CPSC457/557: Sensitive Information in a Wired World

Time: TTh, 1:00 - 2:15
Location: AKW 400
Instructor: Joan Feigenbaum
Assistant: Judi Paige (AKW 507A, Judi.Paige@yale.edu, 203-436-1267)
Instructor Office Hours: Thurs 11:30 a.m. to 12:30 p.m. in AKW 512, or by appointment
TA: Hongda Xiao (hongda.xiao@yale.edu)

Note: Do not send email to Professor Feigenbaum, who suffers from RSI. Contact her through Ms. Paige or the TA.

Course Description

Increasing use of computers and networks in business, government, recreation, and almost all aspects of daily life has led to a proliferation of online sensitive data. Sensitive data are those that, if used improperly, can harm the data subjects, data owners, data users, or other interested parties. As a result, concern about the ownership, control, privacy, and accuracy of these data has become a top priority. This course focuses on both the technical challenges of handling sensitive data and the policy and legal issues facing data subjects, data owners, and data users.

CPSC 457/557 was inspired by the NSF-sponsored PORTIA project, which finished in September 2010 and on which Professor Feigenbaum was the Yale PI. It was taught twice before, in 2003 and 2006.


Exam 1 (October 13): 25%
Exam 2 (December 1): 25%
Oral presentation: 25%
Class participation: 25%

Note: There is no final exam during exam period at the end of the semester.


  1. September 6, 2011: Please get in touch by email as soon as possible with BOTH Joan.Feigenbaum@yale.edu and Judi.Paige@yale.edu about the following matters:
  2. Instructions for student presentations:
  3. "Study sheet" for Exam 1 on October 13, 2011: To prepare for Exam 1, start by reviewing reading assignments 1 and 6, as well as this webpage about Fair Information Practice Principles. Then review the slides and primary reading assignments for the five student presentations that were given on or before October 6, 2011. Exam questions will focus on how the Internet (and digital technology more generally) challenges copyright and privacy principles in the five scenarios covered by these presentations: Digital Rights Management, Digital Publishing Rights, International Copyright, Social Networking, and Privacy of Educational Records.
  4. "Study sheet" for Exam 2 on December 1, 2011: To prepare for Exam 2, start by reviewing the student presentations given on Oct 11, Nov 1, Nov 15, and Nov 17 and the following reading assignments on technological foundations:
    Detailed instructions on how to prepare for Exam 2 can be found here.


  1. September 1, 2011: Course Overview, Introduction. [slides]
  2. September 6, 2011: Introduction to US copyright law and the tension between it and the digital world
  3. September 8, 2011: Copyright issues in digital music distribution
  4. September 13, 2011: The Digital Millenium Copyright Act
  5. September 15, 2011: Music vs. movies vs. books from a digital-copyright perspective
  6. September 20, 2011: Introduction to privacy-preserving protocols: secure multiparty function evaluation, private information retrieval, and differential privacy
  7. September 22, 2011: Student presentations by Debayan Gupta [slides] and Elizabeth Roberts [slides]
  8. September 27, 2011: Student presentation by Christina Wallin [slides] and a privacy-preserving protocol for the "Yao Millionaires' Problem"
  9. September 29, 2011: Guest lecture by Brad Rosen
  10. October 4, 2011: More about the Yao Millionaires' Problem, Shamir secret sharing, and the BGW protocol for private, multiparty function evaluation
  11. October 6, 2011: Student presentations by Franklin Song [slides] and Ewa Syta [slides]
  12. October 11, 2011: Review for Exam 1 and student presention by Anton Petrov [slides]. See this FAQ for more information about the work that Anton presented.
  13. October 13, 2011: [Exam1] [AnswerKey1]
  14. October 18, 2011: Discussion of technical foundations of electronic cash, online identity systems, and ad targeting.
  15. October 20, 2011: Electronic cash based on digital signatures, part I.
  16. October 25, 2011: Electronic cash based on digital signatures, part II.
  17. October 27, 2011: Digital certificates and certifying authorities. Electronic cash that is not based on digital signatures; see this paper by Adam Back.
  18. November 1, 2011: Student presentations by Aaron Segal [slides] and Max Uhlenhuth [slides]
  19. November 3, 2011: Further discussion of the BitCoin digital-cash system.
  20. November 8, 2011: Guest lecture by Margot Kaminski and Wendy Seltzer
  21. November 10, 2011: Differential privacy; see this paper, by Cynthia Dwork. Video of a related talk by Dwork can be found here; these are the slides used in that talk.
  22. November 15, 2011: Student presentation by John Langhauser [slides] and guest presentation by Georgios Zervas [slides] on his experience discovering and resolving a threat to personal-data security on Yelp.
  23. November 17, 2011: Student presentations by Matt Gaba [slides] and Ben Silver [slides]
  24. November 29, 2011: Review for Exam 2
  25. December 1, 2011: [Exam2] [AnswerKey2]

