Edward Felten
Encyclopedia
Edward William Felten is a professor of computer science
and public affairs
at Princeton University
. On November 4, 2010 he was named the Chief Technologist for the United States Federal Trade Commission
, a position he officially assumed January 3, 2011.
Felten has done a variety of computer security
research, including groundbreaking work on proof-carrying authentication and work on security related to the Java programming language
, but he is perhaps best known for his paper on the Secure Digital Music Initiative
(SDMI) challenge.
and graduated with a degree in Physics
in 1985. He worked as a staff programmer at Caltech from 1986 to 1989 on a parallel supercomputer project at Caltech. He then enrolled as a graduate student in Computer Science at the University of Washington
. He was awarded an Master of Science
degree in 1991 and a Ph.D in 1993. His Ph.D. thesis was on developing an automated protocol for communication between parallel processors.
In 1993, he joined the faculty of Princeton University
in the Department of Computer Science as an Assistant Professor. He was promoted to Associate Professor in 1999 and to Professor in 2003. In 2006, he joined the Woodrow Wilson School of Public and International Affairs
, but computer science remains his home department. In 2005, he became the Director of the Center for Information and Technology Policy at Princeton
. He has served as a consultant to law firms, corporations, private foundations, and government agencies. His research involves computer security, and technology policy.
He lives in Princeton, New Jersey
with his family. From 2006 to 2010, he was a member of the board of the Electronic Frontier Foundation
(EFF). In 2007, he was inducted as a Fellow of the Association for Computing Machinery
.
In November 2010, he was named Chief Technologist of the Federal Trade Commission
.
, where the software company was charged with committing a variety of antitrust crimes. During the trial, Microsoft's attorneys denied that it was possible to remove the Internet Explorer
web browser from a Windows 98
equipped computer without significantly impairing the operation of Windows.
Citing research he had undertaken with Christian Hicks and Peter Creath, two of his former students, Felten testified that it was possible to remove Internet Explorer functionality from Windows without causing any problems with the operating system. He demonstrated his team's tool in court, showing 19 ways in which it is normally possible to access the web browser from the Windows platform that his team's tool rendered inaccessible.
Microsoft argued that Felten's changes did not truly remove Internet Explorer but only made its functionality inaccessible to the end user by removing icons, shortcuts and the iexplore.exe executable file, and making changes to the system registry. This led to a debate as to what exactly constitutes the "web browser," since much of the core functionality of Internet Explorer is stored in a shared dynamic-link library
, accessible to any program running under Windows.
Microsoft also argued that Felten's tool did not even completely remove web-browsing capability from the system since it was still possible to access the web through other Windows executables besides iexplore.exe, such as the Windows help system.
watermark
technologies that they had devised. In a series of individual challenges, the participants were given a sample audio piece, with one of the watermarks embedded. If the participants sent back the sample with the watermark removed (and with less than an acceptable amount of signal loss, though this condition was not stated by SDMI), they would win that particular challenge.
Felten was an initial participant of the contest. He chose to opt out of confidentiality
agreements that would have made his team eligible for the cash prize. Despite being given very little or no information about the watermarking technologies other than the audio samples and having only three weeks to work with them, Felten and his team managed to modify the files sufficiently that SDMI's automated judging system declared the watermark removed.
SDMI did not accept that Felten had successfully broken the watermark according to the rules of the contest, noting that there was a requirement for files to lose no sound quality. SDMI claimed that the automated judging result was inconclusive as a submission, which simply wiped all the sounds off the file would have successfully removed the watermark but would not meet the quality requirement.
Workshop of 2001 in Pittsburgh
, Felten was threatened with legal action by SDMI, the Recording Industry Association of America
(RIAA), and Verance Corporation, under the terms of the DMCA, on the argument that one of the technologies his team had broken was currently in use in the market. Felten withdrew the presentation from the workshop, reading a brief statement about the threats instead. SDMI and other copyright holders denied that they had ever threatened to sue Felten. However, SDMI appears to have threatened legal action when spokesman Matt Oppenheim
warned Felten in a letter that "any disclosure of information gained from participating in the Public Challenge....could subject you and your research team to actions under the Digital Millennium Copyright Act.".
