New Google security chief looks for balance with privacy

April 18, 2015 by Glenn Chapman
Google's new privacy and security team chief, Gerhard Eschelbeck is confident his team was up to the challenge of fending off cy
Google's new privacy and security team chief, Gerhard Eschelbeck is confident his team was up to the challenge of fending off cyber attacks, even from sophisticated operations run by the US National Security Agency or the Chinese military

Google has a new sheriff keeping watch over the wilds of the Internet.

Austrian-born Gerhard Eschelbeck has ranged the British city of Oxford; cavorted at notorious Def Con hacker conclaves, wrangled a herd of startups, and camped out in Silicon Valley.

He now holds the reins of security and privacy for all-things Google.

In an exclusive interview with AFP, Eschelbeck spoke of using Google's massive scope to protect users from cyber villains such as spammers and state-sponsored spies.

"The size of our computing infrastructure allows us to process, analyze, and research the changing threat landscape and look ahead to predict what is coming," Eschelbeck said during his first one-on-one press interview in his new post.

"Security is obviously a constant race; the key is how far can you look ahead."

Eschelbeck took charge of Google's 500-strong security and privacy team early this year, returning to Silicon Valley after running engineering for a computer security company in Oxford for two years.

"It was a very natural move for me to join Google," Eschelbeck said. "What really excited me was doing security at large scale."

Google's range of global services and products means there are many fronts for a security expert to defend. Google's size also means there are arsenals of powerful computer servers for defenders to employ and large-scale data from which to discern cyber dangers.

Eschelbeck's career in security stretches back two decades to a startup he built while a university student in Austria that was acquired by security company McAfee.

What started out as a six-month work stint in California where McAfee is based turned into a 15-year stay by Eschelbeck.

He created and advised an array of computer security startups before heading off to Oxford. Eschelbeck, has worked at computer technology titans such as Sophos and Qualys, and holds patents for network security technologies.

Constant attack

He was confident his team was up to the challenge of fending off cyber attacks, even from onslaughts of sophisticated operations run by the likes of the US National Security Agency or the Chinese military.

Eschelbeck vowed that he would "absolutely" find any hacker that came after his network.

"As a security guy, I am never comfortable," he said. "But, I do have a very strong team...I have confidence we have the right reactive and proactive defense mechanisms as well."

State-sponsored cyber attacks making news in the past year come on top of well-known trends of hacking expressly for fun or profit.

The sheer numbers of attack "vectors" has rocketed exponentially over time, with weapons targeting smartphones, applications, datacenters, operating systems and more.

"You can safely assume that every property on the Internet is continuously under attack," Eschelbeck said.

"I feel really strong about our ability to identify them before they become a threat and the ability to block and prevent them from entering our environment."

Scrambling data

Eschelbeck is a backer of encrypting data, whether it be an email to a friend or photos stored in the cloud.

"I hope for a time when all the traffic on the Internet is encrypted," he said.

"You're not sending a letter to your friend in a transparent envelop, and that is why encryption in transport is so critical."

He believes that within five years, accessing accounts with no more than passwords will be a thing of the past.

Google lets people require code numbers sent to phones be used along with passwords to access accounts in what is referred to as "two-factor" authentication.

The Internet titan also provides "safe browsing" technology that warns people when they are heading to websites rigged to attack visitors.

Google identifies about 50,000 malicious websites monthly, and another 90,000 phishing websites designed to trick people into giving up their passwords or other valuable personal information, Eschelbeck said.

"We have some really great visibility into the Web, as you can imagine," he said.

"The time for us to recognize a bad site is incredibly short."

Doubling-down on privacy

Eschelbeck saw the world of online security as fairly black and white, while the privacy side of his job required subjective interpretations.

Google works closely with data protection authorities in Europe and elsewhere to try and harmonize privacy protections with the standards in various countries.

"I really believe that with security and privacy, there is more overlap than there are differences," he said.

"We have made a tremendous effort to focus and double-down on privacy issues."

As have other large Internet companies, Google has routinely made public requests by government agencies for information about users.

Requests are carefully reviewed, and only about 65 percent of them satisfied, according to Google.

"Privacy, to me, is protecting and securing my activities; that they are personal to myself and not visible to the whole wide world," Eschelbeck said.

Explore further: Yahoo sees 'end to end' email encryption by year-end

Related Stories

Google says Android malware cut in half

April 2, 2015

Google said Thursday that malware infections on Android devices have been cut in half in the past year following security upgrades for the mobile platform.

China blasts Google security move as 'unacceptable'

April 2, 2015

A Chinese cyberspace bureau on Thursday denounced Google for deciding not to recognise the agency's authority after a Beijing-linked security breach, calling the US Internet giant's action "unacceptable and unintelligible".

Beijing behind Internet security violation: group

March 25, 2015

China's cyberspace administration is "complicit" in attacks on major Internet companies including Google, an anti-censorship group said Wednesday, calling on firms worldwide to strengthen their defences.

Recommended for you

Balancing nuclear and renewable energy

April 25, 2018

Nuclear power plants typically run either at full capacity or not at all. Yet the plants have the technical ability to adjust to the changing demand for power and thus better accommodate sources of renewable energy such as ...

Researchers 3-D print electronics and cells directly on skin

April 25, 2018

In a groundbreaking new study, researchers at the University of Minnesota used a customized, low-cost 3D printer to print electronics on a real hand for the first time. The technology could be used by soldiers on the battlefield ...

Electrode shape improves neurostimulation for small targets

April 24, 2018

A cross-like shape helps the electrodes of implantable neurostimulation devices to deliver more charge to specific areas of the nervous system, possibly prolonging device life span, says research published in March in Scientific ...

China auto show highlights industry's electric ambitions

April 22, 2018

The biggest global auto show of the year showcases China's ambitions to become a leader in electric cars and the industry's multibillion-dollar scramble to roll out models that appeal to price-conscious but demanding Chinese ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

Doug_Huffman
not rated yet Apr 18, 2015
A secret shared, a privacy exposed, a private part revealed is bared to cyberspace, and that night has a thousand eyes.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.