8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Date

Topics

Assignment

Tuesday, August 24

Overview

• Introductions and review of syllabus
• Overview of topics to be covered in this course
• Course preview picture tour, Part I

Thursday, August 26

Conceptions of privacy

• Course preview picture tour, Part II
• What is privacy? What does privacy mean to you?

Required reading:

• Daniel Solove, 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy, San Diego Law Review, Vol. 44, 2007.

Tuesday, August 31

History and philosophy of privacy [slides]

• Privacy throughout history
• Philosophical underpinnings of privacy
• Why does privacy matter?

Research and communication skills

• Avoiding plagiarism
• Creating a bibliography and citing sources

Required reading:

• Privacy, Information, and Technology, 1C Introduction: Perspectives on Privacy, pp. 39-76.

Optional reading:

• Daniel Solove, A Taxonomy of Privacy, University of Pennsylvania Law Review, Vol. 154, No. 3, p. 477, January 2006.
• H. Nissenbaum, Privacy as Contextual Integrity, in Washington Law Review, Vol 79, No. 1, pp. 119-158, February 2004.

Thursday, September 2

Homework 1 discussion

• Paraphrasing vs. plagiarism
• Wallet collages
• Web cams and Street View
• Privacy in art, literature, and pop culture

Required reading:

• Web Privacy with P3P, Foreword and Chapter 1: Introduction to P3P, pp. xi-xiii, 3-11.

Homework 1 due

Tuesday, September 7

Fair Information Practices and Privacy Principles [slides]

• Privacy terminology
• Fair Information Practices
• Generally Accepted Privacy Principles (GAPP)
• APEC Privacy Framework

Research and communication skills

• Selecting a research topic
Finding information with search engines
• Using library resources
• Writing a literature review

Introduce course project

Required reading:

• Lorrie Faith Cranor, I Didn't Buy it for Myself, in Designing Personalized User Experiences in eCommerce, 2004.
• Privacy Rights Clearinghouse, A Review of the Fair Information Principles, 2004.
• AICPA, Generally Accepted Privacy Principles, August 2009. [Download the business version and read through page 11 thoroughly, then skim the pages 12-66]
• APEC, APEC Privacy Framework, 2005.

Optional reading:

• Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, August 2010.

Thursday, September 9

Privacy law [slides]

• US privacy laws - common law, constitutional law, statutory law
• European Union Directive

Required reading:

• Privacy, Information, and Technology, 1A Introduction: Information Privacy, Technology, and the Law, pp. 1-7.
• Privacy, Information, and Technology, 1B Introduction: Information Privacy Law: Origins and Types, pp. 10-38.

Optional reading:

• IAPP, U.S. Privacy Enforcement Case Studies, 2009.
• Computer Science and Telecommunications Board, Engaging Privacy and Information Technology in a Digital Age, Chapter 4: The Legal Landscape in the United States
• EPIC, Gmail Privacy Page, 2004. AND S. Chopra and L. White. Privacy and Artificial Agents, Or is Google Readiing My Email? in Proceedings of the International Joint Conference on Artificial Intelligence, 2007.

Tuesday, September 14

Privacy self-regulation and the privacy profession

• Privacy self-regulation
• Privacy seal programs - TRUSTe, etc.
• Chief privacy officers
• Industry codes and voluntary guidelines
• Privacy policies
• Is privacy self-regulation working?
• International Association of Privacy Professional (IAPP)
• Privacy-related organizations

Required reading:

• Privacy, Information, and Technology, 4A Privacy of Financial and Commercial Data: The Financial Services Industry and Personal Data, pp. 361-402.
• Privacy, Information, and Technology, 4B Privacy of Financial and Commercial Data: Commercial Entities and Personal Data, pp. 402-470.

Optional reading:

• Office of the Privacy Commissioner of Canada, PIPEDA Self-Assessment Tool, 2008.
• Trevor Moores and Gurpeet Dhillon, Do privacy seals in e-commerce really work? CACM, December 2003, pp. 265-271.
• Jeff Smith, Privacy policies and practices: inside the organizational maze, CACM, 36(12), December 2003, pp. 104-122.

