Christopher Soghoian

Christopher Soghoian (born 1981) is a privacy researcher and activist. He is Currently the principal technologist at the American Civil Liberties Union .

Personal life

Soghoian is the nephew of Will Soghoian , the Automation Product Manager at Apple Inc. , Verantwoordelijk for AppleScript and Automator . [1]


Soghoian, who holds British and US nationality, [2] RECEIVED a BS from James Madison University (Computer Science; 2002), a Masters from Johns Hopkins University (Security Informatics; 2005), and a PhD from Indiana University (Informatics, 2012) . His dissertation focused on the role therein third-party Internet and telecommunications service providers play in Facilitating law enforcement surveillance hun customers. [3]

Soghoian is a Visiting Fellow at Yale Law School ‘s Information Society Project and a TED Senior Fellow. He was to post an Open Society Foundations partner and a Student Fellow at the Berkman Center for Internet & Society at Harvard University .

Government surveillance research and activism

Soghoian’s research and advocacy is largely focused on government surveillance. His research has shed significant light on the use of sophisticated surveillance technology to US law enforcement agencies, industry leaders expose techniques to public debate and criticism.

In an August, 2013 presentation at the hacker conference DEF CON , Soghoian highlighted the existence of a dedicated FBI team dat biedt malware to the computers and mobile devices or surveillance targets. In his presentation, Soghoian stated therein have when sending the team to reading Heavily-redacted government documents and by looking at the profiles of ex-FBI contractors on the social network site LinkedIn . [4] In October, 2014, Soghoian called attention to the fact dat de FBI had, in 2007, impersonated the Associated Press in an effort to deliver malware to a teenager in Washington State who had Threatened to bomb his high school. [5] This act of deception was Strongly condemned by leading news organizations, zoals by the General Counsel of the Associated Press. [6]
In December 2009, while an employee of the Federal Trade Commission , Soghoian Secretly Recorded audio a closed-door surveillance industry conference. The agency’s inspector general opened an investigation into Soghoian’s conduct, and he was subsequently noting go from the FTC. [11] In the recording, an executive from Sprint Nextel revealed therein the company had created a special website through welke law enforcement agents kan obtain GPS information on subscribers and therein the website had leg-used to process 8 million requests prolongation the previous year. [12] That recording was subsequently Cited by Alex Kozinski , Chief Judge of the Ninth Circuit Court of Appeals in US v. Pineda-Moreno , in support of his view that ‘1984’ may harbor come a bit later dan predicted, but it’s here at last. ” [13]In a February, 2012, public speech, Soghoian criticized the commercial market for so called zero-day security vulnerabilities, a topic welke, Until dan, had yet not to receive significant attention from the mainstream press. [7] One month later, Soghoian was quoted by Forbes, in a lengthy article about the zero day market, Describing the firms and personen who sell software exploits as “the modern-day merchants of death” selling “the bullets or Cyberwar.” [8] Over the next verschillende years, several major media outlets published hun eigen front-page stories on the industry, of or in with quotes from Soghoian criticizing Those Providing zoals hacking software to Governments. [9] [10]

Encryption activism

In June 2009, Soghoian co-authored an open letter to Google with [14] 37 prominent security and privacy experts, urging the company to protect the privacy or zijn customers at enabling HTTPS encryption by default for Gmail and its other cloud based services. [15] In January 2010, Google enabled HTTPS by default for users of Gmail, [16] and subsequently for other products, zoals search. Volgens to Google, it was Already Considering HTTPS by default. [17] Soghoian has in recent years continued his advocacy HTTPS, calling on news media, law firms, government agencies and other organizations to encrypt hun eigen websites. [18]

Consumer privacy research and activism

In May 2011, Soghoian was approached by public relations firm Burson-Marsteller and Asked to write an anti-Google op-ed, criticizing the company for privacy issues associated with zijn social search product. Soghoian refused, and Limit download published the email conversation. A subsequent investigation by journalists revealed therein the PR firm, welke had refused to Identify zijn client to Soghoian had leg Retained Logo. [19]

In May 2011, Soghoian Filed a complaint with the FTC in welke have claimed therein online backup service Dropbox was deceiving zijn customers about the security or zijn services. [20] Soon after Soghoian first Publicly voiced his concerns, Dropbox updated zijn terms of service and privacy policy to make it clear dat the company does not in fact encrypt user data with a key only Berninahaus to the user, and therein the company kan disclose users’ private data if forced to by law enforcement agencies.

