Christopher Soghoian
Christopher Soghoian | |
---|---|
Born | 1981 (age 42–43) San Francisco, California, U.S. |
Education | James Madison University (BS) Johns Hopkins University (MS) Indiana University Bloomington (PhD) |
Occupation(s) | Researcher and activist |
Known for | Security and privacy activism |
Website | Dubfire.net |
Christopher Soghoian (born 1981) is a privacy researcher and activist. He is currently working for Senator Ron Wyden as the senator’s Senior Advisor for Privacy & Cybersecurity. From 2012 to 2016, he was the principal technologist at the American Civil Liberties Union.
Personal life
Soghoian is the nephew of
Education
Soghoian, who holds British and US nationality,[1] received a B.S. from James Madison University (Computer Science; 2002), a Masters from Johns Hopkins University (Security Informatics; 2005), and a PhD from Indiana University (Informatics; 2012). His dissertation focused on the role that third-party internet and telecommunications service providers play in facilitating law enforcement surveillance of their customers.[2]
Soghoian is a visiting fellow at
Government surveillance research and activism
Soghoian's research and advocacy is largely focused on government surveillance. His research has shed significant light on the use of sophisticated surveillance technologies by US law enforcement agencies, exposing such techniques to public debate and criticism.
In December 2009, while an employee of the
External videos | |
---|---|
Government surveillance — this is just the beginning on YouTube, Christopher Soghoian, TED talks , March 5, 2014 |
In a February, 2012, public speech, Soghoian criticized the commercial market for so called
In an August, 2013, presentation at the hacker conference
Encryption activism
In June 2009, Soghoian co-authored an open letter to Google with[13] 37 prominent security and privacy experts, urging the company to protect the privacy of its customers by enabling HTTPS encryption by default for Gmail and its other cloud based services.[14] In January 2010, Google enabled HTTPS by default for users of Gmail,[15] and subsequently for other products, including search. According to Google, it was already considering HTTPS by default.[16] Soghoian has in recent years continued his HTTPS advocacy, calling on news media, law firms, government agencies and other organizations to encrypt their own websites.[17]
Consumer privacy research and activism
Between 2009 and 2010, he worked for the US Federal Trade Commission as the first ever in-house technical advisor to the Division of Privacy and Identity Protection.[18] While at the FTC, he assisted with investigations of Facebook, Twitter, MySpace and Netflix.
In October 2010, Soghoian filed a complaint with the FTC, in which he claimed that Google was intentionally leaking search queries to the sites that users visited after they clicked on a link from the search results page.[19] Two weeks later, a law firm filed a class action lawsuit against Google for this practice. The lawsuit extensively quoted from Soghoian's FTC complaint.[20] In October 2011, Google stopped leaking search queries to the sites that users visited,[21] and then in 2015, the company settled the search query leakage class action lawsuit for 8.5 million dollars.[22]
In May 2011, Soghoian was approached by public relations firm
In May 2011, Soghoian filed a complaint with the FTC, in which he claimed that online backup service Dropbox was deceiving its customers about the security of its services.[24] Soon after Soghoian first publicly voiced his concerns, Dropbox updated its terms of service and privacy policy to make it clear that the company does not in fact encrypt user data with a key only known to the user, and that the company can disclose users' private data if forced to by law enforcement agencies.
Boarding pass security
Soghoian first gained public attention in 2006 as the creator of a website that generated fake airline boarding passes. On October 26, 2006, Soghoian created a website that allowed visitors to generate fake boarding passes for Northwest Airlines. While users could change the boarding document to have any name, flight number or city that they wished, the generator defaulted to creating a document for Osama bin Laden.
Soghoian claimed that his motivation for the website was to focus national attention on the ease with which a passenger could evade the
and security expert Bruce Schneier.[28]On October 27, 2006, then-Congressman
References
- ^ Brown, David. FBI foils student's air scam site The Times November 3, 2006
- ^ Soghoian, Christopher (August 1, 2012). "The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance" (PDF). Retrieved December 23, 2012.
- ^ Hill, Kashmir (December 6, 2010). "FTC Hires Hacker to Help With Privacy Issues. It Didn't Last". Forbes.
- ^ Zetter, Kim (December 1, 2009). "Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year". Wired News. Retrieved May 15, 2010.
- ^ United States v. Pineda-Moreno, 617 F.3d 1120 (9th Cir. 2010).
- ^ Naraine, Ryan (February 16, 2012). "'0-day exploit middlemen are cowboys, ticking bomb'". ZDNet. Retrieved November 9, 2014.
- ^ Greenberg, Andy (March 23, 2012). "Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits". Forbes. Retrieved November 9, 2014.
- ^ Nakashima, Ellen (October 7, 2014). "The ethics of Hacking 101". Washington Post. Retrieved November 9, 2014.
