Privacy issues have been getting increasing attention from law
makers, regulators, and the media. As a result, businesses are under
pressure to draft privacy policies and post them on their web sites,
chief privacy officers are becoming essential members of many
enterprises, and companies are taking pro-active steps to avoid the
potential reputation damage of a privacy mistake. As new technologies
are developed, they increasingly raise privacy concerns -- the World
Wide Web, wireless location-based services, and RFID chips are just a
few examples. In addition, the recent focus on national security and
fighting terrorism has brought with it new concerns about governmental
intrusions on personal privacy. This course provides an in-depth look
into privacy, privacy laws, and privacy-related technologies and
self-regulatory efforts. Students will study privacy from
philosophical, historical, legal, policy, and technical perspectives
and learn how to engineer systems for privacy.
This course is intended primarily for graduate students and
advanced undergraduate students (juniors and seniors) with some technical
background. Programming skills are not required. 8-733, 19-608, and 95-818 are 12-unit courses for PhD
students. Students enrolled under these course numbers will have extra
reading and presentation assignments and will be expected to do a
project suitable for publication. 8-533 is a 9-unit course for
undergraduate students. Masters students may register for any of the
course numbers. This course will include a lot of reading, writing,
and class discussion. Students will be able to tailor their
assignments to their skills and interests, focusing more on
programming or writing papers as they see fit. However, all students
will be expected to do some writing and some technical work. A large
emphasis will be placed on research and communication skills, which
will be taught throughout the course.
Readings will be assigned from the following texts. Additional
readings will be assigned from papers available online or handed
out in class. The web sites for the two required texts also contain
pointers to a variety of other books and online resources relevant
to this course.
Date
|
Topics
|
Assignment
|
Tuesday, August 26
|
Overview [slides]
- Introductions and review of syllabus
- Overview of topics to be covered in this course
- Course preview picture tour, Part I
|
|
Thursday, August 28
|
Conceptions of privacy
- Course preview picture tour, Part II
- What is privacy? What does privacy mean to you?
Research and communication skills
|
Required reading:
|
Tuesday, September 2
|
History and philosophy of privacy [slides]
- Privacy throughout history
- Philosophical underpinnings of privacy
- Why does privacy matter?
Discussion of course project
Research and communication skills
|
Required reading:
- Privacy, Information, and Technology, 1C
Introduction: Philosophical Perspectives,
pp. 33-55.
Optional reading:
- Daniel Solove, A
Taxonomy of Privacy, University of Pennsylvania Law
Review, Vol. 154, No. 3, p. 477, January 2006.
- Christena Nippert-Eng, Privacy
in the United States: Some Implications for Design,
International Journal of Design, 1(2), 1-10.
- H. Nissenbaum, Privacy as Contextual Integrity, in Washington Law Review, Vol 79, No. 1, pp. 119-158, February 2004.
|
Thursday, September 4
|
Homework 1 discussion
- Paraphrasing vs. plagiarism
- Wallet collages
- Web cams and Street View
- Privacy in art, literature, and pop culture
- Privacy in the news
|
Required reading:
Homework 1 due
|
Tuesday, September 9
|
Fair Information Practices [slides]
- Privacy terminology
- Fair Information Practices
Research and communication skills
|
Required reading:
Optional reading:
|
Thursday, September 11
|
Privacy law [slides]
- US privacy laws - common law, constitutional law, statutory law
- European Union Directive
|
Required reading:
- Privacy, Information, and Technology, 1A
Introduction: Information Privacy, Technology, and the Law,
pp. 1-8.
- Privacy, Information, and Technology, 1B
Introduction: Information Privacy Law: Origins and Types,
pp. 8-33.
Optional reading:
- IAPP
U.S. Privacy Enforcement Case Studies
- Computer Science and Telecommunications Board, Engaging Privacy and Information Technology in a Digital Age, Chapter 4: The Legal Landscape in the United States
- Yuho (Richard) Kim, Data Security, Privacy in Asia: Countries Need to Cooperate for Better Legal Context, The Seoul Times, 2008.
- EPIC, Gmail Privacy Page, 2004.
- S. Chopra and L. White. Privacy and Artificial Agents, Or is Google Readiing My Email? in Proceedings of the International Joint Conference on Artificial Intelligence, 2007.
- Bruce Boyden, Can You Sue If a Computer Reads Your E-mail?, Concurring Opinions, January 10, 2008.
|
Tuesday, September 16
|
Privacy self-regulation and the privacy profession [slides]
- Privacy self-regulation
- Privacy seal programs - TRUSTe, BBBOnline, etc.
