Privacy issues have been getting increasing attention from law
makers, regulators, and the media. As a result, businesses are under
pressure to draft privacy policies and post them on their web sites,
chief privacy officers are becoming essential members of many
enterprises, and companies are taking pro-active steps to avoid the
potential reputation damage of a privacy mistake. As new technologies
are developed, they increasingly raise privacy concerns -- the World
Wide Web, wireless location-based services, and RFID chips are just a
few examples. In addition, the recent focus on national security and
fighting terrorism has brought with it new concerns about governmental
intrusions on personal privacy. This course provides an in-depth look
into privacy, privacy laws, and privacy-related technologies and
self-regulatory efforts. Students will study privacy from
philosophical, historical, legal, policy, and technical perspectives
and learn how to engineer systems for privacy.
This course is intended primarily for graduate students and
advanced undergraduate students (juniors and seniors) with some technical
background. Programming skills are not required. 8-733, 19-608, and 95-818 are 12-unit courses for PhD
students. Students enrolled under these course numbers will have extra
reading and presentation assignments and will be expected to do a
project suitable for publication. 8-533 is a 9-unit course for
undergraduate students. Masters students may register for any of the
course numbers. This course will include a lot of reading, writing,
and class discussion. Students will be able to tailor their
assignments to their skills and interests, focusing more on
programming or writing papers as they see fit. However, all students
will be expected to do some writing and some technical work. A large
emphasis will be placed on research and communication skills, which
will be taught throughout the course.
Readings will be assigned from the following texts. Additional
readings will be assigned from papers available online or handed
out in class. The web sites for the two required texts also contain
pointers to a variety of other books and online resources relevant
to this course.
Date
|
Topics
|
Assignment
|
Tuesday, August 24
|
Overview
- Introductions and review of syllabus
- Overview of topics to be covered in this course
- Course preview picture tour, Part I
|
|
Thursday, August 26
|
Conceptions of privacy
- Course preview picture tour, Part II
- What is privacy? What does privacy mean to you?
|
Required reading:
|
Tuesday, August 31
|
History and philosophy of privacy [slides]
- Privacy throughout history
- Philosophical underpinnings of privacy
- Why does privacy matter?
Research and communication skills
|
Required reading:
- Privacy, Information, and Technology, 1C
Introduction: Perspectives on Privacy,
pp. 39-76.
Optional reading:
- Daniel Solove, A
Taxonomy of Privacy, University of Pennsylvania Law
Review, Vol. 154, No. 3, p. 477, January 2006.
- H. Nissenbaum, Privacy as Contextual Integrity, in Washington Law Review, Vol 79, No. 1, pp. 119-158, February 2004.
|
Thursday, September 2
|
Homework 1 discussion
- Paraphrasing vs. plagiarism
- Wallet collages
- Web cams and Street View
- Privacy in art, literature, and pop culture
|
Required reading:
Homework 1 due
|
Tuesday, September 7
|
Fair Information Practices and Privacy Principles [slides]
- Privacy terminology
- Fair Information Practices
- Generally Accepted Privacy Principles (GAPP)
- APEC Privacy Framework
Research and communication skills
Introduce course project
|
Required reading:
- Lorrie Faith Cranor, I Didn't
Buy it for Myself, in Designing Personalized User
Experiences in eCommerce, 2004.
- Privacy Rights Clearinghouse, A Review of
the Fair Information Principles, 2004.
- AICPA, Generally
Accepted Privacy Principles, August 2009. [Download the
business version and read through page 11 thoroughly, then skim the
pages 12-66]
- APEC, APEC
Privacy Framework, 2005.
Optional reading:
|
Thursday, September 9
|
Privacy law [slides]
- US privacy laws - common law, constitutional law, statutory law
- European Union Directive
|
Required reading:
- Privacy, Information, and Technology, 1A
Introduction: Information Privacy, Technology, and the Law,
pp. 1-7.
- Privacy, Information, and Technology, 1B
Introduction: Information Privacy Law: Origins and Types,
pp. 10-38.
