8-533 / 8-733 / 19-608: Privacy Policy, Law, and Technology

Homework 5 - due November 1, 2007

Please email your homework in Microsoft Word or PDF format to privacy-homework AT cups DOT cs DOT cmu DOT edu and put "hw5" in the subject line.

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment:

• S. Garfinkel, A. Jules, and R. Pappu, RFID Privacy, IEEE Security & Privacy Magazine, 3(3) May-June 2005, pp. 34-43.
• G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. Abowd, Developing Privacy Guidelines for Social Location Disclosure Applications and Services, SOUPS 2005.
• Web Privacy with P3P, Chapter 3: Privacy Technology, pp. 30-42.
• Privacy, Information, and Technology, 3C Privacy and Government Records and Databases: Identification, pp. 175-184.
• Privacy, Information, and Technology, 4H Privacy, Business Records, and Financial Information: Anonymity, pp. 309-316.
• Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of Privacy, National Academy of Sciences, 2003, Chapters 1 and 2, pp. 16-54.
• David Chaum, Security without Identification: Card Computers to make Big Brother Obsolete, 1987.
• Latanya Sweeney, Information Explosion, in Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies,, Urban Institute, Washington, DC, 2001.
• Latanya Sweeney, k-Anonymity: a model for protecting privacy, International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.
• Simon A. Cole, Double Helix Jeopardy, IEEE Spectrum (August 2007).
• Anil K. Jain, Arun Ross and Salil Prabhakar, An Introduction to Biometric Recognition, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.

1. Write a short summary of each chapter in the reading assignment (3-7 sentences each). Graduate students should also read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy. [40 points]

OPTION: Graduate students may do the following option instead of an optional reading this week. Attend a panel, at least two talks, or the poster session at the MindSwap on Privacy. Write a brief report on the sessions you attended.

2. [30 points] The table below contains information from the course roster for one of my classes. Suppose some researchers were interested in finding out whether there was any correlation between grades in this class and student college, department, or class.

• a) If I were to add grade information to this table and give it to the researchers, would you consider this to be an anonymous release of this data? Why or why not?
• b) Rewrite this table so that it is k-anonymous where k=2. and so that its value to the researchers is maximized. Use a bold font to highlight the cells in the table that you changed.
• c) Do you believe k=2 provides a sufficient level of anonymity for this type of data release? Why or why not?

COLLEGE DEPT    CLASS
SCS     CS      Junior
SCS     CS      Junior
SCS     CS      Senior
SCS     CS      Senior
SCS     SE      Master
SCS     ROB     Doct
CIT     ECE     Senior
CIT     MSE     Senior
CIT     INI     Master
CIT     ECE     Master
CIT     EPP     Doct
CMU     IS      Master
HNZ     PPM     Master
HNZ     PPM     Master
HNZ     PPM     Master
HNZ     PPM     Master

3. Do part 3 of the group privacy policy project. [30 points]