- ^ Perlroth, Nicole (July 13, 2013). "Nations Buying as Hackers Sell Flaws in Computer Code". New York Times. Retrieved November 9, 2014.
- ^ Valentino-DeVries, Jennifer (August 3, 2013). "FBI Taps Hacker Tactics to Spy on Suspects". Wall Street Journal. Retrieved November 9, 2014.
- ^ Nakashima, Ellen (October 28, 2014). "FBI lured suspect with fake Web page, but may have leveraged media credibility". Washington Post. Retrieved November 9, 2014.
- ^ Grygiel, Chris (November 7, 2014). "FBI says it impersonated AP reporter in 2007 case". Associated Press. Retrieved November 9, 2014.
- ^ Soghoian, Christopher (June 16, 2009). "An open letter to Google's CEO, Eric Schmidt". Archived from the original on June 20, 2009. Retrieved June 20, 2009.
- ^ Helft, Miguel (June 16, 2009). "Gmail to Get More Protection From Snoops". The New York Times – Bits Blog. Retrieved June 20, 2009.
- ^ Schillace, Sam (January 12, 2010). "Default HTTPS Access For Gmail". The Official Gmail Blog. Retrieved May 15, 2010.
- ^ https://static.googleusercontent.com/media/www.google.com/en/us/googleblogs/pdfs/google_httpsresponse.pdf [bare URL PDF]
- ^ Braga, Matthew (October 1, 2014). "The Fight for HTTPS". Fast Company. Retrieved November 9, 2014.
- Wired.com. Retrieved November 20, 2009.
- ^ DeVries, Jenifer Valentino (October 7, 2010). "Former FTC Employee Files Complaint Over Google Privacy". Wall Street Journal. Retrieved November 9, 2014.
- ^ Krazit, Tom (October 26, 2010). "Lawsuit targets Google over Web referrals". CNET.
- ^ Sullivan, Danny (September 6, 2013). "Google's Plan To Withhold Search Data & Create New Advertisers". Search Engine Land.
- ^ Davis, Wendy (April 3, 2015). "Google's $8.5 Million Data-Leak Settlement Wins Approval". MediaPost.
- ^ Helft, Miguel (May 13, 2011). "Facebook, Foe of Anonymity, Is Forced to Explain a Secret". The New York Times. Retrieved July 17, 2011.
- ^ Singel, Ryan (May 13, 2011). "Dropbox Lied to Users About Data Security, Complaint to FTC Alleges". Wired News. Retrieved July 17, 2011.
- ^ Soghoian, Christopher (October 26, 2006). "Chris's NWA Boarding Pass Generator". Retrieved March 5, 2007.
- ^ Schumer, Charles E. (February 13, 2005). "Schumer reveals new gaping hole in air security". Archived from the original on November 21, 2006. Retrieved November 30, 2006.
- ^ Schumer, Charles E. (April 9, 2006). "Schumer Reveals: In Simple Steps Terrorists Can Forge Boarding Pass And Board Any Plane Without Breaking The Law!". Archived from the original on June 28, 2007. Retrieved November 30, 2006.
- ^ Schneier, Bruce (August 15, 2003). "Flying on Someone Else's Airplane Ticket". Crypto-Gram. Retrieved November 30, 2006.
- ^ Singel, Ryan (October 27, 2006). "Congressman Ed Markey Wants Security Researcher Arrested". Wired News. Retrieved December 24, 2012.
- ^ Krebs, Brian (November 1, 2006). "Student Unleashes Uproar With Bogus Airline Boarding Passes". Washington Post. Retrieved November 30, 2006.
- ^ Singel, Ryan (November 29, 2007). "Is A Gov Shutdown of a Website Without A Court Order Illegal? Supreme Court Suggests Yes". Wired News. Retrieved March 5, 2008.
- ^ Kantor, Andrew (November 2, 2006). "Simple tricks stir government's hysteria". USA Today. Retrieved November 14, 2014.
- ^ "IU Student, Focus of FBI Probe, Speaks Out". TheIndyChannel.com. Archived from the original on September 27, 2007. Retrieved November 30, 2006.
- ^ Kane, David (June 6, 2007). "Warning Notice, page 1". Transportation Security Administration. Retrieved July 23, 2007.
- ^ Kane, David (June 6, 2007). "Warning Notice, page 2". Transportation Security Administration. Retrieved July 23, 2007.
Sources
- (in French) Yves Eudes, Hacker vaillant rien d'impossible, Le Monde, November 17, 2012, pp. 36–37. Also published in Le Temps, Saturday December 8, 2012, pp. 26–27
- Glenn Fleishman, A knight in digital armour, The Economist, September 1, 2012
- Mike Kessler, The Pest Who Shames Companies Into Fixing Security Flaws, Wired, November 23, 2011