15-508 / 17-801 / 19-608: Privacy Policy, Law, and Technology

Description | Required Texts | Schedule | Requirements | Optional Texts |

Spring 2004: Tuesdays and Thursdays 9-10:20 am, Porter Hall 126A
Class web site: http://lorrie.cranor.org/courses/sp04/

Professor: Lorrie Cranor

Course Description

Privacy issues have been getting increasing attention from law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies and post them on their web sites, chief privacy officers are becoming essential members of many enterprises, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. As new technologies are developed, they increasingly raise privacy concerns -- the World Wide Web, wireless location-based services, and RFID chips are just a few examples. In addition, the recent focus on national security and fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an indepth look into privacy, privacy laws, and privacy-related technologies and self-regulatory efforts. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives.

This course is intended primarily for advanced undergraduate students (juniors and seniors) studying computer science or computer engineering; however, it is appropriate for other undergraduate majors who have strong technical backgrounds. Graduate students may also enroll in this course at the graduate level (they will be expected to take on more substantial projects than the undergraduate students). This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work.

Required Texts

Readings will be assigned from the following texts. Additional readings will be assigned from papers available online or handed out in class.

Course Schedule

Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.

Week 1 (January 13, 15): Overview

Reading Assignment: Garfinkel 1,2; Agre and Rotenberg Introduction, 1, 2
Homework 1 due January 15

Week 2 (January 20, 22): Fair Information Practice Principles and Privacy Laws

January 22 - Guest speaker: Michael Madison, University of Pittsburgh School of Law [slides]

Reading Assignment: Cranor 2; Agre and Rotenberg 3, 7, 8
Homework 2 due January 22

Week 3 (January 27, 29): Privacy Self-Regulation

Reading Assignment: Garfinkel 8; Agre and Rotenberg 5; Smith 1993; Culnan; Gellman; Moores
Homework 3 due January 29

Week 4 (February 3, 5): Online Privacy Concerns

Reading Assignment: Cranor Foreword, 1, 3; web bugs paper; Bugnosis paper
Homework 4 due February 5


Week 5 (February 10, 12) P3P

Reading Assignment: Cranor 5, 6, 7, 11, 12; ; Millett paper
Homework 5 due February 12

P3P slides

Week 6 (February 17, 19): P3P; A view from Washington

February 17 - Guest speaker: Marc Rotenberg, EPIC

Reading Assignment: Cranor 4, 13, 14; Hochheiser 2002; Byers 2003
Project proposal due February 17
Homework 6 due February 19

Week 7 (February 24, 26): Identity, Economics of Privacy

February 26 - Guest speaker: Alessandro Acquisti

Reading Assignment: Garfinkel 3, 10; Varian 1996; Givens 2000; NAS Report, Chapters 1 and 2
Homework 7 due February 26

Week 8 (March 2, 4): Anonymity

March 4 - Work in small groups (2-4 students) on part 4 of the mini project. Each group should email their work to the professor by March 8.

Reading Assignment: Chaum 1987; Waldman 2001; Reiter 1999; Gillmor 2004
Homework 8 due March 8 via email


Week 9 (March 16, 18): Data Privacy

March 16 - Guest speaker: Latanya Sweeney

Reading Assignment: Garfinkel 4, 7; Sweeney 2001; Sweeney 2002
Homework 9 due March 18

Week 10 (March 23, 25): Government Surveillance and Civil Liberties

March 23 - Guest speaker: Hal Abelson

Reading Assignment: Garfinkel 5, 9; Agre and Rotenberg 6, 9; Bigger Monster, Weaker Chains; Big Brother in the Wires; The Transparent Society
Homework 10 due March 25

Week 11 (March 30, April 1): Privacy and Technology

Reading Assignment: Agre and Rotenberg 10; Koerner 2003; Tag You're it; I Didn't Buy it for Myself
Homework 11 due April 1

Week 12 (April 6,8): Privacy Surveys and Privacy Enhancing Technologies

Reading Assignment: Agre and Rotenberg 4; Beyond Concern; Americans and Online Privacy; Most People are Privacy Pragmatists; Do Not Call Registry Is Working Well; Culnan-Milne Survey (see also related press release)
Homework 12 due April 8


Week 13 (April 13): Healthcare Privacy and Workplace Privacy

April 13 - Guest speaker: Michael Shamos

Spring Carnival, no class April 15

Reading Assignment: Garfinkel 6, 11; Myths and Facts about HIPAA; HPP Privacy Guide; Presidential Health; Workplace Privacy
Homework 13 due April 15 via email

Week 14 (April 20, 22): Current Issues

2004 Computers, Freedom, and Privacy Conference - San Francisco

April 20 - Guest Lecture on spam: Jim Herbsleb

Reading Assignment: Egelman; Spam!; FTC and Spam
Homework 14 due April 22

Week 15 (April 27, 29): Project Presentations

Final exam Week: Project Presentations

This class will have no final exam. However, project presentations will be scheduled during our final exam slot May 7, 1-4 pm. All students are expected to attend.

Course Requirements and Grading

Your final grade in this course will be based on:

A class mailing list will be setup for announcements, questions, and further discussion of topics discussed in class. Students will be expected to contribute to mailing list discussions. Students should post (non-personal) course-related questions to this mailing list rather than sending them to the instructor directly. Students are encouraged to post course-related items of interest to this mailing list.

All homework assignments must be typed and submitted in hard copy form, printed in an easy-to-read font.

Optional Supplemental Texts

You are not required to read all (or any) of these books. However, you may find some of them useful depending on what topics you choose for your project and other assignments.

In Pursuit of Privacy: Law, Ethics, and the Rise of Technology, DeCew, Cornell University Press, 1997.

The Right to Privacy, Alderman and Kennedy, Random House, 1995.

The Privacy Payoff: How Successful Businesses Build Customer Trust, Cavoukian and Hamilton, McGraw-Hill Ryerson, 2002.

The Transparent Society, Brin, Perseus Books, 1998.