8-533 / 8-733 / 19-608: Privacy Policy, Law, and Technology

Fall 2007: Tuesday and Thursday 10:30-11:50 am, NSH 3002
Class web site: http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ [previous semesters]
Class mailing list: http://cups.cs.cmu.edu/mailman/listinfo/privacy-class
Homework submission: privacy-homework AT cups DOT cs DOT cmu DOT edu

Professor: Lorrie Cranor

Email: lorrie AT cs DOT cmu DOT edu
Web: http://lorrie.cranor.org/
Phone: 412-268-7534
Office: CIC 2207
Office hours: Tuesdays 2:30-4 and by appointment

Teaching Assistant: Kami Vaniea

Email: kami AT cmu DOT edu
Office hours: Fridays 3-4:30 pm and by appointment, regular office hours will be held in CIC 2206

Course Description

Privacy issues have been getting increasing attention from law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies and post them on their web sites, chief privacy officers are becoming essential members of many enterprises, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. As new technologies are developed, they increasingly raise privacy concerns -- the World Wide Web, wireless location-based services, and RFID chips are just a few examples. In addition, the recent focus on national security and fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an in-depth look into privacy, privacy laws, and privacy-related technologies and self-regulatory efforts. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy.

This course is intended primarily for graduate students and advanced undergraduate students (juniors and seniors) with some technical background. Programming skills are not required. 8-733 and 19-608 are 12-unit courses for PhD students. Students enrolled under these course number will have extra reading and presentation assignments and will be expected to do a project suitable for publication. 8-533 is a 9-unit courses for undergraduate students. Masters students may register for any of the course numbers. This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.

Required Texts

Readings will be assigned from the following texts. Additional readings will be assigned from papers available online or handed out in class. The web sites for the two required texts also contain pointers to a variety of other books and online resources relevant to this course.

Web Privacy with P3P, Lorrie Faith Cranor, O'Reilly, 2002.
Privacy, Information, and Technology, Daniel J. Solove, Marc Rotenberg, and Paul M. Schwartz, Aspen Publishing, 2006.

Course Schedule

Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.

Date

Topics

Assignment

Tuesday, August 28

Overview [slides]

Introductions and review of syllabus
Overview of topics to be covered in this course
Course preview picture tour

Thursday, August 30

Conceptions of privacy [slides]

What is privacy? What does privacy mean to you?
Discussion of course project
Research and communication skills: Selecting a research topic
Research and communication skills: Avoiding plagiarism
Research and communication skills: Creating a bibliography and citing sources

Required reading:

Daniel Solove, I've Got Nothing to Hide' and Other Misunderstandings of Privacy, San Diego Law Review, Vol. 44, 2007.

Tuesday, September 4

History and philosophy of privacy [slides]

Privacy throughout history
Philosophical underpinnings of privacy
Why does privacy matter?
Research and communication skills: Finding information with search engines

Required reading:

Privacy, Information, and Technology, 1C Introduction: Philosophical Perspectives, pp. 33-55.

Optional reading:

Daniel Solove, A Taxonomy of Privacy, University of Pennsylvania Law Review, Vol. 154, No. 3, p. 477, January 2006.
Christena Nippert-Eng, Privacy in the United Staes: Some Implications for Design, International Journal of Design, 1(2), 1-10.

Thursday, September 6

Guest lecture, Janice Tsai: Privacy attitudes and behavior

Privacy Finder study
Privacy surveys - overview and role
Research and communication skills: Human Subjects Research

Required reading:

Web Privacy with P3P, Chapter 1: Introduction to P3P, pp. 3-11.
Joseph Turow, Americans and Online Privacy: The System is Broken, 2003.
Jim Harper and Solveig Singleton, With a Grain of Salt: What Consumer Privacy Surveys Don't Tell Us, 2001.

Optional reading:

J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Paper presented at the Workshop on the Economics of Information Security, June 7-8, 2007, Pittsburgh, PA.

Homework 1 due

Tuesday, September 11

Fair Information Practices [slides]

Homework 1 discussion
Privacy terminology
Fair Information Practices
Research and communication skills: Using library resources
Research and communication skills: Writing a literature review

Required reading:

Privacy Rights Clearinghouse, A Review of the Fair Information Principles, 2004.
Privacy, Information, and Technology, 1A Introduction: Information Privacy, Technology, and the Law, pp. 1-8.
Lorrie Faith Cranor, I Didn't Buy it for Myself, in Designing Personalized User Experiences in eCommerce, 2004.

