A week after Google settled with the U.S. Federal Trade Commission over the bypassing of Safari privacy and security settings, Google is looking to build up its 'red team' of experts to weed out privacy bugs and risks in its products.
One job listing for Google's headquarters in Mountain View, CA, suggests a red team could be on the cards -- or already in place and set to expand.
Google is specifically looking for a "data privacy engineer" for its "privacy red team" where:
...you will help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users.
Specifically, you will work as member of our Privacy Red Team to independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today.
A red team typically works independently and internally at a company to shine a bright light on policies, the workforce, or products and services. Consider it like quality control to the next level in order to make the organization work and flow better. Matters of privacy and security are no different.
As Google describes it in the job listing: "We're back-end ninjas: protecting your privacy, ensuring your security and leaving no trace behind."
According to Kaspersky Lab's ThreatPost, while the concept of a 'red team' is not new -- used by companies for years as part of efforts to circumvent systems before black-hat hackers can -- Google's move to focus on privacy is "perhaps a unique one."
Why the move? The FTC dished out a $22.5 million penalty earlier this month after Google was found to have circumvented the Safari browser's privacy and security settings to set cookies when the browser should have prevented it. Google did not admit fault or guilt, which is why Google was given only a penalty, not a fine.
While Google's move to beef up its privacy perception may have come too late, it's certainly a step in the right direction. It comes later on in the year after Google melded together its privacy policies across 70-odd-services to allow greater data sharing across users' services.
Privacy advocates and European legislators alike cried foul at the move, arguing that advertisements could be targeted more directly at users, and government requests for data would become easier as the fragmentation of services would no longer exist.
As privacy policies and legislation becomes more intertwined and complex, the onus falls on the company providing the service rather than the user just accepting a lengthy, unread terms and conditions.
Questions were left with Google U.K. outside U.S. business hours, and we'll add more if we hear back.