On the heels of a $22.5 million fine from the Federal Trade Commission in July for allegedly bypassing the privacy settings of Apple’s Safari Web browser, Google is looking to hire a new privacy engineer for its Privacy Red Team that adds an extra layer of scrutiny to its security practices.
In a posting on the Google Jobs Website, Google says it is seeking a new data privacy engineer to “help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users. Specifically, you will work as a member of our Privacy Red Team to independently identify, research and help resolve potential privacy risks across all of our products, services and business processes in place today.”
A “red team” in enterprise IT typically is a fast-response group that pays extra attention to security and privacy issues at every level, making sure that systems, personnel and practices are secure and battened down.
“Top candidates will have an intimate knowledge of the inner workings of modern Web browsers and computer networks, enjoy analyzing software designs and implementations from both a privacy and security perspective, and will be recognized experts at discovering and prioritizing subtle, unusual and emergent security flaws,” according to the job posting.
Google declined to comment on whether the new hire would be the first-ever appointment to a red team that is being newly established or if the company is adding to an existing red team inside Google. The search giant hasn’t publicized the work of a security “red team” before, so its remains a mystery as to whether the red team is new or expanding.
“We are always on the lookout for talented people in a variety of roles,” said a Google spokesman, without giving any further details about the job posting.
Google’s posting said the company is seeking candidates for the job who can:
- analyze software and services from a privacy perspective, ensuring they are in line with Google’s stated privacy policies, practices and the expectations of its users;
- research, document and help remediate design decisions, operating procedures or processes that may directly or indirectly contribute to future privacy risk; and
- promote the use of cutting-edge browser and application-level technologies to maintain the privacy of key user data.
Whether or not the new job posting is related to July’s $22.5 million FTC fine is sheer speculation, but it is possible that Google is expanding its security and privacy efforts to help it avoid future such incidents.
The case was the result of allegations earlier this year that Google used code to bypass Safari privacy settings that blocked user tracking cookies by default. The code enabled the browser to accept cookies. Google disabled the code soon after reports of the issue surfaced, stating at the time the situation was unintentional and that the ad cookies did not collect personal information.
The FTC fine was just the latest entry in a long list of privacy battles between Google and government regulators. In 2011, Google settled with FTC regarding privacy complaints about its Google Buzz social network. As part of that settlement, Google agreed to adopt a privacy program as well as submit to an independent privacy audit every other year for the next two decades.
In April, the Federal Communications Commission fined Google $25,000 after finding the company “deliberately impeded and delayed” an investigation into how it collected data for Google Street View, a technology featured in Google Maps and Google Earth that provides a panoramic view from positions on streets across the world.
After the FCC fine, the Electronic Privacy Information Center (EPIC) wrote a letter to the U.S. Attorney General’s Office requesting an investigation into Google to determine if any laws had been broken.
