Google Building Privacy Red Team

ID THREATPOST:E25A2F0F343F64F5654165BE18E1B19E
Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:31:40


Red TeamGoogle, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in the company’s products.

The concept of a red team is one that’s been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area.

But Google’s concept of building an internal team to look critically at engineering and other decisions in the company’s products and services that could involve user privacy risks is perhaps a unique one. The company has been a frequent target for criticism from privacy advocates and government agencies regarding its privacy practices. The most recent incident was the settlement with the FTC earlier this month in a case that revolved around whether Google was circumventing the browser settings on Safari to place tracking cookies on users’ machines. While not admitting any fault, Google agreed to pay the $22.5 million fine, the highest ever in such a case.

Now, Google is looking to change the perception of its privacy practices and improve the way that its products and services handle user data with regard to privacy preferences. The company has posted a job ad for a data privacy engineer for the new red team, and the description of the engineer’s responsibilities show that the job will cover a wide range of areas.

“As a Data Privacy Engineer at Google you will help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users. Specifically, you will work as member of our Privacy Red Team to independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today. Top candidates will have an intimate knowledge of the inner workings of modern web browsers and computer networks, enjoy analyzing software designs and implementations from both a privacy and security perspective, and will be recognized experts at discovering and prioritizing subtle, unusual, and emergent security flaws,” the listing says.

The main objective for the engineer will be to look at Google’s products and services and ensure that they all fall in line with the company’s privacy standards and practices. The red team engineer also will be involved in making and evaluating design decisions as they relate to privacy.

Google’s Web properties are extensive and permeate most aspects of users’ online lives, including email, social networking, photo sharing, online shopping and, of course, search. As most large Web companies do, Google has had privacy policies for each of its properties and services, but earlier this year the company announced that it was revising its privacy policies and boiling them down to one over-arching privacy policy. That didn’t sit well with some users or privacy advocates, who noted that users didn’t have the ability to opt out of the company’s new data-gathering process.