Felten, with help from the Electronic Frontier Foundation
, sued the groups, requesting a declaratory judgement ruling that their publication of the paper would be legal. The case was dismissed for a lack of standing
.
Felten presented his paper at the USENIX
security conference in 2001. The United States Department of Justice
has offered Felten and other researchers assurances that the DMCA does not threaten their work and stated that the legal threats against them were invalid.
started when security researcher Mark Russinovich
revealed on October 31, 2005 that Sony's Extended Copy Protection
copy protection
software on the CD Get Right with the Man
by Van Zant
contained hidden files that could damage the operating system, install spyware
and make the user's computer vulnerable to attack when the CD was played on a Microsoft Windows-based PC. Sony then released a software patch to remove XCP.
On November 15, 2005, Felten and Alex Halderman showed that Sony's method for removing XCP copy protection software from the computer makes it more vulnerable to attack, as it essentially installed a rootkit
, in the form of an Active X control used by the uninstaller, and left it on the user's machine and set so as to allow any web page visited by the user to execute arbitrary code. Felten and Halderman described the problem in a blog post:
. Their findings claimed, "Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss."
Advantage voting machines to Ed Felten and Andrew Appel
(also of Princeton University) for analysis. In March 2008, Sequoia sent an e-mail to Professor Felten asserting that allowing him to examine Sequoia voting machines would violate the license agreement between Sequoia and the county which bought them, and also that Sequoia would take legal action "to stop [...] any non-compliant analysis, [...] publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."
This action sparked outrage among computer technology activists.
After examining Sequoia's machines, Felten and Appel indeed discovered grave problems with the accuracy of the machines. They also demonstrated that the machines can be hacked and compromised within minutes.
Shortly after that, Sequoia's corporate Web site was hacked. Ironically, the hack was first discovered by Ed Felten. Sequoia took its Web site down on 20 March and removed the "intrusive content."
, which allows someone with physical access to a computer to bypass operating system protections and extract the contents of its memory.
. He will take a one-year leave of absence from Princeton, starting in January.
Computer science
Computer science or computing science is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems...
and public affairs
Public administration
Public Administration houses the implementation of government policy and an academic discipline that studies this implementation and that prepares civil servants for this work. As a "field of inquiry with a diverse scope" its "fundamental goal.....
at Princeton University
Princeton University
Princeton University is a private research university located in Princeton, New Jersey, United States. The school is one of the eight universities of the Ivy League, and is one of the nine Colonial Colleges founded before the American Revolution....
. On November 4, 2010 he was named the Chief Technologist for the United States Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
, a position he officially assumed January 3, 2011.
Felten has done a variety of computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
research, including groundbreaking work on proof-carrying authentication and work on security related to the Java programming language
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
, but he is perhaps best known for his paper on the Secure Digital Music Initiative
Secure Digital Music Initiative
Secure Digital Music Initiative was a forum formed in late 1998, composed of more than 200 IT, consumer electronics, security technology, ISP and recording industry companies, ostensibly with the purpose of developing technology specifications that protected the playing, storing and distributing...
(SDMI) challenge.
Biography
Felten attended the California Institute of TechnologyCalifornia Institute of Technology
The California Institute of Technology is a private research university located in Pasadena, California, United States. Caltech has six academic divisions with strong emphases on science and engineering...
and graduated with a degree in Physics
Physics
Physics is a natural science that involves the study of matter and its motion through spacetime, along with related concepts such as energy and force. More broadly, it is the general analysis of nature, conducted in order to understand how the universe behaves.Physics is one of the oldest academic...
in 1985. He worked as a staff programmer at Caltech from 1986 to 1989 on a parallel supercomputer project at Caltech. He then enrolled as a graduate student in Computer Science at the University of Washington
University of Washington
University of Washington is a public research university, founded in 1861 in Seattle, Washington, United States. The UW is the largest university in the Northwest and the oldest public university on the West Coast. The university has three campuses, with its largest campus in the University...