- Chief privacy officers
- Industry codes and voluntary guidelines
- Privacy policies
- Is privacy self-regulation working?
- International Association of Privacy Professional (IAPP)
- Privacy-related organizations
|
Required reading:
- Privacy, Information, and Technology, 4B
Privacy, Business Records, and Financial Information: Regulating
Business Records and Databases,
pp. 197-249.
- Robert Gellman, Privacy:
Finding a Balanced Approach to Consumer Options, in
Considering Consumer Privacy: A Resource for Policymakers and
Practitioners, 2003.
- David Stampley, Managing
Information Technology Security and Privacy Compliance, 2005
Optional reading:
- Office of the Privacy Commissioner of Canada, PIPEDA Self-Assessment Tool, 2008.
- Privacy, Information, and Technology, 4G
Privacy, Business Records, and Financial Information: Privacy
Policies: Private vs. Public Enforcement,
p. 285-309.
- Trevor Moores and Gurpeet Dhillon, Do privacy seals
in e-commerce really work? CACM, December 2003, pp. 265-271.
- Jeff Smith, Privacy policies and
practices: inside the organizational maze, CACM,
36(12), December 2003, pp. 104-122.
|
Thursday, September 18
|
Homework 2 discussion
- Privacy risks of technology
- Privacy laws from around the world
Introduce privacy policy project
|
Required reading:
Optional reading:
Homework 2 due
|
Tuesday, September 23
|
Guest lecture, Alessandro Acquisti: Economics of privacy
|
Required reading:
Optional reading:
|
Thursday, September 25
|
Attend Lawrence Lessig lecture at University of Pitsburgh: A Declaration for Independence - Barco Law Building, Teplitz Memorial Moot Courtroom
|
Required reading:
Optional reading:
|
Tuesday, September 30
| Online privacy [slides]
- Online vs. offline privacy concerns
- Data collection through web browsers - cookies, web bugs,
referer, behavioral targeting, etc.
- Spam
Research and communication skills
|
Required reading:
- Privacy, Information, and Technology, 4A
Privacy, Business Records, and Financial Information: The
Collection and Use of Personal Data,
pp. 185-197.
- Privacy, Information, and Technology, 4C
Privacy, Business Records, and Financial Information: Spam,
pp. 249-251.
- Web Privacy with P3P, Chapter 2: The Online Privacy
Landscape, pp. 12-29.
- Adil Alsaid and David Martin, Detecting Web
Bugs With Bugnosis: Privacy Advocacy Through Education,
Privacy Enhancing Technologies Workshop, 2002.
Optional reading:
- Serge Egelman, Suing spammers for fun
and profit, ;login: April 2004, pp. 50-58.
- Eric Allman, Spam, Spam, Spam, Spam,
Spam, the FTC, and Spam, Queue, 1(6) September 2003,
pp. 62-69.
- Lynette Millett, Batya Friedman, and Edward Felton, Cookies
and Web browser design, CHI2001.
- David Kristol. HTTP Cookies:
Standards, privacy, and politics, 2001. ACM Transactions on
Internet Technology, 1(2), pp 151-198.
- Linn, J. 2005. Technology and Web User Data Privacy: A Survey of Risks
and Countermeasures. IEEE Security and Privacy 3, 1 (Jan. 2005),
52-58.
- Paul Ohm, The Rise and Fall of Invasive ISP Surveillance, August 2008, available at SSRN.
- Center for Democracy and Technology. Browser Privacy Features: A Work in Progress. October 2008.
Project brainstorming due
|
Thursday, October 2
|
Introduction to P3P [slides]
- How P3P works
- P3P user agents
- P3P history, politics, and evaluation
- P3P legal and policy issues
- Writing privacy policies
|
Required reading
- Web Privacy with P3P, Chapter 4: P3P History,
pp. 43-57.
- Web Privacy with P3P, Chapter 5: Overview and Options,
pp. 61-80.
- Web Privacy with P3P, Chapter 12: P3P User Agents and
Other Tools,
pp. 203-213.
Optional reading:
Homework 3 due
|
Tuesday, October 7
|
P3P Deployment [slides]
- Creating P3P policies
- P3P validation and authoring tools
- APPEL
Homework 3 discussion
|
Required reading:
- Web Privacy with P3P, Chapter 6: P3P Policy Syntax,
pp. 81-109.
- Web Privacy with P3P, Chapter 7: Creating P3P Policies,
pp. 110-132.
- Web Privacy with P3P, Chapter 13: A P3P Preference
Exchange Language (APPEL),
pp. 214-235.
