Christopher Soghoian

Principal Technologist at the American Civil
Liberties Union
Visiting Fellow at Yale Law School's Information
Society Project

Working at the intersection of technology, law and policy, on the side of citizen's rights.

Add to Shortlist Dubfire.net @csoghoian

Biography

Could a hacker, stalker or government agent be controlling the webcam in your computer? They might be. Christopher Soghoian can tell what you can do to protect yourself and your loved ones from this and other privacy threats.

Described by Wired Magazine as the “Ralph Nader of the Internet” and one of Politico Magazine's top "thinkers, doers and visionaries transforming American politics," Dr. Christopher Soghoian is “the most prominent of a new breed of activist technology researchers” (The Economist), “who have risen to prominence by showing how tedious technical flaws can affect ordinary people.”

Driven by the knowledge of how cyber security flaws can be exploited by governments and criminals, Soghoian has a history of taking exceptional measures to expose surveillance programs and advocate for the adoption of technical solutions that can protect us all.

In just the past few years, Soghoian has exposed existence and use of “StingRays”, a military-grade surveillance technology now used by the FBI and police across America to track cell phones. He has revealed the existence of a dedicated hacking unit within the FBI capable of remotely activating webcams and microphones in computers and mobile phones. He also revealed how the FBI had impersonated the Associated Press in an effort to hack into one target’s computer.

Soghoian’s research and activism has forced government agencies and corporations to improve their cybersecurity practices, as well as spurring several important national debates around privacy, cybersecurity and surveillance related issues. Indeed, citing Soghoian’s research on government surveillance of cell phones, one prominent federal judge observed that “1984 may have come a bit later than predicted, but it’s here at last.”

In a world where data is power, Soghoian shines light into the cracks in ever-developing government and corporate practices that threaten our personal information, our personal freedoms, and our overall security. For his audiences, the "direct, confident, focused and unwavering" (Wired) Soghoian also lays out precautionary, actionable steps to temper privacy risks.

Soghoian is the Principal Technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union, and is also a Visiting Fellow at Yale Law School's Information Society Project. He was previously the first in-house technical advisor to the U.S. Federal Trade Commission's Division of Privacy and Identity Protection.

Soghoian is a TED Senior Fellow, and was previously an Open Society Foundations Fellow and a fellow at the Berkman Center for Internet & Society at Harvard University. He has been recognised as a “Tech Titan” by Washingtonian Magazine, a top innovator under 35 by the MIT Technology Review, and an “Engineering Hero” by IEEE Spectrum. He holds a Ph.D. in Informatics from Indiana University and a M.S. in Security Informatics from The Johns Hopkins University.

Topics

Chris tailors each presentation to the needs of his audience and is not limited to the topics we have listed below. These are subjects that have proven valuable to customers in the past and are meant only to suggest his range and interests. Please ask us about any subject that interests you; we are sure that we can accommodate you.

Can You Hear Me Now? Law Enforcement Surveillance of Internet and Mobile Communications

Internet and telephone companies now play an essential role in enabling modern surveillance by law enforcement agencies. The police merely select the individuals to be monitored, while the actual surveillance is performed by third parties: often the same email providers, search engines, and telephone companies to whom consumers have entrusted their private data.

Although assisting Big Brother has become a routine part of business, the true scale of law enforcement surveillance has long been shielded from the general public, Congress, and the courts. However, recent disclosures by wireless communications carriers reveal that the companies now receive approximately one and a half million requests from U.S. law enforcement agencies per year. When automated, industrial-scale surveillance is increasingly the norm, is communications privacy a thing of the past? For those of us who would like to keep our private information out of government databases, what options exist, and which tools and services are the best?

The FBI Is Controlling Your Webcam: Examining the Use of Hacking by Law Enforcement Agencies

By now, it is no secret that the U.S. government is in the hacking business. However, these capabilities are not limited to nation state attacks against Iran and China. They extend to law enforcement, too. The FBI now has a unit solely focused on hacking into the computers and mobile phones of surveillance targets. The software used by this unit can surreptitiously enable a computer's webcam; collect real-time location data; and copy emails, web browsing records, and other documents. And although the FBI has been an early adopter of this kind of surveillance technology, other law enforcement agencies are not far behind. Soon, local police will also have software capable of allowing them to hack into the phones and computers of suspected criminals.

While politicians are clearly scared about hacks from China, our own law enforcement agencies are also in the hacking business too. What does this mean for the current, heated debate about cybersecurity and our ability to communicate securely?

The Global Trade in Cyber Weapons

Over the past two years, the public has started to learn about the shadowy trade in software security exploits. Rather than disclosing these flaws to software vendors like Google and Microsoft who will then fix them, security researchers can now sell them for six figures to governments who then use them for interception, espionage, and cyber war. These flaws are only useful for their intended purpose if software vendors remain in the dark about them, and if fixes never reach the general public. As such, the very existence of government stockpiles of software security flaws, whether for law enforcement, espionage, or military operations means that government agencies are exposing consumers, businesses, and other government agencies to exploitable security flaws which could otherwise be fixed.

What should be done, if anything, about this part of the security industry? Are researchers who sell exploits simply engaging in legitimate free speech that should be protected? Or, are they engaging in the sale of digital arms in a global market that should be regulated?

Videos

Your smartphone is a civil rights issue | TEDSummit

How to avoid surveillance ... with the phone in your pocket | TED

Security & Surveillance | Chicago Ideas Week

Why Google won't protect you from big brother | TEDx

Government surveillance — this is just the beginning | TED