Faced with a series of high-profile privacy gaffes, Google intends to hire computer "ninjas" to flag potential snafus before they pose problems.
The company recently
posted a job announcement seeking data privacy engineers for the "privacy red team." The company says in the job description that it's seeking candidates to "independently identify, research, and help
resolve potential privacy risks across all of our products, services, and business processes in place today."
Google's move comes two weeks after the company agreed to pay $22.5 million to settle privacy charges brought by the
Federal Trade Commission. The fine in that case resulted from Google's decision to circumvent the no-tracking settings on the Safari browser.
In that situation, as in other recent gaffes,
Google appeared surprised by the privacy implications of a feature it developed. The company said it began using a workaround to Safari's no-tracking settings in order to allow people to like ads with
the +1 button. But once the workaround was in place, Google's DoubleClick was able to track people in order to target ads to them, based on their Web-surfing history. Google said it didn't realize
that the workaround would result in tracking users for ad-targeting purposes.
News of the workaround came to light in February, when graduate student Jonathan Mayer published a report
outlining how Google and three other companies -- PointRoll, Vibrant Media and WPP's Media Innovation Group -- were bypassing Safari's settings.
This isn't the only time that Google was
exposed for violating people's privacy. In 2010, it came to light that Google's Street View cars collected payload data -- including URLs, passwords and emails -- sent over unencrypted WiFi networks.
Google apologized for the interception, and said it intended to destroy the data.
Google also settled FTC charges stemming from the launch of the defunct social network Buzz, which exposed
some users' email contacts by default.
Privacy expert Jules Polonetsky, director and co-chair of the think tank Future of Privacy Forum, says he expects that other companies will follow
Google's lead and hire their own "white-hat" privacy hackers in order to discover problems before independent experts like Mayer. "It's in line with the trend in a number of areas to find
problems before your critics do, and try to fix them before someone turns them into a story," he says.
Google isn't the only company that independent computer experts have caught in privacy
glitches. Last year, Australian developer Nic Cubrilovic reported on his blog that Facebook was able to identify users when they visited sites with the "like" button or other social widgets -- even
when those users were logged out of the social networking service.
In another example, privacy researcher Ashkan Soltani exposed analytics company KISSmetrics' use of ETag technology, which
enabled companies to profile users who delete their cookies.
Polonetsky adds that hiring privacy hackers will help uncover issues, but is only a first step toward fixing them. "You need smart
decision-making to deal with the flaws that you uncover," he says.
Image by Shutterstock