Christopher Soghoian, an outspoken privacy advocate who drew the ire of a congressman two years ago when he published information about a serious breach in airline security, has been hired by the Federal Trade Commission to work in the division of privacy and identity protection in its Bureau of Consumer Protection.
Soghoian made the surprising announcement on his blog Monday and told Threat Level the job offer came about after he ran into FTC staff at this year's Computers Freedom and Privacy conference held in Washington, DC.
He said the job, which is a part-time, one-year contract, will likely involve a strict non-disclosure agreement that will prevent him from publicly disclosing vulnerabilities or other information he uncovers during the time he works for the FTC. But he said that's the price "for entry inside the beltway."
"I . . . recognize that many people might find it surprising that I am going to work for the US government," he wrote on his blog. "After all, I have spent much of my public blogging railing against the oppressive surveillance state and the numerous privacy invasions committed by the law enforcement and intelligence agencies.
"My position at the FTC will involve no classified work, I have not, and will not get a security clearance, and I intend to be solely focused on things that improve consumer privacy, not hurt it. The FTC is not in the business of violating the rights of Americans. There are other agencies that seem to be taking care of that."
Soghoian has often had Google and other companies in his crosshairs for poor privacy practices and was a big critic of airline security policies.
In 2006, Rep. Edward Markey (D - Massachusetts) called for Soghoian's arrest after he created a site showing how easy it was to generate a facsimile of a Northwest Airlines boarding pass.
"I want Congress to see how stupid the (Transportation Security Administration)'s watch lists are," he told Threat Level at the time. "Now even the most technically incompetent user can click and generate a boarding pass. By doing this, I'm hoping (Congress) will see how silly the security rules are. I don't want bad guys to board airplanes but I don't think the system we have right now works and I think it is giving us a false sense of security."
Soghoian said he has no idea what his new job at the FTC will entail, but the Bureau of Consumer Protection recently told the New York Times that it was looking to hire technologists who could help it examine tracking technologies being employed by online marketers.
"It's a good idea to have someone in a regulatory body who actually understands how the technology works and understands a little more than how to browse through a web page," Soghoian told Threat Level. "Someone who knows how to use packet sniffers and can look through the source code and can actually analyze code and see what malware is doing. I think [Washington,] D.C. would be a better place if there were more geeks."