15-508 / 17-801 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Computation, Organizations and Society

Fall 2004: Hamburg Hall 1003, 10:30 - 11:50 am
Class web site: http://lorrie.cranor.org/courses/fa04/ [Spring 2004 class web site]
Class mailing list: http://cups.cs.cmu.edu/mailman/listinfo/privacy-class

Professor: Lorrie Cranor

Teaching Assistant: Rob Reeder

Course Description

Privacy issues have been getting increasing attention from law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies and post them on their web sites, chief privacy officers are becoming essential members of many enterprises, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. As new technologies are developed, they increasingly raise privacy concerns -- the World Wide Web, wireless location-based services, and RFID chips are just a few examples. In addition, the recent focus on national security and fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an indepth look into privacy, privacy laws, and privacy-related technologies and self-regulatory efforts. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives.

This course is intended primarily for advanced undergraduate students (juniors and seniors) studying computer science or computer engineering; however, it is appropriate for other undergraduate majors who have strong technical backgrounds. Graduate students may also enroll in this course at the graduate level (they will be expected to take on more substantial projects than the undergraduate students). This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.

Required Texts

Readings will be assigned from the following texts. Additional readings will be assigned from papers available online or handed out in class.

Course Schedule

Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.

Week 1 (August 31, September 2): Overview

Week 1 slides

Reading Assignment: Garfinkel - 1; Smith - Introduction, Watchfulness, Serenity
Homework 1 due September 2

Week 2 (September 7, 9): History and Philosophy

Guest speaker 9/7: Peter Madsen, CMU Department of Philosophy [slides, computer ethics, case study]

Week 2 slides

Reading Assignment: Smith - Mistrust, Space, Curiosity
Homework 2 due September 9

Week 3 (September 14, 16): Fair Information Practice Principles and Privacy Laws

Week 3 slides

Reading Assignment: Cranor - 1, 2; Garfinkel - 2; Smith - Brandeis, Torts, The Constitution
Project brainstorming due September 14
Homework 3 due September 16

Week 4 (September 21, 23): Privacy Self-Regulation and Economics

Week 4 slides

Guest speaker 9/21: Alessandro Acquisti [slides]

Reading Assignment: Garfinkel - 8; Culnan; Gellman; Varian 1996; Moores; Beyond Concern; Americans and Online Privacy; Grain of Salt
Homework 4 due September 23
One-paragraph project description due September 23

Week 5 (September 28, 30): Online Privacy Concerns

Spam talk by Serge Egelman [slides]

September 30: Discussion with tcpulse.com

Week 5 slides

Reading Assignment: Cranor - 3; Smith - Cyberspace; web bugs paper; Bugnosis paper; FTC and Spam (Optional: Egelman)
Homework 5 due September 30

Week 6 (October 5, 7): P3P 1

Week 6 slides

Reading Assignment: Cranor - 5, 6 (p. 104-109 optional), 7, 11; Millett paper (Optional: Cranor 12)
Project proposal due October 5
Homework 6 due October 7

Week 7 (October 12, 14): P3P 2

Week 7 slides

Reading Assignment: Cranor - Foreword, 4, 13 (p. 225-235 optional); Hochheiser 2002; Byers 2003 (Optional: Cranor 14)
Homework 7 due October 14

Week 8 (October 19, 21): Identity and Biometrics

Week 8 slides

Guest speaker 10/19: Lisa Nelson, University of Pittsburgh Graduate School of Public and International Affairs

Reading Assignment: Garfinkel - 3; Smith - Numbers; Givens 2000; NAS Report, Chapters 1 and 2 (Optional: Garfinkel 10)
Homework 8 due October 21

Week 9 (October 26, 28): Data Privacy

Week 9 slides

Guest speaker 10/26: Brad Malin [slides]

Reading Assignment: Garfinkel - 4, 7; Smith Databanks; Sweeney 2001; Sweeney 2002
Homework 9 due October 28

Week 10 (November 2, 4): Anonymity and Privacy Enhancing Technologies

Week 10 slides

Guest speaker 11/4: Ann Cavoukian

Reading Assignment: Chaum 1987; Waldman 2001; Reiter 1999; Gillmor 2004
Intermediate project deliverables due November 2
Homework 10 due November 4

Week 11 (November 9, 11): Government Surveillance and Civil Liberties

Week 11 slides

Guest speaker 11/11: Jerry Berman, Center for Democracy and Technology

Reading Assignment: Garfinkel 5, 9; Smith Wiretaps; Bigger Monster, Weaker Chains; The Transparent Society (Optional: Big Brother in the Wires)
Homework 11 due November 11

Week 12 (November 16, 18): Healthcare Privacy and Workplace Privacy

Week 12 slides

Guest speaker 11/18: Michael Shamos [slides]

Reading Assignment: Garfinkel 6; Smith Sex; Myths and Facts about HIPAA; Workplace Privacy; (Optional: HPP Privacy Guide, Presidential Health)
Draft project due November 18
Homework 12 due November 18

Week 13 (November 23): Privacy and Technology

Week 13 slides

Reading Assignment: I Didn't Buy it for Myself; Tag You're it; Candy-Coated Bits; Faustian Deal (Optional: Garfinkel 11; Smith Epilogue)
Homework 13 due November 30

Week 14 (November 30, December 2): Current Issues and Poster Fair

Poster fair December 3, 3-5 pm; one of the regular class sessions this week will probably be cancelled

Week 14 slides

No required reading
No homework

Week 15 (December 7, 9): Project Presentations

Final project due December 7

Final exam Week: Project Presentations

This class will have no final exam. However, project presentations will be scheduled during our final exam slot, Monday, December 13, 1-4 pm. All students are expected to attend.

Course Requirements and Grading

Your final grade in this course will be based on:

All homework assignments must be typed and submitted in hard copy form, printed in an easy-to-read font. Every homework submission must include a properly formatted bibliography that includes all works you referred to as you prepared your homework. These works should be cited as appropriate in the text of your answers.

All homework is due in class on the due date. If you will not be in class or are having printing difficulties, you may submit your homework by email prior to class. We will often discuss homework in class, so you should bring a copy of your homework with you to all classes. You will lose 5% for turning in homework after class on the day it is due. You will lose an additional 5% for each late day after that. I reserve the right to take off additional points or refuse to accept late homework submitted after the answers have been discussed extensively in class. Reasonable extensions will be granted to students with excused absences or extenuating circumstances. Please contact me as soon as possible to arrange for an extension.

A class mailing list will be setup for announcements, questions, and further discussion of topics discussed in class. Students will be expected to contribute to mailing list discussions. Students should post (non-personal) course-related questions to this mailing list rather than sending them to the instructor directly. Students are encouraged to post course-related items of interest to this mailing list.

Optional Supplemental Texts

You are not required to read all (or any) of these books. However, you may find some of them useful depending on what topics you choose for your project and other assignments.

In Pursuit of Privacy: Law, Ethics, and the Rise of Technology, DeCew, Cornell University Press, 1997.

The Right to Privacy, Alderman and Kennedy, Random House, 1995.

The Privacy Payoff: How Successful Businesses Build Customer Trust, Cavoukian and Hamilton, McGraw-Hill Ryerson, 2002.

The Transparent Society, Brin, Perseus Books, 1998.

Technology and Privacy: The New Landscape, Agre and Rotenberg, MIT Press, 1997.