Christopher Soghoian: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
tidy up
Tag: blanking
m Reverted edits by 73.86.239.137 (talk) to last version by JJMC89 bot
Line 13: Line 13:
}}
}}


'''Christopher Soghoian''' (born 1981) is a privacy researcher and activist.
'''Christopher Soghoian''' (born 1981) is a privacy researcher and activist. He is currently the principal technologist at the [[American Civil Liberties Union]].


==Personal life==
From 2012 to 2016, Soghoian was the principal technologist for the [[American Civil Liberties Union]]. Prior to that, he worked for the US [[Federal Trade Commission]] as the first ever in-house technical advisor to the Division of Privacy and Identity Protection.<ref>{{cite news |url=http://www.wired.com/threatlevel/2009/08/soghoian-joins-ftc/ |title=Outspoken Privacy Advocate Joins FTC |work=[[Wired.com]] | first=Kim |last=Zetter |date=August 17, 2009 |accessdate=2009-11-20}}</ref>
Soghoian is the nephew of [[Sal Soghoian]], the Automation Product Manager at [[Apple Inc.]], responsible for [[AppleScript]] and [[Automator]].<ref>http://www.dailyprogress.com/obituaries/soghoian-stephen-avedis/article_3e4c7c4d-735e-559b-be67-6ae6e2e2742e.html</ref>


==Education==
==Education==
Soghoian received a B.S. from [[James Madison University]] (Computer Science; 2002), a Masters from [[Johns Hopkins University]] (Security Informatics; 2005), and a PhD from [[Indiana University]] (Informatics; 2012). His dissertation focused on the role that third-party internet and telecommunications service providers play in facilitating law enforcement surveillance of their customers.<ref>{{cite web |url=http://files.dubfire.net/csoghoian-dissertation-final-8-1-2012.pdf |title=The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance |first=Christopher |last=Soghoian |date=August 1, 2012 |accessdate=2012-12-23}}</ref>
Soghoian, who holds [[British citizenship|British]] and US nationality,<ref name= Times1>Brown, David. ''FBI foils student's air scam site'' [[The Times]] November 3, 2006</ref> received a B.S. from [[James Madison University]] (Computer Science; 2002), a Masters from [[Johns Hopkins University]] (Security Informatics; 2005), and a PhD from [[Indiana University]] (Informatics; 2012). His dissertation focused on the role that third-party internet and telecommunications service providers play in facilitating law enforcement surveillance of their customers.<ref>{{cite web |url=http://files.dubfire.net/csoghoian-dissertation-final-8-1-2012.pdf |title=The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance |first=Christopher |last=Soghoian |date=August 1, 2012 |accessdate=2012-12-23}}</ref>


Soghoian is a Visiting Fellow at [[Yale Law School]]'s Information Society Project and a [[TED (conference)|TED]] Senior Fellow. He was previously an [[Open Society Foundations]] Fellow and a Student Fellow at the [[Berkman Center for Internet & Society]] at [[Harvard University]].
Soghoian is a Visiting Fellow at [[Yale Law School]]'s Information Society Project and a [[TED (conference)|TED]] Senior Fellow. He was previously an [[Open Society Foundations]] Fellow and a Student Fellow at the [[Berkman Center for Internet & Society]] at [[Harvard University]].
Line 26: Line 27:
Soghoian's research and advocacy is largely focused on government surveillance. His research has shed significant light on the use of sophisticated surveillance technologies by US law enforcement agencies, exposing such techniques to public debate and criticism.
Soghoian's research and advocacy is largely focused on government surveillance. His research has shed significant light on the use of sophisticated surveillance technologies by US law enforcement agencies, exposing such techniques to public debate and criticism.