Optional reading:
|
Tuesday, September 14
|
Privacy self-regulation and the privacy profession
- Privacy self-regulation
- Privacy seal programs - TRUSTe, etc.
- Chief privacy officers
- Industry codes and voluntary guidelines
- Privacy policies
- Is privacy self-regulation working?
- International Association of Privacy Professional (IAPP)
- Privacy-related organizations
|
Required reading:
- Privacy, Information, and Technology, 4A
Privacy of Financial and Commercial Data: The Financial Services Industry and
Personal Data,
pp. 361-402.
- Privacy, Information, and Technology, 4B
Privacy of Financial and Commercial Data: Commercial Entities and
Personal Data,
pp. 402-470.
Optional reading:
- Office of the Privacy Commissioner of Canada, PIPEDA Self-Assessment Tool, 2008.
- Trevor Moores and Gurpeet Dhillon, Do privacy seals
in e-commerce really work? CACM, December 2003, pp. 265-271.
- Jeff Smith, Privacy policies and
practices: inside the organizational maze, CACM,
36(12), December 2003, pp. 104-122.
|
Thursday, September 16
|
Homework 2 discussion
- Privacy risks of technology
- Privacy laws from around the world
Break class into groups for privacy
policy group assignment
|
Required reading:
Homework 2 due
|
Tuesday, September 21
|
Guest lecture, Alessandro Acquisti: Economics of privacy
|
Required reading:
Optional reading:
|
Thursday, September 23
|
Privacy attitudes and behavior
- Privacy surveys - overview and role
- CMU Privacy Finder study
- CMU Behavioral Advertising studies
Research and communications skills
|
Required reading:
Optional reading:
- Irene Pollach, What's wrong with
online privacy policies?, CACM September 2007, 50(9): 103-108.
- J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of
Online Privacy Information on Purchasing Behavior: An Experimental
Study. Paper presented at the Workshop on the Economics of
Information Security, June 7-8, 2007, Pittsburgh, PA.
- Web Privacy with P3P, Chapter 14: User Interface,
pp. 236-265.
- L. Cranor, S. Egelman, S. Sheng, A. McDonald, and
A. Chowdhury. P3P Deployment
on Websites. Electronic Commerce Research
and Applications, Volume 7, Issue 3, Autumn 2008, Pages 274-293.
|
Tuesday, September 28
| Online privacy
- Online vs. offline privacy concerns
- Data collection through web browsers - cookies, web bugs,
referer, behavioral targeting, etc.
- Spam
Research and communication skills
|
Required reading:
Optional reading:
- P. Eckersley, How
Unique is Your Web Browser? Privacy Enhancing
Technologies Symposium, July 20-23, 2010.
- Serge Egelman, Suing spammers for fun
and profit, ;login: April 2004, pp. 50-58.
- Eric Allman, Spam, Spam, Spam, Spam,
Spam, the FTC, and Spam, Queue, 1(6) September 2003,
pp. 62-69.
- Lynette Millett, Batya Friedman, and Edward Felton, Cookies
and Web browser design, CHI2001.
- David Kristol. HTTP Cookies:
Standards, privacy, and politics, 2001. ACM Transactions on
Internet Technology, 1(2), pp 151-198.
- Linn, J. 2005. Technology and Web User Data Privacy: A Survey of Risks
and Countermeasures. IEEE Security and Privacy 3, 1 (Jan. 2005),
52-58.
- Paul Ohm, The Rise and Fall of Invasive ISP Surveillance, August 2008, available at SSRN.
One-paragraph project description due
|
Thursday, September 30
|
Introduction to P3P
- How P3P works
- P3P user agents
- P3P history, politics, and evaluation
- P3P legal and policy issues
- Writing privacy policies
Group privacy policy project discussion
|
Required reading
- Web Privacy with P3P, Chapter 4: P3P History,
pp. 43-57.
- Web Privacy with P3P, Chapter 5: Overview and Options,
pp. 61-80.
- Web Privacy with P3P, Chapter 12: P3P User Agents and
Other Tools,
pp. 203-213.
