Embed

Edward_Felten

Document Sample

Shared by: roy ashbrook

Tags

Stats

views:: 6
posted:: 2/2/2012
language:
pages:: 4

Public Domain

From Wikipedia, the free encyclopedia Edward Felten

Edward Felten

Edward William Felten Biography

Felten attended the California Institute of Technology

and graduated with a degree in Physics in 1985. He

worked as a staff programmer at Caltech from 1986 to

1989 on a parallel supercomputer project at Caltech. He

then enrolled as a graduate student in Computer Science

at the University of Washington. He was awarded an

Master of Science degree in 1991 and a Ph.D in 1993. His

Ph.D. thesis was on developing an automated protocol for

communication between parallel processors.

In 1993, he joined the faculty of Princeton University

in the Department of Computer Science as an Assistant

Professor. He was promoted to Associate Professor in

1999 and to Professor in 2003. In 2006, he joined the

Woodrow Wilson School of Public and International Af-

fairs, but computer science remains his home depart-

ment. In 2005, he became the Director of the Center for

Information and Technology Policy at Princeton. He has

Edward Felten

served as a consultant to law firms, corporations, private

Born March 25, 1963 (1963-03-25) foundations, and government agencies. His research in-

volves computer security, and technology policy.[3]

Residence Princeton, New Jersey

He lives in Princeton, New Jersey with his family.

Citizenship American From 2006 to 2010, he was a member of the board of

Fields Computer Science the Electronic Frontier Foundation (EFF). In 2007, he was

public affairs inducted as a Fellow of the Association for Computing

Machinery.

Institutions Princeton University, Federal Trade

Commission

In November 2010, he was named Chief Technologist

of the Federal Trade Commission.[4]

Alma mater California Institute of Technology

University of Washington

Doctoral Edward D. Lazowska and John Zahorjan

United States v. Microsoft

advisor Felten was a witness for the United States government

in United States v. Microsoft, where the software company

Known for Secure Digital Music Initiative

was charged with committing a variety of antitrust

Notable EFF Pioneer Award[1] crimes. During the trial, Microsoft’s attorneys denied

awards that it was possible to remove the Internet Explorer web

browser from a Windows 98 equipped computer without

Edward William Felten (born March 25, 1963) is a profes- significantly impairing the operation of Windows.

sor of computer science and public affairs at Princeton Citing research he had undertaken with Christian

University. On November 4, 2010 he was named the Chief Hicks and Peter Creath, two of his former students,[5] Fel-

Technologist for the United States Federal Trade Com- ten testified that it was possible to remove Internet Ex-

mission,[2] a position he officially assumed January 3, plorer functionality from Windows without causing any

2011. problems with the operating system. He demonstrated

Felten has done a variety of computer security re- his team’s tool in court, showing 19 ways in which it is

search, including groundbreaking work on proof-carry- normally possible to access the web browser from the

ing authentication and work on security related to the Ja- Windows platform that his team’s tool rendered inacces-

va programming language, but he is perhaps best known sible.

for his paper on the Secure Digital Music Initiative (SDMI) Microsoft argued that Felten’s changes did not truly

challenge. remove Internet Explorer but only made its functionality

1

From Wikipedia, the free encyclopedia Edward Felten

inaccessible to the end user by removing icons, shortcuts and other copyright holders denied that they had ever

and the iexplore.exe executable file, and making changes threatened to sue Felten. However, SDMI appears to have

to the system registry. This led to a debate as to what ex- threatened legal action when spokesman Matt Oppen-

actly constitutes the "web browser," since much of the heim warned Felten in a letter that "any disclosure of in-

core functionality of Internet Explorer is stored in a formation gained from participating in the Public Chal-

shared dynamic-link library, accessible to any program lenge....could subject you and your research team to ac-

running under Windows. tions under the Digital Millennium Copyright Act.". [7]

Microsoft also argued that Felten’s tool did not even Felten, with help from the Electronic Frontier Foun-

completely remove web-browsing capability from the dation, sued the groups, requesting a declaratory judge-

system since it was still possible to access the web ment ruling that their publication of the paper would be

through other Windows executables besides iex- legal. The case was dismissed for a lack of standing.[8]

plore.exe, such as the Windows help system. Felten presented his paper at the USENIX security

conference in 2001. The United States Department of Jus-

The SDMI challenge tice has offered Felten and other researchers assurances

that the DMCA does not threaten their work and stated

As part of a contest in 2000, SDMI (Secure Digital Music that the legal threats against them were invalid.