In an August, 2013 presentation at the hacker conference [[DEF CON]], Soghoian revealed the existence of a dedicated [[FBI]] team that delivers [[malware]] to the computers and mobile devices of surveillance targets. In his presentation, Soghoian stated that he discovered the team by reading heavily-redacted government documents and by looking at the profiles of ex-FBI contractors on the social network website [[LinkedIn]].<ref>{{cite news |url=http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html?pagewanted=all&_r=0 |title=FBI Taps Hacker Tactics to Spy on Suspects |accessdate=2014-11-09 |last=Valentino-DeVries |first=Jennifer |date=August 3, 2013 |work=Wall Street Journal}}</ref> In October, 2014, Soghoian called attention to the fact that the FBI had, in 2007, impersonated the [[Associated Press]] in an effort to deliver malware to a teenager in [[Washington (state)|Washington State]] who had threatened to bomb his high school.<ref>{{cite news |url=http://www.washingtonpost.com/world/national-security/fbi-lured-suspect-with-fake-web-page-but-may-have-leveraged-media-credibility/2014/10/28/e6a9ac94-5ed0-11e4-91f7-5d89b5e8c251_story.html |title=FBI lured suspect with fake Web page, but may have leveraged media credibility |accessdate=2014-11-09 |last=Nakashima |first=Ellen |date=October 28, 2014 |work=Washington Post}}</ref> This act of deception was strongly condemned by leading news organizations, including by the General Counsel of the Associated Press.<ref>{{cite news |url=http://bigstory.ap.org/article/89470f11697641518c1043aab01773ac/fbi-admits-agent-impersonated-ap-reporter |title=FBI says it impersonated AP reporter in 2007 case |accessdate=2014-11-09 |last=Grygiel |first=Chris |date=November 7, 2014 |work=Associated Press}}</ref>
In an August, 2013 presentation at the hacker conference [[DEF CON]], Soghoian highlighted the existence of a dedicated [[FBI]] team that delivers [[malware]] to the computers and mobile devices of surveillance targets. In his presentation, Soghoian stated that he discovered the team by reading heavily-redacted government documents and by looking at the profiles of ex-FBI contractors on the social network website [[LinkedIn]].<ref>{{cite news |url=http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html?pagewanted=all&_r=0 |title=FBI Taps Hacker Tactics to Spy on Suspects |accessdate=2014-11-09 |last=Valentino-DeVries |first=Jennifer |date=August 3, 2013 |work=Wall Street Journal}}</ref> In October, 2014, Soghoian called attention to the fact that the FBI had, in 2007, impersonated the [[Associated Press]] in an effort to deliver malware to a teenager in [[Washington (state)|Washington State]] who had threatened to bomb his high school.<ref>{{cite news |url=http://www.washingtonpost.com/world/national-security/fbi-lured-suspect-with-fake-web-page-but-may-have-leveraged-media-credibility/2014/10/28/e6a9ac94-5ed0-11e4-91f7-5d89b5e8c251_story.html |title=FBI lured suspect with fake Web page, but may have leveraged media credibility |accessdate=2014-11-09 |last=Nakashima |first=Ellen |date=October 28, 2014 |work=Washington Post}}</ref> This act of deception was strongly condemned by leading news organizations, including by the General Counsel of the Associated Press.<ref>{{cite news |url=http://bigstory.ap.org/article/89470f11697641518c1043aab01773ac/fbi-admits-agent-impersonated-ap-reporter |title=FBI says it impersonated AP reporter in 2007 case |accessdate=2014-11-09 |last=Grygiel |first=Chris |date=November 7, 2014 |work=Associated Press}}</ref>


{{external media | width = 210px | align = right | video1 = {{YouTube|FrxDrpi1XNU|Government surveillance — this is just the beginning}}, Christopher Soghoian, [[TED (conference)|TED talks]], March 5, 2014}}
{{external media | width = 210px | align = right | video1 = {{YouTube|FrxDrpi1XNU|Government surveillance — this is just the beginning}}, Christopher Soghoian, [[TED (conference)|TED talks]], March 5, 2014}}