Thursday, September 13

Privacy law [slides]

US privacy laws - common law, constitutional law, statutory law
European Union Directive

Privacy, Information, and Technology, 1B Introduction: Information Privacy Law: Origins and Types, pp. 8-33.

Optional reading:

IAPP U.S. Privacy Enforcement Case Studies

Tuesday, September 18

Privacy self-regulation and the privacy profession [slides]

Privacy self-regulation
Privacy seal programs - TRUSTe, BBBOnline, etc.
Chief privacy officers
Industry codes and voluntary guidelines
Privacy policies
Is privacy self-regulation working?
International Association of Privacy Professional (IAPP)
Privacy-related organizations

Required reading:

Privacy, Information, and Technology, 4B Privacy, Business Records, and Financial Information: Regulating Business Records and Databases, pp. 197-249.
Web Privacy with P3P, Foreword, pp. xi-xiii.
Robert Gellman, Privacy: Finding a Balanced Approach to Consumer Options, in Considering Consumer Privacy: A Resource for Policymakers and Practitioners, 2003.

Optional reading:

Privacy, Information, and Technology, 4G Privacy, Business Records, and Financial Information: Privacy Policies: Private vs. Public Enforcement, p. 285-309.
Trevor Moores and Gurpeet Dhillon, Do privacy seals in e-commerce really work? CACM, December 2003, pp. 265-271.

Thursday, September 20

Guest lecture, Alessandro Acquisti: Economics of privacy

Required reading:

Hal Varian, Economic Aspects of Personal Privacy, in Privacy and Self-Regulation in the Information Age, 1997.
Alessandro Acquisti and Jens Grossklags, Privacy and Rationality in Individual Decision Making, IEEE Security & Privacy, January/February 2005, pp. 24-30.

Optional reading:

papers from Alessandro Acquisti's economics of privacy bibliography

Homework 2 due

Tuesday, September 25

Web privacy [slides]

Homework 2 discussion
Online vs. offline privacy concerns
Data collection through web browsers - cookies, web bugs, referer, etc.
Research and communication skills: Evaluating the quality and credibility of information sources

Required reading:

Privacy, Information, and Technology, 4A Privacy, Business Records, and Financial Information: The Collection and Use of Personal Data, pp. 185-197.
Web Privacy with P3P, Chapter 2: The Online Privacy Landscape, pp. 12-29.
Adil Alsaid and David Martin, Detecting Web Bugs With Bugnosis: Privacy Advocacy Through Education, Privacy Enhancing Technologies Workshop, 2002.

Optional reading:

Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan, Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware, SOUPS 2005, pp. 43-52.
Congressional Research Service, Spyware: Background and Policy Issues for Congress, 2006.
Lynette Millett, Batya Friedman, and Edward Felton, Cookies and Web browser design, CHI2001.
David Kristol. HTTP Cookies: Standards, privacy, and politics, 2001. ACM Transactions on Internet Technology, 1(2), pp 151-198.

Thursday, September 27

Introduction to P3P [slides]

How P3P works
P3P user agents
P3P history, politics, and evaluation
P3P legal and policy issues
Writing privacy policies

Required reading

Web Privacy with P3P, Chapter 4: P3P History, pp. 43-57.
Web Privacy with P3P, Chapter 5: Overview and Options, pp. 61-80.
Web Privacy with P3P, Chapter 12: P3P User Agents and Other Tools, pp. 203-213.
Harry Hochheiser, The Platform for Privacy Preferences as a social protocol, ACM Transactions on Internet Technology, 2(4), 2002.

Optional reading:

L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction, June 2006, pp. 135-178.

Tuesday, October 2

Deploying P3P on web sites [slides]

Creating P3P policies
P3P validation and authoring tools

Required reading:

Web Privacy with P3P, Chapter 6: P3P Policy Syntax, pp. 81-109.
Web Privacy with P3P, Chapter 7: Creating P3P Policies, pp. 110-132.

Optional reading

Web Privacy with P3P, Chapters 8, 9, 10, 11, pp. 133-202.

Project brainstorming due

Thursday, October 4

eCrime Researchers Summit - no class

Attend the at least one panel or at least two paper presentations at eCRS.

Optional reading:

papers from the eCrime 2007 program

Homework 3 due

Tuesday, October 9

Guest lecture, Ponnurangam Kumaraguru: phishing

spam
phishing and anti-phishing
identity theft
Spyware

Required reading:

Privacy, Information, and Technology, 4C Privacy, Business Records, and Financial Information: Spam, pp. 249-251.
Privacy, Information, and Technology, 4D Privacy, Business Records, and Financial Information: Identity Theft, pp. 251-256.