. He was awarded an Master of Science
Master of Science
A Master of Science is a postgraduate academic master's degree awarded by universities in many countries. The degree is typically studied for in the sciences including the social sciences.-Brazil, Argentina and Uruguay:...
degree in 1991 and a Ph.D in 1993. His Ph.D. thesis was on developing an automated protocol for communication between parallel processors.
In 1993, he joined the faculty of Princeton University
Princeton University
Princeton University is a private research university located in Princeton, New Jersey, United States. The school is one of the eight universities of the Ivy League, and is one of the nine Colonial Colleges founded before the American Revolution....
in the Department of Computer Science as an Assistant Professor. He was promoted to Associate Professor in 1999 and to Professor in 2003. In 2006, he joined the Woodrow Wilson School of Public and International Affairs
Woodrow Wilson School of Public and International Affairs
The Woodrow Wilson School of Public and International Affairs is a professional public policy school at Princeton University. The school has granted undergraduate A.B. degrees since 1930 and graduate degrees since 1948...
, but computer science remains his home department. In 2005, he became the Director of the Center for Information and Technology Policy at Princeton
Princeton University
Princeton University is a private research university located in Princeton, New Jersey, United States. The school is one of the eight universities of the Ivy League, and is one of the nine Colonial Colleges founded before the American Revolution....
. He has served as a consultant to law firms, corporations, private foundations, and government agencies. His research involves computer security, and technology policy.
He lives in Princeton, New Jersey
Princeton, New Jersey
Princeton is a community located in Mercer County, New Jersey, United States. It is best known as the location of Princeton University, which has been sited in the community since 1756...
with his family. From 2006 to 2010, he was a member of the board of the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
(EFF). In 2007, he was inducted as a Fellow of the Association for Computing Machinery
Association for Computing Machinery
The Association for Computing Machinery is a learned society for computing. It was founded in 1947 as the world's first scientific and educational computing society. Its membership is more than 92,000 as of 2009...
.
In November 2010, he was named Chief Technologist of the Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
.
United States v. Microsoft
Felten was a witness for the United States government in United States v. MicrosoftUnited States v. Microsoft
United States v. Microsoft was a set of civil actions filed against Microsoft Corporation pursuant to the Sherman Antitrust Act of 1890 Section 1 and 2 on May 8, 1998 by the United States Department of Justice and 20 U.S. states. Joel I. Klein was the lead prosecutor...
, where the software company was charged with committing a variety of antitrust crimes. During the trial, Microsoft's attorneys denied that it was possible to remove the Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
web browser from a Windows 98
Windows 98
Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...
equipped computer without significantly impairing the operation of Windows.
Citing research he had undertaken with Christian Hicks and Peter Creath, two of his former students, Felten testified that it was possible to remove Internet Explorer functionality from Windows without causing any problems with the operating system. He demonstrated his team's tool in court, showing 19 ways in which it is normally possible to access the web browser from the Windows platform that his team's tool rendered inaccessible.
Microsoft argued that Felten's changes did not truly remove Internet Explorer but only made its functionality inaccessible to the end user by removing icons, shortcuts and the iexplore.exe executable file, and making changes to the system registry. This led to a debate as to what exactly constitutes the "web browser," since much of the core functionality of Internet Explorer is stored in a shared dynamic-link library
Dynamic-link library
Dynamic-link library , or DLL, is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems...
, accessible to any program running under Windows.
Microsoft also argued that Felten's tool did not even completely remove web-browsing capability from the system since it was still possible to access the web through other Windows executables besides iexplore.exe, such as the Windows help system.
The SDMI challenge
As part of a contest in 2000, SDMI (Secure Digital Music Initiative) invited researchers and others to try to break the digital audioDigital audio
Digital audio is sound reproduction using pulse-code modulation and digital signals. Digital audio systems include analog-to-digital conversion , digital-to-analog conversion , digital storage, processing and transmission components...
watermark
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
technologies that they had devised. In a series of individual challenges, the participants were given a sample audio piece, with one of the watermarks embedded. If the participants sent back the sample with the watermark removed (and with less than an acceptable amount of signal loss, though this condition was not stated by SDMI), they would win that particular challenge.
