“Let’s take a survey around the room,” says Jacob Appelbaum, a notorious hacktivist the National Security Agency is definitely monitoring, as we sit on the floor beneath a low-slung canopy illuminated by red strobe lighting. “Charles over here wrote basically every single base station for free cell-phone software in existence. Dorian is, well, just look at the mustache.” It’s a handlebar waxed at its ends into antennae. “That thing is a story in itself. He does a whole bunch of cryptic stuff in France. I just don’t even know what to say about him. I don’t want to get him in trouble.” He and Dorian both cackle. Appelbaum continues. “This guy works for Laura Poitras on leaking the Snowden documents. Her? She’s a kickboxer, and she can murder you. Write a nice article. She’s actually one of the world’s leading lawyers on digital privacy. Nadia over there is one of the most badass cryptographers ever. Everybody around the table might look counterculture, but they’re amazing people in their field in every way.
“And then,” he says, finishing the next thought with a wordless, bemused nod toward Alex Halderman. At two a.m. in Hamburg, on the last night of one of the world’s biggest hacker conventions, when everyone else is doing shots of fancy European spirits, Halderman is sipping tea and sitting cross-legged but ramrod straight in khakis and an immaculately pressed navy button-down. “And then there’s Alex. He loves oxford shirts. That’s his only sin.”
That probably depends on whom you ask. A couple of days earlier, Halderman and computer scientist Nadia Heninger stood on a stage before more than a thousand of Edward Snowden, Julian Assange and Chelsea Manning’s most ardent admirers at the Chaos Computer Club’s 32nd gathering to explain precisely how to defeat hacking capabilities that cost the NSA more than $100 million to develop. It is a groundbreaking lecture, occasionally as stultifyingly technical as you’d expect from computer scientists like Halderman, of the University of Michigan, and Heninger, of the University of Pennsylvania. But after a long discussion of algorithms and core years and safe prime numbers and something known as the Diffie-Hellman key exchange, Halderman sums up the method of stumping the NSA: “It’s not exactly free, but it’s inexpensive. It costs a little money, but at least a large government adversary has to spend a lot of time targeting you individually—at least a year, perhaps—and they can’t just have your stuff for free.”
This, you might expect, makes Halderman largely unpopular within said “large government adversary.” And indeed, the NSA, were it willing to talk about him, which it is not, is unlikely to be enamored of Halderman and his mission to render useless the most costly and sophisticated spying technology ever deployed by the United States or any other snooper with a budget for nine-figure toys. That sort of thing is why Appelbaum, a California native who lives in self-imposed exile in the Netherlands, calls Halderman “one of the top computer security researchers in the world” and his work “super fucking important and really good.” (In May, Appelbaum resigned from the Tor Project amid accusations of sexual misconduct against several women at or associated with the digital-security organization. He denies the allegations.)
In less than 48 hours, Halderman and a team of grad students were able to alter votes. Nobody detected the attacks.
But Halderman is not just a hero in this world of cyber-anarchists and online paranoiacs. His expertise transcends partisanship. Approximately three weeks after the Hamburg convention, Halderman is running an all-day meeting in his Ann Arbor conference room with key figures from academia, Silicon Valley and the U.S. State Department. Their mission is to decide how to use a $2 million grant—from the same “large government adversary” whose fanciest espionage toys he has just disemboweled—to develop a device that by the end of the decade could end the ability of foreign governments, including China, to block its citizens from any part of the internet. The contraption, nicknamed TapDance and capable of what is referred to as “decoy routing,” is “the most promising of all the anti-censorship programs going on,” says Steve Schultze, a program officer working on the State Department’s mission to spread internet freedom. “It’s the best thing we have.”
Halderman, for his part, doesn’t see why being a valued member of such discordant groups is surprising. He glides comfortably and almost annoyingly cheerfully between worlds, choosing to see the best intentions of everyone—even the NSA—in a culture otherwise marked by suspicion and distrust. “The world is a dangerous place, and there are people who really do want to do us harm if they have the opportunity,” Halderman tells me, reciting a message his late grandfather, a CIA spy, used to tell him in defense of invasive actions by the U.S. government that the likes of Appelbaum and Snowden find irredeemable. “While I think that perspective is true, I think it’s also true that the world is one in which living and making policy in perpetual fear of such potential harm also puts us all at risk. My goal is to use technology to make the world safer, more secure and more free.”
