CPSC457/557: Sensitive Information in a Wired World
Time: TTh, 1:00 - 2:15
Location: AKW 400
Instructor: Joan Feigenbaum
Assistant: Judi Paige (AKW 507A, Judi.Paige@yale.edu, 203-436-1267)
Instructor Office Hours: Thurs 11:30 a.m. to 12:30 p.m. in AKW 512, or by appointment
Note: Do not send email to Professor Feigenbaum, who suffers from RSI. Please contact her through Ms. Paige or during office hours.
Increasing use of computers and networks in business, government, recreation, and almost all aspects of daily life has led to a proliferation of online sensitive data. Sensitive data are those that, if used improperly, can harm the data subjects, data owners, data users, or other interested parties. As a result, concern about the ownership, control, privacy, and accuracy of these data has become a top priority. This course focuses on both the technical challenges of handling sensitive data and the policy and legal issues facing data subjects, data owners, and data users.
CPSC 457/557 was inspired by the NSF-sponsored PORTIA project, which finished in September 2010 and on which Professor Feigenbaum was the Yale PI. It has been taught three times before,
Course requirements and grading scheme can be found
here, in the notes for the first meeting of the class on August 29, 2013.
Students enrolled in CPSC 557 (the grad-student version of this course) must submit their final papers or projects by December 11, 2013 (the last day of Reading Period). Examples of appropriate final papers can be found on the
websites for the 2006
and 2003 renditions of CPSC 457/557. If you are interested in doing an implementation project instead of a paper, please contact Professor Feigenbaum (by email to her and Ms. Paige) as soon as possible.
- "Study Sheet" for Exam 1 on October 15, 2013: The scope of Exam 1 includes all of the material covered in class or in required reading up to and including October 8, 2013 except TOR. To prepare, start by reviewing (the required parts of) reading assignments 1 through 7 and the slides for Lectures 1 through 12. You may also wish to review the exams and answer keys from the 2011 rendition of CPSC 457/557 (but bear in mind that the scopes of both of those exams are different from the scope of this one, because the material covered in the course was different). Practice questions and answers can be found below. The October 10, 2013 class period was devoted to Q+A and further study tips for Exam 1. If you were not in class on October 10, please talk to one of your classmates to find out what was said.
- Questions received by email during the weekend before Exam 1 and the answers to those questions can be found here.
- Practice Questions and Answers for Exam 1:
- "Study sheet" for Exam 2 was distributed by email on November 22, 2013. The exam will be given on December 5, 2013 in class.
- August 29, 2013:
- Required: Read the introduction to
Helen Nissenbaum's book Privacy in Context: Technology, Policy, and the Integrity of Social Life.
- Optional: Read Ross Douthat's recent New York Times op-ed piece about (the lack of) online privacy.
- September 3, 2013:
- Required: Students who are not already familiar with the material about US copyright law and the Digital Millenium Copyright Act that was covered in class today should read the following three chapters of The Digital Dilemma: Intellectual Property in the Information Age:
Everyone should read Lessons from the Sony CD DRM Episode by Halderman and Felten.
- Optional: Read The Heavenly Jukebox, by Charles C. Mann. It is somewhat of a time capsule, having been published in September 2000 (before most of what defines our current online-music environment took shape), but it is a very informative and amusing description of the music business, and parts of it are still relevant.
- September 10, 2013:
- Read Daniel Solove's article A Taxonomy of Privacy. Appropos of our discussion about why there is not more public outrage about the surveillance morass, read Bruce Schneier's blog post about Commandeering the Internet (in which he points out that many large web-based companies are already comprehensively surveilling their users).
- On or before Tuesday, September 17, 2013, send email to Professor Feigenbaum and to Ms. Paige identifying the general subject area for your in-class presentation (and, for graduate students, accompanying project). If you have narrowed down to a specific topic, as well as a general subject area, please include your proposed topic in the email message as well. Appropriate subject areas include but are not necessarily limited to
If two of you intend to work together, please say so explicitly in your email messages. Scheduling of student presentations will begin on Wednesday, September 18. If you haven't yet chosen a subject area for your presentation by Tuesday, September 17, one will be assigned to you.
- The surveillance morass
- Digital copyright
- Online privacy
- Online identity management
- The information economy
- September 12, 2013: Read G. T. Marx's classic article "Identity and Anonymity: Some Conceptual Distinctions and Issues for Research,"
- September 19, 2013:
- September 24 and 26, 2013: Read Chapter 2, Sections 11.2 through 11.5, and Section 19.3 of Schneier's Applied Cryptography book. (You must either be on the Yale network [either on campus or through VPN] to use this link.)
- October 1, 2013:
- In preparation for Yang Li's October 8, 2013 presentation about Internet censorship in China, please read Sections II and III of the Human Rights Watch page on the subject and Park and Crandall's empirical study.
- In preparation for Meng Huang's October 8, 2013 presentation about digital copyright in China, please read
You may wish to refer to the text of China's copyright law, but you need not read it in its entirety.
