15-508 / 17-801 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Homework 5 - due October 5, 2005

Reading Assignment:
- Cranor 5, 6, 7
- Searching for Privacy (Byers, Cranor, Kormann, and McDaniel)
- Cookies and Web browser design (Millett, Friedman, and Felten)
- [Optional: Cranor 12]

1. Write a short summary of each chapter and article in the reading assignment (2-5 sentences each). After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy. [20 points]

2. Do part 1 of the privacy policy project. [30 points]

3. Try at least two P3P user agents (for example, Privacy Bird, Privacy Finder, IE6, Netscape 7 -- see http://www.w3.org/P3P/implementations for other choices, but don't review P3P-related software that is not a user agent). Then answer the following:

Note: You may need to find a Windows machine to complete this question as some P3P user agents only run under Windows. [30 points]

4. Use the tool at http://sky.cylab.cmu.edu/tappa/survey/hwk.php to create a P3P policy for a bank. Use the information in the site's privacy policy. For information not given by the site, check the "unclear" box (this is not actually part of P3P, but we've added it in this tool so that we can create P3P policies with incomplete information). Note that this tool will create only one statement, so combine everything into a single statement rather than trying to create multiple statement elements. If you need more information about any of the fields, consult your P3P book. If you have trouble using the tool or find bugs, please contact Steve Sheng xsheng AT andrew. [20 points]