CPSC457/557: Sensitive Information in a Wired World
Time: TTh, 1:00 - 2:15
Location: AKW 400
Instructor: Joan Feigenbaum
Assistant: Judi Paige (AKW 507A, Judi.Paige@yale.edu, 203-436-1267)
Instructor Office Hours: Thurs 11:30 a.m. to 12:30 p.m. in AKW 512, or by appointment
TA: Hongda Xiao (hongda.xiao@yale.edu)
Note: Do not send email to Professor Feigenbaum, who suffers from RSI. Contact her through Ms. Paige or the TA.
Course Description
Increasing use of computers and networks in business, government, recreation, and almost all aspects of daily life has led to a proliferation of online sensitive data. Sensitive data are those that, if used improperly, can harm the data subjects, data owners, data users, or other interested parties. As a result, concern about the ownership, control, privacy, and accuracy of these data has become a top priority. This course focuses on both the technical challenges of handling sensitive data and the policy and legal issues facing data subjects, data owners, and data users.
CPSC 457/557 was inspired by the NSF-sponsored PORTIA project, which finished in September 2010 and on which Professor Feigenbaum was the Yale PI. It was taught twice before,
in 2003
and 2006.
Grading
Exam 1 (October 13): 25%
Exam 2 (December 1): 25%
Oral presentation: 25%
Class participation: 25%
Note: There is no final exam during exam period at the end of the semester.
Announcements
- September 6, 2011: Please get in touch by email as soon as possible with BOTH Joan.Feigenbaum@yale.edu and Judi.Paige@yale.edu about the following matters:
- If you are interested in earning "class participation" credit by taking notes (either during a class or in preparation for a class), please let us know.
- Please think about which general area you would like to focus on for your presentation to the class so that we can start refining the topic and formulating a reading list. Areas include but are not limited to:
- Digital copyright, digital IP management, and digital publishing
- Online privacy and control of personal information
- Targeting (eg, of ads); online identity (including anonymity and pseudonymity)
- Please think about what kind of project you would like to present. Possibilities include but are not limited to:
- Summary or analysis of relevant research papers
- An implementation-oriented project (which could be a design, review, or analysis of a relevant application, device, or system, rather than a full-fledged implementation)
- End-to-end analysis of what actually happens to sensitive data in a specific, real-world service or application
- Logical or algorithmic analysis of a relevant law or policy
- Instructions for student presentations:
- PowerPoint presentations should be exactly 20 minutes long, in order to ensure that there is time for questions and discussion. Be sure to rehearse your talk, time it, and edit it down to 20 minutes if it's too long.
- Begin your presentation with a one- or two-slide overview of the issue that you are addressing. Even if everyone in the class has read the papers that you are presenting, the talk will flow better if you start with a short overview.
- At least one week before your presentation, send email to Professor Feigenbaum and Ms. Paige containing:
- Pointers to a modest amount of relevant material that you would like the class to read before your presentation
- One or two ideas about what the class discussion should focus on (if it does not take shape on its own)
- "Study sheet" for Exam 1 on October 13, 2011:
To prepare for Exam 1, start by reviewing reading assignments 1 and 6, as well as this webpage about Fair Information Practice Principles. Then review the slides and primary reading assignments for the five student presentations that were given on or before October 6, 2011. Exam questions will focus on how the Internet (and digital technology more generally) challenges copyright and privacy principles in the five scenarios covered by these presentations: Digital Rights Management, Digital Publishing Rights, International Copyright, Social Networking, and Privacy of Educational Records.
- "Study sheet" for Exam 2 on December 1, 2011:
To prepare for Exam 2, start by reviewing the student presentations given on Oct 11, Nov 1, Nov 15, and Nov 17 and the following reading assignments on technological foundations:
Detailed instructions on how to prepare for Exam 2 can be found here.
Lectures
- September 1, 2011: Course Overview, Introduction. [slides]
- September 6, 2011: Introduction to US copyright law and the tension between it and the digital world
- September 8, 2011: Copyright issues in digital music distribution
- September 13, 2011: The Digital Millenium Copyright Act
- September 15, 2011: Music vs. movies vs. books from a digital-copyright perspective
- September 20, 2011: Introduction to privacy-preserving protocols:
secure multiparty function evaluation, private information retrieval,
and differential privacy
- September 22, 2011: Student presentations by Debayan Gupta [slides] and Elizabeth Roberts [slides]
- September 27, 2011: Student presentation by Christina Wallin [slides] and a privacy-preserving protocol for the "Yao Millionaires' Problem"
- September 29, 2011: Guest lecture by Brad Rosen
- October 4, 2011: More about the Yao Millionaires' Problem, Shamir secret sharing, and the BGW protocol for private, multiparty function evaluation
- October 6, 2011: Student presentations by
Franklin Song [slides]
and Ewa Syta [slides]
- October 11, 2011: Review for Exam 1 and student presention by Anton Petrov [slides]. See this FAQ for more information about the work that Anton presented.
- October 13, 2011: [Exam1] [AnswerKey1]
- October 18, 2011: Discussion of technical foundations of
electronic cash, online identity systems, and ad targeting.
- October 20, 2011: Electronic cash based on digital signatures, part I.
- October 25, 2011: Electronic cash based on digital signatures, part II.
- October 27, 2011: Digital certificates and certifying authorities. Electronic cash
that is not based on digital signatures; see this paper by Adam Back.
- November 1, 2011: Student presentations by Aaron Segal [slides] and Max Uhlenhuth [slides]
- November 3, 2011: Further discussion of the BitCoin digital-cash system.
- November 8, 2011: Guest lecture by Margot Kaminski and Wendy Seltzer
- November 10, 2011: Differential privacy; see this paper, by Cynthia Dwork. Video of a related talk by Dwork can be found
here;
these are the slides used in that talk.
- November 15, 2011: Student presentation by John Langhauser [slides] and guest presentation by
Georgios Zervas [slides] on his experience discovering and resolving a threat to personal-data security on Yelp.
- November 17, 2011: Student presentations by Matt Gaba [slides] and Ben Silver [slides]
- November 29, 2011: Review for Exam 2
- December 1, 2011: [Exam2] [AnswerKey2]
Reading Assignments
- September 6, 2011: The following material is taken from a 2000 report by the National Research Council entitled "The Digital Dilemma." Because it is 11 years old, some of it is out of date, but (for better and for worse) much of it is still timely and relevant.
- September 13, 2011: Please read the following articles before class on Thursday, September 15. The main topic of discussion will be differences and similarities among books, music, and movies from the digital-copyright perspective.
- September 17, 2011: Please read the following article before class on Thursday, September 22, in preparation for Debayan Gupta's presentation. The main topic of discussion will be the authors' conclusions, which are given in Section 11.
- September 19, 2011: Please read the following articles before class on Thursday, September 22, in preparation for Elizabeth Roberts's presentation. Note that the second article is quite long; if you do not have time to read all it, just read the executive summary and skim the rest. The main topic of discussion will be the challenge to authors' "publication rights" posed by the Internet and other digital technologies.
- September 20, 2011: Please read the following articles before class
on Tuesday, September 27, in preparation for Christina Wallin's
presentation. The discussion of the Anti-Counterfeit Trade Agreement document will be focused on Section 5: Enforcement of Intellectual Property Rights in the Digital Environment. So, if you may not have time to read the entire document, start with Section 5.
- September 24, 2011: Please read the following material in preparation for Brad Rosen's guest lecture on September 29, 2011.
- October 1, 2011: Please read the following material for class on Thursday, October 6, 2011. The FERPA discussion will focus on whether universities should be more proactive in informing students of their FERPA rights and whether FERPA should treat physical and electronic records differently. The social-network discussion will focus on social-network users' perception of online privacy and whether the existence of one dominant social network is a plus or minus for privacy.
- For Ewa Syta's presentation on FERPA:
- For Franklin Song's presentation on privacy in Facebook:
- October 7, 2011: Please read the following articles in preparation for Anton Petrov's presentation on October 11, 2011. The presentation and discussion will focus on real-world, collaborative-filtering attacks that have occurred over the past 15 years and technical approaches to preventing them.
For a purely technical treatment of the de-anonymization techniques used in this work, see the original paper by Narayanan and Shmatikov. A FAQ about this paper can be found here.
- October 23, 2011: Please read the following papers in preparation for Max Uhlenhuth's and Aaron Segal's presentations on November 1, 2011. Additional information about BitCoin can be found in this video and this FAQ sheet. Recently, a flaw in the incentive structure of BitCoin was found, and a fix was suggested; see this paper by Babaioff et al.
- October 25, 2011: The electronic-cash schemes covered in lectures
16 and 17 can be found in Section 12.5 of these lecture notes by
Goldwasser and Bellare.
- November 1, 2011: For the November 8 lecture by Margot Kaminski and Wendy Seltzer, please read the following articles about online identity and anonymity:
Additional (not required) background for this lecture can be found on the
Fair Information Practice Principles and
Privacy by Design websites.
- November 10, 2011: For the November 15 presentation by John Langhauser, please read the following items about targeted online advertising. The first one,
about EU privacy regulation, is 36 pages, the second is draft US legislation, and the other articles are short.
- November 13, 2011: Please read the following material for November 17, 2011.
- For Matt Gaba's presentation on location-based ads:
- For Ben Silver's presentation on privacy issues in GMAIL: