may be reasonably considered to be this decade’s leading oxymoron. An Opera Software study revealed that although 22 percent of people in the United States are concerned about losing their jobs, 25 percent are concerned about a breach of their online privacy. There is ample justification for these concerns. A Carnegie Mellon University study gathered publicly available personal information for thousands of Americans, including social network profiles, and reported that they were able to deduce accurate social security numbers for 8.5% of all citizens. At a time when millions of people post detailed personal information on social media
, they are leaving themselves wide open for identity theft and other criminal actions. What may surprise many is that even the government agencies and leading web and telecom businesses that promise to keep personal information secure are actually data colanders. That’s where a hirsute heterodox named Christopher Soghoian has been earning a reputation as the Ralph Nader of online privacy. He champions the rights of citizens while kicking the violators in the shins.
Soghoian Showed the Ease of Printing Fake Boarding Passes
Soghoian first came to national prominence in 2006 when the FBI showed up at his house at 2 am to seize the computers on which he had created a site that allowed anyone to take advantage of an outrageous Transportation Security Administration digital dereliction and generate fake boarding passes on Northwest Airlines, with a default name of Osama Bin Laden. The Feds were not amused but closed the criminal investigation without filing charges - and three years later actually hired Soghoian to work in the Federal Trade Commission’s Bureau of Consumer Protection. His freewheeling maverick ways were not the best match for the staid government agency and he was released a year later, but by then his name was synonymous with divulging and publicizing security breaches at the highest levels.
Named & Shamed
Soghoian has “named and shamed” a remarkable array of leading online and telecom corporations:
Dropbox had a back door that allowed them full access to all uploaded files
Sprint Nextel had a secret website for law enforcement agents to GPS-track 8 million subscribers every year
Yahoo had a price list they charged the US government for turning over private information on their users
AT&T’s voicemail was open to phone-hacking due to their policy of not requiring a password to access it
Google’s Gmail had SSL encryption turned off by default
All of these major security lapses and privacy violations were active until Soghoian got through with them. Armed with little more than his blog and his innate sense of outrage, he led a one-man pitched battle with the forces of privacy evil for years until he was given a paid fellowship by the George Soros Open Society Foundation to publicly grade online and telecom privacy practices.
39% of Americans Still Use Unsafe Passwords
Now that he is properly enabled, Soghoian will continue his initiatives to keep our online and communications privacy safe, but we still have to do our part. Even with all of these revelations of egregious privacy violations and the ease at which our personal data can be accessed, nearly two out of every five internet users in the United States still do not use safe passwords but resort to easily crackable generics such as 123456 or “password.”
Simple Steps to Maintain Online Security
Maintaining personal privacy and security is not a lost cause. There are various simple steps anyone can take to strengthen the safety of their online data:
Don’t post anything anywhere (including “private” profiles) that reveals personal details
Mix up your passwords and use at least half non-alphanumeric characters
Never reply to spam emails
Turn on cookie notices in your browser
Check for https, lock icons and correct URLs before entering any sensitive data
Don’t reply or click on bank or payment facilitator emails that do not address you by name
We can’t rely on iconoclast Soghoian to do it all for us. We have to give him a fighting chance!