Week | Topic, Key Questions, Readings |
1
Feb 3 | Initial conditions of digital privacy and security policy - the technical view
Q: What are the foundational assumptions driving the design of security and privacy systems?
Readings: - Phillip Rogaway, The Moral Character of Cryptographic Work, 2015 IACR Distinguished Lecture, Asiacrypt 2015
- David Chaum, “A New Paradigm for Individuals in the Information Age.” In 1984 IEEE Symposium on Security and Privacy, 99–99. Oakland, CA, USA: IEEE, 1984.
- David Chaum. “Blind Signatures for Untraceable Payments.” In Advances in Cryptology, 199–203. Springer, 1983.
- John Perry Barlow, Declaration of Independence of Cyberspace, February 1996 at the World Economic Forum
Select paper topics (due COB Saturday Feb 5) |
2
Feb 10 | Initial conditions of digital privacy and security policy - the legal view
Q: What are the starting points for law and policymaking in the early (1990s) digital world?
- BIll Clinton & Al Gore, Framework for Electronic Commerce (paper, NYT)
Papers: 1) Rodrigo Lopez Uricoechea (topic: what does it mean that ‘the private sector should lead’?) |
3
Feb 17 | Information Economics
Q. What are the economic drivers affecting privacy and security system design, and user behavior therein?
- Classics in Economics & Asymmetric Information:
- As it relates to security & privacy:
- Swire, Peter. “Markets, Self-Regulation, and Government Enforcement in the Protection of Personal Information,” in Privacy and Self-Regulation in the Information Age, National Telecommunications and Information Administration, 1997.
- Varian, H. R. “Economic Aspects of Personal Privacy, Privacy and Self-Regulation in the Information Age.” National Telecommunications and Information Administration Report, 1996.
- Acquisti, Alessandro, Laura Brandimarte, and George Loewenstein. “Secrets and Likes: The Drive for Privacy and the Difficulty of Achieving It in the Digital Age.” Journal of Consumer Psychology 30, no. 4 (2020): 736–58.
Papers: 1) Kelsey Merrill (privacy and security)
|
4
Feb 24 | Challenges for Cryptography in Practical Settings
Q. What do cryptosystems promise, and how do they fail in practice? Why do they succeed?
1) Messaging Security Guarantees (Kyle Hogan) - Unger, Nik, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, and Matthew Smith. “SoK: Secure Messaging.” In 2015 IEEE Symposium on Security and Privacy, 232–49. IEEE, 2015.
- Houmansadr, Amir, Chad Brubaker, and Vitaly Shmatikov. “The Parrot Is Dead: Observing Unobservable Network Communications.” In 2013 IEEE Symposium on Security and Privacy, 65–79, 2013.
2) Usability (Maja Svanberg) - A Whitten, JD Tygar, Why Johnny Can’t Encrypt, USENIX security symposium, 1999 - usenix.org
- Clark, Sandy, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze. “Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System,” 2011.
- Anderson, Ross. “Why Cryptosystems Fail.” In Proceedings of the 1st ACM Conference on Computer and Communications Security, 215–27. CCS ’93. New York, NY, USA: Association for Computing Machinery, 1993.
Papers: 1) Kyle Hogan, 2) Maja Svanberg
|
5
Mar 3 | Encryption and Exceptional Access
- James Comey, Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? (Brookings Speech, October 2014)
- Jim Baker, Rethinking Encryption (Lawfare, October 22, 2019)
- Carnegie Encryption Policy Workshop Group, Moving The Encryption Policy Conversation Forward
- Abelson, Hal, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, et al. “Bugs in Our Pockets: The Risks of Client-Side Scanning.” ArXiv:2110.07450 [Cs], October 14, 2021. http://arxiv.org/abs/2110.07450.
- Abelson, Harold, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, et al. “Keys under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications.” Journal of Cybersecurity 1, no. 1 (November 17, 2015): tyv009. https://doi.org/10.1093/cybsec/tyv009.
- Wright, Charles V., and Mayank Varia. “Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance.” Euro S&P, 2018.
Papers: Kevin Paeth (technical aspects), Kyle Hogan (policy aspects)
Special Guest Lecturer: James Baker, Deputy General Counsel Twitter, former General Counsel, Federal Bureau of Investigation |
6
Mar 10 | Decentralized Systems
Q. How do new decentralized system architectures propose to address privacy risks? How do these protocols compare to centralized systems?