In a February, 2012, public speech, Soghoian criticized the commercial market for so called [[Zero-day attack|zero-day]] security vulnerabilities, a topic which, until then, had yet to receive significant attention from the mainstream press.<ref>{{cite news |url=http://www.zdnet.com/blog/security/0-day-exploit-middlemen-are-cowboys-ticking-bomb/10294 |title='0-day exploit middlemen are cowboys, ticking bomb' |accessdate=2014-11-09 |last=Naraine |first=Ryan |date=February 16, 2012 |work=ZDNet}}</ref> One month later, Soghoian was quoted by Forbes, in a lengthy article about the zero day market, describing the firms and individuals who sell software exploits as “the modern-day merchants of death” selling “the bullets of cyberwar.”<ref>{{cite news |url=http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/ |title=Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits |accessdate=2014-11-09 |last=Greenberg |first=Andy |date=March 23, 2012 |work=Forbes}}</ref> Over the next several years, several major media outlets published their own front-page stories on the industry, often with quotes from Soghoian criticizing those providing such hacking software to governments.<ref>{{cite news |url=http://www.washingtonpost.com/postlive/the-ethics-of-hacking-101/2014/10/07/39529518-4014-11e4-b0ea-8141703bbf6f_story.html |title=The ethics of Hacking 101 |accessdate=2014-11-09 |last=Nakashima |first=Ellen |date=October 7, 2014 |work=Washington Post}}</ref><ref>{{cite news |url=http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html?pagewanted=all&_r=0 |title=Nations Buying as Hackers Sell Flaws in Computer Code |accessdate=2014-11-09 |last=Perlroth |first=Nicole |date=July 13, 2013 |work=New York Times}}</ref>


In December 2009, while an employee of the [[Federal Trade Commission]], Soghoian secretly audio recorded a closed-door surveillance industry conference. The agency's inspector general opened an investigation into Soghoian's conduct, and he was subsequently let go from the FTC.<ref>{{cite news |url=http://www.forbes.com/forbes/2010/1206/technology-chris-soghoian-federal-trade-commission-agent-provocateur.html |title=FTC Hires Hacker to Help With Privacy Issues. It Didn't Last. |last=Hill |first=Kashmir |date=December 6, 2010 |work=Forbes}}</ref> In the recording, an executive from [[Sprint Nextel]] revealed that the company had created a special website through which law enforcement agents can obtain GPS information on subscribers and that the website had been used to process 8 million requests during the previous year.<ref>{{cite news |url=http://www.wired.com/threatlevel/2009/12/gps-data/ |title=Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year |accessdate=2010-05-15 |last=Zetter |first=Kim |date=December 1, 2009 |work=Wired News}}</ref> That recording was subsequently cited by [[Alex Kozinski]], Chief Judge of the [[Ninth Circuit Court of Appeals]] in ''U.S. v. Pineda-Moreno'', in support of his view that "1984 may have come a bit later than predicted, but it's here at last."<ref name="pineda">{{cite court |litigants=United States v. Pineda-Moreno |vol=617 |reporter=F.3d |opinion=1120 |court=9th Cir. |date=2010 |url=http://www.ca9.uscourts.gov/datastore/opinions/2010/08/12/08-30385.pdf}}</ref>
In December 2009, while an employee of the [[Federal Trade Commission]], Soghoian secretly audio recorded a closed-door surveillance industry conference. The agency's inspector general opened an investigation into Soghoian's conduct, and he was subsequently let go from the FTC.<ref>{{cite news |url=http://www.forbes.com/forbes/2010/1206/technology-chris-soghoian-federal-trade-commission-agent-provocateur.html |title=FTC Hires Hacker to Help With Privacy Issues. It Didn't Last. |last=Hill |first=Kashmir |date=December 6, 2010 |work=Forbes}}</ref> In the recording, an executive from [[Sprint Nextel]] revealed that the company had created a special website through which law enforcement agents can obtain GPS information on subscribers and that the website had been used to process 8 million requests during the previous year.<ref>{{cite news |url=http://www.wired.com/threatlevel/2009/12/gps-data/ |title=Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year |accessdate=2010-05-15 |last=Zetter |first=Kim |date=December 1, 2009 |work=Wired News}}</ref> That recording was subsequently cited by [[Alex Kozinski]], Chief Judge of the [[Ninth Circuit Court of Appeals]] in ''U.S. v. Pineda-Moreno'', in support of his view that "1984 may have come a bit later than predicted, but it's here at last."<ref name="pineda">{{cite court |litigants=United States v. Pineda-Moreno |vol=617 |reporter=F.3d |opinion=1120 |court=9th Cir. |date=2010 |url=http://www.ca9.uscourts.gov/datastore/opinions/2010/08/12/08-30385.pdf}}</ref>
Line 35: Line 38:


In June 2009, Soghoian co-authored an open letter to Google with<ref>{{cite web |url=http://www.cloudprivacy.net/letter |title=An open letter to Google's CEO, Eric Schmidt |accessdate=2009-06-20 |last=Soghoian |first=Christopher |date=June 16, 2009}}</ref> 37 prominent security and privacy experts, urging the company to protect the privacy of its customers by enabling [[HTTP Secure|HTTPS]] encryption by default for Gmail and its other cloud based services.<ref>{{cite news |url=http://bits.blogs.nytimes.com/2009/06/16/gmail-to-get-more-protection-from-snoops/ |title=Gmail to Get More Protection From Snoops |accessdate=2009-06-20 |last=Helft |first=Miguel |date=June 16, 2009 |work=The New York Times – Bits Blog}}</ref> In January 2010, Google enabled HTTPS by default for users of Gmail,<ref>{{cite web |url=http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html |title=Default HTTPS Access For Gmail |accessdate=2010-05-15 |last=Schillace |first=Sam |date=January 12, 2010 |work=The Official Gmail Blog}}</ref> and subsequently for other products, including search. According to Google, it was already considering HTTPS by default.<ref>https://static.googleusercontent.com/media/www.google.com/en/us/googleblogs/pdfs/google_httpsresponse.pdf</ref> Soghoian has in recent years continued his HTTPS advocacy, calling on news media, law firms, government agencies and other organizations to encrypt their own websites.<ref>{{cite news |url=http://www.fastcompany.com/3036430/the-fight-for-https |title=The Fight for HTTPS |accessdate=2014-11-09 |last=Braga |first=Matthew |date=October 1, 2014 |work=Fast Company}}</ref>
In June 2009, Soghoian co-authored an open letter to Google with<ref>{{cite web |url=http://www.cloudprivacy.net/letter |title=An open letter to Google's CEO, Eric Schmidt |accessdate=2009-06-20 |last=Soghoian |first=Christopher |date=June 16, 2009}}</ref> 37 prominent security and privacy experts, urging the company to protect the privacy of its customers by enabling [[HTTP Secure|HTTPS]] encryption by default for Gmail and its other cloud based services.<ref>{{cite news |url=http://bits.blogs.nytimes.com/2009/06/16/gmail-to-get-more-protection-from-snoops/ |title=Gmail to Get More Protection From Snoops |accessdate=2009-06-20 |last=Helft |first=Miguel |date=June 16, 2009 |work=The New York Times – Bits Blog}}</ref> In January 2010, Google enabled HTTPS by default for users of Gmail,<ref>{{cite web |url=http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html |title=Default HTTPS Access For Gmail |accessdate=2010-05-15 |last=Schillace |first=Sam |date=January 12, 2010 |work=The Official Gmail Blog}}</ref> and subsequently for other products, including search. According to Google, it was already considering HTTPS by default.<ref>https://static.googleusercontent.com/media/www.google.com/en/us/googleblogs/pdfs/google_httpsresponse.pdf</ref> Soghoian has in recent years continued his HTTPS advocacy, calling on news media, law firms, government agencies and other organizations to encrypt their own websites.<ref>{{cite news |url=http://www.fastcompany.com/3036430/the-fight-for-https |title=The Fight for HTTPS |accessdate=2014-11-09 |last=Braga |first=Matthew |date=October 1, 2014 |work=Fast Company}}</ref>