Optional reading:
Homework 3 due
|
Tuesday, October 5
|
P3P Deployment
- Creating P3P policies
- P3P validation and authoring tools
- APPEL
Homework 3 discussion
|
Required reading:
- Web Privacy with P3P, Chapter 6: P3P Policy Syntax,
pp. 81-109.
- Web Privacy with P3P, Chapter 7: Creating P3P Policies,
pp. 110-132.
- Web Privacy with P3P, Chapter 13: A P3P Preference
Exchange Language (APPEL),
pp. 214-235.
Optional reading
|
Thursday, October 7
|
Identity
- identity, identification, credentials, and authentication
- Identity management systems
|
Required reading:
Optional reading:
|
Tuesday, October 12
|
Anonymity
- anonymity
- anonymity tools
- Privacy Enhancing Technologies (PETs)
|
Required reading:
Optional reading:
- A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Undetectability, Unobservability,
Pseudonymity, and Identity Management -
A Consolidated Proposal for Terminology.
- Michael Reiter and Aviel Rubin, Anonymous Web
transactions with Crowds, CACM 42(2), February 1999,
pp. 32-48.
- Marc Waldman, Aviel Rubin, and Lorrie Cranor, The architecture of
robust publishing systems, TOIT, 1(2), November 2001,
pp. 199-230.
- Microsoft, The Identity Metasystem: Towards a
Privacy-Compliant Solution to the
Challenges of Digital Identity, 2006.
- Ann Cavoukian, 7
Laws of Identity: The Case for Privacy-Embedded Laws of Identity in
the Digital Age, 2006.
|
Thursday, October 14
|
Data privacy
- K-anonymity
- L-diversity
- de-identification and re-identification
- Data linking and data profiling
- Techniques for protecting data privacy
- Privacy and search engine data
Homework 4 discussion
|
Required reading:
- Latanya Sweeney, Information
Explosion, in Confidentiality, Disclosure, and Data Access:
Theory and Practical Applications for Statistical Agencies, Urban Institute, Washington, DC, 2001.
- Latanya Sweeney, k-Anonymity:
a model for protecting privacy, International Journal on
Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5),
2002; 557-570.
- Simon A. Cole, Double Helix Jeopardy, IEEE Spectrum (August 2007).
Optional reading:
- Mark A. Rothstein, Tougher Laws Needed to Protect Your Genetic Privacy, Scientific American, August 2008.
- L. Xiong, S. Chitti, L. Liu, Preserving data privacy
in outsourcing data aggregation services, TOIT 7,3
(Aug. 2007), 17.
- Machanavajjhala, A., Kifer, D., Gehrke, J., and Venkitasubramaniam, M. 2007. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1, 1 (Mar. 2007), 3. (or read the shorter conference version presented at ICDE 2006)
Homework 4 due
|
Tuesday, October 19
|
Privacy on social networks
Privacy policy group assignment feedback
|
Required reading:
Optional reading:
Project proposal due
|
Thursday, October 21
|
Biometrics (field trip to Marios Savvides' Biometrics Lab
|
Required reading:
- Anil K. Jain, Arun Ross and Salil Prabhakar, An Introduction to Biometric Recognition, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based
Biometrics, Vol. 14, No. 1, January 2004.
Optional reading:
|
Tuesday, October 26
|
Guest lecture, Travis Breaux: Analyzing regulatory rules
for privacy requirements |
Required reading:
-
Travis D. Breaux, Annie I. Antón, "Analyzing Regulatory Rules for Privacy and Security Requirements", IEEE Transactions on Software Engineering, Special Issue on Software Engineering for Secure Systems (IEEE TSE), 34(1):5-20, January/February 2008
- Travis D. Breaux, Matthew W. Vail, Annie I. Antón, "Towards
Compliance: Extracting Rights and Obligations to Align Requirements
with Regulations", In Proc. IEEE 14th International Requirements
Engineering Conference (RE'06), Minneapolis, Minnesota, pp. 49-58,
Sep. 2006
|
Thursday, October 28
|
Guest lecture, Patrick Kelley: Privacy and location tracking
- privacy in ubiquitous computing
- privacy and location-based services
- RFID
Homework 5 discussion
|
Required reading:
- S. Garfinkel, A. Jules, and R. Pappu, RFID
Privacy, IEEE Security & Privacy Magazine, 3(3)
May-June 2005, pp. 34-43.