Initiative) invited researchers and others to try to break

the digital audio watermark technologies that they had

devised. In a series of individual challenges, the partici-

Sony rootkit investigation

pants were given a sample audio piece, with one of the The 2005 Sony BMG CD copy protection scandal started

watermarks embedded. If the participants sent back the when security researcher Mark Russinovich revealed on

sample with the watermark removed (and with less than October 31, 2005 that Sony’s Extended Copy Protection

an acceptable amount of signal loss, though this condi- copy protection software on the CD Get Right with the

tion was not stated by SDMI), they would win that partic- Man by Van Zant contained hidden files that could dam-

ular challenge. age the operating system, install spyware and make the

Felten was an initial participant of the contest. He user’s computer vulnerable to attack when the CD was

chose to opt out of confidentiality agreements that would played on a Microsoft Windows-based PC. Sony then re-

have made his team eligible for the cash prize. Despite leased a software patch to remove XCP.

being given very little or no information about the wa- On November 15, 2005, Felten and Alex Halderman

termarking technologies other than the audio samples showed that Sony’s method for removing XCP copy pro-

and having only three weeks to work with them, Felten tection software from the computer makes it more vul-

and his team managed to modify the files sufficiently nerable to attack, as it essentially installed a rootkit, in

that SDMI’s automated judging system declared the wa- the form of an Active X control used by the uninstaller,

termark removed. and left it on the user’s machine and set so as to allow any

SDMI did not accept that Felten had successfully bro- web page visited by the user to execute arbitrary code.

ken the watermark according to the rules of the contest, Felten and Halderman described the problem in a blog

noting that there was a requirement for files to lose no post:

sound quality. SDMI claimed that the automated judging

result was inconclusive as a submission, which simply The consequences of the flaw are severe, it allows

wiped all the sounds off the file would have successfully any Web page you visit to download, install, and

removed the watermark but would not meet the quality run any code it likes on your computer. Any Web

requirement. page can seize control of your computer; then it can

do anything it likes. That’s about as serious as a se-

SDMI lawsuits curity flaw can get.[9]

Felten’s team developed a scientific paper explaining the

methods used by his team in defeating the SDMI wa- Diebold voting machine analy-

termarks. Planning to present the paper at the Fourth

International Information Hiding Workshop of 2001 in sis

Pittsburgh, Felten was threatened with legal action by On September 13, 2006, Felten and graduate students

SDMI,[6] the Recording Industry Association of America Ariel Feldman and Alex Halderman discovered severe se-

(RIAA), and Verance Corporation, under the terms of the curity flaws in a Diebold Election Systems (now Premier

DMCA, on the argument that one of the technologies his Election Solutions) voting machine. Their findings

team had broken was currently in use in the market. Fel- claimed, "Malicious software running on a single voting

ten withdrew the presentation from the workshop, read- machine can steal votes with little if any risk of detection.

ing a brief statement about the threats instead. SDMI The malicious software can modify all of the records, au-

2

From Wikipedia, the free encyclopedia Edward Felten

dit logs, and counters kept by the voting machine, so that Director". Federal Trade Commission. 2010-11-04.

even careful forensic examination of these records will http://ftc.gov/opa/2010/11/cted.shtm. Retrieved

find nothing amiss."[10] 2010-11-04.

[5] Wasserman, Elizabeth (April 26, 2001). "Security

Sequoia voting machine analy- Code-Cracking Professor Pulls ’How-To’ Paper".

The Industry Standard.

sis http://www.thestandard.com/article/

0,1902,24020,00.html. Retrieved 2007-05-07.

In early 2008, New Jersey election officials announced

[6] Oppenheim, Matthew J. (April 9, 2001). "RIAA/SDMI

that they planned to send one or more Sequoia Advan-

Legal Threat Letter". Electronic Frontier

tage voting machines to Ed Felten and Andrew Appel (al-

Foundation. http://www.eff.org/IP/DMCA/

so of Princeton University) for analysis. In March 2008,

Felten_v_RIAA/20010409_riaa_sdmi_letter.html.

Sequoia sent an e-mail to Professor Felten asserting that

Retrieved 2007-05-07.

allowing him to examine Sequoia voting machines would

[7] Greene, Thomas C. (April 23, 2001). "SDMI cracks

violate the license agreement between Sequoia and the

revealed". Security. The Register.

county which bought them, and also that Sequoia would

http://www.theregister.co.uk/2001/04/23/

take legal action "to stop [...] any non-compliant analysis,

sdmi_cracks_revealed/. Retrieved 2007-05-07.

[...] publication of Sequoia software, its behavior, reports

[8] "Final Hearing Transcript, Felten v. RIAA".

regarding same or any other infringement of our intel-

Electronic Frontier Foundation. November 28,

lectual property." [11] This action sparked outrage among

2001. http://www.eff.org/IP/DMCA/

computer technology activists.[12][13]

Felten_v_RIAA/20011128_hearing_transcript.html.