Optional reading
|
Thursday, October 9
|
Identity [slides]
- identity, identification, credentials, and authentication
- Identity management systems
|
Required reading:
- Privacy, Information, and Technology, 3C
Privacy and Government Records and Databases: Identification,
pp. 175-184.
- Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of
Privacy, National Academy of Sciences, 2003, Chapters 1
and 2, pp. 16-54.
- Information Commissioner's Office, New approaches to identity management and privacy, 2007.
Optional reading:
One-paragraph project
description due
|
Tuesday, October 14
|
Guest lecture, Janice Tsai: Privacy attitudes and behavior
- Privacy Finder study
- Privacy surveys - overview and role
Research and communications skills
|
Required reading:
Optional reading:
- J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of
Online Privacy Information on Purchasing Behavior: An Experimental
Study. Paper presented at the Workshop on the Economics of
Information Security, June 7-8, 2007, Pittsburgh, PA.
- Web Privacy with P3P, Chapter 14: User Interface,
pp. 236-265.
- L. Cranor, S. Egelman, S. Sheng, A. McDonald, and
A. Chowdhury. P3P Deployment
on Websites. To be published in Electronic Commerce Research
and Applications, 2008.
|
Thursday, October 16
|
Guest lecture, Patrick Kelley [slides]
- privacy in ubiquitous computing
- privacy and location-based services
- RFID
Homework 4 discussion
|
Required reading:
- S. Garfinkel, A. Jules, and R. Pappu, RFID
Privacy, IEEE Security & Privacy Magazine, 3(3)
May-June 2005, pp. 34-43.
- G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. Abowd, Developing
Privacy Guidelines for Social Location Disclosure Applications and
Services, SOUPS 2005.
Optional reading:
- V. Kostakos, The Privacy Implications of Bluetooth, April 2008.
- J. Hong, J. Ng, S. Lederer, and J. Landay, Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems, DIS2004.
- J. Cornwell, I. Fette, G. Hsieh, M. Prabaker, J. Rao,
K. Tang, K. Vaniea, L. Bauer, L. Cranor, J. Hong, B. McLaren,
M. Reiter, N. Sadeh, User-Controllable
Security and Privacy For Pervasive Computing, Proceedings of the
8th IEEE Workshop on Mobile Computing Systems and Applications
(HotMobile 2007).
- Papers from 2007
Workshop on Ubicomp Privacy
- Y. Matsuo, N. Okazaki, K. Izumi, Y. Nakamura, and K. Hasida, Inferring Long-term User Properties based on Users' Location History, IJCAI 2007.
Homework 4 due
|
Tuesday, October 21
|
Search engines and social networks [slides]
- privacy and social networks
- privacy and search engines
|
Required reading:
Optional reading:
|
Thursday, October 23
|
Biometrics (field trip to Marios Savvides' biometrics lab)
Discuss privacy policy project drafts in class
|
Required reading:
- Anil K. Jain, Arun Ross and Salil Prabhakar, An Introduction to Biometric Recognition, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based
Biometrics, Vol. 14, No. 1, January 2004.
Optional reading:
|
Tuesday, October 28
|
Anonymity [slides]
- anonymity
- anonymity tools
- Privacy Enhancing Technologies (PETs)
|
Required reading:
- Web Privacy with P3P, Chapter 3: Privacy
Technology, pp. 30-42.
- Privacy, Information, and Technology, 4H
Privacy, Business Records, and Financial Information: Anonymity,
pp. 309-316.
- David Chaum, Security without Identification: Card Computers to
make Big Brother Obsolete, 1987.
Optional reading:
- A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Undetectability, Unobservability,
Pseudonymity, and Identity Management -
A Consolidated Proposal for Terminology.
- Michael Reiter and Aviel Rubin, Anonymous Web
transactions with Crowds, CACM 42(2), February 1999,
pp. 32-48.
- Marc Waldman, Aviel Rubin, and Lorrie Cranor, The architecture of
robust publishing systems, TOIT, 1(2), November 2001,
pp. 199-230.
- Kim Cameron, The Laws of
Identity, 2005.
- Microsoft, The Identity Metasystem: Towards a
Privacy-Compliant Solution to the
Challenges of Digital Identity, 2006.
- Ann Cavoukian, 7
Laws of Identity: The Case for Privacy-Embedded Laws of Identity in
the Digital Age, 2006.
Project proposal due
|
Thursday, October 30
|
Data privacy [slides]
- K-anonymity
- L-diversity
- de-identification and re-identification
- Data linking and data profiling
- Techniques for protecting data privacy
Homework 5 discussion
|
Required reading:
- Latanya Sweeney, Information
Explosion, in Confidentiality, Disclosure, and Data Access:
Theory and Practical Applications for Statistical Agencies, Urban Institute, Washington, DC, 2001.