- G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. Abowd, Developing
Privacy Guidelines for Social Location Disclosure Applications and
Services, SOUPS 2005.
Optional reading:
- V. Kostakos, The Privacy Implications of Bluetooth, April 2008.
- J. Hong, J. Ng, S. Lederer, and J. Landay, Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems, DIS2004.
- J. Cornwell, I. Fette, G. Hsieh, M. Prabaker, J. Rao,
K. Tang, K. Vaniea, L. Bauer, L. Cranor, J. Hong, B. McLaren,
M. Reiter, N. Sadeh, User-Controllable
Security and Privacy For Pervasive Computing, Proceedings of the
8th IEEE Workshop on Mobile Computing Systems and Applications
(HotMobile 2007).
- Papers from 2007
Workshop on Ubicomp Privacy
- Y. Matsuo, N. Okazaki, K. Izumi, Y. Nakamura, and K. Hasida, Inferring Long-term User Properties based on Users' Location History, IJCAI 2007.
Homework 5 due
|
Tuesday, November 2 (election day)
|
Guest lecture, Michael Shamos: Workplace privacy and
medical privacy [slides]
|
|
Thursday, November 4
|
Engineering privacy
- Privacy by policy vs. privacy by architecture
- Privacy guidelines for software developers
|
Required reading:
Optional reading:
- Sarah Spiekermann and Lorrie Faith Cranor. Engineering
Privacy. To appear in IEEE Transactions on Software Engineering.
- Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of
Privacy, National Academy of Sciences, 2003, Chapter 7: A
Toolkit for Privacy in the Context of Authentication, pp
179-196.
- A. Senior, S. Pankanti, A. Hampapur, L. Brown, Ying-Li Tian,
A. Ekin, J. Connell, Chiao Fe Shu, and M. Lu, Enabling
Video Privacy through Computer Vision, IEEE Security &
Privacy Magazine, 3(3) May-June 2005, pp. 50-57.
- P. Wayner, The
Power of Candy-Coated Bits, IEEE Security &
Privacy Magazine, 2(2) March-April 2004, pp. 69-72.
- M.A. Colayannides, The
cost of convenience: a faustian deal, IEEE Security &
Privacy Magazine, 2(2) March-April 2004, pp. 84-87.
- Microsoft,
Windows
7 Privacy Statement, 2010.
- Ben Laurie, Selective
Disclosure, 2007.
- Feigenbaum, J., Freedman, M. J., Sander, T., and Shostack,
A. 2002. Privacy Engineering for Digital Rights Management Systems. In
Revised Papers From the ACM CCS-8 Workshop on Security and Privacy in
Digital Rights Management T. Sander, Ed. Lecture Notes In Computer
Science, vol. 2320. Springer-Verlag, London, 76-105.
- Marit Hansen, Ari Schwartz, and Alissa Cooper. Privacy
and Identity Management. IEEE Secruity and Privacy,
March/April 2008.
- Lawrence Lessig, The Architecture of Privacy, 1 Vanderbilt Entertainment Law and Practice 56-65 (1999).
|
Tuesday, November 9
|
Identity theft
- phishing and anti-phishing
- spyware and malware
- data breaches
|
Required reading:
Optional reading:
- Herbert H. Thompson, How I Stole Someone's Identity, sciam.com, August 18, 2008.
- S. Romanosky, R. Telang, and A. Acquisti, Do Data Breach Disclosure Laws Reduce Identity Theft?, WEIS 2008.
- Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw,
Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan, Stopping
Spyware at the Gate: A User Study of Privacy, Notice and
Spyware, SOUPS 2005, pp. 43-52.
