Monday, August 17, 2009

Going Fed

This week will be my last at Harvard's Berkman Center for Internet & Society. It has been a fantastic place to work, and for the first time in my academic life, I found a supportive environment where it is OK to be interested in both technology and law/policy. I will miss Berkman and the friends I made there sorely (but not the horrible Boston weather).

In two weeks, I will move to Washington DC, where I will begin working half time as a technical consultant to the Division of Privacy and Identity Protection in the Bureau of Consumer Protection at the US Federal Trade Commission. As I understand it, the FTC has a lot of really smart lawyers, but they (currently) lack geek skills.

David Vladeck, the new head of the Bureau of Consumer Protection recently told the New York Times that "he would hire technologists to help analyze online marketers’ tracking." I guess that means people like me.

Those regular blog readers who are used to my usual acerbic writing style may be disappointed. I expect that my writing on this blog will dry up -- with the occasional post to announce new research papers or updates to TACO. While I haven't been told to do this, I am assuming that it is simply no longer appropriate to use this blog to shame the corporations that continue to do harm to user online privacy -- at least as long as I am also on the government's payroll.

Hopefully, there will be other ways that I can help to achieve this positive change from within the DC beltway.

I also recognize that many people might find it surprising that I am going to work for the US government. After all, I have spent much of my public blogging railing against the oppressive surveillance state and the numerous privacy invasions committed by the law enforcement and intelligence agencies.

My position at the FTC will involve no classified work, I have not, and will not get a security clearance, and I intend to be solely focused on things that improve consumer privacy, not hurt it. The FTC is not in the business of violating the rights of Americans. There are other agencies that seem to be taking care of that.

I will be at the FTC half time. The other (unpaid) half of my time will be spent wrapping up my dissertation, writing research papers, and continuing to work on TACO.

There are likely to be some users of TACO who are not terribly keen on the idea of running code on their computers designed and maintained by someone who is paid by the US government. TACO is open source, which means anyone can look through the source code online to see if there are any hidden backdoors (there aren't). Furthermore, Mozilla won't roll out an update to the 100,000 TACO users until a Mozilla volunteer has looked through the code and verified that it is safe.

As an additional layer of safety for paranoid TACO users, I have added two new people to the TACO development team: Sid Stamm, and Dan Witte, both employees of Mozilla. Sid is also a paranoid security geek, and Dan is in charge of the cookie related code within the Firefox browser. Dan also rewrote the most recent version of TACO to make it several times faster.

Both have agreed to lend a hand if and when I encounter technical problems with future TACO versions (since, my coding skills are not so great). However, they will also be able to act as a layer of protection, should someone try to force me to make changes to the TACO codebase. Defense in depth, I suppose.

17 comments:

  1. Congratulations! The FTC -- indeed, all of us -- will benefit from your presence there.

    ReplyDelete
  2. Anonymous1:40 PM

    We will miss you too.

    ReplyDelete
  3. Congratulations! (As I said on Twitter...) Best of luck. We're counting on you.

    ReplyDelete
  4. Congrats! Privacy audits are being conducted all across town, law firm sirens ringin, CPOs shaking with fear :)
    You are going to be great, and the FTC is now fierce!

    ReplyDelete
  5. Miten Sampat4:25 PM

    this is wonderful news Chris.
    Good luck.

    ReplyDelete
  6. Joris van Hoboken5:17 PM

    Gefeliciteerd!

    Look forward to the FTC's moves on online privacy protection!

    ReplyDelete
  7. Great to see this kind of expertise going to the FTC -- best of luck to you.

    ReplyDelete
  8. Congrats! I'm impressed that the FTC is smart enough to hire you. This could be good all around.

    ReplyDelete
  9. Very glad to hear it...I'm a big fan of your work and enjoyed your podcast on SSL defaults.

    ReplyDelete
  10. Hope the government doesn't room 101-ise you.. just a joke..:-)

    ReplyDelete
  11. Congratulations on the new job, Chris.

    How does working for the federal government make it inappropriate for you to use your personal blog to shame the corporations that continue to do harm to user online privacy?

    ReplyDelete
  12. Congrats, Chris and FTC team! This is a good partnership and reflects well on both parties. Chris -- you've done a great job nudging industry forward and proving once again that a determined individual can make a difference.

    ReplyDelete
  13. I have only read your blog a few times over the years but always interesting. Kudos to you for the change. You will be an agent for good change in the work you'll be doing.

    ReplyDelete
  14. Congratulations on the new job, Chris. Best of luck.

    ReplyDelete
  15. Anirban Sen7:48 PM

    Congrats Chris! The FTC is one three-letter agency I still admire. :)

    ReplyDelete
  16. Aleecia McDonald6:00 PM

    Fantastic news! Congratulations. Just remember to actually finish your thesis. :-)

    ReplyDelete
  17. Anonymous11:42 PM

    Please add an optout cookie for
    http://www.xgraph.net/opt-out.html

    ReplyDelete