==Consumer privacy research and activism==

In May 2011, Soghoian was approached by public relations firm [[Burson-Marsteller]] and asked to write an anti-Google op-ed, criticizing the company for privacy issues associated with its social search product. Soghoian refused, and instead published the email conversation. A subsequent investigation by journalists revealed that the PR firm, which had refused to identify its client to Soghoian, had been retained by Facebook.<ref>{{cite news |url=http://www.nytimes.com/2011/05/14/technology/14facebook.html |title=Facebook, Foe of Anonymity, Is Forced to Explain a Secret |accessdate=2011-07-17 |last=Helft |first=Miguel |date=May 13, 2011 |work=The New York Times}}</ref>

In May 2011, Soghoian filed a complaint with the FTC, in which he claimed that online backup service Dropbox was deceiving its customers about the security of its services.<ref>{{cite news |url=http://www.wired.com/threatlevel/2011/05/dropbox-ftc/ |title=Dropbox Lied to Users About Data Security, Complaint to FTC Alleges |accessdate=2011-07-17 |last=Singel |first=Ryan |date=May 13, 2011 |work=Wired News}}</ref> Soon after Soghoian first publicly voiced his concerns, Dropbox updated its terms of service and privacy policy to make it clear that the company does not in fact encrypt user data with a key only known to the user, and that the company can disclose users' private data if forced to by law enforcement agencies.

In October 2010, Soghoian filed a complaint with the FTC, in which he claimed that Google was intentionally leaking search queries to the sites that users visited after they clicked on a link from the search results page.<ref>{{cite news |url=http://blogs.wsj.com/digits/2010/10/07/former-ftc-employee-files-complaint-over-google-privacy/ |title=Former FTC Employee Files Complaint Over Google Privacy |accessdate=2014-11-09 |last=DeVries |first=Jenifer Valentino |date=October 7, 2010 |work=Wall Street Journal}}</ref> Two weeks later, a law firm filed a class action lawsuit against Google for this practice. The lawsuit extensively quoted from Soghoian's FTC complaint.<ref>{{cite news |url=http://www.cnet.com/news/lawsuit-targets-google-over-web-referrals/ |title=Lawsuit targets Google over Web referrals|last=Krazit |first=Tom |date=October 26, 2010 |work=CNET}}</ref> In October 2011, Google stopped leaking search queries to the sites that users visited,<ref>{{cite news |url=http://searchengineland.com/googles-plan-to-withhold-search-data-create-new-advertisers-171205|title=Google’s Plan To Withhold Search Data & Create New Advertisers|last=Sullivan |first=Danny|date=September 6, 2013 |work=Search Engine Land}}</ref> and then in 2015, the company settled the search query leakage class action lawsuit for 8.5 million dollars.<ref>{{cite news |url=http://www.mediapost.com/publications/article/247094/googles-85-million-data-leak-settlement-wins-ap.html|title=Google's $8.5 Million Data-Leak Settlement Wins Approval|last=Davis |first=Wendy|date=April 3, 2015 |work=MediaPost}}</ref>

Between 2009 and 2010, he worked for the US [[Federal Trade Commission]] as the first ever in-house technical advisor to the Division of Privacy and Identity Protection.<ref>{{cite news |url=http://www.wired.com/threatlevel/2009/08/soghoian-joins-ftc/ |title=Outspoken Privacy Advocate Joins FTC |work=[[Wired.com]] | first=Kim |last=Zetter |date=August 17, 2009 |accessdate=2009-11-20}}</ref> While at the FTC, he assisted with investigations of Facebook, Twitter, MySpace and Netflix.


==Boarding pass security==
==Boarding pass security==

Revision as of 00:42, 15 January 2017

Christopher Soghoian
Born1981 (age 42–43)
San Francisco, California, U.S.
Alma materJames Madison University ('02)
Johns Hopkins University ('05)
Indiana University ('12)
Occupation(s)Researcher and activist
Known forSecurity and privacy activism
Websitewww.dubfire.net

Christopher Soghoian (born 1981) is a privacy researcher and activist. He is currently the principal technologist at the American Civil Liberties Union.