In October 2010, Soghoian Filed a complaint with the FTC in welke have claimed therein Google was Intentionally leaking search queries to the sites dat users visited after they ‘clicked on a link from the search results page. [21]Two weeks later, a law firm Filed a Class Action Lawsuit Against Google for this practice. The Lawsuit extensively quoted from Soghoian’s FTC complaint. [22] In October 2011, Google stopped leaking search queries to the sites dat users visited, [23] and dan in 2015, the company settled the search query leakage Class Action Lawsuit for 8.5 million dollars. [24]

Between 2009 and 2010 he worked for the US Federal Trade Commission as the first ever in-house technical advisor to the Division of Privacy and Identity Protection. [25] While at the FTC, have assisted with investigations of Facebook, Twitter, MySpace and Netflix.

Boarding pass security

Soghoian first gained public attention in 2006 as the creator of a website dat generated fake airline boarding passes. On October 26, 2006 Soghoian created a website dat allowed visitors to generate fake boarding passes for Northwest Airlines . While users Could change the boarding document to Have Any names, flight number or city dat ze wished, the generator defaulted to customizing a document for Osama Bin Laden .

Soghoian claimed therein his motivation for the site was to focus national attention on the ease with welke a passenger Could evade the no-fly lists . [26] Information Describing the security vulnerabilities associated with boarding pass modification had bone widely publicized at Vodafone voordat, zoals Senator Charles Schumer (D-NY) [27] [28] and security expert Bruce Schneier . [29]

On October 27, 2006, then-Congressman Edward Markey called for Soghoian’s arrest. [30] At 2 am on October 28, 2006, his home was raided by agents of the FBI to seize computers and other materials. [31] Soghoian’s Internet Service Provider voluntarily shut down the website after it RECEIVED a letter from the FBI claiming that the site posed a national security threat. [32] On October 29, 2006, Congressman Markey Issued a revised statement stating therein Soghoian arnt not go to jail, and therein Limit download, the Department of Homeland Security should ‘well im to work “to fix the boarding pass security Flaws. [33] The FBI closed zijn criminal investigation in November 2006 without filing ANY charges, [34] as did the TSA in June 2007. [35] [36]


