use.
We have built-in encryption to protect messages from snooping by others, such as when you use your laptop at a coffee shop. Session-wide secure socket layer encryption is the default not only when you're signed into Gmail, but also Google Search, Google Docs, and many other of our services. We provide end-to-end security for your communication when you're using our services online.
Our ability to analyze search logs, which are aggregated sets of data, helps us identify and reduce vast amounts of web spam. This data has also helped lead to the creation of what we now consider indispensable search features like autocomplete, Google Instant, and spelling correction.
If you just pause for a few minutes and try to remember what your search experience was like in 2006, 2004, or—forbid—1999, you'll remember it was a much more difficult process trying to iterate how you misspelled words to get an accurate answer. Nowadays Google Search just delivers something instantaneously, based on analysis of these logs and past behaviour.
The analysis of aggregate data has also helped us create Google's Safe Browsing technology. Every day, engineers at Google examine billions of URLs, looking for sites that are dangerous for anyone using the Internet. This can include malware sites that contain malicious code intended to force-install keyloggers on your computer and other crimeware and phishing sites that masquerade as legitimate sites, seeking to trick users into typing in their user name and password, for example, something I think we are all familiar with, a site pretending to be your bank.
Because we want to help protect all Internet users and not just those using Google services, we make this security data available to anyone. Apple uses this data to protect users of their Safari browser, as does Firefox for its users.
We know the technology can be complicated. In addition to ensuring the safety of user information, we strive to create user-focused controls and experiences that make it easy to make informed choices about what and how to share your information with us and with others.
Google Dashboard is a tool that can help answer the question: what does Google know about me? Dashboard shows each user the information stored in their Google account. From one central location, you can easily change the settings for any Google services you may use, such as Blogger, Calendar, Docs, Gmail, Google+, and more.
Another great example of user-focused controls is Google+. Through Google+, which is our social network, you have full control over who gets access to different aspects of your presence online.
We all know that the difference between family, friends, acquaintances, and strangers is crucial, especially on a social network. Google+ circles mimic the way we think about sharing information offline to help manage our friends and contacts while online. I could put friends in one circle, family members in another, and a boss or a nosy neighbour in a circle all by themselves. I can then share relevant content, like Google+ posts, YouTube videos, or local listings with the circles I choose.
We've even built some extra protections for youth that encourage safe online behaviour. Posting something for everyone to see on a social network is an especially big deal for young people, so when teens try to share outside their circles we put in an extra confirmation step that encourages them to think before they post. We have also built default protections that block strangers from directly contacting or even saying hello to teens without a teen's express permission.
Another great example of user control is a Google service that l'm sure most members of this committee have used. In fact, most Canadians have used it: Google Maps. The most basic functionality in our mapping service lets you look at a map of your neighbourhood, your city, your region, or any region on earth, wherever you choose to look, but Google can also provide turn-by-turn, real-time directions with the GPS navigation mode in maps. We can help users find places of interest, like restaurants, gas stations, and automatic teller machines.
We could tell a user how long it will take to get to a destination, a particularly useful feature for anyone with a difficult daily commute. In fact, Google can help users bypass a particularly tough commute by looking at aggregated and anonymized historic and current traffic data to find a quicker route home. We can even give users bicycle-specific directions based on data about bike lanes, paths, streets, and even elevation.
I have to admit that, despite our best efforts, users sometimes decide they want to stop using Google and want to take their data with them. We've developed Google Takeout just for this purpose. Takeout makes it extremely easy for users to export the data from many of our most popular services—and we're adding more every month.
We make it easy for users to leave and choose another service, which keeps us honest. Our users are safe and secure with us, but they also don't have to feel locked in.
In conclusion, I've tried to provide the committee today with an overview of Google's privacy and security policies and how they are implemented in practice in our products.
As part of my job, I meet regularly with privacy commissioners to hear their concerns and to work together to develop solutions to any issues that might arise in those conversations.
Google has worked hard to build a positive and productive relationship with Canada's privacy commissioners, both at the federal and provincial levels. This collaborative approach has worked well, by serving as a forum to hear the privacy community's concerns and to help us explain how our business helps Canadians on a daily basis.
Thank you for your time this afternoon. I would be pleased to answer any questions you might have.