Thursday, September 16

Homework 2 discussion

• Privacy risks of technology
• Privacy laws from around the world

Break class into groups for privacy policy group assignment

Required reading:

• Harry Hochheiser, The Platform for Privacy Preferences as a social protocol, ACM Transactions on Internet Technology, 2(4), 2002.
• M. Ryan Calo, The Boundaries of Privacy Harm, Indiana Law Journal, Vol. 86, No. 3, 2011.

Homework 2 due

Tuesday, September 21

Guest lecture, Alessandro Acquisti: Economics of privacy

Required reading:

• Hal Varian, Economic Aspects of Personal Privacy, in Privacy and Self-Regulation in the Information Age, 1997.
• Alessandro Acquisti and Jens Grossklags, Privacy and Rationality in Individual Decision Making, IEEE Security & Privacy, January/February 2005, pp. 24-30.

Optional reading:

• papers from Alessandro Acquisti's economics of privacy bibliography

Thursday, September 23

Privacy attitudes and behavior

• Privacy surveys - overview and role
• CMU Privacy Finder study
• CMU Behavioral Advertising studies

Research and communications skills

• Human Subjects Research

Required reading:

• Joseph Turow, Americans and Online Privacy: The System is Broken, 2003.
• Jim Harper and Solveig Singleton, With a Grain of Salt: What Consumer Privacy Surveys Don't Tell Us, 2001.
• Carlos Jensen and Colin Potts, Privacy policies as decision-making tools: an evaluation of online privacy notices, CHI 2004, pp. 471-478.

Optional reading:

• Irene Pollach, What's wrong with online privacy policies?, CACM September 2007, 50(9): 103-108.
• J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Paper presented at the Workshop on the Economics of Information Security, June 7-8, 2007, Pittsburgh, PA.
• Web Privacy with P3P, Chapter 14: User Interface, pp. 236-265.
• L. Cranor, S. Egelman, S. Sheng, A. McDonald, and A. Chowdhury. P3P Deployment on Websites. Electronic Commerce Research and Applications, Volume 7, Issue 3, Autumn 2008, Pages 274-293.

Tuesday, September 28

Online privacy

• Online vs. offline privacy concerns
• Data collection through web browsers - cookies, web bugs, referer, behavioral targeting, etc.
• Spam

Research and communication skills

• Evaluating the quality and credibility of information sources

Required reading:

• Web Privacy with P3P, Chapter 2: The Online Privacy Landscape, pp. 12-29.
• Adil Alsaid and David Martin, Detecting Web Bugs With Bugnosis: Privacy Advocacy Through Education, Privacy Enhancing Technologies Workshop, 2002.

Optional reading:

• P. Eckersley, How Unique is Your Web Browser? Privacy Enhancing Technologies Symposium, July 20-23, 2010.
• Serge Egelman, Suing spammers for fun and profit, ;login: April 2004, pp. 50-58.
• Eric Allman, Spam, Spam, Spam, Spam, Spam, the FTC, and Spam, Queue, 1(6) September 2003, pp. 62-69.
• Lynette Millett, Batya Friedman, and Edward Felton, Cookies and Web browser design, CHI2001.
• David Kristol. HTTP Cookies: Standards, privacy, and politics, 2001. ACM Transactions on Internet Technology, 1(2), pp 151-198.
• Linn, J. 2005. Technology and Web User Data Privacy: A Survey of Risks and Countermeasures. IEEE Security and Privacy 3, 1 (Jan. 2005), 52-58.
• Paul Ohm, The Rise and Fall of Invasive ISP Surveillance, August 2008, available at SSRN.

One-paragraph project description due

Thursday, September 30

Introduction to P3P

• How P3P works
• P3P user agents
• P3P history, politics, and evaluation
• P3P legal and policy issues
• Writing privacy policies

Group privacy policy project discussion

Required reading

• Web Privacy with P3P, Chapter 4: P3P History, pp. 43-57.
• Web Privacy with P3P, Chapter 5: Overview and Options, pp. 61-80.
• Web Privacy with P3P, Chapter 12: P3P User Agents and Other Tools, pp. 203-213.

