15-508 / 17-801 / 19-608: Privacy Policy, Law, and Technology

Homework 9 - due March 18, 2004

Reading assignment: Garfinkel 4, 7; Sweeney 2001; Sweeney 2002

1. Do problem 2 on page 25 of the Sweeney article.

2. The table below contains information from the course roster for our class. Suppose some researchers were interested in finding out whether there was any correlation between grades in this class and student college, department, or class. (a) If I were to add grade information to this table and give it to the researchers, would you consider this to be an anonymous release of this data? Why or why not? (b) Determine the minimum number of fields you would need to change in order to make this table k-anonymous for k=2. Rewrite this table with your changes highlighted.

COLLEGE DEPT    CLASS
SCS	CS	4
SCS	CS	3
SCS	CS	3
HSS	PHI	4
SCS	CS	4
SCS	CS	3
SCS	CS	3
CIT	INI	10
CIT	EPP	20
MIS	SPC	0
HNZ	PPM	10

3. CMU currently prints student ID numbers (usually SSN) on course rosters for professors. Professors usually do not need these numbers. However, they may need them to make sure they submit grades for the right students if they have multiple students with the same name. (a) If student ID numbers were removed from course rosters, what alternative mechanism could be used to allow professors to uniquely identify students in their classes when submitting grades? Why is this alternative better than using the current student ID numbers? (b) CMU is in the process of building a new student information system that will no longer use SSNs as identifiers. Recommend an existing identifier or a new identifier to replace SSNs as student identifiers. If you recommend using a new identifier, how should it be generated? What properties does your proposed identifier have that make it a good choice?

4. Why is it advantageous for anonymity service providers to offer their services free of charge?