Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.
Reading assignment: October 28-November 18 readings
1. [20 points] 12-unit students: Read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy.
2. [40 points] The table below contains information from the course roster for a hypothetical CMU class. Suppose some researchers were interested in finding out whether there was any correlation between grades in this class and student college, department, or class.
The required reading by Dr. Latanya Sweeney describes k-anonymity. For clarification on l-diversity see blog post or for even deeper insights, the l-diversity paper.
COLLEGE DEPT CLASS SCS CS Junior SCS CS Junior SCS CS Senior SCS CS Senior SCS HCI Master SCS HCI Doc SCS SE Master SCS SE Doct SCS ROB Doct CIT ECE Junior CIT ECE Senior CIT ECE Master CIT EPP Junior CIT EPP Doct CIT MSE Senior CIT INI Master CIT INI Master CMU IS Master CMU IS Master CMU IT Master HNZ PPM Master HNZ PPM Master HNZ PPM Master
3. [40 points] Pick a consumer software product or service that may collect information from or about its users and may transmit some or all of that information off the consumer's device or share information collected by a service with other parties. Use the Microsoft Privacy Guidelines to analyze this software. List all the applicable guidelines and try to determine whether/how the software complies with each one by using the software and reading its documentation. You may be able to get some additional relevant information about the product support web site for that product. Make a table showing each guideline and how the software complies with or violates it (or explaining why you are unable to determine this). In the case of violations, what changes would you recommend to comply with these guidelines. [If you find you are unable to make a determination for most of the guidelines, pick another piece of software to analyze.]
4. [20 points] The Electronic Frontier Foundation has launched IFightSurveillance.org with information on fighting surveillance. The first recommended step is to create a Threat Model assessment. Build your own threat model assessment.
The steps below are directly quoted from EFF website, and are included here so that you understand what specifically you are required to include in the homework. You may fuzz, anonymize, or black-out any information you do not want to share with your TA. In step 1, select one specific asset you want to protect, such as your homework for this class, your music or video files, or your smartphone contacts list.
5. Extra Credit Opportunity [5 points]. In Chapter 4 of Swire and Ahmad, there may be statements that are out-of-date, oversimplified, or missing recent developments. If so, we should draw this to the attention of the publisher. We are offering extra credit in case you discover any such concerns. Describe the page number, the concern, and cite any sources that explain why it is a concern.