It is, to him, as simple as that, but that clarity of purpose and good-natured earnestness are as rare as the frighteningly huge record of technological achievement Halderman, at 35, has already assembled. If all he ever did was figure out how to defeat NSA cyber-espionage and build a device to allow the most oppressed people on the planet to have open access to the internet, that might itself be a career. Yet Halderman’s output from his perch as a tenured professor includes findings that have stopped governments around the world from using voting machines that can easily be gamed, alerting Homeland Security that full-body scanners in common use at airports can be effortlessly duped, developing a now widely used method of querying every IP address in the world in minutes, stopping major media companies from installing illicit software on home computers, and persuading China to abandon its efforts to require that all computer users load a piece of surveillance software by demonstrating how vulnerable that made every PC in the country to hack attack.
“It’s an extraordinary level of productivity for an academic in any field, which is not to say there aren’t some other brilliant, prolific, topically varied computer scientists out there,” says David Robinson, a dorm neighbor of Halderman’s at Princeton and now co-principal of a Washington, D.C.–based tech consultancy that advises a range of policy makers, including ones in the Obama administration. “This isn’t normal. But then again, he’s a major computer science talent who plays really well with others, and that isn’t normal either.”
It helps that Halderman is a peculiarly elegant man. This thought had occurred to me before, particularly in Hamburg when he tied his shoes from a standing position without bending his knees. (Try it; it’s not easy.) It seems as effortless as his perfectly kept nails, the perpetual absence of even a hint of facial hair, his thin, Plastic Man–esque limbs with which he wraps himself in tight knots as though unable to control his balletic bearing, the simple wire-frame glasses, the puffy dishwater hair, the button-down shirts and khakis always impossibly wrinkle-free even after hours of sitting on grimy floors in hacker-counterculture dens.
When I ask Halderman about his very proper appearance and demeanor, he says, “Well, I’m a professor. I think I ought to play the part.” Except plenty of other professors from impressive universities are in Hamburg this week, and they’re wearing geek-chic political T-shirts that show off their tattoos as they brag about their place on the no-fly list and how assiduously the NSA tracks their text messages. That Halderman believes he owes it to the world to look and act like the thing he actually is and loves being strikes me as brave and confident. And the fact that all these self-described ruffians love and admire him as he is lends them some credibility too.
After analyzing his unusual physical traits and social status, I realize that Halderman is the embodiment of his vision for technology and the solutions he seeks: simple, respectful, friendly, kind, clean, orderly, uncluttered, helpful, honest.
Early one steamy predawn morning in August 2010 in Hyderabad, India, a heavyset, ruddy-faced security researcher named Hari Prasad was roused from his bed by a team of police officers, shoved into a car in front of his children and driven 14 hours to Mumbai. For the next week, Prasad was held without bail while refusing to reveal just how he had obtained one of the country’s electronic voting machines. He was allowed to use his cell phone during the cross-country ride—he theorizes the government hoped he would call his sources—which is how he spoke to Halderman. “Alex,” Prasad told the professor, who recorded the call and posted parts of it on YouTube, “I have been arrested.”
A few months earlier, Halderman, Prasad and the Dutch hacktivist Rop Gonggrijp had used the electronic voting machine, or EVM, to show the world how easy it would be to steal an election by manipulating devices that Indian authorities had proclaimed variously as “perfect,” “fully secure,” “tamperproof” and “infallible.” The EVMs had become a symbol of pride and modernity in the subcontinent; local headlines in 2009 trumpeted the fact that then U.S. Secretary of State Hillary Clinton told a Filipino media outlet how “impressed” she was by what India was doing. Yet the Election Commission reportedly refused to release footage of a taped EVM security inspection that Prasad had conducted in September 2009. Instead, an inside source gave an EVM to Prasad just in time for Halderman and Gonggrijp’s visit to Hyderabad in February 2010, and by that April they had posted a six-minute YouTube video demonstrating how vote totals could be changed using Bluetooth, a custom-made machine attachment dubbed Clippy and a phone app mockingly called Fraudster.
Prasad’s detainment became a cause célèbre in the Indian media thanks largely to Halderman’s hasty posting of both the news and audio clips of his conversations with Prasad on Freedom to Tinker, the blog he co-founded with his mentor, Princeton professor Ed Felten. “It was a moment when I just knew immediately it was going to be up to me to do something,” Halderman recalls. “I was sure if people knew what was going on, if we had transparency as to what police were doing, whatever political machinery was making trouble for him was doing, that was the best hope to get him out of this terrible predicament.”
