Peter G. Neumann, who warned about the dangers of computer security, has died at the age of 93
In November 1952, Harvard sophomore Peter G. Neumann had a two-hour breakfast with Albert Einstein in which they discussed the physicist’s philosophy that “Everything should be as simple as possible, but not simpler.”
For Dr. Einstein’s aphorism led Neumann, who would become one of the nation’s leading computer security researchers, to a lifelong love affair with the beauty and danger of complexity.
Dr. Neumann died Sunday in Santa Clara, California. His death at the hospital was caused by complications from a recent fall, said his daughter, Helen Neumann.
He was 93 and still working full-time on an advanced Pentagon-backed computer security design being adopted by companies like Google and Microsoft.
Since 1971, Dr. Neumann (pronounced NOY-man) as a computer scientist and security researcher at the company International SRI in Menlo Park, California, and has long been a voice in the wilderness warning against a computer industry prone to making the same mistakes over and over again.
In 2010, he started a research project to investigate how to protect against the most common types of security vulnerabilities. The program, known as Cheri, funded by the Defense Advanced Research Projects Agency, or DARPA, has developed a new approach to computer hardware that restricts software programs so that malicious instructions cannot be executed.
An analogy would be to replace the master key that opens every door in a building with a set of keys that each open only certain rooms that the holder is authorized to enter—and make it physically impossible to copy or modify those keys.
Recently an industry organization known as CHERI Alliance began commercializing the design for consumer products and industrial applications.
“Peter Neumann is both one of the last of the old guard and a pointer to the future,” said Whitfield Diffie, a mathematician and cryptographer who is the inventor of public-key cryptography. “He describes himself as having a 70-year career in computer science, starting with his graduation from Harvard, and has always advocated starting with hardware designed to support security.”
Starting in 1985, Dr. Neumann as editor of the magazine Association for Computing Machinery Risk Forum newsgroup, an influential collection of e-mails from readers reporting computer crashes and weaknesses that has hundreds of thousands of fans.
He maintained an extensive record of computer failures, flaws, weaknesses, and privacy issues, commenting on each of the 3,195 issues with tongue-in-cheek commentary and the occasional pun. In 1995, the list became the basis for a book, “Computer Related Risks.”
In the 1990s, Dr. Neumann as a key researcher on a DARPA-funded research project to develop new ways to detect intruders in large computer networks. The project, known as Emerald, did not lead to a successful commercial spin-off, but SRI won several lawsuits against Silicon Valley companies for using the technology without a license.
Despite his influence in the world of computer security, Dr. Neumann kept a low profile.
“There’s no limit to the impact a small team can have if they don’t care who gets the credit,” said Patrick Lincoln, director of DARPA’s Office of Information Innovation, who described Dr. Neumann as a regular behind-the-scenes worker without credit. “The world is a much better place for having Peter.”
Dr. Neumann has been a frequent critic of industry’s lax attitudes toward computer security and individual digital privacy.
“I’m fundamentally optimistic about what we can do with research,” he said. “I’m fundamentally pessimistic about what companies do that are fundamentally beholden to their shareholders because they’re always working on a short-term view.”
Peter Gabriel Neumann was born on September 21, 1932 in Manhattan. His father, Israel Ber Neumann, was a well-known art dealer in Germany who, after moving to the United States in 1923, opened the New Art Circle gallery in New York. His mother, Elsa Schmid Neumann, was a mosaic artist who was commissioned to create the colorful portrait of Einstein, displayed for many years in the main library of Boston University. They struck up a friendship and she was able to arrange a two-hour breakfast with her son.
Peter grew up in the Greenwich Village neighborhood of Manhattan before his family moved to Rye, NY where he attended high school.
He enrolled at Harvard in 1950 and took his first computer job one summer during college, which involved programming an IBM punch-hole calculator for the US Naval Ordnance Laboratory. In his senior year, he became one of the first computer hackers. (The term originally referred to those who were fascinated by computers, rather than those who hacked into computer networks.)
At Harvard, he was also one of the first programmers to have independent access to his own “personal” computer—at least on the weekend. The computer, known as the Mark IV, was among the world’s first stored-program computers. After gaining the trust of his designer Howard Aiken in 1954, Peter took charge of the machine every Friday at 5pm.
With another student, Fredrick P. Brooks Jr., who became an IBM computer designer, he wrote a paper on using the Mark IV to compose music.
After spending two years in Germany on a Fulbright scholarship, he received his Ph.D. in mathematics from Harvard and joined Bell Laboratories in 1960. He spent ten years there and became a key developer Multics operating systeman early Pentagon-funded project that was the first systematic attempt at how to securely share computing resources among many users.
Multics, or Multiplexed Information and Computing Service, was developed in collaboration with researchers at the Massachusetts Institute of Technology, Bell Laboratories, and Honeywell Corporation beginning in the mid-1960s. The project pioneered concepts that became the basis of modern computing.
Dr. Neumann maintained a lifelong passion for music, playing a variety of instruments, including bassoon, French horn, trombone, and piano, in a number of musical groups. He often led his colleagues in Gilbert and Sullivan songs at computer conferences.
In December 2024, he anonymously donated $4 million to the San Francisco Symphony to save their choir, his daughter Helen said.
She is his only survivor. The first marriage of Dr. Neumann and Anne Ferris Rittershofer ended in divorce. His second wife, Elizabeth Susan Neumann, died in 2020. He was also preceded in death by two sons, John and Christopher.
Dr. Neumann had held the same office at SRI International since he began working there in 1971 as a computer researcher. Until the building was retrofitted to be earthquake-proof, his office was notorious for tall stacks of computer literature stacked on every surface.
Legend has it that colleagues who visited after the 1989 magnitude 7.1 earthquake were amazed to find that while the neighboring offices were in disarray, nothing seemed to be amiss in Dr. Neumann was not disturbed.