Red alert! Google assembles crack team to AVOID privacy gaffes
Just how can we stop our dastardly behaviour attracting the Feds?
Google has answered the beeping red telephone, pressed the red button and assembled a "red team" as it's known in security parlance - all after seeing red over the US Federal Trade Commission's small-change fine for tracking Safari users.
The team will try to crack Google's software and penetrate its networks to critically examine the ad giant's engineering skills, a move supposedly in response to the embarrassing privacy cock-up relating to Apple's web browser, which the FTC recently settled.
The ad reads:
As a Data Privacy Engineer at Google you will help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users. Specifically, you will work as member of our Privacy Red Team to independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today.
Top candidates will have an intimate knowledge of the inner workings of modern web browsers and computer networks, enjoy analysing software designs and implementations from both a privacy and security perspective, and will be recognised experts at discovering and prioritising subtle, unusual, and emergent security flaws.
Damage limitation is becoming increasingly important to Google, given the high-profile probes of its business practices on both sides of the Atlantic in relation to its data handling over the past few years. ®
The reality of the job is you need to find better ways to invade people's privacy without getting caught.
As a Data Privacy Engineer at Google you will help insure that when we make future "mistakes" (hahahahaha), that those "mistakes" (hahahahaha) will follow our tradition of always compromising privacy and never protecting it. You will further insure that those "mistakes" (hahahahaha) will be so subtle that they will never come to the attention of government regulators. Alternately, we may decided that if you cannot detect those "mistakes" (hahahahaha) then government regulators won't catch them either.
A detailed knowledge of browsers and an intimate familiarity with Monty Python are required.
Re: Penetration Engineers
There's plenty of good pen testing companies in the UK.. I have a friend that works for one.. but they don't just test your systems that have a link to the plebs on t'internt.. these guys will show up in suits, with fake ID cards and try and get physical access to your boxes... all payed for by the company being hit, of course..
You'd be surprised how often a bit of social engineering works..