He was right. Prasad’s arrest drew more attention to the machines’ flaws than the publication of the research did—and turned public opinion by portraying Indian elections officials as suspiciously heavy-handed against, of all people, scientists. The judge who granted Prasad’s eventual bail wrote that “if the machine was possessed by the accused for demonstrating only that it could be tampered with, then the accused committed no offense. On the contrary, he has done a great service to the democracy.”
Several months later, when Halderman and Gonggrijp returned to India to appear at an election-technology symposium, they were detained at the Delhi airport. Their passports sparked an angry, red-lettered warning: “Deny entry to India and notify originator.” This time, it was Prasad at the receiving end of the SOS call, but he now had contacts in the government who could help. He told Halderman to do everything he could to delay being put back on the plane.
It’s not only that democracy can be circumvented but that technology, the thing he loves, could turn out to be the agent.
By dawn, Halderman was cleared to enter, but the Indian episodes shook, exhilarated and shaped him. The notion that a democratic government would persecute researchers for pointing out something so threatening to the basic premise of society was infuriating—and showed just how dangerous and important his work could be. “I was always confident before that as long as we were correct about the technical matters, we would ultimately be successful in producing positive change,” he says. “But this interplay of politics and research results in technology was a much more complicated game than either the technology or the politics alone. The stakes just kept getting higher and higher as we went along.”
That is how I first became aware of Halderman: After Superstorm Sandy demolished the Eastern seaboard a few days before the 2012 general election, the state of New Jersey made the unprecedented decision to allow displaced residents to vote via e-mail. As a senior writer at Politico covering technology and politics, I thought this was batshit crazy. I’m no coder or hacker, and I even occasionally use an AOL address, but this idea seemed fraught with potential mischief. I expected the technology community to calm me down, to tell me it could work. Instead, the same whizzes who boasted that technology could accomplish anything were screaming to any journalist who would listen—and there were precious few that week—that not only was e-mail voting a terrible idea, but internet voting would probably never be possible. (It’s not clear whether the New Jersey election results were counted properly. Some local races that turned on a few votes could have been swayed, but no losers filed complaints or lawsuits. Unsurprisingly, Governor Chris Christie’s administration insists it was a good solution.)
The leader of this alarmist contingent was Halderman. I presented him with the standard line I’d been hearing: If we can bank online, isn’t it inevitable that one day we’ll be able to vote that way too? “No, I don’t think it’s inevitable,” he replied. “I think we’re having an evolving conversation about that. On the one hand, people look at the progress of technology and see this as something that makes sense. It would be great to have. But on the other hand, we look at how close margins of elections are; we hear every week in the paper about some new cyberattack. I think there are countervailing forces. Whether security progresses in a way that makes online voting safe and private as well as convenient for people is an open question. What I think is inevitable is, if we do online voting on a large scale with the kind of technology we have today, there will be an attack that will disrupt a large-scale election. That might be inevitable.”
Halderman got his first taste of the election-technology stakes domestically. As a graduate student at Princeton under Felten—who is now the White House deputy chief technology officer—Halderman began to focus on whether the most widely used electronic voting machines in America were vulnerable. After Florida’s 2000 election debacle showed that the nation’s leadership could hang by tiny bits of paper known as chads, Congress approved more than $3 billion in assistance to help states modernize elections and voting practices. The result was the purchase of thousands of machines, most notably from a company called Diebold, that were deployed with no rigorous external security checks. Felten’s team was eager to examine an actual machine, and one day in 2006 an insider offered to get them one.
Halderman, then 25, was sent to pick up the contraband device, and in an alley behind a New York City hotel, a man in a trench coat slipped it to him. Halderman, Felten and another graduate student then spent weeks—in a room not on the blueprints of the building in which it was housed—attempting several hacks. In September 2006, the team posted a YouTube video that showed how the machines could be hijacked. “We will now show how to steal votes in a simulated election,” Halderman narrates evenly before unspooling a mock election in which Benedict Arnold beats George Washington for the presidency despite the voters’ clear choice of the American Cincinnatus. Further demonstrating how akin to ordinary personal computers voting machines were, Halderman and a grad student later repurposed one made by a different company as a Pac-Man device. It is still available for play in the lobby of Felten’s Princeton building.
Diebold blasted the 2006 study and insisted the Princeton trio had used technology that had since been upgraded. Yet by the following summer, after an intensive security review, California decertified its Diebold machines. As the then secretary of state explained, they were “too flawed to be widely used.”