Optional reading:

• L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction, June 2006, pp. 135-178.

Homework 3 due

Tuesday, October 5

P3P Deployment

• Creating P3P policies
• P3P validation and authoring tools
• APPEL

Homework 3 discussion

Required reading:

• Web Privacy with P3P, Chapter 6: P3P Policy Syntax, pp. 81-109.
• Web Privacy with P3P, Chapter 7: Creating P3P Policies, pp. 110-132.
• Web Privacy with P3P, Chapter 13: A P3P Preference Exchange Language (APPEL), pp. 214-235.

Optional reading

• Web Privacy with P3P, Chapters 8, 9, 10, 11, pp. 133-202.
• P. Resnick and L. Cranor. Protocols for Automated Negotiations with Buyer Anonymity and Seller Reputations. (2000). Netnomics 2(1):1-23.
• A. Cooper, J. Morris, and E. Newland. Privacy Rulesets. W3C Editor's Draft, 20 April 2010.

Thursday, October 7

Identity

• identity, identification, credentials, and authentication
• Identity management systems

Required reading:

• Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of Privacy, National Academy of Sciences, 2003, Chapters 1 and 2, pp. 16-54.
• Information Commissioner's Office, New approaches to identity management and privacy, 2007.

Optional reading:

• Kim Cameron, The Laws of Identity, 2005.
• Microsoft, The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity, 2006.
• Ann Cavoukian, 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, 2006.
• The Identity Project Research Findings

Tuesday, October 12

Anonymity

• anonymity
• anonymity tools
• Privacy Enhancing Technologies (PETs)

Required reading:

• Web Privacy with P3P, Chapter 3: Privacy Technology, pp. 30-42.
• David Chaum, Security without Identification: Card Computers to make Big Brother Obsolete, 1987.

Optional reading:

• A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology.
• Michael Reiter and Aviel Rubin, Anonymous Web transactions with Crowds, CACM 42(2), February 1999, pp. 32-48.
• Marc Waldman, Aviel Rubin, and Lorrie Cranor, The architecture of robust publishing systems, TOIT, 1(2), November 2001, pp. 199-230.
• Microsoft, The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity, 2006.
• Ann Cavoukian, 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, 2006.

Thursday, October 14

Data privacy

• K-anonymity
• L-diversity
• de-identification and re-identification
• Data linking and data profiling
• Techniques for protecting data privacy
• Privacy and search engine data

Homework 4 discussion

Required reading:

• Latanya Sweeney, Information Explosion, in Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies, Urban Institute, Washington, DC, 2001.
• Latanya Sweeney, k-Anonymity: a model for protecting privacy, International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.
• Simon A. Cole, Double Helix Jeopardy, IEEE Spectrum (August 2007).

Optional reading:

• Mark A. Rothstein, Tougher Laws Needed to Protect Your Genetic Privacy, Scientific American, August 2008.
• L. Xiong, S. Chitti, L. Liu, Preserving data privacy in outsourcing data aggregation services, TOIT 7,3 (Aug. 2007), 17.
• Machanavajjhala, A., Kifer, D., Gehrke, J., and Venkitasubramaniam, M. 2007. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1, 1 (Mar. 2007), 3. (or read the shorter conference version presented at ICDE 2006)

Homework 4 due

Tuesday, October 19

Privacy on social networks

Privacy policy group assignment feedback

Required reading:

• Alessandro Acquisti and Ralph Gross. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Workshop on Privacy-Enhancing Technologies (PET) 2006.
• Security Issues and Recommendations for Online Social Networks, ENISA Position Paper No. 1, October 2007.

Optional reading:

• Christopher Soghoian, Go Fish: Is Facebook Violating European Data Protection Rules? and Facebook Cares More About Privacy Than Security, 2007
• Stefan Berteau, Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in, CA Security Advisor Research Blog, 2007.
• Daniel J. Solove, Do Social Networks Bring the End of Privacy? Scientific American, August 2008.
• James Grimmelmann, Facebook and the Social Dynamics of Privacy (September 3, 2008). NYLS Legal Studies Research Paper No. 08/09-7.

