Explanation of Security Risks in Google Translate

While free translation tools such as Google Translate are convenient, using them for business purposes carries the risk of information leakage.
This article explains the security risks associated with free translation tools like Google Translate, actual cases of information leakage, and measures to prevent information leakage from translation tools.

 

Is it okay to use Google Translate for business?

In short, it is "not allowed."
While Google Translate is highly convenient, careful judgment is required when using it in business settings, especially for tasks involving confidential information.

Generally, for paid translation engines provided to corporations, it is customary to sign a "Non-Disclosure Agreement (NDA)" with the provider.
In the case of cloud-based services, clauses may explicitly state that translated documents will not be repurposed for other uses or that corpora will not be shared.
Also, for on-premises systems built within an internal network, there is no need to connect to the internet, which significantly reduces the risk of information leakage via the internet in the first place.

On the other hand, free translation services like Google Translate, which anyone can use from a browser, usually do not have a confidentiality agreement between the engine provider and the user or company.
Therefore, the data entered may be used by the service provider for the purpose of "improving translation accuracy."

In the past, there have been cases where emails from government ministries and banks entered into free translation services became accessible from outside, causing a major social issue.
Prioritizing convenience alone and casually inputting highly confidential documents or internal emails into free translation services like Google Translate poses an extremely high risk to organizational security management.

How Google Translate's security risks work

Why does using free translation services like Google Translate directly lead to the risk of information leakage?
The answer lies in the service's "Terms of Use" and "Data Processing Procedures."

Many free translation services, including Google Translate, include a clause in their terms stating
that "the input content can be used for maintaining and improving the service, as well as for developing new services."

This means that the moment the user presses the translate button, they are considered to have consented to the secondary use of that information.
The entered text is accumulated as training data for artificial intelligence (AI), and in some cases, it may be reflected in other users' translation results or published as part of the system.
To give a more concrete example, there is a possibility of a leakage phenomenon where the entered content is published as is, or client names and confidential information appear in the translation results of unrelated third parties.

There is also the technical issue of caching (temporary storage).
Free translation services, including Google Translate, may retain translated content on their servers for a certain period to speed up processing. There is a risk that this stored data could be exposed to cyberattacks or become searchable from outside due to misconfigurations, leading to unintended information leaks.

Cases of information leaks caused by free translation tools

Regarding information leaks from free translation tools, looking back at actual cases reveals the significant impact they have had.

In 2015, it was discovered that confidential information from multiple companies and public institutions, entered into a certain free translation service, was left publicly accessible as-is, resulting in numerous leaks of confidential information.
The leaked information included not only customers' personal data and bank transaction details but also information classified as national secrets by government agencies.

The core issue lies in individual employees and staff mistakenly believing that "the input content on translation sites is a private space viewed only by themselves."
However, in reality, the entered information is transmitted to external servers via the public network known as the Internet. Once information has leaked onto the Internet, it is extremely difficult to completely delete it.
Even if there was no malicious intent, using external translation services beyond the organization's control and not having translation tools covered by an NDA as a company or organization itself pose risks.

Using tools without company approval for business purposes has become a major issue in recent years as "Shadow IT."
There are risks not only of information leaks but also of unauthorized access and virus infections, and it could lead to disciplinary dismissal. Therefore, never use tools or personal devices that are not approved by your employer for work purposes.

The next chapter explains the measures organizations can take against the risk of information leakage from translation tools.

Three concrete measures companies can take to prevent information leaks

"Then, let's notify employees not to use Google Translate."
Employee education is also effective as a measure against information leaks, but if translation is necessary for work, simply urging "let's not use it" will have low effectiveness.
To control the risks associated with translation and information leaks as an organization, an approach from both institutional and technical perspectives is necessary.

First, establish and communicate clear translation guidelines.
Define clearly up to what level of information the use of free translation tools is permitted, or whether it is prohibited company-wide.
In particular, it is important to enforce operational rules such as masking confidential information like customer names, project names, and specific figures before sending them to translation tools.

Second, it is important to continuously provide information literacy education to employees.
They should develop the habit of reviewing terms of service and understand that, not only for translation tools but for all free services, there is an inherent cost of "data provision = information leakage."

Third, the provision of a "corporate translation infrastructure tool" with guaranteed security.
Instead of allowing individual discretion to use external tools, the organization establishes a safe translation environment that it approves. This enables you to keep the flow of information under your company's control without compromising employee convenience.

How to safely use Google Translate and DeepL: Introduction to MTrans

A practical solution for utilizing advanced translation engines like Google Translate and DeepL while eliminating security risks is Human Science's "MTrans".

MTrans integrates with each translation engine via an API.
This "API connection" is the key to security.
Providers such as Google and DeepL clearly stipulate in their terms that data sent via the API will not be used for learning or secondary use. In other words, by using MTrans, you can maintain translation accuracy while protecting confidential information during your work.
Translation data is managed in separate databases for each corporation, preventing viewing or reuse by other users.

> Reference: MTrans Security Policy

Furthermore, it is equipped with robust features for organizational management.
・Access restrictions by IP address
・Authentication integration via Single Sign-On (SSO)
・Log management
and other functions directly linked to strengthening corporate governance.

The convenience of free tools and the strict security required by corporations.
Balancing these two is an unavoidable challenge in modern business.
MTrans solves this challenge and can safely improve organizational productivity.

A 14-day free trial is currently available. Please feel free to apply.