How a lone grad student scooped the government—and what it means for your online privacy


The cold shoulder is not entirely Republican. Earlier this year the Obama administration unveiled a “Privacy Bill of Rights” that sets a variety of enviable standards for consumer privacy. “American consumers can’t wait any longer for clear rules of the road that ensure their personal information is safe online,” President Obama said.

The document, which among other things would allow individuals to control the data collected on them, was welcomed by consumer groups. But it’s not legislation. It’s a wish-list. The administration hopes that some of its wishes, like a Do Not Track system, will be granted through voluntary industry standards. But many of the wishes require Congress to pass laws that it is unlikely to pass anytime soon. The FTC’s meager budget request would seem to be the best indication yet of the prospects for significantly greater federal privacy protection.

It’s an old story with a new twist. Few industries have as many admirers in Washington, D.C., as Silicon Valley, which unlike the oil industry has what appears to be an equally large number of friends on both sides of the aisle. The tech industry is generally regarded as liberal-leaning—for instance, Eric Schmidt, the Google chairman, was an Obama campaign adviser and serves on the president’s Council of Advisors on Science and Technology. But Sen. John McCain, R-Ariz., was counseled in his presidential bid by both Carly Fiorina, the former CEO of Hewlett-Packard, and by Meg Whitman, the former CEO of eBay who now heads HP. Silicon Valley is one of the country’s few global growth industries; politicians are reluctant to put restrictions on what it can and cannot do.

The FTC tries to do the best with what it has. In 2009, with new Obama-era appointees aboard, it hired Christopher Soghoian, a privacy technologist who could perform the sort of sophisticated forensics that Mayer conducted on Google. A year later, in 2010, the FTC hired its first chief technologist, Edward Felten, a Princeton computer scientist who is highly regarded in tech policy circles. But the three men who have filled the privacy technologist job that Soghoian filled first (each have served for about a year) faced an awkward problem: The desktop in their office is digitally shackled by security filters that make it impossible to freely browse the web. Crucial websites are off-limits, due to concerns of computer viruses infecting the FTC’s network, and there are severe restrictions on software downloads. When Soghoian tried to download a Wi-Fi sniffing app, his boss told him within a few minutes that he had tripped a security alarm; he could not use the app on his computer. It had to be deleted immediately.

To defend against hackers, filtered computers are standard in the government, but they are problematic for officials who are trying to discover dishonest activity on the web; it’s a bit like telling a cop he can’t patrol in high-crime neighborhoods. A handful of unfiltered computers are available in restricted labs at the FTC’s headquarters on Pennsylvania Avenue and its satellite offices on New Jersey Avenue and M Street, but this is an ungainly setup. Rather than leaving their office, waiting for an elevator, swiping their ID badges across a sensor at the lab’s locked door and logging into a computer soaked with malware (because the lab computers are used to test suspicious applications and websites), the technologists have instead stayed in their office and tethered their personal laptops to their personal cell phones. The office does not have a window, and the cell signals are not strong; even by phone standards, their web connection is slow.

Soghoian and the current privacy technologist, Michael Brennan, tried to get an unfiltered desktop installed in their office. Each time—Soghoian in 2010, Brennan in 2011—they got tantalizingly close, with new machines delivered to them. But the computers were never connected to the internet. Someone at the agency—they don’t know who—got cold feet. “I basically had a two-thousand-dollar computer doing nothing,” Soghoian said. Brennan isn’t even at the office so much these days; he is a part-timer who lives in Philadelphia, where he is getting a Ph.D. in computer science at Drexel University. When he works in Washington, the FTC’s privacy gunslinger crashes at a friend’s house.

Only one FTC official has an unfiltered desktop: Felten, the chief technologist. He is the sort of unconventional public servant the FTC has hired in recent years. He was an expert witness in the landmark antitrust suit against Microsoft, a board member of the Electronic Frontier Foundation, and in April he participated in a privacy hackathon with his teenage daughter. Felten, hired mainly to provide policy advice to the FTC chairman, also conducts investigations of suspicious websites or apps—this is what he uses the unshackled computer for. During an interview, he pointed to it, a bit like a museum guide gesturing toward a priceless artwork, and said, “This is rare. I think this is the only one.”

"(Required)" indicates required fields