Optional reading:

Serge Egelman, Suing spammers for fun and profit, ;login: April 2004, pp. 50-58.
Eric Allman, Spam, Spam, Spam, Spam, Spam, the FTC, and Spam, Queue, 1(6) September 2003, pp. 62-69.
Congressional Research Service, Identity Theft Laws: State Penalties and Remedies and Pending Federal Bills, 2007
S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. SOUPS 2007, July 18-20, 2007.
P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong. Teaching Johnny Not to Fall for Phish. CyLab Technical Report. CMU-CyLab-07-003, 2007.
P. Kumaraguru, Y. Rhee, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. CHI2007, 905-914.
J. Downs, M. Holbrook, and L. Cranor. Decision Strategies and Susceptibility to Phishing. SOUPS 2006.
I. Fette, N. Sadeh, and A. Tomasic. Learning to Detect Phishing Emails WWW2007.
Y. Zhang, J. Hong, and L. Cranor. CANTINA: A content-based approach to detecting phishing web sites. WWW2007.
Y. Zhang, S. Egelman, L. Cranor, and J. Hong Phinding Phish: Evaluating Anti-Phishing Tools. NDSS 2007.

Thursday, October 11

homework 3 discussion
privacy policy authorization languages - APPEL, EPAL, etc.
privacy policy management
initial discussion with privacy policy project client [Doug Markiewicz's slides]

Required reading:

Web Privacy with P3P, Chapter 13: A P3P Preference Exchange Language (APPEL), pp. 214-235.
David Stampley, Managing Information Technology Security and Privacy Compliance, 2005

One-paragraph project description due

Tuesday, October 16

Guest lecture, Aleecia McDonald: Privacy policy research

privacy policy trends
communicating about privacy
standardizing privacy notice formats

Required reading:

Mary Culnan, How Privacy Notices Promote Informed Consumer Choice, in Considering Consumer Privacy: A Resource for Policymakers and Practitioners, 2003.
Carlos Jensen and Colin Potts, Privacy policies as decision-making tools: an evaluation of online privacy notices, CHI 2004, pp. 471-478.
L. Cranor, S. Egelman, S. Sheng, A. McDonald, and A. Chowdhury. P3P Deployment on Websites. To be published in Electronic Commerce Research and Applications, 2008.
Irene Pollach, What's wrong with online privacy policies?, CACM September 2007, 50(9): 103-108.

Optional reading:

Web Privacy with P3P, Chapter 14: User Interface, pp. 236-265.
Jeff Smith, Privacy policies and practices: inside the organizational maze, CACM, 36(12), December 2003, pp. 104-122.

Thursday, October 18

Search engines and social networks [slides]

homework 4 discussion
privacy and social networks
privacy and search engines

Required reading:

Alessandro Acquisti and Ralph Gross. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Workshop on Privacy-Enhancing Technologies (PET) 2006.

Optional reading:

Christopher Soghoian, Go Fish: Is Facebook Violating European Data Protection Rules? and Facebook Cares More About Privacy Than Security, 2007

Homework 4 due

Tuesday, October 23

Guest lecture, Sarah Spiekermann: Privacy in ubiquitous computing [slides]

privacy in ubiquitous computing
privacy and location-based services
RFID

Required reading:

S. Garfinkel, A. Jules, and R. Pappu, RFID Privacy, IEEE Security & Privacy Magazine, 3(3) May-June 2005, pp. 34-43.
G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. Abowd, Developing Privacy Guidelines for Social Location Disclosure Applications and Services, SOUPS 2005.

Optional reading:

J. Cornwell, I. Fette, G. Hsieh, M. Prabaker, J. Rao, K. Tang, K. Vaniea, L. Bauer, L. Cranor, J. Hong, B. McLaren, M. Reiter, N. Sadeh, User-Controllable Security and Privacy For Pervasive Computing, Proceedings of the 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007).
Papers from 2007 Workshop on Ubicomp Privacy

Thursday, October 25

Identity and anonymity [slides]

identity, identification, credentials, and authentication
anonymity
anonymity tools
Privacy Enhancing Technologies (PETs)
Discuss privacy policy project drafts in class

Required reading:

Web Privacy with P3P, Chapter 3: Privacy Technology, pp. 30-42.
Privacy, Information, and Technology, 3C Privacy and Government Records and Databases: Identification, pp. 175-184.
Privacy, Information, and Technology, 4H Privacy, Business Records, and Financial Information: Anonymity, pp. 309-316.
Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of Privacy, National Academy of Sciences, 2003, Chapters 1 and 2, pp. 16-54.
David Chaum, Security without Identification: Card Computers to make Big Brother Obsolete, 1987.

