After a series of recent privacy gaffes, Google (GOOG) is soliciting software experts to apply for a special team of “back-end ninjas” who are focused on spotting and resolving user privacy issues in the company’s
products.
Google won’t say if its “Privacy Red Team” is new, but several outside observers said they hadn’t heard of it before the job listing surfaced on the company’s website this week.
Many companies and even government agencies use so-called “red teams” of security experts who try to spot holes and weaknesses before outsiders can exploit them. But the concept of a team focused specifically on privacy issues “is perhaps a unique one,” according to Dennis Fisher of the security software firm Kaspersky Labs, who blogged about the posting this week.
“If this is a new emphasis on privacy, that would be a good thing,” added John Simpson of Consumer Watchdog, an advocacy group that has criticized Google for its privacy practices.
The giant Internet company is increasingly collecting data from users as it seeks to improve its delivery of Web-based advertising and services. But it’s had some missteps, including complaints about how it gathers and retains information.
Two years ago, Google said it would tighten its procedures after acknowledging that its Street View cars had collected user data from unencrypted Wi-Fi networks. In a separate case, the company agreed last month to pay a record $22.5 million fine over federal allegations that it had improperly tracked users of Apple’s (AAPL) Safari Web browser. Google didn’t admit wrongdoing in the latter case; it has said any privacy breaches were inadvertent.
After the Street View episode, Google named veteran engineer Alma Whitten as director of privacy and said she would be getting additional staff to “build effective privacy controls into our products and internal practices.”
Google’s new job posting describes an opening for a “data privacy engineer” who will work as a member of the Red Team to “independently identify” and “help resolve potential privacy risks across all of our products, services and business processes.”
The job involves ensuring that Google’s software and services “are in line with Google’s stated privacy policies, practices and the expectations of users,” according to the post. It says applicants should have security engineering and cryptography skills, along with experience in “vulnerability research, penetration testing and code-level security auditing of complex web applications.”
With typical Google verve, the listing also says the position is part of a larger group of “back-end ninjas: protecting your privacy, ensuring your security and leaving no trace behind.”
A Google representative declined to discuss the Red Team or how it fits into the company’s privacy efforts. Google also currently has postings for other engineering and legal positions that focus in part on privacy issues. But one observer said the Red Team listing seems focused more on technical skills than policy expertise.
“Some of the things for which Google has gotten into hot water revolve around policy positions, or decisions they’ve made,” said Greg Sterling, a senior analyst at Opus Research, who added: “That has nothing to do with technical glitches in their system.”
He cited a dispute with European regulators over Google’s data retention practices, and another case where Google consolidated privacy policies for different products in a way that critics said could catch users by surprise.
On the other hand, Sterling said the Street View case, in which Google said its vehicles were inadvertently collecting Wi-Fi data, might be an example where “somebody on this team could have flagged that as an issue and elevated it to a higher level of attention in the company.”
Contact Brandon Bailey at 408-920-5022; follow him at Twitter.com/BrandonBailey
Thu, Aug 23, 2012 at 3:06 pm