After examining Sequoia’s machines, Felten and Ap-

Retrieved 2007-05-07.

pel indeed discovered grave problems with the accuracy

[9] Edward;

Felten, Edward Alex Halderman (November 15,

of the machines.[14] They also demonstrated that the ma-

2005). "Sony’s Web-Based Uninstaller Opens a Big

chines can be hacked and compromised within min-

Security Hole; Sony to Recall Discs". Freedom to

utes.[15]

Tinker. http://www.freedom-to-tinker.com/

Shortly after that, Sequoia’s corporate Web site was

?p=927. Retrieved 2007-05-07.

hacked. Ironically, the hack was first discovered by Ed

[10] Ariel J. Feldman, J. Alex Halderman, and Edward W.

Felten. Sequoia took its Web site down on 20 March and

Felten (September 13, 2006) (PDF). Security Analysis

removed the "intrusive content."[16]

of the Diebold AccuVote-TS Voting Machine. Princeton

University. http://itpolicy.princeton.edu/voting/

Cold boot attack ts-paper.pdf. Retrieved 2007-05-07.

[11] Ed Felten (2008-03-17). "Interesting e-mail by

In February 2008, Felten and his students were part of the

Sequoia". http://www.freedom-to-tinker.com/

team that discovered the cold boot attack, which allows

?p=1265.

someone with physical access to a computer to bypass

[12] "E-Voting Firm Threatens Ed Felten If He Reviews

operating system protections and extract the contents of

Its E-Voting Machine". Techdirt. 2008-03-18.

its memory.[17]

http://www.techdirt.com/articles/20080317/

185348564.shtml.

Federal Trade Commission [13] Cory Doctorow (2008-03-17). "Sequoia Voting

In November 2010, Felten was named the first Chief Tech- Systems threatens Felten’s Princeton security

nologist of the Federal Trade Commission.[18] He will take research team". BoingBoing.

a one-year leave of absence from Princeton, starting in http://www.boingboing.net/2008/03/17/sequoia-

January.[19] voting-syste.html.

[14] Ed Felten: NJ Election Discrepancies Worse Than

Previously Thought, Contradict Sequoia’s

References Explanation, Freedom To Tinker, April 4th, 2008.

[1] Electronic Frontier Foundation Announces Pioneer [15] Andrew Appel: Security Seals on AVC Advantage

Award Winners EFF, 2005 Voting Machines are Easily Defeated, Freedom To

[2] http://www.ftc.gov/opa/2010/11/cted.shtm Tinker, December 19th, 2008.

[3] Edward.

Felten, Edward "Edward Felten’s Curriculum [16] Dee Chisamera (2008-03-21). "Sequoia Voting

Vitae" (PDF). http://www.cs.princeton.edu/ Systems Admits To Hackers Attacking Their

~felten/FeltenCV.pdf. Retrieved 2008-05-19. Website". eFluxMedia.

[4] "FTC Names Edward W. Felten as Agency’s Chief http://www.efluxmedia.com/

Technologist; Eileen Harrington as Executive news_Sequoia_Voting_Systems_Admits_To_Hackers_Attacking_T

3

From Wikipedia, the free encyclopedia Edward Felten

[17] J. Alex Halderman, Seth D. Schoen, Nadia Heninger, • Felten, et al. v. RIAA case archive (EFF)

William Clarkson, William Paul, Joseph A. • Verance Corporation

Calandrino, Ariel J. Feldman, Jacob Appelbaum, and • Harvard Law School’s collection of documents

Edward W. Felten (2008-02-21). Lest We Remember: relating to Microsoft antitrust lawsuit

Cold Boot Attacks on Encryption Keys. Princeton • Lessons from the Sony CD DRM Episode, by J. Alex

University. http://citp.princeton.edu/memory/. Halderman and Edward W. Felten

Retrieved 2008-02-22. • Video discussion/conversation with Felten and Will

[18] "FTC names Princeton computer security expert as Wilkinson on Bloggingheads.tv

first chief technologist". The Washington Post. Persondata

http://voices.washingtonpost.com/posttech/2010/

Name Felten, Edward William

11/ftc_names_internet_security_an.html.

[19] http://thehill.com/blogs/hillicon-valley/ Alternative names

personnel-notes/127705-princeton-prof-edward- Short description Computer Science, public affairs

felten-named-ftcs-first-chief-technologist Date of birth 1963-03-25

Place of birth United States

External links Date of death

• Edward W. Felten homepage Place of death

• Freedom to Tinker weblog

Retrieved from "http://en.wikipedia.org/w/index.php?title=Edward_Felten&oldid=452678664"

Categories:

• 1963 births

• Living people

• American bloggers

• American computer scientists

• People associated with computer security

• Copyright activists

• California Institute of Technology alumni

• University of Washington alumni

• Princeton University faculty

• Fellows of the Association for Computing Machinery

This page was last modified on 27 September 2011 at 11:33. Text is available under the Creative Commons

Attribution-ShareAlike License; additional terms may apply. See Terms of use for details. Wikipedia® is a registered

trademark of the Wikimedia Foundation, Inc., a non-profit organization.Contact us

Privacy policy About Wikipedia Disclaimers

4