Government Critic Gets White House RolePrinceton Professor Ed Felten Is New Federal Deputy CTO
Ed Felten, the new federal deputy chief technology officer, hasn't been shy about criticizing the federal government, whether it's about the National Security Agency undermining encryption standards, the FBI not being entirely transparent on malware warnings or the credentials of the president's top cybersecurity adviser.
The White House announced earlier this week that in his new role, Felten, now a computer science and public affairs professor at Princeton University, will work out of the White House Office of Science and Technology Policy. Felten, who is founder and director at Princeton's Center for Information Technology Policy, will take a leave of absence from the university beginning June 1.
"It will be good if he's able to get those opinions heard inside," says Gene Spafford, a cybersecurity expert from Purdue University. "He won't be able to speak freely about them outside while he's in the Office of Science and Technology Policy, however, so we'll lose that voice."
And, it's been quite a voice.
Sees NSA Undermining Encryption Standards
Felten - who contributes to Freedom to Tinker, a blog focused on digital technologies in public life - took aim at the NSA for circumventing encryption (see Report: NSA Circumvented Encryption). "In security, the worst case - the thing you most want to avoid - is thinking you are secure when you're not," Felten wrote in a 2013 blog. "And that's exactly what the NSA seems to be trying to perpetuate."
Later, he added: "So the problem is not (only) that we're unsafe. It's that 'the NSA wants to keep it that way.' The NSA wants to make sure we remain vulnerable. ... The worst news of all, in my view, is that the NSA has taken active steps to undermine public encryption standards."
In another blog, Felten took on the FBI after issuing a warning to American businesses about foreign-based malware attacks following the cyber-attack on Sony Pictures Entertainment. "My question is this: Why didn't they inform the public?" A great many vulnerable computers exist outside of companies, and those computers need to be protected. And yet some people in government treat public discussion of security risks as being harmful in itself. ... Why limit it to 'private industry?' Why not inform everyone who needs to know?"
His blog went on to say: "The secrecy is probably designed to protect somebody from embarrassment. If that somebody is Sony, it's not working - the Sony attack is well known at this point. Perhaps the goal is to keep from embarrassing somebody in the government. One effect of the secrecy is to make it harder for citizens to hold the government accountable for the consequences of its cybersecurity policy."
Sharing His Opinions
Felten, a former Federal Trade Commission CTO, also is the IT security expert who started a brouhaha on social media over the qualifications of Michael Daniel to be White House cybersecurity coordinator and special assistant to the president, based on comments Daniel made in an interview he had with me in which he said he sees his lack of technical expertise in IT security as an asset (see Michael Daniel's Path to the White House).
Listen to Daniel's quote in full.
"Being too down in the weeds at the technical level could actually be a little bit of a distraction," Daniel said. "You can get enamored with the very detailed aspects of some of the technical solutions. And, particularly here at the White House ... the real issue is to look at the broad, strategic picture and the impact that technology will have."
Initially, Felten didn't overtly criticize Daniel; he just echoed the cybersecurity coordinator's words, which was retweeted 334 times.
White House cybersecurity czar "sees his lack of technical expertise in IT security as an asset in his job". http://t.co/P6GUTuUP38ï¿½ Ed Felten (@EdFelten) August 21, 2014
Later, though, he added some perspective to his observation on Daniel's qualifications:
Imagine reaction if WH economic advisor bragged about lack of econ knowledge, or Atty General bragged abt lack of legal expertise.ï¿½ Ed Felten (@EdFelten) August 21, 2014
(I understand Felten's point, but don't agree with his analogy of an attorney general lacking legal expertise as being the same as a cybersecurity coordinator without IT tech know-how, as I explained in a blog titled In Defense of Michael Daniel.)
Felten's work at the White House will not directly deal with IT security, but focus on how technology, including information technology, can more easily be employed to better serve citizens. Of course, any use of technology should address security and privacy vulnerabilities.
And unlike another federal deputy CTO, Alexander Macgillivray, who has a law degree, Felten brings knowledge of IT, information security and privacy, which should prove to be an asset to the government.
"We need more engineers and scientists involved in [government] information policy, and not just lawyers," says Peter Swire, a Georgia Tech law professor and former chief counselor for privacy in the White House Office of Management and Budget. "Ed is a leading example of the new breed of technologists with great policy skills."
Spafford, who has known Felten since he was a young assistant professor, says the smart, dedicated and energetic new deputy CTO will be good for America "if the bureaucracy doesn't wear him down too much."