The apotheosis of the Halderman approach came in the fall of 2010 when Washington, D.C. was preparing to deploy the nation’s first internet voting system for municipal primaries. The city invited the public to try out the system in a mock election, which Halderman saw as “a fantastic opportunity to test out attacks in a live system but not an actual election.” In less than 48 hours, he and a team of his University of Michigan grad students were able to alter votes. Nobody in the city government detected the attacks until trial voters complained about the weird music playing on the thank you for voting page. The students had set the system to play the Michigan fight song.
D.C. officials promptly canceled the online system and never returned to it, but Halderman’s office at UM has one delicious memento of that endeavor. In addition to infiltrating the voting system, his team was also able to hack into the security cameras observing the servers. Taped to one of Halderman’s bookcases is a screen shot showing a D.C. election worker, unaware he is being observed, picking his nose.
Alex Halderman could easily have been a child prodigy, and the fact that he wasn’t may explain something important about his peripatetic interests. Like many geniuses, he was taking apart and reassembling household electronics—the toaster, the VCR, the computer—at a young age and showed an instinctive fascination with and aptitude for devices. His father, a corporate lawyer, and his mother, a housewife and avid birder, indulged these efforts at their home in bucolic Bucks County, Pennsylvania but never pushed him to move faster through school or to abbreviate his childhood as many parents of gifted kids do. Instead, they took Halderman and his younger sister, now a mixed-media artist, for hikes on a 50-acre expanse of meadow, streams and woods or on frequent excursions to New York, about 80 miles away, to see opera.
Halderman emerged from his childhood with a broad range of interests not often seen in technologists. He regularly opens speaking engagements by showing portraits painted by his great-grandfather Maksimilijan “Maxo” Vanka, a prominent Croatian-born artist. Halderman never met Vanka, whose oblong face and slender, aquiline nose can be seen in his own features, but Halderman traces his philosophy to Vanka’s efforts to fight fascism, war and inequality through his work. “The one thing my great-grandfather was said to say all the time was to look, to look at the world, to look at what you see and think about it, and that’s what I try to do as well,” Halderman says. “This is at the core of computer security.”
Halderman’s greatest influence was Felten, whose own varied interests showed Halderman and his classmates how broad their scientific inquiry could be. (Felten did not reply to several requests for an interview and told Halderman he wasn’t comfortable talking to the press given his role at the White House.) It wasn’t long after Halderman began under Felten’s aegis that he started to make trouble. In his first semester as a grad student, Halderman figured out how the latest coding on Sony BMG’s music CDs worked to prevent piracy, the first of his many moments of inspiration and massive publicity. In a paper he and Felten later published, Halderman explains that the discs, without the user’s permission, implanted a program that blocked the CD drive from communicating with the CD-burning software. This could be defeated by disabling Windows’ auto-run feature, and the easiest way to do that was to hold down the shift key while loading the CD.
The result was heady stuff—the music industry felt betrayed by the security company, whose slogan, “light years beyond encryption,” was instantly comical. Halderman and Felten were threatened with lawsuits, and the internet lit up with mockery that the music business had an antipiracy system so easy to defeat. After witnessing how his research generated tangible results in the real world, Halderman’s interests moved toward other questions he believed had human impact. The topics he chose are, he says, “the part of computer science that most bridges from technology to people. It’s all about the actions, the capabilities, the motivations, the intentions of people, whether it’s the users or the people who build systems. It’s mediated by technology, but it’s really more about the human beings who experience that technology.”
David Robinson, who witnessed Halderman’s coming-of-age as a technologist, sees something more profound—a sense that it is the duty of ethical computer scientists to guard against technology’s darker potential. “The word that is at the center of Alex’s philosophy is power and how it’s shared,” Robinson says. “The idea of a voting system that allows someone to steal an election from the public—that’s a horrifying possibility. It’s not only that democracy can be circumvented but that technology, computers, the things he loves and works on, could turn out to be the agent for that kind of disaster.”
One day in 2011, Halderman stood at the whiteboard in a UM lecture hall, fielding questions from freshman engineering students. Someone asked about an approach to circumventing censorship, and Halderman was in the process of explaining its flaws when an idea popped into his head. The class, he says, didn’t notice the few seconds that he stopped and stared, but at that moment the groundbreaking concept of decoy routing—which the State Department’s Schultze says could be a “generational jump forward” in efforts to defeat state-sponsored censorship—coalesced in his brain.
