Securing the Internet: Edward Felten -- White hat guerrillas
Patrolling the edges, rethinking the core, Princeton researchers envision a more secure Internet
When it comes to research, Princeton computer scientist Edward Felten takes a different approach from Peterson and Lee, not just in his vision but in the execution of his vision.
Clean-slate efforts may require buy-in from many different players, cost hundreds of millions of dollars, and take years to implement. Felten, a professor of computer science, and his nimble band of graduate students specialize in projects with short time horizons—say, nine months. Much of their high-impact work can be performed on an ordinary personal computer.
Peterson, Lee and Felten all can be thought of as contemplative, big-picture generals in the campaign to make the Internet a safer place. But while Lee and Peterson work to harden the core technological armamentarium, Felten is dispatching white-hat guerilla graduate students to the frontlines, where they prod for specific vulnerabilities—and then forge new software to fortify chinks in the ramparts.
Felten’s graduate student Bill Zeller, for example, recently demonstrated the vulnerability of several high-profile Internet sites, including one of the nation’s biggest newspapers and one of the world’s largest online banks. Zeller hacked into the online bank account of a fellow student (the student had given Zeller permission to try) and stole $100 out of the student’s account. Zeller and Felten are preparing a paper on their research, but have privately told the companies about the vulnerability and supplied them with a software fix to the problem. A year ago, Felten and his students famously hacked an electronic voting machine drawing worldwide coverage by most major news outlets while they advocated new ways to make the system safer.
“People like to write about the problem-finding that we do because it is dramatic, but that is only part of my work,” said Felten, who was recently appointed as a member of the Center for Strategic and International Studies’ Commission on Cyber Security for the 44th Presidency. “We work equally hard at finding solutions.”
Last year Felten appeared several times on Capitol Hill, testifying about voting security before the House Administration Subcommittee on Elections and briefing the Senate Science and Technology Caucus on botnets, invisible robots that can stealthily turn a seemingly innocent PC into a malicious zombie. Felten’s blog, www.freedom-to-tinker.com, is considered must-reading by many journalists and thought leaders.
Named recently by a consortium of technology magazines as one of the most 100 influential people in the field of information technology, Felten believes that many important problems with the Internet have less to do with the technology itself than with the way in which people use it. He points out that hardware solutions can only partially protect against denial-of-service-attacks like the one last spring when hackers caused thousands of computers around the world to send messages that overwhelmed websites in Estonia and temporarily crippled the government.
Felten shares—in spades—Lee’s view that Internet security is not merely a technological question. But he does not share Lee and Peterson’s optimism that trust features built into hardware or networks can protect against the myriad dangers lurking in cyberspace. “A lot of the problems and issues have to do with interactions between users and computers—it’s the human interface that is problematic,” said Felten. “I’m skeptical about what you can do at the core of the technology.”