Anonymity and Privacy — Spring '08

COMS E6184
Mon 04:10P-06:00 PM
Computer Science Conference Room (CSB 453)
TA: Binh Vo

"Anonymity and Privacy" will be taught as a seminar class. Students will be expected to read and present a wide variety of papers; these will include technical papers, statutes, court opinions, and the like. Prerequisites include reasonable familiarity with networking and cryptography. Grading will be based on class presentations of these papers — the exact number will depend on the total enrollment — class discussion, and on two papers, one in lieu of the midterm and one in lieu of the final. There will be no exams.

Topics will include:

The reading list is subject to change in response to current events.

Background Reading on Cryptographic Protocols

Those who have no background in cryptographic protocols should read

Jan 28
Introduction: What is Privacy? Please read the following before the first class session.

Monday, February 04
Legal Foundations of Privacy
  1. Katz v U.S. 389 US 347 (1967)
    Smith v Maryland 442 US 735 (1979)
    18 USC 2510-2522, 2701-2712: wiretap law; Stored Communications Act (recommended)
    18 USC 3121-3127: pen registers and trap-and-trace devices (recommended)
    50 USC 1801-1811: Foreign Intelligence Surveillance Act (recommended)
  2. REGULATION (EC) No 45/2001 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 18 December2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data
  3. Privacy on the Line: the Politics of Wiretapping and Encryption, Chapter 7. Whit Diffie and Susan Landau, MIT Press, 1998, first edition. Click on "Table of Contents" and then on Chapter 7.

Monday, February 11
Background reading on CALEA — don't prepare anything on this.
  1. The Athens Affair, Vassilis Prevelakis and Diomidis Spinellis, IEEE Spectrum, July 2007.
  2. Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler, June 2006.
  3. Cisco Architecture for Lawful Intercept in IP Networks, RFC 3924, October 2004.

Monday, February 18
The Web: Cookies
Midterm paper topic approval deadline
  1. HTTP State Management Mechanism (RFC 2965). Also see this blog posting.
  2. Doubleclick's Privacy Policy. Important -- follow the links on the left.
    EPIC Complaint Against DoubleClick
  3. Google privacy policy.
    Amazon Privacy Policy
    Facebook privacy policy.

Monday, February 25
The Web: Protecting Privacy
  1. Platform for Privacy Preferences (P3P) Project (CACM article)
    The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (optional; skim this, and don't worry about syntactic details)
  2. Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine, Byers, Cranor, Kormann, McDaniel, Proceedings of 2004 Workshop on Privacy Enhancing Technologies (PETS), May 2004.
  3. Crowds: Anonymity for Web Transactions, Reiter and Rubin, ACM Transactions on Information and System Security, vol. 1, no. 1, 1998.
  4. Design and implementation of the Lucent Personalized Web Assistant (LPWA), Kristol, Gabber, Gibbons, Matias, and Mayer, Bell Labs TR, 1998.

There are many more links about P3P at

Monday, March 03
Database Nation; Link Analysis
  1. Read chapter 4 of Database Nation, by Simson Garfinkel, O'Reilly and Associates, 2000. The link to the book is via the Columbia library network; full text is available. However... they seem to limit the number of simultanous readers; do not wait until the night before. (In fact, you may wish to read more; it's a fast read. Chapter 9 is prescient and scary --- and it was written before the terrorist attacks of 9/11.)
  2. Communities of Interest, C.Cortes, D. Pregibon, and C. Volinsky, Proceedings of IDA 2001 - Intelligent Data Analysis, 2001.
  3. Mining Social Network from Spatio-Temporal Events, Hady W. Lauw, Ee-Peng Lim, Teck-Tim Tan, and Hwee-Hwa Pang. Workshop on Link Analysis, Counterterrorism and Security, 2005.

Monday, March 10
Privacy and Data Mining

Midterm papers due

  1. "Experimental Analysis of Privacy-Preserving Statistics Computation", Hiranmayee Subramaniam, Rebecca N. Wright, and Zhiqiang Yang, Proceedings of the Workshop on Secure Data Management (held in conjunction with VLDB'04), Springer LNCS 3178, 2004.
  2. "Privacy Engineering in Digital Rights Management Systems," in Proceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science, vol. 2320, Springer, Berlin, 2002, pp. 76-105. (Joan Feigenbaum, Michael Freedman, Tomas Sander, and Adam Shostack)
  3. Privacy-Preserving Data Mining Using Multi-Group Randomized Response Techniques". Zhijun Zhan and Wenliang Du. Technical Report, June 2003.

Monday, March 17
Spring Break

Monday, March 24
Anonymous Connectivity
  1. Untraceable electronic mail, return addresses, and digital pseudonyms, David Chaum, CACM 24:2, February 1981.
  2. Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson, Proceedings of the 13th USENIX Security Symposium, August 2004.
  3. Universal Re-encryption for Mixnets, Philippe Golle, Markus Jakobsson, Ari Juels, Paul Syverson, The Cryptographers' Track at the RSA Conference, 2004.
For more papers, see

Monday, March 31
Traffic Analysis
Final paper topic approval deadline
  1. Using Signal Processing to Analyze Wireless Data Traffic, Craig Partridge, Davis Cousins, Alden Jackson, Rajesh Krishnan, Tushar Saxena, and W. Timothy Strayer. International Conference on Mobile Computing and Networking, 2002.
  2. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?, Charles Wright, Lucas Ballard, Fabian Monrose, and Gerald Masson, Proceedings of the 16th USENIX Security Symposium, Boston, August, 2007.
  3. Practical Traffic Analysis: Extending and Resisting Statistical Disclosure, Nick Mathewson and Roger Dingledine. Proceedings of Privacy Enhancing Technologies workshop (PET 2004).
  4. Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet, Xinyuan Wang, Shiping Chen, and Sushil Jajodia, ACM CCS '05, 2005.

Monday, April 07
Side Channels
  1. Timing Analysis of Keystrokes and Timing Attacks on SSH. Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001.
  2. A Technique for Counting NATted Hosts. Steven Bellovin, Proc. Second Internet Measurement Workshop, November 2002.
  3. Remote Physical Device Fingerprinting. Tadayoshi Kohono, Andre Broido, and KC Claffy. IEEE Symposium on Security and Privacy, May 8-11, 2005. (Note: read the conference version.)

Monday, April 14
Digital Cash
  1. Untraceable Electronic Cash. David Chaum, Amos Fiat and Moni Naor, Crypto 1988.
  2. Revokable and Versatile Electronic Money. Markus Jakobsson, Moti Yung, ACM CCS, 1996.
  3. Anonymous Credit Cards, Steven H. Low, Nicholas F. Maxemchuk, and Sanjoy Paul, IEEE Symposium on Research in Security and Privacy, 1994.

Monday, April 21
  1. Marco Gruteser and Dirk Grunwald, "Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking", Proceedings of First ACM/USENIX International Conference on Mobile Systems, Applications, and Services (MobiSys), San Francisco, CA, May 2003.
  2. Richard Clayton, Anonymity and Traceability in Cyberspace, Ph.D. dissertation, University of Cambridge, Computer Laboratory Technical Report UCAM-CL-TR-653, November 2005. Read Chapter 3 ("Traceability Failures").
  3. Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy Strayer. Single-Packet IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10, Number 6, December 2002.

Monday, April 28
Presentations I

Monday, May 05
Presentations II

Monday, May 12
Final paper due at noon