- Latanya Sweeney, k-Anonymity:
a model for protecting privacy, International Journal on
Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5),
2002; 557-570.
- Simon A. Cole, Double Helix Jeopardy, IEEE Spectrum (August 2007).
Optional reading:
- Mark A. Rothstein, Tougher Laws Needed to Protect Your Genetic Privacy, Scientific American, August 2008.
- L. Xiong, S. Chitti, L. Liu, Preserving data privacy
in outsourcing data aggregation services, TOIT 7,3
(Aug. 2007), 17.
- Machanavajjhala, A., Kifer, D., Gehrke, J., and Venkitasubramaniam, M. 2007. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1, 1 (Mar. 2007), 3. (or read the shorter conference version presented at ICDE 2006)
Homework 5 due
|
Tuesday, November 4 (election day)
|
Guest lecture, Steve Sheng: Financial privacy
- Gramm-Leach-Bliley Act
- Fair Credit Reporting Act
- multi-factor authentication for online banking
- financial privacy policy study
|
Required reading:
- Privacy, Information, and Technology, 4E
Privacy, Business Records, and Financial Information: Financial Information,
pp. 256-268.
- Privacy, Information, and Technology, 4F
Privacy, Business Records, and Financial Information: Government
Access to Financial and Business Records,
pp. 268-284.
Optional reading:
|
Thursday, November 6
|
Engineering privacy [slides]
- Privacy by policy vs. privacy by architecture
- Privacy guidelines for software developers
|
Required reading:
Optional reading:
- Sarah Spiekermann and Lorrie Faith Cranor. Engineering
Privacy. To appear in IEEE Transactions on Software Engineering.
- Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of
Privacy, National Academy of Sciences, 2003, Chapter 7: A
Toolkit for Privacy in the Context of Authentication, pp
179-196.
- A. Senior, S. Pankanti, A. Hampapur, L. Brown, Ying-Li Tian,
A. Ekin, J. Connell, Chiao Fe Shu, and M. Lu, Enabling
Video Privacy through Computer Vision, IEEE Security &
Privacy Magazine, 3(3) May-June 2005, pp. 50-57.
- P. Wayner, The
Power of Candy-Coated Bits, IEEE Security &
Privacy Magazine, 2(2) March-April 2004, pp. 69-72.
- M.A. Colayannides, The
cost of convenience: a faustian deal, IEEE Security &
Privacy Magazine, 2(2) March-April 2004, pp. 84-87.
- Microsoft, Windows
Vista Privacy Statement, 2006.
- Ben Laurie, Selective
Disclosure, 2007.
- Feigenbaum, J., Freedman, M. J., Sander, T., and Shostack,
A. 2002. Privacy Engineering for Digital Rights Management Systems. In
Revised Papers From the ACM CCS-8 Workshop on Security and Privacy in
Digital Rights Management T. Sander, Ed. Lecture Notes In Computer
Science, vol. 2320. Springer-Verlag, London, 76-105.
- Marit Hansen, Ari Schwartz, and Alissa Cooper. Privacy and Identity Management. IEEE Secruity and Privacy, March/April 2008.
|
Tuesday, November 11
|
Guest lecture, Ponnurangam Kumaraguru: Identity theft
- phishing and anti-phishing
- spyware and malware
- data breaches
|
Required reading:
- Privacy, Information, and Technology, 4D
Privacy, Business Records, and Financial Information: Identity Theft,
pp. 251-256.
- Paul N. Otto, Annie I. Antón, David L. Baumer, The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of
Personal Information, IEEE Security & Privacy.
Optional reading:
- S. Romanosky, R. Telang, and A. Acquisti, Do Data Breach Disclosure Laws Reduce Identity Theft?, WEIS 2008.
- Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw,
Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan, Stopping
Spyware at the Gate: A User Study of Privacy, Notice and
Spyware, SOUPS 2005, pp. 43-52.
- Congressional Research Service, Spyware:
Background and Policy Issues for Congress, 2008.
- Congressional Research Service, Identity Theft
Laws: State Penalties and Remedies and Pending Federal Bills, 2007
- Phishing-related papers from the Supporting Trust Decisions website
|
Thursday, November 13
|
Law enforcement and government surveillance
- law enforcement and surveillance
- wiretapping and bugging
- new surveillance technologies
- US crypto regulation
- government surveillance initiatives: Clipper chip,
Carnivore, TIA, Echelon, airline passenger screening etc.
