christopher soghoian

christopher soghoian

intro’d to Christopher via aaron swartzinternet’s own boy

esp noted the section about politicians making fun of nerds w/o seeking their expertise..

1:14 – congress caught off guard – the *nerd section – Jon Stewart – clarifying that they must mean experts – clueless members of congress rate the bill –

the fact that it got as far as it did w/o them talking to any type of experts reflects how bad it was..

– – –

via his site bio:

Christopher Soghoian is a privacy researcher and activist, working at the intersection of technology, law and policy.

– – –

ted fellows retreat 2013:

Government surveillance — this is just the beginning


Published on Jul 16, 2014

The Symposium on Usable Privacy and Security (SOUPS) 2014 was held in July 2014 at Facebook headquarters. Christopher Soghoian, principal technologist at the ACLU, gave the keynote address, titled, “Sharing the blame for the NSA’s dragnet surveillance program.”

SOUPS 2014 Keynote:  “Sharing Blame for NSA’s Dragnet Surveillance”

13 min – on mobile apple devices are encrypted by default.. (you need to access the unlock of it..?)

android offers ability to encrypt – but users have to seek it out – most android users are unlikely to know this exists

wow – can we get beyond this? can we give police et al something better to do.. (and people who do harmful things)

20 min – on desktop – apple doesn’t encrypt by default – but every apple customer gets the ability to encrypt

windows – only small subset get encryption

23 min – most people won’t encrypt..

microsoft has offloaded this encryption

apple devices are status symbols – so more rich get security benefits

in 2014 – we know how to do this – how to encrypt this for everyone – but it’s not reaching everyone

the reason i wanted to come talk to you – is because the law moves slowly..

29 min – reference Glenn‘s share of govt info – prior to april 2013 – the # of journalists using encryption – i could count on one hand

talks about Glenn not understanding the software – pgp – Ed wanted him to download – and how he couldn’t understand it

this is huge to journalists – by their corps have no help for them..

33 min – pgp apps default to 2048 bit encryption…  when those who know what they’re doing – 4096 bit

36 min – subject line is not encrypted – either is attachment filename

it’s not the security that sucks – it’s the usability – tools built for us and then abandoned – don’t work for us – esp ie: journatlists

Glenn using cryptocat – really wasn’t safe

we’re starting to see tools that are built for journalists – usability

why do we have such crappy software – ie: 50 bill dollar companies…

fb has a team of highly qualified experts – yet we are getting tools and products that don’t meet our needs when users need them most

39 min – as tech developers – we have let others down

43 min – huge research needs: we don’t really know right now how to build software that is resistant to the state but that fails gracefully when users forget their details

why are we getting these bad defaults:

personal: ie: you can be compelled to share friends password but can’t be compelled to share your own – and – when data in cloud they can get it w/o you even knowing

busines: design constraints of google – very hard to protect customer when ie: google is ad driven

govt: shcmidt – problem w/expecting us to protect you from govt – govt has guns and we don’t

google has improved things a lot – things all around are getting better – but we still have a long way to go – and we know how to do better – we just need to force tech companies to give us the products we deserve

the bad guys are always going to be one step ahead of the good guys – they have the motivation – they think they’re going to get caught. bad guys use tech. they are always going to have these tools. let’s focus on the average person. there’s no terrorist laptop… etc.


find/follow Christopher:

link twitter

wikipedia small

Christopher Soghoian is a Washington, DC based privacy researcher and activist. He first gained notoriety in 2006 as the creator of a website that generated fake airline boarding passes. Since that incident, he has continued to engage in high-profile activism related to privacy and computer security. He is currently the principal technologist and a senior policy analyst with the speech, privacy and technology project at the American Civil Liberties Union.

Between 2009 and 2010, he worked for the US Federal Trade Commission as the first ever in-house technical advisor to the Division of Privacy and Identity Protection. While at the FTC, he assisted with investigations of Facebook, Twitter, MySpace and Netflix.


He is currently a Visiting Fellow at Yale Law School’s Information Society Project and a Fellow at the Center for Applied Cybersecurity Research at Indiana University. He was an Open Society Foundations Fellow between 2011 and 2012 and was a Student Fellow at the Berkman Center for Internet & Society at Harvard University between 2008 and 2009.

Salvatore at yale till dec


On October 26, 2006, Soghoian created a website that allowed visitors to generate fake boarding passes for Northwest Airlines. While users could change the boarding document to have any name, flight number or city that they wished, the generator defaulted to creating a document for Osama Bin Laden.

Soghoian claimed that his motivation for the website was to focus national attention on the ease with which a passenger could evade the no-fly lists.

Information describing the security vulnerabilities associated with boarding pass modification had been widely publicized by others before, including SenatorCharles Schumer (D-NY) and security expert Bruce Schneier. Soghoian received media attention for posting a program on his website to enable the automatic production of modified boarding passes.

On October 27, 2006, Senator Edward Markey called for Soghoian’s arrest. Two days later, he issued a revised statement stating that Soghoian should not go to jail, and that instead, the Department of Homeland Security should “put him to work” to fix the boarding pass security flaws.

At 2 am on October 28, 2006, his home was raided by agents of the FBI to seize computers and other materials. Soghoian’s Internet Service Provider voluntarily shut down the website, after it received a letter from the FBI claiming that the site posed a national security threat. The FBI closed the criminal investigation in November 2006 without filing any charges, as did the TSA in June 2007.



for a qr