| Description | Required Texts | Schedule | Requirements | Project | Research and Communication Skills | Poster Fair |
Fall 2005: MW 9 - 10:20 am, NSH 3002
Class web site: http://lorrie.cranor.org/courses/fa05/
[Fall 2004 class web site]
Class mailing list: http://cups.cs.cmu.edu/mailman/listinfo/privacy-class
Homework submission: privacy-homework AT cups DOT cs
DOT cmu DOT edu
Professor: Lorrie Cranor
Teaching Assistant: Cynthia Kuo
Privacy issues have been getting increasing attention from law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies and post them on their web sites, chief privacy officers are becoming essential members of many enterprises, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. As new technologies are developed, they increasingly raise privacy concerns -- the World Wide Web, wireless location-based services, and RFID chips are just a few examples. In addition, the recent focus on national security and fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an indepth look into privacy, privacy laws, and privacy-related technologies and self-regulatory efforts. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives.
This course is intended primarily for graduate students and advanced undergraduate students (juniors and seniors) studying computer science, computer engineering, information systems, and related fields however, it is appropriate for other students who have strong technical backgrounds. Graduate students will be expected to take on more substantial projects than the undergraduate students. This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.
Readings will be assigned from the following texts. Additional readings will be assigned from papers available online or handed out in class.
Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.
Reading Assignment:
- Solove 1, 2
- Cranor 1
Reading Assignment:
- Solove 3
- Americans
and Online Privacy (Turow)
Homework 1 due September 7
Reading Assignment:
- Cranor 2
- Solove 4
- A Review of
the Fair Information Principles
- I Didn't
Buy it for Myself (Cranor)
- Managing
Information Technology Security and Privacy Compliance (Stampley)
Homework 2 due September 14
Reading Assignment:
- Solove 5
- How Privacy Notices
Promote Informed Consumer Choice (Culnan)
- Privacy:
Finding a Balanced Approach to Consumer Options (Gellman)
- Economic
Aspects of Personal Privacy (Varian)
- With a Grain of Salt
(Harper and Singleton)'
- [Optional: Beyond
Concern (Cranor, Reagle, and Ackerman)]
- [Optional: Do privacy seals
in e-commerce really work? (Moores and Dhillon)]
Project brainstorming due September 19
Homework 3 due September 21
Guest speaker 9/26: Serge Egelman
Reading Assignment:
- Cranor 3
- Detecting web
bugs with Bugnosis (Alsaid and Martin)
- FTC and
Spam (Allman)
- CRS
Internet Privacy Report
- Spyware:
Background and Policy Issues for Congress
- [Optional: Web bugs in contemporary
use (Martin, Wu, Alsaid)]
- [Optional: Suing spammers for fun
and profit (Egelman)]
- [Optional: Collateral
Damage in the Fight Against Spam (Cohn and Newitz)]
- [Optional: Stopping
Spyware at the Gate (Good et al) ]
Homework 4 due September 28
October 5: Discussion with privacy policy project client
Reading Assignment:
- Cranor 5, 6, 7
- Searching for
Privacy (Byers, Cranor, Kormann, and McDaniel)
- Cookies
and Web browser design (Millett, Friedman, and Felten)
- [Optional:
Cranor 12]
One-paragraph project description due October 3
Homework 5 due October 5 (includes privacy policy project part 1)
Reading Assignment:
- Cranor 11, 13
- [Optional: User
Interfaces for Privacy Agents (Cranor, Guduru, and Arjula)]
Homework 6 due October 12 (includes privacy policy project part 2)
Reading Assignment:
- Cranor Foreword, 4
- The Platform
for Privacy Preferences as a social protocol (Hochheiser)
- [Optional: Automated
analysis of P3P-enabled Web sites (Byers, Cranor, and Kormann)]
- [Optional: Cranor 14]
Project proposal due October 19
Guest speaker 10/24: Ian Goldberg
October 26: Discussion with privacy policy project client
Reading Assignment:
- Solove 6
- Identity
Theft (Givens)
- NAS Report, Chapters 1 and 2
- Security
without Identification (Chaum 1987)
- Anonymous Web
transactions with Crowds (Reiter and Rubin)
- [Optional: The architecture of
robust publishing systems (Waldman, Rubin, and Cranor)]
- [Optional: Off-the-record
communication (Borisov, Goldberg, and Brewer)]
Homework 7/8 due October 26
Guest speaker 10/31: Brad Malin [slides]
Reading Assignment:
- Solove 7, 8
- Sweeney
2001
- Sweeney
2002
Homework 9 due November 2
Reading Assignment:
- Solove 9, 10, 11
- Bigger
Monster, Weaker Chains
- [Optional: The
Transparent Society (Brin)]
- [Optional: We
like to watch (Goldstein)]
- [Optional: Big
Brother in the Wires]
Homework 10 due November 9 (includes privacy policy project part 3)
Reading Assignment:
- Enabling Video Privacy through Computer Vision (Senior
et al)
- RFID Privacy (Garfinkel, Jules, and Pappu)
- Candy-Coated Bits
- Faustian
Deal (Caloyannides)
- Developing
Privacy Guidelines for Social Location Disclosure Applications and
Services (Iachello et al)
Draft project due November 14
Homework 11 due November 16 (includes privacy policy project part 4)
Guest speaker 11/21: Michael Shamos [slides]
Reading Assignment:
- 9 to 5
(Balkovich, Bikson, and Bitko)
- Myths
and Facts about HIPAA
- Workplace Privacy
- A Brief Summary of the HIPAA Medical Privacy Rule
- [Optional: HPP Privacy
Guide, Presidential
Health]
Homework 12 due November 28
No required reading
No homework
Poster fair December 14, 2:30-4:30 pm (tentative)
Final project due December 9, 3 pm
This class will have no final exam. However, project presentations will be scheduled during our final exam slot, Tuesday, December 13, 1-4 pm. All students are expected to attend.
Your final grade in this course will be based on:
You are expected to complete the weekly reading assignments prior to the first class each week. Class discussions will often be based on these assignments and you will not be able to participate fully if you have not done the reading. It is suggested that you write up summaries and highlights as you read each chapter or paper and bring them with you to class.
All homework assignments must be typed and submitted electronically in Microsoft Word or PDF to privacy-homework AT cups DOT cs DOT cmu DOT edu. (Use this address only for submitting homework, not for asking questions about the homework.) Please place the homework number in the subject line (for example, "hw1"). Every homework submission must include a properly formatted bibliography that includes all works you referred to as you prepared your homework. These works should be cited as appropriate in the text of your answers.
All homework is due at 8:55 am on the due date. We will often discuss homework in class, so you should bring an electronic or hard copy of your homework with you to all classes. You will lose 5% for turning in homework after 8:55 am on the day it is due. You will lose an additional 5% for each late day after that. I reserve the right to take off additional points or refuse to accept late homework submitted after the answers have been discussed extensively in class. Reasonable extensions will be granted to students with excused absences or extenuating circumstances. Please contact me as soon as possible to arrange for an extension.
Cheating and plagiarism will not be tolerated. Students caught cheating or plagiarizing will receive no credit for the assignment on which cheating occurred. Additional actions -- including assigning the student a failing grade in the class or referring the case for disciplinary action -- may be taken at the discretion of the instructor.
A class mailing list has been setup for announcements, questions, and further discussion of topics discussed in class. Students will be expected to contribute to mailing list discussions. Students should post (non-personal) course-related questions to this mailing list rather than sending them to the instructor directly. Students are encouraged to post course-related items of interest to this mailing list.