15-508 / 17-801 / 19-608: Privacy Policy, Law, and Technology

Semester Project

All students in this course will be required to complete a project that they work on throughout the semester. This is intended to be an individual project; however, groups of students may choose complementary projects that they work on together (we the instructor's approval).

Schedule

January 15 - Project assignment discussed in class
February 17 - Project proposals due
April 27, 29; May 7 (1-4 pm) - Project presentations
April 29 Project reports due

Project Proposal

The project proposal should include the background and motivation for your proposed project, as well as a detailed proposal of what you intend to do. You might think of this as being similar to a grant proposal (without the need to fill out government forms or prepare a budget request). In the process of preparing this proposal you should conduct a literature review so that you can cite the relevant related work in your proposal.

Most of your grade will be based on your literature review, background, and motivation. Writing quality (grammar, spelling, clarity, etc.) will be taken into account in your grade as well. Besides being a graded assignment, the project proposal serves as a way for you to organize your thoughts about how to proceed with your semester project and to communicate them to your instructor. You will receive feedback on your proposal that may result in some changes to your project plans. Feel free to submit your proposal early or to discuss ideas in your proposal with the instructor before submitting it so that you can get early feedback.

Project Presentation

You should prepare an 8-10 minute presentation that provides an overview of your project report. Following your presentation your instructor and classmates will have an opportunity to ask you questions about your project. You will be graded on the organization and clarity of your presentation, your effective use of visual aids, your oral presentation skills, and your responses to questions. It is recommended that you do a practice run of your presentation for your friends.

Project Report

Your project report should document the work you have done on your project. It should include an updated version of the literature review, background, and motivation from your project proposal. If your project primarily involved writing a paper, then your project report may be the only artifact you submit. On the other hand, if you developed software or created something as part of this project, you should submit whatever you created in addition to the report. In the latter case, the report should document what you did and may include information about obstacles you encountered, testing and evaluation, design rationale, etc., as appropriate. Please consult with the instructor about what should be included in your report if you have any doubts. You will be graded both on your results as well as the accompanying explanation in your report.

Graduate students are expected to write up their report in a format suitable as a conference paper submission.

Project ideas

The following are a list of suggested projects. Students may select one of these projects or develop their own project idea in consultation with the instructor.

1. Research the efforts underway to develop standard format, short privacy notices as well as the processes that lead to the development of other types of consumer notices such as nutrition labels and various safety warnings. Critique the designs for a short privacy notice that have been proposed and offer your own proposal for a notice design. Identify specific areas where further research or consumer testing is needed to further refine the design and carry out a small consumer test to gain additional insights into at least one of these areas. Relevant URLs to get you started: http://www.privacyconference2003.org/resolution.asp, http://www.ftc.gov/opa/2003/12/privnoticesjoint.htm
2. Design and implement a privacy-related software tool that offers functionality or features that are different from the other tools currently available. You might develop a stand-alone tool or develop a module for another piece of software, for example Mozilla. Depending on the scope of what you have in mind, it may not be feasible to implement your entire design during this semester, in which case you should implement one component of the design and document the rest of the design, perhaps also implementing a mocked up user interface. Your report should explain the rationale behind your design, the types of privacy protections this software offers, who would be interested in using it, and how it differs from other software currently available.
3. Conduct a "Consumer Reports" style review of consumer privacy software products and services. You should identify a type of product or service to investigate and develop a set of criteria for evaluating and comparing these products. Then you should carry out tests on a set of these products. Your review should include background information on these products and advice for consumers as well as the results of your evaluations. Unlike the real "Consumer Reports" your report is not limited to a few magazine pages, so you can (and should) go into a bit more detail than you will usually find in a magazine review.
4. Research transit card systems used throughout the world and discuss the privacy implications of each. All such systems are designed to provide authorization. However, some also provide identification or authentication. Some have the ability to track a card over multiple trips and others do not. Some have actually been used by law enforcement to track people as part of their investigations. What are the tradeoffs of the different kinds of systems? Can you find any evidence that privacy issues were a factor when systems were selected? Some URLs to get you started: http://news.bbc.co.uk/1/hi/technology/3121652.stm, http://www.newamerica.net/index.cfm?pg=article&pubID=1269
5. Research the history of computer professionals' involvement in privacy issues. As new computing technologies have raised new privacy concerns, what role have computer scientists played in bringing these concerns to light, developing designs that minimize privacy risks, and advocating public policies that help mitigate privacy concerns?