16:198:671 Privacy in a Networked World

Course description

Increasing use of computers and networks in business, government, recreation, and almost all aspects of daily life has led to a proliferation of online sensitive data, i.e., data that, if used improperly, can harm the data subjects. As a result, concern about the ownership, control, privacy, and accuracy of these data has become a top priority. This course focuses on both the technical challenges of handling sensitive data and the policy and legal issues facing data subjects, data owners, and data users.

Specific topics to be discussed will include:

• what is privacy?
• technology-specific issues (RFID, ubiquitous computing, web browsing, transaction data, ...)
• sector-specific issues (healthcare, finance, national security, Internet applications, Census data, ...)
• privacy legislation
• FIP: fair information principles
• when cryptography can and cannot help
• anonymity vs. pseudonymity
• differential privacy
• k-anonymity and deidentification, risks of reidentification
• privacy-preserving data mining
• public information and privacy

This course is suitable for graduate students in computer science, advanced undergraduate computer science majors, and students in other programs with some computer science background. Course readings will draw on a variety of sources, including both technical materials and the popular press. The course will include a privacy-related project. Projects are largely student-directed, and can include activities such as a programming project, a research paper describing new results (or documenting failed attempts to obtain such results), a survey article describing the state of the art in a particular research area, a public policy or legal argument, or an article suitable for the popular press.

We will start some of our class meetings with a discussion of one or more privacy-related case studies. For each, we will frame our discussion around a series of questions. Please bring the questions with you to every class.

Grading

15%	Project: initial proposals	Due Sep. 29
10%	Project: revised proposals	Due Oct. 13
15%	Project: interim reports	Due Nov. 10
15%	Project: final reports	Due Dec. 3
15%	Project: final presentations	Dec. 8 and 10
30%	Class participation	Throughout

Each project component is due at the start of class on the specified day. Lateness on any project deliverable will be penalized at a rate of 5% of the available points per day.

Syllabus

Here is a partial syllabus, to be extended as the semester progresses.

Date	Topics	Assigned Reading / Project Deliverables
Wed, Sept 3	Introduction
Mon, Sept 8	Introduction, cont'd.	Untraceable electronic mail, return addresses, and digital pseudonyms
Wed, Sept 10	Case study: Google street view and "private" roads, Discuss class projects, Fair Information Practices
Mon, Sept 15	Fair Information Practices, cont'd. Cryptography basics	No Place to Hide: Intro, Chapters 1 and 2
Wed, Sept 17	Mix Nets and Pseudonyms	No Place to Hide: Chapters 3 and 4
Mon, Sept 22	Anonymous Communication: Tor (See Roger Dingledine's slides from the 24th Chaos Communication Congress, Berlin, Germany, December 2007. Also relevant is Deanonymizing Tor, presented by Nathan Evans and Christian Gorthoff at Defcon 2008.)	No Place to Hide: Chapters 5 and 6 Privacy-enhancing technologies for the Internet, II: Five years later
Wed, Sept 24	Case study: Google and data retention (see http://googleblog.blogspot.com/2008/09/another-step-to-protect-user-privacy.html and links therein)	No Place to Hide: Chapter 7 and 8
Mon, Sept 29	Anonymous Web Browsing: Crowds, Degrees of Anonymity	Initial project proposals due
Wed, Oct 1	Anonymous Web Browsing: Crowds, Degrees of Anonymity	No Place to Hide: Chapters 9 and 10 Crowds: Anonymity for Web Transactions You may also want to read or skim Hordes - A Multicast Based Protocol for Anonymity and Probabilistic Model Checking of an Anonymity System
Mon, Oct 6	Privacy for Published Databases and Aggregate Queries: Statistical Databases	Database Nation: Chapters 1 and 2
Wed, Oct 8	Privacy for Published Databases and Aggregate Queries: k-anonymity and other clustering methods	Database Nation: Chapters 3 and 4 Papers to discuss (optional reading): K-anonymity: a model for protecting privacy, L-diversity: Privacy Beyond k-Anonymity, t-Closeness: Privacy Beyond k-Anonymity and l-Diversity, and The Cost of Privacy: Destruction of Data-Mining Utility in Anonymized Data Publishing.
Mon, Oct 13	Privacy for Published Databases and Aggregate Queries: Differential Privacy	Revised project proposals due Cynthia Dwork's survey paper on differential privacy
Wed, Oct 15	Privacy for Published Databases and Aggregate Queries: Differential Privacy	Database Nation: Chapters 5 and 6 Optional reading: Additional differential privacy papers.
Mon, Oct 20	Privacy and the law	Database Nation: Chapters 7 and 8
Wed, Oct 22	Privacy and the law	Database Nation: Chapters 9 and 10
Mon, Oct 27	Secure Multiparty Computation Case study: travel screening. (See www.tsa.gov/what_we_do/layers/secureflight/index.shtm and www.eff.org/issues/travel-screening and links therein.)	Database Nation: Chapter 11
Wed, Oct 29	Privacy-preserving data mining
Mon, Nov 3	Privacy-preserving data mining
Wed, Nov 5	Privacy-preserving data mining
Mon, Nov 10	National security and privacy	The U.S. Department of Homeland Security 2008-2013 Strategic Plan is required reading. You may also find it interesting to browse their Privacy Office web pages. Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment. Only the Executive Summary is required reading (pdf). Project interim reports due
Wed, Nov 12	Economics of Privacy	Required reading: Robert Gellman's paper on Privacy, Consumers, and Costs Optional reading: You may also wish to browse some of the papers and other resources at Alessandro Acquisti's page on The Economics of Privacy.
Mon, Nov 17	Brian Thompson presents Social Role-Preserving Anonymization of Graphs
Wed, Nov 19	No class
Mon, Nov 24	Privacy Policies and related tools	Creating a Policy-Aware Web: Discretionary, Rule-based Access for the World Wide Web
Wed, Nov 26	Friday schedule: no class
Mon, Dec 1	Privacy and Social Networks
Wed, Dec 3	Final project presentations: Saman	Final project reports due Presentation schedule and pointers
Mon, Dec 8	Final project presentations: Pravin; Chih-Cheng and Qian
Wed, Dec 10	Final project presentations: Brian and Huijun