Decentralized architectures for personal data: - Protocol
- Verborgh, R. (2022), “Re-decentralizing the Web, for good this time”, in Seneviratne, O. and Hendler, J. (Eds.), Linking the World’s Information: A Collection of Essays on the Work of Sir Tim Berners-Lee, ACM.(in press)
- Mansour, Essam, Andrei Vlad Sambra, Sandro Hawke, Maged Zereba, Sarven Capadisli, Abdurrahman Ghanem, Ashraf Aboulnaga, and Tim Berners-Lee. “A Demonstration of the Solid Platform for Social Web Applications.” In Proceedings of the 25th International Conference Companion on World Wide Web - WWW ’16 Companion, 223–26.
- Steve Lohr, “He Created the Web. Now He’s Out to Remake the Digital World.” (New York Times, Jan 10, 2021)
Centralized architectures for personal data:
Optional:
Papers: 1) Sukhi Gulati (Q1), 2) Lily Tsai (Q2)
Question 1: what are the privacy properties of different decentralized social networking protocols?
Question 2: What are the privacy risks associated with centralized systems (Passport) and how do they compare to decentralized systems?
Special Guest Lecturer: Prof. Ruben Verborgh, Ghent University |
7
Mar 17 | 1) Public Ledgers: Cryptocurrencies and New Decentralized Systems (1st hour) What are the social and legal relationships motivating the design of cryptocurrencies? Do the incentive structures set up in the original Nakamoto paper hold up to real-world use of the system? - Nakamoto, Satoshi. “Bitcoin: A Peer-to-Peer Electronic Cash System”
- Eyal, Ittay, and Emin Gün Sirer. “Majority Is Not Enough: Bitcoin Mining Is Vulnerable.” In International Conference on Financial Cryptography and Data Security, 436–54. Springer, 2014.
- Eyal, Ittay. “The Miner's Dilemma.” In 2015 IEEE Symposium on Security and Privacy, 89–103. San Jose, CA: IEEE, 2015.
- a16z, How to Build a Better Internet: 10 Principles for World Leaders Shaping the Future of Web3
Optional:
2) Security & Privacy for Marginalized Groups (2nd hour) How does gender and race show up in security systems? And how might we approach building security tools that take into account the realities of power and oppression? - Bo Ruberg, What is Your Mother’s Maiden Name? A Feminist History of Online Security Questions, Feminist Media Histories (2017) 3 (3): 57–81.
- Afsaneh Rigot, Digital Crime Scenes: The Role of Digital Evidence in the Persecution of LGBTQ People in Egypt, Lebanon and Tunisia, (Read executive summary, 1-5, findings re: device searches, 66-74 and technical recommendations from 138-144).
- Seny Kamara, Crypto for the People, Keynote at Crypto 2020
- Emily Tseng, Mehrnaz Sabet, Rosanna Bellini, Harkiran Kaur Sodhi, Thomas Ristenpart, and Nicola Dell. Care Infrastructures for Digital Security in Intimate Partner Violence. ACM Conference on Human Factors in Computing Systems (CHI). 2022.
Optional, but highly entertaining: Charles Isbell, You Can’t Escape Hyperparameters and Latent Variables: Machine Learning as a Software Engineering Enterprise, Keynote at Neurips
Papers: 1) Stella Lau, 2) Rodrigo Lopez Uricoechea, 3) Monica Valcourt (crypto currency-web3)
Special Guest Lecturer: Kendra Albert (Harvard) |
Spring Break |
8
Mar 31 |
(Challenges to) Security Research as a Public Good
Q1: What function, positive and/or negative, does regulation on security researchers have in vulnerability discovery? Is there a public good for security research? Here we will focus on E-Voting as a worked example: - Bernhard, Matthew, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, and Dan S. Wallach. “Public Evidence from Secret Ballots.”, August 4, 2017.
- Read the Introduction, Part 5, and Appendix 9
- Be sure to read the acknowledgements.
Optional:
How does the law help or hinder security research? What does this mean in light of the economics work we studied in week 3?
Q2: Are there better models for vulnerability discovery and disclosure?
- Responsible disclosure debate:
Papers: 1) Savannah Tynan (Q2), 2) Parama Pal |
9
April 7
(Mike Specter in the house) | Web privacy battleground – Advertising, profiling, tracking
Q1. What do we learn about how vulnerability disclosure works in the real world? What is the right model for vulnerability discovery and disclosure?
- Responsible disclosure debate:
Special Guest Lecturers: Pieter Zatko (‘Mudge’) & Sarah Zatko 2-3pm
Q2. What are the basic social and legal principles of privacy and how are they implemented in digital network environments?