Felten was an initial participant of the contest. He chose to opt out of confidentiality
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
agreements that would have made his team eligible for the cash prize. Despite being given very little or no information about the watermarking technologies other than the audio samples and having only three weeks to work with them, Felten and his team managed to modify the files sufficiently that SDMI's automated judging system declared the watermark removed.
SDMI did not accept that Felten had successfully broken the watermark according to the rules of the contest, noting that there was a requirement for files to lose no sound quality. SDMI claimed that the automated judging result was inconclusive as a submission, which simply wiped all the sounds off the file would have successfully removed the watermark but would not meet the quality requirement.
SDMI lawsuits
Felten's team developed a scientific paper explaining the methods used by his team in defeating the SDMI watermarks. Planning to present the paper at the Fourth International Information HidingInformation hiding
In computer science, information hiding is the principle of segregation of the design decisions in a computer program that are most likely to change, thus protecting other parts of the program from extensive modification if the design decision is changed...
Workshop of 2001 in Pittsburgh
Pittsburgh, Pennsylvania
Pittsburgh is the second-largest city in the US Commonwealth of Pennsylvania and the county seat of Allegheny County. Regionally, it anchors the largest urban area of Appalachia and the Ohio River Valley, and nationally, it is the 22nd-largest urban area in the United States...
, Felten was threatened with legal action by SDMI, the Recording Industry Association of America
Recording Industry Association of America
The Recording Industry Association of America is a trade organization that represents the recording industry distributors in the United States...
(RIAA), and Verance Corporation, under the terms of the DMCA, on the argument that one of the technologies his team had broken was currently in use in the market. Felten withdrew the presentation from the workshop, reading a brief statement about the threats instead. SDMI and other copyright holders denied that they had ever threatened to sue Felten. However, SDMI appears to have threatened legal action when spokesman Matt Oppenheim
Matt Oppenheim
Matthew Jan Oppenheim is the managing partner of Oppenheim + Zebrak, LLP. The firm regularly represents content owners and technology companies, among others....
warned Felten in a letter that "any disclosure of information gained from participating in the Public Challenge....could subject you and your research team to actions under the Digital Millennium Copyright Act.".
Felten, with help from the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
, sued the groups, requesting a declaratory judgement ruling that their publication of the paper would be legal. The case was dismissed for a lack of standing
Standing (law)
In law, standing or locus standi is the term for the ability of a party to demonstrate to the court sufficient connection to and harm from the law or action challenged to support that party's participation in the case...
.
Felten presented his paper at the USENIX
USENIX
-External links:* *...
security conference in 2001. The United States Department of Justice
United States Department of Justice
The United States Department of Justice , is the United States federal executive department responsible for the enforcement of the law and administration of justice, equivalent to the justice or interior ministries of other countries.The Department is led by the Attorney General, who is nominated...
has offered Felten and other researchers assurances that the DMCA does not threaten their work and stated that the legal threats against them were invalid.
Sony rootkit investigation
The 2005 Sony BMG CD copy protection scandal2005 Sony BMG CD copy protection scandal
The Sony BMG CD copy protection rootkit scandal concerns the copy protection measures included by Sony BMG on Compact Discs in 2005. Sony BMG included the Extended Copy Protection and MediaMax CD-3 software on music CDs. XCP was put on 52 titles and MediaMax was put on 50 titles...
started when security researcher Mark Russinovich
Mark Russinovich
Mark E. Russinovich is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.-Early life and education:...
revealed on October 31, 2005 that Sony's Extended Copy Protection
Extended Copy Protection
Extended Copy Protection is a software package developed by the British company First 4 Internet, and sold as a copy protection or digital rights management scheme for Compact Discs...
copy protection
Copy protection
Copy protection, also known as content protection, copy obstruction, copy prevention and copy restriction, refer to techniques used for preventing the reproduction of software, films, music, and other media, usually for copyright reasons.- Terminology :Media corporations have always used the term...