Reading Assignments

  1. September 6, 2011: The following material is taken from a 2000 report by the National Research Council entitled "The Digital Dilemma." Because it is 11 years old, some of it is out of date, but (for better and for worse) much of it is still timely and relevant.
  2. September 13, 2011: Please read the following articles before class on Thursday, September 15. The main topic of discussion will be differences and similarities among books, music, and movies from the digital-copyright perspective.
  3. September 17, 2011: Please read the following article before class on Thursday, September 22, in preparation for Debayan Gupta's presentation. The main topic of discussion will be the authors' conclusions, which are given in Section 11.
  4. September 19, 2011: Please read the following articles before class on Thursday, September 22, in preparation for Elizabeth Roberts's presentation. Note that the second article is quite long; if you do not have time to read all it, just read the executive summary and skim the rest. The main topic of discussion will be the challenge to authors' "publication rights" posed by the Internet and other digital technologies.
  5. September 20, 2011: Please read the following articles before class on Tuesday, September 27, in preparation for Christina Wallin's presentation. The discussion of the Anti-Counterfeit Trade Agreement document will be focused on Section 5: Enforcement of Intellectual Property Rights in the Digital Environment. So, if you may not have time to read the entire document, start with Section 5.
  6. September 24, 2011: Please read the following material in preparation for Brad Rosen's guest lecture on September 29, 2011.
  7. October 1, 2011: Please read the following material for class on Thursday, October 6, 2011. The FERPA discussion will focus on whether universities should be more proactive in informing students of their FERPA rights and whether FERPA should treat physical and electronic records differently. The social-network discussion will focus on social-network users' perception of online privacy and whether the existence of one dominant social network is a plus or minus for privacy.
  8. October 7, 2011: Please read the following articles in preparation for Anton Petrov's presentation on October 11, 2011. The presentation and discussion will focus on real-world, collaborative-filtering attacks that have occurred over the past 15 years and technical approaches to preventing them. For a purely technical treatment of the de-anonymization techniques used in this work, see the original paper by Narayanan and Shmatikov. A FAQ about this paper can be found here.
  9. October 23, 2011: Please read the following papers in preparation for Max Uhlenhuth's and Aaron Segal's presentations on November 1, 2011. Additional information about BitCoin can be found in this video and this FAQ sheet. Recently, a flaw in the incentive structure of BitCoin was found, and a fix was suggested; see this paper by Babaioff et al.
  10. October 25, 2011: The electronic-cash schemes covered in lectures 16 and 17 can be found in Section 12.5 of these lecture notes by Goldwasser and Bellare.
  11. November 1, 2011: For the November 8 lecture by Margot Kaminski and Wendy Seltzer, please read the following articles about online identity and anonymity: Additional (not required) background for this lecture can be found on the Fair Information Practice Principles and Privacy by Design websites.
  12. November 10, 2011: For the November 15 presentation by John Langhauser, please read the following items about targeted online advertising. The first one, about EU privacy regulation, is 36 pages, the second is draft US legislation, and the other articles are short.
  13. November 13, 2011: Please read the following material for November 17, 2011.