Optional reading:

Michael Reiter and Aviel Rubin, Anonymous Web transactions with Crowds, CACM 42(2), February 1999, pp. 32-48.
Marc Waldman, Aviel Rubin, and Lorrie Cranor, The architecture of robust publishing systems, TOIT, 1(2), November 2001, pp. 199-230.
Kim Cameron, The Laws of Identity, 2005.
Microsoft, The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity, 2006.
Ann Cavoukian, 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, 2006.

Project proposal due

Tuesday, October 30

Data privacy [slides]

K-anonymity
de-identification and re-identification
Data linking and data profiling
Techniques for protecting data privacy

Required reading:

Latanya Sweeney, Information Explosion, in Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies,, Urban Institute, Washington, DC, 2001.
Latanya Sweeney, k-Anonymity: a model for protecting privacy, International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.
Simon A. Cole, Double Helix Jeopardy, IEEE Spectrum (August 2007).

Optional reading:

L. Xiong, S. Chitti, L. Liu, Preserving data privacy in outsourcing data aggregation services, TOIT 7,3 (Aug. 2007), 17.

Thursday, November 1

Guest lecture, Marios Savvides: biometrics

Required reading:

Anil K. Jain, Arun Ross and Salil Prabhakar, An Introduction to Biometric Recognition, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.

Optional reading:

Ross Anderson, Biometrics, Chapter 13 in Security Engineering: A Guide to Building Dependable Distributed Systems pp. 261-276, 2001.

Homework 5 due

Tuesday, November 6 (election day)

Guest lecture, Steve Sheng: Financial privacy

Gramm-Leach-Bliley Act
Fair Credit Reporting Act
multi-factor authentication for online banking
financial privacy policy study

Required reading:

Privacy, Information, and Technology, 4E Privacy, Business Records, and Financial Information: Financial Information, pp. 256-268.

Thursday, November 8

Engineering privacy [slides]

Privacy by policy vs. privacy by architecture
homework 5 discussion

Required reading:

Alfred Kobsa, Privacy-enhanced personalization, CACM 50(8), August 2007.
Microsoft, Privacy Guidelines for Developing Software Products and Services, 2007.

Optional reading:

Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of Privacy, National Academy of Sciences, 2003, Chapter 7: A Toolkit for Privacy in the Context of Authentication, pp 179-196.
A. Senior, S. Pankanti, A. Hampapur, L. Brown, Ying-Li Tian, A. Ekin, J. Connell, Chiao Fe Shu, and M. Lu, Enabling Video Privacy through Computer Vision, IEEE Security & Privacy Magazine, 3(3) May-June 2005, pp. 50-57.
P. Wayner, The Power of Candy-Coated Bits, IEEE Security & Privacy Magazine, 2(2) March-April 2004, pp. 69-72.
M.A. Colayannides, The cost of convenience: a faustian deal, IEEE Security & Privacy Magazine, 2(2) March-April 2004, pp. 84-87.
USACM Policy Recommendations on Privacy, June 2006.
Microsoft, Windows Vista Privacy Statement, 2006.
Ben Laurie, Selective Disclosure, 2007.

Tuesday, November 13

Guest lecture, Anupam Datta [slides]

Privacy as contextual integrity
Privacy policy specification and enforcement

Required reading:

A. Barth, A. Datta, J. C. Mitchell, H. Nissenbaum, Privacy and Contextual Integrity: Framework and Applications, in Proceedings of 27th IEEE Symposium on Security and Privacy, pp. 184-198, May 2006.

Optional reading:

H. Nissenbaum, Privacy as Contextual Integrity, in Washington Law Review, Vol 79, No. 1, pp. 119-158, February 2004.
A. Barth, A. Datta, J. C. Mitchell, S. Sundaram, Privacy and Utility in Business Processes, in Proceedings of 20th IEEE Computer Security Foundations Symposium, July 2007.

