8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Semester Project

All students in this course will be required to complete a project that they work on throughout the semester. Students may work on a project individually or in small groups of up to three students.


September 7 - Project assignment discussed in class
September 28 - One-paragraph project description due (5 points)
October 19 - Project proposal due (15 points)
November 23 - Draft paper due (5 points)
November 30 - Poster fair (5 points)
December 13, noon - Final paper due (60 points)
December 2, 7, final exam period TBA - Project presentations in class (10 points)

The various project assignments due before the final paper are designed to make sure you are making progress on your project throughout the semester and to give you opportunities to get feedback on your work along the way. Only the project proposal, final paper, and presentation will be graded for content. The other project assignments will be graded for completeness. For example, you will receive full credit for your draft paper if it has all the expected components and it appears that you put some effort into your draft, even if the content is poor. However, if your draft is missing an essential component (for example, a bibliography), you will not receive full credit. You will also lose points for submitting project components late. All project-related assignments will be graded within one week if they are submitted on time. You will receive feedback on the quality of the content even when you are not graded on quality. Feel free to submit these assignments early.


One-paragraph Project Description

Turn in a one-paragraph description of the project you intend to complete. If this is a team project, make sure you list all the team members. Please email your one-paragraph description as plain text (cut and paste into the body of your email) to privacy-homework AT cups DOT cs DOT cmu DOT edu and put "project description" in the subject line.

Project Proposal

The project proposal should include:

You might think of the project proposal as being similar to a grant proposal (without the need to fill out government forms or prepare a budget request). In the process of preparing this proposal you should conduct a literature review so that you can cite the relevant related work in your proposal.

Most of your grade will be based on your literature review, background, and motivation. Writing quality (grammar, spelling, clarity, etc.) will be taken into account in your grade as well. Besides being a graded assignment, the project proposal serves as a way for you to organize your thoughts about how to proceed with your semester project and to communicate them to your instructor. You will receive feedback on your proposal that may result in some changes to your project plans.

Please email your project proposal as a Microsoft Word document or PDF file to privacy-homework AT cups DOT cs DOT cmu DOT edu and put "project proposal" in the subject line.

Draft Paper

Your draft paper should be a complete or nearly complete version of your final project report. Please submit your draft paper BOTH via email and hard copy. Please submit your draft double-spaced or with wide margins so that there is plenty of room for writing comments. Please staple your draft in the top left corner. Do not submit it in a binder or report cover. Your electronic submission should be a Microsoft Word document or PDF file emailed to privacy-homework AT cups DOT cs DOT cmu DOT edu and have "draft paper" in the subject line.

Final Paper

Your project report should document the work you have done on your project. It should include an updated version of the literature review, background, and motivation from your project proposal. If your project primarily involved writing a paper, then your project report may be the only artifact you submit. On the other hand, if you developed software or created something as part of this project, you should submit whatever you created in addition to the report. In the latter case, the report should document what you did and may include information about obstacles you encountered, testing and evaluation, design rationale, etc., as appropriate. Please consult with the instructor about what should be included in your report if you have any doubts. You will be graded both on your results as well as the accompanying explanation in your report.

Students enrolled in 8-733 and 19-608 are expected to write up their report in a format suitable as a conference paper submission.

Because of all the opportunities you have to get feedback on your project during the semester, the final paper and presentation will be graded with fairly high standards. What I will be looking for depends a lot on the particular project you choose. Here are some things I will be looking for in most papers.

Please submit your final paper BOTH via email and hard copy. Your electronic submission should be sent to privacy-homework AT cups DOT cs DOT cmu DOT edu and should have "final paper" in the subject line.

Project Presentation

You should prepare an 8-10 minute presentation that provides an overview of your project report. Presentations will be scheduled during the last week of class and during the final exam week. Following your class presentation your instructor and classmates will have an opportunity to ask you questions about your project. You will be graded on the organization and clarity of your presentation, your effective use of visual aids, your oral presentation skills, and your responses to questions. It is recommended that you do a practice run of your presentation for your friends. Make sure you can stay within the 10-minute time limit!


A poster session (open to the public) will be scheduled during the last week of classes. You should prepare a poster that provides an overview of your project. A 32x40 inch foam core board and easel will be provided to each student. I will also provide thumb tacks, construction paper, glue sticks and other supplies. You may prepare your poster as a set of up to 9 8.5x11 sheets of paper or print it as a single sheet. SCS provides a large format poster printer by the SCS computing facilities help desk. More details about the poster session will be provided in class.