Reading: - “The Platform for Privacy Preferences 1.0 Deployment Guide.” Accessed February 14, 2022. https://www.w3.org/TR/p3pdeployment/.
- Ashley, Paul, Satoshi Hada, Günter Karjoth, and Matthias Schunter. “E-P3P Privacy Policies and Privacy Authorization.” In Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society, 103–9, 2002.
- Agrawal, Ruchika. “Why Is P3P Not a PET?” Submission to W3C Workshop on the Future of P3P 12-13 November 2002, Dulles, Virginia USA,”
- Hoofnagle, Chris Jay, Jennifer M. Urban, and Su Li. “Privacy and Modern Advertising: Most US Internet Users Want ‘Do Not Track’ to Stop Collection of Data about Their Online Activities.” SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, October 8, 2012.
- Federal Trade Commission, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers," (March 2012) [concentrate Privacy By Design and Do Not Track discussions]
- Binns, Reuben. “Tracking on the Web, Mobile and the Internet-of-Things.” ArXiv:2201.10831 [Cs], January 26, 2022. http://arxiv.org/abs/2201.10831.
- Goldfarb, Avi, and Catherine E. Tucker. “Online Advertising, Behavioral Targeting, and Privacy.” Communications of the ACM 54, no. 5 (May 2011): 25–27. https://doi.org/10.1145/1941487.1941498.
- IAB EU Belgian DPA decision striking down consent mechanism for online advertising (summary, decision[skim])
- D’Ignazio, Catherine, and Lauren F. Klein. “Seven Intersectional Feminist Principles for Equitable and Actionable COVID-19 Data.” Big Data & Society 7, no. 2 (July 1, 2020): 2053951720942544.
- Google’s Topics API GitHub - jkarlin/topics: The Topics API
Papers: 1) Kevin Paeth, 2) Kelsey Merrill
Special Guest Lecturer: Jules Polonetsky, CEO, Future of Privacy Forum 3-4pm |
10
Apr 14 | Policy aware systems - data governance approaches to privacy: Beyond PETs
Q1. How can we bridge the functional gap between legal requirements and technical system function?
- Goldberg, Ian, David Wagner, and Eric Brewer. “Privacy-Enhancing Technologies for the Internet.” In Proceedings IEEE COMPCON 97. Digest of Papers, 103–9. IEEE, 1997.
- Sen, Shayak, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Tsai, and Jeannette M. Wing. “Bootstrapping Privacy Compliance in Big Data Systems.” In 2014 IEEE Symposium on Security and Privacy, 327–42. IEEE, 2014.
- Tschantz, Michael Carl, Anupam Datta, and Jeannette M. Wing. “Formalizing and Enforcing Purpose Restrictions in Privacy Policies.” In 2012 IEEE Symposium on Security and Privacy, 176–90. IEEE, 2012.
- Wang, Lun, Usmann Khan, Joseph Near, Qi Pang, Jithendaraa Subramanian, Neel Somani, Peng Gao, Andrew Low, and Dawn Song. “PrivGuard: Privacy Regulation Compliance Made Easier,” 2022. USENIX Security
- Wang, Frank, Ronny Ko, and James Mickens. “Riverbed: Enforcing User-Defined Privacy Constraints in Distributed Web Services.” In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19), 615–30, 2019.
- Weitzner, Daniel J., Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and G.J. Sussman. “Information Accountability.” Communications of the ACM 51, no. 6 (2008): 82–87.
- And recall: The outcome in Van Buren: Orin Kerr, The Supreme Court Reins In the CFAA in Van Buren (Lawfare Blog, June 9, 2021) [for discussion of what kind of ‘gates’ are required to determine meaning of "exceeds authorized access" under the CFAA.
[2-3pm] Special Guest Lecturer: Cillian Kieran, Founder and CEO of Ethyca Inc.
Q2. What are the policy requirements and technical approaches to data deletion, right to be forgotten and other data management mechanisms?
- Kraska, Tim, Michael Stonebraker, Michael Brodie, Sacha Servan-Schreiber, and Daniel Weitzner. “SchengenDB: A Data Protection Database Proposal.” In Heterogeneous Data Management, Polystores, and Analytics for Healthcare, 24–38. Springer, 2019.
- DELF: Safeguarding deletion correctness in online social networks (FB's way of implementing deletion)
- Fides Open Source Privacy Language [introduction, repo]
- Schwarzkopf, Malte, Eddie Kohler, M. Frans Kaashoek, and Robert Morris. “Position: GDPR Compliance by Construction.” In Heterogeneous Data Management, Polystores, and Analytics for Healthcare, 39–53. Springer, 2019.
