Chris Soghoian began his recently published dissertation with a quote from George Orwell. It was a natural introduction, as perhaps no other privacy researcher so closely follows Big Brother.
So much so that the American Civil Liberties Union (ACLU) recently hired the 31-year-old as its principal technologist and a senior policy analyst with its Speech, Privacy and Technology Project. The organization has never had a technologist on staff before. For years a provocative figure in the security community, Soghoian now has the ACLU's legal muscle behind his particular brand of activism.
Since his early twenties, Soghoian has highlighted the misdeeds of large companies and the federal government in violating the privacy of their consumers and citizens. Wired called him a Ralph Nader for the internet age – which is to say, the age of the Patriot Act, the NSA's illegal wiretap program and the unprecedented spying on American citizens. This year, Soghoian earned his Ph.D. at Indiana University – his dissertation analyzed how telecom companies assist law enforcement surveillance of their customers – and held fellowships with TEDGlobal and the Open Society Foundation.
Occupation: principal technologist, Speech Privacy & Technology Project, American Civil Liberties Union
College: Indiana University, Ph.D.;
Accomplishments: TR35 2012 (MIT Tech Review 35 Innovators under 35), TEDGlobal 2012 Fellow, Open Society Foundations Fellow (2011-2012)
The ACLU offers Soghoian something of a crossover platform, and at the same time, he will push the organization into joining court cases involving privacy.
“You'll see a theme to my work,” Soghoian says. “I take things that are widely known to computer scientists, but not known outside the community, and I take them to the public.”
Soghoian's muckraking has come out in his high-wire productions over the years – publicly shaming companies which abuse their consumers' privacy. Among his targets have been Google, Facebook, Dropbox, Mozilla Firefox, Twitter, Sprint Nextel and, most famously, the Transportation Security Administration (TSA).
“The pressure has to go on the big boys,” he says. “Consumers don't really know how their data is handled. And these security practices are usually indefensible. Once you bring that into the sunlight, the company cannot defend that. It's the threat of embarrassment that makes these companies change.”
However, Soghoian's activism has become more strategic in nature too. “He's matured,” says Markus Jakobsson, Soghoian's adviser at Indiana and the principal scientist of computer security for PayPal. “You could say he's found ways that are more effective. Sometimes direct confrontation isn't always good.”
“I'm not gonna lie,” Soghoian admits, “I love shaming people. I love throwing fire at companies. Changing company behavior by myself or with a group of activists is very rewarding.” But the “shame route,” he adds, “is sometimes not the most effective method either. You can sometimes be more effective talking over cocktails.”
Soghoian lives in Washington D.C., and can be found working back channels – for example, meeting with Congressional staffers or employees at technology companies – to inform his work and target his activism. Parts of his dissertation, because of the sensitivity of government surveillance, were based on anonymous sources, which is unprecedented in computer science academia, according to Jakobsson.