CPSC457/557: Sensitive Information in a Wired World
T,Th: 2:30-3:45pm; Room 400 AKW
Instructor: Joan Feigenbaum
Office: AKW 512; Telephone: 203-432-6432
Office hours: Tuesdays 4-5pm & Thursday 9-10am
Professor Feigenbaum suffers from Repetitive Strain Injury and cannot handle
large amount of emails. Do NOT send her email about CPSC457/557; instead, please
contact her through the TA or her assistant
Judi Paige (Tel: 203-436-1267).
TA: Ganghua Sun
Office: AKW509; Telephone: 203-432-1229
Office hours:
Course description:
Increasing use of computers and networks in business, government, recreation,
and almost all aspects of daily life has led to a proliferation of online sensitive
data, i.e., data that, if used improperly, can harm the data subjects. As a result,
concern about the ownership, control, privacy, and accuracy of these data has become
a top priority. This course focuses on both the technical challenges of handling
sensitive data and the policy and legal issues facing data subjects, data owners,
and data users.
This course was inspired by the NSF-sponsored
PORTIA project, on which Professor
Feigenbaum is one of the investigators.
Announcements:
Final Projects are due on December 12, 2003.
Class and office hours are both cancelled on Sept. 18, 2003.
Project descriptions are due on September 23, 2003. You may hand them in on paper
in class or email them to the TA. They should be at most one page long. Some general
suggestions for project topics are given below; you may choose a specific example of one
of these or design a project from scratch. Remember that you may work in groups if and
only if you are doing an implementation project.
Presentation Schedule
Tu Oct 9 H. Salmasian (
"On the Privacy of Statistical Databases," by I. Dinur and K. Nissim)
Th Oct 16 J. Yeh (Identity-Theft Legislation in the US,
Presentation, Assigned Reading, Final Paper)
Tu Oct 21 J. Wong (Anti-spam legislation, Presentation, Assigned Reading, Final Paper)
Th Oct 23 W. Maness (Privacy act of 2003 [S.745], Presentation, Final Paper)
Tu Oct 28 A. Cushner (HIPAA, Presentation, Assigned Reading, Final Paper)
Th Oct 30 A. Green (Taxonomy of PETs, I, Presentation, Assigned Reading,Final Paper)
Tu Nov 4 B. Vellanki (Taxonomy of PETs, II, Presentation, Assigned Reading, Final Paper)
Tu Nov 11 H. Kim and C. Lu (P3P, Kim's Presentation, Lu's Presentation, Assigned Reading, Kim's Final Paper, Lu's Final Paper)
Th Nov 13 H. Fuldner (Implementing privacy policies in financial services, Assigned Reading, Presentation, Final Paper)
Tu Nov 18 P. Mitra (Reputation in P2P systems, Assigned Reading, Presentation, Assigned Reading, Presentation, Final Paper)
Tu Dec 2 B. Rosen (Infrastructural Requirements for Sensitive-Data Handling, Assigned Reading, Presentation, Final Paper)
General Project-Topic Suggestions:
A study of a "privacy-enhancing technology" that is currently deployed.
An overview or taxonomy of the field of "privacy-enhancing technology."
Design and implement a prototype of a privacy-enhancing technology.
Write a "white paper" on a policy or legislative issue that is relevant to sensitive
data. Potential topics include health-information privacy and spam fighting.
Study the expressibility and efficient decidability of laws and/or typical policies
in a sensitive-data domain (e.g., HIPAA in the health-information domain or
Graham-Leach-Bliley in the financial-information domain).
Propose, design, implement, or critique technology that supports (or claims to support)
"Fair Information" practices, as defined by the OECD.
Describe what actually happens to data in a real-world, end-to-end transmission, and
evaluate it from a "sensitivity" point of view. Relevant scenarios include connection of home
computers to the Internet, secured web-based interfaces to unencrypted databases, and
encrypted-email transmission.
Try to solve one of the theoretical problems in the proposal distributed at the first
class, e.g., one of the "privacy-preserving data-mining" problems.
Books on Reserve in Becton Library
Lorrie Cranor, "Web Privacy with P3P," O'Reilly & Associates, Sebastapol, 2002.
David Flaherty, "Protecting Privacy in Surveillance Societies: The Federal Republic of
Germany, Sweden, France, Canada, and the United States," University of North Carolina Press,
Chapel Hill, 1989.
Simson Garfinkle, "Database Nation: The Death of Privacy in the 21st Century," O'Reilly
& Associates, Sebastapol, 2000.
Suggested Reading
R. X. Cringely, "How to
Steal $65 Billion: Why Identity Theft is a Growth Industry".
J. Feigenbaum, E. Freedman, T. Sander, and A. Shostack, "Privacy Engineering in Digital Rights Management Systems," in
Proceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management,
Springer Verlag, Berlin, 2002, LNCS vol. 2320, pages 76-105.
L. Cranor, "'I Didn't Buy it for
Myself': Privacy and Ecommerce Personalization," to appear in Proceedings of the 2003 ACM
Workshop on Privacy in the Electronic Society.
I. Dinur and K. Nissim,
"On the Privacy of Statistical Databases," in Proc. of 2003 ACM Symposium on Principles
of Distributed Computing.
Y. Lindell and B. Pinkas,
"Privacy Preserving Data Mining," J. Cryptology, 13 (2002), pp. 177-206.
J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, R. Wright,
Secure Multiparty Computation of
Approximations (Extended Abstract)," in Proceedings of 2001 ICALP.
CNN.com - JetBlue violates privacy policy - Sept. 19, 2003.
Lorrie Cranor, "Privacy in P3P,"
Chapter 1.
S. Hansell, "Spam Fighters Turn to Identifying Legitimate Email," New York Times, Oct. 6, 2003.
Rajeev Motwani's privacy
reading list.
John Schwartz, Venture to Offer ID Card for Use at Security Checks, New York Times, October 23, 2003
Identity Theft News
John Schwartz, "Snoop Software Gains Power and Raises Privacy Concerns," New York Times, October 10, 2003
Muriel Dobbin, "New airport technology screen foreign visitors," October 28, 2003.
Ryan Singel, "How Much Is Privacy Worth?" Wired News, December 03, 2003.
"Cash Value 1/10 of a Cent," Slashdot, December 6, 2003.