Optional:
[3-4pm] Special Guest Lecturer: Mihir Patil, Engineering Lead, Privacy and Civil Liberties, Palantir
Papers: 1) Lily Tsai [Q2], 2) Sukhi Gulati [Q1] |
11
Apr 21 | HCI Perspectives on privacy and security
Q1. What can we learn from HCI studies of user interactions with privacy and security features of systems generally?
- *Habib, Hana, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub. “Toggles, Dollar Signs, and Triangles: How to (in) Effectively Convey Privacy Choices with Icons and Link Texts.” In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, 1–25, 2021.
- Cranor, Lorrie Faith. “Necessary but Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice.” J. on Telecomm. & High Tech. L. 10 (2012): 273.
- *Schaub, Florian, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. “A Design Space for Effective Privacy Notices.” In Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), 1–17, 2015.
Q2. What do we learn from HCI research about how to regulate ‘dark patterns? Is the proposed EDPB guidance on dark patterns consistent with research findings? What should the EDPB consider changing?
- *Utz, Christine, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. “(Un) Informed Consent: Studying GDPR Consent Notices in the Field.” In Proceedings of the 2019 Acm Sigsac Conference on Computer and Communications Security, 973–90, 2019.
- Gray, Colin M., Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs. “The Dark (Patterns) Side of UX Design.” In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 1–14, 2018.
- *Nouwens, M., Liccardi, I., Veale, M., Karger, D., & Kagal, L. (2020, April). Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (pp. 1-13).
- *European Data Protection Board, Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them (21 March 2022)
- Wong, Richmond Y., and Deirdre K. Mulligan. “Bringing Design to the Privacy Table: Broadening ‘Design’ in ‘Privacy by Design’ Through the Lens of HCI.” In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, 1–17. Glasgow Scotland Uk: ACM, 2019.
Optional: - Bösch, Christoph, Benjamin Erb, Frank Kargl, Henning Kopp, and Stefan Pfattheicher. “Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns.” Proc. Priv. Enhancing Technol. 2016, no. 4 (2016): 237–54.
- Efroni, Zohar, Jakob Metzger, Lena Mischau, and Marie Schirmbeck. “Privacy Icons: A Risk-Based Approach to Visualisation of Data Processing.” Eur. Data Prot. L. Rev. 5 (2019): 352.
2-4pm: Special Guest Lecturer: Dr. Ilaria Liccardi, MIT IPRI
Papers: 1) Parama Pal [Q1], 2) Maja Svanberg [Q2] |
12
April 28 | GDPR Dark Patterns continued; differential privacy
Q1. What comments do we have for the European Data Project Board’s Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them ? In particular, to what extent does the guidance effectively address the GDPR policy goals identified in section 2, are the specific dark patterns identified in the Annex (section 4) usefully described?
Q2. What is differential privacy and what is the nature of privacy guarantees it offers? How do the mathematical guarantees of differential privacy map to privacy law and policy?
- Dwork, Cynthia. “Differential Privacy: A Survey of Results.” In International Conference on Theory and Applications of Models of Computation, 1–19. Springer, 2008. (starts on p12 of the linked PDF)
- Dwork, Cynthia. “A Firm Foundation for Private Data Analysis.” Communications of the ACM 54, no. 1 (2011): 86–95.
- Wood, Alexandra, Micah Altman, Aaron Bembenek, Mark Bun, Marco Gaboardi, James Honaker, Kobbi Nissim, David R. O’Brien, Thomas Steinke, and Salil Vadhan. “Differential Privacy: A Primer for a Non-Technical Audience.” Vand. J. Ent. & Tech. L. 21 (2018): 209.
- Dankar, Fida Kamal, and Khaled El Emam. “Practicing Differential Privacy in Health Care: A Review.” Trans. Data Priv. 6, no. 1 (2013): 35–67.
- Houssiau, Florimond, Luc Rocher, and Yves-Alexandre de Montjoye. “On the Difficulty of Achieving Differential Privacy in Practice: User-Level Guarantees in Aggregate Location Data.” Nature Communications 13, no. 1 (December 2022): 29. https://doi.org/10.1038/s41467-021-27566-0.
- SKIM: Privacy Loss in Apple’s Implementation of Differential Privacy on MacOS 10.12
More background on differential privacy [optional]
Q3. How did the US Census Bureau decide to implement differential privacy and what can we learn from that ongoing project?
Papers: Q1) Stella Lau, Q2) Savannah Tynan, Q3) Monica Valcourt
|
13
May 5 | Final class - Presentations and Reflections
Order of presentations |