Edward William Felten

Bio/Description

Edward “Ed” Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs, and professor of computer science and public affairs, transfers to emeritus status after twenty-eight years on the faculty of computer science and the Princeton School of Public and International Affairs (SPIA).

Ed grew up in Madison, Wisconsin. His family bought an early model personal computer when those were rare, and he spent much time learning how to program it. He received a bachelor’s degree in physics from Caltech in 1985; along the way, he was an enthusiastic participant in the technical “pranks” for which Caltech is famous—good preparation for his computer security exploits as a tenured professor at Princeton. He stayed at Caltech until 1989, working on the Current Computing Project and publishing papers on high-performance parallel programming with applications in physics and chess. He did his graduate study in computer science at the University of Washington, where his dissertation, “Protocol Compilation: High-Performance Communication for Parallel Programs,” was advised by Ed Lazowska and John Zahorjan. Upon completing his Ph.D. in 1993, he started as an assistant professor of computer science at Princeton.

In his first years at Princeton, Ed worked on parallel computing, operating systems, file-system caching strategies, and computer networks. Then in 1995 two graduate students, Drew Dean and Dan Wallach, came to him with their observation that the then-novel “World Wide Web browser” and the associated Java programming language had many exploitable insecurities. The resulting 1996 paper, “Java Security: From HotJava to Netscape and Beyond” by Dean, Felten, and Wallach launched the remainder of Ed’s career in information security and technology policy, and launched Dean’s and Wallach’s, as well.

Ed’s work from 1995 to 2021 has been characterized by two themes: balancing attack and defense, and balancing technology and policy. Ed and his students have found many creative and unexpected ways that computer systems can be vulnerable to attack: spoofing web browsers with man-in-the-middle attacks, propagating vote-stealing viruses through the removable media of voting machines, freezing laptop memory cards in liquid nitrogen to steal cryptographic keys. But he has worked as much on cyber defense: securing Java programs, logic-based access-control systems, privacy-preserving communication technologies, resistance to denial-of-service attacks, and password management systems.

Some of Ed’s scholarship from 1995 to 2005 resulted in publications describing the insecurity of specific commercial systems. He was a pioneer in “responsible disclosure,” notifying the companies in whose products he found vulnerabilities before going public, but in those days some companies threatened Ed with lawsuits when their oxes were gored. This helped nudge Ed from cybersecurity into technology policy: what should be the legal and societal frameworks not only for security, but also for copyright law and policy, privacy, user interfaces for security, and other policy-related issues.

Ed was the star expert witness for the United States in the big antitrust action U.S. v. Microsoft, in which Microsoft was found to have illegally maintained its operating system monopoly by bundling its browser; and he testified in Universal Studios, Inc. v. Remierdes, a digital copyright law “constitutional case of first impression.”

He spent a sabbatical at Stanford Law School thinking about these issues and planning to write a book, but concluded that the twenty-first century called for a blog. Freedom to Tinker was originally his personal tech policy blog but has become Princeton University’s widely known, multi-author, tech policy publication. Ed has been a leading public intellectual of technology policy, interacting in the policy arena while continuing his deeply technical work in cybersecurity and privacy.

In 2006 Ed became jointly appointed in the Department of Computer Science and SPIA. He also founded Princeton’s Center for Information Technology Policy and led it for thirteen years before handing off its leadership to other faculty; it is still thriving. In 2013 he was elected to the National Academy of Engineering. His thirteen Ph.D. advisees have gone on to pursue careers in academia at Rice University, the University of Texas at Austin, the University of Michigan, and the University of Chicago; others are computer scientists at the Federal Trade Commission (FTC), Institute for Defense Analyses (IDA), and Google, among other companies; they are also founders of tech policy consultancies.

Ed served as Deputy U.S. Chief Technology Officer in the Obama White House; he loved every day that they did something to make peoples’ lives easier or safer. He has also consulted for the FTC and the other federal agencies, and served on the advisory boards or boards of directors of a dozen nonprofits and corporations. After transferring to emeritus status, he will continue his work as a member of the U.S. Privacy and Civil Liberties Oversight Board and run his blockchain start-up company, Offchain Labs.