June 15, 2022

Opportunity: Security Engineering Support – Data Rights Protocol

Ginny Fahs

Ginny Fahs is Associate Director of Product R&D at CR Digital Lab, where she leads a team pioneering new ways for consumers to take control of their data and digital lives.

We’re seeking a security engineer with a passion for privacy to contract with the Digital Lab team. This is a remote consulting opportunity for a seasoned engineer who wants to work on an open standards project and cares about advancing digital rights in the United States.

 

Scope:

  • You will be supporting the security development of the Data Rights Protocol. Data Rights Protocol (DRP) is a technical standard for exchanging data rights requests between businesses that help operationalize consumer privacy rights;
  • You will be collaborating with a scrappy innovation team of interdisciplinary technologists, researchers, social entrepreneurs, and product experts within Consumer Reports Digital Lab. You’ll also liaise with up to a dozen companies co-developing DRP alongside Consumer Reports;
  • Engage with business, legal, and technical stakeholders in the DRP consortium to articulate security requirements and brainstorm ways to satisfy them;
  • Help determine our threat model, security strategy and best practices; help design a trust framework that meets requirements;
  • Provide technical guidance on problem identification, protocol development, and implementation tradeoffs;
  • Refine our end-to-end testing framework to test for security in all protocol implementations
  • Document decisions and recommend process improvements and workflows to help better standardize data requests for consumers;
  • Help leverage the latest open source advancements and industry standardization efforts for security;
  • Participate in governance conversations with technical and business leadership to provide a security perspective.

 

Qualifications:

  • Solid understanding and hands-on experiences with security system development, as well as data safety, and web API security best practices;
  • Strong problem solving and coding skills;
  • Proven experience developing, operating and maintaining security systems;
  • Entrepreneurial mindset and nimble approach to standards development;
  • Highly motivated and able to work both independently and across multiple teams;
  • Available to collaborate on U.S. hours (our team is split between Eastern and Pacific time zones)
  • Curiosity about privacy, data rights, consumer protection, or public interest technology;
  • Bonus points for B2B security experience, experience developing open standards, experience in multi-party systems like supply chains, federations, payment networks, etc.


This is a contract opportunity, working remotely. Time commitment is estimated at 20-30 hours per week.

 

Interested applicants should get in touch, explain their interest and qualifications and attach a resume or CV. To apply or request more information, contact digitallab@cr.consumer.org.
 

Background:

Consumer Reports is a trusted and nationally recognized non-profit with an 85 year history conducting policy work at the federal and state levels. The CR Digital Lab builds consumer power in the digital economy, integrating research, products and advocacy to tilt the marketplace towards fairness and safety for consumers.


U.S. consumers have little control over the collection and sale of their personal data, which leads to profiling, manipulation, price discrimination and other practices that cut against consumers’ best interests. Regulations such as California’s CCPA and Europe’s GDPR seek to restore power to individuals but depend on consumers’ ability to meaningfully exercise their data rights.


In 2018, CR helped pass the California Consumer Privacy Act (CCPA). Mid-2020, the CR Digital Lab conducted a participatory study to understand how the CCPA is working for consumers and learned just how tough it can be for Californians to use the privacy rights the CCPA grants. We also launched two pilot programs focused on the CCPA’s “authorized agent” provision (§999.326.), which allows consumers to designate a third party to issue data requests to companies on their behalf. Data Rights Protocol has its roots in these research investigations.


We continue to lay practical foundations for consumer data control in the U.S. through new products and services that help consumers manage their data. The work is crucial because, without good tooling, even highly-engaged and interested consumers are unlikely to be able to meaningfully control their data or benefit from their right to privacy.

More From Digital Lab

Edit This
Bitnami