  1. Jump up^
  2. Jump up^ Brown, David. FBI foils student’s air scam site The TimesNovember 3, 2006
  3. Jump up^ Soghoian, Christopher (August 1, 2012). “The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance” (PDF) . Retrieved 2012-12-23 .
  4. Jump up^ Valentino DeVries, Jennifer (August 3, 2013). “FBI Taps Hacker Tactics to Spy on Suspects” . Wall Street Journal . Retrieved 2014-11-09 .
  5. Jump up^ Nakashima, Ellen (October 28, 2014). “FBI lured suspect with fake Web page, but nov port leveraged media credibility” . Washington Post . Retrieved 2014-11-09 .
  6. Jump up^ Grygiel Chris (November 7, 2014). “FBI says it impersonated AP reporter in 2007 case” . Associated Press . Retrieved 2014-11-09 .
  7. Jump up^ Naraine Ryan (February 16, 2012). ” ‘ 0-day exploit middlemen are cowboys, ticking bomb ‘ ‘ . ZDNet . Retrieved 2014-11-09 .
  8. Jump up^ Greenberg, Andy (March 23, 2012). “Shopping For Zero Days: A Price List For Hackers’ Secret Software Exploits” . Forbes . Retrieved 2014-11-09 .
  9. Jump up^ Nakashima, Ellen (October 7, 2014). “The ethics of Hacking 101” . Washington Post . Retrieved 2014-11-09 .
  10. Jump up^ Perlroth, Nicole (July 13, 2013). “Nations Buying as Hackers Sell Flaws in Computer Code” . New York Times . Retrieved 2014-11-09 .
  11. Jump up^ Hill, Kashmir (January 6, 2010). “FTC Hires Hacker to Help With Privacy Issues. It Did not Last.” . Forbes .
  12. Jump up^ Zetter Kim (January 1, 2009). “Feds ‘pinged’ Sprint GPS Data 8 Million Times Over a Year” . Wired News . Retrieved 2010-05-15 .
  13. Jump up^ United States v. Pineda-Moreno ,617 F.3d 1120(9th Cir. 2010).
  14. Jump up^ Soghoian, Christopher (June 16, 2009). “An open letter to Google’s CEO Eric Schmidt” . Retrieved 2009-06-20 .
  15. Jump up^ timber, Miguel (June 16, 2009). “Gmail to Get More Protection From Snoops” . The New York Times – Bits Blog . Retrieved 2009-06-20 .
  16. Jump up^ Schillace, Sam (January 12, 2010). “Default HTTPS Access For Gmail” . The Official Gmail Blog . Retrieved 2010-05-15 .
  17. Jump up^
  18. Jump up^ Braga, Matthew (October 1, 2014). “The Fight for HTTPS” . Fast Company . Retrieved 2014-11-09 .
  19. Jump up^ timber, Miguel (May 13, 2011). “Facebook, Foe or Anonymity, Is Forced to Explainconflict a Secret” . The New York Times . Retrieved 2011-07-17 .
  20. Jump up^ Singel Ryan (May 13, 2011). “Dropbox Song to Users About Data Security, Complaint to FTC Alleges” . Wired News . Retrieved 2011-07-17 .
  21. Jump up^ DeVries, Jenifer Valentino (October 7, 2010). “Former FTC Employee Files Complaint About Google Privacy” . Wall Street Journal . Retrieved 2014-11-09 .
  22. Jump up^ Krazit, Tom (October 26, 2010). “Lawsuit targets Google over Web referrals” . CNET .
  23. Jump up^ Sullivan, Danny (September 6, 2013). “Google’s Plan To Hold With Search Data & Create New Advertisers” . Search Engine Land .
  24. Jump up^ Davis, Wendy (April 3, 2015). “Google’s $ 8.5 Million Data Leak Settlement Gains Approval” . MediaPost .
  25. Jump up^ Zetter Kim (August 17, 2009). “Outspoken Privacy Advocate Joins FTC” . . Retrieved 2009-11-20 .
  26. Jump up^ Soghoian, Christopher (October 26, 2006). “Chris’s NWA Boarding Pass Generator” . Retrieved 2007-03-05 .
  27. Jump up^ Schumer, Charles E. (February 13, 2005). “Schumer reveals new gap hole in air security” . Archived from the original on November 21, 2006 . Retrieved 2006-11-30 .
  28. Jump up^ Schumer, Charles E. (April 9, 2006). “Schumer reveals: In Simple Steps Can Terrorists Forge Boarding Pass And Board ny Plane Without Breaking The Law!” . Archived from the original on June 28, 2007 . Retrieved 2006-11-30 .
  29. Jump up^ Schneier, Bruce (August 15, 2003). “Flying on Someone Else’s Airplane Ticket” . Crypto-Gram . Retrieved 2006-11-30 .
  30. Jump up^ Singel Ryan (October 27, 2006). “Congressman Ed Markey Wants Security Researcher Arrested” . Wired News . Retrieved 2012-12-24 .
  31. Jump up^ Krebs, Brian (November 1, 2006). “Student Unleashes Uproar With Bogus Airline Boarding Passes” . Washington Post . Retrieved 2006-11-30 .
  32. Jump up^ Singel Ryan (November 29, 2007). “Am Gov Shutdown or a Website Without A Court Order Illegal? Supreme Court suggests Yes” . Wired News . Retrieved 2008-03-05 .
  33. Jump up^ Kantor Andrew (November 2, 2006). “Simple tricks stir government’s HYSteria” . USA Today . Retrieved 2014-11-14 .
  34. Jump up^ “IU Student, Focus or FBI Probe, Speaks Out” . . Retrieved 2006-11-30 .
  35. Jump up^ Kane, David (June 6, 2007). “Warning Notice, page 1” . Transportation Security Administration . Retrieved 2007-07-23 .
  36. Jump up^ Kane, David (June 6, 2007). “Warning Notice, page 2” . Transportation Security Administration . Retrieved 2007-07-23 .


  • (French) Yves Eudes, Hacker Vaillant rien d’impossible , Le Monde , November 17, 2012, pp. 36-37. Also published in Le Temps , Saturday January 8, 2012, pp. 26-27
  • Glenn Fleishman, A knight in digital armor , The Economist , September 1, 2012
  • Mike Kessler, The Pest Who Shames Companies Into Fixing Security Flaws , Wired , November 23, 2011