Why are the feds surveilling and repeatedly detaining computer security researcher Moxie Marlinspike?

Photo: Dave Bullock (eecue)

Computer security researcher Moxie Marlinspike (Wikipedia, Web, Twitter) was detained by US border agents for several hours on Wednesday night. They searched his laptop and cell phones, demanded that he provide them with passwords for each, and later returned the devices to him. From Wired News:

[He] was met by two U.S. Customs and Border Protection agents at the door of his plane when he arrived at JFK airport on a Jet Blue flight from the Dominican Republic. The agents escorted him to a detention room where they held him for four and a half hours, he says. During that time, a forensic investigator arrived and seized Marlinspike's laptop and two cell phones, and asked for his passwords to access his devices. Marlinspike refused, and the devices were later returned to him.

"I can't trust any of these devices now," says Marlinspike, who asked that Threat Level not report his real name. "They could have modified the hardware or installed new keyboard firmware."

Marlinspike gained attention last year at the Black Hat security conference in Las Vegas when he revealed a serious vulnerability in the way internet browsers verify digital security certificates. The flaw would let a hacker create a fake web site for Bank of America or some other legitimate business, obtain a fake digital certificate and trick a browser into thinking the fake site was the legitimate one, allowing the hacker to conduct a phishing attack against unsuspecting users who entered their bank credentials into the fake site. He released two free tools that would help an attacker conduct such an attack.


The incident sounds very much like what happened earlier this year to two other white hat hackers:

In July, security researcher Jake Appelbaum was intercepted at a New Jersey airport and detained. And earlier this month MIT researcher David House had his laptop seized when he deplaned at Chicago's O'Hare Airport on his way back from Mexico.

The full Wired News article is here, and the CNET piece is here. As the CNET piece elaborates, this incident is hardly the first for Moxie, and it doesn't sound as if it will be the last. There is some speculation that Moxie is being targeted because he has been identified as a friend and intellectual peer of Appelbaum, who is a volunteer with Wikileaks. Asked whether he too is a volunteer for Wikileaks, Moxie replied to CNET:

Definitely not. If anything, I'm slightly critical of WikiLeaks. I question the efficacy of that project. […] I'm friends with Jake, and his equipment was seized. My name was in his contacts on his phone.

Moxie was mentioned on Boing Boing recently for something presumably unrelated: Hold Fast, a documentary about anarchy and sailing.