- The USA PATRIOT Act and post-911 national security initiatives
- government computer searches
- Public access to government records
Research and communications skills
|
Required reading:
- Privacy, Information, and Technology, 2A
Law Enforcement, Technology, and Surveillance: The Fourth
Amendment and Emerging Technology,
pp. 57-83.
- Privacy, Information, and Technology, 2B
Law Enforcement, Technology, and Surveillance: Federal Electronic
Surveillance Law,
pp. 83-112.
- Privacy, Information, and Technology, 2C
Law Enforcement, Technology, and Surveillance: Government Computer Searches,
pp. 112-131.
Optional reading
- Privacy, Information, and Technology, 3A
Privacy and Government Records and Databases: Public Access to
Government Records
pp. 134-144.
- Privacy, Information, and Technology, 3B
Privacy and Government Records and Databases: Government Records of
Personal Information,
pp. 144-175.
- Computer Science and Telecommunications Board, Engaging Privacy and Information Technology in a Digital Age, Chapter 9: Privacy, Law Enforcement, and National Security
- Congressional Research Service, Data Mining and
Homeland Security: An Overview, 2008.
- ACLU, Bigger
Monster, Weaker Chains: The Growth of an American Surveillance
Society, 2003.
- David Brin, The
Transparent Society, Wired,, 4.12, December 1996.
- H. Goldstein, We
like to watch, IEEE Spectrum, 41(7), July 2004, pp. 30-34.
- The most spied upon people in Europe, BBC News, February 2008.
- Whitfield Diffie and Susan Landau, Internet Eavesdropping: A Brave New World of Wiretapping, Scientific American, August 2008.
|
Tuesday, November 18
|
Homework 6 discussion
- Privacy guideline analysis
Project discussion
|
Homework 6 due
|
Thursday, November 20
|
Guest lecture, Michael
Shamos: workplace privacy and medical privacy
- Medical records privacy issues
- HIPPA
- Workplace privacy regulations
- Workplace privacy invasions
|
No required reading
Optional reading:
- Edward Balkovich, Tora K. Bikson, and Gordon Bitko,
9 to 5 Do You
Know if Your Boss Knows Where You Are?, 2005.
- Computer Science and Telecommunications Board, Engaging Privacy and Information Technology in a Digital Age, Chapter 7: Health and Medical Privacy
- Health Privacy Project, Myths
and Facts about the HIPAA Privacy Rule, 2005
- Electronic Privacy Information Center, Workplace Privacy, 2007
- Congressional Research Service, A Brief Summary of the
HIPAA Medical Privacy Rule, 2003.
- Congressional Research Service, Enforcement of the
HIPAA Privacy Rule, 2007.
- United States Government Accountability Office, Health Information Technology: Efforts Continue but Comprehensive Privacy Approach Needed for National Strategy, 2007.
|
Tuesday, November 25
|
Current issues
Research and communications skills
|
No required reading
Draft project paper due
|
Thursday, November 27
|
Thanksgiving break, no class
|
|
Tuesday, December 2
|
Poster fair - NSH Atrium
|
No required reading
|
Thursday, December 4
|
current issues, project presentations
|
No required reading
|
December 11, 1-4 pm
|
Final project presentations
|
This class will have no final exam. However, project presentations
will be scheduled during our final exam slot. All students are
expected to attend.
Final project papers are due
December 11 at 10 am.
|
All homework assignments must be typed and submitted electronically
in Microsoft Word or PDF to privacy-homework AT cups DOT cs
DOT cmu DOT edu. (Use this address only for
submitting homework, not for asking questions about the homework.)
Please place the homework number in the subject line (for example,
"hw1"). Every
homework submission must include a properly formatted bibliography
that includes all works you referred to as you prepared your
homework. These works should be cited as appropriate in the text of
your answers.
All homework is due at 2:30 pm on the due date. We will often
discuss homework in class, so you should bring an electronic or hard
copy of your homework with you to all classes. You will lose 5% for
turning in homework after 2:30 on the day it is due. You will lose an
additional 5% for each late day after that. I reserve the right to
take off additional points or refuse to accept late homework submitted
after the answers have been discussed extensively in class. Reasonable
extensions will be granted to students with excused absences or
extenuating circumstances. Please contact me as soon as possible to
arrange for an extension.
Cheating and plagiarism will not be tolerated. Students caught
cheating or plagiarizing will receive no credit for the assignment
on which cheating occurred. Additional actions -- including assigning the student a failing
grade in the class or referring the case for disciplinary action -- may be taken at the
discretion of the instructor.
