8-533 / 8-733 / 19-608: Privacy Policy, Law, and Technology

Homework 6 - due November 20, 2007

Please email your homework in Microsoft Word or PDF format to privacy-homework AT cups DOT cs DOT cmu DOT edu and put "hw6" in the subject line.

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment:

1. Write a short summary of each chapter in the reading assignment (3-7 sentences each). Graduate students should also read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy. [30 points]

2. [20 points] Pick a software product (designed to run on a personal computer or consumer device) that may collect information from or about its users and may transmit some or all of that information off the device. Use the Microsoft Privacy Guidelines to analyze this software. List all the applicable guidelines and try to determine whether/how the software complies with each one by using the software and reading its documentation. You may be able to get some additional relevant information about the product support web site for that product. Make a table showing each guideline and how the software complies with or violates it (or explaining why you are unable to determine this). In the case of violations, what changes would you recommend to comply with these guidelines. [If you find you are unable to make a determination for most of the guidelines, pick another piece of software to analyze.]

3. [20 points] Pick a government program designed to gather surveillance or intelligence data on US citizens (for example, Clipper, Echelon, CAPS II, TIA, Carnivore, CALEA, MATRIX). (a) Describe the program, including the kind of data collected, how it is/was collected, and the government's intended use of this data. (b) Describe the current status (Is it ongoing or has it been terminated? If terminated, is it continuing under a new name or in a new form?). (c) Describe the privacy concerns raised by the program and any protections proposed or put in place to mitigate these concerns.

4. Do part 4 of the group privacy policy project. [30 points]