Project ideas

The following are a list of suggested projects. Students may select one of these projects or develop their own project idea in consultation with the instructor. You may also find inspiration in the projects completed by students in this course in past years.

P3P authoring tool

The existing P3P policy authoring tools are fairly complicated to use. The privacy nutrition label developed in the CUPS Lab makes privacy policies easier to understand. Design and implement modifications that transform the nutrition label format into a usable policy editor.

Privacy Bird Firefox extension

Privacy Bird was developed as an IE6 browser helper object to provide information about P3P policies at web sites. Similar functionality has been built into Privacy Finder however, it does not provide a persistent browser icon. Build a Firefox extension to implement functionality similar to Privacy Bird. You can leverage the existing Privacy Finder code base for fetching and evaluating P3P policies.

Privacy Finder interactive nutrition label

Many of the P3P data categories and purposes are grouped in the privacy label, but spelled out separately in P3P and in some natural language policies. An interactive version of the label would allow users to drill down and find out things like, when a site says they collect contact information are they collecting phone number or just email address. This project involves designing and implementing an interactive interface for the privacy nutrition label that allows users to drill down and access this more detailed information.

Privacy Finder privacy meter scoring

Privacy Finder uses APPEL files to produce the privacy ratings that appear in the privacy meters. Each privacy issue flagged by an APPEL file is given a weight and these flagged issues are added up to determine a privacy score. This project involves checking the privacy scores at a large number of websites given the current implementation and evaluating whether the current privacy meters are appropriate or if they should be re-calibrated to better address user concerns.

Privacy software user interface design

Perform user studies and propose new user interface designs for Privacy Bird, Privacy Finder, or other privacy software. You might study the entire user interface or focus on one particular aspect, for example the icons used for presenting information to users. Your report should discuss your findings and your proposed design changes, as well as the broader implications for the design of privacy software or our understanding about the ways people conceptualize privacy. This is best done as a team project with at least one team member who is familiar with human-computer interaction methods. This project will require IRB approval (so plan ahead).

Privacy software review

Conduct a "Consumer Reports" style review of consumer privacy software products and services. You should identify a type of product or service to investigate and develop a set of criteria for evaluating and comparing these products. Then you should carry out tests on a set of these products. Your review should include background information on these products and advice for consumers as well as the results of your evaluations. Unlike the real "Consumer Reports" your report is not limited to a few magazine pages, so you can (and should) go into a bit more detail than you will usually find in a magazine review.

Assessment of web browser privacy features

Compare the privacy features in the major web browsers and evaluate them in terms of their privacy protection functionality and usability. As a starting point see: CDT's Browser Privacy Features: A Work in Progress. You might do a study where you visit a set of web sites with each browser to determine how the privacy features behave at each site. You might conduct a user study to evaluate usability or simply conduct a heuristic usability evaluation. Provide a clear discussion of the various privacy threats that browsers can protect against and evaluate how each browser does. Identify gaps where protections are inadequate and propose new features or redesign existing features to fill those gaps.

Privacy by design

Survey products and systems in which privacy has been built in by design. What are the techniques that were used? What was the motivation or incentive to build in privacy by design? What can we learn from these examples about designing for privacy?

Privacy protection strategies used on social networks

Conduct a study of social network users (in general or pick a particular one -- Facebook, Twitter, etc.) to determine their strategies for protecting their privacy. Do they self-censor, setup multiple accounts, use protected tweets, etc.? What strategies are most popular? What privacy threats do people believe they are protecting against? What privacy threats do they feel they have not adequately protected against? You might use interviews, focus groups, or surveys for this project. This is best as a group project, preferably with at least one team member who has experience with survey or interview research. You will need IRB approval for this project--plan to get it early.

Privacy icons

There have been a number of proposals recently for privacy-related icons to use in web browsers and online advertising. See for example icons of privacy, Aza Raskin's privacy icons, and IAB CLEAR ad notice. Conduct a study to determine the effectiveness of these icons for communicating with end users. This is best as a group project, preferably with at least one team member who has experience with survey or interview research. You will need IRB approval for this project--plan to get it early.