Thursday, November 15

Law enforcement and government surveillance [slides]

law enforcement and surveillance
wiretapping and bugging
new surveillance technologies
US crypto regulation
government surveillance initiatives: Clipper chip, Carnivore, TIA, Echelon, airline passenger screening etc.
Research and communication skills: Organizing a research paper
Research and communication skills: How to write a good paper
Research and communication skills: Creating a research poster

Required reading:

Privacy, Information, and Technology, 2A Law Enforcement, Technology, and Surveillance: The Fourth Amendment and Emerging Technology, pp. 57-83.
Privacy, Information, and Technology, 3B Privacy and Government Records and Databases: Government Records of Personal Information, pp. 144-175.
Privacy, Information, and Technology, 4F Privacy, Business Records, and Financial Information: Government Access to Financial and Business Records, pp. 268-284.

Tuesday, November 20

Guest lecture, Michael Shamos: workplace privacy and medical privacy

Medical records privacy issues
HIPPA
Workplace privacy regulations
Workplace privacy invasions

No required reading

Optional reading:

Edward Balkovich, Tora K. Bikson, and Gordon Bitko, 9 to 5 Do You Know if Your Boss Knows Where You Are?, 2005.
Health Privacy Project, Myths and Facts about the HIPAA Privacy Rule, 2005
Electronic Privacy Information Center, Workplace Privacy, 2007
Congressional Research Service, A Brief Summary of the HIPAA Medical Privacy Rule, 2003.
Congressional Research Service, Enforcement of the HIPAA Privacy Rule, 2007.

Homework 6 due

Thursday, November 22

Thanksgiving break, no class

Tuesday, November 27

Law enforcement and government surveillance [slides]

electronic surveillance law
The USA PATRIOT Act and post-911 national security initiatives
government computer searches
Public access to government records
Research and communication skills: Preparing a short presentation
Research and communication skills: Creating slides for a presentation
homework 6 discussion

Required reading:

Privacy, Information, and Technology, 2B Law Enforcement, Technology, and Surveillance: Federal Electronic Surveillance Law, pp. 83-112.
Privacy, Information, and Technology, 2C Law Enforcement, Technology, and Surveillance: Government Computer Searches, pp. 112-131.
Privacy, Information, and Technology, 3A Privacy and Government Records and Databases: Public Access to Government Records pp. 134-144.

Optional reading:

Congressional Research Service, Data Mining and Homeland Security: An Overview, 2007.
ACLU, Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, 2003.
David Brin, The Transparent Society, Wired,, 4.12, December 1996.
H. Goldstein, We like to watch, IEEE Spectrum, 41(7), July 2004, pp. 30-34.

Thursday, November 29

current issues

No required reading

Draft project paper due

Tuesday, December 4

Poster fair

No required reading

Thursday, December 6

current issues

No required reading

Monday, December 17, 1-4pm, Porter Hall A22

Final project presentations

This class will have no final exam. However, project presentations will be scheduled during our final exam slot. All students are expected to attend.

Final project papers are due December 13 at 10 am.

Course Requirements and Grading

Your final grade in this course will be based on:

10% class participation (class attendance, participation in class and online discussions)
40% homework assignments
50% project

You are expected to complete the reading assignments before the class session for which they were assigned. Class discussions will often be based on these assignments and you will not be able to participate fully if you have not done the reading. It is suggested that you write up summaries and highlights as you read each chapter or paper and bring them with you to class.

All homework assignments must be typed and submitted electronically in Microsoft Word or PDF to privacy-homework AT cups DOT cs DOT cmu DOT edu. (Use this address only for submitting homework, not for asking questions about the homework.) Please place the homework number in the subject line (for example, "hw1"). Every homework submission must include a properly formatted bibliography that includes all works you referred to as you prepared your homework. These works should be cited as appropriate in the text of your answers.

All homework is due at 10 am on the due date. We will often discuss homework in class, so you should bring an electronic or hard copy of your homework with you to all classes. You will lose 5% for turning in homework after 10 am on the day it is due. You will lose an additional 5% for each late day after that. I reserve the right to take off additional points or refuse to accept late homework submitted after the answers have been discussed extensively in class. Reasonable extensions will be granted to students with excused absences or extenuating circumstances. Please contact me as soon as possible to arrange for an extension.

Cheating and plagiarism will not be tolerated. Students caught cheating or plagiarizing will receive no credit for the assignment on which cheating occurred. Additional actions -- including assigning the student a failing grade in the class or referring the case for disciplinary action -- may be taken at the discretion of the instructor.

A class mailing list has been setup for announcements, questions, and further discussion of topics discussed in class. Students will be expected to contribute to mailing list discussions. Students should post (non-personal) course-related questions to this mailing list rather than sending them to the instructor directly. Students are encouraged to post course-related items of interest to this mailing list.