Personal life

Soghoian is the nephew of Sal Soghoian, the Automation Product Manager at Apple Inc., responsible for AppleScript and Automator.[1]

Education

Soghoian, who holds British and US nationality,[2] received a B.S. from James Madison University (Computer Science; 2002), a Masters from Johns Hopkins University (Security Informatics; 2005), and a PhD from Indiana University (Informatics; 2012). His dissertation focused on the role that third-party internet and telecommunications service providers play in facilitating law enforcement surveillance of their customers.[3]

Soghoian is a Visiting Fellow at Yale Law School's Information Society Project and a TED Senior Fellow. He was previously an Open Society Foundations Fellow and a Student Fellow at the Berkman Center for Internet & Society at Harvard University.

Government surveillance research and activism

Soghoian's research and advocacy is largely focused on government surveillance. His research has shed significant light on the use of sophisticated surveillance technologies by US law enforcement agencies, exposing such techniques to public debate and criticism.

In an August, 2013 presentation at the hacker conference DEF CON, Soghoian highlighted the existence of a dedicated FBI team that delivers malware to the computers and mobile devices of surveillance targets. In his presentation, Soghoian stated that he discovered the team by reading heavily-redacted government documents and by looking at the profiles of ex-FBI contractors on the social network website LinkedIn.[4] In October, 2014, Soghoian called attention to the fact that the FBI had, in 2007, impersonated the Associated Press in an effort to deliver malware to a teenager in Washington State who had threatened to bomb his high school.[5] This act of deception was strongly condemned by leading news organizations, including by the General Counsel of the Associated Press.[6]

External videos
video icon Government surveillance — this is just the beginning on YouTube, Christopher Soghoian, TED talks, March 5, 2014

In a February, 2012, public speech, Soghoian criticized the commercial market for so called zero-day security vulnerabilities, a topic which, until then, had yet to receive significant attention from the mainstream press.[7] One month later, Soghoian was quoted by Forbes, in a lengthy article about the zero day market, describing the firms and individuals who sell software exploits as “the modern-day merchants of death” selling “the bullets of cyberwar.”[8] Over the next several years, several major media outlets published their own front-page stories on the industry, often with quotes from Soghoian criticizing those providing such hacking software to governments.[9][10]

In December 2009, while an employee of the Federal Trade Commission, Soghoian secretly audio recorded a closed-door surveillance industry conference. The agency's inspector general opened an investigation into Soghoian's conduct, and he was subsequently let go from the FTC.[11] In the recording, an executive from Sprint Nextel revealed that the company had created a special website through which law enforcement agents can obtain GPS information on subscribers and that the website had been used to process 8 million requests during the previous year.[12] That recording was subsequently cited by Alex Kozinski, Chief Judge of the Ninth Circuit Court of Appeals in U.S. v. Pineda-Moreno, in support of his view that "1984 may have come a bit later than predicted, but it's here at last."[13]

Encryption activism

In June 2009, Soghoian co-authored an open letter to Google with[14] 37 prominent security and privacy experts, urging the company to protect the privacy of its customers by enabling HTTPS encryption by default for Gmail and its other cloud based services.[15] In January 2010, Google enabled HTTPS by default for users of Gmail,[16] and subsequently for other products, including search. According to Google, it was already considering HTTPS by default.[17] Soghoian has in recent years continued his HTTPS advocacy, calling on news media, law firms, government agencies and other organizations to encrypt their own websites.[18]

Consumer privacy research and activism

In May 2011, Soghoian was approached by public relations firm Burson-Marsteller and asked to write an anti-Google op-ed, criticizing the company for privacy issues associated with its social search product. Soghoian refused, and instead published the email conversation. A subsequent investigation by journalists revealed that the PR firm, which had refused to identify its client to Soghoian, had been retained by Facebook.[19]

In May 2011, Soghoian filed a complaint with the FTC, in which he claimed that online backup service Dropbox was deceiving its customers about the security of its services.[20] Soon after Soghoian first publicly voiced his concerns, Dropbox updated its terms of service and privacy policy to make it clear that the company does not in fact encrypt user data with a key only known to the user, and that the company can disclose users' private data if forced to by law enforcement agencies.

