By Sarah Cortes-Former Cantabridgian Chris Soghoian spoke today at Defcon, possibly the world's largest conference for computer hackers. Soghoian highlighed numerous ways cellphone and location data is easily accessed by law enforcement with little or no judicial or other oversight. Laws such as the Communications and Law Enforcement Act of 1994 ("CALEA") have been expanded beyond their original scope to assist law enforcement investigations in the hope of keeping us safer. The problem, Soghoian states, is that this expanded ease of government surveillance now extends to millions of individuals as well, dismantling constitutionally guaranteed freedoms.
Also on the panel with Soghoian were Catherine Crump and Ben Wizner from the ACLU and computer technologist Ashkan Soltani.
Soghoian referenced a recent judicial opinion from a Texas court finding law enforcement had exceeded their authority in the use of subpoenas for cellphone data, which can include not only the target of an investigation, but everyone who has had cellphone contact with a target. "We're not talking about a judge from San Francisco. When a Texas judge says government surveillance had gone too far, you need pay attention, Soghoian stated."
Soghoian has published and spoken extensively on government surveillance of its citizens, and the collaboration of the largest telecommunications and other technology corporations with law enforcement.
Soghoian is a PhD candidate at Indiana University, where he submitted his doctoral dissertation July 15. He was a fellow at Harvard Law School's Berkman Center for Internet and Society in Cambridge from 2008-2009. "They gave me the impossible task of trying to measure the scale of government surveillance," Sogoian states in his dissertation. "Thankfully, they were not upset when I failed."
He first gained notoriety in 2006 when the FBI raided his home during the night and seized his computer. He had created a website featuring a fake airline boarding pass which anyone could print out, which defaulted to printing the name "Osama bin Laden." Soghoian had created the website to call attention to TSA security weaknesses to create public awareness about what he saw as the TSA's habit of ignoring obvious threats and vulnerabilities in transportation infrastructure. Instead, he has asserted, TSA focused unduly and ineffectively on a set of threats and a series of purchases that have left real threats unidentified and unmitigated.
Soghoian revealed at DefCon that he is currently "fighting his own lawsuit" against the government.
13,000 information Security professionals and hackers are expected to attend DefCon this year in Las Vegas, Nevada between July 26-29.