- Congressional Research Service, Spyware:
Background and Policy Issues for Congress, 2008.
- Congressional Research Service, Identity Theft
Laws: State Penalties and Remedies and Pending Federal Bills, 2007
- Phishing-related papers from the Supporting Trust Decisions website
|
Thursday, November 11
|
Law enforcement and government surveillance
- law enforcement and surveillance
- wiretapping and bugging
- new surveillance technologies
- US crypto regulation
- government surveillance initiatives: Clipper chip,
Carnivore, TIA, Echelon, airline passenger screening etc.
- The USA PATRIOT Act and post-911 national security initiatives
- government computer searches
- Public access to government records
Research and communications skills
|
Required reading:
- Privacy, Information, and Technology, 2A
Privacy and Law Enforcement: The Fourth
Amendment and Emerging Technology,
pp. 77-137.
- Privacy, Information, and Technology, 2B
Privacy and Law Enforcement: Federal Electronic
Surveillance Law,
pp. 138-157.
- Privacy, Information, and Technology, 2C
Privacy and Law Enforcement: Digital Searches and Seizures,
pp. 158-191.
- Privacy, Information, and Technology, 2C
Privacy and Law Enforcement: National Security and Foreign Intelligence,
pp. 192-242.
Optional reading
- Privacy, Information, and Technology, 3A
Privacy and Government Records and Databases: Public Access to
Government Records
pp. 244-300.
- Privacy, Information, and Technology, 3B
Privacy and Government Records and Databases: Government Records of
Personal Information,
pp. 301-360.
- Computer Science and Telecommunications Board, Engaging Privacy and Information Technology in a Digital Age, Chapter 9: Privacy, Law Enforcement, and National Security
- Congressional Research Service, Data Mining and
Homeland Security: An Overview, 2008.
- ACLU, Bigger
Monster, Weaker Chains: The Growth of an American Surveillance
Society, 2003.
- David Brin, The
Transparent Society, Wired,, 4.12, December 1996.
- H. Goldstein, We
like to watch, IEEE Spectrum, 41(7), July 2004, pp. 30-34.
- The most spied upon people in Europe, BBC News, February 2008.
- Whitfield Diffie and Susan Landau, Internet Eavesdropping: A Brave New World of Wiretapping, Scientific American, August 2008.
|
Tuesday, November 16
|
Homework 6 discussion
- Privacy guideline analysis
- Government surveillance programs
|
Homework 6 due
|
Thursday, November 18
|
Guest lecture, Brian Geffert, privacy consultant
|
No required reading
Optional reading:
|
Tuesday, November 23
|
Current issues
Research and communications skills
|
No required reading
Draft project paper due
|
Thursday, November 25
|
Thanksgiving break, no class
|
|
Tuesday, November 30
|
Poster fair - NSH Atrium
|
No required reading
|
Thursday, December 2
|
current issues, project presentations
|
No required reading
|
Tuesday, December 7, 5:30-8:30 pm, GHC 5222
|
Final project presentations
|
This class will have no final exam. However, project presentations
will be scheduled during our final exam slot. All students are
expected to attend.
Final project papers are due
December 13 at noon.
|
All homework assignments must be typed and submitted in hard copy in class on the day it is due. Every
homework submission must include a properly formatted bibliography
that includes all works you referred to as you prepared your
homework. These works should be cited as appropriate in the text of
your answers.
All homework is due at the beginning of class on the due date.
You will lose 10% for turning in homework late on the due
date. You will lose an
additional 10% for each late day after that. I reserve the right to
take off additional points or refuse to accept late homework submitted
after the answers have been discussed extensively in class. Reasonable
extensions will be granted to students with excused absences or
extenuating circumstances. Please contact me as soon as possible to
arrange for an extension.
Cheating and plagiarism will not be tolerated. Students caught
cheating or plagiarizing will receive no credit for the assignment
on which cheating occurred. Additional actions -- including assigning the student a failing
grade in the class or referring the case for disciplinary action -- may be taken at the
discretion of the instructor.