In October 2010, Soghoian filed a complaint with the FTC, in which he claimed that Google was intentionally leaking search queries to the sites that users visited after they clicked on a link from the search results page.[21] Two weeks later, a law firm filed a class action lawsuit against Google for this practice. The lawsuit extensively quoted from Soghoian's FTC complaint.[22] In October 2011, Google stopped leaking search queries to the sites that users visited,[23] and then in 2015, the company settled the search query leakage class action lawsuit for 8.5 million dollars.[24]

Between 2009 and 2010, he worked for the US Federal Trade Commission as the first ever in-house technical advisor to the Division of Privacy and Identity Protection.[25] While at the FTC, he assisted with investigations of Facebook, Twitter, MySpace and Netflix.

Boarding pass security

Soghoian first gained public attention in 2006 as the creator of a website that generated fake airline boarding passes. On October 26, 2006, Soghoian created a website that allowed visitors to generate fake boarding passes for Northwest Airlines. While users could change the boarding document to have any name, flight number or city that they wished, the generator defaulted to creating a document for Osama Bin Laden.

Soghoian claimed that his motivation for the website was to focus national attention on the ease with which a passenger could evade the no-fly lists.[26] Information describing the security vulnerabilities associated with boarding pass modification had been widely publicized by others before, including Senator Charles Schumer (D-NY)[27][28] and security expert Bruce Schneier.[29]

On October 27, 2006, then-Congressman Edward Markey called for Soghoian's arrest.[30] At 2 am on October 28, 2006, his home was raided by agents of the FBI to seize computers and other materials.[31] Soghoian's Internet Service Provider voluntarily shut down the website, after it received a letter from the FBI claiming that the site posed a national security threat.[32] On October 29, 2006, Congressman Markey issued a revised statement stating that Soghoian should not go to jail, and that instead, the Department of Homeland Security should "put him to work" to fix the boarding pass security flaws.[33] The FBI closed its criminal investigation in November 2006 without filing any charges,[34] as did the TSA in June 2007.[35][36]

