Ed Felten

Emeritus, Robert E. Kahn Professor of Computer Science and Public Affairs and the founding director of CITP

Ed Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs, and the founding director of CITP, has officially retired from Princeton University. Felten transferred to emeritus status on July 1, 2021 after 28 years on the Princeton University faculty of computer science and the Princeton School of Public and International Affairs (SPIA). Felten is currently the co-founder and chief scientist of Offchain Labs, Inc.

Felten founded CITP and led it for 13 years (apart from two federal government posts) before handing off his leadership role. We are thankful for his commitment, forward thinking, and dedication to CITP in leading its mission to study and research the myriad of ways technology interacts with society.

Full bio:

Edward “Ed” Felten grew up in Madison, Wisconsin. His family bought an early model personal computer when those were rare, and he spent much time learning how to program it. He received a bachelor’s degree in physics from Caltech in 1985; along the way, he was an enthusiastic participant in the technical “pranks” for which Caltech is famous—good preparation for his computer security exploits as a tenured professor at Princeton. He stayed at Caltech until 1989, working on the Current Computing Project and publishing papers on high-performance parallel programming with applications in physics and chess. He did his graduate study in computer science at the University of Washington, where his dissertation, “Protocol Compilation: High-Performance Communication for Parallel Programs,” was advised by Ed Lazowska and John Zahorjan. Upon completing his Ph.D. in 1993, he started as an assistant professor of computer science at Princeton.

In his first years at Princeton, Felten worked on parallel computing, operating systems, file-system caching strategies, and computer networks. Then in 1995 two graduate students, Drew Dean and Dan Wallach, came to him with their observation that the then-novel “World Wide Web browser” and the associated Java programming language had many exploitable insecurities. The resulting 1996 paper, “Java Security: From HotJava to Netscape and Beyond” by Dean, Felten, and Wallach launched the remainder of Felten’s career in information security and technology policy, and launched Dean’s and Wallach’s, as well.

Felten’s work from 1995 to 2021 has been characterized by two themes: balancing attack and defense, and balancing technology and policy. Felten and his students have found many creative and unexpected ways that computer systems can be vulnerable to attack: spoofing web browsers with man-in-the-middle attacks, propagating vote-stealing viruses through the removable media of voting machines, freezing laptop memory cards in liquid nitrogen to steal cryptographic keys. But he has worked as much on cyber defense: securing Java programs, logic-based access-control systems, privacy-preserving communication technologies, resistance to denial-of-service attacks, and password management systems.

Some of Felten’s scholarship from 1995 to 2005 resulted in publications describing the insecurity of specific commercial systems. He was a pioneer in “responsible disclosure,” notifying the companies in whose products he found vulnerabilities before going public, but in those days some companies threatened Felten with lawsuits when their oxes were gored. This helped nudge Felten from cybersecurity into technology policy: what should be the legal and societal frameworks not only for security, but also for copyright law and policy, privacy, user interfaces for security, and other policy-related issues.

Felten was the star expert witness for the United States in the big antitrust action U.S. v. Microsoft, in which Microsoft was found to have illegally maintained its operating system monopoly by bundling its browser; and he testified in Universal Studios, Inc. v. Remierdes, a digital copyright law “constitutional case of first impression.” He spent a sabbatical at Stanford Law School thinking about these issues and planning to write a book, but concluded that the twenty-first century called for a blog. Freedom to Tinker was originally his personal tech policy blog but has become Princeton University’s widely known, multi-author, tech policy publication. Felten has been a leading public intellectual of technology policy, interacting in the policy arena while continuing his deeply technical work in cybersecurity and privacy.

In 2006 Felten became jointly appointed in the Department of Computer Science and SPIA. He also founded Princeton’s Center for Information Technology Policy and led it for thirteen years before handing off its leadership to other faculty; it is still thriving. In 2013 he was elected to the National Academy of Engineering. His thirteen Ph.D. advisees have gone on to pursue careers in academia at Rice University, the University of Texas at Austin, the University of Michigan, and the University of Chicago; others are computer scientists at the Federal Trade Commission (FTC), Institute for Defense Analyses (IDA), and Google, among other companies; they are also founders of tech policy consultancies.

Felten served as Deputy U.S. Chief Technology Officer in the Obama White House; he loved every day that they did something to make peoples’ lives easier or safer. He has also consulted for the FTC and the other federal agencies, and served on the advisory boards or boards of directors of a dozen nonprofits and corporations. After transferring to emeritus status, he will continue his work as a member of the U.S. Privacy and Civil Liberties Oversight Board and run his blockchain start-up company, Offchain Labs.