Project proposal due

Thursday, October 21

Biometrics (field trip to Marios Savvides' Biometrics Lab

Required reading:

• Anil K. Jain, Arun Ross and Salil Prabhakar, An Introduction to Biometric Recognition, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.

Optional reading:

• Ross Anderson, Biometrics, Chapter 13 in Security Engineering: A Guide to Building Dependable Distributed Systems pp. 261-276, 2001.
• Ann Cavoukian, Privacy and Radical Pragmatism: Change the Paradigm, August 2008.

Tuesday, October 26

Guest lecture, Travis Breaux: Analyzing regulatory rules for privacy requirements

Required reading:

• Travis D. Breaux, Annie I. Antón, "Analyzing Regulatory Rules for Privacy and Security Requirements", IEEE Transactions on Software Engineering, Special Issue on Software Engineering for Secure Systems (IEEE TSE), 34(1):5-20, January/February 2008
• Travis D. Breaux, Matthew W. Vail, Annie I. Antón, "Towards Compliance: Extracting Rights and Obligations to Align Requirements with Regulations", In Proc. IEEE 14th International Requirements Engineering Conference (RE'06), Minneapolis, Minnesota, pp. 49-58, Sep. 2006

Thursday, October 28

Guest lecture, Patrick Kelley: Privacy and location tracking

• privacy in ubiquitous computing
• privacy and location-based services
• RFID

Homework 5 discussion

Required reading:

• S. Garfinkel, A. Jules, and R. Pappu, RFID Privacy, IEEE Security & Privacy Magazine, 3(3) May-June 2005, pp. 34-43.
• G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. Abowd, Developing Privacy Guidelines for Social Location Disclosure Applications and Services, SOUPS 2005.

Optional reading:

• V. Kostakos, The Privacy Implications of Bluetooth, April 2008.
• J. Hong, J. Ng, S. Lederer, and J. Landay, Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems, DIS2004.
• J. Cornwell, I. Fette, G. Hsieh, M. Prabaker, J. Rao, K. Tang, K. Vaniea, L. Bauer, L. Cranor, J. Hong, B. McLaren, M. Reiter, N. Sadeh, User-Controllable Security and Privacy For Pervasive Computing, Proceedings of the 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007).
• Papers from 2007 Workshop on Ubicomp Privacy
• Y. Matsuo, N. Okazaki, K. Izumi, Y. Nakamura, and K. Hasida, Inferring Long-term User Properties based on Users' Location History, IJCAI 2007.

Homework 5 due

Tuesday, November 2 (election day)

Guest lecture, Michael Shamos: Workplace privacy and medical privacy [slides]

Thursday, November 4

Engineering privacy

• Privacy by policy vs. privacy by architecture
• Privacy guidelines for software developers

Required reading:

• Alfred Kobsa, Privacy-enhanced personalization, CACM 50(8), August 2007.
• Microsoft, Privacy Guidelines for Developing Software Products and Services, 2007.

Optional reading:

• Sarah Spiekermann and Lorrie Faith Cranor. Engineering Privacy. To appear in IEEE Transactions on Software Engineering.
• Stephen T. Kent and Lynette I. Millett, Editors, Who Goes There? Authentication Through the Lens of Privacy, National Academy of Sciences, 2003, Chapter 7: A Toolkit for Privacy in the Context of Authentication, pp 179-196.
• A. Senior, S. Pankanti, A. Hampapur, L. Brown, Ying-Li Tian, A. Ekin, J. Connell, Chiao Fe Shu, and M. Lu, Enabling Video Privacy through Computer Vision, IEEE Security & Privacy Magazine, 3(3) May-June 2005, pp. 50-57.
• P. Wayner, The Power of Candy-Coated Bits, IEEE Security & Privacy Magazine, 2(2) March-April 2004, pp. 69-72.
• M.A. Colayannides, The cost of convenience: a faustian deal, IEEE Security & Privacy Magazine, 2(2) March-April 2004, pp. 84-87.
• Microsoft, Windows 7 Privacy Statement, 2010.
• Ben Laurie, Selective Disclosure, 2007.
• Feigenbaum, J., Freedman, M. J., Sander, T., and Shostack, A. 2002. Privacy Engineering for Digital Rights Management Systems. In Revised Papers From the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management T. Sander, Ed. Lecture Notes In Computer Science, vol. 2320. Springer-Verlag, London, 76-105.
• Marit Hansen, Ari Schwartz, and Alissa Cooper. Privacy and Identity Management. IEEE Secruity and Privacy, March/April 2008.
• Lawrence Lessig, The Architecture of Privacy, 1 Vanderbilt Entertainment Law and Practice 56-65 (1999).