- October 13, 2013:
- In preparation for Jeffrey Zhu's October 17, 2013 presentation about public-key certification systems, please read
- October 20, 2013:
- In preparation for Yuan Lu's October 22, 2013 presentation about biometric identity management online, please read
- In preparation for Dimitri Cavoulacos's October 22, 2013 presentation about TOR, please read the TOR project's write-up of the Silk Road takedown and the other TOR webpages that it links to.
- October 24, 2013: In preparation for Ariel Ekblaw and Alexandra Noonan's presentation about Google as a steward of sensitive information, please read:
- October 26, 2013:
- In preparation for Hushiyang Liu's presentation about data mining and its implications for online privacy, please read or view
- Required: Cynthia Dwork's paper about differential privacy.
- A Scientific American article that contains a "layman's" explanation of differential privacy.
- Raquel Hill's talk at Harvard on "Evaluating the Utility of a Differentially Private Behavioral Science Dataset." This talk addresses the question that Jazear Brooks raised in class about whether social scientists can find utility in differentially private data.
- In preparation for Brandon Smith's presentation about online privacy policies, please read "The Cost of Reading Privacy Policies," by Aleecia M. McDonald and Lorrie F. Cranor.
- November 1, 2013:
- In preparation for Jadon Montero's presentation about citizen journalism, please read:
- In preparation for Yuan Xia's presentation about privacy in online advertising, please read:
- In preparation for Haotian Xu's presentation about privacy issues in LinkedIn, please read:
- In preparation for Aayush Upadhyay and Naicheng Wangyu's presentation on mobile-payment systems and their implications for sensitive information, please read:
- November 8, 2013:
- In preparation for Swara Kopparty's presentation about the Information Economy, please read:
- In preparation for Yuye Wang's presentation on reputation systems, please read:
- November 15, 2013:
- In preparation for David Cruz's presentation on Deep Packet Inspection, please read:
- In preparation for Jazear Brooks's presentation on NSA surveillance, please read or view:
- In preparation for Jeremie Koenig's presentation on the potential for "personal servers" to get us out of the surveillance morass, please read:
- August 29, 2013: Course Overview, Introduction. [slides]
- September 3, 2013: Introduction to US copyright law and the tension between it and the digital world. [slides]
- September 5, 2013: Guest lecture by Debayan Gupta on copyright enforcement. [slides]
- September 10, 2013: Introduction to online-privacy issues. [slides] See also this 10-year-old but still somewhat relevant presentation about privacy laws and regulations by former CPSC 557 student Ashley Green.
- September 12, 2013: Introduction to online identity management. [slides]
- September 17, 2013: Internet Basics, part 1. [slides]
- September 19, 2013: Internet Basics, part 2. [slides]
- September 24, 2013: Overview of interdomain routing. [slides] Introduction to cryptography, part 1.
- September 26, 2013: Introduction to cryptography, part 2. The crypto material covered in this lecture and the previous one is in Chapter 2, Sections 11.2 through 11.5, and Section 19.3 of Schneier's Applied Cryptography book. (You must either be on the Yale network [either on campus or through VPN] to use this link.)
- October 1, 2013: Public-key certificates and public-key infrastructure. [slides] The material presented in class today is a subset of the Feb. 21 lecture in this cryptography course.
- October 3, 2013: SSL/TLS and the role of certs and PKI therein. [slides] The SSL/TLS material presented in class today is a subset of the Jan. 24 lecture in this cryptography course. Introduction to the TOR anonymous-communication system.
- October 8, 2013: Presentations by Meng Huang (Digital Copyright in China [slides]) and Yang Li (Internet Censorship in China [slides])
- October 10, 2013: Review for Exam 1.
- October 15, 2013: [Exam 1] [AnswerKey 1]
- October 17, 2013: Presentations by Jeffrey Zhu (the X.509 certificate framework [slides]) and Sean Haufler (TOR, part 1 [slides])
- October 22, 2013: Dimitri Cavoulacos (TOR, part 2 [slides]) and Yuan Lu (Biometric Identification Online [slides])
- October 29, 2013: Ariel Ekblaw and Alexandra Noonan (Google as a steward of sensitive information [slides])
- October 31, 2013: Hushiyang Liu (differential privacy [slides]) and Brandon Smith (privacy policies [slides])
- November 5, 2013: Jadon Montero (Citizen journalism and its implications for privacy [slides])
- November 7, 2013: Yuan Xia (Targeted advertising and privacy [slides]) and Haotian Xu (Privacy issues in LinkedIn [slides])
- November 12, 2013: Swara Kopparty (the information economy [slides]) and Yuye Wang (Online reputation systems [slides])
- November 14, 2013: Aayush Upadhyay and Naicheng Wangyu (Mobile payments and how they implicate online privacy and online identity [slides])
- November 19, 2013: David Cruz (Deep Packet Inspection [slides])
- November 21, 2013: Jazear Brooks (Overview of the surveillance morass [slides]) and Jeremie Koenig (Can we "take back" the Internet [slides])
- December 3, 2013: Review for Exam 2.
- December 5, 2013: [Exam 2] [AnswerKey 2]