Spies Are Everywhere. Here's How to Foil Them.
WHY YOU SHOULD CARE
Because the fight for your privacy isn’t over until he says it’s over.
By Leslie Nguyen-Okwu
Everyone’s out to get Christopher Soghoian. Tech juggernauts and policy wonks want to get him fired, sue him and vilify him, just to stop him in his tracks. But Soghoian, the principal technologist at the American Civil Liberties Union, wants none of the chase.
At 34, the self-professed nerd rocks a ponytail and a pressed suit — perhaps not what you had in mind for one of D.C.’s most feared renegades. Years before Edward Snowden leaked top secret information about the NSA in 2013, Soghoian was goading corporate Goliaths such as Facebook, Netflix and AT&T to quit cozying up to Uncle Sam and letting the government dip its fingers in their massive caches of user data. Everything you do on the grid — your entire call history, your digital footprint, your minute-by-minute location record, your precious personal information — is still vulnerable to random government surveillance, Soghoian says in his latest TED Talk. It’s time to cut the cord.
Want to avoid surveillance? TED Fellow Christopher Soghoian has a tip no one should miss in his TED Talk, above.
It hasn’t been a losing battle. Surveillance has been making front-page news, partly in thanks to Snowden’s high-profile leaks and Apple’s backdoor battle. And Soghoian’s whistleblowing work has given him kind of a rebel edge — earning him spots on the Politico 50, alongside the Pope and Elon Musk, as well as MIT Technology Review’s 35 Innovators Under 35. From his Ph.D. informatics research at Indiana University to his strident activism at the ACLU, Soghoian has been a snarling surveillance watchdog — and he’s not afraid to make a scene.
At a time when most “companies wanted to put their head in the sand and not talk about surveillance,” he badgered them into improving their poor privacy practices. In 2009, he rallied 38 other privacy and security gurus to sign a six-page open letter chewing out Google for not properly protecting its users’ emails, calendars and documents. Six months later, the search engine giant acquiesced and set up default encryption. (Google didn’t respond to requests for comment.) Then, after a stint at the Federal Trade Commission, Soghoian browbeat Dropbox, a leading cloud storage company, into admitting that it was misleading its users on how it encrypted their data. In a matter of days, the company reworked its terms and conditions, he says, although a spokesperson couldn’t confirm or deny the cause of the update. “Sometimes you have to ramp up the pressure a bit,” Soghoian says. His decade-plus years of research spans everything from how your cellphone overhears everything to how dangerously easy it is to create a fake boarding pass — and while many aren’t happy about his whistleblowing — these damning details have been leveraged in court cases again and again. “When you piss off people in the right way, in some ways it’s a pat on the back,” he says.
And boy, has he pissed off plenty of people. The FBI once raided his home and seized his computers for a month after he gave netizens the tools to create fake boarding passes on his site. The FBI declined to comment on the case, which is now closed, but did say Soghoian broke the law. He also lost his job at the Federal Trade Commission for crossing the line after busting a Sprint Nextel executive with a covert recording that was published online soon after. He’s been threatened with lawsuits twice, he says, and sometimes even assassinations — an employee at the Hacking Team, a company that develops spyware for places like the FBI, jested about paying for Soghoian’s murder with Bitcoin via email. And Soghoian’s response? C’est la vie, he says, “when you fight powerful enemies that are unlikely to give in quickly.” Neither the Federal Trade Commission nor the Hacking Team responded to OZY’s requests for comment.
Born in San Francisco, Soghoian cultivated his detective streak as a child; he’s always loved puzzles. In the same way, Soghoian says he “unravels the secrets of government surveillance” by sniffing out security shortfalls and dropped clues that have been left exposed by big companies and federal agencies to understand the puzzle of “how the government spies on people.” And what of national security? It’s simply impossible to design a system that is both sturdy enough against skilled hackers and porous enough to allow in the government, he says.
Naturally, Soghoian is vigilant about his own personal security — he employs two-factor authentication, uses password managers and places an owl sticker over his computer’s webcam to thwart hackers. He also helped create Do Not Track, an anti-tracking device that most major web browsers now use. Even President Obama has joined the privacy bandwagon, with a hyperencrypted Android phone.
Forget about reaching Soghoian the old-fashioned way too: “Encrypted communications only, please.”