Google Building Privacy Red Team

Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in the company’s products.

Red TeamGoogle, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in the company’s products.

The concept of a red team is one that’s been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area.

But Google’s concept of building an internal team to look critically at engineering and other decisions in the company’s products and services that could involve user privacy risks is perhaps a unique one. The company has been a frequent target for criticism from privacy advocates and government agencies regarding its privacy practices. The most recent incident was the settlement with the FTC earlier this month in a case that revolved around whether Google was circumventing the browser settings on Safari to place tracking cookies on users’ machines. While not admitting any fault, Google agreed to pay the $22.5 million fine, the highest ever in such a case.

Now, Google is looking to change the perception of its privacy practices and improve the way that its products and services handle user data with regard to privacy preferences. The company has posted a job ad for a data privacy engineer for the new red team, and the description of the engineer’s responsibilities show that the job will cover a wide range of areas.

“As a Data Privacy Engineer at Google you will help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users. Specifically, you will work as member of our Privacy Red Team to independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today. Top candidates will have an intimate knowledge of the inner workings of modern web browsers and computer networks, enjoy analyzing software designs and implementations from both a privacy and security perspective, and will be recognized experts at discovering and prioritizing subtle, unusual, and emergent security flaws,” the listing says.

The main objective for the engineer will be to look at Google’s products and services and ensure that they all fall in line with the company’s privacy standards and practices. The red team engineer also will be involved in making and evaluating design decisions as they relate to privacy.
Google’s Web properties are extensive and permeate most aspects of users’ online lives, including email, social networking, photo sharing, online shopping and, of course, search. As most large Web companies do, Google has had privacy policies for each of its properties and services, but earlier this year the company announced that it was revising its privacy policies and boiling them down to one over-arching privacy policy. That didn’t sit well with some users or privacy advocates, who noted that users didn’t have the ability to opt out of the company’s new data-gathering process.

Suggested articles

Discussion

  • Anonymous on

    ROFLS

  • Band0r on

    AUDIT. AUDIT. AUDIT!

  • Anonymous on

    Given Google's habit of disingenuously violating FTC privacy agreements and paying huge fines for such violations, what guarantees do we have that these "Red Teams" and their work to find privacy threatening anomalies are real and not illusory? I recently declined a friend's offer to join his Google+ circle, because of reports that messages posted to those circles were searchable and accessible through searches on the Google search engine. He now wants to quit Google+, but I advised him to first search for messages either posted by, or to him on the search engine. Will Google's reputation become as sordid as that of Facebook regarding users' privacy? Only time will tell.

  • Mike on

    Insane. It sounds like: "yeah, you know, we didn't have ANY form of privacy audits so far, your data was constantly leaking, but now we finally got it!".

    Come on, I mean: come on ...  That's one of many reasons I don't use Google, Bing, Facebook, etc.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.