Notes

  1. ^ http://www.dailyprogress.com/obituaries/soghoian-stephen-avedis/article_3e4c7c4d-735e-559b-be67-6ae6e2e2742e.html
  2. ^ Brown, David. FBI foils student's air scam site The Times November 3, 2006
  3. ^ Soghoian, Christopher (August 1, 2012). "The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance" (PDF). Retrieved December 23, 2012.
  4. ^ Valentino-DeVries, Jennifer (August 3, 2013). "FBI Taps Hacker Tactics to Spy on Suspects". Wall Street Journal. Retrieved November 9, 2014.
  5. ^ Nakashima, Ellen (October 28, 2014). "FBI lured suspect with fake Web page, but may have leveraged media credibility". Washington Post. Retrieved November 9, 2014.
  6. ^ Grygiel, Chris (November 7, 2014). "FBI says it impersonated AP reporter in 2007 case". Associated Press. Retrieved November 9, 2014.
  7. ^ Naraine, Ryan (February 16, 2012). "'0-day exploit middlemen are cowboys, ticking bomb'". ZDNet. Retrieved November 9, 2014.
  8. ^ Greenberg, Andy (March 23, 2012). "Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits". Forbes. Retrieved November 9, 2014.
  9. ^ Nakashima, Ellen (October 7, 2014). "The ethics of Hacking 101". Washington Post. Retrieved November 9, 2014.
  10. ^ Perlroth, Nicole (July 13, 2013). "Nations Buying as Hackers Sell Flaws in Computer Code". New York Times. Retrieved November 9, 2014.
  11. ^ Hill, Kashmir (December 6, 2010). "FTC Hires Hacker to Help With Privacy Issues. It Didn't Last". Forbes.
  12. ^ Zetter, Kim (December 1, 2009). "Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year". Wired News. Retrieved May 15, 2010.
  13. ^ United States v. Pineda-Moreno, 617 F.3d 1120 (9th Cir. 2010).
  14. ^ Soghoian, Christopher (June 16, 2009). "An open letter to Google's CEO, Eric Schmidt". Retrieved June 20, 2009.
  15. ^ Helft, Miguel (June 16, 2009). "Gmail to Get More Protection From Snoops". The New York Times – Bits Blog. Retrieved June 20, 2009.
  16. ^ Schillace, Sam (January 12, 2010). "Default HTTPS Access For Gmail". The Official Gmail Blog. Retrieved May 15, 2010.
  17. ^ https://static.googleusercontent.com/media/www.google.com/en/us/googleblogs/pdfs/google_httpsresponse.pdf
  18. ^ Braga, Matthew (October 1, 2014). "The Fight for HTTPS". Fast Company. Retrieved November 9, 2014.
  19. ^ Helft, Miguel (May 13, 2011). "Facebook, Foe of Anonymity, Is Forced to Explain a Secret". The New York Times. Retrieved July 17, 2011.
  20. ^ Singel, Ryan (May 13, 2011). "Dropbox Lied to Users About Data Security, Complaint to FTC Alleges". Wired News. Retrieved July 17, 2011.
  21. ^ DeVries, Jenifer Valentino (October 7, 2010). "Former FTC Employee Files Complaint Over Google Privacy". Wall Street Journal. Retrieved November 9, 2014.
  22. ^ Krazit, Tom (October 26, 2010). "Lawsuit targets Google over Web referrals". CNET.
  23. ^ Sullivan, Danny (September 6, 2013). "Google's Plan To Withhold Search Data & Create New Advertisers". Search Engine Land.
  24. ^ Davis, Wendy (April 3, 2015). "Google's $8.5 Million Data-Leak Settlement Wins Approval". MediaPost.
  25. ^ Zetter, Kim (August 17, 2009). "Outspoken Privacy Advocate Joins FTC". Wired.com. Retrieved November 20, 2009.
  26. ^ Soghoian, Christopher (October 26, 2006). "Chris's NWA Boarding Pass Generator". Retrieved March 5, 2007.
  27. ^ Schumer, Charles E. (February 13, 2005). "Schumer reveals new gaping hole in air security". Archived from the original on November 21, 2006. Retrieved November 30, 2006.
  28. ^ Schumer, Charles E. (April 9, 2006). "Schumer Reveals: In Simple Steps Terrorists Can Forge Boarding Pass And Board Any Plane Without Breaking The Law!". Archived from the original on June 28, 2007. Retrieved November 30, 2006. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  29. ^ Schneier, Bruce (August 15, 2003). "Flying on Someone Else's Airplane Ticket". Crypto-Gram. Retrieved November 30, 2006.
  30. ^ Singel, Ryan (October 27, 2006). "Congressman Ed Markey Wants Security Researcher Arrested". Wired News. Retrieved December 24, 2012.
  31. ^ Krebs, Brian (November 1, 2006). "Student Unleashes Uproar With Bogus Airline Boarding Passes". Washington Post. Retrieved November 30, 2006.
  32. ^ Singel, Ryan (November 29, 2007). "Is A Gov Shutdown of a Website Without A Court Order Illegal? Supreme Court Suggests Yes". Wired News. Retrieved March 5, 2008.
  33. ^ Kantor, Andrew (November 2, 2006). "Simple tricks stir government's hysteria". USA Today. Retrieved November 14, 2014.
  34. ^ "IU Student, Focus of FBI Probe, Speaks Out". TheIndyChannel.com. Retrieved November 30, 2006.
  35. ^ Kane, David (June 6, 2007). "Warning Notice, page 1". Transportation Security Administration. Retrieved July 23, 2007.
  36. ^ Kane, David (June 6, 2007). "Warning Notice, page 2". Transportation Security Administration. Retrieved July 23, 2007.

References

External links

Wikimedia Commons has media related to Christopher Soghoian.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Christopher_Soghoian&oldid=760107703"