Tuesday, November 9

Identity theft

• phishing and anti-phishing
• spyware and malware
• data breaches

Required reading:

• Paul N. Otto, Annie I. Antón, David L. Baumer, The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information, IEEE Security & Privacy.

Optional reading:

• Herbert H. Thompson, How I Stole Someone's Identity, sciam.com, August 18, 2008.
• S. Romanosky, R. Telang, and A. Acquisti, Do Data Breach Disclosure Laws Reduce Identity Theft?, WEIS 2008.
• Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan, Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware, SOUPS 2005, pp. 43-52.
• Congressional Research Service, Spyware: Background and Policy Issues for Congress, 2008.
• Congressional Research Service, Identity Theft Laws: State Penalties and Remedies and Pending Federal Bills, 2007
• Phishing-related papers from the Supporting Trust Decisions website

Thursday, November 11

Law enforcement and government surveillance

• law enforcement and surveillance
• wiretapping and bugging
• new surveillance technologies
• US crypto regulation
• government surveillance initiatives: Clipper chip, Carnivore, TIA, Echelon, airline passenger screening etc.
• The USA PATRIOT Act and post-911 national security initiatives
• government computer searches
• Public access to government records

Research and communications skills

• Organizing a research paper
• How to write a good paper
• How to create a research poster

Required reading:

• Privacy, Information, and Technology, 2A Privacy and Law Enforcement: The Fourth Amendment and Emerging Technology, pp. 77-137.
• Privacy, Information, and Technology, 2B Privacy and Law Enforcement: Federal Electronic Surveillance Law, pp. 138-157.
• Privacy, Information, and Technology, 2C Privacy and Law Enforcement: Digital Searches and Seizures, pp. 158-191.
• Privacy, Information, and Technology, 2C Privacy and Law Enforcement: National Security and Foreign Intelligence, pp. 192-242.

Optional reading

• Privacy, Information, and Technology, 3A Privacy and Government Records and Databases: Public Access to Government Records pp. 244-300.
• Privacy, Information, and Technology, 3B Privacy and Government Records and Databases: Government Records of Personal Information, pp. 301-360.
• Computer Science and Telecommunications Board, Engaging Privacy and Information Technology in a Digital Age, Chapter 9: Privacy, Law Enforcement, and National Security
• Congressional Research Service, Data Mining and Homeland Security: An Overview, 2008.
• ACLU, Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, 2003.
• David Brin, The Transparent Society, Wired,, 4.12, December 1996.
• H. Goldstein, We like to watch, IEEE Spectrum, 41(7), July 2004, pp. 30-34.
• The most spied upon people in Europe, BBC News, February 2008.
• Whitfield Diffie and Susan Landau, Internet Eavesdropping: A Brave New World of Wiretapping, Scientific American, August 2008.

Tuesday, November 16

Homework 6 discussion

• Privacy guideline analysis
• Government surveillance programs

Homework 6 due

Thursday, November 18

Guest lecture, Brian Geffert, privacy consultant

No required reading

Optional reading:

• The Data Deluge
• Data, Data Everywhere

Tuesday, November 23

Current issues

Research and communications skills

• Preparing a short presentation
• Creating slides for a presentation

No required reading

Draft project paper due

Thursday, November 25

Thanksgiving break, no class

Tuesday, November 30

Poster fair - NSH Atrium

No required reading

Thursday, December 2

current issues, project presentations

No required reading

Tuesday, December 7, 5:30-8:30 pm, GHC 5222

Final project presentations

This class will have no final exam. However, project presentations will be scheduled during our final exam slot. All students are expected to attend.

Final project papers are due December 13 at noon.