8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Homework 7 - due November 17, 2015

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment: November 10-November 17 readings

1. [20 points] 12-unit students: Read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy.

2. [50 points] The table below contains information from the course roster for a hypothetical CMU course with the names of the students removed. Suppose some researchers were interested in finding out whether there was any correlation between grades in this course and student college, department, or class.

If this table were given to researchers, would you consider this to be an anonymous release of this data? Why or why not?
Rewrite this table so that it is k-anonymous where k=2. and so that its value to the researchers is maximized. (Note that you do not need to find the absolute best solution, but you should come up with a reasonably good solution.) You may use suppression, generalization, or both (see here for a brief explanation). Use a bold font or other indicator to highlight the cells in the table that you changed.
Now do the same thing you did in part b but for k=4.
Are there any students that if I know they are taking the class I would be able to figure out their grade even with the k-anonymized data set at k=2 or k=4?
Do you believe k=2 provides a sufficient level of anonymity for this type of data release? What about k=4? Explain.

The required reading by Dr. Latanya Sweeney describes k-anonymity.

COLLEGE DEPT    CLASS	GRADE
SCS     CS      Junior	A
SCS     CS      Senior	B
SCS     CS      Senior	A
SCS     HCI     Master	C
SCS     HCI     Doct	A
SCS	ISR	Master	B
SCS	ISR	Master	B
SCS	ISR	Master	B
SCS     SE      Master	A
SCS     SE      Doct	A
SCS     ROB     Doct	A
CIT	ECE	Soph	B
CIT     ECE     Junior	C
CIT     ECE     Senior	B
CIT     ECE     Master	A
CIT     EPP     Junior	A
CIT     EPP     Doct	A
CIT     MSE     Senior	A
CIT     INI     Master	B
CIT     INI     Master	C
CMU     IS      Master	A
CMU     IS      Master	A
CMU     IT      Master	B
HNZ     PPM     Master	C
HNZ     PPM     Master	C
HNZ     PPM     Master	C
HNZ	ITM	Master	C

3. [50 points] Pick a consumer software product or service that may collect information from or about its users and may transmit some or all of that information off the consumer's device or share information collected by a service with other parties. Use the Microsoft Privacy Guidelines to analyze this software. List all the applicable guidelines and try to determine whether/how the software complies with each one by using the software and reading its documentation. You may be able to get some additional relevant information about the product support web site for that product. Make a table showing each guideline and how the software complies with or violates it (or explaining why you are unable to determine this). In the case of violations, what changes would you recommend to comply with these guidelines. [If you find you are unable to make a determination for most of the guidelines, pick another piece of software to analyze.]