Google Warns EU Rule Changes Risk Search Data Hacks
Certain
provisions of the Digital Markets Act (DMA) could lead to increased fraud and
the de-anonymization of search queries. This warning was issued by Google’s
security and data protection managers, reports WIRED, citing documents. The
European Commission is currently preparing final decisions on cases involving
Google Search and Android’s compliance with existing legislation. The DMA,
adopted at the end of 2022, aims to compel major platforms to open their
systems and data to competitors. In April, the European Commission clarified
how Google should share information. Competitors will gain access to data at a
level comparable to what the corporation itself uses, including search query
texts, some metadata, click information, and ranking results. Heather Adkins,
Google’s Vice President of Security, told WIRED that the current requirements
could negatively impact EU users. The company estimates that fraud cases will
increase, and the new DMA provisions, if adopted, pose a risk of de-anonymizing
queries and make such data sets more attractive targets for hackers. The
European Commission proposes minimizing risks by prohibiting the
re-identification of users and enhancing the security of sensitive information
storage. However, the American corporation argues that these measures are
insufficient: data will need to be shared with greater detail, and
anonymization methods are vulnerable to hackers. Independent security expert
Lukasz Olejnik wrote in his blog that data sanitization is inadequate for this
scale. In contrast, DuckDuckGo believes that “the European Commission’s
approach fits within the existing legal framework,” while Alice Cooper,
Executive Director of the Knight-Georgetown Institute, told WIRED that the
proposed data-sharing regime is sustainable and suggested involving independent
experts for review. A separate set of requirements pertains to Android. Eugene
Liderman, responsible for the operating system’s security, warned that
malicious actors could exploit broader access to permissions, microphones,
cameras, and screen information. According to WIRED, Apple’s position partially
supports Google’s stance on this issue. Previously, the company Anthropic, best
known as the developer of the chatbot Claude, published proposals for the safe
deployment of AI agents in corporate environments.

No comments: