Wanted: Cyber spy for hire. Must be willing to crack existing products to allow repressive governments to snoop on their citizens and/or prevent them from communicating with each other. Salary commensurate with experience; moral flexibility a must.

While this want ad doesn't actually exist, ones very much like it do -- though it's unlikely you'll find them posted on Monster.com. There's a thriving gray market of companies working for governments that seek to insinuate themselves into social networks like Twitter and Facebook, the better to identify and silence "terrorists" (insert your own definition here).

[ Cash in on your IT stories! Send your IT tales to offtherecord@infoworld.com. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

Today's example comes to us via blog post by hacker/security wonk Moxie Marlinspike. Yes, he has a name like an animated supervillain, but he also sports an impressive resume. As an independent security researcher, Marlinspike (whose birth name is probably Matthew Rosenfeld) has developed tools for enhancing privacy on Google and Android handsets. He's also created tools for launching man-in-the-middle attacks -- allowing hackers to secretly intercept otherwise secure communications between a user and, say, a bank or other secure network, then use that information for nefarious purposes.

You're either with us or against us

That's probably why he was contacted by Mobily, a $5 billion telecom based in Saudi Arabia. Mobily wanted him to develop a way to bypass SSL certificates in a handful of apps, including Twitter, Viber, Line, and WhatsApp. When he asked why the Saudis would want to do that, he received the standard answer: to fight the spread of "terrorism." He writes:

So privacy is cool, but the Saudi government just wants to monitor people's tweets because... terrorism. The terror of the retweet. But the real zinger is that, by not helping, I might also be a terrorist. Or an indirect terrorist, or something. While this email is obviously absurd, it's the same general logic that we will be confronted with over and over again: choose your team. Which would you prefer? Bombs or exploits. Terrorism or security. Us or them.

Instead of signing on and cashing a big check, however, Marlinspike declined the offer and decided to publicize the email string. He writes: