Instead of arresting computer hackers, the latest trend in government management is to, well, hire them. Chris Soghoian seems to be one such hacker.
In 2006, the FBI busted Soghoian for printing fake boarded passes to highlight a TSA security flaw.
Although he was never arrested, he apparently mistook the FBI’s kindness for weakness because a year later, Soghoian mapped the names and addresses of a California company’s shipment of Astroglide lube using data the company put online.
The FBI refused to investigate since no private financial data was released, “just names, phone numbers, addresses and the fact that you requested sex lube,” he insisted.
A constant thorn in the FBI’s side, even Soghoian was surprised when the Federal Trade Commission (FTC) offered him a job in 2009 as a technologist. And he wasn’t the only one.
Apparently, the FTC offered multiple hackers the opportunity to work with the agency on projects related to consumer privacy on the web. And the FTC isn’t the only organization hiring.
Security agencies have long been hiring computer hackers to help strengthen their own security like the Web app developers that hired a teen responsible for creating two worms that took over Twitter in 2009.
Even the US government is getting in on the trend with its own US Cyber Challenge day.
Organizers invite young gifted hackers to partake in a series of tests and challenges related to computer hacking. Most of the high school aged hackers are rewarded for completing the challenges in an attempt to inspire them to join the country’s understaffed ranks of cybersecurity professionals.
Much like the US Cyber Challenge Day organizers hope to sway participants away from the “dark side,” the FTC probably hoped to do the same thing with Soghoian.
Even on the first day of report, the FTC faced problems with Soghoian when they asked him for a fingerprint scan and background check, both of which he refused. “I didn’t feel like I should have to give up my privacy to protect other people’s.”
Later, Soghoian secretly taped a conversation among Sprint employees bragging that they turned over customers’ GPS information 8 million times a year. Feeling that this should be public knowledge, Soghoian posted this audio recording on his private blog.
The Justice Department later admitted that the FBI had indeed broken the law by requesting these phone record searches.
Needless to say, after the multiple PR nightmares that Soghoian caused, his contract was not renewed. Maybe Soghoian wasn’t the ideal fit for the organization, but thankfully the organization was not deterred from hiring similar personalities.
In early November, the FTC named Ed Feten, a computer science professor at Princeton with a history of resistance against corporations on privacy issues (like Sony), as its chief technology officer.
It’s a good start, says Soghoian.
“One of the things that’s become abundantly clear after being in D.C. for a year…Is that many of the people making the rules and setting the policies have absolutely no idea how the technology works.”