It’s still to some extent just a concept, but no less than U.S. ambassador to the United Nations Samantha Power believes it is so revolutionary that she brought Halderman to New York to describe it at the Internet Freedom Technology Showcase held alongside the U.N. General Assembly last September. Simply put, Halderman’s team hopes to develop a small box that would attach to the world’s most heavily trafficked internet infrastructure, the backbone servers that virtually no web data can avoid passing through. Computer users would employ software able to detect when governments such as China attempt to block online requests, and the software would reroute the request through the decoy router so it would appear innocuous to government censors. To circumvent a decoy router, the censoring country would have to basically shut down most, if not all, of the internet—an untenable option that would severely damage the country’s economy.
Although Halderman calls the instance of clarity that led him to this notion a “eureka moment,” it’s not quite as magical as it sounds. “It’s not something that happens in isolation,” he says. “But when it happens, when the pieces snap together, it’s not a systematic deduction. You set up for it and then—aha! When you’re working on hard problems, it’s not often that you get beautiful solutions.”
Hours before Halderman and Heninger are to give their address on the NSA in Hamburg, I watch them prepare in the Airbnb they’ve rented for the week. They’ve been not just longtime colleagues but in an on-and-off relationship for years, and her cryptography skills were critical in answering one of the key questions to emerge from the Snowden documents: How had the NSA managed to break so much encryption that the cryptography world had believed to be virtually unbreakable?
Other than the fact that they’re getting ready for a lecture, they behave the way young geeks in love do when they don’t see one another often—stretched out side-by-side on a couch with shoulders and legs touching, faces glowing from their respective laptops, occasionally draping an arm or a foot on the other casually. She’s a small, dead-serious woman with a crown of braids and an aversion to being watched by a journalist, and we never speak on the record for an interview about Halderman.
She’s also a bit more hardcore and less sunny than Halderman, having been subpoenaed by a Virginia grand jury in 2011 to testify about thousands of diplomatic cables leaked by Chelsea Manning. While both clearly believe Snowden’s revelations about the U.S. government’s capabilities and reach are critically important and a net positive for the world, Heninger has been far more outspoken—a fact reflected in a particular debate they have while prepping for their talk.
“We should emphasize that if the NSA can do this stuff, other people probably can too,” he mutters to her. “Not all of them are on our side.”
“We’re currently in Germany,” she answers tartly, “so it’s unclear if the NSA is on the side of the people of Germany.”
“That’s right,” he says. “But there’s no reason to rush to be overly judgmental.”
“From the perspective of the people here, the NSA is an adversary,” she says.
This effort to remain even-keeled may be Halderman’s defining trait, the superpower that grants him access to so many diverse worlds. He tries to be respectful of the NSA—he has former students working there and has invited agents to address his classes—but, as Robinson says, “if you were able to interview people in Fort Meade, when you mention Alex’s name, this research is the primary thing they’re going to be thinking about. The evidence is pretty strong that they spent many, many, many millions of dollars building equipment and potentially specialized chips just to do this one thing that now, because Alex has pointed out this thing is possible, is just not going to work anymore, because people are not going to use that cipher. That will hurt at some level.”
Halderman is nonplussed. The NSA should expect “natural opposition,” he says. “I would hope from their point of view this is a loss but not a threat. On the defensive side, that’s a gain, because it’s not necessarily just the U.S. intelligence agencies that can do this, and the U.S. intelligence agencies aren’t necessarily on your side if you’re, say, a European or any other non-American; then it’s not your government. In terms of the security of the internet and of humanity, we’re talking about a gain. I think it’s a tactical loss for the NSA, but it’s a long-term gain for our security of the internet.”
Halderman’s reaction to another presentation in Hamburg, this time from his old friend Rop Gonggrijp, is illustrative. One graphic Gonggrijp displays indicates that in coming years the world will devolve from one that embraces “liberty, democracy and civilization” to one with none of those attributes. It’s a variation on a theme that not just Gonggrijp but many others present in various forms over the course of the week.
As Appelbaum and others listen, Halderman offers his counterview: “I have some more inherent optimism. I just don’t get the sense that society is about to fall. Society doesn’t fall, because people solve the big problems and because people learn what it takes to fix them. So if the problem is surveillance, then, yeah, you need technological changes as well as legal and political changes to make sure that surveillance does not devolve into an Orwellian dystopia. But I don’t have quite as pessimistic a sense of the future of the world as these guys do.”