Required Reading and Other Resources

Required reading:

• No Place to Hide, by Robert O'Harrow, Jr., Free Press, 2005.
• Database Nation: the Death of Privacy in the 21st Century, by Simson Garfinkel, O'Reilly, 2000.
  
• Untraceable electronic mail, return addresses, and digital pseudonyms, by David L. Chaum, Communications of the ACM, Vol. 24, No. 2, Feb. 1981, ACM Press.
• Privacy-enhancing technologies for the Internet, II: Five years later, by Ian Goldberg, Proceedings of Privacy Enhancing Technologies Workshop (PET 2002), April 2002.
• Crowds: Anonymity for Web Transactions, by Michael K. Reiter and Avi Rubin, ACM Transactions on Information Security (TISSEC), Vol. 1, No. 1, 1998.
• Differential Privacy, by Cynthia Dwork, TAMC 2008, Springer LNCS 4978, 2008.
• Additional articles and research papers to be added.
• We will use a list of questions in addressing our case studies. Please bring the questions to class each time.

You are responsible for reading the assigned material for each class before the class, so that you can participate fully in class discussions.

Additional required readings may be added later.

Other Resources:

Some readings and other resources you may find interesting and/or helpful for your project as below. More will be added throughout the semester.

Books:

• Privacy on the Line, by Whitfield Diffie and Susan Landau, MIT Press, 1998.
• Technology and Privacy: The New Landscape, by Philip E. Agre and Marc Rotenberg, MIT Press, 1997.
• The Transparent Society, by David Brin, Perseus Books, 1998.
• Code and Other Laws of Cyberspace, by Lawrence Lessig, Basic Books, 1999.
• Free Culture, by Lawrence Lessig, Penguin Press, 2004.

  Technical Papers:

• Privacy-Enhancing Technologies Symposium, now in its 8th year. A technical conference that brings together "anonymity and privacy experts from around the world to discuss recent advances and new perspectives in privacy for the Internet and other communication networks." (Quoted from the symposium web pages.)
• Workshop on Privacy in the Electronic Society, sponsored by the ACM, run annually for the last few years in the Fall.
• Computers, Freedom, and Privacy, now in its 18th year. Diverse audience, including "attendees not only from government, business, education, and non-profits, but also from the community of computer professionals, hackers, crackers and engineers who work the code of cyberspace." (Quoted from the conference web pages.)
• The PORTIA project, a 5-year project I am involved in addressing handling of sensitive information. Funded by the National Science Foundation.
• Journal of Privacy Technology, a new on-line journal.
• A large bibliography of anonymity-related papers is available at http://freehaven.net/anonbib/ .
• Hordes - A Multicast Based Protocol for Anonymity. Brian Levine and Clay Shields, Journal of Computer Security, Vol. 10, No. 3, 2002.
• Probabilistic Model Checking of an Anonymity System. Vitaly Shmatikov, Journal of Computer Security, Vol. 12, No. 3/4, 2004, pp. 355-377.
• k-anonymity: a model for protecting privacy. Latanya Sweeney, International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.
• l-Diversity: Privacy Beyond k-Anonymity. Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer, and Muthuramakrishnan Venkitasubramaniam, ICDE 2006.
• t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. Ninghui Li, Tiancheng Li, Suresh Venkatasubramanian, ICDE 2007.
• The Cost of Privacy: Destruction of Data-Mining Utility in Anonymized Data Publishing. Justin Brickell and Vitaly Shmatikov, KDD 2008.

  Organizations:

  Several organizations carry out work related to privacy and other issues related to technology and policy, and have extensive web sites with information and other resources. Among them are:

• Electronic Privacy Information Center
• Privacy Rights Clearinghouse
• Center for Democracy and Technology
• Electronic Frontier Foundation
• Computer Professionals for Social Responsibility
• W3C's P3P information

  News:

  Various news groups and print or on-line publications, including:

• The Privacy Journal, available for subscription from www.privacyjournal.net. The site also has other useful information, including privacy tips, a newsletter, and information about other publications.
• The Markle Foundation publishes a weekly digest on emerging information technology issues, particularly those related to national security and to health, available for subscription at http://www.markle.org/weekly_digest/index.php.
• The RISKS Forum, a moderated digest available for reading as a news group.

  U.S. Government Information

• The U.S. Department of Homeland Security's Privacy Office .
• The U.S. Department of Health and Human Services' Office of Civil Rights.
• The U.S. Census Bureau's Data Protection and Privacy Policy.

Projects

Last updated 12/2/08 by rebecca.wright (at) rutgers.edu

Copyright © 2008 Rebecca N. Wright