Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in the company’s products.
The concept of a red team is one that’s been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area.
But Google’s concept of building an internal team to look critically at engineering and other decisions in the company’s products and services that could involve user privacy risks is perhaps a unique one. The company has been a frequent target for criticism from privacy advocates and government agencies regarding its privacy practices. The most recent incident was the settlement with the FTC earlier this month in a case that revolved around whether Google was circumventing the browser settings on Safari to place tracking cookies on users’ machines. While not admitting any fault, Google agreed to pay the $22.5 million fine, the highest ever in such a case.
Now, Google is looking to change the perception of its privacy practices and improve the way that its products and services handle user data with regard to privacy preferences. The company has posted a job ad for a data privacy engineer for the new red team, and the description of the engineer’s responsibilities show that the job will cover a wide range of areas.
“As a Data Privacy Engineer at Google you will help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users. Specifically, you will work as member of our Privacy Red Team to independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today. Top candidates will have an intimate knowledge of the inner workings of modern web browsers and computer networks, enjoy analyzing software designs and implementations from both a privacy and security perspective, and will be recognized experts at discovering and prioritizing subtle, unusual, and emergent security flaws,” the listing says.
