CPSC457/557: Sensitive Information in a Wired World



Time: TTh, 1:00 - 2:15
Location: AKW 400
Instructor: Joan Feigenbaum
Assistant: Judi Paige (AKW 507A, Judi.Paige@yale.edu, 203-436-1267)
Instructor Office Hours: Thurs 11:30 a.m. to 12:30 p.m. in AKW 512, or by appointment

Note: Do not send email to Professor Feigenbaum, who suffers from RSI. Please contact her through Ms. Paige or during office hours.

Course Description

Increasing use of computers and networks in business, government, recreation, and almost all aspects of daily life has led to a proliferation of online sensitive data. Sensitive data are those that, if used improperly, can harm the data subjects, data owners, data users, or other interested parties. As a result, concern about the ownership, control, privacy, and accuracy of these data has become a top priority. This course focuses on both the technical challenges of handling sensitive data and the policy and legal issues facing data subjects, data owners, and data users.

CPSC 457/557 was inspired by the NSF-sponsored PORTIA project, which finished in September 2010 and on which Professor Feigenbaum was the Yale PI. It has been taught three times before, in 2011, 2006, and 2003.



Requirements

Course requirements and grading scheme can be found here, in the notes for the first meeting of the class on August 29, 2013.

Students enrolled in CPSC 557 (the grad-student version of this course) must submit their final papers or projects by December 11, 2013 (the last day of Reading Period). Examples of appropriate final papers can be found on the websites for the 2006 and 2003 renditions of CPSC 457/557. If you are interested in doing an implementation project instead of a paper, please contact Professor Feigenbaum (by email to her and Ms. Paige) as soon as possible.



Exams

  1. "Study Sheet" for Exam 1 on October 15, 2013: The scope of Exam 1 includes all of the material covered in class or in required reading up to and including October 8, 2013 except TOR. To prepare, start by reviewing (the required parts of) reading assignments 1 through 7 and the slides for Lectures 1 through 12. You may also wish to review the exams and answer keys from the 2011 rendition of CPSC 457/557 (but bear in mind that the scopes of both of those exams are different from the scope of this one, because the material covered in the course was different). Practice questions and answers can be found below. The October 10, 2013 class period was devoted to Q+A and further study tips for Exam 1. If you were not in class on October 10, please talk to one of your classmates to find out what was said.
  2. Questions received by email during the weekend before Exam 1 and the answers to those questions can be found here.
  3. Practice Questions and Answers for Exam 1:
  4. "Study sheet" for Exam 2 was distributed by email on November 22, 2013. The exam will be given on December 5, 2013 in class.


Assignments

  1. August 29, 2013:
  2. September 3, 2013:
  3. September 10, 2013:
  4. September 12, 2013: Read G. T. Marx's classic article "Identity and Anonymity: Some Conceptual Distinctions and Issues for Research,"
  5. September 19, 2013:
  6. September 24 and 26, 2013: Read Chapter 2, Sections 11.2 through 11.5, and Section 19.3 of Schneier's Applied Cryptography book. (You must either be on the Yale network [either on campus or through VPN] to use this link.)
  7. October 1, 2013:
  8. October 13, 2013:
  9. October 20, 2013:
  10. October 24, 2013: In preparation for Ariel Ekblaw and Alexandra Noonan's presentation about Google as a steward of sensitive information, please read:
  11. October 26, 2013:
  12. November 1, 2013:
  13. November 8, 2013:
  14. November 15, 2013:


Lectures

  1. August 29, 2013: Course Overview, Introduction. [slides]
  2. September 3, 2013: Introduction to US copyright law and the tension between it and the digital world. [slides]
  3. September 5, 2013: Guest lecture by Debayan Gupta on copyright enforcement. [slides]
  4. September 10, 2013: Introduction to online-privacy issues. [slides] See also this 10-year-old but still somewhat relevant presentation about privacy laws and regulations by former CPSC 557 student Ashley Green.
  5. September 12, 2013: Introduction to online identity management. [slides]
  6. September 17, 2013: Internet Basics, part 1. [slides]
  7. September 19, 2013: Internet Basics, part 2. [slides]
  8. September 24, 2013: Overview of interdomain routing. [slides] Introduction to cryptography, part 1.
  9. September 26, 2013: Introduction to cryptography, part 2. The crypto material covered in this lecture and the previous one is in Chapter 2, Sections 11.2 through 11.5, and Section 19.3 of Schneier's Applied Cryptography book. (You must either be on the Yale network [either on campus or through VPN] to use this link.)
  10. October 1, 2013: Public-key certificates and public-key infrastructure. [slides] The material presented in class today is a subset of the Feb. 21 lecture in this cryptography course.
  11. October 3, 2013: SSL/TLS and the role of certs and PKI therein. [slides] The SSL/TLS material presented in class today is a subset of the Jan. 24 lecture in this cryptography course.
  12. Introduction to the TOR anonymous-communication system.
  13. October 8, 2013: Presentations by Meng Huang (Digital Copyright in China [slides]) and Yang Li (Internet Censorship in China [slides])
  14. October 10, 2013: Review for Exam 1.
  15. October 15, 2013: [Exam 1] [AnswerKey 1]
  16. October 17, 2013: Presentations by Jeffrey Zhu (the X.509 certificate framework [slides]) and Sean Haufler (TOR, part 1 [slides])
  17. October 22, 2013: Dimitri Cavoulacos (TOR, part 2 [slides]) and Yuan Lu (Biometric Identification Online [slides])
  18. October 29, 2013: Ariel Ekblaw and Alexandra Noonan (Google as a steward of sensitive information [slides])
  19. October 31, 2013: Hushiyang Liu (differential privacy [slides]) and Brandon Smith (privacy policies [slides])
  20. November 5, 2013: Jadon Montero (Citizen journalism and its implications for privacy [slides])
  21. November 7, 2013: Yuan Xia (Targeted advertising and privacy [slides]) and Haotian Xu (Privacy issues in LinkedIn [slides])
  22. November 12, 2013: Swara Kopparty (the information economy [slides]) and Yuye Wang (Online reputation systems [slides])
  23. November 14, 2013: Aayush Upadhyay and Naicheng Wangyu (Mobile payments and how they implicate online privacy and online identity [slides])
  24. November 19, 2013: David Cruz (Deep Packet Inspection [slides])
  25. November 21, 2013: Jazear Brooks (Overview of the surveillance morass [slides]) and Jeremie Koenig (Can we "take back" the Internet [slides])
  26. December 3, 2013: Review for Exam 2.
  27. December 5, 2013: [Exam 2] [AnswerKey 2]