software on the CD Get Right with the Man
Get Right with the Man
-Personnel:Taken from liner notes.*Bekka Bramlett - background vocals*Tom Bukovac - electric guitar*Perry Coleman - background vocals*Eric Darken - percussion*Glen Duncan - fiddle*Kenny Greenberg - electric guitar*Greg Morrow - drums, percussion...
by Van Zant
Van Zant
Van Zant is an American musical duo composed of brothers Donnie Van Zant and Johnny Van Zant. Both are brothers of the late Ronnie Van Zant, former lead singer for the Southern rock band Lynyrd Skynyrd...
contained hidden files that could damage the operating system, install spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
and make the user's computer vulnerable to attack when the CD was played on a Microsoft Windows-based PC. Sony then released a software patch to remove XCP.
On November 15, 2005, Felten and Alex Halderman showed that Sony's method for removing XCP copy protection software from the computer makes it more vulnerable to attack, as it essentially installed a rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
, in the form of an Active X control used by the uninstaller, and left it on the user's machine and set so as to allow any web page visited by the user to execute arbitrary code. Felten and Halderman described the problem in a blog post:
The consequences of the flaw are severe, it allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.
Diebold voting machine analysis
On September 13, 2006, Felten and graduate students Ariel Feldman and Alex Halderman discovered severe security flaws in a Diebold Election Systems (now Premier Election Solutions) voting machineVoting machine
Voting machines are the total combination of mechanical, electromechanical, or electronic equipment , that is used to define ballots; to cast and count votes; to report or display election results; and to maintain and produce any audit trail information...
. Their findings claimed, "Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss."
Sequoia voting machine analysis
In early 2008, New Jersey election officials announced that they planned to send one or more SequoiaSequoia Voting Systems
Sequoia Voting Systems was a California-based company that is one of the largest providers of electronic voting systems in the U.S., having offices in Oakland, Denver and New York City. Some of its major competitors were Premier Election Solutions and Election Systems & Software.It was acquired by...
Advantage voting machines to Ed Felten and Andrew Appel
Andrew Appel
Andrew Wilson Appel is the Eugene Higgins Professor of computer science at Princeton University, New Jersey. He is especially well-known because of his compiler books, the Modern Compiler Implementation in ML series, as well as Compiling With Continuations...
(also of Princeton University) for analysis. In March 2008, Sequoia sent an e-mail to Professor Felten asserting that allowing him to examine Sequoia voting machines would violate the license agreement between Sequoia and the county which bought them, and also that Sequoia would take legal action "to stop [...] any non-compliant analysis, [...] publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."
This action sparked outrage among computer technology activists.
After examining Sequoia's machines, Felten and Appel indeed discovered grave problems with the accuracy of the machines. They also demonstrated that the machines can be hacked and compromised within minutes.
Shortly after that, Sequoia's corporate Web site was hacked. Ironically, the hack was first discovered by Ed Felten. Sequoia took its Web site down on 20 March and removed the "intrusive content."
Cold boot attack
In February 2008, Felten and his students were part of the team that discovered the cold boot attackCold boot attack
In cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
, which allows someone with physical access to a computer to bypass operating system protections and extract the contents of its memory.
Federal Trade Commission
In November 2010, Felten was named the first Chief Technologist of the Federal Trade CommissionFederal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
. He will take a one-year leave of absence from Princeton, starting in January.
External links
- Edward W. Felten homepage
- Freedom to Tinker weblog
- Felten, et al. v. RIAA case archive (EFFElectronic Frontier FoundationThe Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
) - Verance Corporation
- Harvard Law School's collection of documents relating to Microsoft antitrust lawsuit
- Lessons from the Sony CD DRM Episode, by J. Alex Halderman and Edward W. Felten
- Video discussion/conversation with Felten and Will WilkinsonWill WilkinsonWill Wilkinson is a Canadian American libertarian writer. Until August 2010, he was a research fellow at the Cato Institute where he worked on a variety of issues including Social Security reform and, most notably, the policy implications of happiness research. He is currently working on a paper...
on Bloggingheads.tvBloggingheads.tvBloggingheads.tv is a political, world events, philosophy, and science video blog discussion site in which the participants take part in an active back and forth conversation via webcam which is then broadcast online to viewers...